Packages changed: Mesa (21.1.1 -> 21.1.2) Mesa-drivers (21.1.1 -> 21.1.2) aaa_base (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) alsa (1.2.4 -> 1.2.5) alsa-oss alsa-plugins (1.2.2 -> 1.2.5) alsa-ucm-conf (1.2.4 -> 1.2.5) apache2 (2.4.46 -> 2.4.48) apache2-manual (2.4.46 -> 2.4.48) apache2-mod_php7 (7.4.19 -> 7.4.20) apache2-prefork (2.4.46 -> 2.4.48) apache2-utils (2.4.46 -> 2.4.48) atftp (0.7.2 -> 0.7.4) bolt (0.9 -> 0.9.1) boost-base boost-extra chrony (3.5.1 -> 4.1) cppcheck cups-filters (1.27.2 -> 1.28.8) curl (7.76.1 -> 7.77.0) elfutils (0.184 -> 0.185) elfutils-debuginfod (0.184 -> 0.185) epiphany (40.1 -> 40.2) expat (2.3.0 -> 2.4.1) fetchmail gcc10 gcc11 gdb glibc gnutls (3.7.1 -> 3.7.2) grub2 gupnp (1.2.4 -> 1.2.6) hdjmod (1.28_k5.12.4_2 -> 1.32_k5.12.9_1) hwdata (0.347 -> 0.348) kernel-64kb (5.12.4 -> 5.12.9) kernel-source (5.12.4 -> 5.12.9) kimap kio-fuse kmod (28 -> 29) konsole libX11 libcap libdrm (2.4.105 -> 2.4.106) libimagequant (2.13.1 -> 2.14.1) libinput (1.17.3 -> 1.18.0) libkgapi libmodulemd (2.12.0 -> 2.12.1) libnftnl (1.1.9 -> 1.2.0) libseccomp (2.5.0 -> 2.5.1) libtasn1 (4.16.0 -> 4.17.0) libvirt (7.2.0 -> 7.4.0) libxml2 (2.9.10 -> 2.9.12) libxslt libyui (4.2.11 -> 4.2.13) libyui-ncurses (4.2.11 -> 4.2.13) libyui-ncurses-pkg (4.2.11 -> 4.2.13) libyui-qt (4.2.11 -> 4.2.13) libyui-qt-graph (4.2.11 -> 4.2.13) libyui-qt-pkg (4.2.11 -> 4.2.13) libzypp (17.25.10 -> 17.26.0) lvm2 lvm2-device-mapper malcontent (0.9.0 -> 0.10.1) miniupnpc (2.2.1 -> 2.2.2) ncurses (6.2.20210501 -> 6.2.20210515) openssl ovmf (202102 -> 202105) patterns-base pcre2 (10.36 -> 10.37) perl-Convert-ASN1 (0.27 -> 0.29) perl-Mojolicious (9.17 -> 9.19) php7 (7.4.19 -> 7.4.20) pipewire pitivi (2021.01 -> 2021.05) python-alembic (1.6.2 -> 1.6.5) python-argcomplete (1.12.2 -> 1.12.3) python-libvirt-python (7.2.0 -> 7.4.0) python-libxml2 (2.9.10 -> 2.9.12) python-lxml python-pycurl redis (6.2.3 -> 6.2.4) remmina (1.4.16 -> 1.4.18) rtkit rubygem-ffi (1.15.0 -> 1.15.1) rubygem-mini_portile2 (2.5.1 -> 2.6.1) rubygem-nokogiri (1.11.3 -> 1.11.6) shim skopeo (1.2.1 -> 1.2.3) sushi (3.38.0 -> 3.38.1) systemd systemd-presets-common-SUSE unbound vim (8.2.2850 -> 8.2.2918) wget xapps (2.0.7 -> 2.2.0) xen (4.14.1_16 -> 4.15.0_01) xf86-video-nouveau xfce4-branding-openSUSE xorgproto yast2 (4.4.5 -> 4.4.9) yast2-bootloader (4.4.1 -> 4.4.2) yast2-network (4.4.12 -> 4.4.13) zypper (1.14.44 -> 1.14.45) === Details === ==== Mesa ==== Version update (21.1.1 -> 21.1.2) Subpackages: Mesa-dri-devel Mesa-libEGL1 Mesa-libGL1 Mesa-libglapi0 libgbm1 - update to 21.1.2 * second bugfix * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more. - no longer autoselect Mesa-dri-nouveau at all; autoselect libvdpau_nouveau depending on PCI ID (boo#1186721) ==== Mesa-drivers ==== Version update (21.1.1 -> 21.1.2) Subpackages: Mesa-dri Mesa-gallium Mesa-libva libvdpau_r300 libvdpau_r600 libvdpau_radeonsi libvulkan_radeon - update to 21.1.2 * second bugfix * mostly AMD and Intel changes as usual, but also a decent amount of ARM fixes and more. - no longer autoselect Mesa-dri-nouveau at all; autoselect libvdpau_nouveau depending on PCI ID (boo#1186721) ==== aaa_base ==== Version update (84.87+git20210317.2c04190 -> 84.87+git20210601.8cb043f) Subpackages: aaa_base-extras - Update to version 84.87+git20210601.8cb043f: * Use shell builtins for $HOSTTYPE and others (boo#1186296) ==== alsa ==== Version update (1.2.4 -> 1.2.5) Subpackages: libasound2 libatopology2 - Update to version 1.2.5 * https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-lib - Drop upstream fixed patches * 0001-dlmisc-the-snd_plugin_dir_set-snd_plugin_dir-must-be.patch * 0002-dlmisc-fix-snd_plugin_dir-locking-for-not-DL_ORIGIN_.patch * 0003-pcm-snd_pcm_mmap_readi-fix-typo-in-comment.patch * 0004-topology-use-inclusive-language-for-bclk.patch * 0005-topology-use-inclusive-language-for-fsync.patch * 0006-topology-use-inclusive-language-in-documentation.patch * 0007-pcm-set-the-snd_pcm_ioplug_status-tstamp-field.patch * 0009-pcm-Add-snd_pcm_audio_tstamp_type_t-constants.patch * 0045-pcm-direct-Fix-the-missing-appl_ptr-update.patch * 0019-pcm-fix-__snd_pcm_state-return-value.patch * 0025-pcm-plugin-optimize-sync-in-snd_pcm_plugin_status.patch * 0026-Revert-pcm_plugin-fix-delay.patch * 0014-rawmidi-fix-memory-leak-in-snd_rawmidi_virtual_open.patch * 0037-topology-tplg_decode_pcm-add-missing-log-argument-co.patch * 0040-topology-sort_config-cleanups-use-goto-for-the-error.patch * 0028-pcm-rate-tidy-up-snd_pcm_rate_avail_update.patch * 0046-pcm-ioplug-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_statu.patch * 0030-pcm-rate-use-pcm_frame_diff-in-snd_pcm_rate_playback.patch * 0047-pcm-null-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0043-pcm-dmix-dshare-delay-calculation-fixes-and-cleanups.patch * 0042-pcm_plugin-set-the-initial-hw_ptr-appl_ptr-from-the-.patch * 0011-pcm-Fix-a-typo-in-SND_PCM_AUDIO_TSTAMP_TYPE_LAST-def.patch * 0017-pcm_multi-remove-dead-assignment-from-_snd_pcm_multi.patch * 0027-pcm-ioplug-fix-the-delay-calculation-in-the-status-c.patch * 0041-conf-USB-add-Xonar-U7-MKII-to-USB-Audio.pcm.iec958_d.patch * 0016-pcm-remove-dead-assignments-from-snd_pcm_rate_-commi.patch * 0035-topology-tplg_pprint_integer-fix-coverity-uninitaliz.patch * 0034-ucm-fix-possible-memory-leak-in-parse_verb_file.patch * 0021-conf-fix-return-code-in-_snd_config_load_with_includ.patch * 0023-pcm-plugin-status-revert-the-recent-changes.patch * 0020-confmisc-fix-memory-leak-in-snd_func_concat.patch * 0029-pcm-ioplug-fix-the-delay-calculation-for-old-plugins.patch * 0039-ucm-uc_mgr_substitute_tree-fix-use-after-free.patch * 0024-pcm-plugin-tidy-snd_pcm_plugin_avail_update.patch * 0010-test-audio_time-Make-use-of-SND_PCM_AUDIO_TSTAMP_TYP.patch * 0033-pcm-rate-fix-the-capture-delay-values.patch * 0015-timer-fix-sizeof-operator-mismatch-in-snd_timer_quer.patch * 0036-topology-tplg_add_widget_object-do-not-use-invalid-e.patch * 0044-topology-fix-parse_tuple_set-remove-dead-condition-c.patch * 0038-topology-parse_tuple_set-remove-dead-condition-code.patch * 0018-conf-fix-get_hexachar-return-value.patch * 0013-ucm-fix-bad-frees-in-get_list0-and-get_list20.patch * 0012-conf-fix-use-after-free-in-_snd_config_load_with_inc.patch * 0031-pcm-plugin-fix-status-code-for-capture.patch * 0048-pcm-share-Pass-appl_ptr-and-hw_ptr-in-snd_pcm_status.patch * 0032-pcm-rate-use-pcm_frame_diff-on-related-places.patch * 0022-pcm-plugin-status-fix-the-return-value-regression.patch ==== alsa-oss ==== - Use https for URL and SourceURL ==== alsa-plugins ==== Version update (1.2.2 -> 1.2.5) Subpackages: alsa-plugins-pulse alsa-plugins-speexrate alsa-plugins-upmix - Update to 1.2.5 * Support alsa 1.2.5 * Fixed A52 Output plugin * upmix: complete generalizing format * jack: add option to allow non-jack-aligned period size * oss: fix the config (port -> device) * pulse: pcm - handle reading pulse stream hole * usb_stream: use snd_config_get_card() to decode the card number ==== alsa-ucm-conf ==== Version update (1.2.4 -> 1.2.5) - Update to version 1.2.5 * tegra: Add UCM for more devices * codecs/rt5640: Make headset optional * rt715: add mic led support * bytcr-rt5640: Add support for controlling a speaker-mute LED * cht-bsw-rt5672: Add support for controlling speaker- and mic-mute LEDs, Add support for the components string * ucm2: add support to for Qualcomm RB5 Platform * codecs/rt5672: Add hardware volume-control support * codecs/rt5640: Add hardware volume-control support * bytcr-wm5102: Add new UCM profile for BYT boards with a WM5102 codec * bytcr-rt5640: Add support for devices without speakers and/or an internal mic * chtrt5645: Enable Internal MIC of ECS EF20EA * chtnau8824: Add support for laptops using stereo DMICs and fix mono speaker config not working * Full changes: https://www.alsa-project.org/wiki/Changes_v1.2.4_v1.2.5#alsa-ucm-conf - Drop upstream fixes * 0001-fix-the-ucm2-codecs-hda-hdmi.conf-use.patch * 0002-codecs-hda-hdmi.conf-add-DisplayPort-to-the-device-d.patch * 0003-sof-soundwire-use-the-codecs-hda-hdmi.conf-macro.patch * 0004-Revert-ucm2-HDA-acp-add-Capture-simple-mixer-element.patch * 0005-chtnau8824-Fix-mono-speaker-config-not-working.patch * 0006-chtnau8824-Add-support-for-laptops-using-stereo-DMIC.patch * 0007-chtnau8824-Boost-analog-mic-volumes-a-bit.patch * 0008-rt715-init-setup-ADC07-to-a-proper-volume.patch * 0009-sof-hda-dsp-Set-Master-Playback-Switch-on-in-the-Boo.patch * 0010-HDA-Intel-HiFi-dual-Add-EnableSequence-and-DisableSe.patch * 0011-HDA-Intel-HiFi-dual-Add-BootSequence-and-disable-pla.patch * 0012-chtrt5645-Enable-Internal-MIC-of-ECS-EF20EA.patch * 0013-bytcr-rt5640-Add-support-for-devices-without-speaker.patch * 0014-rt5640-Move-standard-DAC-setup-to-EnableSeq.conf.patch * 0015-bytcr-rt5640-fix-the-execution-order.patch * 0016-ucm2-add-initial-configuration-for-TRX40-Gigabyte-Ao.patch * 0017-USB-Audio-ALC1220-Bump-analog-Speaker-priority-over-.patch * 0018-USB-Audio-ALC1220-fix-indentation-for-Speaker-device.patch * 0019-USB-Audio-fix-indentation-in-Gigabyte-Aorus-Master-M.patch * 0020-chtnau8824-Add-a-SST-define-variable.patch * 0021-kblrt5660-Fix-file-permissions.patch ==== apache2 ==== Version update (2.4.46 -> 2.4.48) - version update to 2.4.48 Changes with Apache 2.4.48 * ) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic] * ) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. BZ 65294. [Yann Ylavic] * ) core: Fix a regression that stripped the ETag header from 304 responses. PR 61820 [Ruediger Pluem, Roy T. Fielding] * ) core: Adding SSL related inquiry functions to the server API. These function are always available, even when no module providing SSL is loaded. They provide their own "shadowing" implementation for the optional functions of similar name that mod_ssl and impersonators of mod_ssl provide. This enables loading of several SSL providing modules when all but one of them registers itself into the new hooks. Two old-style SSL modules will not work, as they replace the others optional functions with their own. Modules using the old-style optional functions will continue to work as core supplies its own versions of those. The following has been added so far: - ap_ssl_conn_is_ssl() to query if a connection is using SSL. - ap_ssl_var_lookup() to query SSL related variables for a server/connection/request. - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules providing SSL can install their own value supplying functions. - ap_ssl_add_cert_files() to enable other modules like mod_md to provide certificate and keys for an SSL module like mod_ssl. - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to provide a fallback certificate in case no 'proper' certificate is available for an SSL module like mod_ssl. - ap_ssl_answer_challenge() to enable other modules like mod_md to provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge for the ACME protocol for an SSL module like mod_ssl. The function and its hook provide PEM encoded data instead of file names. - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and 'ssl_answer_challenge' where modules like mod_md can provide providers to the above mentioned functions. - These functions reside in the new 'http_ssl.h' header file. [Stefan Eissing] * ) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This allows modules to access and provide OCSP response data without being tied of each other. The data is exchanged in standard, portable formats (PEM encoded certificates and DER encoded responses), so that the actual SSL/crypto implementations used by the modules are independant of each other. Registration and retrieval happen in the context of a server (server_rec) which modules may use to decide if they are configured for this or not. The area of changes: 1. core: defines 2 functions in include/http_ssl.h, so that modules may register a certificate, together with its issuer certificate for OCSP response provisioning and ask for current response data (DER bytes) later. Also, 2 hooks are defined that allow modules to implement this OCSP provisioning. 2. mod_ssl uses the new functions, in addition to what it did already, to register its certificates this way. If no one is interested in providing OCSP, it falls back to its own (if configured) stapling implementation. 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending on configuration, it will accept registrations of its own certificates only, all certificates or none. [Stefan Eissing] * ) mod_md: v2.4.0 with improvements and bugfixes - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm () implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup::```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at . - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exceed CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. [Stefan Eissing, @tlhackque, Andreas Ulm] Changes with Apache 2.4.47 * ) mod_dav_fs: Improve logging output when failing to open files for writing. PR 64413. [Bingyu Shen ] * ) mod_http2: Fixed a race condition that could lead to streams being aborted (RST to the client), although a response had been produced. [Stefan Eissing] * ) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] * ) MPM event/worker: Fix possible crash in child process on early signal delivery. PR 64533. [Ruediger Pluem] * ) mod_http2: sync with github standalone version 1.15.17 - Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem] - new option 'H2OutputBuffering on/off' which controls the buffering of stream output. The default is on, which is the behaviour of older mod-h2 versions. When off, all bytes are made available immediately to the main connection for sending them out to the client. This fixes interop issues with certain flavours of gRPC, see also . [Stefan Eissing] * ) mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159 [Jonas Müntener , Christophe Jaillet] * ) "[mod_dav_fs etag handling] should really honor the FileETag setting". - It now does. - Add "Digest" to FileETag directive, allowing a strong ETag to be generated using a file digest. - Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over ETag generation. - Add concept of "binary notes" to request_rec, allowing packed bit flags to be added to a request. - First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force the ETag to a strong ETag to comply with RFC requirements, such as those mandated by various WebDAV extensions. [Graham Leggett] * ) mod_proxy_http: Fix a possibly crash when the origin connection gets interrupted before completion. PR 64234. [Barnim Dzwillo , Ruediger Pluem] * ) mod_ssl: Do not keep connections to OCSP responders alive when doing OCSP requests. PR 64135. [Ruediger Pluem] * ) mod_ssl: Improve the coalescing filter to buffer into larger TLS records, and avoid revealing the HTTP header size via TLS record boundaries (for common response generators). [Joe Orton, Ruediger Pluem] * ) mod_proxy_hcheck: Don't pile up health checks if the previous one did not finish before hcinterval. PR 63010. [Yann Ylavic] * ) mod_session: Improve session parsing. [Yann Yalvic] * ) mod_authnz_ldap: Prevent authentications with empty passwords for the initial bind to fail with status 500. [Ruediger Pluem] * ) mod_auth_digest: Fast validation of the nonce's base64 to fail early if the format can't match anyway. [Yann Ylavic] * ) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] * ) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in proxy_util. [Yann Ylavic] * ) mod_proxy: Improve tunneling loop to support half closed connections and pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] * ) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response and switched protocol forwarding. [Yann Ylavic] * ) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] * ) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] * ) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined directives. [Yann Ylavic] * ) core: Ensure that aborted connections are logged as such. PR 62823 [Arnaud Grandville ] * ) http: Allow unknown response status' lines returned in the form of "HTTP/x.x xxx Status xxx". [Yann Ylavic] * ) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies, leading to Request Timeout (408). PR 63855. [Yann Ylavic] * ) core: Remove headers on 304 Not Modified as specified by RFC7234, as opposed to passing an explicit subset of headers. PR 61820. [Giovanni Bechis] * ) mpm_event: Don't reset connections after lingering close, restoring prior to 2.4.28 behaviour. [Yann Ylavic] * ) mpm_event: Kill connections in keepalive state only when there is no more workers available, not when the maximum number of connections is reached, restoring prior to 2.4.30 behaviour. [Yann Ylavic] * ) mod_unique_id: Use base64url encoding for UNIQUE_ID variable, avoiding the use of '@'. PR 57044. [Michael Kaufmann ] * ) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] * ) mod_proxy: Add proxy check_trans hook. This allows proxy modules to decline request handling at early stage. * ) mod_proxy_wstunnel: Decline requests without an Upgrade header so ws/wss can be enabled overlapping with later http/https. * ) mod_http2: Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem, Stefan Eissing] * ) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29 as proposed by . [Stefan Eissing] * ) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton] * ) mod_proxy_uwsgi: Fix a crash when sending environment variables with no value. PR 64598 [Ruediger Pluem] * ) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar substitution, such that they apply to the backend connection. Note that connection reuse is disabled by default to avoid compatibility issues. [Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere] - modified sources % apache2.keyring - deleted patches - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) - lua54.patch (upstreamed) ==== apache2-manual ==== Version update (2.4.46 -> 2.4.48) - version update to 2.4.48 Changes with Apache 2.4.48 * ) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic] * ) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. BZ 65294. [Yann Ylavic] * ) core: Fix a regression that stripped the ETag header from 304 responses. PR 61820 [Ruediger Pluem, Roy T. Fielding] * ) core: Adding SSL related inquiry functions to the server API. These function are always available, even when no module providing SSL is loaded. They provide their own "shadowing" implementation for the optional functions of similar name that mod_ssl and impersonators of mod_ssl provide. This enables loading of several SSL providing modules when all but one of them registers itself into the new hooks. Two old-style SSL modules will not work, as they replace the others optional functions with their own. Modules using the old-style optional functions will continue to work as core supplies its own versions of those. The following has been added so far: - ap_ssl_conn_is_ssl() to query if a connection is using SSL. - ap_ssl_var_lookup() to query SSL related variables for a server/connection/request. - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules providing SSL can install their own value supplying functions. - ap_ssl_add_cert_files() to enable other modules like mod_md to provide certificate and keys for an SSL module like mod_ssl. - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to provide a fallback certificate in case no 'proper' certificate is available for an SSL module like mod_ssl. - ap_ssl_answer_challenge() to enable other modules like mod_md to provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge for the ACME protocol for an SSL module like mod_ssl. The function and its hook provide PEM encoded data instead of file names. - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and 'ssl_answer_challenge' where modules like mod_md can provide providers to the above mentioned functions. - These functions reside in the new 'http_ssl.h' header file. [Stefan Eissing] * ) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This allows modules to access and provide OCSP response data without being tied of each other. The data is exchanged in standard, portable formats (PEM encoded certificates and DER encoded responses), so that the actual SSL/crypto implementations used by the modules are independant of each other. Registration and retrieval happen in the context of a server (server_rec) which modules may use to decide if they are configured for this or not. The area of changes: 1. core: defines 2 functions in include/http_ssl.h, so that modules may register a certificate, together with its issuer certificate for OCSP response provisioning and ask for current response data (DER bytes) later. Also, 2 hooks are defined that allow modules to implement this OCSP provisioning. 2. mod_ssl uses the new functions, in addition to what it did already, to register its certificates this way. If no one is interested in providing OCSP, it falls back to its own (if configured) stapling implementation. 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending on configuration, it will accept registrations of its own certificates only, all certificates or none. [Stefan Eissing] * ) mod_md: v2.4.0 with improvements and bugfixes - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm () implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup::```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at . - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exceed CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. [Stefan Eissing, @tlhackque, Andreas Ulm] Changes with Apache 2.4.47 * ) mod_dav_fs: Improve logging output when failing to open files for writing. PR 64413. [Bingyu Shen ] * ) mod_http2: Fixed a race condition that could lead to streams being aborted (RST to the client), although a response had been produced. [Stefan Eissing] * ) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] * ) MPM event/worker: Fix possible crash in child process on early signal delivery. PR 64533. [Ruediger Pluem] * ) mod_http2: sync with github standalone version 1.15.17 - Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem] - new option 'H2OutputBuffering on/off' which controls the buffering of stream output. The default is on, which is the behaviour of older mod-h2 versions. When off, all bytes are made available immediately to the main connection for sending them out to the client. This fixes interop issues with certain flavours of gRPC, see also . [Stefan Eissing] * ) mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159 [Jonas Müntener , Christophe Jaillet] * ) "[mod_dav_fs etag handling] should really honor the FileETag setting". - It now does. - Add "Digest" to FileETag directive, allowing a strong ETag to be generated using a file digest. - Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over ETag generation. - Add concept of "binary notes" to request_rec, allowing packed bit flags to be added to a request. - First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force the ETag to a strong ETag to comply with RFC requirements, such as those mandated by various WebDAV extensions. [Graham Leggett] * ) mod_proxy_http: Fix a possibly crash when the origin connection gets interrupted before completion. PR 64234. [Barnim Dzwillo , Ruediger Pluem] * ) mod_ssl: Do not keep connections to OCSP responders alive when doing OCSP requests. PR 64135. [Ruediger Pluem] * ) mod_ssl: Improve the coalescing filter to buffer into larger TLS records, and avoid revealing the HTTP header size via TLS record boundaries (for common response generators). [Joe Orton, Ruediger Pluem] * ) mod_proxy_hcheck: Don't pile up health checks if the previous one did not finish before hcinterval. PR 63010. [Yann Ylavic] * ) mod_session: Improve session parsing. [Yann Yalvic] * ) mod_authnz_ldap: Prevent authentications with empty passwords for the initial bind to fail with status 500. [Ruediger Pluem] * ) mod_auth_digest: Fast validation of the nonce's base64 to fail early if the format can't match anyway. [Yann Ylavic] * ) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] * ) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in proxy_util. [Yann Ylavic] * ) mod_proxy: Improve tunneling loop to support half closed connections and pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] * ) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response and switched protocol forwarding. [Yann Ylavic] * ) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] * ) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] * ) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined directives. [Yann Ylavic] * ) core: Ensure that aborted connections are logged as such. PR 62823 [Arnaud Grandville ] * ) http: Allow unknown response status' lines returned in the form of "HTTP/x.x xxx Status xxx". [Yann Ylavic] * ) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies, leading to Request Timeout (408). PR 63855. [Yann Ylavic] * ) core: Remove headers on 304 Not Modified as specified by RFC7234, as opposed to passing an explicit subset of headers. PR 61820. [Giovanni Bechis] * ) mpm_event: Don't reset connections after lingering close, restoring prior to 2.4.28 behaviour. [Yann Ylavic] * ) mpm_event: Kill connections in keepalive state only when there is no more workers available, not when the maximum number of connections is reached, restoring prior to 2.4.30 behaviour. [Yann Ylavic] * ) mod_unique_id: Use base64url encoding for UNIQUE_ID variable, avoiding the use of '@'. PR 57044. [Michael Kaufmann ] * ) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] * ) mod_proxy: Add proxy check_trans hook. This allows proxy modules to decline request handling at early stage. * ) mod_proxy_wstunnel: Decline requests without an Upgrade header so ws/wss can be enabled overlapping with later http/https. * ) mod_http2: Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem, Stefan Eissing] * ) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29 as proposed by . [Stefan Eissing] * ) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton] * ) mod_proxy_uwsgi: Fix a crash when sending environment variables with no value. PR 64598 [Ruediger Pluem] * ) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar substitution, such that they apply to the backend connection. Note that connection reuse is disabled by default to avoid compatibility issues. [Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere] - modified sources % apache2.keyring - deleted patches - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) - lua54.patch (upstreamed) ==== apache2-mod_php7 ==== Version update (7.4.19 -> 7.4.20) - updated to 7.4.20: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.20 ==== apache2-prefork ==== Version update (2.4.46 -> 2.4.48) - version update to 2.4.48 Changes with Apache 2.4.48 * ) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic] * ) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. BZ 65294. [Yann Ylavic] * ) core: Fix a regression that stripped the ETag header from 304 responses. PR 61820 [Ruediger Pluem, Roy T. Fielding] * ) core: Adding SSL related inquiry functions to the server API. These function are always available, even when no module providing SSL is loaded. They provide their own "shadowing" implementation for the optional functions of similar name that mod_ssl and impersonators of mod_ssl provide. This enables loading of several SSL providing modules when all but one of them registers itself into the new hooks. Two old-style SSL modules will not work, as they replace the others optional functions with their own. Modules using the old-style optional functions will continue to work as core supplies its own versions of those. The following has been added so far: - ap_ssl_conn_is_ssl() to query if a connection is using SSL. - ap_ssl_var_lookup() to query SSL related variables for a server/connection/request. - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules providing SSL can install their own value supplying functions. - ap_ssl_add_cert_files() to enable other modules like mod_md to provide certificate and keys for an SSL module like mod_ssl. - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to provide a fallback certificate in case no 'proper' certificate is available for an SSL module like mod_ssl. - ap_ssl_answer_challenge() to enable other modules like mod_md to provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge for the ACME protocol for an SSL module like mod_ssl. The function and its hook provide PEM encoded data instead of file names. - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and 'ssl_answer_challenge' where modules like mod_md can provide providers to the above mentioned functions. - These functions reside in the new 'http_ssl.h' header file. [Stefan Eissing] * ) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This allows modules to access and provide OCSP response data without being tied of each other. The data is exchanged in standard, portable formats (PEM encoded certificates and DER encoded responses), so that the actual SSL/crypto implementations used by the modules are independant of each other. Registration and retrieval happen in the context of a server (server_rec) which modules may use to decide if they are configured for this or not. The area of changes: 1. core: defines 2 functions in include/http_ssl.h, so that modules may register a certificate, together with its issuer certificate for OCSP response provisioning and ask for current response data (DER bytes) later. Also, 2 hooks are defined that allow modules to implement this OCSP provisioning. 2. mod_ssl uses the new functions, in addition to what it did already, to register its certificates this way. If no one is interested in providing OCSP, it falls back to its own (if configured) stapling implementation. 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending on configuration, it will accept registrations of its own certificates only, all certificates or none. [Stefan Eissing] * ) mod_md: v2.4.0 with improvements and bugfixes - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm () implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup::```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at . - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exceed CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. [Stefan Eissing, @tlhackque, Andreas Ulm] Changes with Apache 2.4.47 * ) mod_dav_fs: Improve logging output when failing to open files for writing. PR 64413. [Bingyu Shen ] * ) mod_http2: Fixed a race condition that could lead to streams being aborted (RST to the client), although a response had been produced. [Stefan Eissing] * ) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] * ) MPM event/worker: Fix possible crash in child process on early signal delivery. PR 64533. [Ruediger Pluem] * ) mod_http2: sync with github standalone version 1.15.17 - Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem] - new option 'H2OutputBuffering on/off' which controls the buffering of stream output. The default is on, which is the behaviour of older mod-h2 versions. When off, all bytes are made available immediately to the main connection for sending them out to the client. This fixes interop issues with certain flavours of gRPC, see also . [Stefan Eissing] * ) mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159 [Jonas Müntener , Christophe Jaillet] * ) "[mod_dav_fs etag handling] should really honor the FileETag setting". - It now does. - Add "Digest" to FileETag directive, allowing a strong ETag to be generated using a file digest. - Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over ETag generation. - Add concept of "binary notes" to request_rec, allowing packed bit flags to be added to a request. - First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force the ETag to a strong ETag to comply with RFC requirements, such as those mandated by various WebDAV extensions. [Graham Leggett] * ) mod_proxy_http: Fix a possibly crash when the origin connection gets interrupted before completion. PR 64234. [Barnim Dzwillo , Ruediger Pluem] * ) mod_ssl: Do not keep connections to OCSP responders alive when doing OCSP requests. PR 64135. [Ruediger Pluem] * ) mod_ssl: Improve the coalescing filter to buffer into larger TLS records, and avoid revealing the HTTP header size via TLS record boundaries (for common response generators). [Joe Orton, Ruediger Pluem] * ) mod_proxy_hcheck: Don't pile up health checks if the previous one did not finish before hcinterval. PR 63010. [Yann Ylavic] * ) mod_session: Improve session parsing. [Yann Yalvic] * ) mod_authnz_ldap: Prevent authentications with empty passwords for the initial bind to fail with status 500. [Ruediger Pluem] * ) mod_auth_digest: Fast validation of the nonce's base64 to fail early if the format can't match anyway. [Yann Ylavic] * ) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] * ) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in proxy_util. [Yann Ylavic] * ) mod_proxy: Improve tunneling loop to support half closed connections and pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] * ) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response and switched protocol forwarding. [Yann Ylavic] * ) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] * ) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] * ) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined directives. [Yann Ylavic] * ) core: Ensure that aborted connections are logged as such. PR 62823 [Arnaud Grandville ] * ) http: Allow unknown response status' lines returned in the form of "HTTP/x.x xxx Status xxx". [Yann Ylavic] * ) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies, leading to Request Timeout (408). PR 63855. [Yann Ylavic] * ) core: Remove headers on 304 Not Modified as specified by RFC7234, as opposed to passing an explicit subset of headers. PR 61820. [Giovanni Bechis] * ) mpm_event: Don't reset connections after lingering close, restoring prior to 2.4.28 behaviour. [Yann Ylavic] * ) mpm_event: Kill connections in keepalive state only when there is no more workers available, not when the maximum number of connections is reached, restoring prior to 2.4.30 behaviour. [Yann Ylavic] * ) mod_unique_id: Use base64url encoding for UNIQUE_ID variable, avoiding the use of '@'. PR 57044. [Michael Kaufmann ] * ) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] * ) mod_proxy: Add proxy check_trans hook. This allows proxy modules to decline request handling at early stage. * ) mod_proxy_wstunnel: Decline requests without an Upgrade header so ws/wss can be enabled overlapping with later http/https. * ) mod_http2: Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem, Stefan Eissing] * ) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29 as proposed by . [Stefan Eissing] * ) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton] * ) mod_proxy_uwsgi: Fix a crash when sending environment variables with no value. PR 64598 [Ruediger Pluem] * ) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar substitution, such that they apply to the backend connection. Note that connection reuse is disabled by default to avoid compatibility issues. [Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere] - modified sources % apache2.keyring - deleted patches - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) - lua54.patch (upstreamed) ==== apache2-utils ==== Version update (2.4.46 -> 2.4.48) - version update to 2.4.48 Changes with Apache 2.4.48 * ) mod_proxy_wstunnel: Add ProxyWebsocketFallbackToProxyHttp to opt-out the fallback to mod_proxy_http for WebSocket upgrade and tunneling. [Yann Ylavic] * ) mod_proxy: Fix flushing of THRESHOLD_MIN_WRITE data while tunneling. BZ 65294. [Yann Ylavic] * ) core: Fix a regression that stripped the ETag header from 304 responses. PR 61820 [Ruediger Pluem, Roy T. Fielding] * ) core: Adding SSL related inquiry functions to the server API. These function are always available, even when no module providing SSL is loaded. They provide their own "shadowing" implementation for the optional functions of similar name that mod_ssl and impersonators of mod_ssl provide. This enables loading of several SSL providing modules when all but one of them registers itself into the new hooks. Two old-style SSL modules will not work, as they replace the others optional functions with their own. Modules using the old-style optional functions will continue to work as core supplies its own versions of those. The following has been added so far: - ap_ssl_conn_is_ssl() to query if a connection is using SSL. - ap_ssl_var_lookup() to query SSL related variables for a server/connection/request. - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules providing SSL can install their own value supplying functions. - ap_ssl_add_cert_files() to enable other modules like mod_md to provide certificate and keys for an SSL module like mod_ssl. - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to provide a fallback certificate in case no 'proper' certificate is available for an SSL module like mod_ssl. - ap_ssl_answer_challenge() to enable other modules like mod_md to provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge for the ACME protocol for an SSL module like mod_ssl. The function and its hook provide PEM encoded data instead of file names. - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and 'ssl_answer_challenge' where modules like mod_md can provide providers to the above mentioned functions. - These functions reside in the new 'http_ssl.h' header file. [Stefan Eissing] * ) core/mod_ssl/mod_md: adding OCSP response provisioning as core feature. This allows modules to access and provide OCSP response data without being tied of each other. The data is exchanged in standard, portable formats (PEM encoded certificates and DER encoded responses), so that the actual SSL/crypto implementations used by the modules are independant of each other. Registration and retrieval happen in the context of a server (server_rec) which modules may use to decide if they are configured for this or not. The area of changes: 1. core: defines 2 functions in include/http_ssl.h, so that modules may register a certificate, together with its issuer certificate for OCSP response provisioning and ask for current response data (DER bytes) later. Also, 2 hooks are defined that allow modules to implement this OCSP provisioning. 2. mod_ssl uses the new functions, in addition to what it did already, to register its certificates this way. If no one is interested in providing OCSP, it falls back to its own (if configured) stapling implementation. 3. mod_md registers itself at the core hooks for OCSP provisioning. Depending on configuration, it will accept registrations of its own certificates only, all certificates or none. [Stefan Eissing] * ) mod_md: v2.4.0 with improvements and bugfixes - MDPrivateKeys allows the specification of several types. Beside "RSA" plus optional key lengths elliptic curves can be configured. This means you can have multiple certificates for a Managed Domain with different key types. With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA and one RSA certificate and all modern client will use the shorter ECDSA, while older client will get the RSA certificate. Many thanks to @tlhackque who pushed and helped on this. - Support added for MDomains consisting of a wildcard. Configuring ```MDomain *.host.net``` will match all virtual hosts matching that pattern and obtain one certificate for it (assuming you have 'dns-01' challenge support configured). Addresses #239. - Removed support for ACMEv1 servers. The only known installation used to be Let's Encrypt which has disabled that version more than a year ago for new accounts. - Andreas Ulm () implemented the ```renewing``` call to ```MDMessageCmd``` that can deny a certificate renewal attempt. This is useful in clustered installations, as discussed in #233). - New event ```challenge-setup::```, triggered when the challenge data for a domain has been created. This is invoked before the ACME server is told to check for it. The type is one of the ACME challenge types. This is invoked for every DNS name in a MDomain. - The max delay for retries has been raised to daily (this is like all retries jittered somewhat to avoid repeats at fixed time of day). - Certain error codes reported by the ACME server that indicate a problem with the configured data now immediately switch to daily retries. For example: if the ACME server rejects a contact email or a domain name, frequent retries will most likely not solve the problem. But daily retries still make sense as there might be an error at the server and un-supervised certificate renewal is the goal. Refs #222. - Test case and work around for domain names > 64 octets. Fixes #227. When the first DNS name of an MD is longer than 63 octets, the certificate request will not contain a CN field, but leave it up to the CA to choose one. Currently, Lets Encrypt looks for a shorter name in the SAN list given and fails the request if none is found. But it is really up to the CA (and what browsers/libs accept here) and may change over the years. That is why the decision is best made at the CA. - Retry delays now have a random +/-[0-50]% modification applied to let retries from several servers spread out more, should they have been restarted at the same time of day. - Fixed several places where the 'badNonce' return code from an ACME server was not handled correctly. The test server 'pebble' simulates this behaviour by default and helps nicely in verifying this behaviour. Thanks, pebble! - Set the default `MDActivationDelay` to 0. This was confusing to users that new certificates were deemed not usably before a day of delay. When clocks are correct, using a new certificate right away should not pose a problem. - When handling ACME authorization resources, the module no longer requires the server to return a "Location" header, as was necessary in ACMEv1. Fixes #216. - Fixed a theoretical uninitialized read when testing for JSON error responses from the ACME CA. Reported at . - ACME problem reports from CAs that include parameters in the Content-Type header are handled correctly. (Previously, the problem text would not be reported and retries could exceed CA limits.) - Account Update transactions to V2 CAs now use the correct POST-AS-GET method. Previously, an empty JSON object was sent - which apparently LE accepted, but others reject. [Stefan Eissing, @tlhackque, Andreas Ulm] Changes with Apache 2.4.47 * ) mod_dav_fs: Improve logging output when failing to open files for writing. PR 64413. [Bingyu Shen ] * ) mod_http2: Fixed a race condition that could lead to streams being aborted (RST to the client), although a response had been produced. [Stefan Eissing] * ) mod_lua: Add support to Lua 5.4 [Joe Orton, Giovanni Bechis, Ruediger Pluem] * ) MPM event/worker: Fix possible crash in child process on early signal delivery. PR 64533. [Ruediger Pluem] * ) mod_http2: sync with github standalone version 1.15.17 - Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem] - new option 'H2OutputBuffering on/off' which controls the buffering of stream output. The default is on, which is the behaviour of older mod-h2 versions. When off, all bytes are made available immediately to the main connection for sending them out to the client. This fixes interop issues with certain flavours of gRPC, see also . [Stefan Eissing] * ) mod_unique_id: Fix potential duplicated ID generation under heavy load. PR 65159 [Jonas Müntener , Christophe Jaillet] * ) "[mod_dav_fs etag handling] should really honor the FileETag setting". - It now does. - Add "Digest" to FileETag directive, allowing a strong ETag to be generated using a file digest. - Add ap_make_etag_ex() and ap_set_etag_fd() to allow full control over ETag generation. - Add concept of "binary notes" to request_rec, allowing packed bit flags to be added to a request. - First binary note - AP_REQUEST_STRONG_ETAG - allows modules to force the ETag to a strong ETag to comply with RFC requirements, such as those mandated by various WebDAV extensions. [Graham Leggett] * ) mod_proxy_http: Fix a possibly crash when the origin connection gets interrupted before completion. PR 64234. [Barnim Dzwillo , Ruediger Pluem] * ) mod_ssl: Do not keep connections to OCSP responders alive when doing OCSP requests. PR 64135. [Ruediger Pluem] * ) mod_ssl: Improve the coalescing filter to buffer into larger TLS records, and avoid revealing the HTTP header size via TLS record boundaries (for common response generators). [Joe Orton, Ruediger Pluem] * ) mod_proxy_hcheck: Don't pile up health checks if the previous one did not finish before hcinterval. PR 63010. [Yann Ylavic] * ) mod_session: Improve session parsing. [Yann Yalvic] * ) mod_authnz_ldap: Prevent authentications with empty passwords for the initial bind to fail with status 500. [Ruediger Pluem] * ) mod_auth_digest: Fast validation of the nonce's base64 to fail early if the format can't match anyway. [Yann Ylavic] * ) mod_proxy_fcgi: Honor "SetEnv proxy-sendcl" to forward a chunked Transfer-Encoding from the client, spooling the request body when needed to provide a Content-Length to the backend. PR 57087. [Yann Ylavic] * ) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in proxy_util. [Yann Ylavic] * ) mod_proxy: Improve tunneling loop to support half closed connections and pending data draining (for protocols like rsync). PR 61616. [Yann Ylavic] * ) mod_proxy_http: handle Upgrade request, 101 (Switching Protocol) response and switched protocol forwarding. [Yann Ylavic] * ) mod_proxy_wstunnel: Leave Upgrade requests handling to mod_proxy_http, allowing for (non-)Upgrade negotiation with the origin server. [Yann Ylavic] * ) mod_proxy: Allow ProxyErrorOverride to be restricted to specific status codes. PR63628. [Martin Drößler ] * ) core: Add ReadBufferSize, FlushMaxThreshold and FlushMaxPipelined directives. [Yann Ylavic] * ) core: Ensure that aborted connections are logged as such. PR 62823 [Arnaud Grandville ] * ) http: Allow unknown response status' lines returned in the form of "HTTP/x.x xxx Status xxx". [Yann Ylavic] * ) mod_proxy_http: Fix 100-continue deadlock for spooled request bodies, leading to Request Timeout (408). PR 63855. [Yann Ylavic] * ) core: Remove headers on 304 Not Modified as specified by RFC7234, as opposed to passing an explicit subset of headers. PR 61820. [Giovanni Bechis] * ) mpm_event: Don't reset connections after lingering close, restoring prior to 2.4.28 behaviour. [Yann Ylavic] * ) mpm_event: Kill connections in keepalive state only when there is no more workers available, not when the maximum number of connections is reached, restoring prior to 2.4.30 behaviour. [Yann Ylavic] * ) mod_unique_id: Use base64url encoding for UNIQUE_ID variable, avoiding the use of '@'. PR 57044. [Michael Kaufmann ] * ) mod_rewrite: Extend the [CO] (cookie) flag of RewriteRule to accept a SameSite attribute. [Eric Covener] * ) mod_proxy: Add proxy check_trans hook. This allows proxy modules to decline request handling at early stage. * ) mod_proxy_wstunnel: Decline requests without an Upgrade header so ws/wss can be enabled overlapping with later http/https. * ) mod_http2: Log requests and sent the configured error response in case of early detected errors like too many or too long headers. [Ruediger Pluem, Stefan Eissing] * ) mod_md: Lowered the required minimal libcurl version from 7.50 to 7.29 as proposed by . [Stefan Eissing] * ) mod_ssl: Fix request body buffering with PHA in TLSv1.3. [Joe Orton] * ) mod_proxy_uwsgi: Fix a crash when sending environment variables with no value. PR 64598 [Ruediger Pluem] * ) mod_proxy: Recognize parameters from ProxyPassMatch workers with dollar substitution, such that they apply to the backend connection. Note that connection reuse is disabled by default to avoid compatibility issues. [Takashi Sato, Jan Kaluza, Eric Covener, Yann Ylavic, Jean-Frederic Clere] - modified sources % apache2.keyring - deleted patches - apache2-mod_proxy_uwsgi-fix-crash.patch (upstreamed) - lua54.patch (upstreamed) ==== atftp ==== Version update (0.7.2 -> 0.7.4) - Update to version 0.7.4 * fix compile, missing include * fix compile, add missing defines * link against libpthread for atftp * fixed atftp fails to write to /proc/self/fd/1 * Fix for DoS issue CVE-2020-6097 * remove inline keyword from definitions * remove extern inlines * sys/cdefs usage - Drop fixed atftp-CVE-2020-6097.patch ==== bolt ==== Version update (0.9 -> 0.9.1) - Update to 0.9.1 * Support Ice Lake Thunderbolt 3 i/o subsystem * Don't store domains where uuids change across reboots * Fixes for the journal and the domain's acl-log * Version the store and use that to clean up stale domains once * Host identification for embedded thunderbolt controllers [!233] * Various other small bug fixes and memory leak fixes. ==== boost-base ==== Subpackages: boost-license1_76_0 libboost_date_time1_76_0 libboost_filesystem1_76_0 libboost_iostreams1_76_0 libboost_locale1_76_0 libboost_program_options1_76_0 libboost_thread1_76_0 - Compile boost iostreams with lzma support for reading .xz files ==== boost-extra ==== - Compile boost iostreams with lzma support for reading .xz files ==== chrony ==== Version update (3.5.1 -> 4.1) Subpackages: chrony-pool-openSUSE - Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Update clknetsim to snapshot f89702d. - Refresh chrony.keyring from https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Enable syscallfilter unconditionally [boo#1181826]. - drop buildrequires on NSS. We need gnutls for NTS anyway and we can do all the other required crypto via nettle+gnutls. no need for another crypto library. - Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don?t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don?t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - add BuildRequires for gnutls-devel (which also pulls nettle to enable the new features) - drop patches which are included in the update: chrony-test-update-processing-of-packet-log.patch chrony-test-fix-util-unit-test-for-NTP-era-split.patch - refreshed chrony-config.patch - track series file for easier quilt setup - added option to turn off testsuite with osc build --without=testsuite testsuite still runs by default ==== cppcheck ==== - Add GCC compatibility fixes: * 0001-Fix-gcc11-build-errors.patch * 0002-Another-gcc11-fix-3179.patch ==== cups-filters ==== Version update (1.27.2 -> 1.28.8) - Version upgrade to 1.28.8 * libcupsfilters: Made check whether the driverless PPD to generate should be a fax out PPD more reliable (Issue #343). * foomatic-rip: Options in the 5th command line argument of the CUPS filter command line are separated only by white space and not by comma, also make sure that an option "none" is not considered a custom page size (Issue #348). * implicitclass: Raise timeout for cups-browsed's answer from 20s to 60s (Pull request #346). * libcupsfilters: In the PPD generator really give priority to Apple Raster against PDF (Issue #331). - Version upgrade to 1.28.7 * driverless: Removed the support quality check from Pull request #235 as it takes significant time for each printer being listed, making cups-driverd (`lpinfo -m`) timing out when there are many printers (OpenPrinting CUPS issue #65). * libcupsfilters: In the PPD generator give priority to Apple Raster against PDF (Issue #331). * libcupsfilters: Added NULL check when removing ".Borderless" suffixes from page size names (Issue #314, Pull request #328). * libcupsfilters: In the cupsRasterParseIPPOptions() map the color spaces the same way as in the PPD generator (Issue #326, Pull request #327). * libcupsfilters: Fixed addition of grayscale mode in generated PPD files, to avoid duplicate entries (OpenPrinting CUPS issue #59). - Version upgrade to 1.28.6 * libcupsfilters: In generated PPDs add a grayscale mode if there are only color printing modes (from OpenPrinting CUPS). * libcupsfilters: In generated PPDs add an "OutputBin" option also if it has only one choice (OpenPrinting CUPS pull request #18). * libcupsfilters: Generated PPDs could have an "Unknown" default InputSlot (OpenPrinting CUPS issue #44). * cups-browsed: Removed unneeded IPP attribute additions preventing the created local queues from preserving a location or description the user assigns to them (Issue #323). * cups-browsed: Removed all calls of the resolve_uri() function of libcupsfilters, as these are not actually needed and in case the supplied DNS-SD-based URI is not resolvable, the function gets stuck for ~5 seconds. * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #322). * cups-browsed: Silenced compiler warning. * foomatic-rip: Fix infinite loop and input from file on raw printing (Pull request #318). * foomatic-rip: Remove temporary file created during pdf-to-ps conversion (Pull request #313). - Version upgrade to 1.28.5 * cups-browsed: UUID from IPP response was used after its pointer was freed by ippDelete() (Pull request #311). - Version upgrade to 1.28.4 * driverless: Avoid duplicate PPD list entries from the same device via UUID * driverless: Reduce ippfind calls by "driverless" and "driverless-fax"called by CUPS. Let "driverless list" list both print and fax PPDs and "driverless-fax list" do nothing. * driverless: Avoid duplicate listings in printer discovery, by "driverless-fax" not listing any URI as "driverless" lists them all already. * driverless: Vastly improve performance by doing only one ippfind call instead of two (IPP, IPPS) as ippfind accepts more than one reg type on the command line. * Sample PPDs: Corrected manufacturer name in Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd. - Version upgrade to 1.28.3 * libcupsfilters, cups-browsed: Fixed inconsistency between resolvers for DNS-SD-based URIs, resolve_uri() and ippfind_based_uri_converter(). Now both return a freeable string. * libcupsfilters: Fix uninitialized buffer and parsing ippfind output in ippfind_based_uri_converter() function (Issue #308, Pull request #309). - Version upgrade to 1.28.2 * driverless: Free allocated memory, use MAX_OUTPUT_LEN (Pull request #304). * driverless: Make the two ippfind tasks(for IPP and IPPS) run in parallel (Pull request #302, #305, #306). * braille: Support new liblouis tables not containing a display name (Pull request #303) * Build system: Let ./configure not error out when there is more than one DejaVuSans.ttf test font candidate (Issue #300). * cups-browsed: Crash when a remote printer set as default gets removed, due to missing variable in printf() call (Issue #299). * libcupsfilters: Removed all signal handling and global variables from get_printer_attributes() and ippfind_based_uri_converter(). This is overkill for these quick operations and causes problems when shutting down cups-browsed (Issue #298). - Version upgrade to 1.28.1 * COPYING: Fixed several typos * libcupsfilters: Fixed typo in log message of get_printer_attributes functions. * cups-browsed: Fixed typos in configuration file and man page * libcupsfilters: Let the PPD generator not suffix page size names with ".Borderless" if all page sizes would get this suffix, for example for printers which generally print borderless. * libcupsfilters: Added "faxPrefix" option for generated IPP Fax Out PPDs, so that this option also appears in print dialogs. * driverless: List addresses for local services correctly when using "--std-ipp-uris" (with "localhost" hostname). * driverless: Make calls of the ippfind utility somewhat faster, setting the timeout of ippfind to automatic. * libcupsfilters: Resolve DNS-SD-based URIs for local services correctly (using hostname "localhost"). * libcupsfilters: In get_printer_attributes() functions do not try to convert URIs which are not DNS-SD-based (Issue #294). * libcupsfilters: In get_printer_attributes() functions also support URIs with "dnssd://..." scheme. * libcupsfilters: Moved signal handling back into main function of the get_printer_attributes() variants, it got moved out accidentally. * driverless: For generating a PPD, independent whether via "driverless URI" or "driverless cat URI", always allow CUPS driver URIs (prefixed with "driverless: " or "driverless-fax:") and pure IPP URIs. * driverless: Accept clean IPP URIs also for 'driverless cat ...' (Issue #295, Pull request #296). * driverless-fax: Do not use fixed path for call of driverless itself (Pull request #293). - Version upgrade to 1.28.0 * driverless, driverless-fax, libcupsfilters: Added IPP Fax Out support. Now printer setup tools list an additional fax "driver". A fax queue is created by selecting this driver. Jobs have to be sent with "-o phone=12345" to supply the destination phone number (Pull request #280). * libfontembed: Silenced warning with gcc 10.x (Pull request #287). * cups-browsed: Added ./configure options --enable-saving-created-queues and --with-remote-cups-local-queue-naming (Pull request: #253, #285). * cups-browsed: Fixed several memory leaks, mainly from the code to merge printer IPP attributes for clusters (Pull request #281, #283). * driverless: Added "--std-ipp-uris" command line option to show listed URIs in standard hostname-based form (not the CUPS DNS-SD-service-name-based form. Only for manual call of the utility, for debugging purposes (Pull request #277). * libfontembed: Removed assert() calls which cause crashes when unsupported emoji fonts are installed (Issue #254, Pull request #276). * driverless: Added support for IPPS (use "ipps://..." URIs if possible, Issue #251, Pull request #270, #273). * gstoraster, gstopdf: When converting PostScript to PDF use the "pdfwrite" output device with "-dPDFSETTINGS=/default" instead of with "-dPDFSETTINGS=/printer". This reproduces bitmaps in the PostScript file with their original image quality (Issue #272). * cups-browsed: Limit log file size and add backup file for previous log entries. Introduced the configuration option DebugLogFileSize in cups-browsed.conf to set the actual limit in kilobytes or 0 to get the old behavior of an unlimited size for the log file (Issue #260, Pull request #267). * gstoraster, gstopdf: Do not apply margins when output format is PDF, as then we convert an incoming PostScript file to PDF (pre-pdftopdf) and do not prepare the pages for the printer (post-pdftopdf, Issue #250). * cups-browsed: Do not write any log messages directly to stderr, there were some concerning timeouts on queue creation (Issue #260). * Build system: Fix cross-compilation without DejaVu test font in configure.ac (Issue #262, Pull request #263). * libcupsfilters: Respect the fact that PPD keywords are case-sensitive when adding "*cupsManualCopies: True" in PPD file (Issue #242). * libcupsfilters: Older versions of libcups (< 2.3.1) had the enum name for fold-accordion finishings mistyped. Added a workaround. * cups-browsed: Remove left-over local queues from the previous session more quickly when CUPS legacy browsing is turned on. * cups-browsed: Left-over local queues from the previous session for which the corresponding remote printer did not appear again did not get removed as they were considered externally overwritten. * gstoraster, gstopdf: Add option "-dDoNumCopies" to Ghostscript command line if we are outputting PDF (called via gstopdf wrapper) and the number of copies supplied to CUPS is 1 (4th command line argument). In this case we convert incoming PostScript to PDF and need to respect embedded PostScript commands to implement the number of copies (Issue #255, CUPS Issue #5796, OpenSUSE bug #1173345). * imagetoraster: Potential null dereference fix (when no valid PPD is supplied, Pull request #256). * cups-browsed: Call cupsGetNamedDest() only if "OnlyUnsupportedByCUPS No" * Sample PPDs: Corrected ColorModel default for Generic PWG Raster PPD to Color (Pull request #247). * cups-browsed: Mark the temp queue as cups-browsed-generated during setting printer-is-shared (Pull request #246). * cups-browsed: Remove mentions of README and AUTHORS files in the man page (Pull request #244). * pclmtoraster: Added new filter to extract Raster data from raster-only PDF files, here for the special case of PCLm files (Pull request #243, #257). * Sample PPDs: In Generic-PDF_Printer-PDF.ppd add option to switch between color and grayscale printing (Pull request #237). - Version upgrade to 1.27.5 * cups-browsed: Do not remove the created local queues on shutdown, to avoid their re-creation on restart, so that desktops get no cluttered with notifications of new queues being created. One can return to the old behavior via "KeepGeneratedQueuesOnShutdown No" in cups-browsed.conf (Ubuntu bug #1869981, #1878241). * cups-browsed: Do not accept DNS-SD broadcasts of IPPS type of "remote" CUPS queues of another CUPS instance on the local machine. This way we get a local queue pointing to such a printer only in unencrypted version (IPP). For some reason printing from one CUPS server to another on the same machine works only unencrypted. * foomatic-rip: Map two-sided-short-edge to DuplexTumble (Pull request #236) * Build system: In configure.ac use AS_IF instead of AC_CHECK_FILE for font check (Issue #239, Pull request #240) * cups-browsed: Cleaned up code for determining to which CUPS server (host/port/domain socket) to connect, so that connection via DomainSocket cups-browsed.conf directive, CUPS_SERVER and IPP_PORT environment variables and all defaults and methods of libcups, including CUPS' client.conf work. * gstoraster, rastertopdf: Do not pass NULL to fprintf() (Pull request #230). * libcupsfilters: Silence compiler warning (Pull request #229). - Version upgrade to 1.27.4 * libcupsfilters, cups-browsed: Fix memory issues in ppdgenerator and cups-browsed (Pull request #226). * pdftops: Mention cups-filters README, CUPS README in debug log (Pull request #225). * pdftopdf, gstoraster, foomatic-rip: Use "-dSAFER" Ghostscript option, instead of the deprecated "-dPARANOIDSAFER" (Pull request #224). * Build System: Replace '==' in configure.ac test with '=', as the former is a bashism (Pull request #222). - Version upgrade to 1.27.3 * cups-browsed: Allow sharing local queues pointing to remote CUPS queues and re-sharing printers discovered via BrowsePoll by default, using AllowResharingRemoteCUPSPrinters and NewBrowsePollQueuesShared directives in cups-browsed.conf (Issue #101, Pull request #218). * driverless: Correctly unlink temporary file when generating PPD file (Pull request #220). * cups-browsed: Fixed memory leaks (Pull request #219). * foomatic-rip: PDF page count side-loads the PDF file to count the pages in, so it cannot be run in -dSAFER mode. Run even in -dNOSAFER mode to override the -dSAFER default of newer Ghostscript versions. This should not cause a security problem as we do not take an input file which could do arbitrary side-loads but we run hard-coded PostScript commands instead (Issue #216). * libfontembed: Add checks to the test programs to not segfault if the test font file is not found (Pull request #214). * Build System: Let ./configure fail if the supplied test font file path (or the default) does not exist (Pull request #214), also use the "find" command to find the test font file DejaVuSans.ttf under /usr/share/fonts, as every distribution has it somewhere else. - fix_upstream_issue348.patch is no longer needed because it is now fixed in the upstream sources, see the above entry about "Issue #348". Entries like "Issue #NNN" or "Pull request #NNN" mean cups-filters upstream issues or cups-filters upstream GitHub pull requests at https://github.com/OpenPrinting/cups-filters ==== curl ==== Version update (7.76.1 -> 7.77.0) Subpackages: libcurl4 - Update to 7.77.0: [bsc#1186114, CVE-2021-22898] [bsc#1186115, bsc#1185579, CVE-2021-22901] * Security fixes: - CVE-2021-22297: schannel cipher selection surprise - CVE-2021-22298: TELNET stack contents disclosure - CVE-2021-22901: TLS session caching disaster * Changes: - configure: make the TLS library choice(s) explicit - curl: ignore options asking for SSLv2 or SSLv3 - hsts: enable by default - SSL: support in-memory CA certs for some backends - vtls: refuse setting any SSL version * Bugfixes: - configure: provide --with-openssl, deprecate --with-ssl - cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies - curl: include libmetalink version in --version output - data_pending: check only SECONDARY socket for FTP(S) transfers - gnutls: don't allow TLS 1.3 for versions that don't support it - gnutls: make setting only the MAX TLS allowed version work - http2: fix resource leaks in set_transfer_url() and push_promise() - http: limit the initial send amount to used upload buffer size - rustls: only return CURLE_AGAIN when TLS session is fully drained - rustls: use ALPN - schannel: Disable auto credentials; add an option to enable it - schannel: Support strong crypto option - sectransp: allow cipher name to be specified - sockfilt: avoid getting stuck waiting for writable socket ==== elfutils ==== Version update (0.184 -> 0.185) Subpackages: libasm1 libdw1 libelf1 - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ==== elfutils-debuginfod ==== Version update (0.184 -> 0.185) - Update to version 0.185: debuginfod-client: Simplify curl handle reuse so downloads which return an error are retried. elfcompress: Always exit with code 0 when the operation succeeds (even when nothing was done). On error the exit code is now always 1. ==== epiphany ==== Version update (40.1 -> 40.2) Subpackages: gnome-shell-search-provider-epiphany - Update to version 40.2: + Fix some memory leaks. + Fix memory corruption in history dialog. + Fix crash when checking for modified forms. ==== expat ==== Version update (2.3.0 -> 2.4.1) Subpackages: libexpat-devel libexpat1 - Update to 2.4.1: * Bug fixes: - Autotools: Fix installed header expat_config.h for multilib systems; regression introduced in 2.4.0 by pull request #486 * Other changes: - Version info bumped from 9:0:8 to 9:1:8; see https://verbump.de/ for what these numbers do - Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] * Security fixes: - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks (denial-of-service; flavors targeting CPU time or RAM or both, leveraging general entities or parameter entities or both) by tracking and limiting the input amplification factor ( := ( + ) / ). By conservative default, amplification up to a factor of 100.0 is tolerated and rejection only starts after 8 MiB of output bytes (= + ) have been processed. The fix adds the following to the API: - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to signals this specific condition. - Two new API functions .. - XML_SetBillionLaughsAttackProtectionMaximumAmplification and - XML_SetBillionLaughsAttackProtectionActivationThreshold .. to further tighten billion laughs protection parameters when desired. Please see file "doc/reference.html" for details. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. - Two new XML_FEATURE_* constants .. - that can be queried using the XML_GetFeatureList function, and - that are shown in "xmlwf -v" output. - Two new environment variable switches .. - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and - EXPAT_ENTITY_DEBUG=(0|1) .. for runtime debugging of accounting and entity processing. Specific behavior of these values may change in the future. - Two new command line arguments "-a FACTOR" and "-b BYTES" for xmlwf to further tighten billion laughs protection parameters when desired. If you ever need to increase the defaults for non-attack XML payload, please file a bug report with libexpat. * Bug fixes: - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault for UTF-16 payloads containing CDATA sections. - Autotools: Fix generated CMake files for non-64bit and non-Linux platforms (e.g. macOS and MinGW in particular) that were introduced with release 2.3.0 * Other changes: - xmlwf: Improve help output and the xmlwf man page - xmlwf: Improve maintainability through some refactoring - xmlwf: Fix man page DocBook validity - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR and CMAKE_INSTALL_INCLUDEDIR - CMake: Add support for standard variable BUILD_SHARED_LIBS - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters - Resolve macro HAVE_EXPAT_CONFIG_H - Delete unused legacy helper file "conftools/PrintPath" - doc/reference.html: Fix XHTML validity - doc/reference.html: Replace the 90s look by OK.css - Version info bumped from 8:0:7 to 9:0:8 due to addition of new symbols and error codes; see https://verbump.de/ for what these numbers do ==== fetchmail ==== Subpackages: fetchmailconf - Backported support for OAUTH2 authentication from Fetchmail 7.0. - add imap oauthbearer support - support oauthbearer/xoauth2 with pop3 - add passwordfile and passwordfd options - add contrib/fetchnmail-oauth2.py token acquisition utility - FAQ: list gmail options including oauthbearer and app password - give each ctl it's own copy of password - re-read passwordfile on every poll - add query_to64_outsize() utility function - Chase and integrate interface change. - oauth2.c: calculate and pass in correct buffer size to to64frombits() - Increase max password length to handle oauth tokens - Bump max. passwordlen to 10000 bytes. - Add README.OAUTH2 - Added patches: * fetchmail-add-imap-oauthbearer-support.patch * fetchmail-support-oauthbearer-xoauth2-with-pop3.patch * fetchmail-add-passwordfile-and-passwordfd-options.patch * fetchmail-add-contrib-fetchnmail-oauth2.py-token-acquisition-u.patch * fetchmail-FAQ-list-gmail-options-including-oauthbearer-and-app.patch * fetchmail-give-each-ctl-it-s-own-copy-of-password.patch * fetchmail-re-read-passwordfile-on-every-poll.patch * fetchmail-add-query_to64_outsize-utility-function.patch * fetchmail-chase-and-integrate-interface-change.patch * fetchmail-oauth2-c-calculate-and-pass-in-correct-buffer-size-to-to64frombits.patch * fetchmail-increase-max-password-length-to-handle-oauth-tokens.patch * fetchmail-bump-max-passwordlen-to-1bytes.patch * fetchmail-add-readme-oauth2-issue-27.patch ==== gcc10 ==== - Force using llvm11 for amdgcn offloading since llvm12 doesn't yet work. - Fix value of %slibdir64 for usrmerge ==== gcc11 ==== Subpackages: cpp11 gcc11-info libasan6 libatomic1 libgcc_s1 libgfortran5 libgomp1 libhwasan0 libitm1 liblsan0 libobjc4 libstdc++6 libstdc++6-devel-gcc11 libstdc++6-locale libstdc++6-pp-gcc11 libtsan0 libubsan1 - Fix value of %slibdir64 for usrmerge ==== gdb ==== - Backport fix for assert [bsc#1186040, swo#27889]: * gdb-breakpoint-fix-assert-in-jit_event_handler.patch ==== glibc ==== Subpackages: glibc-devel glibc-extra glibc-locale glibc-locale-base nscd - tst-cpu-features-amx.patch: x86: tst-cpu-features-supports.c: Update AMX check - rawmemchr-warning.patch: string: Work around GCC PR 98512 in rawmemchr ==== gnutls ==== Version update (3.7.1 -> 3.7.2) Subpackages: libgnutls-dane0 libgnutls30 libgnutls30-hmac - Update to version 3.7.2 * Added Linux kernel AF_ALG based acceleration * Fixed timing of early data exchange * The priority string option DISABLE_TLS13_COMPAT_MODE was added to disable TLS 1.3 middlebox compatibility mode * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to GNUTLS_NO_IMPLICIT_INIT to reflect the purpose * certtool: * When signing a CSR, CRL distribution point (CDP) is no longer copied from the signing CA by default * When producing certificates and certificate requests, subject DN components that are provided individually will now be ordered by assumed scale - Rework the crypto-policies dependencies in libraries [bsc#1186385] ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin grub2-systemd-sleep-plugin - Fix crash in launching gfxmenu without theme file (bsc#1186481) * grub2-gfxmenu-support-scrolling-menu-entry-s-text.patch ==== gupnp ==== Version update (1.2.4 -> 1.2.6) - Update to version 1.2.6 + Fix CVE-2021-33516 ( boo#1186590 ) + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacs + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Fix introspection annotation for send_action_list + Make ServiceIntrospection usable from gobject-introspection - Fix dependencies - Update to version 1.2.6: + Fix wrong dependency on GSSDP 1.2.4 - Changes from version 1.2.5: + Fix introspection annotation for send_action_list + Fix potential fd leak in linux CM + Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions + Fix leaking the message string if an action is never sent + Fix leaking the ServiceProxyAction if sending fails in call_action + Fix introspection annotation for send_action and call_action_finish to prevent a double-free + Make ServiceIntrospection usable from gobject-introspection + Add Python example + Add C example + Fix JavaScript example + Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point + Fix potential data leak due to being vulnerable to DNS rebind attacks ==== hdjmod ==== Version update (1.28_k5.12.4_2 -> 1.32_k5.12.9_1) - Update to version 1.32 * Adds support for the Hercules Steel controller. - Switch to fork maintained at https://codeberg.org/Marix/hdjmod. * Consolidates fixes made for openSUSE and Ubuntu packages, providing support for newer kernel up to including Linux 5.12 without having to maintain a series of patch files. - Dropped obsolete patches: * hdjmod_fix_buffer_overrun_in_device_name_handling.patch * hdjmod_kernel_2.6.30.patch * hdjmod_kernel_2.6.36.patch.bz2 * hdjmod_kernel_2.6.37.patch * hdjmod_kernel_2.6.39.patch * hdjmod_kernel_3.6.patch * hdjmod_kernel_3.7.patch * hdjmod_kernel_3.16.patch * hdjmod_kernel_4.11.patch * hdjmod_kernel_4.14.patch * hdjmod_kernel_4.15.patch * hdjmod_kernel_5.0.patch * hdjmod_kernel_5.12.patch * hdjmod-kfree.patch ==== hwdata ==== Version update (0.347 -> 0.348) - Update to version 0.348 (bsc#1186749): + Updated pci, usb and vendor ids. ==== kernel-64kb ==== Version update (5.12.4 -> 5.12.9) - Linux 5.12.9 (bsc#1012628). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (bsc#1012628). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (bsc#1012628). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (bsc#1012628). - ALSA: usb-audio: fix control-request direction (bsc#1012628). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (bsc#1012628). - ALSA: usb-audio: scarlett2: Improve driver startup messages (bsc#1012628). - cifs: fix string declarations and assignments in tracepoints (bsc#1012628). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1012628). - mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: txx9ndfmc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: sharpsl: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: tmio: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: fsmc: Fix external use of SW Hamming ECC helper (bsc#1012628). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (bsc#1012628). - scsi: target: core: Avoid smp_processor_id() in preemptible code (bsc#1012628). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1012628). - s390/dasd: add missing discipline function (bsc#1012628). - perf intel-pt: Fix sample instruction bytes (bsc#1012628). - perf intel-pt: Fix transaction abort handling (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix Array TypeError (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix warning display (bsc#1012628). - proc: Check /proc/$pid/attr/ writes against file opener (bsc#1012628). - net: hso: fix control-request directions (bsc#1012628). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (bsc#1012628). - net/sched: fq_pie: fix OOB access in the traffic path (bsc#1012628). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1012628). - dm snapshot: properly fix a crash when an origin has no snapshots (bsc#1012628). - md/raid5: remove an incorrect assert in in_chunk_boundary (bsc#1012628). - drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (bsc#1012628). - drm/amd/pm: correct MGpuFanBoost setting (bsc#1012628). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (bsc#1012628). - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (bsc#1012628). - kgdb: fix gcc-11 warnings harder (bsc#1012628). - Documentation: seccomp: Fix user notification documentation (bsc#1012628). - riscv: stacktrace: fix the riscv stacktrace when CONFIG_FRAME_POINTER enabled (bsc#1012628). - seccomp: Refactor notification handler to prepare for new semantics (bsc#1012628). - debugfs: fix security_locked_down() call for SELinux (bsc#1012628). - serial: core: fix suspicious security_locked_down() call (bsc#1012628). - misc/uss720: fix memory leak in uss720_probe (bsc#1012628). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (bsc#1012628). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (bsc#1012628). - KVM: X86: Fix vCPU preempted state from guest's point of view (bsc#1012628). - KVM: arm64: Move __adjust_pc out of line (bsc#1012628). - KVM: arm64: Fix debug register indexing (bsc#1012628). - KVM: arm64: Prevent mixed-width VM creation (bsc#1012628). - mei: request autosuspend after sending rx flow control (bsc#1012628). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (bsc#1012628). - iio: gyro: fxas21002c: balance runtime power in error path (bsc#1012628). - iio: dac: ad5770r: Put fwnode in error case during ->probe() (bsc#1012628). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (bsc#1012628). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (bsc#1012628). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (bsc#1012628). - iio: adc: ad7923: Fix undersized rx buffer (bsc#1012628). - iio: adc: ad7793: Add missing error code in ad7793_setup() (bsc#1012628). - iio: adc: ad7192: Avoid disabling a clock that was never enabled (bsc#1012628). - iio: adc: ad7192: handle regulator voltage error first (bsc#1012628). - serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART (bsc#1012628). - serial: 8250_dw: Add device HID for new AMD UART controller (bsc#1012628). - serial: 8250_pci: Add support for new HPE serial device (bsc#1012628). - serial: 8250_pci: handle FL_NOIRQ board flag (bsc#1012628). - USB: trancevibrator: fix control-request direction (bsc#1012628). - Revert "irqbypass: do not start cons/prod when failed connect" (bsc#1012628). - USB: usbfs: Don't WARN about excessively large memory allocations (bsc#1012628). - xhci: fix giving back URB with incorrect status regression in 5.12 (bsc#1012628). - xhci: Fix 5.12 regression of missing xHC cache clearing command after a Stall (bsc#1012628). - drivers: base: Fix device link removal (bsc#1012628). - serial: tegra: Fix a mask operation that is always true (bsc#1012628). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (bsc#1012628). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (bsc#1012628). - USB: serial: ti_usb_3410_5052: add startech.com device id (bsc#1012628). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (bsc#1012628). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (bsc#1012628). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (bsc#1012628). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (bsc#1012628). - usb: dwc3: gadget: Properly track pending and queued SG (bsc#1012628). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (bsc#1012628). - usb: typec: mux: Fix matching with typec_altmode_desc (bsc#1012628). - usb: typec: ucsi: Clear pending after acking connector change (bsc#1012628). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (bsc#1012628). - usb: typec: tcpm: Properly interrupt VDM AMS (bsc#1012628). - usb: typec: tcpm: Respond Not_Supported if no snk_vdo (bsc#1012628). - net: usb: fix memory leak in smsc75xx_bind (bsc#1012628). - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (bsc#1012628). - fs/nfs: Use fatal_signal_pending instead of signal_pending (bsc#1012628). - NFS: fix an incorrect limit in filelayout_decode_layout() (bsc#1012628). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (bsc#1012628). - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (bsc#1012628). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (bsc#1012628). - drm/meson: fix shutdown crash when component not probed (bsc#1012628). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (bsc#1012628). - net/mlx5e: Fix multipath lag activation (bsc#1012628). - net/mlx5e: Fix error path of updating netdev queues (bsc#1012628). - {net,vdpa}/mlx5: Configure interface MAC into mpfs L2 table (bsc#1012628). - net/mlx5e: Fix nullptr in mlx5e_tc_add_fdb_flow() (bsc#1012628). - net/mlx5e: Fix nullptr in add_vlan_push_action() (bsc#1012628). - net/mlx5: Set reformat action when needed for termination rules (bsc#1012628). - net/mlx5e: Fix null deref accessing lag dev (bsc#1012628). - net/mlx4: Fix EEPROM dump support (bsc#1012628). - {net, RDMA}/mlx5: Fix override of log_max_qp by other device (bsc#1012628). - net/mlx5: Set term table as an unmanaged flow table (bsc#1012628). - KVM: X86: Fix warning caused by stale emulation context (bsc#1012628). - KVM: X86: Use _BITUL() macro in UAPI headers (bsc#1012628). - KVM: selftests: Fix 32-bit truncation of vm_get_max_gfn() (bsc#1012628). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1012628). - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" (bsc#1012628). - tipc: wait and exit until all work queues are done (bsc#1012628). - tipc: skb_linearize the head skb when reassembling msgs (bsc#1012628). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (bsc#1012628). - sctp: fix the proc_handler for sysctl encap_port (bsc#1012628). - sctp: add the missing setting for asoc encap_port (bsc#1012628). - netfilter: flowtable: Remove redundant hw refresh bit (bsc#1012628). - net: dsa: mt7530: fix VLAN traffic leaks (bsc#1012628). - net: dsa: bcm_sf2: Fix bcm_sf2_reg_rgmii_cntrl() call for non-RGMII port (bsc#1012628). - net: dsa: fix a crash if ->get_sset_count() fails (bsc#1012628). - net: dsa: sja1105: update existing VLANs from the bridge VLAN list (bsc#1012628). - net: dsa: sja1105: use 4095 as the private VLAN for untagged traffic (bsc#1012628). - net: dsa: sja1105: error out on unsupported PHY mode (bsc#1012628). - net: dsa: sja1105: add error handling in sja1105_setup() (bsc#1012628). - net: dsa: sja1105: call dsa_unregister_switch when allocating memory fails (bsc#1012628). - net: dsa: sja1105: fix VL lookup command packing for P/Q/R/S (bsc#1012628). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (bsc#1012628). - i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset (bsc#1012628). - i2c: i801: Don't generate an interrupt on bus reset (bsc#1012628). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (bsc#1012628). - afs: Fix the nlink handling of dir-over-dir rename (bsc#1012628). - perf debug: Move debug initialization earlier (bsc#1012628). - perf jevents: Fix getting maximum number of fds (bsc#1012628). - nvmet-tcp: fix inline data size comparison in nvmet_tcp_queue_response (bsc#1012628). - mptcp: avoid error message on infinite mapping (bsc#1012628). - mptcp: fix data stream corruption (bsc#1012628). - mptcp: drop unconditional pr_warn on bad opt (bsc#1012628). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (bsc#1012628). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - Revert "crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions" (bsc#1012628). - Revert "media: usb: gspca: add a missed check for goto_low_power" (bsc#1012628). - Revert "ALSA: sb: fix a missing check of snd_ctl_add" (bsc#1012628). - Revert "serial: max310x: pass return value of spi_register_driver" (bsc#1012628). - serial: max310x: unregister uart driver in case of failure and abort (bsc#1012628). - Revert "net: fujitsu: fix a potential NULL pointer dereference" (bsc#1012628). - net: fujitsu: fix potential null-ptr-deref (bsc#1012628). - Revert "net/smc: fix a NULL pointer dereference" (bsc#1012628). - net/smc: properly handle workqueue allocation failure (bsc#1012628). - Revert "net: caif: replace BUG_ON with recovery code" (bsc#1012628). - net: caif: remove BUG_ON(dev == NULL) in caif_xmit (bsc#1012628). - Revert "char: hpet: fix a missing check of ioremap" (bsc#1012628). - char: hpet: add checks after calling ioremap (bsc#1012628). - Revert "ALSA: gus: add a check of the status of snd_ctl_add" (bsc#1012628). - Revert "ALSA: usx2y: Fix potential NULL pointer dereference" (bsc#1012628). - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" (bsc#1012628). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (bsc#1012628). - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" (bsc#1012628). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (bsc#1012628). - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" (bsc#1012628). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (bsc#1012628). - Revert "dmaengine: qcom_hidma: Check for driver register failure" (bsc#1012628). - dmaengine: qcom_hidma: comment platform_driver_register call (bsc#1012628). - Revert "libertas: add checks for the return value of sysfs_create_group" (bsc#1012628). - libertas: register sysfs groups properly (bsc#1012628). - Revert "ASoC: cs43130: fix a NULL pointer dereference" (bsc#1012628). - ASoC: cs43130: handle errors in cs43130_probe() properly (bsc#1012628). - Revert "media: dvb: Add check on sp8870_readreg" (bsc#1012628). - media: dvb: Add check on sp8870_readreg return (bsc#1012628). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (bsc#1012628). - media: gspca: mt9m111: Check write_bridge for timeout (bsc#1012628). - Revert "media: gspca: Check the return value of write_bridge for timeout" (bsc#1012628). - media: gspca: properly check for errors in po1030_probe() (bsc#1012628). - Revert "net: liquidio: fix a NULL pointer dereference" (bsc#1012628). - net: liquidio: Add missing null pointer checks (bsc#1012628). - Revert "brcmfmac: add a check for the status of usb_register" (bsc#1012628). - brcmfmac: properly check for bus register errors (bsc#1012628). - btrfs: return whole extents in fiemap (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix power down spec violation (bsc#1012628). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (bsc#1012628). - openrisc: Define memory barrier mb (bsc#1012628). - scsi: pm80xx: Fix drives missing during rmmod/insmod loop (bsc#1012628). - btrfs: release path before starting transaction when cloning inline extent (bsc#1012628). - btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1012628). - ALSA: dice: disable double_pcm_frames mode for M-Audio Profire 610, 2626 and Avid M-Box 3 Pro (bsc#1012628). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (bsc#1012628). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (bsc#1012628). - SMB3: incorrect file id in requests compounded with open (bsc#1012628). - drm/amd/display: Disconnect non-DP with no EDID (bsc#1012628). - drm/amd/amdgpu: fix refcount leak (bsc#1012628). - drm/amdgpu: Fix a use-after-free (bsc#1012628). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (bsc#1012628). - drm/amdgpu: stop touching sched.ready in the backend (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet (bsc#1012628). - block: fix a race between del_gendisk and BLKRRPART (bsc#1012628). - linux/bits.h: fix compilation error with GENMASK (bsc#1012628). - spi: take the SPI IO-mutex in the spi_set_cs_timing method (bsc#1012628). - net: netcp: Fix an error message (bsc#1012628). - net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count (bsc#1012628). - interconnect: qcom: bcm-voter: add a missing of_node_put() (bsc#1012628). - interconnect: qcom: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - usb: cdnsp: Fix lack of removing request from pending list (bsc#1012628). - ASoC: cs42l42: Regmap must use_single_read/write (bsc#1012628). - net: stmmac: Fix MAC WoL not working if PHY does not support WoL (bsc#1012628). - net: ipa: memory region array is variable size (bsc#1012628). - vfio-ccw: Check initialized flag in cp_init() (bsc#1012628). - spi: Assume GPIO CS active high in ACPI case (bsc#1012628). - net: really orphan skbs tied to closing sk (bsc#1012628). - net: packetmmap: fix only tx timestamp on request (bsc#1012628). - net: fec: fix the potential memory leak in fec_enet_init() (bsc#1012628). - octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() (bsc#1012628). - ptp: ocp: Fix a resource leak in an error handling path (bsc#1012628). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (bsc#1012628). - net: mdio: thunder: Fix a double free issue in the .remove function (bsc#1012628). - net: mdio: octeon: Fix some double free issues (bsc#1012628). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (bsc#1012628). - openvswitch: meter: fix race when getting now_ms (bsc#1012628). - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1012628). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1012628). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1012628). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1012628). - net: hso: check for allocation failure in hso_create_bulk_serial_device() (bsc#1012628). - net: bnx2: Fix error return code in bnx2_init_board() (bsc#1012628). - bnxt_en: Include new P5 HV definition in VF check (bsc#1012628). - bnxt_en: Fix context memory setup for 64K page size (bsc#1012628). - mld: fix panic in mld_newpack() (bsc#1012628). - net/smc: remove device from smcd_dev_list after failed device_add() (bsc#1012628). - gve: Check TX QPL was actually assigned (bsc#1012628). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1012628). - gve: Add NULL pointer checks when freeing irqs (bsc#1012628). - gve: Upgrade memory barrier in poll routine (bsc#1012628). - gve: Correct SKB queue index validation (bsc#1012628). - iommu/amd: Clear DMA ops when switching domain (bsc#1012628). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - net: hns3: fix incorrect resp_msg issue (bsc#1012628). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1012628). - net: hns3: fix user's coalesce configuration lost issue (bsc#1012628). - net/mlx5: SF, Fix show state inactive when its inactivated (bsc#1012628). - net/mlx5e: Make sure fib dev exists in fib event (bsc#1012628). - net/mlx5e: Reject mirroring on source port change encap rules (bsc#1012628). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1012628). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1012628). - cxgb4: avoid accessing registers when clearing filters (bsc#1012628). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (bsc#1012628). - ASoC: cs35l33: fix an error code in probe() (bsc#1012628). - bpf, offload: Reorder offload callback 'prepare' in verifier (bsc#1012628). - bpf: Set mac_len in bpf_skb_change_head (bsc#1012628). - ixgbe: fix large MTU request from VF (bsc#1012628). - ASoC: qcom: lpass-cpu: Use optional clk APIs (bsc#1012628). - scsi: libsas: Use _safe() loop in sas_resume_port() (bsc#1012628). - net: lantiq: fix memory corruption in RX ring (bsc#1012628). - ipv6: record frag_max_size in atomic fragments in input path (bsc#1012628). - scsi: aic7xxx: Restore several defines for aic7xxx firmware build (bsc#1012628). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (bsc#1012628). - net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88 (bsc#1012628). - sch_dsmark: fix a NULL deref in qdisc_reset() (bsc#1012628). - net: hsr: fix mac_len checks (bsc#1012628). - MIPS: alchemy: xxs1500: add gpio-au1000.h header file (bsc#1012628). - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (bsc#1012628). - net: zero-initialize tc skb extension on allocation (bsc#1012628). - net: mvpp2: add buffer header handling in RX (bsc#1012628). - SUNRPC: More fixes for backlog congestion (bsc#1012628). - thermal/drivers/qcom: Fix error code in adc_tm5_get_dt_channel_data() (bsc#1012628). - KVM: X86: hyper-v: Task srcu lock when accessing kvm_memslots() (bsc#1012628). - xprtrdma: Revert 586a0787ce35 (bsc#1012628). - samples/bpf: Consider frame size in tx_only of xdpsock sample (bsc#1012628). - net: hns3: check the return of skb_checksum_help() (bsc#1012628). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1012628). - Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference"" (bsc#1012628). - net: hso: bail out on interrupt URB allocation failure (bsc#1012628). - arm64: mm: don't use CON and BLK mapping if KFENCE is enabled (bsc#1012628). - neighbour: Prevent Race condition in neighbour subsytem (bsc#1012628). - usb: core: reduce power-on-good delay time of root hub (bsc#1012628). - commit f17eb01 - Input: elants_i2c - Fix NULL dereference at probing (bsc#1186454). - commit bb5e8ab - Linux 5.12.8 (bsc#1012628). - NFC: nci: fix memory leak in nci_allocate_device (bsc#1012628). - KVM: x86: Defer vtime accounting 'til after IRQ handling (bsc#1012628). - context_tracking: Move guest exit vtime accounting to separate helpers (bsc#1012628). - context_tracking: Move guest exit context tracking to separate helpers (bsc#1012628). - bpf: No need to simulate speculative domain for immediates (bsc#1012628). - bpf: Fix mask direction swap upon off reg sign change (bsc#1012628). - bpf: Wrap aux data inside bpf_sanitize_info container (bsc#1012628). - commit 7a4f594 - Refresh patches.suse/pinctrl-bcm2835-accept-fewer-than-expected-irqs.patch. Update upstream status. - commit fc290e6 - Linux 5.12.7 (bsc#1012628). - firmware: arm_scpi: Prevent the ternary sign expansion bug (bsc#1012628). - openrisc: Fix a memory leak (bsc#1012628). - tee: amdtee: unload TA only when its refcount becomes 0 (bsc#1012628). - habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory (bsc#1012628). - RDMA/siw: Properly check send and receive CQ pointers (bsc#1012628). - RDMA/siw: Release xarray entry (bsc#1012628). - RDMA/core: Prevent divide-by-zero error triggered by the user (bsc#1012628). - platform/x86: ideapad-laptop: fix a NULL pointer dereference (bsc#1012628). - RDMA/rxe: Clear all QP fields if creation failed (bsc#1012628). - scsi: ufs: core: Increase the usable queue depth (bsc#1012628). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (bsc#1012628). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1012628). - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1012628). - RDMA/rxe: Split MEM into MR and MW (bsc#1012628). - RDMA/rxe: Return CQE error if invalid lkey was supplied (bsc#1012628). - RDMA/core: Don't access cm_id after its destruction (bsc#1012628). - nvmet: fix memory leak in nvmet_alloc_ctrl() (bsc#1012628). - nvme-loop: fix memory leak in nvme_loop_create_ctrl() (bsc#1012628). - nvme-tcp: rerun io_work if req_list is not empty (bsc#1012628). - nvme-fc: clear q_live at beginning of association teardown (bsc#1012628). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (bsc#1012628). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (bsc#1012628). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (bsc#1012628). - RDMA/mlx5: Fix query DCT via DEVX (bsc#1012628). - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (bsc#1012628). - tools/testing/selftests/exec: fix link error (bsc#1012628). - drm/ttm: Do not add non-system domain BO into swap list (bsc#1012628). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1012628). - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (bsc#1012628). - nvmet: seset ns->file when open fails (bsc#1012628). - perf/x86: Avoid touching LBR_TOS MSR for Arch LBR (bsc#1012628). - locking/lockdep: Correct calling tracepoints (bsc#1012628). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (bsc#1012628). - powerpc: Fix early setup to make early_ioremap() work (bsc#1012628). - btrfs: avoid RCU stalls while running delayed iputs (bsc#1012628). - btrfs: fix removed dentries still existing after log is synced (bsc#1012628). - cifs: fix memory leak in smb2_copychunk_range (bsc#1012628). - fs/mount_setattr: tighten permission checks (bsc#1012628). - misc: eeprom: at24: check suspend status before disable regulator (bsc#1012628). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (bsc#1012628). - ALSA: intel8x0: Don't update period unless prepared (bsc#1012628). - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (bsc#1012628). - ALSA: line6: Fix racy initialization of LINE6 MIDI (bsc#1012628). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (bsc#1012628). - ALSA: firewire-lib: fix calculation for size of IR context payload (bsc#1012628). - ALSA: usb-audio: Validate MS endpoint descriptors (bsc#1012628). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (bsc#1012628). - ALSA: hda: fixup headset for ASUS GU502 laptop (bsc#1012628). - Revert "ALSA: sb8: add a check for request_region" (bsc#1012628). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (bsc#1012628). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (bsc#1012628). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (bsc#1012628). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (bsc#1012628). - ALSA: hda/realtek: Add fixup for HP OMEN laptop (bsc#1012628). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (bsc#1012628). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (bsc#1012628). - ALSA: usb-audio: DJM-750: ensure format is set (bsc#1012628). - uio/uio_pci_generic: fix return value changed in refactoring (bsc#1012628). - uio_hv_generic: Fix a memory leak in error handling paths (bsc#1012628). - uio_hv_generic: Fix another memory leak in error handling paths (bsc#1012628). - platform/x86: ideapad-laptop: fix method name typo (bsc#1012628). - Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails" (bsc#1012628). - rapidio: handle create_workqueue() failure (bsc#1012628). - Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" (bsc#1012628). - nvme-tcp: fix possible use-after-completion (bsc#1012628). - x86/build: Fix location of '-plugin-opt=' flags (bsc#1012628). - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1012628). - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1012628). - x86/sev-es: Don't return NULL from sev_es_get_ghcb() (bsc#1012628). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1012628). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1012628). - drm/amd/display: Use the correct max downscaling value for DCN3.x family (bsc#1012628). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (bsc#1012628). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (bsc#1012628). - drm/amdgpu: update gc golden setting for Navi12 (bsc#1012628). - drm/amdgpu: update sdma golden setting for Navi12 (bsc#1012628). - dma-buf: fix unintended pin/unpin warnings (bsc#1012628). - powerpc/64s/syscall: Use pt_regs.trap to distinguish syscall ABI difference between sc and scv syscalls (bsc#1012628). - powerpc/64s/syscall: Fix ptrace syscall info with scv syscalls (bsc#1012628). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (bsc#1012628). - mmc: meson-gx: make replace WARN_ONCE with dev_warn_once about scatterlist offset alignment (bsc#1012628). - mmc: meson-gx: also check SD_IO_RW_EXTENDED for scatterlist size alignment (bsc#1012628). - gpio: tegra186: Don't set parent IRQ affinity (bsc#1012628). - xen-pciback: redo VF placement in the virtual topology (bsc#1012628). - xen-pciback: reconfigure also from backend watch handler (bsc#1012628). - userfaultfd: hugetlbfs: fix new flag usage in error path (bsc#1012628). - Revert "mm/gup: check page posion status for coredump." (bsc#1012628). - dm snapshot: fix crash with transient storage and zero chunk size (bsc#1012628). - kcsan: Fix debugfs initcall return type (bsc#1012628). - Revert "video: hgafb: fix potential NULL pointer dereference" (bsc#1012628). - Revert "net: stmicro: fix a missing check of clk_prepare" (bsc#1012628). - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" (bsc#1012628). - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" (bsc#1012628). - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1012628). - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1012628). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (bsc#1012628). - Revert "gdrom: fix a memory leak bug" (bsc#1012628). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (bsc#1012628). - cdrom: gdrom: initialize global variable at init time (bsc#1012628). - Revert "media: rcar_drif: fix a memory disclosure" (bsc#1012628). - Revert "rtlwifi: fix a potential NULL pointer dereference" (bsc#1012628). - Revert "qlcnic: Avoid potential NULL pointer dereference" (bsc#1012628). - Revert "niu: fix missing checks of niu_pci_eeprom_read" (bsc#1012628). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (bsc#1012628). - net: stmicro: handle clk_prepare() failure during init (bsc#1012628). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (bsc#1012628). - net: rtlwifi: properly check for alloc_workqueue() failure (bsc#1012628). - ics932s401: fix broken handling of errors when word reading fails (bsc#1012628). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (bsc#1012628). - qlcnic: Add null check after calling netdev_alloc_skb (bsc#1012628). - video: hgafb: fix potential NULL pointer dereference (bsc#1012628). - vgacon: Record video mode changes with VT_RESIZEX (bsc#1012628). - vt_ioctl: Revert VT_RESIZEX parameter handling removal (bsc#1012628). - vt: Fix character height handling with VT_RESIZEX (bsc#1012628). - tty: vt: always invoke vc->vc_sw->con_resize callback (bsc#1012628). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (bsc#1012628). - openrisc: mm/init.c: remove unused memblock_region variable in map_ram() (bsc#1012628). - x86/Xen: swap NX determination and GDT setup on BSP (bsc#1012628). - nvme-multipath: fix double initialization of ANA state (bsc#1012628). - rtc: pcf85063: fallback to parent of_node (bsc#1012628). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (bsc#1012628). - nvmet: use new ana_log_size instead the old one (bsc#1012628). - video: hgafb: correctly handle card detect failure during probe (bsc#1012628). - Bluetooth: SMP: Fail if remote and local public keys are identical (bsc#1012628). - commit 06f922b - Refresh patches.suse/ACPI-PM-s2idle-Add-missing-LPS0-functions-for-AMD.patch. - Refresh patches.suse/ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch. - Refresh patches.suse/ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch. - Refresh patches.suse/ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch. - Refresh patches.suse/ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch. - Refresh patches.suse/ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch. - Refresh patches.suse/ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch. - Refresh patches.suse/ath11k-Clear-the-fragment-cache-during-key-install.patch. - Refresh patches.suse/can-isotp-prevent-race-between-isotp_bind-and-isotp_.patch. - Refresh patches.suse/cfg80211-mitigate-A-MSDU-aggregation-attacks.patch. - Refresh patches.suse/clk-bcm-rpi-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/drm-i915-gem-Pin-the-L-shape-quirked-object-as-unshrinkable.patch. - Refresh patches.suse/drm-radeon-use-the-dummy-page-for-GART-if-needed.patch. - Refresh patches.suse/dt-bindings-pwm-add-binding-for-rpi-firmware-pwm-bus.patch. - Refresh patches.suse/firmware-raspberrypi-introduce-devm_rpi_firmware_get.patch. - Refresh patches.suse/firmware-raspberrypi-keep-count-of-all-consumers.patch. - Refresh patches.suse/gpio-raspberrypi-exp-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/mac80211-add-fragment-cache-to-sta_info.patch. - Refresh patches.suse/mac80211-assure-all-fragments-are-encrypted.patch. - Refresh patches.suse/mac80211-check-defrag-PN-against-current-frame.patch. - Refresh patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch. - Refresh patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch. - Refresh patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch. - Refresh patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch. - Refresh patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch. - Refresh patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch. - Refresh patches.suse/pwm-add-raspberry-pi-firmware-based-pwm-bus.patch. - Refresh patches.suse/reset-raspberrypi-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/soc-bcm-raspberrypi-power-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/vchiq-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch. Update upstream status. - commit 9d851b0 - Linux 5.12.6 (bsc#1012628). - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (bsc#1012628). - drm/i915/display: fix compiler warning about array overrun (bsc#1012628). - airo: work around stack usage warning (bsc#1012628). - kgdb: fix gcc-11 warning on indentation (bsc#1012628). - usb: sl811-hcd: improve misleading indentation (bsc#1012628). - PCI: thunder: Fix compile testing (bsc#1012628). - dmaengine: dw-edma: Fix crash on loading/unloading driver (bsc#1012628). - ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() (bsc#1012628). - NFS: Fix fscache invalidation in nfs_set_cache_invalid() (bsc#1012628). - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (bsc#1012628). - PCI: tegra: Fix runtime PM imbalance in pex_ep_event_pex_rst_deassert() (bsc#1012628). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (bsc#1012628). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (bsc#1012628). - NFS: NFS_INO_REVAL_PAGECACHE should mark the change attribute invalid (bsc#1012628). - f2fs: fix to avoid NULL pointer dereference (bsc#1012628). - svcrdma: Don't leak send_ctxt on Send errors (bsc#1012628). - um: Mark all kernel symbols as local (bsc#1012628). - um: Disable CONFIG_GCOV with MODULES (bsc#1012628). - ARM: 9075/1: kernel: Fix interrupted SMC calls (bsc#1012628). - platform/chrome: cros_ec_typec: Add DP mode check (bsc#1012628). - riscv: Use $(LD) instead of $(CC) to link vDSO (bsc#1012628). - scripts/recordmcount.pl: Fix RISC-V regex for clang (bsc#1012628). - riscv: Workaround mcount name prior to clang-13 (bsc#1012628). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1012628). - ceph: fix fscache invalidation (bsc#1012628). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1012628). - ceph: don't allow access to MDS-private inodes (bsc#1012628). - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found (bsc#1012628). - amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (bsc#1012628). - bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit (bsc#1012628). - net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info (bsc#1012628). - nvmet: remove unsupported command noise (bsc#1012628). - drm/amd/display: Fix two cursor duplication when using overlay (bsc#1012628). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (bsc#1012628). - net:CXGB4: fix leak if sk_buff is not used (bsc#1012628). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (bsc#1012628). - block: reexpand iov_iter after read/write (bsc#1012628). - lib: stackdepot: turn depot_lock spinlock to raw_spinlock (bsc#1012628). - net: stmmac: Do not enable RX FIFO overflow interrupts (bsc#1012628). - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - sit: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - bus: mhi: core: Download AMSS image from appropriate function (bsc#1012628). - commit fe25271 - Refresh patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch. Update upstream status. - commit 37a9337 - ipv6: remove extra dev_hold() for fallback tunnels (git-fixes). - x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating (git-fixes). - commit 5eb2110 - Linux 5.12.5 (bsc#1012628). - KEYS: trusted: Fix memory leak on object td (bsc#1012628). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (bsc#1012628). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1012628). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1012628). - btrfs: fix unmountable seed device after fstrim (bsc#1012628). - KVM: SVM: Make sure GHCB is mapped before updating (bsc#1012628). - KVM/VMX: Invoke NMI non-IST entry instead of IST entry (bsc#1012628). - ACPI: PM: Add ACPI ID of Alder Lake Fan (bsc#1012628). - PM: runtime: Fix unpaired parent child_count for force_resume (bsc#1012628). - cpufreq: intel_pstate: Use HWP if enabled by platform firmware (bsc#1012628). - kvm: Cap halt polling at kvm->max_halt_poll_ns (bsc#1012628). - ath11k: fix thermal temperature read (bsc#1012628). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (bsc#1012628). - fs: dlm: fix debugfs dump (bsc#1012628). - fs: dlm: fix mark setting deadlock (bsc#1012628). - fs: dlm: add errno handling to check callback (bsc#1012628). - fs: dlm: add check if dlm is currently running (bsc#1012628). - fs: dlm: change allocation limits (bsc#1012628). - fs: dlm: check on minimum msglen size (bsc#1012628). - fs: dlm: flush swork on shutdown (bsc#1012628). - fs: dlm: add shutdown hook (bsc#1012628). - tipc: convert dest node's address to network order (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (bsc#1012628). - net/mlx5e: Use net_prefetchw instead of prefetchw in MPWQE TX datapath (bsc#1012628). - net: stmmac: Set FIFO sizes for ipq806x (bsc#1012628). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (bsc#1012628). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (bsc#1012628). - i2c: bail out early when RDWR parameters are wrong (bsc#1012628). - ALSA: hdsp: don't disable if not enabled (bsc#1012628). - ALSA: hdspm: don't disable if not enabled (bsc#1012628). - ALSA: rme9652: don't disable if not enabled (bsc#1012628). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (bsc#1012628). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (bsc#1012628). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (bsc#1012628). - net/sched: cls_flower: use ntohs for struct flow_dissector_key_ports (bsc#1012628). - net: bridge: when suppression is enabled exclude RARP packets (bsc#1012628). - Bluetooth: check for zapped sk before connecting (bsc#1012628). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1012628). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (bsc#1012628). - powerpc/32: Statically initialise first emergency context (bsc#1012628). - net: hns3: remediate a potential overflow risk of bd_num_list (bsc#1012628). - net: hns3: add handling for xmit skb with recursive fraglist (bsc#1012628). - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - can: dev: can_free_echo_skb(): don't crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1012628). - iommu/arm-smmu-v3: Add a check to avoid invalid iotlb sync (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (bsc#1012628). - ice: handle increasing Tx or Rx ring sizes (bsc#1012628). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (bsc#1012628). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (bsc#1012628). - selftests: mptcp: launch mptcp_connect with timeout (bsc#1012628). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (bsc#1012628). - Bluetooth: Do not set cur_adv_instance in adv param MGMT request (bsc#1012628). - MIPS: Loongson64: Use _CACHE_UNCACHED instead of _CACHE_UNCACHED_ACCELERATED (bsc#1012628). - coresight: Do not scan for graph if none is present (bsc#1012628). - IB/hfi1: Correct oversized ring allocation (bsc#1012628). - mac80211: Set priority and queue mapping for injected frames (bsc#1012628). - mac80211: clear the beacon's CRC after channel switch (bsc#1012628). - ASoC: soc-compress: lock pcm_mutex to resolve lockdep error (bsc#1012628). - net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM (bsc#1012628). - net: fec: use mac-managed PHY PM (bsc#1012628). - pinctrl: samsung: use 'int' for register masks in Exynos (bsc#1012628). - rtw88: 8822c: add LC calibration for RTL8822C (bsc#1012628). - mt76: mt7615: fix key set/delete issues (bsc#1012628). - mt76: mt7615: support loading EEPROM for MT7613BE (bsc#1012628). - mt76: mt76x0: disable GTK offloading (bsc#1012628). - mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req (bsc#1012628). - mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req (bsc#1012628). - mt76: mt7915: fix key set/delete issue (bsc#1012628). - mt76: mt7915: fix txpower init for TSSI off chips (bsc#1012628). - mt76: mt7921: fix key set/delete issue (bsc#1012628). - mt76: mt7915: add wifi subsystem reset (bsc#1012628). - i2c: imx: Fix PM reference leak in i2c_imx_reg_slave() (bsc#1012628). - fuse: invalidate attrs when page writeback completes (bsc#1012628). - virtiofs: fix userns (bsc#1012628). - cuse: prevent clone (bsc#1012628). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (bsc#1012628). - iwlwifi: queue: avoid memory leak in reset flow (bsc#1012628). - iwlwifi: trans/pcie: defer transport initialisation (bsc#1012628). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1012628). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (bsc#1012628). - net: bridge: propagate error code and extack from br_mc_disabled_update (bsc#1012628). - Revert "iommu/amd: Fix performance counter initialization" (bsc#1012628). - iommu/amd: Remove performance counter pre-initialization test (bsc#1012628). - drm/amd/display: Force vsync flip when reconfiguring MPCC (bsc#1012628). - selftests: Set CC to clang in lib.mk if LLVM is set (bsc#1012628). - kconfig: nconf: stop endless search loops (bsc#1012628). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (bsc#1012628). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (bsc#1012628). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (bsc#1012628). - i2c: i801: Add support for Intel Alder Lake PCH-M (bsc#1012628). - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() (bsc#1012628). - flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target() (bsc#1012628). - powerpc/xive: Use the "ibm, chip-id" property only under PowerNV (bsc#1012628). - powerpc/smp: Set numa node before updating mask (bsc#1012628). - wilc1000: Bring MAC address setting in line with typical Linux behavior (bsc#1012628). - mac80211: properly drop the connection in case of invalid CSA IE (bsc#1012628). - ASoC: rt286: Generalize support for ALC3263 codec (bsc#1012628). - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() (bsc#1012628). - net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule (bsc#1012628). - samples/bpf: Fix broken tracex1 due to kprobe argument change (bsc#1012628). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1012628). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (bsc#1012628). - drm/amd/display: add handling for hdcp2 rx id list validation (bsc#1012628). - drm/amdgpu: Add mem sync flag for IB allocated by SA (bsc#1012628). - mt76: mt7615: fix entering driver-own state on mt7663 (bsc#1012628). - crypto: ccp: Free SEV device if SEV init fails (bsc#1012628). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (bsc#1012628). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (bsc#1012628). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (bsc#1012628). - powerpc/iommu: Annotate nested lock for lockdep (bsc#1012628). - iavf: remove duplicate free resources calls (bsc#1012628). - net: ethernet: mtk_eth_soc: fix RX VLAN offload (bsc#1012628). - selftests: mlxsw: Increase the tolerance of backlog buildup (bsc#1012628). - selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test (bsc#1012628). - kbuild: generate Module.symvers only when vmlinux exists (bsc#1012628). - bnxt_en: Add PCI IDs for Hyper-V VF devices (bsc#1012628). - ia64: module: fix symbolizer crash on fdescr (bsc#1012628). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1012628). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1012628). - watchdog/softlockup: report the overall time of softlockups (bsc#1012628). - watchdog/softlockup: remove logic that tried to prevent repeated reports (bsc#1012628). - watchdog: fix barriers when printing backtraces from all CPUs (bsc#1012628). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (bsc#1012628). - leds: lgm: fix gpiolib dependency (bsc#1012628). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (bsc#1012628). - PCI/RCEC: Fix RCiEP device to RCEC association (bsc#1012628). - f2fs: fix to allow migrating fully valid segment (bsc#1012628). - f2fs: fix panic during f2fs_resize_fs() (bsc#1012628). - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs (bsc#1012628). - rtc: tps65910: include linux/property.h (bsc#1012628). - remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader (bsc#1012628). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (bsc#1012628). - PCI: brcmstb: Fix error return code in brcm_pcie_probe() (bsc#1012628). - PCI: Release OF node in pci_scan_device()'s error path (bsc#1012628). - ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook (bsc#1012628). - f2fs: fix to align to section for fallocate() on pinned file (bsc#1012628). - f2fs: fix to update last i_size if fallocate partially succeeds (bsc#1012628). - PCI: endpoint: Fix NULL pointer dereference for ->get_features() (bsc#1012628). - f2fs: fix to avoid touching checkpointed data in get_victim() (bsc#1012628). - f2fs: fix to cover __allocate_new_section() with curseg_lock (bsc#1012628). - fs: 9p: fix v9fs_file_open writeback fid error check (bsc#1012628). - f2fs: fix to restrict mount condition on readonly block device (bsc#1012628). - f2fs: Fix a hungtask problem in atomic write (bsc#1012628). - nfs: Subsequent READDIR calls should carry non-zero cookieverifier (bsc#1012628). - NFS: Fix handling of cookie verifier in uncached_readdir() (bsc#1012628). - NFS: Only change the cookie verifier if the directory page cache is empty (bsc#1012628). - f2fs: fix to avoid accessing invalid fio in f2fs_allocate_data_block() (bsc#1012628). - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() (bsc#1012628). - NFS: nfs4_bitmask_adjust() must not change the server global bitmasks (bsc#1012628). - NFS: Fix attribute bitmask in _nfs42_proc_fallocate() (bsc#1012628). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (bsc#1012628). - NFS: Deal correctly with attribute generation counter overflow (bsc#1012628). - PCI: endpoint: Fix missing destroy_workqueue() (bsc#1012628). - remoteproc: pru: Fixup interrupt-parent logic for fw events (bsc#1012628). - remoteproc: pru: Fix wrong success return value for fw events (bsc#1012628). - remoteproc: pru: Fix and cleanup firmware interrupt mapping logic (bsc#1012628). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (bsc#1012628). - NFSv4.2 fix handling of sr_eof in SEEK's reply (bsc#1012628). - SUNRPC: Move fault injection call sites (bsc#1012628). - SUNRPC: Remove trace_xprt_transmit_queued (bsc#1012628). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (bsc#1012628). - NFSv42: Copy offload should update the file size when appropriate (bsc#1012628). - thermal/drivers/tsens: Fix missing put_device error (bsc#1012628). - NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're unmounting (bsc#1012628). - nfsd: ensure new clients break delegations (bsc#1012628). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1012628). - dmaengine: idxd: Fix potential null dereference on pointer status (bsc#1012628). - dmaengine: idxd: fix dma device lifetime (bsc#1012628). - dmaengine: idxd: cleanup pci interrupt vector allocation management (bsc#1012628). - dmaengine: idxd: removal of pcim managed mmio mapping (bsc#1012628). - dmaengine: idxd: use ida for device instance enumeration (bsc#1012628). - dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime (bsc#1012628). - dmaengine: idxd: fix wq conf_dev 'struct device' lifetime (bsc#1012628). - dmaengine: idxd: fix engine conf_dev lifetime (bsc#1012628). - dmaengine: idxd: fix group conf_dev lifetime (bsc#1012628). - dmaengine: idxd: fix cdev setup and free device lifetime issues (bsc#1012628). - SUNRPC: fix ternary sign expansion bug in tracing (bsc#1012628). - SUNRPC: Fix null pointer dereference in svc_rqst_free() (bsc#1012628). - pwm: atmel: Fix duty cycle calculation in .get_state() (bsc#1012628). - xprtrdma: Avoid Receive Queue wrapping (bsc#1012628). - xprtrdma: Fix cwnd update ordering (bsc#1012628). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (bsc#1012628). - riscv: Select HAVE_DYNAMIC_FTRACE when - fpatchable-function-entry is available (bsc#1012628). - swiotlb: Fix the type of index (bsc#1012628). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1012628). - scsi: qla2xxx: Prevent PRLI in target mode (bsc#1012628). - scsi: ufs: core: Do not put UFS power into LPM if link is broken (bsc#1012628). - scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend (bsc#1012628). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1012628). - rtc: ds1307: Fix wday settings for rx8130 (bsc#1012628). - net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1012628). - net: hns3: initialize the message content in hclge_get_link_mode() (bsc#1012628). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (bsc#1012628). - arm64: stacktrace: restore terminal records (bsc#1012628). - net: hns3: fix for vxlan gpe tx checksum bug (bsc#1012628). - net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1012628). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#1012628). - sctp: do asoc update earlier in sctp_sf_do_dupcook_a (bsc#1012628). - RISC-V: Fix error code returned by riscv_hartid_to_cpuid() (bsc#1012628). - sunrpc: Fix misplaced barrier in call_decode (bsc#1012628). - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1012628). - block/rnbd-clt: Change queue_depth type in rnbd_clt_session to size_t (bsc#1012628). - block/rnbd-clt: Check the return value of the function rtrs_clt_query (bsc#1012628). - ata: ahci_brcm: Fix use of BCM7216 reset controller (bsc#1012628). - PCI: brcmstb: Use reset/rearm instead of deassert/assert (bsc#1012628). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#1012628). - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b (bsc#1012628). - netfilter: xt_SECMARK: add new revision to fix structure layout (bsc#1012628). - xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (bsc#1012628). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1012628). - net: stmmac: Clear receive all(RA) bit when promiscuous mode is off (bsc#1012628). - drm/radeon: Fix off-by-one power_state index heap overwrite (bsc#1012628). - drm/radeon: Avoid power table parsing memory leaks (bsc#1012628). - arm64: entry: factor irq triage logic into macros (bsc#1012628). - arm64: entry: always set GIC_PRIO_PSR_I_SET during entry (bsc#1012628). - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() (bsc#1012628). - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() (bsc#1012628). - mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page() (bsc#1012628). - ksm: fix potential missing rmap_item for stable_node (bsc#1012628). - mm/gup: check every subpage of a compound page during isolation (bsc#1012628). - mm/gup: return an error on migration failure (bsc#1012628). - mm/gup: check for isolation errors (bsc#1012628). - kfence: await for allocation using wait_event (bsc#1012628). - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1012628). - net: fix nla_strcmp to handle more then one trailing null character (bsc#1012628). - smc: disallow TCP_ULP in smc_setsockopt() (bsc#1012628). - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check (bsc#1012628). - netfilter: nftables: Fix a memleak from userdata error path in new objects (bsc#1012628). - can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe (bsc#1012628). - can: mcp251xfd: mcp251xfd_probe(): add missing can_rx_offload_del() in error path (bsc#1012628). - can: mcp251x: fix resume from sleep before interface was brought up (bsc#1012628). - can: m_can: m_can_tx_work_queue(): fix tx_skb race condition (bsc#1012628). - sched: Fix out-of-bound access in uclamp (bsc#1012628). - sched/fair: Fix unfairness caused by missing load decay (bsc#1012628). - net: ipa: fix inter-EE IRQ register definitions (bsc#1012628). - fs/proc/generic.c: fix incorrect pde_is_permanent check (bsc#1012628). - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (bsc#1012628). - kernel/resource: make walk_system_ram_res() find all busy IORESOURCE_SYSTEM_RAM resources (bsc#1012628). - kernel/resource: make walk_mem_res() find all busy IORESOURCE_MEM resources (bsc#1012628). - netfilter: nftables: avoid overflows in nft_hash_buckets() (bsc#1012628). - i40e: fix broken XDP support (bsc#1012628). - i40e: Fix use-after-free in i40e_client_subtask() (bsc#1012628). - i40e: fix the restart auto-negotiation after FEC modified (bsc#1012628). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (bsc#1012628). - i40e: Remove LLDP frame filters (bsc#1012628). - mptcp: fix splat when closing unaccepted socket (bsc#1012628). - ARC: entry: fix off-by-one error in syscall number validation (bsc#1012628). - ARC: mm: PAE: use 40-bit physical page mask (bsc#1012628). - ARC: mm: Use max_high_pfn as a HIGHMEM zone border (bsc#1012628). - sh: Remove unused variable (bsc#1012628). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1012628). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1012628). - hfsplus: prevent corruption in shrinking truncate (bsc#1012628). - squashfs: fix divide error in calculate_skip() (bsc#1012628). - userfaultfd: release page in error path to avoid BUG_ON (bsc#1012628). - kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled (bsc#1012628). - mm/hugetlb: fix F_SEAL_FUTURE_WRITE (bsc#1012628). - mm/hugetlb: fix cow where page writtable in child (bsc#1012628). - blk-iocost: fix weight updates of inner active iocgs (bsc#1012628). - x86, sched: Fix the AMD CPPC maximum performance value on certain AMD Ryzen generations (bsc#1012628). - arm64: mte: initialize RGSR_EL1.SEED in __cpu_setup (bsc#1012628). - arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache() (bsc#1012628). - btrfs: fix deadlock when cloning inline extents and using qgroups (bsc#1012628). - btrfs: zoned: fix silent data loss after failure splitting ordered extent (bsc#1012628). - btrfs: fix race leading to unpersisted data and metadata on fsync (bsc#1012628). - btrfs: initialize return variable in cleanup_free_space_cache_v1 (bsc#1012628). - btrfs: zoned: sanity check zone type (bsc#1012628). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (bsc#1012628). - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (bsc#1012628). - drm/i915: Avoid div-by-zero on gen2 (bsc#1012628). - kvm: exit halt polling on need_resched() as well (bsc#1012628). - drm/msm: fix LLC not being enabled for mmu500 targets (bsc#1012628). - KVM: LAPIC: Accurately guarantee busy wait for timer to expire when using hv_timer (bsc#1012628). - drm/msm/dp: initialize audio_comp when audio starts (bsc#1012628). - KVM: x86: Cancel pvclock_gtod_work on module removal (bsc#1012628). - KVM: x86: Prevent deadlock against tk_core.seq (bsc#1012628). - KVM: SVM: Move GHCB unmapping to fix RCU warning (bsc#1012628). - dax: Add an enum for specifying dax wakup mode (bsc#1012628). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1012628). - dax: Wake up all waiters after invalidating dax entry (bsc#1012628). - xen/unpopulated-alloc: fix error return code in fill_list() (bsc#1012628). - perf tools: Fix dynamic libbpf link (bsc#1012628). - usb: dwc3: gadget: Free gadget structure only after freeing endpoints (bsc#1012628). - iio: light: gp2ap002: Fix rumtime PM imbalance on error (bsc#1012628). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (bsc#1012628). - iio: hid-sensors: select IIO_TRIGGERED_BUFFER under HID_SENSOR_IIO_TRIGGER (bsc#1012628). - iio: core: return ENODEV if ioctl is unknown (bsc#1012628). - usb: fotg210-hcd: Fix an error message (bsc#1012628). - hwmon: (occ) Fix poll rate limiting (bsc#1012628). - usb: typec: tcpm: Fix wrong handling for Not_Supported in VDM AMS (bsc#1012628). - usb: musb: Fix an error message (bsc#1012628). - hwmon: (ltc2992) Put fwnode in error case during ->probe() (bsc#1012628). - ACPI: scan: Fix a memory leak in an error handling path (bsc#1012628). - kyber: fix out of bounds access when preempted (bsc#1012628). - nvmet: fix inline bio check for bdev-ns (bsc#1012628). - nvmet: fix inline bio check for passthru (bsc#1012628). - nvmet-rdma: Fix NULL deref when SEND is completed with error (bsc#1012628). - f2fs: compress: fix to free compress page correctly (bsc#1012628). - f2fs: compress: fix race condition of overwrite vs truncate (bsc#1012628). - f2fs: compress: fix to assign cc.cluster_idx correctly (bsc#1012628). - sched/fair: Fix clearing of has_idle_cores flag in select_idle_cpu() (bsc#1012628). - nbd: Fix NULL pointer in flush_workqueue (bsc#1012628). - powerpc/64s: Make NMI record implicitly soft-masked code as irqs disabled (bsc#1012628). - blk-mq: plug request for shared sbitmap (bsc#1012628). - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1012628). - usb: dwc3: omap: improve extcon initialization (bsc#1012628). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (bsc#1012628). - usb: xhci: Increase timeout for HC halt (bsc#1012628). - usb: dwc2: Fix gadget DMA unmap direction (bsc#1012628). - usb: core: hub: fix race condition about TRSMRCY of resume (bsc#1012628). - usb: dwc3: imx8mp: fix error return code in dwc3_imx8mp_probe() (bsc#1012628). - usb: dwc3: gadget: Enable suspend events (bsc#1012628). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (bsc#1012628). - usb: typec: tcpm: Fix wrong handling in GET_SINK_CAP (bsc#1012628). - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (bsc#1012628). - usb: typec: ucsi: Put fwnode in any case during ->probe() (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Alder Lake xHCI (bsc#1012628). - xhci: Fix giving back cancelled URBs even if halted endpoint can't reset (bsc#1012628). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (bsc#1012628). - xhci: Add reset resume quirk for AMD xhci controller (bsc#1012628). - iio: core: fix ioctl handlers removal (bsc#1012628). - iio: gyro: mpu3050: Fix reported temperature value (bsc#1012628). - iio: tsl2583: Fix division by a zero lux_val (bsc#1012628). - cdc-wdm: untangle a circular dependency between callback and softint (bsc#1012628). - alarmtimer: Check RTC features instead of ops (bsc#1012628). - xen/gntdev: fix gntdev_mmap() error exit path (bsc#1012628). - KVM: x86: Emulate RDPID only if RDTSCP is supported (bsc#1012628). - KVM: x86: Move RDPID emulation intercept to its own enum (bsc#1012628). - KVM: x86: Add support for RDPID without RDTSCP (bsc#1012628). - KVM: nVMX: Always make an attempt to map eVMCS after migration (bsc#1012628). - KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported (bsc#1012628). - KVM: VMX: Disable preemption when probing user return MSRs (bsc#1012628). - mm: fix struct page layout on 32-bit systems (bsc#1012628). - MIPS: Reinstate platform `__div64_32' handler (bsc#1012628). - MIPS: Avoid DIVU in `__div64_32' is result would be zero (bsc#1012628). - MIPS: Avoid handcoded DIVU in `__div64_32' altogether (bsc#1012628). - clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue (bsc#1012628). - clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 (bsc#1012628). - kobject_uevent: remove warning in init_uevent_argv() (bsc#1012628). - drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (bsc#1012628). - drm/msm/dp: check sink_count before update is_connected status (bsc#1012628). - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (bsc#1012628). - drm/i915/overlay: Fix active retire callback alignment (bsc#1012628). - drm/i915: Fix crash in auto_retire (bsc#1012628). - clk: exynos7: Mark aclk_fsys1_200 as critical (bsc#1012628). - soc: mediatek: pm-domains: Add a meaningful power domain name (bsc#1012628). - soc: mediatek: pm-domains: Add a power domain names for mt8183 (bsc#1012628). - soc: mediatek: pm-domains: Add a power domain names for mt8192 (bsc#1012628). - media: rkvdec: Remove of_match_ptr() (bsc#1012628). - i2c: mediatek: Fix send master code at more than 1MHz (bsc#1012628). - dt-bindings: media: renesas,vin: Make resets optional on R-Car Gen1 (bsc#1012628). - dt-bindings: thermal: rcar-gen3-thermal: Support five TSC nodes on r8a779a0 (bsc#1012628). - arm64: dts: renesas: falcon: Move console config to CPU board DTS (bsc#1012628). - dt-bindings: phy: qcom,qmp-usb3-dp-phy: move usb3 compatibles back to qcom,qmp-phy.yaml (bsc#1012628). - dt-bindings: serial: 8250: Remove duplicated compatible strings (bsc#1012628). - dt-bindings: PCI: rcar-pci-host: Document missing R-Car H1 support (bsc#1012628). - debugfs: Make debugfs_allow RO after init (bsc#1012628). - ext4: fix debug format string warning (bsc#1012628). - nvme: do not try to reconfigure APST when the controller is not live (bsc#1012628). - ASoC: rsnd: check all BUSIF status when error (bsc#1012628). - net: bridge: fix error in br_multicast_add_port when CONFIG_NET_SWITCHDEV=n (bsc#1012628). - Refresh patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch. - commit 0ef707c ==== kernel-source ==== Version update (5.12.4 -> 5.12.9) Subpackages: kernel-default kernel-docs - Linux 5.12.9 (bsc#1012628). - ALSA: hda/realtek: the bass speaker can't output sound on Yoga 9i (bsc#1012628). - ALSA: hda/realtek: Headphone volume is controlled by Front mixer (bsc#1012628). - ALSA: hda/realtek: Chain in pop reduction fixup for ThinkStation P340 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs for HP 855 G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 15 G8 (bsc#1012628). - ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Zbook Fury 17 G8 (bsc#1012628). - ALSA: usb-audio: fix control-request direction (bsc#1012628). - ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (bsc#1012628). - ALSA: usb-audio: scarlett2: Improve driver startup messages (bsc#1012628). - cifs: fix string declarations and assignments in tracepoints (bsc#1012628). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1012628). - mtd: rawnand: cs553x: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: txx9ndfmc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: sharpsl: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: lpc32xx_slc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: ndfc: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: tmio: Fix external use of SW Hamming ECC helper (bsc#1012628). - mtd: rawnand: fsmc: Fix external use of SW Hamming ECC helper (bsc#1012628). - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (bsc#1012628). - scsi: target: core: Avoid smp_processor_id() in preemptible code (bsc#1012628). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1012628). - s390/dasd: add missing discipline function (bsc#1012628). - perf intel-pt: Fix sample instruction bytes (bsc#1012628). - perf intel-pt: Fix transaction abort handling (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix copy to clipboard from Top Calls by elapsed Time report (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix Array TypeError (bsc#1012628). - perf scripts python: exported-sql-viewer.py: Fix warning display (bsc#1012628). - proc: Check /proc/$pid/attr/ writes against file opener (bsc#1012628). - net: hso: fix control-request directions (bsc#1012628). - net/sched: fq_pie: re-factor fix for fq_pie endless loop (bsc#1012628). - net/sched: fq_pie: fix OOB access in the traffic path (bsc#1012628). - netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version (bsc#1012628). - dm snapshot: properly fix a crash when an origin has no snapshots (bsc#1012628). - md/raid5: remove an incorrect assert in in_chunk_boundary (bsc#1012628). - drm/i915: Reenable LTTPR non-transparent LT mode for DPCD_REV<1.4 (bsc#1012628). - drm/amd/pm: correct MGpuFanBoost setting (bsc#1012628). - drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error (bsc#1012628). - drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate (bsc#1012628). - drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate (bsc#1012628). - kgdb: fix gcc-11 warnings harder (bsc#1012628). - Documentation: seccomp: Fix user notification documentation (bsc#1012628). - riscv: stacktrace: fix the riscv stacktrace when CONFIG_FRAME_POINTER enabled (bsc#1012628). - seccomp: Refactor notification handler to prepare for new semantics (bsc#1012628). - debugfs: fix security_locked_down() call for SELinux (bsc#1012628). - serial: core: fix suspicious security_locked_down() call (bsc#1012628). - misc/uss720: fix memory leak in uss720_probe (bsc#1012628). - thunderbolt: usb4: Fix NVM read buffer bounds and offset issue (bsc#1012628). - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (bsc#1012628). - KVM: X86: Fix vCPU preempted state from guest's point of view (bsc#1012628). - KVM: arm64: Move __adjust_pc out of line (bsc#1012628). - KVM: arm64: Fix debug register indexing (bsc#1012628). - KVM: arm64: Prevent mixed-width VM creation (bsc#1012628). - mei: request autosuspend after sending rx flow control (bsc#1012628). - staging: iio: cdc: ad7746: avoid overwrite of num_channels (bsc#1012628). - iio: gyro: fxas21002c: balance runtime power in error path (bsc#1012628). - iio: dac: ad5770r: Put fwnode in error case during ->probe() (bsc#1012628). - iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (bsc#1012628). - iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (bsc#1012628). - iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (bsc#1012628). - iio: adc: ad7923: Fix undersized rx buffer (bsc#1012628). - iio: adc: ad7793: Add missing error code in ad7793_setup() (bsc#1012628). - iio: adc: ad7192: Avoid disabling a clock that was never enabled (bsc#1012628). - iio: adc: ad7192: handle regulator voltage error first (bsc#1012628). - serial: 8250: Add UART_BUG_TXRACE workaround for Aspeed VUART (bsc#1012628). - serial: 8250_dw: Add device HID for new AMD UART controller (bsc#1012628). - serial: 8250_pci: Add support for new HPE serial device (bsc#1012628). - serial: 8250_pci: handle FL_NOIRQ board flag (bsc#1012628). - USB: trancevibrator: fix control-request direction (bsc#1012628). - Revert "irqbypass: do not start cons/prod when failed connect" (bsc#1012628). - USB: usbfs: Don't WARN about excessively large memory allocations (bsc#1012628). - xhci: fix giving back URB with incorrect status regression in 5.12 (bsc#1012628). - xhci: Fix 5.12 regression of missing xHC cache clearing command after a Stall (bsc#1012628). - drivers: base: Fix device link removal (bsc#1012628). - serial: tegra: Fix a mask operation that is always true (bsc#1012628). - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (bsc#1012628). - serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (bsc#1012628). - USB: serial: ti_usb_3410_5052: add startech.com device id (bsc#1012628). - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (bsc#1012628). - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (bsc#1012628). - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (bsc#1012628). - thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (bsc#1012628). - usb: dwc3: gadget: Properly track pending and queued SG (bsc#1012628). - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (bsc#1012628). - usb: typec: mux: Fix matching with typec_altmode_desc (bsc#1012628). - usb: typec: ucsi: Clear pending after acking connector change (bsc#1012628). - usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (bsc#1012628). - usb: typec: tcpm: Properly interrupt VDM AMS (bsc#1012628). - usb: typec: tcpm: Respond Not_Supported if no snk_vdo (bsc#1012628). - net: usb: fix memory leak in smsc75xx_bind (bsc#1012628). - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (bsc#1012628). - fs/nfs: Use fatal_signal_pending instead of signal_pending (bsc#1012628). - NFS: fix an incorrect limit in filelayout_decode_layout() (bsc#1012628). - NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (bsc#1012628). - NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() (bsc#1012628). - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (bsc#1012628). - drm/meson: fix shutdown crash when component not probed (bsc#1012628). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (bsc#1012628). - net/mlx5e: Fix multipath lag activation (bsc#1012628). - net/mlx5e: Fix error path of updating netdev queues (bsc#1012628). - {net,vdpa}/mlx5: Configure interface MAC into mpfs L2 table (bsc#1012628). - net/mlx5e: Fix nullptr in mlx5e_tc_add_fdb_flow() (bsc#1012628). - net/mlx5e: Fix nullptr in add_vlan_push_action() (bsc#1012628). - net/mlx5: Set reformat action when needed for termination rules (bsc#1012628). - net/mlx5e: Fix null deref accessing lag dev (bsc#1012628). - net/mlx4: Fix EEPROM dump support (bsc#1012628). - {net, RDMA}/mlx5: Fix override of log_max_qp by other device (bsc#1012628). - net/mlx5: Set term table as an unmanaged flow table (bsc#1012628). - KVM: X86: Fix warning caused by stale emulation context (bsc#1012628). - KVM: X86: Use _BITUL() macro in UAPI headers (bsc#1012628). - KVM: selftests: Fix 32-bit truncation of vm_get_max_gfn() (bsc#1012628). - SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1012628). - Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" (bsc#1012628). - tipc: wait and exit until all work queues are done (bsc#1012628). - tipc: skb_linearize the head skb when reassembling msgs (bsc#1012628). - spi: spi-fsl-dspi: Fix a resource leak in an error handling path (bsc#1012628). - sctp: fix the proc_handler for sysctl encap_port (bsc#1012628). - sctp: add the missing setting for asoc encap_port (bsc#1012628). - netfilter: flowtable: Remove redundant hw refresh bit (bsc#1012628). - net: dsa: mt7530: fix VLAN traffic leaks (bsc#1012628). - net: dsa: bcm_sf2: Fix bcm_sf2_reg_rgmii_cntrl() call for non-RGMII port (bsc#1012628). - net: dsa: fix a crash if ->get_sset_count() fails (bsc#1012628). - net: dsa: sja1105: update existing VLANs from the bridge VLAN list (bsc#1012628). - net: dsa: sja1105: use 4095 as the private VLAN for untagged traffic (bsc#1012628). - net: dsa: sja1105: error out on unsupported PHY mode (bsc#1012628). - net: dsa: sja1105: add error handling in sja1105_setup() (bsc#1012628). - net: dsa: sja1105: call dsa_unregister_switch when allocating memory fails (bsc#1012628). - net: dsa: sja1105: fix VL lookup command packing for P/Q/R/S (bsc#1012628). - i2c: s3c2410: fix possible NULL pointer deref on read message after write (bsc#1012628). - i2c: mediatek: Disable i2c start_en and clear intr_stat brfore reset (bsc#1012628). - i2c: i801: Don't generate an interrupt on bus reset (bsc#1012628). - i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (bsc#1012628). - afs: Fix the nlink handling of dir-over-dir rename (bsc#1012628). - perf debug: Move debug initialization earlier (bsc#1012628). - perf jevents: Fix getting maximum number of fds (bsc#1012628). - nvmet-tcp: fix inline data size comparison in nvmet_tcp_queue_response (bsc#1012628). - mptcp: avoid error message on infinite mapping (bsc#1012628). - mptcp: fix data stream corruption (bsc#1012628). - mptcp: drop unconditional pr_warn on bad opt (bsc#1012628). - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (bsc#1012628). - gpio: cadence: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - Revert "crypto: cavium/nitrox - add an error message to explain the failure of pci_request_mem_regions" (bsc#1012628). - Revert "media: usb: gspca: add a missed check for goto_low_power" (bsc#1012628). - Revert "ALSA: sb: fix a missing check of snd_ctl_add" (bsc#1012628). - Revert "serial: max310x: pass return value of spi_register_driver" (bsc#1012628). - serial: max310x: unregister uart driver in case of failure and abort (bsc#1012628). - Revert "net: fujitsu: fix a potential NULL pointer dereference" (bsc#1012628). - net: fujitsu: fix potential null-ptr-deref (bsc#1012628). - Revert "net/smc: fix a NULL pointer dereference" (bsc#1012628). - net/smc: properly handle workqueue allocation failure (bsc#1012628). - Revert "net: caif: replace BUG_ON with recovery code" (bsc#1012628). - net: caif: remove BUG_ON(dev == NULL) in caif_xmit (bsc#1012628). - Revert "char: hpet: fix a missing check of ioremap" (bsc#1012628). - char: hpet: add checks after calling ioremap (bsc#1012628). - Revert "ALSA: gus: add a check of the status of snd_ctl_add" (bsc#1012628). - Revert "ALSA: usx2y: Fix potential NULL pointer dereference" (bsc#1012628). - Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference" (bsc#1012628). - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (bsc#1012628). - Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()" (bsc#1012628). - ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (bsc#1012628). - Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc" (bsc#1012628). - isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (bsc#1012628). - Revert "dmaengine: qcom_hidma: Check for driver register failure" (bsc#1012628). - dmaengine: qcom_hidma: comment platform_driver_register call (bsc#1012628). - Revert "libertas: add checks for the return value of sysfs_create_group" (bsc#1012628). - libertas: register sysfs groups properly (bsc#1012628). - Revert "ASoC: cs43130: fix a NULL pointer dereference" (bsc#1012628). - ASoC: cs43130: handle errors in cs43130_probe() properly (bsc#1012628). - Revert "media: dvb: Add check on sp8870_readreg" (bsc#1012628). - media: dvb: Add check on sp8870_readreg return (bsc#1012628). - Revert "media: gspca: mt9m111: Check write_bridge for timeout" (bsc#1012628). - media: gspca: mt9m111: Check write_bridge for timeout (bsc#1012628). - Revert "media: gspca: Check the return value of write_bridge for timeout" (bsc#1012628). - media: gspca: properly check for errors in po1030_probe() (bsc#1012628). - Revert "net: liquidio: fix a NULL pointer dereference" (bsc#1012628). - net: liquidio: Add missing null pointer checks (bsc#1012628). - Revert "brcmfmac: add a check for the status of usb_register" (bsc#1012628). - brcmfmac: properly check for bus register errors (bsc#1012628). - btrfs: return whole extents in fiemap (bsc#1012628). - scsi: ufs: ufs-mediatek: Fix power down spec violation (bsc#1012628). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (bsc#1012628). - openrisc: Define memory barrier mb (bsc#1012628). - scsi: pm80xx: Fix drives missing during rmmod/insmod loop (bsc#1012628). - btrfs: release path before starting transaction when cloning inline extent (bsc#1012628). - btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1012628). - ALSA: dice: disable double_pcm_frames mode for M-Audio Profire 610, 2626 and Avid M-Box 3 Pro (bsc#1012628). - platform/x86: hp-wireless: add AMD's hardware id to the supported list (bsc#1012628). - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (bsc#1012628). - SMB3: incorrect file id in requests compounded with open (bsc#1012628). - drm/amd/display: Disconnect non-DP with no EDID (bsc#1012628). - drm/amd/amdgpu: fix refcount leak (bsc#1012628). - drm/amdgpu: Fix a use-after-free (bsc#1012628). - drm/amd/amdgpu: fix a potential deadlock in gpu reset (bsc#1012628). - drm/amdgpu: stop touching sched.ready in the backend (bsc#1012628). - platform/x86: touchscreen_dmi: Add info for the Chuwi Hi10 Pro (CWI529) tablet (bsc#1012628). - block: fix a race between del_gendisk and BLKRRPART (bsc#1012628). - linux/bits.h: fix compilation error with GENMASK (bsc#1012628). - spi: take the SPI IO-mutex in the spi_set_cs_timing method (bsc#1012628). - net: netcp: Fix an error message (bsc#1012628). - net: dsa: fix error code getting shifted with 4 in dsa_slave_get_sset_count (bsc#1012628). - interconnect: qcom: bcm-voter: add a missing of_node_put() (bsc#1012628). - interconnect: qcom: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - usb: cdnsp: Fix lack of removing request from pending list (bsc#1012628). - ASoC: cs42l42: Regmap must use_single_read/write (bsc#1012628). - net: stmmac: Fix MAC WoL not working if PHY does not support WoL (bsc#1012628). - net: ipa: memory region array is variable size (bsc#1012628). - vfio-ccw: Check initialized flag in cp_init() (bsc#1012628). - spi: Assume GPIO CS active high in ACPI case (bsc#1012628). - net: really orphan skbs tied to closing sk (bsc#1012628). - net: packetmmap: fix only tx timestamp on request (bsc#1012628). - net: fec: fix the potential memory leak in fec_enet_init() (bsc#1012628). - octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() (bsc#1012628). - ptp: ocp: Fix a resource leak in an error handling path (bsc#1012628). - chelsio/chtls: unlock on error in chtls_pt_recvmsg() (bsc#1012628). - net: mdio: thunder: Fix a double free issue in the .remove function (bsc#1012628). - net: mdio: octeon: Fix some double free issues (bsc#1012628). - cxgb4/ch_ktls: Clear resources when pf4 device is removed (bsc#1012628). - openvswitch: meter: fix race when getting now_ms (bsc#1012628). - tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1012628). - net: sched: fix packet stuck problem for lockless qdisc (bsc#1012628). - net: sched: fix tx action rescheduling issue during deactivation (bsc#1012628). - net: sched: fix tx action reschedule issue with stopped queue (bsc#1012628). - net: hso: check for allocation failure in hso_create_bulk_serial_device() (bsc#1012628). - net: bnx2: Fix error return code in bnx2_init_board() (bsc#1012628). - bnxt_en: Include new P5 HV definition in VF check (bsc#1012628). - bnxt_en: Fix context memory setup for 64K page size (bsc#1012628). - mld: fix panic in mld_newpack() (bsc#1012628). - net/smc: remove device from smcd_dev_list after failed device_add() (bsc#1012628). - gve: Check TX QPL was actually assigned (bsc#1012628). - gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1012628). - gve: Add NULL pointer checks when freeing irqs (bsc#1012628). - gve: Upgrade memory barrier in poll routine (bsc#1012628). - gve: Correct SKB queue index validation (bsc#1012628). - iommu/amd: Clear DMA ops when switching domain (bsc#1012628). - iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1012628). - net: hns3: fix incorrect resp_msg issue (bsc#1012628). - net: hns3: put off calling register_netdev() until client initialize complete (bsc#1012628). - net: hns3: fix user's coalesce configuration lost issue (bsc#1012628). - net/mlx5: SF, Fix show state inactive when its inactivated (bsc#1012628). - net/mlx5e: Make sure fib dev exists in fib event (bsc#1012628). - net/mlx5e: Reject mirroring on source port change encap rules (bsc#1012628). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1012628). - iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1012628). - cxgb4: avoid accessing registers when clearing filters (bsc#1012628). - staging: emxx_udc: fix loop in _nbu2ss_nuke() (bsc#1012628). - ASoC: cs35l33: fix an error code in probe() (bsc#1012628). - bpf, offload: Reorder offload callback 'prepare' in verifier (bsc#1012628). - bpf: Set mac_len in bpf_skb_change_head (bsc#1012628). - ixgbe: fix large MTU request from VF (bsc#1012628). - ASoC: qcom: lpass-cpu: Use optional clk APIs (bsc#1012628). - scsi: libsas: Use _safe() loop in sas_resume_port() (bsc#1012628). - net: lantiq: fix memory corruption in RX ring (bsc#1012628). - ipv6: record frag_max_size in atomic fragments in input path (bsc#1012628). - scsi: aic7xxx: Restore several defines for aic7xxx firmware build (bsc#1012628). - ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (bsc#1012628). - net: ethernet: mtk_eth_soc: Fix packet statistics support for MT7628/88 (bsc#1012628). - sch_dsmark: fix a NULL deref in qdisc_reset() (bsc#1012628). - net: hsr: fix mac_len checks (bsc#1012628). - MIPS: alchemy: xxs1500: add gpio-au1000.h header file (bsc#1012628). - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (bsc#1012628). - net: zero-initialize tc skb extension on allocation (bsc#1012628). - net: mvpp2: add buffer header handling in RX (bsc#1012628). - SUNRPC: More fixes for backlog congestion (bsc#1012628). - thermal/drivers/qcom: Fix error code in adc_tm5_get_dt_channel_data() (bsc#1012628). - KVM: X86: hyper-v: Task srcu lock when accessing kvm_memslots() (bsc#1012628). - xprtrdma: Revert 586a0787ce35 (bsc#1012628). - samples/bpf: Consider frame size in tx_only of xdpsock sample (bsc#1012628). - net: hns3: check the return of skb_checksum_help() (bsc#1012628). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1012628). - Revert "Revert "ALSA: usx2y: Fix potential NULL pointer dereference"" (bsc#1012628). - net: hso: bail out on interrupt URB allocation failure (bsc#1012628). - arm64: mm: don't use CON and BLK mapping if KFENCE is enabled (bsc#1012628). - neighbour: Prevent Race condition in neighbour subsytem (bsc#1012628). - usb: core: reduce power-on-good delay time of root hub (bsc#1012628). - commit f17eb01 - Input: elants_i2c - Fix NULL dereference at probing (bsc#1186454). - commit bb5e8ab - Linux 5.12.8 (bsc#1012628). - NFC: nci: fix memory leak in nci_allocate_device (bsc#1012628). - KVM: x86: Defer vtime accounting 'til after IRQ handling (bsc#1012628). - context_tracking: Move guest exit vtime accounting to separate helpers (bsc#1012628). - context_tracking: Move guest exit context tracking to separate helpers (bsc#1012628). - bpf: No need to simulate speculative domain for immediates (bsc#1012628). - bpf: Fix mask direction swap upon off reg sign change (bsc#1012628). - bpf: Wrap aux data inside bpf_sanitize_info container (bsc#1012628). - commit 7a4f594 - Refresh patches.suse/pinctrl-bcm2835-accept-fewer-than-expected-irqs.patch. Update upstream status. - commit fc290e6 - Linux 5.12.7 (bsc#1012628). - firmware: arm_scpi: Prevent the ternary sign expansion bug (bsc#1012628). - openrisc: Fix a memory leak (bsc#1012628). - tee: amdtee: unload TA only when its refcount becomes 0 (bsc#1012628). - habanalabs/gaudi: Fix a potential use after free in gaudi_memset_device_memory (bsc#1012628). - RDMA/siw: Properly check send and receive CQ pointers (bsc#1012628). - RDMA/siw: Release xarray entry (bsc#1012628). - RDMA/core: Prevent divide-by-zero error triggered by the user (bsc#1012628). - platform/x86: ideapad-laptop: fix a NULL pointer dereference (bsc#1012628). - RDMA/rxe: Clear all QP fields if creation failed (bsc#1012628). - scsi: ufs: core: Increase the usable queue depth (bsc#1012628). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (bsc#1012628). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1012628). - RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1012628). - RDMA/rxe: Split MEM into MR and MW (bsc#1012628). - RDMA/rxe: Return CQE error if invalid lkey was supplied (bsc#1012628). - RDMA/core: Don't access cm_id after its destruction (bsc#1012628). - nvmet: fix memory leak in nvmet_alloc_ctrl() (bsc#1012628). - nvme-loop: fix memory leak in nvme_loop_create_ctrl() (bsc#1012628). - nvme-tcp: rerun io_work if req_list is not empty (bsc#1012628). - nvme-fc: clear q_live at beginning of association teardown (bsc#1012628). - platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (bsc#1012628). - platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (bsc#1012628). - platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (bsc#1012628). - RDMA/mlx5: Fix query DCT via DEVX (bsc#1012628). - RDMA/uverbs: Fix a NULL vs IS_ERR() bug (bsc#1012628). - tools/testing/selftests/exec: fix link error (bsc#1012628). - drm/ttm: Do not add non-system domain BO into swap list (bsc#1012628). - powerpc/pseries: Fix hcall tracing recursion in pv queued spinlocks (bsc#1012628). - ptrace: make ptrace() fail if the tracee changed its pid unexpectedly (bsc#1012628). - nvmet: seset ns->file when open fails (bsc#1012628). - perf/x86: Avoid touching LBR_TOS MSR for Arch LBR (bsc#1012628). - locking/lockdep: Correct calling tracepoints (bsc#1012628). - locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (bsc#1012628). - powerpc: Fix early setup to make early_ioremap() work (bsc#1012628). - btrfs: avoid RCU stalls while running delayed iputs (bsc#1012628). - btrfs: fix removed dentries still existing after log is synced (bsc#1012628). - cifs: fix memory leak in smb2_copychunk_range (bsc#1012628). - fs/mount_setattr: tighten permission checks (bsc#1012628). - misc: eeprom: at24: check suspend status before disable regulator (bsc#1012628). - ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (bsc#1012628). - ALSA: intel8x0: Don't update period unless prepared (bsc#1012628). - ALSA: firewire-lib: fix amdtp_packet tracepoints event for packet_index field (bsc#1012628). - ALSA: line6: Fix racy initialization of LINE6 MIDI (bsc#1012628). - ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (bsc#1012628). - ALSA: firewire-lib: fix calculation for size of IR context payload (bsc#1012628). - ALSA: usb-audio: Validate MS endpoint descriptors (bsc#1012628). - ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (bsc#1012628). - ALSA: hda: fixup headset for ASUS GU502 laptop (bsc#1012628). - Revert "ALSA: sb8: add a check for request_region" (bsc#1012628). - ALSA: firewire-lib: fix check for the size of isochronous packet payload (bsc#1012628). - ALSA: hda/realtek: reset eapd coeff to default value for alc287 (bsc#1012628). - ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (bsc#1012628). - ALSA: hda/realtek: Fix silent headphone output on ASUS UX430UA (bsc#1012628). - ALSA: hda/realtek: Add fixup for HP OMEN laptop (bsc#1012628). - ALSA: hda/realtek: Add fixup for HP Spectre x360 15-df0xxx (bsc#1012628). - ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (bsc#1012628). - ALSA: usb-audio: DJM-750: ensure format is set (bsc#1012628). - uio/uio_pci_generic: fix return value changed in refactoring (bsc#1012628). - uio_hv_generic: Fix a memory leak in error handling paths (bsc#1012628). - uio_hv_generic: Fix another memory leak in error handling paths (bsc#1012628). - platform/x86: ideapad-laptop: fix method name typo (bsc#1012628). - Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails" (bsc#1012628). - rapidio: handle create_workqueue() failure (bsc#1012628). - Revert "serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference" (bsc#1012628). - nvme-tcp: fix possible use-after-completion (bsc#1012628). - x86/build: Fix location of '-plugin-opt=' flags (bsc#1012628). - x86/sev-es: Move sev_es_put_ghcb() in prep for follow on patch (bsc#1012628). - x86/sev-es: Invalidate the GHCB after completing VMGEXIT (bsc#1012628). - x86/sev-es: Don't return NULL from sev_es_get_ghcb() (bsc#1012628). - x86/sev-es: Use __put_user()/__get_user() for data accesses (bsc#1012628). - x86/sev-es: Forward page-faults which happen during emulation (bsc#1012628). - drm/amd/display: Use the correct max downscaling value for DCN3.x family (bsc#1012628). - drm/amdgpu: Fix GPU TLB update error when PAGE_SIZE > AMDGPU_PAGE_SIZE (bsc#1012628). - drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (bsc#1012628). - drm/amdgpu: update gc golden setting for Navi12 (bsc#1012628). - drm/amdgpu: update sdma golden setting for Navi12 (bsc#1012628). - dma-buf: fix unintended pin/unpin warnings (bsc#1012628). - powerpc/64s/syscall: Use pt_regs.trap to distinguish syscall ABI difference between sc and scv syscalls (bsc#1012628). - powerpc/64s/syscall: Fix ptrace syscall info with scv syscalls (bsc#1012628). - mmc: sdhci-pci-gli: increase 1.8V regulator wait (bsc#1012628). - mmc: meson-gx: make replace WARN_ONCE with dev_warn_once about scatterlist offset alignment (bsc#1012628). - mmc: meson-gx: also check SD_IO_RW_EXTENDED for scatterlist size alignment (bsc#1012628). - gpio: tegra186: Don't set parent IRQ affinity (bsc#1012628). - xen-pciback: redo VF placement in the virtual topology (bsc#1012628). - xen-pciback: reconfigure also from backend watch handler (bsc#1012628). - userfaultfd: hugetlbfs: fix new flag usage in error path (bsc#1012628). - Revert "mm/gup: check page posion status for coredump." (bsc#1012628). - dm snapshot: fix crash with transient storage and zero chunk size (bsc#1012628). - kcsan: Fix debugfs initcall return type (bsc#1012628). - Revert "video: hgafb: fix potential NULL pointer dereference" (bsc#1012628). - Revert "net: stmicro: fix a missing check of clk_prepare" (bsc#1012628). - Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" (bsc#1012628). - Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" (bsc#1012628). - Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#1012628). - Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1012628). - Revert "scsi: ufs: fix a missing check of devm_reset_control_get" (bsc#1012628). - Revert "gdrom: fix a memory leak bug" (bsc#1012628). - cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (bsc#1012628). - cdrom: gdrom: initialize global variable at init time (bsc#1012628). - Revert "media: rcar_drif: fix a memory disclosure" (bsc#1012628). - Revert "rtlwifi: fix a potential NULL pointer dereference" (bsc#1012628). - Revert "qlcnic: Avoid potential NULL pointer dereference" (bsc#1012628). - Revert "niu: fix missing checks of niu_pci_eeprom_read" (bsc#1012628). - ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (bsc#1012628). - net: stmicro: handle clk_prepare() failure during init (bsc#1012628). - scsi: ufs: handle cleanup correctly on devm_reset_control_get error (bsc#1012628). - net: rtlwifi: properly check for alloc_workqueue() failure (bsc#1012628). - ics932s401: fix broken handling of errors when word reading fails (bsc#1012628). - leds: lp5523: check return value of lp5xx_read and jump to cleanup code (bsc#1012628). - qlcnic: Add null check after calling netdev_alloc_skb (bsc#1012628). - video: hgafb: fix potential NULL pointer dereference (bsc#1012628). - vgacon: Record video mode changes with VT_RESIZEX (bsc#1012628). - vt_ioctl: Revert VT_RESIZEX parameter handling removal (bsc#1012628). - vt: Fix character height handling with VT_RESIZEX (bsc#1012628). - tty: vt: always invoke vc->vc_sw->con_resize callback (bsc#1012628). - drm/i915/gt: Disable HiZ Raw Stall Optimization on broken gen7 (bsc#1012628). - openrisc: mm/init.c: remove unused memblock_region variable in map_ram() (bsc#1012628). - x86/Xen: swap NX determination and GDT setup on BSP (bsc#1012628). - nvme-multipath: fix double initialization of ANA state (bsc#1012628). - rtc: pcf85063: fallback to parent of_node (bsc#1012628). - x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path (bsc#1012628). - nvmet: use new ana_log_size instead the old one (bsc#1012628). - video: hgafb: correctly handle card detect failure during probe (bsc#1012628). - Bluetooth: SMP: Fail if remote and local public keys are identical (bsc#1012628). - commit 06f922b - Refresh patches.suse/ACPI-PM-s2idle-Add-missing-LPS0-functions-for-AMD.patch. - Refresh patches.suse/ath10k-Fix-TKIP-Michael-MIC-verification-for-PCIe.patch. - Refresh patches.suse/ath10k-Validate-first-subframe-of-A-MSDU-before-proc.patch. - Refresh patches.suse/ath10k-add-CCMP-PN-replay-protection-for-fragmented-.patch. - Refresh patches.suse/ath10k-drop-MPDU-which-has-discard-flag-set-by-firmw.patch. - Refresh patches.suse/ath10k-drop-fragments-with-multicast-DA-for-PCIe.patch. - Refresh patches.suse/ath10k-drop-fragments-with-multicast-DA-for-SDIO.patch. - Refresh patches.suse/ath11k-Clear-the-fragment-cache-during-key-install.patch. - Refresh patches.suse/can-isotp-prevent-race-between-isotp_bind-and-isotp_.patch. - Refresh patches.suse/cfg80211-mitigate-A-MSDU-aggregation-attacks.patch. - Refresh patches.suse/clk-bcm-rpi-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/drm-i915-gem-Pin-the-L-shape-quirked-object-as-unshrinkable.patch. - Refresh patches.suse/drm-radeon-use-the-dummy-page-for-GART-if-needed.patch. - Refresh patches.suse/dt-bindings-pwm-add-binding-for-rpi-firmware-pwm-bus.patch. - Refresh patches.suse/firmware-raspberrypi-introduce-devm_rpi_firmware_get.patch. - Refresh patches.suse/firmware-raspberrypi-keep-count-of-all-consumers.patch. - Refresh patches.suse/gpio-raspberrypi-exp-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/mac80211-add-fragment-cache-to-sta_info.patch. - Refresh patches.suse/mac80211-assure-all-fragments-are-encrypted.patch. - Refresh patches.suse/mac80211-check-defrag-PN-against-current-frame.patch. - Refresh patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch. - Refresh patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch. - Refresh patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch. - Refresh patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch. - Refresh patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch. - Refresh patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch. - Refresh patches.suse/pwm-add-raspberry-pi-firmware-based-pwm-bus.patch. - Refresh patches.suse/reset-raspberrypi-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/soc-bcm-raspberrypi-power-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/vchiq-release-firmware-handle-on-unbind.patch. - Refresh patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch. Update upstream status. - commit 9d851b0 - Linux 5.12.6 (bsc#1012628). - x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (bsc#1012628). - drm/i915/display: fix compiler warning about array overrun (bsc#1012628). - airo: work around stack usage warning (bsc#1012628). - kgdb: fix gcc-11 warning on indentation (bsc#1012628). - usb: sl811-hcd: improve misleading indentation (bsc#1012628). - PCI: thunder: Fix compile testing (bsc#1012628). - dmaengine: dw-edma: Fix crash on loading/unloading driver (bsc#1012628). - ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() (bsc#1012628). - NFS: Fix fscache invalidation in nfs_set_cache_invalid() (bsc#1012628). - ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (bsc#1012628). - PCI: tegra: Fix runtime PM imbalance in pex_ep_event_pex_rst_deassert() (bsc#1012628). - Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (bsc#1012628). - Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (bsc#1012628). - NFS: NFS_INO_REVAL_PAGECACHE should mark the change attribute invalid (bsc#1012628). - f2fs: fix to avoid NULL pointer dereference (bsc#1012628). - svcrdma: Don't leak send_ctxt on Send errors (bsc#1012628). - um: Mark all kernel symbols as local (bsc#1012628). - um: Disable CONFIG_GCOV with MODULES (bsc#1012628). - ARM: 9075/1: kernel: Fix interrupted SMC calls (bsc#1012628). - platform/chrome: cros_ec_typec: Add DP mode check (bsc#1012628). - riscv: Use $(LD) instead of $(CC) to link vDSO (bsc#1012628). - scripts/recordmcount.pl: Fix RISC-V regex for clang (bsc#1012628). - riscv: Workaround mcount name prior to clang-13 (bsc#1012628). - scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1012628). - ceph: fix fscache invalidation (bsc#1012628). - ceph: don't clobber i_snap_caps on non-I_NEW inode (bsc#1012628). - ceph: don't allow access to MDS-private inodes (bsc#1012628). - scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found (bsc#1012628). - amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID (bsc#1012628). - bridge: Fix possible races between assigning rx_handler_data and setting IFF_BRIDGE_PORT bit (bsc#1012628). - net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info (bsc#1012628). - nvmet: remove unsupported command noise (bsc#1012628). - drm/amd/display: Fix two cursor duplication when using overlay (bsc#1012628). - gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (bsc#1012628). - net:CXGB4: fix leak if sk_buff is not used (bsc#1012628). - ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (bsc#1012628). - block: reexpand iov_iter after read/write (bsc#1012628). - lib: stackdepot: turn depot_lock spinlock to raw_spinlock (bsc#1012628). - net: stmmac: Do not enable RX FIFO overflow interrupts (bsc#1012628). - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - sit: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - bus: mhi: core: Download AMSS image from appropriate function (bsc#1012628). - commit fe25271 - Refresh patches.suse/crypto-ccp-Annotate-SEV-Firmware-file-names.patch. Update upstream status. - commit 37a9337 - ipv6: remove extra dev_hold() for fallback tunnels (git-fixes). - x86/events/amd/iommu: Fix invalid Perf result due to IOMMU PMC power-gating (git-fixes). - commit 5eb2110 - Linux 5.12.5 (bsc#1012628). - KEYS: trusted: Fix memory leak on object td (bsc#1012628). - tpm: fix error return code in tpm2_get_cc_attrs_tbl() (bsc#1012628). - tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1012628). - tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1012628). - btrfs: fix unmountable seed device after fstrim (bsc#1012628). - KVM: SVM: Make sure GHCB is mapped before updating (bsc#1012628). - KVM/VMX: Invoke NMI non-IST entry instead of IST entry (bsc#1012628). - ACPI: PM: Add ACPI ID of Alder Lake Fan (bsc#1012628). - PM: runtime: Fix unpaired parent child_count for force_resume (bsc#1012628). - cpufreq: intel_pstate: Use HWP if enabled by platform firmware (bsc#1012628). - kvm: Cap halt polling at kvm->max_halt_poll_ns (bsc#1012628). - ath11k: fix thermal temperature read (bsc#1012628). - ALSA: usb-audio: Add Pioneer DJM-850 to quirks-table (bsc#1012628). - fs: dlm: fix debugfs dump (bsc#1012628). - fs: dlm: fix mark setting deadlock (bsc#1012628). - fs: dlm: add errno handling to check callback (bsc#1012628). - fs: dlm: add check if dlm is currently running (bsc#1012628). - fs: dlm: change allocation limits (bsc#1012628). - fs: dlm: check on minimum msglen size (bsc#1012628). - fs: dlm: flush swork on shutdown (bsc#1012628). - fs: dlm: add shutdown hook (bsc#1012628). - tipc: convert dest node's address to network order (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (bsc#1012628). - net/mlx5e: Use net_prefetchw instead of prefetchw in MPWQE TX datapath (bsc#1012628). - net: stmmac: Set FIFO sizes for ipq806x (bsc#1012628). - ASoC: rsnd: core: Check convert rate in rsnd_hw_params (bsc#1012628). - Bluetooth: Fix incorrect status handling in LE PHY UPDATE event (bsc#1012628). - i2c: bail out early when RDWR parameters are wrong (bsc#1012628). - ALSA: hdsp: don't disable if not enabled (bsc#1012628). - ALSA: hdspm: don't disable if not enabled (bsc#1012628). - ALSA: rme9652: don't disable if not enabled (bsc#1012628). - ALSA: bebob: enable to deliver MIDI messages for multiple ports (bsc#1012628). - Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (bsc#1012628). - Bluetooth: initialize skb_queue_head at l2cap_chan_create() (bsc#1012628). - net/sched: cls_flower: use ntohs for struct flow_dissector_key_ports (bsc#1012628). - net: bridge: when suppression is enabled exclude RARP packets (bsc#1012628). - Bluetooth: check for zapped sk before connecting (bsc#1012628). - selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1012628). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (bsc#1012628). - powerpc/32: Statically initialise first emergency context (bsc#1012628). - net: hns3: remediate a potential overflow risk of bd_num_list (bsc#1012628). - net: hns3: add handling for xmit skb with recursive fraglist (bsc#1012628). - ip6_vti: proper dev_{hold|put} in ndo_[un]init methods (bsc#1012628). - can: dev: can_free_echo_skb(): don't crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1012628). - iommu/arm-smmu-v3: Add a check to avoid invalid iotlb sync (bsc#1012628). - ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (bsc#1012628). - ice: handle increasing Tx or Rx ring sizes (bsc#1012628). - Bluetooth: btusb: Enable quirk boolean flag for Mediatek Chip (bsc#1012628). - ASoC: rt5670: Add a quirk for the Dell Venue 10 Pro 5055 (bsc#1012628). - selftests: mptcp: launch mptcp_connect with timeout (bsc#1012628). - i2c: Add I2C_AQ_NO_REP_START adapter quirk (bsc#1012628). - Bluetooth: Do not set cur_adv_instance in adv param MGMT request (bsc#1012628). - MIPS: Loongson64: Use _CACHE_UNCACHED instead of _CACHE_UNCACHED_ACCELERATED (bsc#1012628). - coresight: Do not scan for graph if none is present (bsc#1012628). - IB/hfi1: Correct oversized ring allocation (bsc#1012628). - mac80211: Set priority and queue mapping for injected frames (bsc#1012628). - mac80211: clear the beacon's CRC after channel switch (bsc#1012628). - ASoC: soc-compress: lock pcm_mutex to resolve lockdep error (bsc#1012628). - net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM (bsc#1012628). - net: fec: use mac-managed PHY PM (bsc#1012628). - pinctrl: samsung: use 'int' for register masks in Exynos (bsc#1012628). - rtw88: 8822c: add LC calibration for RTL8822C (bsc#1012628). - mt76: mt7615: fix key set/delete issues (bsc#1012628). - mt76: mt7615: support loading EEPROM for MT7613BE (bsc#1012628). - mt76: mt76x0: disable GTK offloading (bsc#1012628). - mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req (bsc#1012628). - mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req (bsc#1012628). - mt76: mt7915: fix key set/delete issue (bsc#1012628). - mt76: mt7915: fix txpower init for TSSI off chips (bsc#1012628). - mt76: mt7921: fix key set/delete issue (bsc#1012628). - mt76: mt7915: add wifi subsystem reset (bsc#1012628). - i2c: imx: Fix PM reference leak in i2c_imx_reg_slave() (bsc#1012628). - fuse: invalidate attrs when page writeback completes (bsc#1012628). - virtiofs: fix userns (bsc#1012628). - cuse: prevent clone (bsc#1012628). - iwlwifi: pcie: make cfg vs. trans_cfg more robust (bsc#1012628). - iwlwifi: queue: avoid memory leak in reset flow (bsc#1012628). - iwlwifi: trans/pcie: defer transport initialisation (bsc#1012628). - powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1012628). - ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (bsc#1012628). - net: bridge: propagate error code and extack from br_mc_disabled_update (bsc#1012628). - Revert "iommu/amd: Fix performance counter initialization" (bsc#1012628). - iommu/amd: Remove performance counter pre-initialization test (bsc#1012628). - drm/amd/display: Force vsync flip when reconfiguring MPCC (bsc#1012628). - selftests: Set CC to clang in lib.mk if LLVM is set (bsc#1012628). - kconfig: nconf: stop endless search loops (bsc#1012628). - ALSA: hda/realtek: Add quirk for Lenovo Ideapad S740 (bsc#1012628). - ASoC: Intel: sof_sdw: add quirk for new ADL-P Rvp (bsc#1012628). - ALSA: hda/hdmi: fix race in handling acomp ELD notification at resume (bsc#1012628). - i2c: i801: Add support for Intel Alder Lake PCH-M (bsc#1012628). - sctp: Fix out-of-bounds warning in sctp_process_asconf_param() (bsc#1012628). - flow_dissector: Fix out-of-bounds warning in __skb_flow_bpf_to_target() (bsc#1012628). - powerpc/xive: Use the "ibm, chip-id" property only under PowerNV (bsc#1012628). - powerpc/smp: Set numa node before updating mask (bsc#1012628). - wilc1000: Bring MAC address setting in line with typical Linux behavior (bsc#1012628). - mac80211: properly drop the connection in case of invalid CSA IE (bsc#1012628). - ASoC: rt286: Generalize support for ALC3263 codec (bsc#1012628). - ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user() (bsc#1012628). - net: sched: tapr: prevent cycle_time == 0 in parse_taprio_schedule (bsc#1012628). - samples/bpf: Fix broken tracex1 due to kprobe argument change (bsc#1012628). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1012628). - drm/amd/display: fixed divide by zero kernel crash during dsc enablement (bsc#1012628). - drm/amd/display: add handling for hdcp2 rx id list validation (bsc#1012628). - drm/amdgpu: Add mem sync flag for IB allocated by SA (bsc#1012628). - mt76: mt7615: fix entering driver-own state on mt7663 (bsc#1012628). - crypto: ccp: Free SEV device if SEV init fails (bsc#1012628). - wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (bsc#1012628). - wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (bsc#1012628). - qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (bsc#1012628). - powerpc/iommu: Annotate nested lock for lockdep (bsc#1012628). - iavf: remove duplicate free resources calls (bsc#1012628). - net: ethernet: mtk_eth_soc: fix RX VLAN offload (bsc#1012628). - selftests: mlxsw: Increase the tolerance of backlog buildup (bsc#1012628). - selftests: mlxsw: Fix mausezahn invocation in ERSPAN scale test (bsc#1012628). - kbuild: generate Module.symvers only when vmlinux exists (bsc#1012628). - bnxt_en: Add PCI IDs for Hyper-V VF devices (bsc#1012628). - ia64: module: fix symbolizer crash on fdescr (bsc#1012628). - watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1012628). - watchdog: explicitly update timestamp when reporting softlockup (bsc#1012628). - watchdog/softlockup: report the overall time of softlockups (bsc#1012628). - watchdog/softlockup: remove logic that tried to prevent repeated reports (bsc#1012628). - watchdog: fix barriers when printing backtraces from all CPUs (bsc#1012628). - ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (bsc#1012628). - leds: lgm: fix gpiolib dependency (bsc#1012628). - thermal: thermal_of: Fix error return code of thermal_of_populate_bind_params() (bsc#1012628). - PCI/RCEC: Fix RCiEP device to RCEC association (bsc#1012628). - f2fs: fix to allow migrating fully valid segment (bsc#1012628). - f2fs: fix panic during f2fs_resize_fs() (bsc#1012628). - f2fs: fix a redundant call to f2fs_balance_fs if an error occurs (bsc#1012628). - rtc: tps65910: include linux/property.h (bsc#1012628). - remoteproc: qcom_q6v5_mss: Validate p_filesz in ELF loader (bsc#1012628). - PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (bsc#1012628). - PCI: brcmstb: Fix error return code in brcm_pcie_probe() (bsc#1012628). - PCI: Release OF node in pci_scan_device()'s error path (bsc#1012628). - ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook (bsc#1012628). - f2fs: fix to align to section for fallocate() on pinned file (bsc#1012628). - f2fs: fix to update last i_size if fallocate partially succeeds (bsc#1012628). - PCI: endpoint: Fix NULL pointer dereference for ->get_features() (bsc#1012628). - f2fs: fix to avoid touching checkpointed data in get_victim() (bsc#1012628). - f2fs: fix to cover __allocate_new_section() with curseg_lock (bsc#1012628). - fs: 9p: fix v9fs_file_open writeback fid error check (bsc#1012628). - f2fs: fix to restrict mount condition on readonly block device (bsc#1012628). - f2fs: Fix a hungtask problem in atomic write (bsc#1012628). - nfs: Subsequent READDIR calls should carry non-zero cookieverifier (bsc#1012628). - NFS: Fix handling of cookie verifier in uncached_readdir() (bsc#1012628). - NFS: Only change the cookie verifier if the directory page cache is empty (bsc#1012628). - f2fs: fix to avoid accessing invalid fio in f2fs_allocate_data_block() (bsc#1012628). - rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() (bsc#1012628). - NFS: nfs4_bitmask_adjust() must not change the server global bitmasks (bsc#1012628). - NFS: Fix attribute bitmask in _nfs42_proc_fallocate() (bsc#1012628). - NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (bsc#1012628). - NFS: Deal correctly with attribute generation counter overflow (bsc#1012628). - PCI: endpoint: Fix missing destroy_workqueue() (bsc#1012628). - remoteproc: pru: Fixup interrupt-parent logic for fw events (bsc#1012628). - remoteproc: pru: Fix wrong success return value for fw events (bsc#1012628). - remoteproc: pru: Fix and cleanup firmware interrupt mapping logic (bsc#1012628). - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (bsc#1012628). - NFSv4.2 fix handling of sr_eof in SEEK's reply (bsc#1012628). - SUNRPC: Move fault injection call sites (bsc#1012628). - SUNRPC: Remove trace_xprt_transmit_queued (bsc#1012628). - SUNRPC: Handle major timeout in xprt_adjust_timeout() (bsc#1012628). - NFSv42: Copy offload should update the file size when appropriate (bsc#1012628). - thermal/drivers/tsens: Fix missing put_device error (bsc#1012628). - NFSv4.x: Don't return NFS4ERR_NOMATCHING_LAYOUT if we're unmounting (bsc#1012628). - nfsd: ensure new clients break delegations (bsc#1012628). - rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1012628). - dmaengine: idxd: Fix potential null dereference on pointer status (bsc#1012628). - dmaengine: idxd: fix dma device lifetime (bsc#1012628). - dmaengine: idxd: cleanup pci interrupt vector allocation management (bsc#1012628). - dmaengine: idxd: removal of pcim managed mmio mapping (bsc#1012628). - dmaengine: idxd: use ida for device instance enumeration (bsc#1012628). - dmaengine: idxd: fix idxd conf_dev 'struct device' lifetime (bsc#1012628). - dmaengine: idxd: fix wq conf_dev 'struct device' lifetime (bsc#1012628). - dmaengine: idxd: fix engine conf_dev lifetime (bsc#1012628). - dmaengine: idxd: fix group conf_dev lifetime (bsc#1012628). - dmaengine: idxd: fix cdev setup and free device lifetime issues (bsc#1012628). - SUNRPC: fix ternary sign expansion bug in tracing (bsc#1012628). - SUNRPC: Fix null pointer dereference in svc_rqst_free() (bsc#1012628). - pwm: atmel: Fix duty cycle calculation in .get_state() (bsc#1012628). - xprtrdma: Avoid Receive Queue wrapping (bsc#1012628). - xprtrdma: Fix cwnd update ordering (bsc#1012628). - xprtrdma: rpcrdma_mr_pop() already does list_del_init() (bsc#1012628). - riscv: Select HAVE_DYNAMIC_FTRACE when - fpatchable-function-entry is available (bsc#1012628). - swiotlb: Fix the type of index (bsc#1012628). - ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1012628). - scsi: qla2xxx: Prevent PRLI in target mode (bsc#1012628). - scsi: ufs: core: Do not put UFS power into LPM if link is broken (bsc#1012628). - scsi: ufs: core: Cancel rpm_dev_flush_recheck_work during system suspend (bsc#1012628). - scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1012628). - rtc: ds1307: Fix wday settings for rx8130 (bsc#1012628). - net: hns3: fix incorrect configuration for igu_egu_hw_err (bsc#1012628). - net: hns3: initialize the message content in hclge_get_link_mode() (bsc#1012628). - net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (bsc#1012628). - arm64: stacktrace: restore terminal records (bsc#1012628). - net: hns3: fix for vxlan gpe tx checksum bug (bsc#1012628). - net: hns3: use netif_tx_disable to stop the transmit queue (bsc#1012628). - net: hns3: disable phy loopback setting in hclge_mac_start_phy (bsc#1012628). - sctp: do asoc update earlier in sctp_sf_do_dupcook_a (bsc#1012628). - RISC-V: Fix error code returned by riscv_hartid_to_cpuid() (bsc#1012628). - sunrpc: Fix misplaced barrier in call_decode (bsc#1012628). - libbpf: Fix signed overflow in ringbuf_process_ring (bsc#1012628). - block/rnbd-clt: Change queue_depth type in rnbd_clt_session to size_t (bsc#1012628). - block/rnbd-clt: Check the return value of the function rtrs_clt_query (bsc#1012628). - ata: ahci_brcm: Fix use of BCM7216 reset controller (bsc#1012628). - PCI: brcmstb: Use reset/rearm instead of deassert/assert (bsc#1012628). - ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (bsc#1012628). - sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b (bsc#1012628). - netfilter: xt_SECMARK: add new revision to fix structure layout (bsc#1012628). - xsk: Fix for xp_aligned_validate_desc() when len == chunk_size (bsc#1012628). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1012628). - net: stmmac: Clear receive all(RA) bit when promiscuous mode is off (bsc#1012628). - drm/radeon: Fix off-by-one power_state index heap overwrite (bsc#1012628). - drm/radeon: Avoid power table parsing memory leaks (bsc#1012628). - arm64: entry: factor irq triage logic into macros (bsc#1012628). - arm64: entry: always set GIC_PRIO_PSR_I_SET during entry (bsc#1012628). - khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() (bsc#1012628). - mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() (bsc#1012628). - mm/migrate.c: fix potential indeterminate pte entry in migrate_vma_insert_page() (bsc#1012628). - ksm: fix potential missing rmap_item for stable_node (bsc#1012628). - mm/gup: check every subpage of a compound page during isolation (bsc#1012628). - mm/gup: return an error on migration failure (bsc#1012628). - mm/gup: check for isolation errors (bsc#1012628). - kfence: await for allocation using wait_event (bsc#1012628). - ethtool: fix missing NLM_F_MULTI flag when dumping (bsc#1012628). - net: fix nla_strcmp to handle more then one trailing null character (bsc#1012628). - smc: disallow TCP_ULP in smc_setsockopt() (bsc#1012628). - netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check (bsc#1012628). - netfilter: nftables: Fix a memleak from userdata error path in new objects (bsc#1012628). - can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe (bsc#1012628). - can: mcp251xfd: mcp251xfd_probe(): add missing can_rx_offload_del() in error path (bsc#1012628). - can: mcp251x: fix resume from sleep before interface was brought up (bsc#1012628). - can: m_can: m_can_tx_work_queue(): fix tx_skb race condition (bsc#1012628). - sched: Fix out-of-bound access in uclamp (bsc#1012628). - sched/fair: Fix unfairness caused by missing load decay (bsc#1012628). - net: ipa: fix inter-EE IRQ register definitions (bsc#1012628). - fs/proc/generic.c: fix incorrect pde_is_permanent check (bsc#1012628). - kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (bsc#1012628). - kernel/resource: make walk_system_ram_res() find all busy IORESOURCE_SYSTEM_RAM resources (bsc#1012628). - kernel/resource: make walk_mem_res() find all busy IORESOURCE_MEM resources (bsc#1012628). - netfilter: nftables: avoid overflows in nft_hash_buckets() (bsc#1012628). - i40e: fix broken XDP support (bsc#1012628). - i40e: Fix use-after-free in i40e_client_subtask() (bsc#1012628). - i40e: fix the restart auto-negotiation after FEC modified (bsc#1012628). - i40e: Fix PHY type identifiers for 2.5G and 5G adapters (bsc#1012628). - i40e: Remove LLDP frame filters (bsc#1012628). - mptcp: fix splat when closing unaccepted socket (bsc#1012628). - ARC: entry: fix off-by-one error in syscall number validation (bsc#1012628). - ARC: mm: PAE: use 40-bit physical page mask (bsc#1012628). - ARC: mm: Use max_high_pfn as a HIGHMEM zone border (bsc#1012628). - sh: Remove unused variable (bsc#1012628). - powerpc/64s: Fix crashes when toggling stf barrier (bsc#1012628). - powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1012628). - hfsplus: prevent corruption in shrinking truncate (bsc#1012628). - squashfs: fix divide error in calculate_skip() (bsc#1012628). - userfaultfd: release page in error path to avoid BUG_ON (bsc#1012628). - kasan: fix unit tests with CONFIG_UBSAN_LOCAL_BOUNDS enabled (bsc#1012628). - mm/hugetlb: fix F_SEAL_FUTURE_WRITE (bsc#1012628). - mm/hugetlb: fix cow where page writtable in child (bsc#1012628). - blk-iocost: fix weight updates of inner active iocgs (bsc#1012628). - x86, sched: Fix the AMD CPPC maximum performance value on certain AMD Ryzen generations (bsc#1012628). - arm64: mte: initialize RGSR_EL1.SEED in __cpu_setup (bsc#1012628). - arm64: Fix race condition on PG_dcache_clean in __sync_icache_dcache() (bsc#1012628). - btrfs: fix deadlock when cloning inline extents and using qgroups (bsc#1012628). - btrfs: zoned: fix silent data loss after failure splitting ordered extent (bsc#1012628). - btrfs: fix race leading to unpersisted data and metadata on fsync (bsc#1012628). - btrfs: initialize return variable in cleanup_free_space_cache_v1 (bsc#1012628). - btrfs: zoned: sanity check zone type (bsc#1012628). - drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (bsc#1012628). - drm/amd/display: Initialize attribute for hdcp_srm sysfs file (bsc#1012628). - drm/i915: Avoid div-by-zero on gen2 (bsc#1012628). - kvm: exit halt polling on need_resched() as well (bsc#1012628). - drm/msm: fix LLC not being enabled for mmu500 targets (bsc#1012628). - KVM: LAPIC: Accurately guarantee busy wait for timer to expire when using hv_timer (bsc#1012628). - drm/msm/dp: initialize audio_comp when audio starts (bsc#1012628). - KVM: x86: Cancel pvclock_gtod_work on module removal (bsc#1012628). - KVM: x86: Prevent deadlock against tk_core.seq (bsc#1012628). - KVM: SVM: Move GHCB unmapping to fix RCU warning (bsc#1012628). - dax: Add an enum for specifying dax wakup mode (bsc#1012628). - dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1012628). - dax: Wake up all waiters after invalidating dax entry (bsc#1012628). - xen/unpopulated-alloc: fix error return code in fill_list() (bsc#1012628). - perf tools: Fix dynamic libbpf link (bsc#1012628). - usb: dwc3: gadget: Free gadget structure only after freeing endpoints (bsc#1012628). - iio: light: gp2ap002: Fix rumtime PM imbalance on error (bsc#1012628). - iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (bsc#1012628). - iio: hid-sensors: select IIO_TRIGGERED_BUFFER under HID_SENSOR_IIO_TRIGGER (bsc#1012628). - iio: core: return ENODEV if ioctl is unknown (bsc#1012628). - usb: fotg210-hcd: Fix an error message (bsc#1012628). - hwmon: (occ) Fix poll rate limiting (bsc#1012628). - usb: typec: tcpm: Fix wrong handling for Not_Supported in VDM AMS (bsc#1012628). - usb: musb: Fix an error message (bsc#1012628). - hwmon: (ltc2992) Put fwnode in error case during ->probe() (bsc#1012628). - ACPI: scan: Fix a memory leak in an error handling path (bsc#1012628). - kyber: fix out of bounds access when preempted (bsc#1012628). - nvmet: fix inline bio check for bdev-ns (bsc#1012628). - nvmet: fix inline bio check for passthru (bsc#1012628). - nvmet-rdma: Fix NULL deref when SEND is completed with error (bsc#1012628). - f2fs: compress: fix to free compress page correctly (bsc#1012628). - f2fs: compress: fix race condition of overwrite vs truncate (bsc#1012628). - f2fs: compress: fix to assign cc.cluster_idx correctly (bsc#1012628). - sched/fair: Fix clearing of has_idle_cores flag in select_idle_cpu() (bsc#1012628). - nbd: Fix NULL pointer in flush_workqueue (bsc#1012628). - powerpc/64s: Make NMI record implicitly soft-masked code as irqs disabled (bsc#1012628). - blk-mq: plug request for shared sbitmap (bsc#1012628). - blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1012628). - usb: dwc3: omap: improve extcon initialization (bsc#1012628). - usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (bsc#1012628). - usb: xhci: Increase timeout for HC halt (bsc#1012628). - usb: dwc2: Fix gadget DMA unmap direction (bsc#1012628). - usb: core: hub: fix race condition about TRSMRCY of resume (bsc#1012628). - usb: dwc3: imx8mp: fix error return code in dwc3_imx8mp_probe() (bsc#1012628). - usb: dwc3: gadget: Enable suspend events (bsc#1012628). - usb: dwc3: gadget: Return success always for kick transfer in ep queue (bsc#1012628). - usb: typec: tcpm: Fix wrong handling in GET_SINK_CAP (bsc#1012628). - usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 (bsc#1012628). - usb: typec: ucsi: Put fwnode in any case during ->probe() (bsc#1012628). - xhci-pci: Allow host runtime PM as default for Intel Alder Lake xHCI (bsc#1012628). - xhci: Fix giving back cancelled URBs even if halted endpoint can't reset (bsc#1012628). - xhci: Do not use GFP_KERNEL in (potentially) atomic context (bsc#1012628). - xhci: Add reset resume quirk for AMD xhci controller (bsc#1012628). - iio: core: fix ioctl handlers removal (bsc#1012628). - iio: gyro: mpu3050: Fix reported temperature value (bsc#1012628). - iio: tsl2583: Fix division by a zero lux_val (bsc#1012628). - cdc-wdm: untangle a circular dependency between callback and softint (bsc#1012628). - alarmtimer: Check RTC features instead of ops (bsc#1012628). - xen/gntdev: fix gntdev_mmap() error exit path (bsc#1012628). - KVM: x86: Emulate RDPID only if RDTSCP is supported (bsc#1012628). - KVM: x86: Move RDPID emulation intercept to its own enum (bsc#1012628). - KVM: x86: Add support for RDPID without RDTSCP (bsc#1012628). - KVM: nVMX: Always make an attempt to map eVMCS after migration (bsc#1012628). - KVM: VMX: Do not advertise RDPID if ENABLE_RDTSCP control is unsupported (bsc#1012628). - KVM: VMX: Disable preemption when probing user return MSRs (bsc#1012628). - mm: fix struct page layout on 32-bit systems (bsc#1012628). - MIPS: Reinstate platform `__div64_32' handler (bsc#1012628). - MIPS: Avoid DIVU in `__div64_32' is result would be zero (bsc#1012628). - MIPS: Avoid handcoded DIVU in `__div64_32' altogether (bsc#1012628). - clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue (bsc#1012628). - clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 (bsc#1012628). - kobject_uevent: remove warning in init_uevent_argv() (bsc#1012628). - drm/i915/gt: Fix a double free in gen8_preallocate_top_level_pdp (bsc#1012628). - drm/msm/dp: check sink_count before update is_connected status (bsc#1012628). - drm/i915: Read C0DRB3/C1DRB3 as 16 bits again (bsc#1012628). - drm/i915/overlay: Fix active retire callback alignment (bsc#1012628). - drm/i915: Fix crash in auto_retire (bsc#1012628). - clk: exynos7: Mark aclk_fsys1_200 as critical (bsc#1012628). - soc: mediatek: pm-domains: Add a meaningful power domain name (bsc#1012628). - soc: mediatek: pm-domains: Add a power domain names for mt8183 (bsc#1012628). - soc: mediatek: pm-domains: Add a power domain names for mt8192 (bsc#1012628). - media: rkvdec: Remove of_match_ptr() (bsc#1012628). - i2c: mediatek: Fix send master code at more than 1MHz (bsc#1012628). - dt-bindings: media: renesas,vin: Make resets optional on R-Car Gen1 (bsc#1012628). - dt-bindings: thermal: rcar-gen3-thermal: Support five TSC nodes on r8a779a0 (bsc#1012628). - arm64: dts: renesas: falcon: Move console config to CPU board DTS (bsc#1012628). - dt-bindings: phy: qcom,qmp-usb3-dp-phy: move usb3 compatibles back to qcom,qmp-phy.yaml (bsc#1012628). - dt-bindings: serial: 8250: Remove duplicated compatible strings (bsc#1012628). - dt-bindings: PCI: rcar-pci-host: Document missing R-Car H1 support (bsc#1012628). - debugfs: Make debugfs_allow RO after init (bsc#1012628). - ext4: fix debug format string warning (bsc#1012628). - nvme: do not try to reconfigure APST when the controller is not live (bsc#1012628). - ASoC: rsnd: check all BUSIF status when error (bsc#1012628). - net: bridge: fix error in br_multicast_add_port when CONFIG_NET_SWITCHDEV=n (bsc#1012628). - Refresh patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch. - commit 0ef707c ==== kimap ==== Subpackages: kimap-lang libKF5IMAP5 - Add hard dependency on SASL modules (boo#1186591) ==== kio-fuse ==== - Use %pkg_vcmp for util-linux requirement for %check - Add patch to avoid occasional test failure: * 0001-Initialize-m_lastChildrenRefresh-to-be-really-in-the.patch ==== kmod ==== Version update (28 -> 29) Subpackages: kmod-bash-completion libkmod2 - /usr/lib should override /lib where both are available. Support /usr/lib for depmod.d as well. * Refresh usr-lib-modprobe.patch - Remove test patches included in release 29 - kmod-populate-modules-Use-more-bash-more-quotes.patch - kmod-testsuite-compress-modules-if-feature-is-enabled.patch - kmod-also-test-xz-compression.patch - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. - Drop 0001-Fix-modinfo-F-always-shows-name-for-built-ins.patch, 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch, 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch (all merged) ==== konsole ==== Subpackages: konsole-part konsole-part-lang - Add patch to fix scrollbar appearance in some configurations (kde#437223): * 0001-Fix-alpha-channel-of-scrollbar-colors.patch ==== libX11 ==== Subpackages: libX11-6 libX11-data libX11-devel libX11-xcb1 - U_Check-for-NULL-strings-before-getting-their-lengths.patch * regression in libX11 1.7.1 (boo#1186643) fixes segfaults for xforms applications like fdesign ==== libcap ==== - Fix a broken symlink. libcap-devel installs libpsx.so but didn't install the library it's pointing to. ==== libdrm ==== Version update (2.4.105 -> 2.4.106) Subpackages: libdrm-devel libdrm2 libdrm_amdgpu1 libdrm_etnaviv1 libdrm_exynos1 libdrm_freedreno1 libdrm_nouveau2 libdrm_radeon1 libdrm_tegra0 - Update to 2.4.106: * various nouveau fixes * improve tests ==== libimagequant ==== Version update (2.13.1 -> 2.14.1) - update to 2.14.1: * improved Rust API * quality improvements for remapping overlays over a background ==== libinput ==== Version update (1.17.3 -> 1.18.0) Subpackages: libinput-udev libinput10 - Update to release 1.18 * Gestures' unaccelerated motion now matches the accelerated motion (without accel, obviously). * Better gesture detection should reduce the amount of pinch gestures detected as two-finger scrolling. * Pressing the wheel button down now suppresses accidental scroll wheel events. * Reworked clickpad detection means we should be more robust for devices with broken firmware. ==== libkgapi ==== Subpackages: libKPimGAPICalendar5 libKPimGAPIContacts5 libKPimGAPICore5 libKPimGAPITasks5 libkgapi-lang sasl2-kdexoauth2 - Add hard dep on sasl2-kdexoauth2, needed for authentication ==== libmodulemd ==== Version update (2.12.0 -> 2.12.1) - Updated to 2.12.1 This is a bug-fix release fully compatible with the previous 2.12.0 version. Notable changes: Enhancements: - Improve diagnostic messages for compression tests. - Tests performed in a GitHub continues integration are faster. - Use GitHub actions to perform CI tests also on ArchLinux, Mageia, Mandriva, and OpenSUSE. Fixes: - Relax context value up to 13 characters including an underscore character in modulemd v2 format. This reenables scratch-builds in MBS. Migrate Packit tests from a deprecated current_version_command to a newer actions/get-current-version. ==== libnftnl ==== Version update (1.1.9 -> 1.2.0) - Update to release 1.2.0 * table: add table owner support * expr: socket: add cgroups v2 support ==== libseccomp ==== Version update (2.5.0 -> 2.5.1) - update to 2.5.1: * Fix a bug where seccomp_load() could only be called once * Change the notification fd handling to only request a notification fd if * the filter has a _NOTIFY action * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage * Clarify the maintainers' GPG keys - remove testsuite-riscv64-missing-syscalls.patch ==== libtasn1 ==== Version update (4.16.0 -> 4.17.0) - libtasn1 4.17.0: * Print deprecation messages for deprecated macros * Fix some clang issues due to illegal pointers * Restore handling of SIZE nodes * Fix memory leak caught by oss-fuzz * Gtk-doc fixes * Fix bugs unveiled by Static Analysis * Update gnulib files and many build fixes - move tools to -tools packages and clarify licenses - update upstream signing keyring - remove deprecated texinfo packaging macros ==== libvirt ==== Version update (7.2.0 -> 7.4.0) Subpackages: libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-libs - Update to libvirt 7.4.0 - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: ee890f25-libxl-mock-funcs.patch - Update to libvirt 7.3.0 - libvirt-admin package merged with libvirt-daemon - libvirt-bash-completion package merged with libvirt-client and libvirt-daemon packages - Many incremental improvements and bug fixes, see https://libvirt.org/news.html - Dropped patches: suse-bump-xen-version.patch - Added patches: ee890f25-libxl-mock-funcs.patch ==== libxml2 ==== Version update (2.9.10 -> 2.9.12) Subpackages: libxml2-2 libxml2-tools - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ==== libxslt ==== Subpackages: libxslt-tools libxslt1 - Fix build with libxml2 2.9.12 that removes maxParserDepth XPath limit - Add upstream patches: * libxslt-Stop-using-maxParserDepth-XPath-limit.patch * libxslt-Do-not-set-maxDepth-in-XPath-contexts.patch ==== libyui ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libyui-ncurses ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libyui-ncurses-pkg ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libyui-qt ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libyui-qt-graph ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libyui-qt-pkg ==== Version update (4.2.11 -> 4.2.13) - Fixed build failure with latest GCC 11.1: Added operator delete as counterpart to our custom operator new in YWidget (bsc#1186741) - 4.2.13 - Greatly improved visual appearance of tab widgets in the Qt UI (bsc #1186705, GitHub issue #20) - 4.2.12 ==== libzypp ==== Version update (17.25.10 -> 17.26.0) - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name ".*-kmp(-.*)?" but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. - version 17.26.0 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Link test as position independent executable (bsc#1184124). + bug-1184124-link-tests-as-PIE.patch ==== malcontent ==== Version update (0.9.0 -> 0.10.1) Subpackages: libmalcontent-0-0 libmalcontent-ui-0-0 malcontent-control typelib-1_0-Malcontent-0 - Update to version 0.10.1 + Improve support for systems without accountsservice + Fix some data loss-causing state synchronisation problems + Hide support for flatpak user repositories, as they are typically not configured on systems + Add manpage docs for malcontent-client + Consider terminology of ?parental controls? + Improving padding/spacing in malcontent-control UI + Reload ?Restrict Apps? list when installed apps change on system + Add command line option to malcontent-control to pre-select a user + Fails closed if accountsservice isn't available on the bus + Fix partial loss of parental controls settings when partially updating them + libmalcontent-ui: Drop handling of eos-link desktop files + user-controls: Only save the app filter if it?s changed + Add Danish translation + Update Ukrainian, Italian, Swedish, and Polish translation ==== miniupnpc ==== Version update (2.2.1 -> 2.2.2) - add upstream signing key and validate source signature - Update to version 2.2.2: * miniupnpcmodule.c: throw an exception in UPnP_discover() * Fix usage of IP_MULTICAST_IF with struct ip_mreqn ==== ncurses ==== Version update (6.2.20210501 -> 6.2.20210515) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20210515 + improve manual pages for wgetnstr, newwin (prompted by report/testcase by Bill Gray). - Add ncurses patch 20210508 + modify tputs' error check to allow it to be used without first calling tgetent or setupterm, noting that terminfo initialization is requires for supporting the terminfo delay feature (report by Sebastiano Vigna). + fix several warnings from clang --analyze + add null-pointer check in comp_parse.c, when a "use=" clause refers to a nonexisting terminal description (report/patch by Miroslav Lichvar, cf: 20210227). ==== openssl ==== - Provide openssl(cli) by the meta package: Together with the suggests openssl in the base patterns, any consumer of this symbols should get the openssl meta package as candidate, which allows us to easier change the recommended default version. ==== ovmf ==== Version update (202102 -> 202105) Subpackages: qemu-ovmf-x86_64 qemu-uefi-aarch64 - Update to edk2-stable202105 * MdeModulePkg/UfsPassThruDxe: Improve Device initialization polling Loop * MdePkg: MmUnblockMemoryLib: Added definition and null instance * OvmfPkg: resolve MmUnblockMemoryLib (mainly for VariableSmmRuntimeDxe) * MdeModulePkg: VariableSmmRuntimeDxe: Added request unblock memory interface * SecurityPkg: Tcg2Smm: Switching from gSmst to gMmst * SecurityPkg: Tcg2Smm: Separate Tcg2Smm into 2 modules * SecurityPkg: Tcg2Smm: Added support for Standalone Mm * SecurityPkg: Tcg2Acpi: Added unblock memory interface for NVS region * UefiCpuPkg/MpInitLib: Use NASM struc to avoid hardcode offset * UefiCpuPkg/MpInitLib: Remove unused Lock from MP_CPU_EXCHANGE_INFO * UefiCpuPkg/SmmCpuFeaturesLib: Move multi-instance function decl to header * UefiCpuPkg/SmmCpuFeaturesLib: Rename SmmCpuFeaturesLib.c * UefiCpuPkg/SmmCpuFeaturesLib: Cleanup library constructors * UefiCpuPkg/SmmCpuFeaturesLib: Abstract PcdCpuMaxLogicalProcessorNumber * UefiCpuPkg/SmmCpuFeaturesLib: Add Standalone MM support * UefiCpuPkg/PiSmmCpu: Don't allocate Token for SmmStartupThisAp * RedfishPkg/Library: RedfishLib * OvmfPkg/CpuHotplugSmm: refactor hotplug logic * OvmfPkg/CpuHotplugSmm: collect hot-unplug events * OvmfPkg/CpuHotplugSmm: add Qemu Cpu Status helper * OvmfPkg/CpuHotplugSmm: introduce UnplugCpus() * OvmfPkg: define CPU_HOT_EJECT_DATA * OvmfPkg/SmmCpuFeaturesLib: init CPU ejection state * OvmfPkg/SmmCpuFeaturesLib: call CPU hot-eject handler * OvmfPkg/CpuHotplugSmm: add EjectCpu() * OvmfPkg/CpuHotplugSmm: do actual CPU hot-eject * OvmfPkg/SmmControl2Dxe: negotiate CPU hot-unplug * EmbeddedPkg/PrePiHobLib: replace duplicate GUID * MdePkg/UefiLib: Correct the arguments passed to IsLanguageSupported() * UefiCpuPkg/CpuCacheInfoLib: Collect cache associative type * UefiCpuPkg/MpInitLib: avoid printing debug messages in AP * UefiCpuPkg/CpuDxe: Rename variables to follow EDKII coding standard * UefiCpuPkg/CpuDxe: Guarantee GDT is below 4GB * BaseTools/Ecc: Make Ecc only check first include guard * ShellPkg/SmbiosView: add more items for smbiosview -t 3 * MdePkg: Support standalone MM Driver Unload capability * OvmfPkg/X86QemuLoadImageLib: Handle allocation failure for CommandLine * ShellPkg/Pci: Add valid check for PCI extended config space parser * CryptoPkg/OpensslLib: Upgrade OpenSSL to 1.1.1j * OvmfPkg: strip build paths in release builds * MdeModulePkg: Initialize local variable value before they are used * UefiCpuPkg/SmmCommunication: Remove out-dated comments * MdePkg: use CpuPause() in CpuDeadLoop() * MdePkg/Include: EFI Redfish Discover protocol * ShellPkg/UefiHandleParsingLib: Support EFI Redfish protocols * MdePkg/Include/Protocol: EFI_HII POPUP_PROTOCOL duplicate declaration * MdePkg/Include/Protocol: EFI_RESET_NOTIFICATION_PROTOCOL duplicate * CryptoPkg/Private/Protocol/Crypto.h: Remove duplicate function type * MdePkg/BaseLib: Add support for the XSETBV instruction * MdeModulePkg/PiDxeS3BootScriptLib: Rename mAcpiS3Enable to avoid dup symbol * MdePkg/IoLib: Filter/trace port IO/MMIO access * MdePkg/Baseib: Filter/trace MSR access for IA32/X64 * UefiCpuPkg: Remove PEI/DXE instances of CpuTimerLib. * UefiCpuPkg: Add MicrocodeLib for loading microcode * OvmfPkg: Add MicrocodeLib in DSC files. * UefiPayloadPkg/UefiPayloadPkg.dsc: Consume MicrocodeLib * UefiCpuPkg/MpInitLib: Consume MicrocodeLib to remove duplicated code * UefiCpuPkg/PiSmmCpuDxeSmm: Support detect SMM shadow stack overflow * ShellPkg: Fix smbiosview system enclosure type table * UefiCpuPkg/CpuTimerLib: Update LIBRARY_CLASS of Base instance. * RedfishPkg/RedfishDiscoverDxe: EFI Redfish Discover Protocol * RedfishPkg/RedfishConfigHandler: EDKII RedfishConfigHandler Protocol * UefiCpuPkg: PiSmmCpuDxeSmm: Check buffer size before accessing * BaseTools/Conf: Fix MAKE_FLAGS typos in tools_def.template * MdeModulePkg: Initialize temp variable in VarCheckPolicyLib * SecurityPkg/Tcg2Smm: Initialize local Status variable * DynamicTablesPkg: add validation for PcdNonBsaCompliant16550SerialHid * OvmfPkg/XenResetVector: Silent a warning from nasm * MdePkg: Allow PcdFSBClock to by Dynamic * OvmfPkg/IndustryStandard/Xen: Apply EDK2 coding style to XEN_VCPU_TIME_INFO * OvmfPkg/IndustryStandard: Introduce PageTable.h * OvmfPkg/XenPlatformPei: Map extra physical address * OvmfPkg/XenPlatformPei: Calibrate APIC timer frequency * OvmfPkg/OvmfXen: Set PcdFSBClock * DynamicTablesPkg: Re-order GicItsIdentifierArray struct * DynamicTablesPkg: Remove EArmObjExtendedInterruptInfo * MdePkg: Fix AsmReadMsr64() and AsmWriteMsr64() with GCC toolchain * BaseTools/PlatformAutoGen: MAKE_FLAGS and MAKE_PATH fixes * RedfishPkg/RestJsonStructureDxe: Fix typo in function header * MdePkg/Include: Allow CPU specific defines to be predefined * CryptoPkg/Library/Include: Allow CPU specific defines to be predefined * ArmPlatformPkg: Fix Ecc error 8001 * ArmPlatformPkg: Fix Ecc error 9001 * ArmPlatformPkg: Remove package dependency in NorFlashStandaloneMm * ArmPkg: Fix Ecc error 8001 in Chipset * ArmPkg: Fix Ecc error 8001 in SemihostLib * ArmPkg: Fix Ecc error 8001 in ArmArchTimerLib * ArmPkg: Fix Ecc error 9005 in CpuDxe * ArmPkg: Fix Ecc error 10006 in ArmPkg.dsc * ArmPkg: Fix Ecc error 10016 in StandaloneMmMmuLib * ArmPkg: Fix Ecc error 10014 in ArmScmiDxe * ArmPkg: Fix Ecc error 10014 in GenericWatchdogDxe * ArmPkg: Fix Ecc error 10014 in MmCommunicationDxe * ArmPkg: Fix Ecc error 10014 in SemihostLib * ArmPkg: Remove ArmGic/ArmGicSecLib.c * ArmPkg: Fix Ecc error 5003 in ArmExceptionLib * ArmPkg: Fix Ecc error 6001 in MmCommunicationDxe * ArmPkg: Fix Ecc error 6001 in ArmSoftFloatLib * ArmPkg: Rename include guard in ArmGicLib.h * ArmPkg: Fix Ecc error 7008 for SCMI_CLOCK_RATE * ArmPkg: Fix Ecc error 7008 for OPTEE_MESSAGE_PARAM * ArmPkg: Fix Ecc error 8005/8007 in ArmDisassemblerLib * ArmPkg: Fix Ecc error 8005 for SCMI_PROTOCOL_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_TYPE * ArmPkg: Fix Ecc error 8005 for SCMI_STATUS * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_BASE * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_CLOCK * ArmPkg: Fix Ecc error 8005 for SCMI_CLOCK_RATE_FORMAT * ArmPkg: Fix Ecc error 8005 for SCMI_MESSAGE_ID_PERFORMANCE * RedfishPkg: Add EDK2 Redfish Foundation diagrams * SecurityPkg/FvReportPei: remove redundant sizeof * ShellPkg: Rename Address Size to Access size * DynamicTablesPkg: Add access size to CM_ARM_SERIAL_PORT_INFO * DynamicTablesPkg: Set the Access size for the SPCR table * DynamicTablesPkg: Set the Access size for the DBG2 table * UefiCpuPkg: PiSmmCpuDxeSmm: Not to Change Bitwidth During Static Paging * MdePkg/Cpuid.h: Define new element in CPUID Leaf(07h) data structure. * SecurityPkg: Add constraints on PK strength * ArmPkg: Allow platforms to supply more data for SMBIOS Type3 record * ArmPkg: Allow platforms to report their boot status via OemMiscLib call * ArmPkg: Fix calculation of offset of chassis SKU Number in SmbiosMiscDxe * ArmPkg: Fix typo of Manufacturer in comment in SmbiosMiscDxe * ArmPkg: Fix Ecc error 8003 * ArmPkg: Fix Ecc error 3002 in StandaloneMmMmuLib * ArmPkg: Add missing library headers to ArmPkg.dec * ArmPlatformPkg: Document libraries in ArmPlatformPkg.dec * ArmPkg: Add OemMiscLibNull library to ArmPkg.dsc * ArmPkg: Correct small typos * ArmPlatformPkg: Add ArmPlatformPkg.ci.yaml * OvfmPkg/VmgExitLib: Properly decode MMIO MOVZX and MOVSX opcodes * OvmfPkg/VmgExitLib: Add support for new MMIO MOV opcodes * OvmfPkg: Define a new PPI GUID to signal TPM MMIO accessability * OvmfPkg/TpmMmioSevDecryptPei: Mark TPM MMIO range as unencrypted for SEV-ES * OvmfPkg/Tcg2ConfigPei: Update Depex for IA32 and X64 * ArmPkg: Update SCMI Base Protocol version to 0x20000 * MdePkg/BaseRngLib: Add support for ARMv8.5 RNG instructions * SecurityPkg: Add support for RngDxe on AARCH64 * UefiCpuPkg/MpInitLib: Properly cast from PCD to SEV-ES jump table pointer * BaseTools: Add support for version 3 of FMP Image Header structure * CryptoPkg: BaseCryptLib: Add RSA PSS verify support * ShellPkg/UefiShellCommandLib: suppress incorrect gcc warning * OvmfPkg/VirtioFsDxe: suppress incorrect gcc warnings * UefiCpuPkg/CpuExceptionHandler: Add missing comma to exception name array * UefiCpuPkg/PiSmmCpu: Remove hardcode 48 address size limitation * MdeModulePkg: Retrieve boot manager menu from any fv * ShellPkg/HttpDynamicCommand: Fix possible uninitialized use * MdeModulePkg/PciBusDxe: Fix possible uninitialized use * CryptoPkg/BaseCryptLib: Fix possible uninitialized use * MdeModulePkg/PlatformDriOverrideDxe: Fix overflow condition check * MdeModulePkg/VariableLock: downgrade compatibility warnings to DEBUG_WARN * ArmPkg/ArmGic: Fix maximum number of interrupts in GICv3 - Update openssl to 1.1.1j - Drop upstreamed patch: ovmf-bsc1184801-fix-sev-with-tpm.patch - Add the new Xen flavor for x86_64 + Update 50-xen-hvm-x86_64.json to use ovmf-x86_64-xen-4m.bin as the default firmware for Xen ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Suggest kernel-default from patterns-base-base ==== pcre2 ==== Version update (10.36 -> 10.37) Subpackages: libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 - pcre2 10.37: * removal of the actual POSIX names regcomp etc. from the POSIX wrapper library because these have caused issues for some applications, replacing pcre2-symbol-clash.patch * fix a hypothetical NULL dereference * fix two bugs related to over-large numbers so the behaviour is now the same as Perl * Fix propagation of \K back from the full pattern recursion * Restore single character repetition optimization in JIT ==== perl-Convert-ASN1 ==== Version update (0.27 -> 0.29) - Update to version 0.29 * typo fixes * Fix unsafe decoding CVE-2013-7488 - Drop upstream fixed perl-Convert-ASN1-CVE-2013-7488.patch ==== perl-Mojolicious ==== Version update (9.17 -> 9.19) - updated to 9.19 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.19 2021-06-01 - This release contains fixes for security issues, everybody should upgrade! - Swiched from HMAC-SHA1 to HMAC-SHA256 for signed cookies. Note that this means that all sessions will be reset. - Improved signed cookie based sessions to pad short values, to make it harder to brute force attack the application secret. (jberger) - updated to 9.18 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.18 2021-05-09 - Remove Font Awesome from distribution. ==== php7 ==== Version update (7.4.19 -> 7.4.20) Subpackages: php7-cli php7-ctype php7-dom php7-gd php7-gettext php7-iconv php7-json php7-mbstring php7-mysql php7-openssl php7-pdo php7-sqlite php7-tokenizer php7-xmlreader php7-xmlwriter - updated to 7.4.20: This is a bug fix release. See https://www.php.net/ChangeLog-7.php#7.4.20 ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - Add patch from upstream to use the independent switch to mute Lineout or Speaker instead of setting the volume, which on some soundcards might be shared by Headphone and Lineout or Headphone and Speaker (fixes boo#1186572): * 0001-alsa-mixer-only-use-switch-to-mute-Front-in-the-Headphone-path.patch - Introduce a workaround for systems where %systemd_user_post didn't enable the user services correctly due to different reasons . This workaround is only executed once, and only if it's really needed. In order to execute only once a lock file is created in /var/lib/pipewire. The lockfile can be removed when the workaround is removed. Everyone who upgraded their TW system between (aprox.) the 14th of January and the 16th of March and who didn't enable the services manually is affected by this. It also happens for everyone who installed a new TW system since (aprox.) the 14th of January and also for everyone doing a new installation of SLE15-SP3 / Leap 15.3 from the iso (new installations using online repositories will work fine once the fix in systemd-presets-common-SUSE is released). Fixes boo#1184852, boo#1183012 and boo#1186561. ==== pitivi ==== Version update (2021.01 -> 2021.05) - Update to version 2021.05: + Clips in the Media Library can be tagged. + Drag a keyframe vertically or horizontally by pressing Ctrl. + Keyboard shortcuts to seek to the previous/next marker. ==== python-alembic ==== Version update (1.6.2 -> 1.6.5) - update to 1.6.5: * feature + [feature] [autogenerate] Fix the documentation regarding the default command-line argument position of the revision script filename within the post-write hook arguments. Implement a REVISION_SCRIPT_FILENAME token, enabling the position to be changed. Switch from str.split() to shlex.split() for more robust command-line argument parsing. + [feature] Implement a .cwd (current working directory) suboption for post-write hooks (of type console_scripts). This is useful for tools like pre-commit, which rely on the working directory to locate the necessary config files. Add pre-commit as an example to the documentation. Minor change: rename some variables from ticket #819 to improve readability. * bug + [bug] [autogenerate] Refactored the implementation of MigrateOperation constructs such as CreateIndexOp, CreateTableOp, etc. so that they no longer rely upon maintaining a persistent version of each schema object internally; instead, the state variables of each operation object will be used to produce the corresponding construct when the operation is invoked. The rationale is so that environments which m ==== python-argcomplete ==== Version update (1.12.2 -> 1.12.3) - update to 1.12.3: * Update importlib-metadata version pin * Display script debug output in tcsh * Fish support improvements * Print ``warn()`` message from beginning of line * Test infrastructure improvements ==== python-libvirt-python ==== Version update (7.2.0 -> 7.4.0) - Update to 7.4.0 - Add all new APIs and constants in libvirt 7.4.0 - Update to 7.3.0 - Add all new APIs and constants in libvirt 7.3.0 ==== python-libxml2 ==== Version update (2.9.10 -> 2.9.12) - Fix python-lxml regression with libxml2 2.9.12: * Work around lxml API abuse: gitlab.gnome.org/GNOME/libxml2/issues/255 - Add upstream patches: * libxml2-fix-lxml-corrupted-subtree-structures.patch * libxml2-fix-regression-in-xmlNodeDumpOutputInternal.patch - Update to version 2.9.12 * Fix CVE-2021-3541, CVE-2021-3537, CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595, CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 * Fix null deref in legacy SAX1 parser * Fix handling of unexpected EOF in xmlParseContent * Fix user-after-free * Validate UTF8 in xmlEncodeEntities * Fix memory leak in xmlParseElementMixedContentDecl * Fix integer overflow in xmlSchemaGetParticleTotalRangeMin * Fix SEGV in xmlSAXParseFileWithData * Don't process siblings of root in xmlXIncludeProcess * Full changes: http://xmlsoft.org/news.html - Drop upstream fixed * libxml2-CVE-2021-3541.patch * libxml2-CVE-2021-3537.patch * libxml2-CVE-2021-3518.patch * libxml2-CVE-2021-3517.patch * libxml2-CVE-2021-3516.patch * libxml2-CVE-2020-7595.patch * libxml2-CVE-2019-20388.patch * libxml2-CVE-2020-24977.patch * libxml2-CVE-2019-19956.patch * libxml2-python39.patch * libxml2-Avoid-quadratic-checking-of-identity-constraints.patch - Drop since 2.9.10 merged libxml2-xmlFreeNodeList-recursive.patch - Drop since 2.8.0 merged fix-perl.diff - Refresh libxml2-make-XPATH_MAX_NODESET_LENGTH-configurable.patch - Security fix: [bsc#1186015, CVE-2021-3541] * Exponential entity expansion attack bypasses all existing protection mechanisms. - Add libxml2-CVE-2021-3541.patch ==== python-lxml ==== - Adapt test_etree.py to a behavioural change in libxml2 2.9.11+ * Add python-lxml-test_etree.patch ==== python-pycurl ==== - Add curl7770_compatibility.patch to have package compatible with curl 7.77.0. ==== redis ==== Version update (6.2.3 -> 6.2.4) - redis 6.2.4: * CVE-2021-32625: An integer overflow bug could be exploited by using the STRALGO LCS command to cause remote remote code execution (boo#1186722) * Fix crash after a diskless replication fork child is terminated * Fix redis-benchmark crash on unsupported configs * Fix crash in UNLINK on a stream key with deleted consumer groups * SINTERSTORE: Add missing keyspace del event when none of the sources exist * Sentinel: Fix CONFIG SET of empty string sentinel-user/sentinel-pass configs * Enforce client output buffer soft limit when no traffic * Hide AUTH passwords in MIGRATE command from slowlog ==== remmina ==== Version update (1.4.16 -> 1.4.18) Subpackages: remmina-lang remmina-plugin-rdp remmina-plugin-secret remmina-plugin-vnc remmina-plugin-xdmcp - Update to 1.4.18 * Try more shells as launcher if default isn't found !2269 * Minor fixes for v1.4.17 !2270 * SSH session improvements !2271 * Fixes - Auto-start file created on tray icon disabled !2272 * RDP: Remove older usage of ClientHostname * Fix libfreerdp version check * Explicitly set user resolution to a multiple of 4 * Code refactoring - ASAN exceptions !2274 - Fixed remmina-plugin-nx dependencies - Update to 1.4.17 * Fix build with musl libc * Fix typos * Improving CI cache * Fix System Tray Icon Broken/Missing * VNC quality deafults now to good * Flatpak refactoring * Adding Gateway websocket support * Revert "Linking snap and flatpak to FreeRDP 2.3.1" * Set FreeRDP config path to Remmina profiles path - Fixed build-logic for NX, enable per default - Enable kwallet and appindicator non SLE distributions - Rename internal bcond from nx to remmina_nx - Use cmake_build - Use bcond for kwallet, which defaults to enabled - Use bcond for appindicator, which defaults to disabled GtkStatusIcon works everywhere, while Appindicator works just in KDE ==== rtkit ==== - Replace systemd-devel BuildRequires with pkgconfig(libsystemd): allow OBS to shortcut through the systemd-mini flavors. ==== rubygem-ffi ==== Version update (1.15.0 -> 1.15.1) Subpackages: ruby2.7-rubygem-ffi ruby3.0-rubygem-ffi - updated to version 1.15.1 Fixed: * Append -pthread to linker options. #893 * Use arm or aarch64 to identify Apple ARM CPU arch. #899 * Allow overriding `gcc` with the `CC` env var in `const_generator.rb` and `struct_generator.rb`. #897 ==== rubygem-mini_portile2 ==== Version update (2.5.1 -> 2.6.1) - updated to version 2.6.1 [#]### Dependencies Make `net-ftp` an optional dependency, since requiring it as a hard dependency in v2.5.2 caused warnings to be emitted by Ruby 2.7 and earlier. A warning message is emitted if FTP functionality is called and `net-ftp` isn't available; this should only happen in Ruby 3.1 and later. ==== rubygem-nokogiri ==== Version update (1.11.3 -> 1.11.6) Subpackages: ruby2.7-rubygem-nokogiri ruby3.0-rubygem-nokogiri - updated to version 1.11.6 [#]# 1.11.6 / 2021-05-26 [#]## Fixed * [CRuby] `DocumentFragment#path` now does proper error-checking to handle behavior introduced in libxml > 2.9.10. In v1.11.4 and v1.11.5, calling `DocumentFragment#path` could result in a segfault. [#]# 1.11.5 / 2021-05-19 [#]## Fixed [Windows CRuby] Work around segfault at process exit on Windows when using libxml2 system DLLs. libxml 2.9.12 introduced new behavior to avoid memory leaks when unloading libxml2 shared libraries (see [libxml/!66](https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/66)). Early testing caught this segfault on non-Windows platforms (see [#2059](https://github.com/sparklemotion/nokogiri/issues/2059) and [libxml@956534e](https://gitlab.gnome.org/GNOME/libxml2/-/commit/956534e02ef280795a187c16f6ac04e107f23c5d)) but it was incompletely fixed and is still an issue on Windows platforms that are using system DLLs. We work around this by configuring libxml2 in this situation to use its default memory management functions. Note that if Nokogiri is not on Windows, or is not using shared system libraries, it will will continue to configure libxml2 to use Ruby's memory management functions. `Nokogiri::VERSION_INFO["libxml"]["memory_management"]` will allow you to verify when the default memory management functions are being used. [[#2241](https://github.com/sparklemotion/nokogiri/issues/2241)] [#]## Added `Nokogiri::VERSION_INFO["libxml"]` now contains the key `"memory_management"` to declare whether libxml2 is using its `default` memory management functions, or whether it uses the memory management functions from `ruby`. See above for more details. [#]# 1.11.4 / 2021-05-14 [#]## Security [CRuby] Vendored libxml2 upgraded to v2.9.12 which addresses: - [CVE-2019-20388](https://security.archlinux.org/CVE-2019-20388) - [CVE-2020-24977](https://security.archlinux.org/CVE-2020-24977) - [CVE-2021-3517](https://security.archlinux.org/CVE-2021-3517) - [CVE-2021-3518](https://security.archlinux.org/CVE-2021-3518) - [CVE-2021-3537](https://security.archlinux.org/CVE-2021-3537) - [CVE-2021-3541](https://security.archlinux.org/CVE-2021-3541) Note that two additional CVEs were addressed upstream but are not relevant to this release. [CVE-2021-3516](https://security.archlinux.org/CVE-2021-3516) via `xmllint` is not present in Nokogiri, and [CVE-2020-7595](https://security.archlinux.org/CVE-2020-7595) has been patched in Nokogiri since v1.10.8 (see [#1992](https://github.com/sparklemotion/nokogiri/issues/1992)). Please see [nokogiri/GHSA-7rrm-v45f-jp64 ](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64) or [#2233](https://github.com/sparklemotion/nokogiri/issues/2233) for a more complete analysis of these CVEs and patches. [#]## Dependencies * [CRuby] vendored libxml2 is updated from 2.9.10 to 2.9.12. (Note that 2.9.11 was skipped because it was superseded by 2.9.12 a few hours after its release.) ==== shim ==== - shim-install: instead of assuming "removable" for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961) - Add shim-bsc1185261-relax-import_mok_state-check.patch to relax the check for import_mok_state() when Secure Boot is off. (bsc#1185261) ==== skopeo ==== Version update (1.2.1 -> 1.2.3) - Update to version 1.2.3: * Fix for login / logout registry argument * Upgrade dsnet/compress to avoid vulnerable xz version * Enable 'OptimizeDestinationImageAlreadyExists' feature * 020-copy.bats: check that we set the manifest type correctly * Set User-Agent to skopeo/$VERSION * Rebase against master and improve comment about gpgme-config * Fix Makefile to handle PREFIX correctly - Add bash-completion package ==== sushi ==== Version update (3.38.0 -> 3.38.1) - Update to version 3.38.1: + Account for scaling factor while estimating window size ==== systemd ==== Subpackages: libsystemd0 libudev-devel libudev1 systemd-container systemd-doc systemd-logger systemd-sysvinit udev - systemd.spec: clean some of the build deps up: - libpcre is redundant with libpcre2 (only required by the full build) and the mini variant needs none of them. Hence drop the ref to libpcre. - normally libidn2 is needed by some optional features in systemd-network (only). But it's implicitly pulled in by libgnutls (required by the main package). Let's make sure the related features won't be disabled inadvertently in the future by making the dep explicit. ==== systemd-presets-common-SUSE ==== - When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package, thus fixing boo#1186561 ==== unbound ==== Subpackages: libunbound8 unbound-anchor - Enable DNS-over-HTTPS support - Use --disable-explicit-port-randomisation, the linux kernel has source port randomization by default if port is 0 since ages. ==== vim ==== Version update (8.2.2850 -> 8.2.2918) Subpackages: gvim vim-data vim-data-common - Updated to version 8.2.2918, fixes the following problems * Using mapping on the command line triggers CmdlineChanged. (Naohiro Ono) * Configure can add --as-needed a second time. * Window is not updated after using mapping. * Custom statusline cannot contain % items. * White space after "->" does not give E274. * Get readonly error for device that can't be written to. * Vim9: exception in ISN_INSTR caught at wrong level. * Test fails because of changed error message. * Tcl test fails because of changed error message. * Adding a text property causes the whole window to be redawn. * Vim9: "legacy return" is not recognized as a return statement. * Removing a text property causes the whole window to be redawn. * Removing a text property does not redraw optimally. * Vim9: crash when using inline function. * Skipping over function body fails. * Vim9: memory leak when using inline function. * Build failure. * Vim9: When executing a compiled expression the trylevel at start is changed but not restored. (closes #8214) * Using unified diff is not tested. * CmdlineChange event triggered twice for CTRL-R. * Unnessary VIM_ISDIGIT() calls, badly indented code. * Python tests fail without the channel feature. * Not enough tests for writing buffers. * Cancelling inputlist() after a digit does not return zero. * Configure cannot detect Python 3.10. * Insufficient tests for popup menu rightleft. * Vim9: for loop list unpack only allows for one "_". * File extension .hsig not recognized. * Unified diff fails if actually used. * Various pieces of code not covered by tests. * Vim9: memory leak when lambda has an error. * Not enough cscope code is covered by tests. * searching for \%'> does not match linewise end of line. (Tim Chase) * Various pieces of code not covered by tests. * Crash when passing null string to fullcommand(). * Vim9: "k" command recognized in Vim9 script. * Typo and verbose comment in Makefiles. * Text property duplicated when data block splits. * Cannot build with Perl 5.34. * Error message contains random characters. * Multi-byte text in popup title shows up wrong. * Vim9: random characters appear in some error messages. * Spellfile functionality not fully tested. * Vim9: can use reserved words at the script level. * QuitPre and ExitPre not triggered when GUI window is closed. * Appveyor script does not detect nmake failure. * QuitPre is triggered before :wq writes the file, which is different from other commands. * Some operators not fully tested. * Spellfile functionality not fully tested. * Cursor position wrong on wrapped line with 'signcolumn'. * "g$" causes scroll if half a double width char is visible. * No error when defaults.vim cannot be loaded. * ASAN reports errors for test_startup for unknown reasons. * Memory leak when running out of memory. * Crash when using a terminal popup window from the cmdline window. * Build error with non-Unix system. * Test for cmdline window and terminal fails on MS-Windows. * Pattern "\%V" does not match all of block selection. (Rick Howe) * MS-Windows: most users expect using Unicode. * MS-Windows conpty supports using mouse events. * Cannot paste a block without adding padding. * Operators are not fully tested. * Spellfile functionality not fully tested. * Builtin function can be shadowed by global variable. ==== wget ==== - When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the "The name is too long, ... trying to shorten" messages. The patch moves the length check code to a separate function and call it from the append_dir_structure() for each path element. [ bsc#1181173, 0001-src-main.c-Introduce-truncate_filename-option.patch] - If wget for an http URL is redirected to a different site (hostname parts of URLs differ), then any "Authenticate" and "Cookie" header entries are discarded. [bsc#1175551, wget-do-not-propagate-credentials.patch] ==== xapps ==== Version update (2.0.7 -> 2.2.0) Subpackages: libxapp1 typelib-1_0-XApp-1_0 xapps-common xapps-common-lang - Update to version 2.2.0. * xapp-preferences-window.c: Hide the sidebar switcher initially to prevent it showing even with single-page views. * all: Add debug topics. * xapp-favorites.c: Free the favorite list when building a GtkMenu. * Add a class to programmatically set styling on a particular widget. * util: add a utility function to convert from a pango font string to css (#135) ==== xen ==== Version update (4.14.1_16 -> 4.15.0_01) Subpackages: xen-libs xen-tools-domU - Add xen.sysconfig-fillup.patch to make sure xencommons is in a format as expected by fillup. (bsc#1185682) Each comment needs to be followed by an enabled key. Otherwise fillup will remove manually enabled key=value pairs, along with everything that looks like a stale comment, during next pkg update - Remove init.xen_loop and /etc/modprobe.d/xen_loop.conf The number of loop devices is unlimited since a while - Refresh xenstore-launch.patch to cover also daemon case - Now that SOURCE_DATE_EPOCH is defined and Xen Makefile uses it, drop reproducible.patch - Update to Xen 4.15.0 FCS release xen-4.15.0-testing-src.tar.bz2 * Xen can now export Intel Processor Trace (IPT) data from guests to tools in dom0. * Xen now supports Viridian enlightenments for guests with more than 64 vcpus. * Xenstored and oxenstored both now support LiveUpdate (tech preview). * Unified boot images * Switched x86 MSR accesses to deny by default policy. * Named PCI devices for xl/libxl and improved documentation for xl PCI configuration format. * Support for zstd-compressed dom0 (x86) and domU kernels. * Reduce ACPI verbosity by default. * Add ucode=allow-same option to test late microcode loading path. * Library improvements from NetBSD ports upstreamed. * x86: Allow domains to use AVX-VNNI instructions. * Added XEN_SCRIPT_DIR configuration option to specify location for Xen scripts. * xennet: Documented a way for the backend (or toolstack) to specify MTU to the frontend. * On detecting a host crash, some debug key handlers can automatically triggered to aid in debugging. * Increase the maximum number of guests which can share a single IRQ from 7 to 16, and make this configurable with irq-max-guests. - Dropped patches contained in new tarball 5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch 5fedf9f4-x86-hpet_setup-fix-retval.patch 5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch 5ff71655-x86-dpci-EOI-regardless-of-masking.patch 5ffc58c4-ACPI-reduce-verbosity-by-default.patch 5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch 600999ad-x86-dpci-do-not-remove-pirqs-from.patch 600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch 6011bbc7-x86-timer-fix-boot-without-PIT.patch 6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch 6013e546-x86-HVM-reorder-domain-init-error-path.patch 601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch 602bd768-page_alloc-only-flush-after-scrubbing.patch 602cfe3d-IOMMU-check-if-initialized-before-teardown.patch 602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch 602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch 602ffae9-tools-libs-light-fix-xl-save--c-handling.patch 6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch 60787714-x86-HPET-avoid-legacy-replacement-mode.patch 60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch 60410127-gcc11-adjust-rijndaelEncrypt.patch 60422428-x86-shadow-avoid-fast-fault-path.patch 604b9070-VT-d-disable-QI-IR-before-init.patch 60535c11-libxl-domain-soft-reset.patch (Replaces xsa368.patch) 60700077-x86-vpt-avoid-pt_migrate-rwlock.patch libxc-bitmap-50a5215f30e964a6f16165ab57925ca39f31a849.patch libxc-bitmap-longs.patch libxc-sr-3cccdae45242dab27198b8e150be0c85acd5d3c9.patch libxl.fix-libacpi-dependency.patch stubdom-have-iovec.patch xenwatchdogd-options.patch ==== xf86-video-nouveau ==== - no longer autoinstall the package depending on PCI ID; we have modesetting driver for X since a long time now (boo#1186721) ==== xfce4-branding-openSUSE ==== Subpackages: libgarcon-branding-openSUSE libxfce4ui-branding-openSUSE thunar-volman-branding-openSUSE xfce4-notifyd-branding-openSUSE xfce4-panel-branding-openSUSE xfce4-power-manager-branding-openSUSE xfce4-session-branding-openSUSE xfce4-settings-branding-openSUSE xfdesktop-branding-openSUSE xfwm4-branding-openSUSE - Enable the fix for boo#1178511 on all Leap versions ==== xorgproto ==== - package licenses as %%license - modernize spec file - list files in files-section to avoid directory permission conflict with filesystem package ==== yast2 ==== Version update (4.4.5 -> 4.4.9) Subpackages: yast2-logs - AutoYaST: SectionWithAttributes allows to indicate whether an attribute accepts blank values (related to jsc#PM-2620). - 4.4.9 - revert disable of hibernation based on product and virtual machines (bsc#1184470) - 4.4.8 - Improve Yast2::Equatable mixin making the #hash method to be fine tuned easelly (related to bsc#11806082). - 4.4.7 - Added some names to the list of parameters handled by CFA for the login.defs configuration (related to jsc#PM-2620). - 4.4.6 ==== yast2-bootloader ==== Version update (4.4.1 -> 4.4.2) - Fixes for 'arm can boot on uefi' (boo#1183795) - 4.4.2 ==== yast2-network ==== Version update (4.4.12 -> 4.4.13) - bnc#1185524 - do not crash at the end of installation when storing wifi configuration for NetworkManager at the target - 4.4.13 ==== zypper ==== Version update (1.14.44 -> 1.14.45) Subpackages: zypper-log zypper-needs-restarting - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) - version 1.14.45