Packages changed: abseil-cpp autoyast2 (4.5.1 -> 4.5.2) bluedevil5 (5.25.2 -> 5.25.3) breeze (5.25.2 -> 5.25.3) breeze-gtk (5.25.2 -> 5.25.3) chromaprint (1.5.0 -> 1.5.1) dar (2.6.15 -> 2.7.6) ddclient discover (5.25.2 -> 5.25.3) drkonqi5 (5.25.2 -> 5.25.3) git (2.37.0 -> 2.37.1) gnome-desktop (42.2 -> 42.3) hwdata (0.360 -> 0.361) kactivitymanagerd (5.25.2 -> 5.25.3) kcm_sddm (5.25.2 -> 5.25.3) kde-cli-tools5 (5.25.2 -> 5.25.3) kde-gtk-config5 (5.25.2 -> 5.25.3) kernel-64kb (5.18.9 -> 5.18.11) kernel-source (5.18.9 -> 5.18.11) kgamma5 (5.25.2 -> 5.25.3) khotkeys5 (5.25.2 -> 5.25.3) kinfocenter5 (5.25.2 -> 5.25.3) kmenuedit5 (5.25.2 -> 5.25.3) kscreen5 (5.25.2 -> 5.25.3) kscreenlocker (5.25.2 -> 5.25.3) ksshaskpass5 (5.25.2 -> 5.25.3) ksystemstats5 (5.25.2 -> 5.25.3) kwayland-integration (5.25.2 -> 5.25.3) kwin5 (5.25.2 -> 5.25.3) kwrited5 (5.25.2 -> 5.25.3) layer-shell-qt (5.25.2 -> 5.25.3) libadwaita (1.1.2 -> 1.1.3) libaio (0.3.112+29.696a5e6483ba -> 0.3.113) libgit2 (1.4.3 -> 1.4.4) libhandy (1.6.2 -> 1.6.3) libidn2 (2.3.2 -> 2.3.3) libkdecoration2 (5.25.2 -> 5.25.3) libkscreen2 (5.25.2 -> 5.25.3) libksysguard5 (5.25.2 -> 5.25.3) libnettle (3.7.3 -> 3.8) milou5 (5.25.2 -> 5.25.3) monitoring-plugins mpg123 (1.30.0 -> 1.30.1) ncurses (6.3.20220618 -> 6.3.20220709) net-snmp nghttp2 (1.47.0 -> 1.48.0) oxygen5-sounds (5.25.2 -> 5.25.3) patterns-base patterns-fonts pcsc-cyberjack (3.99.5final.SP14 -> 3.99.5final.SP15) perl (5.34.1 -> 5.36.0) perl-Crypt-OpenSSL-RSA (0.32 -> 0.33) perl-MIME-tools (5.509 -> 5.510) perl-URI (5.10 -> 5.12) plasma-browser-integration (5.25.2 -> 5.25.3) plasma-nm5 (5.25.2 -> 5.25.3) plasma5-addons (5.25.2 -> 5.25.3) plasma5-desktop (5.25.2 -> 5.25.3) plasma5-disks (5.25.2 -> 5.25.3) plasma5-integration (5.25.2 -> 5.25.3) plasma5-openSUSE plasma5-pa (5.25.2 -> 5.25.3) plasma5-systemmonitor (5.25.2 -> 5.25.3) plasma5-thunderbolt (5.25.2 -> 5.25.3) plasma5-workspace (5.25.2 -> 5.25.3) plymouth polkit-kde-agent-5 (5.25.2 -> 5.25.3) powerdevil5 (5.25.2 -> 5.25.3) python-M2Crypto python-argcomplete (1.12.3 -> 2.0.0) python-pycares (4.0.0 -> 4.2.1) redis (7.0.2 -> 7.0.3) rubygem-ruby-dbus (0.18.0.beta8 -> 0.18.1) selinux-policy speex (1.2 -> 1.2.1) sqlite3 (3.38.5 -> 3.39.0) suse-module-tools (16.0.20 -> 16.0.21) sysconfig (0.85.8 -> 0.90.0) systemd (250.6 -> 251.2) systemsettings5 (5.25.2 -> 5.25.3) texlive tpm2-0-tss (3.1.0 -> 3.2.0) u-boot-rpiarm64 (2022.04 -> 2022.07) vlc wavpack (5.4.0 -> 5.5.0) xdg-desktop-portal-kde (5.25.2 -> 5.25.3) xmessage (1.0.5 -> 1.0.6) xorg-x11-fonts xorg-x11-fonts-converted xorg-x11-server xwayland (22.1.2 -> 22.1.3) yast2-perl-bindings (4.5.0 -> 4.5.1) yast2-services-manager (4.5.0 -> 4.5.1) === Details === ==== abseil-cpp ==== - Add Fix-maes-msse41-leaking-into-pkgconfig.patch * Do not make programs compiled with abseil require new-ish CPUs. ==== autoyast2 ==== Version update (4.5.1 -> 4.5.2) Subpackages: autoyast2-installation - Run the registration step early only on the Online installation medium which does not provide any packages. On the other media run the registration step later. Fixes crash in the SLE Micro when the AutoYaST profile enables the registration step. (bsc#1200803) - 4.5.2 ==== bluedevil5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: bluedevil5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== breeze ==== Version update (5.25.2 -> 5.25.3) Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang libbreezecommon5-5 - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== breeze-gtk ==== Version update (5.25.2 -> 5.25.3) Subpackages: gtk2-metatheme-breeze gtk3-metatheme-breeze metatheme-breeze-common - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== chromaprint ==== Version update (1.5.0 -> 1.5.1) - update to 1.5.1: * No functional source code changes. * Fixed some compiler warnings. * Rebuilt the fpcalc binaries with FFmpeg 4.4.1. * Added support for fat binaries on macOS, with support for both Intel and Apple silicon. ==== dar ==== Version update (2.6.15 -> 2.7.6) Subpackages: dar-doc dar-lang libdar64-6000 - Update to version 2.7.6 * adding -f option to dar_cp * adding static version of dar_cp (dar_cp_static) as compilation outcome * added FAQ for tape usage with dar * fixing error in libdar header file installation * fixed bug met when interrupting the creation of a block compressed backup (always used by lzo compression and by other algorithm only when performing multi-threaded compression) * typo fixes in documentation * fixed message in lax mode used to obtain from the user the archive format when this information is corrupted in the archive. * fixing lax mode condition that popped up without being requested * fixing bug met when reading slice an special block device by mean of a symlink * adapting sanity checks to the case of a backup read from a special device in sequential-read mode. * fixed bug that lead dar to report CRC error while reading a backup from a pipe with the help of an isolated catalogue * adding -V option to dar_split (was using -v) for homogeneity with other commands ==== ddclient ==== - fix for boo#1191885 add SupplementaryGroups=maildrop to service file - rename ddclient-3.8.1-config.patch to ddclient-config.patch - rebase patch * ddclient-delay-main-process-for-systemd.patch (p0) - update ddclient-config.patch * fix PID file path - merge ddclient-replace-varrun-with-run.patch into ddclient-config.patc - merge changes file with SLES Maintained pkg - update Source to %{name}-%{version} ==== discover ==== Version update (5.25.2 -> 5.25.3) Subpackages: discover-backend-flatpak discover-backend-fwupd discover-backend-packagekit discover-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * ApplicationResourceButton: switch to individual ToolTip instances (kde#456129) ==== drkonqi5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: drkonqi5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== git ==== Version update (2.37.0 -> 2.37.1) Subpackages: git-core git-email git-gui git-svn git-web gitk perl-Git - git 2.37.1: * Rewrite of "git add -i" in C that appeared in Git 2.25 didn't correctly record a removed file to the index, which is an old regression but has become widely known because the C version has become the default in the latest release. * Fix for CVE-2022-29187 [boo#1201431]: The safety check that verifies a safe ownership of the Git worktree is now extended to also cover the ownership of the Git directory (and the `.git` file, if there is any). - Usage of sysusers_requires is optional, like during quilt setup ==== gnome-desktop ==== Version update (42.2 -> 42.3) Subpackages: gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common libgnome-desktop-4-1 typelib-1_0-GnomeDesktop-3_0 typelib-1_0-GnomeDesktop-4_0 - Update to version 42.3: + No changes, version bump only. ==== hwdata ==== Version update (0.360 -> 0.361) - update to 0.361: + Updated pci, usb and vendor ids. ==== kactivitymanagerd ==== Version update (5.25.2 -> 5.25.3) Subpackages: kactivitymanagerd-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kcm_sddm ==== Version update (5.25.2 -> 5.25.3) Subpackages: kcm_sddm-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kde-cli-tools5 ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * Fix DBus name for KPluginMetaData based KCMs (kde#455943) ==== kde-gtk-config5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kde-gtk-config5-gtk3 - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kernel-64kb ==== Version update (5.18.9 -> 5.18.11) - Refresh patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch. Update upstream status. - commit 4fcb983 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit da1381f - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ce3ce6a - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update to upstream version. - commit 3f7e318 - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). Update upstream status. - commit eae54b1 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit cec52d3 - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 86ef7b4 - x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/static_call: Serialize __static_call_fixup() properly (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Disable RRSBA behavior (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 834606b - x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit 9dbc2f6 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 023a0b9 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit a4a04c4 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: skip non-text sections when adding return-thunk sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Don't call error_entry() for XENPV (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Switch the stack after error_entry() returns (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit bc4fd7c - Linux 5.18.11 (bsc#1012628). - io_uring: fix provided buffer import (bsc#1012628). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628). - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (bsc#1012628). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (bsc#1012628). - can: grcan: grcan_probe(): remove extra of_node_get() (bsc#1012628). - can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628). - can: m_can: m_can_chip_config(): actually enable internal timestamping (bsc#1012628). - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (bsc#1012628). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (bsc#1012628). - can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel() (bsc#1012628). - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (bsc#1012628). - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (bsc#1012628). - usbnet: fix memory leak in error case (bsc#1012628). - net: rose: fix UAF bug caused by rose_t0timer_expiry (bsc#1012628). - net: lan966x: hardcode the number of external ports (bsc#1012628). - netfilter: nft_set_pipapo: release elements in clone from abort path (bsc#1012628). - selftests/net: fix section name when using xdp_dummy.o (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (bsc#1012628). - can: rcar_canfd: Fix data transmission failed on R-Car V3U (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - MAINTAINERS: Remove iommu@lists.linux-foundation.org (bsc#1012628). - iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628). - iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628). - cxl/mbox: Use __le32 in get,set_lsa mailbox structures (bsc#1012628). - cxl: Fix cleanup of port devices on failure to probe driver (bsc#1012628). - fbdev: fbmem: Fix logo center image dx issue (bsc#1012628). - fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628). - fbcon: Disallow setting font bigger than screen size (bsc#1012628). - fbcon: Prevent that screen size is smaller than font size (bsc#1012628). - PM: runtime: Redefine pm_runtime_release_supplier() (bsc#1012628). - PM: runtime: Fix supplier device management during consumer probe (bsc#1012628). - memregion: Fix memregion_free() fallback definition (bsc#1012628). - video: of_display_timing.h: include errno.h (bsc#1012628). - fscache: Fix invalidation/lookup race (bsc#1012628). - fscache: Fix if condition in fscache_wait_on_volume_collision() (bsc#1012628). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1012628). - net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (bsc#1012628). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (bsc#1012628). - srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (bsc#1012628). - ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() (bsc#1012628). - ASoC: SOF: Intel: hda: Fix compressed stream position tracking (bsc#1012628). - arm64: dts: qcom: sm8450: fix interconnects property of UFS node (bsc#1012628). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628). - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (bsc#1012628). - ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628). - arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (bsc#1012628). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (bsc#1012628). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (bsc#1012628). - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (bsc#1012628). - ARM: at91: pm: use proper compatible for sama5d2's rtc (bsc#1012628). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (bsc#1012628). - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (bsc#1012628). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (bsc#1012628). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (bsc#1012628). - ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628). - xsk: Clear page contiguity bit when unmapping pool (bsc#1012628). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (bsc#1012628). - i40e: Fix dropped jumbo frames statistics (bsc#1012628). - i40e: Fix VF's MAC Address change on VM (bsc#1012628). - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (bsc#1012628). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1012628). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix error message in learning_test (bsc#1012628). - ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628). - ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported (bsc#1012628). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (bsc#1012628). - ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported (bsc#1012628). - net/mlx5e: Fix matchall police parameters validation (bsc#1012628). - mptcp: Avoid acquiring PM lock for subflow priority changes (bsc#1012628). - mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags (bsc#1012628). - mptcp: fix local endpoint accounting (bsc#1012628). - r8169: fix accessing unset transport header (bsc#1012628). - i2c: cadence: Unregister the clk notifier in error path (bsc#1012628). - net/sched: act_api: Add extack to offload_act_setup() callback (bsc#1012628). - net/sched: act_police: Add extack messages for offload failure (bsc#1012628). - net/sched: act_police: allow 'continue' action offload (bsc#1012628). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628). - dmaengine: imx-sdma: only restart cyclic channel when enabled (bsc#1012628). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (bsc#1012628). - misc: rtsx_usb: use separate command and response buffers (bsc#1012628). - misc: rtsx_usb: set return value in rsp_buf alloc err path (bsc#1012628). - dmaengine: dw-axi-dmac: Fix RMW on channel suspend register (bsc#1012628). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (bsc#1012628). - ida: don't use BUG_ON() for debugging (bsc#1012628). - dmaengine: pl330: Fix lockdep warning about non-static key (bsc#1012628). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (bsc#1012628). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (bsc#1012628). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: qcom: bam_dma: fix runtime PM underflow (bsc#1012628). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: idxd: force wq context cleanup on device disable path (bsc#1012628). - commit 0e7e901 - Linux 5.18.10 (bsc#1012628). - xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628). - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1012628). - xen/blkfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: fix leaking data in shared pages (bsc#1012628). - xen/blkfront: fix leaking data in shared pages (bsc#1012628). - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (bsc#1012628). - net: sparx5: mdb add/del handle non-sparx5 devices (bsc#1012628). - net: sparx5: Add handling of host MDB entries (bsc#1012628). - drm/fourcc: fix integer type usage in uapi header (bsc#1012628). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (bsc#1012628). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (bsc#1012628). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (bsc#1012628). - platform/x86: panasonic-laptop: sort includes alphabetically (bsc#1012628). - platform/x86: panasonic-laptop: de-obfuscate button codes (bsc#1012628). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (bsc#1012628). - drm/msm/gem: Fix error return on fence id alloc fail (bsc#1012628). - drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628). - drm/i915/gem: add missing else (bsc#1012628). - platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter (bsc#1012628). - drm/msm/dpu: Increment vsync_cnt before waking up userspace (bsc#1012628). - cifs: fix minor compile warning (bsc#1012628). - net: tun: avoid disabling NAPI twice (bsc#1012628). - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (bsc#1012628). - ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628). - ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628). - nvmet: add a clear_ids attribute for passthru targets (bsc#1012628). - fanotify: refine the validation checks on non-dir inode mask (bsc#1012628). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (bsc#1012628). - ACPI: video: Change how we determine if brightness key-presses are handled (bsc#1012628). - nvmet-tcp: fix regression in data_digest calculation (bsc#1012628). - tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628). - cpufreq: qcom-hw: Don't do lmh things without a throttle interrupt (bsc#1012628). - epic100: fix use after free on rmmod (bsc#1012628). - tipc: move bc link creation back to tipc_node_create (bsc#1012628). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (bsc#1012628). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (bsc#1012628). - platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to ideapad_dytc_v4_allow_table[] (bsc#1012628). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - powerpc/memhotplug: Add add_pages override for PPC (bsc#1012628). - Update config files. - net: dsa: felix: fix race between reading PSFP stats and port stats (bsc#1012628). - net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1012628). - selftests net: fix kselftest net fatal error (bsc#1012628). - net: phy: ax88772a: fix lost pause advertisement configuration (bsc#1012628). - net: bonding: fix possible NULL deref in rlb code (bsc#1012628). - net: asix: fix "can't send until first packet is send" issue (bsc#1012628). - net/sched: act_api: Notify user space if any actions were flushed before error (bsc#1012628). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (bsc#1012628). - netfilter: nft_dynset: restore set element counter when failing to update (bsc#1012628). - s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628). - vdpa/mlx5: Update Control VQ callback information (bsc#1012628). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (bsc#1012628). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (bsc#1012628). - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (bsc#1012628). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (bsc#1012628). - vfs: fix copy_file_range() regression in cross-fs copies (bsc#1012628). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (bsc#1012628). - NFSD: restore EINVAL error translation in nfsd_commit() (bsc#1012628). - NFS: restore module put when manager exits (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1012628). - hwmon: (occ) Prevent power cap command overwriting poll response (bsc#1012628). - selftests: mptcp: Initialize variables to quiet gcc 12 warnings (bsc#1012628). - mptcp: fix conflict with (bsc#1012628). - selftests: mptcp: more stable diag tests (bsc#1012628). - mptcp: fix race on unaccepted mptcp sockets (bsc#1012628). - usbnet: fix memory allocation in helpers (bsc#1012628). - net: usb: asix: do not force pause frames support (bsc#1012628). - linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628). - RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628). - net: dp83822: disable rx error interrupt (bsc#1012628). - net: dp83822: disable false carrier interrupt (bsc#1012628). - net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628). - net: tun: stop NAPI when detaching queues (bsc#1012628). - net: tun: unlink NAPI from device on destruction (bsc#1012628). - net: dsa: bcm_sf2: force pause link settings (bsc#1012628). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (bsc#1012628). - virtio-net: fix race between ndo_open() and virtio_device_ready() (bsc#1012628). - net: usb: ax88179_178a: Fix packet receiving (bsc#1012628). - net: rose: fix UAF bugs caused by timer handler (bsc#1012628). - SUNRPC: Fix READ_PLUS crasher (bsc#1012628). - dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628). - dm raid: fix accesses beyond end of raid member array (bsc#1012628). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1012628). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628). - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (bsc#1012628). - powerpc/prom_init: Fix kernel config grep (bsc#1012628). - parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628). - parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628). - ceph: wait on async create before checking caps for syncfs (bsc#1012628). - nvdimm: Fix badblocks clear off-by-one error (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (bsc#1012628). - s390/archrandom: simplify back to earlier design and initialize earlier (bsc#1012628). - net: phy: Don't trigger state machine while in suspend (bsc#1012628). - ipv6: take care of disable_policy when restoring routes (bsc#1012628). - ksmbd: use vfs_llseek instead of dereferencing NULL (bsc#1012628). - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (bsc#1012628). - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (bsc#1012628). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (bsc#1012628). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (bsc#1012628). - drm/amdgpu: fix adev variable used in amdgpu_device_gpu_recover() (bsc#1012628). - commit 97c4fd2 ==== kernel-source ==== Version update (5.18.9 -> 5.18.11) - Refresh patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch. Update upstream status. - commit 4fcb983 - x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit da1381f - x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit ce3ce6a - Refresh patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch. Update to upstream version. - commit 3f7e318 - x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). Update upstream status. - commit eae54b1 - tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (bsc#1198829 CVE-2022-1462). - tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462). - commit cec52d3 - x86/kvm: fix FASTOP_SIZE when return thunks are enabled (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 86ef7b4 - x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/static_call: Serialize __static_call_fixup() properly (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Disable RRSBA behavior (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add Cannon lake to RETBleed affected CPU list (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 834606b - x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit 9dbc2f6 - x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/common: Stamp out the stepping madness (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Convert launched argument to flags (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix SPEC_CTRL write on SMT state change (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix firmware entry SPEC_CTRL handling (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Do IBPB fallback check only once (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - intel_idle: Disable IBRS during long idle (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Report Intel retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Add kernel IBRS implementation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit 023a0b9 - x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - Update config files. - commit a4a04c4 - x86/bugs: Report AMD retbleed vulnerability (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: Treat .text.__x86.* as noinstr (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/sev: Avoid using __x86_return_thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/bpf: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/ftrace: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,static_call: Use alternative RET encoding (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - objtool: skip non-text sections when adding return-thunk sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Swizzle retpoline thunk (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/retpoline: Cleanup some #ifdefery (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Don't call error_entry() for XENPV (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/entry: Switch the stack after error_entry() returns (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657 CVE-2022-29900 CVE-2022-29901). - commit bc4fd7c - Linux 5.18.11 (bsc#1012628). - io_uring: fix provided buffer import (bsc#1012628). - ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD (bsc#1012628). - ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628). - ALSA: cs46xx: Fix missing snd_card_free() call at probe error (bsc#1012628). - can: bcm: use call_rcu() instead of costly synchronize_rcu() (bsc#1012628). - can: grcan: grcan_probe(): remove extra of_node_get() (bsc#1012628). - can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628). - can: m_can: m_can_chip_config(): actually enable internal timestamping (bsc#1012628). - can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp to full 32 bits (bsc#1012628). - can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (bsc#1012628). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround handling for mcp2517fd (bsc#1012628). - can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround broken CRC on TBC register (bsc#1012628). - can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel() (bsc#1012628). - bpf: Fix incorrect verifier simulation around jmp32's jeq/jne (bsc#1012628). - bpf: Fix insufficient bounds propagation from adjust_scalar_min_max_vals (bsc#1012628). - usbnet: fix memory leak in error case (bsc#1012628). - net: rose: fix UAF bug caused by rose_t0timer_expiry (bsc#1012628). - net: lan966x: hardcode the number of external ports (bsc#1012628). - netfilter: nft_set_pipapo: release elements in clone from abort path (bsc#1012628). - selftests/net: fix section name when using xdp_dummy.o (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (bsc#1012628). - can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (bsc#1012628). - can: rcar_canfd: Fix data transmission failed on R-Car V3U (bsc#1012628). - ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared (bsc#1012628). - MAINTAINERS: Remove iommu@lists.linux-foundation.org (bsc#1012628). - iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628). - iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628). - cxl/mbox: Use __le32 in get,set_lsa mailbox structures (bsc#1012628). - cxl: Fix cleanup of port devices on failure to probe driver (bsc#1012628). - fbdev: fbmem: Fix logo center image dx issue (bsc#1012628). - fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628). - fbcon: Disallow setting font bigger than screen size (bsc#1012628). - fbcon: Prevent that screen size is smaller than font size (bsc#1012628). - PM: runtime: Redefine pm_runtime_release_supplier() (bsc#1012628). - PM: runtime: Fix supplier device management during consumer probe (bsc#1012628). - memregion: Fix memregion_free() fallback definition (bsc#1012628). - video: of_display_timing.h: include errno.h (bsc#1012628). - fscache: Fix invalidation/lookup race (bsc#1012628). - fscache: Fix if condition in fscache_wait_on_volume_collision() (bsc#1012628). - powerpc/powernv: delay rng platform device creation until later in boot (bsc#1012628). - net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628). - ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (bsc#1012628). - pinctrl: sunxi: a83t: Fix NAND function name for some pins (bsc#1012628). - srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628). - ASoC: rt711: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: rt711-sdca: Add endianness flag in snd_soc_component_driver (bsc#1012628). - ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in .set_jack_detect (bsc#1012628). - ASoC: SOF: ipc3-topology: Move and correct size checks in sof_ipc3_control_load_bytes() (bsc#1012628). - ASoC: SOF: Intel: hda: Fix compressed stream position tracking (bsc#1012628). - arm64: dts: qcom: sm8450: fix interconnects property of UFS node (bsc#1012628). - arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628). - arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node (bsc#1012628). - ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628). - arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct the uart2 pinctl value (bsc#1012628). - arm64: dts: imx8mp-evk: correct gpio-led pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628). - arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad settings (bsc#1012628). - arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc settings (bsc#1012628). - pinctrl: sunxi: sunxi_pconf_set: use correct offset (bsc#1012628). - arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo (bsc#1012628). - ARM: at91: pm: use proper compatible for sama5d2's rtc (bsc#1012628). - ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (bsc#1012628). - ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt (bsc#1012628). - ARM: dts: at91: sam9x60ek: fix eeprom compatible and size (bsc#1012628). - ARM: dts: at91: sama5d2_icp: fix eeprom compatibles (bsc#1012628). - ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628). - xsk: Clear page contiguity bit when unmapping pool (bsc#1012628). - i2c: piix4: Fix a memory leak in the EFCH MMIO support (bsc#1012628). - i40e: Fix dropped jumbo frames statistics (bsc#1012628). - i40e: Fix VF's MAC Address change on VM (bsc#1012628). - ARM: dts: stm32: add missing usbh clock and fix clk order on stm32mp15 (bsc#1012628). - ibmvnic: Properly dispose of all skbs during a failover (bsc#1012628). - selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (bsc#1012628). - selftests: forwarding: fix error message in learning_test (bsc#1012628). - ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628). - ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is supported (bsc#1012628). - ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (bsc#1012628). - ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported (bsc#1012628). - net/mlx5e: Fix matchall police parameters validation (bsc#1012628). - mptcp: Avoid acquiring PM lock for subflow priority changes (bsc#1012628). - mptcp: Acquire the subflow socket lock before modifying MP_PRIO flags (bsc#1012628). - mptcp: fix local endpoint accounting (bsc#1012628). - r8169: fix accessing unset transport header (bsc#1012628). - i2c: cadence: Unregister the clk notifier in error path (bsc#1012628). - net/sched: act_api: Add extack to offload_act_setup() callback (bsc#1012628). - net/sched: act_police: Add extack messages for offload failure (bsc#1012628). - net/sched: act_police: allow 'continue' action offload (bsc#1012628). - dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628). - dmaengine: imx-sdma: only restart cyclic channel when enabled (bsc#1012628). - misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (bsc#1012628). - misc: rtsx_usb: use separate command and response buffers (bsc#1012628). - misc: rtsx_usb: set return value in rsp_buf alloc err path (bsc#1012628). - dmaengine: dw-axi-dmac: Fix RMW on channel suspend register (bsc#1012628). - dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (bsc#1012628). - ida: don't use BUG_ON() for debugging (bsc#1012628). - dmaengine: pl330: Fix lockdep warning about non-static key (bsc#1012628). - dmaengine: lgm: Fix an error handling path in intel_ldma_probe() (bsc#1012628). - dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (bsc#1012628). - dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: qcom: bam_dma: fix runtime PM underflow (bsc#1012628). - dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (bsc#1012628). - dmaengine: idxd: force wq context cleanup on device disable path (bsc#1012628). - commit 0e7e901 - Linux 5.18.10 (bsc#1012628). - xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628). - xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() (bsc#1012628). - xen/blkfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: force data bouncing when backend is untrusted (bsc#1012628). - xen/netfront: fix leaking data in shared pages (bsc#1012628). - xen/blkfront: fix leaking data in shared pages (bsc#1012628). - hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (bsc#1012628). - net: sparx5: mdb add/del handle non-sparx5 devices (bsc#1012628). - net: sparx5: Add handling of host MDB entries (bsc#1012628). - drm/fourcc: fix integer type usage in uapi header (bsc#1012628). - platform/x86: panasonic-laptop: filter out duplicate volume up/down/mute keypresses (bsc#1012628). - platform/x86: panasonic-laptop: don't report duplicate brightness key-presses (bsc#1012628). - platform/x86: panasonic-laptop: revert "Resolve hotkey double trigger bug" (bsc#1012628). - platform/x86: panasonic-laptop: sort includes alphabetically (bsc#1012628). - platform/x86: panasonic-laptop: de-obfuscate button codes (bsc#1012628). - drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (bsc#1012628). - drm/msm/gem: Fix error return on fence id alloc fail (bsc#1012628). - drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628). - drm/i915/gem: add missing else (bsc#1012628). - platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter (bsc#1012628). - drm/msm/dpu: Increment vsync_cnt before waking up userspace (bsc#1012628). - cifs: fix minor compile warning (bsc#1012628). - net: tun: avoid disabling NAPI twice (bsc#1012628). - mlxsw: spectrum_router: Fix rollback in tunnel next hop init (bsc#1012628). - ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628). - ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628). - nvmet: add a clear_ids attribute for passthru targets (bsc#1012628). - fanotify: refine the validation checks on non-dir inode mask (bsc#1012628). - tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (bsc#1012628). - ACPI: video: Change how we determine if brightness key-presses are handled (bsc#1012628). - nvmet-tcp: fix regression in data_digest calculation (bsc#1012628). - tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628). - cpufreq: qcom-hw: Don't do lmh things without a throttle interrupt (bsc#1012628). - epic100: fix use after free on rmmod (bsc#1012628). - tipc: move bc link creation back to tipc_node_create (bsc#1012628). - NFC: nxp-nci: Don't issue a zero length i2c_master_read() (bsc#1012628). - nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (bsc#1012628). - platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to ideapad_dytc_v4_allow_table[] (bsc#1012628). - platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1012628). - powerpc/memhotplug: Add add_pages override for PPC (bsc#1012628). - Update config files. - net: dsa: felix: fix race between reading PSFP stats and port stats (bsc#1012628). - net: bonding: fix use-after-free after 802.3ad slave unbind (bsc#1012628). - selftests net: fix kselftest net fatal error (bsc#1012628). - net: phy: ax88772a: fix lost pause advertisement configuration (bsc#1012628). - net: bonding: fix possible NULL deref in rlb code (bsc#1012628). - net: asix: fix "can't send until first packet is send" issue (bsc#1012628). - net/sched: act_api: Notify user space if any actions were flushed before error (bsc#1012628). - net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (bsc#1012628). - netfilter: nft_dynset: restore set element counter when failing to update (bsc#1012628). - s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628). - vdpa/mlx5: Update Control VQ callback information (bsc#1012628). - lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (bsc#1012628). - PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (bsc#1012628). - io_uring: ensure that send/sendmsg and recv/recvmsg check sqe->ioprio (bsc#1012628). - caif_virtio: fix race between virtio_device_ready() and ndo_open() (bsc#1012628). - vfs: fix copy_file_range() regression in cross-fs copies (bsc#1012628). - NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (bsc#1012628). - NFSD: restore EINVAL error translation in nfsd_commit() (bsc#1012628). - NFS: restore module put when manager exits (bsc#1012628). - net: ipv6: unexport __init-annotated seg6_hmac_net_init() (bsc#1012628). - hwmon: (occ) Prevent power cap command overwriting poll response (bsc#1012628). - selftests: mptcp: Initialize variables to quiet gcc 12 warnings (bsc#1012628). - mptcp: fix conflict with (bsc#1012628). - selftests: mptcp: more stable diag tests (bsc#1012628). - mptcp: fix race on unaccepted mptcp sockets (bsc#1012628). - usbnet: fix memory allocation in helpers (bsc#1012628). - net: usb: asix: do not force pause frames support (bsc#1012628). - linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628). - RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628). - net: dp83822: disable rx error interrupt (bsc#1012628). - net: dp83822: disable false carrier interrupt (bsc#1012628). - net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628). - net: tun: stop NAPI when detaching queues (bsc#1012628). - net: tun: unlink NAPI from device on destruction (bsc#1012628). - net: dsa: bcm_sf2: force pause link settings (bsc#1012628). - selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (bsc#1012628). - virtio-net: fix race between ndo_open() and virtio_device_ready() (bsc#1012628). - net: usb: ax88179_178a: Fix packet receiving (bsc#1012628). - net: rose: fix UAF bugs caused by timer handler (bsc#1012628). - SUNRPC: Fix READ_PLUS crasher (bsc#1012628). - dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628). - dm raid: fix accesses beyond end of raid member array (bsc#1012628). - cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1012628). - powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628). - powerpc/book3e: Fix PUD allocation size in map_kernel_page() (bsc#1012628). - powerpc/prom_init: Fix kernel config grep (bsc#1012628). - parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628). - parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628). - ceph: wait on async create before checking caps for syncfs (bsc#1012628). - nvdimm: Fix badblocks clear off-by-one error (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1 (bsc#1012628). - nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP (AKA SPECTRIX S40G) (bsc#1012628). - s390/archrandom: simplify back to earlier design and initialize earlier (bsc#1012628). - net: phy: Don't trigger state machine while in suspend (bsc#1012628). - ipv6: take care of disable_policy when restoring routes (bsc#1012628). - ksmbd: use vfs_llseek instead of dereferencing NULL (bsc#1012628). - ksmbd: check invalid FileOffset and BeyondFinalZero in FSCTL_ZERO_DATA (bsc#1012628). - ksmbd: set the range of bytes to zero without extending file size in FSCTL_ZERO_DATA (bsc#1012628). - drm/amdgpu: To flush tlb for MMHUB of RAVEN series (bsc#1012628). - Revert "drm/amdgpu/display: set vblank_disable_immediate for DC" (bsc#1012628). - drm/amdgpu: fix adev variable used in amdgpu_device_gpu_recover() (bsc#1012628). - commit 97c4fd2 ==== kgamma5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kgamma5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== khotkeys5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: khotkeys5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kinfocenter5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kinfocenter5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * Remove root Messages.sh there's no "kinfocenter" app anymore ==== kmenuedit5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kmenuedit5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kscreen5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kscreen5-lang kscreen5-plasmoid - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kscreenlocker ==== Version update (5.25.2 -> 5.25.3) Subpackages: kscreenlocker-lang libKScreenLocker5 - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== ksshaskpass5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: ksshaskpass5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== ksystemstats5 ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kwayland-integration ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== kwin5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: kwin5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * [kcm/kwindesktop] Emit rowsChanged signal to fix default state highlighting * backends/drm: also check for properties in DrmPipeline::needsModeset (kde#455814) * backends/drm: handle disconnected but not removed connector objects properly * windowview: handle windows from other virtual desktops better * Map XdgSurface to XdgWMBase instances properly (kde#456349) * Fix flickering in slide effect with multi screen * backends/drm: don't create a new output every time * wayland: Send drm-lease-device::done event to the correct resource * backends/drm: don't remove connectors the kernel doesn't consider removed (kde#456298) * xdgactivation: Properly prevent disabled activation notifications (kde#454937) * TabBox: Do not highlight selected window for fullscreen switchers (kde#449180) * Ship kconf update script to clean animation factor from kwinrc * Fix apply button with animation slider speed * Write animation speed to kdeglobals (kde#431259) * xdgactivation: Do not notify when applications try to activate themselves * Set all timestamps for all touch events (kde#456133) * backends/drm: fix common mode generation (kde#455477) * screencast: Do not send events when moving the cursor outside the viewport * screencasting: Have cursor move frames also send damage information * screencast: Also send the header when we just send the cursor update * backends/drm: suppress logging for direct scanout (kde#456089) ==== kwrited5 ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== layer-shell-qt ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== libadwaita ==== Version update (1.1.2 -> 1.1.3) Subpackages: libadwaita-1-0 typelib-1_0-Adw-1 - Update to version 1.1.3: + AdwLeaflet: Fix a broken link in docs. + AdwPreferencesGroup: Fix accessibility labels. + AdwToast: Fix the example in docs. + Stylesheet: Add missing borders in high contrast version. ==== libaio ==== Version update (0.3.112+29.696a5e6483ba -> 0.3.113) - add fix-splice-signature.patch to fix build on 32bit - update to 0.3.113: * cases/16.t: loongarch only supports eventfd2 * Add loongarch to supported architectures in libaio.spec * Add endian detection and bit width detection for loongarch * Use generic syscall number schema for loongarch * Fix struct io_iocb_vector padding for 32bit architectures * struct io_iocb_sockaddr padding for 32bit architectures * Verify structure padding is correct at build time * harness: add test for aio poll missed events ==== libgit2 ==== Version update (1.4.3 -> 1.4.4) - update to 1.4.4: * Compatibility with git's changes to address CVE 2022-29187. As a follow up to CVE 2022-24765, now not only is the working directory of a non-bare repository examined for its ownership, but the .git directory and the .git file (if present) are also examined for their ownership [boo#1201431] * A fix for compatibility with git's (new) behavior for CVE 2022-24765 allows users on POSIX systems to access a git repository that is owned by them when they are running in sudo - enable reproducible builds ==== libhandy ==== Version update (1.6.2 -> 1.6.3) Subpackages: libhandy-1-0 typelib-1_0-Handy-1_0 - Update to version 1.6.3: + Remove a non-existent property mention from HdyDeck docs. + Remove a leftover debug message from HdySettings. + Updated translations. ==== libidn2 ==== Version update (2.3.2 -> 2.3.3) - update to 2.3.3: * Upgrade IDNA Tables from Unicode 11 to 12 * Upgrade TR46 Tables from Unicode 13 to 14 * Updated gnulib files and various build fixes * Add self-check for the idn2 command line tool ==== libkdecoration2 ==== Version update (5.25.2 -> 5.25.3) Subpackages: libkdecorations2-5 libkdecorations2-5-lang libkdecorations2private9 - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== libkscreen2 ==== Version update (5.25.2 -> 5.25.3) Subpackages: libKF5Screen7 libkscreen2-plugin - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== libksysguard5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: ksysguardsystemstats-data libKSysGuardSystemStats1 libksysguard5-imports libksysguard5-lang libksysguard5-plugins - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== libnettle ==== Version update (3.7.3 -> 3.8) Subpackages: libhogweed6 libnettle8 - update to 3.8: This release includes a couple of new features, and many performance improvements. It adds assembly code for two more architectures: ARM64 and S390x. The new version is intended to be fully source and binary compatible with Nettle-3.6. The shared library names are libnettle.so.8.5 and libhogweed.so.6.5, with sonames libnettle.so.8 and libhogweed.so.6. New features: * AES keywrap (RFC 3394), contributed by Nicolas Mora. * SM3 hash function, contributed by Tianjia Zhang. * New functions cbc_aes128_encrypt, cbc_aes192_encrypt, cbc_aes256_encrypt. On processors where AES is fast enough, e.g., x86_64 with aesni instructions, the overhead of using Nettle's general cbc_encrypt can be significant. The new functions can be implemented in assembly, to do multiple blocks with reduced per-block overhead. Note that there's no corresponding new decrypt functions, since the general cbc_decrypt doesn't suffer from the same performance problem. Bug fixes: * Fix fat builds for x86_64 windows, these appear to never have worked. Optimizations: * New ARM64 implementation of AES, GCM, Chacha, SHA1 and SHA256, for processors supporting crypto extensions. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New s390x implementation of AES, GCM, Chacha, memxor, SHA1, SHA256, SHA512 and SHA3. Great speedups, and fat builds are supported. Contributed by Mamone Tarsha. * New PPC64 assembly for ecc modulo/redc operations, contributed by Amitay Isaacs, Martin Schwenke and Alastair DīSilva. * The x86_64 AES implementation using aesni instructions has been reorganized with one separate function per key size, each interleaving the processing of two blocks at a time (when the caller processes multiple blocks with each call). This gives a modest performance improvement on some processors. * Rewritten and faster x86_64 poly1305 assembly. - drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8) ==== milou5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: milou5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== monitoring-plugins ==== Subpackages: monitoring-plugins-breeze monitoring-plugins-by_ssh monitoring-plugins-cluster monitoring-plugins-common monitoring-plugins-dhcp monitoring-plugins-dig monitoring-plugins-disk monitoring-plugins-disk_smb monitoring-plugins-dns monitoring-plugins-dummy monitoring-plugins-file_age monitoring-plugins-flexlm monitoring-plugins-http monitoring-plugins-icmp monitoring-plugins-ide_smart monitoring-plugins-ifoperstatus monitoring-plugins-ifstatus monitoring-plugins-ircd monitoring-plugins-load monitoring-plugins-log monitoring-plugins-mailq monitoring-plugins-mrtg monitoring-plugins-mrtgtraf monitoring-plugins-nt monitoring-plugins-ntp_peer monitoring-plugins-ntp_time monitoring-plugins-nwstat monitoring-plugins-oracle monitoring-plugins-overcr monitoring-plugins-ping monitoring-plugins-procs monitoring-plugins-real monitoring-plugins-rpc monitoring-plugins-sensors monitoring-plugins-smtp monitoring-plugins-ssh monitoring-plugins-swap monitoring-plugins-tcp monitoring-plugins-time monitoring-plugins-ups monitoring-plugins-users monitoring-plugins-wave - added monitoring-plugins-2.3.1-check_by_ssh.patch Adds "-U" flag, which causes a 255 exit value from ssh(1), which indicates a connection failure, to return UNKNOWN instead of CRITICAL. (issue #1123) ==== mpg123 ==== Version update (1.30.0 -> 1.30.1) Subpackages: libmpg123-0 mpg123-openal - Update to version 1.30.1 mpg123: * Show stderr of network helpers in -vvv mode. * Use curl --http0.9, if available, to support shoutcast v1 streams without wget (wget not needing such switch, yet). * Support file:// URLs for local access as was intended with the last release. * Give more helpful error message if neither wget nor curl are usable, also allow error messages from curl to appear when not --quiet. * Update the man page. ==== ncurses ==== Version update (6.3.20220618 -> 6.3.20220709) Subpackages: libncurses6 ncurses-utils terminfo terminfo-base terminfo-iterm terminfo-screen - Add ncurses patch 20220709 + lock the prescreen data consistently in newterm, etc., for the pthreads configuration (report by Tom de Vries). - Add ncurses patch 20220703 + add consistency check in tic for u6/u7/u8/u9 and NQ capabilities. + use NQ to flag entries where the terminal does not support query and response -TD + use ansi+enq and decid+cpr in cases where the terminal probably supported the u6-u9 extension -TD + add/use apollo+vt132, xterm+alt47 -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif - Add ncurses patch 20220625 + improve man/curs_bkgd.3x, explaining that bkgdset can affect results for bkgd (report by Anton Vidovic). + correct dsl in dec+sl (report by Rajeev Pillai) -TD + add/use ansi+cpr, decid+cpr -TD - Correct offsets of patches * ncurses-5.9-ibm327x.dif * ncurses-6.3.dif ==== net-snmp ==== Subpackages: perl-SNMP snmp-mibs - Rename libsnmp40 subpackage to libsnmp39: the libraries are all having soversion 39. ==== nghttp2 ==== Version update (1.47.0 -> 1.48.0) - update to 1.48.0: * lib: Allow server to override RFC 9218 stream priority * lib: Add a server option to fallback to RFC 7540 priorities * lib: Add PRIORITY_UPDATE frame support * lib: Implement RFC 9218 extensible prioritization scheme * lib: Do not verify host field specific characters for response field * lib: No rfc7540 priorities * lib: Fix stream stall when initial window size is decreased * doc: Document how to change stream prioritization scheme * build: Compile with libressl 3.5 * build: EXTRA_DIST: List mruby files explicitly * build: Bump ngtcp2 and nghttp3 * build: Do not check application libraries if --enable-lib-only is given * src: Update default TLS cipher suites * nghttpx, h2load: Better pack UDP packets in one GSO write * nghttpx, h2load: Quic error handling * nghttpx, h2load: Fix QUIC performance regression * nghttp, nghttpd, nghttpx: Add ktls support * h2load: Send more packets without GSO per event loop * h2load: Add ktls support * nghttpd: Fix TLS read stall * nghttpx: Disable RFC 7540 priorities * nghttpx: Client always uses simpler TLS handshake * nghttpx: Add affinity-cookie-stickiness backend parameter * nghttpx: Fix broken session affinity * nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit * integration: Go update * integration: Add go.mod * third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d * third-party: Bump libbpf to v0.8.0 * third-party: Bump mruby to 3.1.0 * third-party: Bump neverbleed based on the latest head (GH-1708) ==== oxygen5-sounds ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-enhanced_base patterns-base-minimal_base patterns-base-selinux patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Have the base pattern recommend service(network) ==== patterns-fonts ==== Subpackages: patterns-fonts-fonts patterns-fonts-fonts_opt - Revert to recommend noto-sans-fonts only, noto-fonts and noto-sans-cjk-fonts are too much. ==== pcsc-cyberjack ==== Version update (3.99.5final.SP14 -> 3.99.5final.SP15) - update to 3.99.5 Service Pack 15 * add REINER SCT cyberJack wave HUN * add REINER SCT cyberJack RFID komfort FON - update supplements device list ==== perl ==== Version update (5.34.1 -> 5.36.0) Subpackages: perl-base perl-doc - Update to 5.36.0 * the signatures and isa features are no longer experimental and part of the v5.36 feature bundle * the v5.36 bundle also enables warnings * new '-g' command line flag (alias for -0777) * support for unicode 14.0 * regex sets are no longer considered experimental * experimental iterating over multiple values at a time * experimental new builtin module * experimental defer blocks * try/catch can now have a finally block * experimental non-ASCII delimiters for quote-like operators * a physically empty sort is now a compile-time error - Rebase perl-5.34.0.dif to perl-5.36.0.diff - Refresh perl-5.18.2-overflow.diff ==== perl-Crypt-OpenSSL-RSA ==== Version update (0.32 -> 0.33) - updated to 0.33 see /usr/share/doc/packages/perl-Crypt-OpenSSL-RSA/Changes 0.33 July 7 2022 - Update for windows github CI - Remove duplicit 'LICENSE' key - Remove EUMM Remove version check - #31 by removing reference to RSA_SSLV23_PADDING (removed from OpenSSL starting from v3.0.0) - support passphase protected private key load - fix 'unsupported encryption' error on old library versions - Clarify croak message for missing passphrase on older cyphers - More structs opaqued in LibreSSL 3.5 - Use a macro for dealing with older SSL lacking macros - more CI fixups. Drop testing for 5.10 and 5.8. Something is broken upstream. ==== perl-MIME-tools ==== Version update (5.509 -> 5.510) - updated to 5.510 see /usr/share/doc/packages/perl-MIME-tools/ChangeLog ==== perl-URI ==== Version update (5.10 -> 5.12) - updated to 5.12 see /usr/share/doc/packages/perl-URI/Changes 5.12 2022-07-10 23:48:50Z - Fix an issue where i.e. 'file:///tmp/###' was not properly escaped. A non-existing authority part was accidentally processed. Details: https://github.com/libwww-perl/URI/issues/102 (GH#102) (Perlbotics) - Reverts to previous behavior (5.10) for 'mailto:' scheme for escaping square brackets. 5.11 2022-07-04 20:53:38Z - Fix some typos in URI::file (GH#94) (Olaf Alders) - Escape square brackets in path (GH#100) (Perlbotics) - Fix storable.t (GH#97) (Shoichi Kaji) ==== plasma-browser-integration ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma-browser-integration-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma-nm5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma-nm5-lang plasma-nm5-openconnect plasma-nm5-openvpn plasma-nm5-pptp plasma-nm5-vpnc - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-addons ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma5-addons-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * wallpapers/potd: only pass 1920x1080 or 3840x2160 to bing provider * switchers/thumbnails: Fix icon cropped when text is large enough (kde#451997) * switchers/compact: Fix dialog sizes not getting updated (kde#422447) * switchers/thumbnailgrid: Fix layout when window count changes (kde#441241) ==== plasma5-desktop ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma5-desktop-emojier - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * [applets/pager] Round displayed window geometry to avoid size "jumps" (kde#456488) * [applets/pager] Fix switching desktops on drag & hover (kde#416878) * applets/kicker: check model count before porting old favorite items (kde#456411) * applets/kickoff: remove highlight visibility conditions (kde#448526) * Fix translation domain for KRunner KCM (kde#455624) * desktoppackage: add `Accessible.name` to email button * [kcms/componentchooser] Pass parent window to ksycoca progress dialog * applets/kickoff: fix grid delegate tooltips not appearing on hover * [kcms/tablet] Fix crash when opening KCM for the second time (kde#451233) * applets/kickoff: Prevent empty menu from opening (kde#455927) * applets/taskmanager: press space to activate task * Fixup bf55b39: change Kirigami import version to 2.19 * panel: import version of Kirigami that supports InputMethod.willShowOnActive * Make the Keyboard KCM config spare layout spinbox enable the Save button (Fixes #36) ==== plasma5-disks ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-integration ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma5-integration-plugin plasma5-integration-plugin-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-openSUSE ==== Subpackages: plasma5-defaults-openSUSE plasma5-theme-openSUSE plasma5-workspace-branding-openSUSE sddm-theme-openSUSE - Update to 5.25.3 ==== plasma5-pa ==== Version update (5.25.2 -> 5.25.3) Subpackages: plasma5-pa-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-systemmonitor ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-thunderbolt ==== Version update (5.25.2 -> 5.25.3) - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== plasma5-workspace ==== Version update (5.25.2 -> 5.25.3) Subpackages: gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy - Add patch to fix the lock screen (kde#456639): * 0001-Fix-non-functional-lockscreen-due-to-bad-cherry-pick.patch - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * Guard against cursor theme changing in animation timer (kde#456526) * Fix "PanelSpacer::containmentGraphicObject()" plasmashell segfault (kde#450663) * Fix StatusNotifierItem MidClick (kde#456466) * kcms/lookandfeel: Set all defaults when saving the default package (kde#456275) * kcms/colors: Properly apply tinting to the window titlebar (kde#455395,kde#454047) * [kcms/icons] Pass parent window to ksycoca progress dialog * applets/kicker: Get rid of a separator just above title menu item (kde#449132) * Fix password field in lock screen not clearing after failed login attempt (kde#455227) ==== plymouth ==== Subpackages: libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-lang plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Add 0004-label-ft-fix-alignment.patch: to fix alignment with label-ft in some cases (boo#959986). ==== polkit-kde-agent-5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: polkit-kde-agent-5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== powerdevil5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: powerdevil5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== python-M2Crypto ==== - Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657, bsc#1178829), which mitigates the Bleichenbacher timing attacks in the RSA decryption API. - Add python-M2Crypto.keyring to verify GPG signature of tarball. ==== python-argcomplete ==== Version update (1.12.3 -> 2.0.0) - update to 2.0.0: * Truncate input after cursor. * Support of path completion in fish * Drop support for Python 2.7 and 3.5 * Add support for Python 3.10 * Test, documentation, and release infrastructure improvements ==== python-pycares ==== Version update (4.0.0 -> 4.2.1) - specfile: * update copyright year - update to version 4.2.1: * core: add flexible member to ares_addrinfo to fix c-ares 1.18 - changes from version 4.2.0: * tests: ignoring 2 tests due to dead servers * tests: updated google TXT records for an outdated test * deps: update bundled c-ares - changes from version 4.1.2: * build: add PYPIREADME.rst to manifest - changes from version 4.1.1: * misc: add PyPI README without images * misc: update c-ares URL - changes from version 4.1.0: * ci: use stable 3.10, rather than dev * core: add support for Python 3.10 * doc: fix typo in README * doc: updatee changelog * doc: uppdate README * core: add support for CAA queries * core: add support for getaddrinfo() * doc: update README * core: add ability to use the system installed c-ares ==== redis ==== Version update (7.0.2 -> 7.0.3) - Update to version 7.0.3 * Performance and resource utilization improvements - Optimize zset conversion on large ZRANGESTORE (#10789) - Optimize the performance of sending PING on large clusters (#10624) - Allow for faster restart of Redis in cluster mode (#10912) * INFO fields and introspection changes - Add missing sharded pubsub keychannel count to CLIENT LIST (#10895) - Add missing pubsubshard_channels field in INFO STATS (#10929) * Module API changes - Add RM_StringToULongLong and RM_CreateStringFromULongLong (#10889) - Add RM_SetClientNameById and RM_GetClientNameById (#10839) * Changes in CLI tools - Add missing cluster-port support to redis-cli --cluster (#10344) * Other General Improvements - Account sharded pubsub channels memory consumption (#10925) - Allow ECHO in loading and stale modes (#10853) - Cluster: Throw -TRYAGAIN instead of -ASK on migrating nodes for multi-key - commands when the node only has some of the keys (#9526) * Bug Fixes - TLS: Notify clients on connection shutdown (#10931) - Fsync directory while persisting AOF manifest, RDB file, and config file (#10737) - Script that made modification will not break with unexpected NOREPLICAS error (#10855) - Cluster: Fix a bug where nodes may not acknowledge a CLUSTER FAILOVER TAKEOVER - after a replica reboots (#10798) - Cluster: Fix crash during handshake and cluster shards call (#10942) * Fixes for issues in previous releases of Redis 7.0 - TLS: Fix issues with large replies (#10909) - Correctly report the startup warning for vm.overcommit_memory (#10841) - redis-server command line allow passing config name and value in the same argument (#10866) - Support --save command line argument with no value for backwards compatibility (#10866) - Fix CLUSTER RESET command regression requiring an argument (#10898) ==== rubygem-ruby-dbus ==== Version update (0.18.0.beta8 -> 0.18.1) - 0.18.1 Most important change since 0.17.0: * Introduced DBus::Data classes, use them in Properties.Get, Properties.GetAll to return correct types as declared (gh#mvidner/ruby-dbus#97). ==== selinux-policy ==== Subpackages: selinux-policy-targeted - Update fix_systemd.patch to add cap sys_admin and kernel_dgram_send for systemd_gpt_generator_t (bsc#1200911) - postfix: Label PID files and some helpers correctly (bsc#1197242) ==== speex ==== Version update (1.2 -> 1.2.1) - update to 1.2.1: * Check for _WIN32 instead of WIN32 in preprocessor checks * wav_io: check for EOF when seeking in wav (fixes hang discovered by fuzzing) * CI: add gitlab CI integration * fixed-point: make left shift macros use unsigned to avoid undefined behaviour * math_approx: use unsigned int for LCG pseudorandom generator (avoids integer overflow) * oss-fuzz: add integration and fuzzing target * speexenc: guard against invalid channel numbers) * speexdec: make left shift macros use unsigned to avoid undefined behaviour * autotools: do not use deprecated macros - drop speex-CVE-2020-23903.patch (upstream) ==== sqlite3 ==== Version update (3.38.5 -> 3.39.0) Subpackages: libsqlite3-0 sqlite3-tcl - update to 3.39.0: * Add (long overdue) support for RIGHT and FULL OUTER JOIN * Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT FROM that are equivalent to IS and IS NOT, respective, for compatibility with PostgreSQL and SQL standards * Add a new return code (value "3") from the sqlite3_vtab_distinct() interface that indicates a query that has both DISTINCT and ORDER BY clauses * Added the sqlite3_db_name() interface * The unix os interface resolves all symbolic links in database filenames to create a canonical name for the database before the file is opened * Defer materializing views until the materialization is actually needed, thus avoiding unnecessary work if the materialization turns out to never be used * The HAVING clause of a SELECT statement is now allowed on any aggregate query, even queries that do not have a GROUP BY clause * Many microoptimizations collectively reduce CPU cycles by about 2.3%. - drop sqlite-src-3380100-atof1.patch, included upstream - add sqlite-src-3390000-func7-pg-181.patch to skip float precision related test failures on 32 bit ==== suse-module-tools ==== Version update (16.0.20 -> 16.0.21) - Update to version 16.0.21: * kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391) ==== sysconfig ==== Version update (0.85.8 -> 0.90.0) Subpackages: sysconfig-netconfig - version 0.90.0 - sysconfig: cleanup network and wicked dependencies - ppp: move /etc/ppp/ip-up to libexec directory - spec: move further executables/scripts to /usr - spec: revert to recommend wicked-service on <= 15.4 - spec: install scripts except of ip-up bellow of /usr - spec: drop (sle11) legacy migration and rpm-utils - ifuser: drop the artefact utility on >= 15.5 - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - netconfig: move scripts to a FHS conform libexec ==== systemd ==== Version update (250.6 -> 251.2) Subpackages: libsystemd0 libudev1 systemd-container systemd-devel udev - pstore is no more considered as an experimental feature: move it to udev package (bsc#1197802) - Adjust rpmlintrc for shlib-policy-name-error/multibuild case so that it's not only for x86_64. - spec: %suse_version rpm macro is already reserved and has a special meaning in openSUSE distros so rename it to %archive_version instead. - Import commit e9fc337d97539fcab23078ab3e06f6b2ce3a3c8d ca0b29521f sha256: fix compilation on efi-ia32 1bbbac6a7e test: enable virtio-rng device for QEMU guests - Upgrade to v251.2 (commit 949d6bb7201dd48167ee9716ed6278764d1f4c0f) See https://github.com/openSUSE/systemd/blob/SUSE/v251/NEWS for details. This includes the following bug fixes: - upstream commit e6b169418369abbc88c8f622e02e1d704a23d4ef (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570) * Rebased 0001-conf-parser-introduce-early-drop-ins.patch * systemd-testsuite now requires python3-pexpect due to TEST-69-SHUTDOWN relying on this module. * sysusers.d/systemd-network.conf has been moved to systemd-network sub-package since the tmpfiles configuration snippets for networkd has also been moved to this sub-package. ==== systemsettings5 ==== Version update (5.25.2 -> 5.25.3) Subpackages: systemsettings5-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - No code changes since 5.25.2 ==== texlive ==== Subpackages: libkpathsea6 libsynctex2 - Require correct perl(Biber) version - add biber-missing-semicolon.patch * supports perl 5.36 - use biber version number - use https for urls - reference full download url for biber for source verification - use negative listing approach for luajit determination ==== tpm2-0-tss ==== Version update (3.1.0 -> 3.2.0) Subpackages: libtss2-esys0 libtss2-mu0 libtss2-rc0 libtss2-sys1 - Revert "Add version the configuration file tpm2-tss-fapi.conf" This generate whitelist problems in rpmlint. - Update to 3.2.0 + Fixed * FAPI: fix curl_url_set call * FAPI: Fix usage of curl url (Should fix Ubuntu 22.04) * Fix buffer upcast leading to misalignment * Fix check whether SM3 is available * Update git.mk to support R/O src-dir * Fixed file descriptor leak when tcti initialization failed. * 32 Bit builds of the integration tests. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * Enable creation of tss group and user on systems with busybox for fapi. * One fapi integration test did change the auth value of the storage hierarchy. * A leak in fapi crypto with ossl3 was fixed. * Add initial camelia support to FAPI * Fix tests of fapi PCR * Fix tests of ACT functionality if not supported by pTPM * Fix compiler (unused) warning when building without debug logging * Fix leaks in error cases of integration tests * Fix memory leak after ifapi_init_primary_finish failed * Fix double-close of stream in FAPI * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Make scripts compatible with non-posix shells where test does not know -a and -o. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs * Added support for SM2, SM3 and SM4. * Added support for OpenSSL 3.0.0. * Added authPolicy field to the TPMU_CAPABILITIES union. * Added actData field to the TPMU_CAPABILITIES union. * Added TPM2_CAP_AUTH_POLICIES * Added TPM2_CAP_ACT constants. * Added updates to the marshalling and unmarshalling of the TPMU_CAPABILITIES union. * Added updated to the FAPI serializations and deserializations of the TPMU_CAPABILITIES union and associated types. * Add CODE_OF_CONDUCT * tcti-mssim and tcti-swtpm gained support for UDX communication * Missing constant for TPM2_RH_PW + Removed * Removed support for OpenSSL < 1.1.0. * Marked TPMS_ALGORITHM_DESCRIPTION and corresponding MU routines as deprecated. * Those were errorous typedefs that are not use and not useful. So we will remove this with 3.3 * Marked TPM2_RS_PW as deprecated. Use TPM2_RH_PW instead. - Update to 3.1.1 + Fixed * Fixed file descriptor leak when tcti initialization failed. * Primary key creation, in some cases the unique field was not cleared before calling create primary. * Primary keys was used for signing the object were cleared after loading. So access e.g. to the certificate did not work. * Primary keys created with Fapi_Create with an auth value, the auth_value was not used in inSensitive to recreate the primary key. Now the auth value callback is used to initialize inSensitive. * The not possible usage of policies for primary keys generated with Fapi_CreatePrimary has been fixed. * An infinite loop when parsing erroneous JSON was fixed in FAPI. * A buffer overflow in ESAPI xor parameter obfuscation was fixed. * Certificates could be read only once in one application The setting the init state of the state automaton for getting certificates was fixed. * A double free when executing policy action was fixed. * A leak in Fapi_Quote was fixed. * The wrong file locking in FAPI IO was fixed. * One fapi integration test did change the auth value of the storage hierarchy. * Fix test of FAPI PCR * Fix leaks in error cases of integration tests * Fix segfault when ESYS_TR_NONE is passed to Esys_TR_GetName * Fix the authorization of hierarchy objects used in policy secret. * Fix check of qualifying data in Fapi_VerifyQuote. * Fix some leaks in FAPI error cases. * Fix usage of variable not initialized when fapi keystore is empty. + Added * Add additional IFX root CAs ==== u-boot-rpiarm64 ==== Version update (2022.04 -> 2022.07) Subpackages: u-boot-rpiarm64-doc - Update to 2022.07 - Update to 2022.07-rc6 - Drop obsolete 0015-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch - Add rbrom command to enter mask rom on Rockchip devices + 0015-cmd-boot-add-brom-cmd-to-reboot-to-.patch - Add rbrom command to enter mask rom on Allwinner devices + 0016-cmd-boot-add-brom-cmd-to-reboot-to-.patch - ATF is required to boot rk3399. Do not build without it (boo#1201120). ==== vlc ==== Subpackages: libvlc5 libvlccore9 vlc-codec-gstreamer vlc-lang vlc-noX vlc-qt vlc-vdpau - Limit to Lua < 5.4 (boo#1200944). ==== wavpack ==== Version update (5.4.0 -> 5.5.0) - update to 5.5.0: * fixed: CVE-2021-44269 (encoding crafted DSD file triggers OOB read crash) * fixed: very long filenames cause stack-overflow crash in all CLI programs * fixed: the length stored in WAV headers not always corrected when using -i * fixed: attempting to encode raw DSD audio from stdin sometimes causes crash * fixed: DSD to PCM decimation: small clicks between tracks and tiny DC offset * fixed: length update in library-generated WAV headers on big-endian machines * fixed: sanitize custom extensions read from WavPack files to be alphanumeric * added: accepting brace-delimited options in the wavpack executable filename * added: "--drop" option to Windows executables for multi-file "drag-and-drop" * added" "--raw-pcm" option to wvunpack executable (does DSD --> 24-bit PCM) * added: "--no-overwrite" option to wavpack executable (to resume sessions) * improved: build system clean-up including switch to non-recursive "make" - drop wavpack-CVE-2021-44269.patch (upstream) - add doc subpackage ==== xdg-desktop-portal-kde ==== Version update (5.25.2 -> 5.25.3) Subpackages: xdg-desktop-portal-kde-lang - Update to 5.25.3 * New bugfix release * For more details please see: * https://kde.org/announcements/plasma/5/5.25.3 - Changes since 5.25.2: * AppChooser: Address error message * Screencast: fix window stream restoration ==== xmessage ==== Version update (1.0.5 -> 1.0.6) - Update to version 1.0.6 * Update configure.ac bug URL for gitlab migration * gitlab CI: add a basic build test * Build xz tarballs instead of bzip2 * Stop casting arguments to free() * Stop casting function return values to void * gitlab CI: stop requiring Signed-off-by in commits ==== xorg-x11-fonts ==== Subpackages: xorg-x11-fonts-core xorg-x11-fonts-legacy - encodings 1.0.6 gitlab CI: add a basic build test Build xz tarballs instead of bzip2 adjust descriptions for the Unicode mapping to match the Unicode.org data file. add mapping for 0x80-0x9f, as per Unicode.org data files. use descriptions from UnicodeData.txt except for two obsolete or incorrect maps correct a typo (in original), and use appropriate description use Armenian eternity symbol from Unicode 6. whitespace-only changes for consistency, using luit's annotate-enc script add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, with annotate-enc add descriptions from UnicodeData.txt, with annotate-enc whitespace-only, reformat with annotate-enc ==== xorg-x11-fonts-converted ==== - encodings 1.0.6 gitlab CI: add a basic build test Build xz tarballs instead of bzip2 adjust descriptions for the Unicode mapping to match the Unicode.org data file. add mapping for 0x80-0x9f, as per Unicode.org data files. use descriptions from UnicodeData.txt except for two obsolete or incorrect maps correct a typo (in original), and use appropriate description use Armenian eternity symbol from Unicode 6. whitespace-only changes for consistency, using luit's annotate-enc script add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, using annotate-enc add descriptions from UnicodeData.txt, with annotate-enc add descriptions from UnicodeData.txt, with annotate-enc whitespace-only, reformat with annotate-enc ==== xorg-x11-server ==== Subpackages: xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk - U_boo1194181-001-xkb-swap-XkbSetDeviceInfo-and-XkbSetDeviceInfoCheck.patch * Out-Of-Bounds Access in CheckSetDeviceIndicators() (CVE-2022-2320, ZDI-CAN-16070, bsc#1194181) - U_boo1194179-001-xkb-rename-xkb_h-to-xkb-procs_h.patch, U_boo1194179-002-xkb-add-request-length-validation-for-XkbSetGeometry.patch * Out-Of-Bounds Access in _CheckSetSections() (CVE-2022-2319, ZDI-CAN-16062, bsc#1194179) ==== xwayland ==== Version update (22.1.2 -> 22.1.3) - Update to version 22.1.3 * os: print if unw_is_signal_frame() * os: print registers in the libunwind version of xorg_backtrace() * xwayland/present: Do not send two idle notify events for flip pixmaps * xwayland: Fix check logic in sprite_check_lost_focus() * xwayland: Change randr_output status when call xwl_output_remove() * xkb: switch to array index loops to moving pointers * xkb: swap XkbSetDeviceInfo and XkbSetDeviceInfoCheck * xkb: add request length validation for XkbSetGeometry ==== yast2-perl-bindings ==== Version update (4.5.0 -> 4.5.1) - Adapted to new Perl-5.36.0 API (bsc#1200990) Details: https://github.com/yast/yast-perl-bindings/pull/30 - 4.5.1 ==== yast2-services-manager ==== Version update (4.5.0 -> 4.5.1) - Explicitly pull in systemctl for buildtime tests (jsc#SMO-84) - 4.5.1