Packages changed: cups kernel-source (6.0.10 -> 6.0.12) libpaper (2.0.3 -> 2.0.4) pam pam-full-src python-psutil python-pycairo (1.22.0 -> 1.23.0) python-pycares systemd (252.2 -> 252.3) tpm2.0-abrmd (2.4.1 -> 3.0.0) tpm2.0-tools (5.2 -> 5.4) vim (9.0.0978 -> 9.0.1040) wavpack (5.5.0 -> 5.6.0) xen (4.16.2_04 -> 4.17.0_02) xorg-x11-fonts xorg-x11-fonts-converted yast2-kdump (4.5.6 -> 4.5.7) === Details === ==== cups ==== Subpackages: cups-client cups-config libcups2 libcupsimage2 - Migration PAM settings to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. ==== kernel-source ==== Version update (6.0.10 -> 6.0.12) - Linux 6.0.12 (bsc#1012628). - btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1012628). - drm/amdgpu: move setting the job resources (bsc#1012628). - drm/amdgpu: cleanup error handling in amdgpu_cs_parser_bos (bsc#1012628). - drm/amdgpu: fix userptr HMM range handling v2 (bsc#1012628). - drm/amd/pm: add smu_v13_0_10 driver if version (bsc#1012628). - drm/amd/pm: update driver-if header for smu_v13_0_10 (bsc#1012628). - drm/amd/pm: update driver if header for smu_13_0_7 (bsc#1012628). - clk: samsung: exynos7885: Correct "div4" clock parents (bsc#1012628). - clk: qcom: gdsc: add missing error handling (bsc#1012628). - clk: qcom: gdsc: Remove direct runtime PM calls (bsc#1012628). - iio: health: afe4403: Fix oob read in afe4403_read_raw (bsc#1012628). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (bsc#1012628). - iio: light: rpr0521: add missing Kconfig dependencies (bsc#1012628). - libbpf: Use correct return pointer in attach_raw_tp (bsc#1012628). - bpf, perf: Use subprog name when reporting subprog ksymbol (bsc#1012628). - scripts/faddr2line: Fix regression in name resolution on ppc64le (bsc#1012628). - ARM: at91: rm9200: fix usb device clock id (bsc#1012628). - libbpf: Handle size overflow for ringbuf mmap (bsc#1012628). - hwmon: (ltc2947) fix temperature scaling (bsc#1012628). - hwmon: (ina3221) Fix shunt sum critical calculation (bsc#1012628). - hwmon: (i5500_temp) fix missing pci_disable_device() (bsc#1012628). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (bsc#1012628). - clocksource/drivers/arm_arch_timer: Fix XGene-1 TVAL register math error (bsc#1012628). - bpf: Do not copy spin lock field from user in bpf_selem_alloc (bsc#1012628). - nvmem: rmem: Fix return value check in rmem_read() (bsc#1012628). - of: property: decrement node refcount in of_fwnode_get_reference_args() (bsc#1012628). - clk: qcom: gcc-sc8280xp: add cxo as parent for three ufs ref clks (bsc#1012628). - ixgbevf: Fix resource leak in ixgbevf_init_module() (bsc#1012628). - i40e: Fix error handling in i40e_init_module() (bsc#1012628). - fm10k: Fix error handling in fm10k_init_module() (bsc#1012628). - iavf: Fix error handling in iavf_init_module() (bsc#1012628). - e100: Fix possible use after free in e100_xmit_prepare (bsc#1012628). - net/mlx5: DR, Fix uninitialized var warning (bsc#1012628). - net/mlx5: E-switch, Destroy legacy fdb table when needed (bsc#1012628). - net/mlx5: E-switch, Fix duplicate lag creation (bsc#1012628). - net/mlx5: Fix uninitialized variable bug in outlen_write() (bsc#1012628). - net/mlx5e: Fix use-after-free when reverting termination table (bsc#1012628). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (bsc#1012628). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (bsc#1012628). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (bsc#1012628). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (bsc#1012628). - can: m_can: Add check for devm_clk_get (bsc#1012628). - vfs: fix copy_file_range() averts filesystem freeze protection (bsc#1012628). - qlcnic: fix sleep-in-atomic-context bugs caused by msleep (bsc#1012628). - aquantia: Do not purge addresses when setting the number of rings (bsc#1012628). - wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1012628). - wifi: cfg80211: don't allow multi-BSSID in S1G (bsc#1012628). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (bsc#1012628). - net: phy: fix null-ptr-deref while probe() failed (bsc#1012628). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (bsc#1012628). - net: net_netdev: Fix error handling in ntb_netdev_init_module() (bsc#1012628). - net/9p: Fix a potential socket leak in p9_socket_open (bsc#1012628). - net: ethernet: nixge: fix NULL dereference (bsc#1012628). - net: wwan: iosm: fix kernel test robot reported error (bsc#1012628). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (bsc#1012628). - net: wwan: iosm: fix crash in peek throughput test (bsc#1012628). - net: wwan: iosm: fix incorrect skb length (bsc#1012628). - dsa: lan9303: Correct stat name (bsc#1012628). - mptcp: don't orphan ssk in mptcp_close() (bsc#1012628). ... changelog too long, skipping 606 lines ... - commit e554413 ==== libpaper ==== Version update (2.0.3 -> 2.0.4) Subpackages: libpaper-tools libpaper2 - update to 2.0.4: * don't hardcode make binary name in tests ==== pam ==== Subpackages: pam_unix - pam_pwhistory-docu.patch, docbook5.patch: convert docu to docbook5 - pam-git.diff: update to current git - obsoletes pam-hostnames-in-access_conf.patch - obsoletes tst-pam_env-retval.c - pam_env_econf.patch refresh ==== pam-full-src ==== - pam_pwhistory-docu.patch, docbook5.patch: convert docu to docbook5 - pam-git.diff: update to current git - obsoletes pam-hostnames-in-access_conf.patch - obsoletes tst-pam_env-retval.c - pam_env_econf.patch refresh ==== python-psutil ==== - Require unittest2 only for python2: make this suitable for the 15.4_py39 target in devel:languages:python:backports. - Merge skip-obs.patch into skip_failing_tests.patch and add test_linux.py::test_cpu_affinity because it depends on the obs vm-type or worker CPU. ==== python-pycairo ==== Version update (1.22.0 -> 1.23.0) - Update to version 1.23.0 * Reminder to distro packagers: Building/installing pycairo using setup.py is deprecated, please use meson instead. * git: changed default branch from “master” to “main” * Windows: Update the cairo version included in the wheels from 1.17.2 to 1.17.6 #pr-243 * docs: Document how to look up pycairo headers without loading the module #pr-300 * tests: don’t error out if cairo wasn’t built with all features #pr-293 New APIs: * Status.DWRITE_ERROR #pr-294 * Format.RGB96F, Format.RGBA128F #pr-295 * PDFVersion.VERSION_1_6, PDFVersion.VERSION_1_7 #pr-296 * HAS_DWRITE_FONT #pr-297 * Context.set_hairline(), Context.get_hairline() #pr-298 * PDFSurface.set_custom_metadata() #pr-299 ==== python-pycares ==== - Add cleanup_tests.patch to make the test suite slightly more sane. - No, the test suite is just broken, and the upstream doesn't care. ==== systemd ==== Version update (252.2 -> 252.3) Subpackages: libsystemd0 libudev1 systemd-doc systemd-lang udev - Import commit bf3fef99886bd977a1c7a51d20087bc8977fff44 6372fb0cc4 btrfs-util: convert O_PATH if necessary, in btrfs quota call (bsc#1205560) 12e68eb0e5 blockdev-util: move O_PATH fd conversion into btrfs_get_block_device_fd() to shorten things bb2bafdc9d btrfs-util: convert to fd_reopen_condition() 1323232948 fd-util: add new helper fd_reopen_conditional() - Drop 6000-Revert-tmpfiles-whenever-creating-an-inode-immediate.patch It's no more needed as a fix for bsc#1205560 has been queued, see above. - Import commit 82898a14f5b0a965ba9c1efc1913fcdf29d446a8 (merge of v252.3) It includes the following fixes: 9410eb20eb cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (bsc#1204944) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e7e931b07edd786dc6ca1dae6c23ff7b785f8efd...82898a14f5b0a965ba9c1efc1913fcdf29d446a8 Additionally, it also includes the following backports: - 17b2f9f196 utmp-wtmp: fix error in case isatty() fails - 8d5c487c87 sd-bus: handle -EINTR return from bus_poll() (bsc#1201982) - 2dd217c8b5 tree-wide: modernizations with RET_NERRNO() ==== tpm2.0-abrmd ==== Version update (2.4.1 -> 3.0.0) Subpackages: libtss2-tcti-tabrmd0 tpm2.0-abrmd-selinux - Version 3.0.0 + Fixed * A bug in special command processing in TPM2_GetCapability when an audit session is in use cuased tpm2-abrmd to abort. + Added * New SELinux interfaces for communication with keylime + Changed * DBUS permissions in tpm2-abrmd.conf to match the in-kernel RM, ie /dev/tpmrm0, permissions. Now users MUST be in the tss group to send to tpm2-abrmd over DBUS. - Drop dbus-access.patch (merged in PR#805) ==== tpm2.0-tools ==== Version update (5.2 -> 5.4) - Update to version 5.4 + Added: * tpm2_policyrestart: Added option --cphash to output the cpHash for the command PM2_CC_PolicyRestart. * tpm2_policynvwritten: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyNvWritten. * tpm2_policylocality: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyLocality. * tpm2_policycountertimer: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyCounterTimer. * tpm2_policycommandcode: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyCommandCode. * tpm2_policypassword: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyPassword. * tpm2_policyauthvalue: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyAuthValue. * tpm2_policyauthorize: Added option --cphash to output the cpHash for the command TPM2_CC_PolicyAuthorize. * tpm2_print: Support printing serialized ESYS_TR's * tpm2_create: Add a clarifying message to usage of -c when TPM2_CreateLoaded is not supported. * tpm2_getcap: Add support for vendor agnostic capabilites. Requires tpm2-tss version 4.0 and higher to enable. * Add a script, check_endorsement_cert.sh, to validate the endorsement certificate chain. It takes two inputs - A TPM2B_PUBLIC format EKpublic and a PEM format EKcertificate specified in that order as arguments. - Update to version 5.3 + Features: * lib/tpm2_tool.c: add --help=no-man for tpm2 option. Prior to this change the tool parsed no-man as an unrecognized option and errored out. Now it lists all the available tool options. * tpm2_encodeobject: New tool to encode TPM2 object. It takes public and private portions of an object and encode them in a combined PEM form called tssprivkey used by tpm2-tss-engine and other applications. * Support alternative ECC curves for which default EK templates exist (NIST_P256, NIST_P384, NIST_P521, and SM2_P256). * tools/misc/tpm2_checkquote: add sm2 verification of signature. * crypto: support the TPM2_ECC_SM2_P256 curveID. * fapi: add new command to enable the use of fapi objects for tpm2 tools. The new command tss2_gettpm2object was added. With this command context files which can be used for tpm2 tool commands can be created. * Support for sign and verify with sm2 algorithms. * tools/tpm2_startauthsession: add sym-algorithm argument for supported symmetric algorithm. * Attestation (certify, command audit, sessionaudit and quote): add scheme argument for supported signature schemes. This also enable support for SM signing. * tpm2_flushcontext: support all options at a time. Support the - t/-l/-s options all at once so folks don't have to call it multiple times. * tools/tpm2_nvread: add human readable output for NV content Enable parsing and YAML-style output for the different NV index types. * New event types in tpm2_eventlog: EV_EFI_PLATFORM_FIRMWARE_BLOB2, EV_EFI_HANDOFF_TABLES2, EV_EFI_VARIABLE_BOOT2 * VERSION: add version file - Generate the version file with bootstrap and include in the DIST tarball so endusers can call autoreconf on a dist tarball which doesn't have git. This alleviates git describe errors on release tarballs in the autoreconf case. * import: support restricted parents - Support a restricted parent with an aes128cfb symmetric parameter. * tpm2_load - Added capability to load pem files in TSS2-Private-Key format for interoperability with tpm2-tss-engine, tpm2-openssl provider tpm2-pkcs11, and tpm2-pytss. * tpm2_print - Added capability to parse out and print the public portion of a TSS Private Key in the PEM format with the arg option TSSPRIVKEY_OBJ. * tpm2_loadexternal: Added support to tpm2_loadexternal for parsing and loading the public portion of a TSS2 Privkey PEM file. The path to the PEM file must be specified using the -r option while skipping the -G option for key type. * Support added for calculating cpHash, rpHash, sessions for parameter encryption and auditing in: tpm2_nvwrite, tpm2_nvcertify, tpm2_nvincrement, tpm2_nvwritelock, tpm2_nvreadlock, tpm2_nvundefine and tpm2_nvreadpublic. * Support added for calculating cpHash in: tpm2_clear, tpm2_dictionarylockout, tpm2_clearcontrol, tpm2_sign, tpm2_setprimarypolicy, tpm2_setclock, tpm2_rsadecrypt, tpm2_duplicate, tpm2_clockrateadjust, tpm2_createprimary, tpm2_quote, tpm2_policysecret, tpm2_policynv, tpm2_policyauthorizenv, tpm2_import, tpm2_hmac, tpm2_hierarchycontrol, tpm2_load, tpm2_gettime, tpm2_evictcontrol, tpm2_encryptdecrypt, tpm2_getpolicydigest, tpm2_loadexternal, tpm2_commit, tpm2_ecdhkeygen, tpm2_ecdhzgen, tpm2_ecephemeral, tpm2_geteccparameters, tpm2_flushcontext, tpm2_pcrallocate, tpm2_pcrevent, tpm2_pcrreset, tpm2_pcrread. * Support for using tcti=none for cpHash calculations to avoid invoking checks for active TPM in: tpm2_nvreadpublic, tpm2_nvundefine, tpm2_nvreadlock, tpm2_nvwritelock, tpm2_nvincrement, tpm2_nvcertify, tpm2_nvdefine, tpm2_nvwrite. + Known issue: * FAPI tools will not work on 32bit user-static qemu on 64bit host because readdir returns NULL. Follow the issue on ... changelog too long, skipping 84 lines ... - Add echo_tcti_call_python3_binary.patch (upstreamed) ==== vim ==== Version update (9.0.0978 -> 9.0.1040) Subpackages: vim-data vim-data-common vim-small - Updated to version 9.0.1040, fixes the following problems * Build errors without the +channel feature. (John Marriott) * ch_log() text can be hard to find in the log file. * The keyboard state response may end up in a shell command. * Build error in tiny version. * 'cursorline' not drawn before virtual text below. * Stray characters displayed when starting the GUI. * GUI: remote_foreground() does not always work. (Ron Aaron) * When using kitty keyboard protocol function keys may not work. (Kovid Goyal) * Build failure with tiny version. * File missing from list of distributed files. * Using feedkeys() does not show up in a channel log. * Popupwin test is more flaky on MacOS. * Callback name argument is changed by setqflist(). * Crash when reading help index with various options set. (Marius Gedminas) * Vim9 script: get E1096 when comment follows return. * Display errors when adding or removing text property type. * Tests for empty prop type name fail. * Padding before virtual text below is highlighted when 'number' and 'nowrap' are set. * If 'keyprotocol' is empty "xterm" still uses modifyOtherKeys. * Coverity warns for dead code. * "gk" may reset skipcol when not needed. * Memory may leak. * With 'smoothscroll' skipcol may be reset unnecessarily. * Classes are not documented or implemented yet. * Command list test fails. * Tiny build fails. * Suspend test sometimes fails on MacOS. * A failed test may leave a swap file behind. * Suspend test still sometimes fails on MacOS. * There is no way to get a list of swap file names. * Test for swapfilelist() fails on MS-Windows. * Test for catch after interrupt is flaky on MS-Windows. * Stray warnings for existing swap files. * ml_get error when using screenpos(). * Tests may get stuck in buffer with swap file. * Suspend test often fails on Mac OS. * Zir files are not recognized. * Without /dev/urandom srand() seed is too predictable. * screenpos() does not count filler lines for diff mode. * 'smoothscroll' and virtual text above don't work together. (Yee Cheng Chin) * Tests call GetSwapFileList() before it is defined. * Test trips over g:name. * Suspend test fails on Mac OS when suspending Vim. * WinScrolled is not triggered when filler lines change. * type of w_last_topfill is wrong. * LGTM is soon shutting down. * Mouse shape test is flaky, especially on Mac OS. * Autoload directory missing from distribution. * Using freed memory with the cmdline popup menu. * Vim9 class is not implemented yet. * Test fails when terminal feature is missing. * Tiny build fails because of conflicting typedef. * Reporting swap file when windows are split. * Object members are not being marked as used, garbage collection may free them. * Undo misbehaves when writing from an insert mode mapping. * lalloc(0) error for a class without members. * Function name does not match what it is used for. * Using a mapping CmdlineChanged may be triggered twice. * Test for mapping with CmdlineChanged fails. ==== wavpack ==== Version update (5.5.0 -> 5.6.0) - update to 5.6.0: * added: AIFF file import/export support * added: WATCOM compiler and OS/2 support * added: cmake support for mingw, builds Cooledit + Winamp plugins * added: --force-even-byte-depth option for rounding up bit depths * fixed: detect and report PCM files having non-zero padding bits * fixed: possible crash when displaying long channel assignments * fixed: big-endian-sourced "raw" files gave big-endian "wav"s * fixed: numerous minor issues ==== xen ==== Version update (4.16.2_04 -> 4.17.0_02) - Update to Xen 4.17.0 FCS release (jsc#PED-1858) xen-4.17.0-testing-src.tar.bz2 * On x86 "vga=current" can now be used together with GrUB2's gfxpayload setting. Note that this requires use of "multiboot2" (and "module2") as the GrUB commands loading Xen. * The "gnttab" option now has a new command line sub-option for disabling the GNTTABOP_transfer functionality. * The x86 MCE command line option info is now updated. * Out-of-tree builds for the hypervisor now supported. * __ro_after_init support, for marking data as immutable after boot. * The project has officially adopted 4 directives and 24 rules of MISRA-C, added MISRA-C checker build integration, and defined how to document deviations. * IOMMU superpage support on x86, affecting PV guests as well as HVM/PVH ones when they don't share page tables with the CPU (HAP / EPT / NPT). * Support for VIRT_SSBD and MSR_SPEC_CTRL for HVM guests on AMD. * Improved TSC, CPU, and APIC clock frequency calibration on x86. * Support for Xen using x86 Control Flow Enforcement technology for its own protection. Both Shadow Stacks (ROP protection) and Indirect Branch Tracking (COP/JOP protection). * Add mwait-idle support for SPR and ADL on x86. * Extend security support for hosts to 12 TiB of memory on x86. * Add command line option to set cpuid parameters for dom0 at boot time on x86. * Improved static configuration options on Arm. * cpupools can be specified at boot using device tree on Arm. * It is possible to use PV drivers with dom0less guests, allowing statically booted dom0less guests with PV devices. * On Arm, p2m structures are now allocated out of a pool of memory set aside at domain creation. * Improved mitigations against Spectre-BHB on Arm. * Support VirtIO-MMIO devices device-tree binding creation in toolstack on Arm. * Allow setting the number of CPUs to activate at runtime from command line option on Arm. * Grant-table support on Arm was improved and hardened by implementing "simplified M2P-like approach for the xenheap pages" * Add Renesas R-Car Gen4 IPMMU-VMSA support on Arm. * Add i.MX lpuart and i.MX8QM support on Arm. * Improved toolstack build system. * Add Xue - console over USB 3 Debug Capability. * gitlab-ci automation: Fixes and improvements together with new tests. * dropped support for the (x86-only) "vesa-mtrr" and "vesa-remap" command line options - Drop patches contained in new tarball or invalid 62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch xsa411.patch - bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may take excessively long (XSA-410) xsa410-01.patch xsa410-02.patch xsa410-03.patch xsa410-04.patch xsa410-05.patch xsa410-06.patch xsa410-07.patch xsa410-08.patch xsa410-09.patch xsa410-10.patch - bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in transitive grant copy handling (XSA-411) xsa411.patch ==== xorg-x11-fonts ==== Subpackages: xorg-x11-fonts-core xorg-x11-fonts-legacy - Do not ever use "%setup -n .": rpm 4.18 tries to be cleaner and remove stuff it extraced, which would lead to 'rm -rf .', which rm does not like. Use "%setup -c" instead, which creates the appropriate %{name}-%{version} directory expected. ==== xorg-x11-fonts-converted ==== - Do not ever use "%setup -n .": rpm 4.18 tries to be cleaner and remove stuff it extraced, which would lead to 'rm -rf .', which rm does not like. Use "%setup -c" instead, which creates the appropriate %{name}-%{version} directory expected. ==== yast2-kdump ==== Version update (4.5.6 -> 4.5.7) - Support fadump values in output of kdumptools calibrate (jsc#PED-1927) - drop support for older kdumptools - remove limits when kdumptools calibrate failed to allow user enter anything - 4.5.7