Packages changed: audit audit-secondary btrfsmaintenance cloud-init (18.5 -> 19.1) ding-libs filesystem gcc9 (9.1.1+r271393 -> 9.1.1+r272147) glib-networking (2.60.2 -> 2.60.3) glib2 (2.60.3 -> 2.60.4) growpart hwdata (0.323 -> 0.324) kernel-firmware (20190514 -> 20190618) kernel-source (5.1.7 -> 5.1.10) kubic-control (0.5.1 -> 0.6.1) libcontainers-common libseccomp (2.4.0 -> 2.4.1) libsolv (0.7.4 -> 0.7.5) libzypp (17.11.4 -> 17.12.0) microos-tools (1.0+git20190218.9e72dd7 -> 1.0+git20190611.6211f74) ncurses permissions (1550_20190429 -> 1550_20190521) python-base salt systemd-presets-common-SUSE sysvinit (2.90 -> 2.95) zlib zypper (1.14.27 -> 1.14.28) === Details === ==== audit ==== Subpackages: libaudit1 libauparse0 - Make use of some %make_install. ==== audit-secondary ==== Subpackages: audit python3-audit - Reduce scriptlets' hard dependency on systemd. ==== btrfsmaintenance ==== - spec: fix typo in macro name - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== cloud-init ==== Version update (18.5 -> 19.1) - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini - Update to version 19.1 (bsc#1136440) + Remove, included upstream - fix-default-systemd-unit-dir.patch - cloud-init-sysconf-ethsetup.patch - cloud-init-handle-def-route-set.patch - cloud-init-no-empty-resolv.patch - cloud-init-proper-ipv6-varname.patch + Forward port - cloud-init-trigger-udev.patch + Add cloud-init-detect-nova.diff (bsc#1136440) + Modify cloud-init-python2-sigpipe.patch, import signal and constants + Update spec to account for new location of bash completion + freebsd: add chpasswd pkg in the image [Gonéri Le Bouder] + tests: add Eoan release [Paride Legovini] + cc_mounts: check if mount -a on no-change fstab path [Jason Zions (MSFT)] (LP: #1825596) + replace remaining occurrences of LOG.warn [Daniel Watkins] + DataSourceAzure: Adjust timeout for polling IMDS [Anh Vo] + Azure: Changes to the Hyper-V KVP Reporter [Anh Vo] + git tests: no longer show warning about safe yaml. + tools/read-version: handle errors [Chad Miller] + net/sysconfig: only indicate available on known sysconfig distros (LP: #1819994) + packages: update rpm specs for new bash completion path [Daniel Watkins] (LP: #1825444) + test_azure: mock util.SeLinuxGuard where needed [Jason Zions (MSFT)] (LP: #1825253) + setup.py: install bash completion script in new location [Daniel Watkins] + mount_cb: do not pass sync and rw options to mount [Gonéri Le Bouder] (LP: #1645824) + cc_apt_configure: fix typo in apt documentation [Dominic Schlegel] + Revert "DataSource: move update_events from a class to an instance..." [Daniel Watkins] + Change DataSourceNoCloud to ignore file system label's case. [Risto Oikarinen] + cmd:main.py: Fix missing 'modules-init' key in modes dict [Antonio Romito] (LP: #1815109) + ubuntu_advantage: rewrite cloud-config module + Azure: Treat _unset network configuration as if it were absent [Jason Zions (MSFT)] (LP: #1823084) + DatasourceAzure: add additional logging for azure datasource [Anh Vo] + cloud_tests: fix apt_pipelining test-cases + Azure: Ensure platform random_seed is always serializable as JSON. [Jason Zions (MSFT)] + net/sysconfig: write out SUSE-compatible IPv6 config [Robert Schweikert] + tox: Update testenv for openSUSE Leap to 15.0 [Thomas Bechtold] + net: Fix ipv6 static routes when using eni renderer [Raphael Glon] (LP: #1818669) + Add ubuntu_drivers config module [Daniel Watkins] + doc: Refresh Azure walinuxagent docs [Daniel Watkins] + tox: bump pylint version to latest (2.3.1) [Daniel Watkins] + DataSource: move update_events from a class to an instance attribute [Daniel Watkins] (LP: #1819913) + net/sysconfig: Handle default route setup for dhcp configured NICs [Robert Schweikert] (LP: #1812117) + DataSourceEc2: update RELEASE_BLOCKER to be more accurate [Daniel Watkins] + cloud-init-per: POSIX sh does not support string subst, use sed (LP: #1819222) + Support locking user with usermod if passwd is not available. + Example for Microsoft Azure data disk added. [Anton Olifir] + clean: correctly determine the path for excluding seed directory [Daniel Watkins] (LP: #1818571) + helpers/openstack: Treat unknown link types as physical [Daniel Watkins] (LP: #1639263) + drop Python 2.6 support and our NIH version detection [Daniel Watkins] + tip-pylint: Fix assignment-from-return-none errors + net: append type:dhcp[46] only if dhcp[46] is True in v2 netconfig [Kurt Stieger] (LP: #1818032) + cc_apt_pipelining: stop disabling pipelining by default [Daniel Watkins] (LP: #1794982) + tests: fix some slow tests and some leaking state [Daniel Watkins] + util: don't determine string_types ourselves [Daniel Watkins] + cc_rsyslog: Escape possible nested set [Daniel Watkins] (LP: #1816967) + Enable encrypted_data_bag_secret support for Chef [Eric Williams] (LP: #1817082) + azure: Filter list of ssh keys pulled from fabric [Jason Zions (MSFT)] + doc: update merging doc with fixes and some additional details/examples + tests: integration test failure summary to use traceback if empty error + This is to fix https://bugs.launchpad.net/cloud-init/+bug/1812676 [Vitaly Kuznetsov] + EC2: Rewrite network config on AWS Classic instances every boot [Guilherme G. Piccoli] (LP: #1802073) + netinfo: Adjust ifconfig output parsing for FreeBSD ipv6 entries (LP: #1779672) + netplan: Don't render yaml aliases when dumping netplan (LP: #1815051) + add PyCharm IDE .idea/ path to .gitignore [Dominic Schlegel] + correct grammar issue in instance metadata documentation [Dominic Schlegel] (LP: #1802188) + clean: cloud-init clean should not trace when run from within cloud_dir (LP: #1795508) + Resolve flake8 comparison and pycodestyle over-ident issues [Paride Legovini] + opennebula: also exclude epochseconds from changed environment vars (LP: #1813641) + systemd: Render generator from template to account for system differences. [Robert Schweikert] + sysconfig: On SUSE, use STARTMODE instead of ONBOOT [Robert Schweikert] (LP: #1799540) + flake8: use ==/!= to compare str, bytes, and int literals [Paride Legovini] + opennebula: exclude EPOCHREALTIME as known bash env variable with a delta (LP: #1813383) + tox: fix disco httpretty dependencies for py37 (LP: #1813361) + run-container: uncomment baseurl in yum.repos.d/*.repo when using a proxy [Paride Legovini] + lxd: install zfs-linux instead of zfs meta package [Johnson Shi] (LP: #1799779) + net/sysconfig: do not write a resolv.conf file with only the header. [Robert Schweikert] + net: Make sysconfig renderer compatible with Network Manager. [Eduardo Otubo] + cc_set_passwords: Fix regex when parsing hashed passwords [Marlin Cremers] (LP: #1811446) + net: Wait for dhclient to daemonize before reading lease file [Jason Zions] (LP: #1794399) + [Azure] Increase retries when talking to Wireserver during metadata walk [Jason Zions] + Add documentation on adding a datasource. + doc: clean up some datasource documentation. + ds-identify: fix wrong variable name in ovf_vmware_transport_guestinfo. + Scaleway: Support ssh keys provided inside an instance tag. [PORTE Loïc] + OVF: simplify expected return values of transport functions. + Vmware: Add support for the com.vmware.guestInfo OVF transport. (LP: #1807466) + HACKING.rst: change contact info to Josh Powers + Update to pylint 2.2.2. ==== ding-libs ==== Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1 - Add patch fixing errors writeout to stdout: * INI-Remove-definiton-of-TRACE_LEVEL.patch ==== filesystem ==== - Re-add /var/cache and /var/log (revert [bsc#1078466] because of [bsc#1078466]) - Fix permission of fs-var.conf ==== gcc9 ==== Version update (9.1.1+r271393 -> 9.1.1+r272147) Subpackages: libgcc_s1 libstdc++6 - Update to gcc-9-branch head (r272147). * Pulls fix for random debug info differences when compiling D code. [gcc#90778] - Update to gcc-9-branch head (r271995). * installs workaround for broken lapack C interfaces - Drop gcc9-spectrev1.patch, add gcc9-reproducible-builds.patch and gcc9-reproducible-builds-buildid-for-checksum.patch moving reproducible build improvements over from GCC 8 package. - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. [bsc#1135254] - Update to gcc-9-branch head (r271643). ==== glib-networking ==== Version update (2.60.2 -> 2.60.3) - Update to version 2.60.3: + Fix clobbering of the thread-default main context after certificate verification failure during async handshakes since 2.60.1. + Fix GTlsDatabase initialization failures in OpenSSL backend due to uninitialized memory use. + Fix minor leak of ALPN protocols. ==== glib2 ==== Version update (2.60.3 -> 2.60.4) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.60.4: + Fixes to improved network status detection with NetworkManager. + Leak fixes to some `glib-genmarshal` generated code. + Further fixes to the Happy Eyeballs (RFC 8305) implementation. + File system permissions fix to clamp down permissions in a small time window when copying files (CVE-2019-12450). + Bugs fixed: glgo#GNOME/GLib#1755, glgo#GNOME/GLib#1788, glgo#GNOME/GLib#1792, glgo#GNOME/GLib#1793, glgo#GNOME/GLib#1795, glgo#GNOME/GLib!865, glgo#GNOME/GLib!878. ==== growpart ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== hwdata ==== Version update (0.323 -> 0.324) - Update to version 0.324: * Updated pci, usb and vendor ids. ==== kernel-firmware ==== Version update (20190514 -> 20190618) Subpackages: ucode-amd - Update to version 20190618: * cavium: Add firmware for CNN55XX crypto driver. * linux-firmware: Update firmware file for Intel Bluetooth 22161 * linux-firmware: Update firmware file for Intel Bluetooth 9560 * linux-firmware: Update firmware file for Intel Bluetooth 9260 * linux-firmware: Update AMD SEV firmware * linux-firmware: update licence text for Marvell firmware - Update to version 20190607: * linux-firmware: update firmware for mhdp8546 * linux-firmware: rsi: update firmware images for Redpine 9113 chipset * imx: sdma: update firmware to v3.5/v4.5 * nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108 ==== kernel-source ==== Version update (5.1.7 -> 5.1.10) Subpackages: kernel-debug kernel-default - move patches from .fixes to .suse There is no patches.fixes in stable. - commit ad24342 - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (bsc#1137586 CVE-2019-11479). - tcp: add tcp_min_snd_mss sysctl (bsc#1137586 CVE-2019-11479). - tcp: tcp_fragment() should apply sane memory limits (bsc#1137586 CVE-2019-11478). - tcp: limit payload size of sacked skbs (bsc#1137586 CVE-2019-11477). - commit a5ec6d9 - Linux 5.1.10 (bnc#1012628). - media: rockchip/vpu: Fix/re-order probe-error/remove path (bnc#1012628). - media: rockchip/vpu: Add missing dont_use_autosuspend() calls (bnc#1012628). - rapidio: fix a NULL pointer dereference when create_workqueue() fails (bnc#1012628). - fs/fat/file.c: issue flush after the writeback of FAT (bnc#1012628). - sysctl: return -EINVAL if val violates minmax (bnc#1012628). - ipc: prevent lockup on alloc_msg and free_msg (bnc#1012628). - drm/msm: correct attempted NULL pointer dereference in debugfs (bnc#1012628). - drm/pl111: Initialize clock spinlock early (bnc#1012628). - mm/mprotect.c: fix compilation warning because of unused 'mm' variable (bnc#1012628). - ARM: prevent tracing IPI_CPU_BACKTRACE (bnc#1012628). - mm/hmm: select mmu notifier when selecting HMM (bnc#1012628). - hugetlbfs: on restore reserve error path retain subpool reservation (bnc#1012628). - mm/memory_hotplug: release memory resource after arch_remove_memory() (bnc#1012628). - mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE (bnc#1012628). - mm/cma.c: fix crash on CMA allocation if bitmap allocation fails (bnc#1012628). - initramfs: free initrd memory if opening /initrd.image fails (bnc#1012628). - mm/compaction.c: fix an undefined behaviour (bnc#1012628). - mm/memory_hotplug.c: fix the wrong usage of N_HIGH_MEMORY (bnc#1012628). - mm/cma.c: fix the bitmap status to show failed allocation reason (bnc#1012628). - mm: page_mkclean vs MADV_DONTNEED race (bnc#1012628). - mm/cma_debug.c: fix the break condition in cma_maxchunk_get() (bnc#1012628). - mm/slab.c: fix an infinite loop in leaks_show() (bnc#1012628). - kernel/sys.c: prctl: fix false positive in validate_prctl_map() (bnc#1012628). - thermal: rcar_gen3_thermal: disable interrupt in .remove (bnc#1012628). - drivers: thermal: tsens: Don't print error message on - EPROBE_DEFER (bnc#1012628). - mfd: tps65912-spi: Add missing of table registration (bnc#1012628). - mfd: intel-lpss: Set the device in reset state when init (bnc#1012628). - drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration (bnc#1012628). - mfd: twl6040: Fix device init errors for ACCCTL register (bnc#1012628). - perf/x86/intel: Allow PEBS multi-entry in watermark mode (bnc#1012628). - drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change (bnc#1012628). - drm/nouveau: fix duplication of nv50_head_atom struct (bnc#1012628). - drm/bridge: adv7511: Fix low refresh rate selection (bnc#1012628). - objtool: Don't use ignore flag for fake jumps (bnc#1012628). - drm/nouveau/kms/gv100-: fix spurious window immediate interlocks (bnc#1012628). - bpf: fix undefined behavior in narrow load handling (bnc#1012628). - EDAC/mpc85xx: Prevent building as a module (bnc#1012628). - pwm: meson: Use the spin-lock only to protect register modifications (bnc#1012628). - mailbox: stm32-ipcc: check invalid irq (bnc#1012628). - ntp: Allow TAI-UTC offset to be set to zero (bnc#1012628). - f2fs: fix to avoid panic in do_recover_data() (bnc#1012628). - f2fs: fix to avoid panic in f2fs_inplace_write_data() (bnc#1012628). - f2fs: fix error path of recovery (bnc#1012628). - f2fs: fix to avoid panic in f2fs_remove_inode_page() (bnc#1012628). - f2fs: fix to do sanity check on free nid (bnc#1012628). - f2fs: fix to clear dirty inode in error path of f2fs_iget() (bnc#1012628). - f2fs: fix to avoid panic in dec_valid_block_count() (bnc#1012628). - f2fs: fix to use inline space only if inline_xattr is enable (bnc#1012628). - f2fs: fix to avoid panic in dec_valid_node_count() (bnc#1012628). - f2fs: fix to do sanity check on valid block count of segment (bnc#1012628). - f2fs: fix to avoid deadloop in foreground GC (bnc#1012628). - f2fs: fix to retrieve inline xattr space (bnc#1012628). - f2fs: fix to do checksum even if inode page is uptodate (bnc#1012628). - media: atmel: atmel-isc: fix asd memory allocation (bnc#1012628). - percpu: remove spurious lock dependency between percpu and sched (bnc#1012628). - configfs: fix possible use-after-free in configfs_register_group (bnc#1012628). - uml: fix a boot splat wrt use of cpu_all_mask (bnc#1012628). - PCI: dwc: Free MSI in dw_pcie_host_init() error path (bnc#1012628). - PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() (bnc#1012628). - fbcon: Don't reset logo_shown when logo is currently shown (bnc#1012628). - ovl: do not generate duplicate fsnotify events for "fake" path (bnc#1012628). - mmc: mmci: Prevent polling for busy detection in IRQ context (bnc#1012628). - netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast (bnc#1012628). - netfilter: nf_conntrack_h323: restore boundary check correctness (bnc#1012628). - mips: Make sure dt memory regions are valid (bnc#1012628). - netfilter: nf_tables: fix base chain stat rcu_dereference usage (bnc#1012628). - watchdog: imx2_wdt: Fix set_timeout for big timeout values (bnc#1012628). - watchdog: fix compile time error of pretimeout governors (bnc#1012628). - blk-mq: move cancel of requeue_work into blk_mq_release (bnc#1012628). - iommu/vt-d: Set intel_iommu_gfx_mapped correctly (bnc#1012628). - vfio-pci/nvlink2: Fix potential VMA leak (bnc#1012628). - misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test (bnc#1012628). - PCI: designware-ep: Use aligned ATU window for raising MSI interrupts (bnc#1012628). - nvme-pci: unquiesce admin queue on shutdown (bnc#1012628). - nvme-pci: shutdown on timeout during deletion (bnc#1012628). - netfilter: nf_flow_table: check ttl value in flow offload data path (bnc#1012628). - netfilter: nf_flow_table: fix netdev refcnt leak (bnc#1012628). - ALSA: hda - Register irq handler after the chip initialization (bnc#1012628). - powerpc/pseries: Track LMB nid instead of using device tree (bnc#1012628). - arm64: defconfig: Update UFSHCD for Hi3660 soc (bnc#1012628). - iommu/vt-d: Don't request page request irq under dmar_global_lock (bnc#1012628). - nvmem: core: fix read buffer in place (bnc#1012628). - nvmem: sunxi_sid: Support SID on A83T and H5 (bnc#1012628). - fuse: retrieve: cap requested size to negotiated max_write (bnc#1012628). - nfsd: allow fh_want_write to be called twice (bnc#1012628). - nfsd: avoid uninitialized variable warning (bnc#1012628). - vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" (bnc#1012628). - iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel (bnc#1012628). - switchtec: Fix unintended mask of MRPC event (bnc#1012628). - net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending (bnc#1012628). - x86/PCI: Fix PCI IRQ routing table memory leak (bnc#1012628). - soc/tegra: pmc: Remove reset sysfs entries on error (bnc#1012628). - i40e: Queues are reserved despite "Invalid argument" error (bnc#1012628). - power: supply: cpcap-battery: Fix signed counter sample register (bnc#1012628). - platform/chrome: cros_ec_proto: check for NULL transfer function (bnc#1012628). - PCI: keystone: Invoke phy_reset() API before enabling PHY (bnc#1012628). - PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 (bnc#1012628). - soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher (bnc#1012628). - clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 (bnc#1012628). - usb: ohci-da8xx: disable the regulator if the overcurrent irq fired (bnc#1012628). - iommu/vt-d: Flush IOTLB for untrusted device in time (bnc#1012628). - soc: rockchip: Set the proper PWM for rk3288 (bnc#1012628). - arm64: dts: imx8mq: Mark iomuxc_gpr as i.MX6Q compatible (bnc#1012628). - ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA (bnc#1012628). - ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA (bnc#1012628). - PCI: rpadlpar: Fix leaked device_node references in add/remove paths (bnc#1012628). - drm/amd/display: disable link before changing link settings (bnc#1012628). - drm/amd/display: Use plane->color_space for dpp if specified (bnc#1012628). - ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it (bnc#1012628). - pinctrl: pinctrl-intel: move gpio suspend/resume to noirq phase (bnc#1012628). - platform/x86: intel_pmc_ipc: adding error handling (bnc#1012628). - power: supply: max14656: fix potential use-before-alloc (bnc#1012628). - f2fs: fix potential recursive call when enabling data_flush (bnc#1012628). - net: hns3: return 0 and print warning when hit duplicate MAC (bnc#1012628). - PCI: dwc: Remove default MSI initialization for platform specific MSI chips (bnc#1012628). - PCI: rcar: Fix a potential NULL pointer dereference (bnc#1012628). - PCI: rcar: Fix 64bit MSI message address handling (bnc#1012628). - scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags (bnc#1012628). - Input: goodix - add GT5663 CTP support (bnc#1012628). - video: hgafb: fix potential NULL pointer dereference (bnc#1012628). - video: imsttfb: fix potential NULL pointer dereferences (bnc#1012628). - block, bfq: increase idling for weight-raised queues (bnc#1012628). - PCI: xilinx: Check for __get_free_pages() failure (bnc#1012628). - arm64: dts: qcom: qcs404: Fix regulator supply names (bnc#1012628). - gpio: gpio-omap: add check for off wake capable gpios (bnc#1012628). - gpio: gpio-omap: limit errata 1.101 handling to wkup domain gpios only (bnc#1012628). - ice: Add missing case in print_link_msg for printing flow control (bnc#1012628). - media: v4l2-ctrl: v4l2_ctrl_request_setup returns with error upon failure (bnc#1012628). - batman-adv: Adjust name for batadv_dat_send_data (bnc#1012628). - ice: Enable LAN_EN for the right recipes (bnc#1012628). - ice: Do not set LB_EN for prune switch rules (bnc#1012628). - dmaengine: idma64: Use actual device for DMA transfers (bnc#1012628). - pwm: tiehrpwm: Update shadow register for disabling PWMs (bnc#1012628). - media: v4l2-fwnode: Defaults may not override endpoint configuration in firmware (bnc#1012628). - ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa (bnc#1012628). - pwm: Fix deadlock warning when removing PWM device (bnc#1012628). - ARM: exynos: Fix undefined instruction during Exynos5422 resume (bnc#1012628). - usb: typec: fusb302: Check vconn is off when we start toggling (bnc#1012628). - soc: renesas: Identify R-Car M3-W ES1.3 (bnc#1012628). - ARM: shmobile: porter: enable R-Car Gen2 regulator quirk (bnc#1012628). - gpio: vf610: Do not share irq_chip (bnc#1012628). - percpu: do not search past bitmap when allocating an area (bnc#1012628). - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" (bnc#1012628). - Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" (bnc#1012628). - ovl: check the capability before cred overridden (bnc#1012628). - ovl: support stacked SEEK_HOLE/SEEK_DATA (bnc#1012628). - ALSA: seq: Cover unsubscribe_port() in list_mutex (bnc#1012628). - io_uring: fix failure to verify SQ_AFF cpu (bnc#1012628). - Refresh patches.suse/RFC-Bluetooth-Check-key-sizes-only-when-Secure-Simple-Pairing-is-enabled.patch. - commit 0aa1dd8 - Update config files. The previous commit did not play well. 5.1.9 is broken with =n of that option, so leave it as =y as it was before 5.1.9. - commit e68f829 - Update config files. Set CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT=n, the same as master. - commit cf58ab1 - Linux 5.1.9 (bnc#1012628). - ethtool: fix potential userspace buffer overflow (bnc#1012628). - Fix memory leak in sctp_process_init (bnc#1012628). - ipv4: not do cache for local delivery if bc_forwarding is enabled (bnc#1012628). - ipv6: fix the check before getting the cookie in rt6_get_cookie (bnc#1012628). - net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set (bnc#1012628). - net: mvpp2: Use strscpy to handle stat strings (bnc#1012628). - net: rds: fix memory leak in rds_ib_flush_mr_pool (bnc#1012628). - net: sfp: read eeprom in maximum 16 byte increments (bnc#1012628). - packet: unconditionally free po->rollover (bnc#1012628). - pktgen: do not sleep with the thread lock held (bnc#1012628). - Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" (bnc#1012628). - udp: only choose unbound UDP socket for multicast when not in a VRF (bnc#1012628). - ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 (bnc#1012628). - ipv6: fix EFAULT on sendto with icmpv6 and hdrincl (bnc#1012628). - net: aquantia: fix wol configuration not applied sometimes (bnc#1012628). - neighbor: Reset gc_entries counter if new entry is released before insert (bnc#1012628). - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit (bnc#1012628). - cls_matchall: avoid panic when receiving a packet before filter set (bnc#1012628). - ipmr_base: Do not reset index in mr_table_dump (bnc#1012628). - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query (bnc#1012628). - net/tls: replace the sleeping lock around RX resync with a bit lock (bnc#1012628). - rcu: locking and unlocking need to always be at least barriers (bnc#1012628). - habanalabs: fix debugfs code (bnc#1012628). - ARC: mm: SIGSEGV userspace trying to access kernel virtual memory (bnc#1012628). - parisc: Use implicit space register selection for loading the coherence index of I/O pdirs (bnc#1012628). - parisc: Fix crash due alternative coding for NP iopdir_fdc bit (bnc#1012628). - SUNRPC fix regression in umount of a secure mount (bnc#1012628). - SUNRPC: Fix a use after free when a server rejects the RPCSEC_GSS credential (bnc#1012628). - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (bnc#1012628). - NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled (bnc#1012628). - fuse: fallocate: fix return with locked inode (bnc#1012628). - fuse: fix copy_file_range() in the writeback case (bnc#1012628). - pstore: Set tfm to NULL on free_buf_for_compression (bnc#1012628). - pstore/ram: Run without kernel crash dump region (bnc#1012628). - kbuild: use more portable 'command -v' for cc-cross-prefix (bnc#1012628). - memstick: mspro_block: Fix an error code in mspro_block_issue_req() (bnc#1012628). - mmc: tmio: fix SCC error handling to avoid false positive CRC error (bnc#1012628). - mmc: sdhci_am654: Fix SLOTTYPE write (bnc#1012628). - x86/power: Fix 'nosmt' vs hibernation triple fault during resume (bnc#1012628). - x86/insn-eval: Fix use-after-free access to LDT entry (bnc#1012628). - i2c: xiic: Add max_read_len quirk (bnc#1012628). - s390/mm: fix address space detection in exception handling (bnc#1012628). - nvme-rdma: fix queue mapping when queue count is limited (bnc#1012628). - xen-blkfront: switch kcalloc to kvcalloc for large array allocation (bnc#1012628). - MIPS: Bounds check virt_addr_valid (bnc#1012628). - MIPS: pistachio: Build uImage.gz by default (bnc#1012628). - genwqe: Prevent an integer overflow in the ioctl (bnc#1012628). - test_firmware: Use correct snprintf() limit (bnc#1012628). - drm/rockchip: fix fb references in async update (bnc#1012628). - drm/vc4: fix fb references in async update (bnc#1012628). - drm/gma500/cdv: Check vbt config bits when detecting lvds panels (bnc#1012628). - drm/msm: fix fb references in async update (bnc#1012628). - drm: add non-desktop quirk for Valve HMDs (bnc#1012628). - drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3) (bnc#1012628). - drm: add non-desktop quirks to Sensics and OSVR headsets (bnc#1012628). - drm: Fix timestamp docs for variable refresh properties (bnc#1012628). - drm/amdgpu/psp: move psp version specific function pointers to early_init (bnc#1012628). - drm/radeon: prefer lower reference dividers (bnc#1012628). - drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in (bnc#1012628). - drm/i915: Fix I915_EXEC_RING_MASK (bnc#1012628). - drm/amdgpu/soc15: skip reset on init (bnc#1012628). - drm/amd/display: Add ASICREV_IS_PICASSO (bnc#1012628). - drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) (bnc#1012628). - drm/i915/fbc: disable framebuffer compression on GeminiLake (bnc#1012628). - drm/i915/gvt: emit init breadcrumb for gvt request (bnc#1012628). - drm: don't block fb changes for async plane updates (bnc#1012628). - drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack (bnc#1012628). - drm/amd: fix fb references in async update (bnc#1012628). - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled (bnc#1012628). - commit 8904439 - Revert "drm: allow render capable master with DRM_AUTH ioctls" (fix radv check). - commit 3ca4077 - drm/i915: Maintain consistent documentation subsection ordering (fix kernel-doc). - Delete patches.rpmify/Revert-doc-Cope-with-the-deprecation-of-AutoReporter.patch. Use usptream fix instead of revert. - commit 4e8aae9 - scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (bsc#1136922 cve-2019-12456). - commit 0c3fc9f - Revert "doc: Cope with the deprecation of AutoReporter" (fix kernel-doc). - commit 1c5c2b4 - Linux 5.1.8 (bnc#1012628). - sparc64: Fix regression in non-hypervisor TLB flush xcall (bnc#1012628). - include/linux/bitops.h: sanitize rotate primitives (bnc#1012628). - xhci: update bounce buffer with correct sg num (bnc#1012628). - xhci: Use %zu for printing size_t type (bnc#1012628). - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() (bnc#1012628). - usb: xhci: avoid null pointer deref when bos field is NULL (bnc#1012628). - usbip: usbip_host: fix BUG: sleeping function called from invalid context (bnc#1012628). - usbip: usbip_host: fix stub_dev lock context imbalance regression (bnc#1012628). - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor (bnc#1012628). - USB: sisusbvga: fix oops in error path of sisusb_probe (bnc#1012628). - USB: Add LPM quirk for Surface Dock GigE adapter (bnc#1012628). - USB: rio500: refuse more than one device at a time (bnc#1012628). - USB: rio500: fix memory leak in close after disconnect (bnc#1012628). - media: usb: siano: Fix general protection fault in smsusb (bnc#1012628). - media: usb: siano: Fix false-positive "uninitialized variable" warning (bnc#1012628). - media: smsusb: better handle optional alignment (bnc#1012628). - brcmfmac: fix NULL pointer derefence during USB disconnect (bnc#1012628). - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove (bnc#1012628). - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) (bnc#1012628). - tracing: Avoid memory leak in predicate_parse() (bnc#1012628). - Btrfs: fix wrong ctime and mtime of a directory after log replay (bnc#1012628). - Btrfs: fix race updating log root item during fsync (bnc#1012628). - Btrfs: fix fsync not persisting changed attributes of a directory (bnc#1012628). - btrfs: correct zstd workspace manager lock to use spin_lock_bh() (bnc#1012628). - btrfs: qgroup: Check bg while resuming relocation to avoid NULL pointer dereference (bnc#1012628). - Btrfs: incremental send, fix file corruption when no-holes feature is enabled (bnc#1012628). - btrfs: reloc: Also queue orphan reloc tree for cleanup to avoid BUG_ON() (bnc#1012628). - iio: dac: ds4422/ds4424 fix chip verification (bnc#1012628). - iio: adc: ads124: avoid buffer overflow (bnc#1012628). - iio: adc: modify NPCM ADC read reference voltage (bnc#1012628). - iio: adc: ti-ads8688: fix timestamp is not updated in buffer (bnc#1012628). - s390/crypto: fix gcm-aes-s390 selftest failures (bnc#1012628). - s390/crypto: fix possible sleep during spinlock aquired (bnc#1012628). - KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts (bnc#1012628). - KVM: PPC: Book3S HV: Fix lockdep warning when entering guest on POWER9 (bnc#1012628). - KVM: PPC: Book3S HV: Restore SPRG3 in kvmhv_p9_guest_entry() (bnc#1012628). - powerpc/perf: Fix MMCRA corruption by bhrb_filter (bnc#1012628). - powerpc/kexec: Fix loading of kernel + initramfs with kexec_file_load() (bnc#1012628). - ALSA: line6: Assure canceling delayed work at disconnection (bnc#1012628). - ALSA: hda/realtek - Set default power save node to 0 (bnc#1012628). - ALSA: hda/realtek - Improve the headset mic for Acer Aspire laptops (bnc#1012628). - KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID (bnc#1012628). - drm/nouveau/i2c: Disable i2c bus access after ->fini() (bnc#1012628). - i2c: mlxcpld: Fix wrong initialization order in probe (bnc#1012628). - i2c: synquacer: fix synquacer_i2c_doxfer() return value (bnc#1012628). - tty: serial: msm_serial: Fix XON/XOFF (bnc#1012628). - tty: max310x: Fix external crystal register setup (bnc#1012628). - mm, memcg: consider subtrees in memory.events (bnc#1012628). - kasan: initialize tag to 0xff in __kasan_kmalloc (bnc#1012628). - kernel/signal.c: trace_signal_deliver when signal_group_exit (bnc#1012628). - signal/arm64: Use force_sig not force_sig_fault for SIGKILL (bnc#1012628). - mm, compaction: make sure we isolate a valid PFN (bnc#1012628). - arm64: Fix the arm64_personality() syscall wrapper redirection (bnc#1012628). - docs: Fix conf.py for Sphinx 2.0 (bnc#1012628). - doc: Cope with the deprecation of AutoReporter (bnc#1012628). - doc: Cope with Sphinx logging deprecations (bnc#1012628). - x86/ima: Check EFI_RUNTIME_SERVICES before using (bnc#1012628). - ima: fix wrong signed policy requirement when not appraising (bnc#1012628). - ima: show rules with IMA_INMASK correctly (bnc#1012628). - evm: check hash algorithm passed to init_desc() (bnc#1012628). - clk: imx: imx8mm: fix int pll clk gate (bnc#1012628). - vt/fbcon: deinitialize resources in visual_init() after failed memory allocation (bnc#1012628). - serial: sh-sci: disable DMA for uart_console (bnc#1012628). - staging: vc04_services: prevent integer overflow in create_pagelist() (bnc#1012628). - staging: wlan-ng: fix adapter initialization failure (bnc#1012628). - cifs: fix memory leak of pneg_inbuf on -EOPNOTSUPP ioctl case (bnc#1012628). - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM (bnc#1012628). - Revert "lockd: Show pid of lockd for remote locks" (bnc#1012628). - gcc-plugins: Fix build failures under Darwin host (bnc#1012628). - drm/tegra: gem: Fix CPU-cache maintenance for BO's allocated using get_pages() (bnc#1012628). - drm/vmwgfx: Fix user space handle equal to zero (bnc#1012628). - drm/vmwgfx: Fix compat mode shader operation (bnc#1012628). - drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set (bnc#1012628). - drm/sun4i: Fix sun8i HDMI PHY clock initialization (bnc#1012628). - drm/sun4i: Fix sun8i HDMI PHY configuration for > 148.5 MHz (bnc#1012628). - drm/imx: ipuv3-plane: fix atomic update status query for non-plus i.MX6Q (bnc#1012628). - drm/fb-helper: generic: Call drm_client_add() after setup is done (bnc#1012628). - drm/atomic: Wire file_priv through for property changes (bnc#1012628). - drm: Expose "FB_DAMAGE_CLIPS" property to atomic aware user-space only (bnc#1012628). - drm/rockchip: shutdown drm subsystem on shutdown (bnc#1012628). - drm/lease: Make sure implicit planes are leased (bnc#1012628). - drm/cma-helper: Fix drm_gem_cma_free_object() (bnc#1012628). - Revert "x86/build: Move _etext to actual end of .text" (bnc#1012628). - x86/kprobes: Set instruction page as executable (bnc#1012628). - commit ed4965b - s390: drop meaningless 'targets' from tools Makefile (s390 kmp build fix). - commit c8cc0ca ==== kubic-control ==== Version update (0.5.1 -> 0.6.1) Subpackages: kubicctl kubicd - Update to version 0.6.1 - Store kubeadm join token for 23 hours to not create too many for every single node - Fix kubernetes version argument for kubeadm - Open rbac.conf with every call, else we don't see our own changes - Don't build on i586 to make some scripts happy... - Update to version 0.6.0 - Add --adv-addr option to kubicctl init - Refactor code - Many, many bug fixes - Add requires to the k8s-yaml files we really always need ==== libcontainers-common ==== - Update to libpod v1.4.0 - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Update to image v1.5.1 - Vendor in latest containers/storage - docker/docker_client: Drop redundant Domain(ref.ref) call - pkg/blobinfocache: Split implementations into subpackages - copy: progress bar: show messages on completion - docs: rename manpages to *.5.command - add container-certs.d.md manpage - pkg/docker/config: Bring auth tests from docker/docker_client_test - Don't allocate a sync.Mutex separately - Update to storage v1.12.10 - Add function to parse out mount options from graphdriver - Merge the disparate parts of all of the Unix-like lockfiles - Fix unix-but-not-Linux compilation - Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set - Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes - lockfile: add RecursiveLock() API - Update generated files - Fix crash on tesing of aufs code - Let consumers know when Layers and Images came from read-only stores - chown: do not change owner for the mountpoint - locks: correctly mark updates to the layers list - CreateContainer: don't worry about mapping layers unless necessary - docs: fix manpage for containers-storage.conf - docs: sort configuration options alphabetically - docs: document OSTree file deduplication - Add missing options to man page for containers-storage - overlay: use the layer idmapping if present - vfs: prefer layer custom idmappings - layers: propagate down the idmapping settings - Recreate symlink when not found - docs: fix manpage for configuration file - docs: add special handling for manpages in sect 5 - overlay: fix single-lower test - Recreate symlink when not found - overlay: propagate errors from mountProgram - utils: root in a userns uses global conf file - Fix handling of additional stores - Correctly check permissions on rootless directory - Fix possible integer overflow on 32bit builds - Evaluate device path for lvm - lockfile test: make concurrent RW test determinisitc - lockfile test: make concurrent read tests deterministic - drivers.DirCopy: fix filemode detection - storage: move the logic to detect rootless into utils.go - Don't set (struct flock).l_pid - Improve documentation of getLockfile - Rename getLockFile to createLockerForPath, and document it - Add FILES section to containers-storage.5 man page - add digest locks - drivers/copy: add a non-cgo fallback - Add default SLES mounts for container-suseconnect usage ==== libseccomp ==== Version update (2.4.0 -> 2.4.1) - Update to new upstream release 2.4.1 * Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. ==== libsolv ==== Version update (0.7.4 -> 0.7.5) - make cleandeps jobs on patterns work [bnc#1137977] - fix favorq leaking between solver runs if the solver is reused - fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason - be more correct with multiversion packages that obsolete their own name [bnc#1127155] - allow building with swig-4.0.0 [bnc#1135749] - bump version to 0.7.5 - always prefer to stay with the same package name if there are multiple alternatives [bnc#1131823] ==== libzypp ==== Version update (17.11.4 -> 17.12.0) - Drop unused InterProcessMutex class and test - Drop unused WebpinResult class and test - Give posttrans script a parameter of 0 (issue #168) - Use CURL_HTTP_VERSION_2TLS if available (fixes #141) - version 17.12.0 (12) ==== microos-tools ==== Version update (1.0+git20190218.9e72dd7 -> 1.0+git20190611.6211f74) - Update to version 1.0+git20190611.6211f74: * Rename 51-corefiles.conf to 30-corefiles.conf, so that an user can override it by installing telemectrics-client or systemd-coredump. ==== ncurses ==== Subpackages: libncurses6 ncurses-utils terminfo terminfo-base - Add ncurses patch 20190609 + add mintty, mintty-direct (adapted from patch by Thomas Wolff). Some of the suggested user-defined capabilities are commented-out, to allow builds with ncurses 5.9 and 6.0 + add Smol/Rmol for tmux, vte-2018 (patch by Nicholas Marriott). + add rs1 to konsole, mlterm -TD + modify _nc_merge_entry() to make a copy of the data which it merges, to avoid modifying the source-data when aligning extended names. - Add ncurses patch 20190601 + modify an internal call to vid_puts to pass extended color pairs e.g., from tty_update.c and lib_mvcur.c (report by Niegodziwy Beru). + improve manual page description of init_tabs capability and TABSIZE variable. - Add ncurses patch 20190525 + modify reset_cmd.c to allow for tabstops at intervals other than 8 (report by Vincent Huisman). - Add ncurses patch 20190518 + update xterm-new to xterm patch #345 -TD + add/use xterm+keypad in xterm-new (report by Alain D D Williams) -TD + update terminator entry -TD + remove hard-tabs from ti703 (report by Robert Clausecker) + mention meml/memu/box1 in user_caps manual page. + mention user_caps.5 in tic and infocmp manual pages. - Adopt the patches ncurses-5.9-ibm327x.dif and ncurses-6.1.dif ==== permissions ==== Version update (1550_20190429 -> 1550_20190521) Subpackages: chkstat permissions-config - Update to version 20190521: * singluarity: Add starter-suid for version 3.2.0 * adjust settings for amanda to current binary layout - Move BuildRequires: back to main package - Moved requires to subpackages (bsc#1137257) ==== python-base ==== Subpackages: libpython2_7-1_0 - Set _lto_cflags to nil as it will prevent to propage LTO for Python modules that are built in a separate package. - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. ==== salt ==== Subpackages: python3-salt salt-master salt-minion - Provide the missing features required for Yomi (Yet one more installer) - Added: * provide-the-missing-features-required-for-yomi-yet-o.patch ==== systemd-presets-common-SUSE ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== sysvinit ==== Version update (2.90 -> 2.95) - Remove logsave as well as the manual page as those as part of package e2fsprogs already - Update to sysvinit 2.95 * new logsave helper - Update to startpar-0.63 * move startpar from /sbin to /bin - Port our patches * startpar-0.58.dif * sysvinit-2.88dsf-suse.patch * sysvinit-2.90-no-kill.patch * sysvinit-2.90.dif ==== zlib ==== - Do not enable the previous patchset on s390 but just s390x bsc#1137624 - Add patchset for s390 improvements jsc#SLE-5807 bsc#1136717: * 410.patch ==== zypper ==== Version update (1.14.27 -> 1.14.28) - man: split '--with[out]' like options to ease searching. - Unhide 'ps' command in help - Add option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fix repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fix unknown package handling in zypper install (fixes bsc#1127608) - Fix the package build failure with CMake 3.14. - Re-show progress bar after pressing retry upon install error (bsc#1131113) - version 1.14.28 - Fix build with CMake >= 3.14 Starting with CMake 3.14, EXCLUDE_FROM_ALL now spreads from directories to targets. 'make -C someSubdir' when 'someSubdir' uses the 'EXCLUDE_FROM_ALL' keyword does nothing. - Remove unneeded CMake commands.