Packages changed: Mesa Mesa-drivers cryptsetup (2.4.1 -> 2.4.3) dhcp fdk-aac-free ffmpeg-4 kernel-source (5.16.0 -> 5.16.1) libfido2 libndp (1.7 -> 1.8) openSUSE-build-key pipewire sqlite3 (3.37.1 -> 3.37.2) toolbox (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) === Details === ==== Mesa ==== Subpackages: Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - using memory-constraints on ppc64 for trying to avoid OOM during build (boo#1194739) ==== Mesa-drivers ==== Subpackages: Mesa-dri Mesa-gallium - using memory-constraints on ppc64 for trying to avoid OOM during build (boo#1194739) ==== cryptsetup ==== Version update (2.4.1 -> 2.4.3) Subpackages: libcryptsetup12 - cryptsetup 2.4.3: * Fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery CVE-2021-4122, boo#1194469 * Add configure option --disable-luks2-reencryption to completely disable LUKS2 reencryption code. * Improve internal metadata validation code for reencryption metadata * Add updated documentation for LUKS2 On-Disk Format Specification version 1.1.0 * Fix support for bitlk (BitLocker compatible) startup key with new metadata entry introduced in Windows 11 * Fix space restriction for LUKS2 reencryption with data shift - cryptsetup 2.4.2: * Fix possible large memory allocation if LUKS2 header size is invalid. * Fix memory corruption in debug message printing LUKS2 checksum. * veritysetup: remove link to the UUID library for the static build. * Remove link to pwquality library for integritysetup and veritysetup. These tools do not read passphrases. * OpenSSL3 backend: avoid remaining deprecated calls in API. Crypto backend no longer use API deprecated in OpenSSL 3.0 * Check if kernel device-mapper create device failed in an early phase. This happens when a concurrent creation of device-mapper devices meets in the very early state. * Do not set compiler optimization flag for Argon2 KDF if the memory wipe is implemented in libc. * Do not attempt to unload LUKS2 tokens if external tokens are disabled. This allows building a static binary with - -disable-external-tokens. * LUKS convert: also check sysfs for device activity. If udev symlink is missing, code fallbacks to sysfs scan to prevent data corruption for the active device. ==== dhcp ==== Subpackages: dhcp-client - Drop PrivateDevices and ProtectClock hardenings. They clash with the chroot logic (bsc#1194722) - Add now working CONFIG parameter to sysusers generator ==== fdk-aac-free ==== - Add baselibs.conf file since pipewire uses it and fdk-aac-free is a dependency. ==== ffmpeg-4 ==== Subpackages: libavcodec58_134 libavformat58_76 libavutil56_70 libswresample3_9 - Add ffmpeg-chromium.patch: makes packaging Chromium easier and will allow for an easier migration for Chromium to FFmpeg 5 ==== kernel-source ==== Version update (5.16.0 -> 5.16.1) - Linux 5.16.1 (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1012628). - workqueue: Fix unbind_workers() VS wq_worker_sleeping() race (bsc#1012628). - staging: r8188eu: switch the led off during deinit (bsc#1012628). - bpf: Fix out of bounds access from invalid *_or_null type verification (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for the Realtek RTL8852AE (bsc#1012628). - Bluetooth: btusb: Fix application of sizeof to pointer (bsc#1012628). - Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (bsc#1012628). - Bluetooth: btusb: enable Mediatek to support AOSP extension (bsc#1012628). - Bluetooth: btusb: Add the new support IDs for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add one more Bluetooth part for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add two more Bluetooth parts for WCN6855 (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn MT7922A (bsc#1012628). - Bluetooth: btintel: Fix broken LED quirk for legacy ROM devices (bsc#1012628). - Bluetooth: btusb: Add support for Foxconn QCA 0xe0d0 (bsc#1012628). - Bluetooth: bfusb: fix division by zero in send path (bsc#1012628). - ARM: dts: exynos: Fix BCM4330 Bluetooth reset polarity in I9100 (bsc#1012628). - USB: core: Fix bug in resuming hub's handling of wakeup requests (bsc#1012628). - USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status (bsc#1012628). - ath11k: Fix buffer overflow when scanning with extraie (bsc#1012628). - mmc: sdhci-pci: Add PCI ID for Intel ADL (bsc#1012628). - Bluetooth: add quirk disabling LE Read Transmit Power (bsc#1012628). - Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip (bsc#1012628). - Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 (bsc#1012628). - veth: Do not record rx queue hint in veth_xmit (bsc#1012628). - mfd: intel-lpss: Fix too early PM enablement in the ACPI - >probe() (bsc#1012628). - mfd: intel-lpss-pci: Fix clock speed for 38a8 UART (bsc#1012628). - can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (bsc#1012628). - can: isotp: convert struct tpcon::{idx,len} to unsigned int (bsc#1012628). - can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (bsc#1012628). - random: fix data race on crng_node_pool (bsc#1012628). - random: fix data race on crng init time (bsc#1012628). - platform/x86/intel: hid: add quirk to support Surface Go 3 (bsc#1012628). - drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (bsc#1012628). - staging: greybus: fix stack size warning with UBSAN (bsc#1012628). - parisc: Fix pdc_toc_pim_11 and pdc_toc_pim_20 definitions (bsc#1012628). Disabled: patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch as it conflicts with 95655456e7ce. Asked in bsc#1193124. - commit 13f032a - Update patches.suse/vfs-add-super_operations-get_inode_dev Copy an updated version from SLE15-SP4 with one minor refresh. - commit c02e2ab - Refresh patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch. - Refresh patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch. - commit 8950040 - update patches metadata - update upstream references - patches.suse/media-Revert-media-uvcvideo-Set-unique-vdev-name-bas.patch - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch - commit 949bbaa ==== libfido2 ==== - Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x is now supported. ==== libndp ==== Version update (1.7 -> 1.8) - update to 1.8: * libndp,ndptool: use poll() instead of select() * ndptool: avoid static buffer for string in ndptool * libndp: avoid static buffer for debug string in ndp_sock_recv() * libndp: use thread local variables for static return arguments * ndptool: fix printing dnssl lifetime in ndptool * ndptool: fix potential memory leak caused by strdup * libndp: close sockfd after using to avoid handle leak ==== openSUSE-build-key ==== - refresh the openSUSE Backports key (bsc#1193092) - gpg-pubkey-65176565-59787af5.asc + gpg-pubkey-65176565-61a0ee8f.asc - removed old security key - updated security key to 2020 version ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add several more patches from upstream - BlueZ may be missing adapter information for devices in some cases. Ignore devices without specified adapter: * 0001-bluez5-dont-create-device-if-adapter-is-missing.patch - Fix a case when pipewwire could never call callbacks or even block forever when loop is not running: * 0001-loop-invoke-immediately-when-loop-is-not-running.patch - Reconfigure when monitor changes * 0001-merger-also-reconfigure-when-monitor-changes.patch - Handle NULL props from metadata object * 0001-pw-metadata-handle-NULL-props-from-metadata-object.patch - Improve rate selection so we don't select an invalid rate when the default is set or the card is already opened in an unsupported rate: * 0001-alsa-improve-rate-selection.patch - Add several patches from upstream - Avoid an infinite loop when enumerating params of the converter: * 0001-audioconvert-avoid-infinite-loop.patch - When the device or adapter is NULL, skip the quirk checks instead of crashing: * 0001-bluez5-handle-missing-device-and-adapter-in-quirks.patch - Remember the last returned value from jack_get_buffer_size and only emit a buffersize change event when something new is configured. This fixes startup of jconvolver. * 0001-jack-remember-last-return-from-jack_get_buffer_size.patch - Better emulation of pulseaudio which shows monitor sources with device.class=monitor so now pipewire does that too: * 0001-pulse-server-show-monitor-sources-with-device_class_monitor.patch - Fix an errno check: * 0001-raop-fix-errno-check.patch - Added more baselibs packages and their dependencies ==== sqlite3 ==== Version update (3.37.1 -> 3.37.2) - update to 3.37.2: * Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause database corruption if a SAVEPOINT is rolled back while in PRAGMA temp_store=MEMORY mode, and other changes are made, and then the outer transaction commits * Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE in which a cache of the bytecode used to implement the cascading change was not being reset following a local DDL change ==== toolbox ==== Version update (2.2+git20211124.09791b1 -> 2.3+git20220117.bd53c7c) - Update to version 2.3+git20220117.bd53c7c: - Fixes error where if custom image is used toolbox will download the default image before entering an existing container. (#40)