Packages changed: btrfsprogs (5.4 -> 5.4.1) chrony glibc (2.30 -> 2.31) grep (3.3 -> 3.4) issue-generator (1.7 -> 1.8) kernel-firmware (20200122 -> 20200207) kernel-source (5.5.2 -> 5.5.4) libeconf (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69) libxcrypt (4.4.10 -> 4.4.12) openssh patterns-microos podman (1.7.0 -> 1.8.0) sudo (1.8.28p1 -> 1.8.31) === Details === ==== btrfsprogs ==== Version update (5.4 -> 5.4.1) Subpackages: btrfsprogs-udev-rules libbtrfs0 - Update to 5.4.1 * build: fix docbook5 build * check: do extra verification of extent items, inode items and chunks * qgroup: return ENOTCONN if quotas not running (needs updated kernel) * other: various test fixups ==== chrony ==== - Add chrony-test-update-processing-of-packet-log.patch in order to fix test-suite failure. - Update clknetsim to version 79ffe44 (fixes boo#1162964). - Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch. ==== glibc ==== Version update (2.30 -> 2.31) Subpackages: glibc-locale glibc-locale-base - nsswitch.conf: comment out initgroups setting, so that it defaults to the group setting (bsc#1164075) - fix-locking-in-_IO_cleanup.patch: update to latest version - Update to glibc 2.31 * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to enable features from the draft ISO C2X standard * The functions that round their results to a narrower type now have corresponding type-generic macros in * The function pthread_clockjoin_np has been added, enabling join with a terminated thread with a specific clock * New locale added: mnw_MM (Mon language spoken in Myanmar). * The DNS stub resolver will optionally send the AD (authenticated data) bit in queries if the trust-ad option is set via the options directive in /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options) * The totalorder and totalordermag functions, and the corresponding functions for other floating-point types, now take pointer arguments to avoid signaling NaNs possibly being converted to quiet NaNs in argument passing * The obsolete function stime is no longer available to newly linked binaries, and its declaration has been removed from * The gettimeofday function no longer reports information about a system-wide time zone * If a lazy binding failure happens during dlopen, during the execution of an ELF constructor, the process is now terminated - malloc-info-whitespace.patch, riscv-vfork.patch, prefer-map-32bit-exec.patch, backtrace-powerpc.patch, ldconfig-dynstr.patch: Removed. - backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC (bsc#1158996, BZ #25423) - Drop support for pluggable gconv modules (bsc#1159851) ==== grep ==== Version update (3.3 -> 3.4) - Switch back to system regex to avoid undefined behaviour - grep 3.4: * new --no-ignore-case option causes grep to observe case distinctions, overriding any previous -i (--ignore-case) option * '.' no longer matches some invalid byte sequences in UTF-8 locales * grep -Fw can no longer false match in non-UTF-8 multibyte locales * The exit status of 'grep -L' is no longer incorrect when standard output is /dev/null * fix some performance bugs - drop test-pcre-jitstack.diff ==== issue-generator ==== Version update (1.7 -> 1.8) - Update to version 1.8 - Handle network interface renames ==== kernel-firmware ==== Version update (20200122 -> 20200207) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20200207 (git commit 6f89735800fe): * rtl_nic: update firmware for RTL8153A * rtl_bt: Update RTL8822C BT FW to V0x0998_C2B4 * linux-firmware: add firmware for MT7622 * linux-firmware: add version 2 for MT7615E * amdgpu: update to latest navi10 firmware from 19.50 * Revert "radeon: update oland rlc microcode from amdgpu" * amlogic: update video decoder firmwares * amdgpu: add renoir firmware for 19.50 * amdgpu: update raven2 firmware for 19.50 * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.12.A.13 * qca: update bluetooth firmware for QCA6174 - Update topics and alias list ==== kernel-source ==== Version update (5.5.2 -> 5.5.4) - bcache: fix incorrect data type usage in btree_flush_write() (git-fixes). - commit 119f9ca - Linux 5.5.4 (bnc#1012628). - selinux: fall back to ref-walk if audit is required (bnc#1012628). - libertas: make lbs_ibss_join_existing() return error code on rates overflow (bnc#1012628). - libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held (bnc#1012628). - mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (bnc#1012628). - mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (bnc#1012628). - dmaengine: axi-dmac: add a check for devm_regmap_init_mmio (bnc#1012628). - clk: meson: g12a: fix missing uart2 in regmap table (bnc#1012628). - mfd: max77650: Select REGMAP_IRQ in Kconfig (bnc#1012628). - regmap: fix writes to non incrementing registers (bnc#1012628). - pinctrl: qcom: Don't lock around irq_set_irq_wake() (bnc#1012628). - pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B (bnc#1012628). - pinctrl: sh-pfc: r8a77965: Fix DU_DOTCLKIN3 drive/bias control (bnc#1012628). - pinctrl: baytrail: Allocate IRQ chip dynamic (bnc#1012628). - selinux: fix regression introduced by move_mount(2) syscall (bnc#1012628). - selinux: revert "stop passing MAY_NOT_BLOCK to the AVC upon follow_link" (bnc#1012628). - x86/alternatives: add missing insn.h include (bnc#1012628). - bcache: avoid unnecessary btree nodes flushing in btree_flush_write() (bnc#1012628). - ASoC: soc-generic-dmaengine-pcm: Fix error handling (bnc#1012628). - dt-bindings: iio: adc: ad7606: Fix wrong maxItems value (bnc#1012628). - i2c: cros-ec-tunnel: Fix ACPI identifier (bnc#1012628). - i2c: cros-ec-tunnel: Fix slave device enumeration (bnc#1012628). - media: i2c: adv748x: Fix unsafe macros (bnc#1012628). - drivers: watchdog: stm32_iwdg: set WDOG_HW_RUNNING at probe (bnc#1012628). - crypto: caam/qi2 - fix typo in algorithm's driver name (bnc#1012628). - crypto: atmel-sha - fix error handling when setting hmac key (bnc#1012628). - crypto: artpec6 - return correct error code for failed setkey() (bnc#1012628). - crypto: testmgr - don't try to decrypt uninitialized buffers (bnc#1012628). - mtd: sharpslpart: Fix unsigned comparison to zero (bnc#1012628). - mtd: onenand_base: Adjust indentation in onenand_read_ops_nolock (bnc#1012628). - arm64: kvm: Fix IDMAP overlap with HYP VA (bnc#1012628). - arm64: nofpsmid: Handle TIF_FOREIGN_FPSTATE flag cleanly (bnc#1012628). - KVM: arm64: Treat emulated TVAL TimerValue as a signed 32-bit integer (bnc#1012628). - KVM: arm64: pmu: Fix chained SW_INCR counters (bnc#1012628). - KVM: arm64: pmu: Don't increment SW_INCR if PMCR.E is unset (bnc#1012628). - KVM: arm: Make inject_abt32() inject an external abort instead (bnc#1012628). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bnc#1012628). - KVM: arm/arm64: Fix young bit from mmu notifier (bnc#1012628). - crypto: arm/chacha - fix build failured when kernel mode NEON is disabled (bnc#1012628). - arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (bnc#1012628). - arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (bnc#1012628). - arm64: cpufeature: Fix the type of no FP/SIMD capability (bnc#1012628). - arm64: kernel: Correct annotation of end of el0_sync (bnc#1012628). - sched/uclamp: Fix a bug in propagating uclamp value in new cgroups (bnc#1012628). - ARM: 8949/1: mm: mark free_memmap as __init (bnc#1012628). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bnc#1012628). - ARM: at91: pm: use of_device_id array to find the proper shdwc node (bnc#1012628). - ARM: at91: pm: use SAM9X60 PMC's compatible (bnc#1012628). - iommu/arm-smmu-v3: Populate VMID field for CMDQ_OP_TLBI_NH_VA (bnc#1012628). - powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW (bnc#1012628). - powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning (bnc#1012628). - powerpc/papr_scm: Fix leaking 'bus_desc.provider_name' in some paths (bnc#1012628). - powerpc/ptdump: Only enable PPC_CHECK_WX with STRICT_KERNEL_RWX (bnc#1012628). - powerpc/ptdump: Fix W+X verification call in mark_rodata_ro() (bnc#1012628). - Revert "powerpc/pseries/iommu: Don't use dma_iommu_ops on secure guests" (bnc#1012628). - soc: qcom: rpmhpd: Set 'active_only' for active only power domains (bnc#1012628). - tools/power/acpi: fix compilation error (bnc#1012628). - ARM: dts: at91: sama5d3: define clock rate range for tcb1 (bnc#1012628). - ARM: dts: at91: sama5d3: fix maximum peripheral clock rates (bnc#1012628). - ARM: dts: meson8b: use the actual frequency for the GPU's 364MHz OPP (bnc#1012628). - ARM: dts: meson8: use the actual frequency for the GPU's 182.1MHz OPP (bnc#1012628). - arm64: dts: marvell: clearfog-gt-8k: fix switch cpu port node (bnc#1012628). - arm64: dts: renesas: r8a77990: ebisu: Remove clkout-lr-synchronous from sound (bnc#1012628). - ARM: dts: am43xx: add support for clkout1 clock (bnc#1012628). - ARM: dts: at91: Reenable UART TX pull-ups (bnc#1012628). - arm64: dts: qcom: msm8998-mtp: Add alias for blsp1_uart3 (bnc#1012628). - arm64: dts: uDPU: fix broken ethernet (bnc#1012628). - arm64: dts: qcom: msm8998: Fix tcsr syscon size (bnc#1012628). - platform/x86: intel_mid_powerbtn: Take a copy of ddata (bnc#1012628). - ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node (bnc#1012628). - MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init() (bnc#1012628). - watchdog: qcom: Use platform_get_irq_optional() for bark irq (bnc#1012628). - rtc: cmos: Stop using shared IRQ (bnc#1012628). - rtc: hym8563: Return -EINVAL if the time is known to be invalid (bnc#1012628). - rtc: mt6397: drop free_irq of devm_ allocated irq (bnc#1012628). - netdevsim: use __GFP_NOWARN to avoid memalloc warning (bnc#1012628). - netdevsim: fix panic in nsim_dev_take_snapshot_write() (bnc#1012628). - netdevsim: disable devlink reload when resources are being used (bnc#1012628). - netdevsim: fix using uninitialized resources (bnc#1012628). - mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap (bnc#1012628). - bpf, sockmap: Check update requirements after locking (bnc#1012628). - bpf: Improve bucket_log calculation logic (bnc#1012628). - selftests/bpf: Test freeing sockmap/sockhash with a socket in it (bnc#1012628). - bpf, sockhash: Synchronize_rcu before free'ing map (bnc#1012628). - bpf, sockmap: Don't sleep while holding RCU lock on tear-down (bnc#1012628). - bpftool: Don't crash on missing xlated program instructions (bnc#1012628). - x86/boot: Handle malformed SRAT tables during early ACPI parsing (bnc#1012628). - NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals (bnc#1012628). - NFSv4: try lease recovery on NFS4ERR_EXPIRED (bnc#1012628). - NFSv4: pnfs_roc() must use cred_fscmp() to compare creds (bnc#1012628). - NFS: Fix fix of show_nfs_errors (bnc#1012628). - NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() (bnc#1012628). - NFS: Revalidate the file size on a fatal write error (bnc#1012628). - nfs: NFS_SWAP should depend on SWAP (bnc#1012628). - NFSv4.x recover from pre-mature loss of openstateid (bnc#1012628). - netfilter: flowtable: Fix missing flush hardware on table free (bnc#1012628). - netfilter: flowtable: Fix hardware flush order on nf_flow_table_cleanup (bnc#1012628). - netfilter: flowtable: restrict flow dissector match on meta ingress device (bnc#1012628). - netfilter: flowtable: fetch stats only if flow is still alive (bnc#1012628). - iwlwifi: mvm: fix TDLS discovery with the new firmware API (bnc#1012628). - iwlwifi: mvm: avoid use after free for pmsr request (bnc#1012628). - PCI/AER: Initialize aer_fifo (bnc#1012628). - PCI: Don't disable bridge BARs when assigning bus resources (bnc#1012628). - PCI: tegra: Fix afi_pex2_ctrl reg offset for Tegra30 (bnc#1012628). - PCI/switchtec: Fix vep_vector_number ioread width (bnc#1012628). - PCI/switchtec: Use dma_set_mask_and_coherent() (bnc#1012628). - ath10k: pci: Only dump ATH10K_MEM_REGION_TYPE_IOREG when safe (bnc#1012628). - PCI/IOV: Fix memory leak in pci_iov_add_virtfn() (bnc#1012628). - scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails (bnc#1012628). - RDMA/umem: Fix ib_umem_find_best_pgsz() (bnc#1012628). - RDMA/cma: Fix unbalanced cm_id reference count during address resolve (bnc#1012628). - RDMA/core: Ensure that rdma_user_mmap_entry_remove() is a fence (bnc#1012628). - RDMA/mlx5: Fix handling of IOVA != user_va in ODP paths (bnc#1012628). - RDMA/uverbs: Verify MR access flags (bnc#1012628). - RDMA/core: Fix locking in ib_uverbs_event_read (bnc#1012628). - RDMA/i40iw: fix a potential NULL pointer dereference (bnc#1012628). - RDMA/netlink: Do not always generate an ACK for some netlink operations (bnc#1012628). - IB/mlx4: Fix leak in id_map_find_del (bnc#1012628). - IB/mlx5: Return the administrative GUID if exists (bnc#1012628). - IB/srp: Never use immediate data if it is disabled by a user (bnc#1012628). - IB/mlx4: Fix memory leak in add_gid error flow (bnc#1012628). - commit 271ee1b - Update config files: enable CONFIG_FW_CFG_SYSFS for arm64 (bsc#1163521) - commit d888576 - Update config files: CONFIG_NVME_HWMON=y When the config files were updated for kernel v5.5, the commit message claimed CONFIG_NVME_HWMON was to be enabled, however the configuration files themselves had the option disabled. We definitely want hardware monitoring enabled on NVME devices, so fix the configuration files to match the original intent. - commit d654690 - Linux 5.5.3 (bnc#1012628). - sparc32: fix struct ipc64_perm type definition (bnc#1012628). - bnxt_en: Move devlink_register before registering netdev (bnc#1012628). - gtp: use __GFP_NOWARN to avoid memalloc warning (bnc#1012628). - l2tp: Allow duplicate session creation with UDP (bnc#1012628). - net: hsr: fix possible NULL deref in hsr_handle_frame() (bnc#1012628). - net_sched: fix an OOB access in cls_tcindex (bnc#1012628). - net/core: Do not clear VF index for node/port GUIDs query (bnc#1012628). - net: mvneta: fix XDP support if sw bm is used as fallback (bnc#1012628). - bnxt_en: Fix TC queue mapping (bnc#1012628). - net: stmmac: Delete txtimer in suspend() (bnc#1012628). - tcp: clear tp->total_retrans in tcp_disconnect() (bnc#1012628). - tcp: clear tp->delivered in tcp_disconnect() (bnc#1012628). - tcp: clear tp->data_segs{in|out} in tcp_disconnect() (bnc#1012628). - tcp: clear tp->segs_{in|out} in tcp_disconnect() (bnc#1012628). - cls_rsvp: fix rsvp_policy (bnc#1012628). - rxrpc: Fix use-after-free in rxrpc_put_local() (bnc#1012628). - rxrpc: Fix insufficient receive notification generation (bnc#1012628). - rxrpc: Fix missing active use pinning of rxrpc_local object (bnc#1012628). - rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect (bnc#1012628). - bnxt_en: Refactor logic to re-enable SRIOV after firmware reset detected (bnc#1012628). - net: phy: at803x: disable vddio regulator (bnc#1012628). - bnxt_en: Fix RDMA driver failure with SRIOV after firmware reset (bnc#1012628). - ionic: fix rxq comp packet type mask (bnc#1012628). - MAINTAINERS: correct entries for ISDN/mISDN section (bnc#1012628). - netdevsim: fix stack-out-of-bounds in nsim_dev_debugfs_init() (bnc#1012628). - bnxt_en: Fix logic that disables Bus Master during firmware reset (bnc#1012628). - media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors (bnc#1012628). - mfd: dln2: More sanity checking for endpoints (bnc#1012628). - netfilter: ipset: fix suspicious RCU usage in find_set_and_id (bnc#1012628). - ALSA: pcm: Fix memory leak at closing a stream without hw_free (bnc#1012628). - ipc/msg.c: consolidate all xxxctl_down() functions (bnc#1012628). - tracing/kprobes: Have uname use __get_str() in print_fmt (bnc#1012628). - tracing: Fix sched switch start/stop refcount racy updates (bnc#1012628). - rcu: Use *_ONCE() to protect lockless ->expmask accesses (bnc#1012628). - rcu: Avoid data-race in rcu_gp_fqs_check_wake() (bnc#1012628). - srcu: Apply *_ONCE() to ->srcu_last_gp_end (bnc#1012628). - rcu: Use READ_ONCE() for ->expmask in rcu_read_unlock_special() (bnc#1012628). - nvmet: Fix error print message at nvmet_install_queue function (bnc#1012628). - nvmet: Fix controller use after free (bnc#1012628). - Bluetooth: btusb: fix memory leak on fw (bnc#1012628). - Bluetooth: btusb: Disable runtime suspend on Realtek devices (bnc#1012628). - brcmfmac: Fix memory leak in brcmf_usbdev_qinit (bnc#1012628). - usb: dwc3: gadget: Check END_TRANSFER completion (bnc#1012628). - usb: dwc3: gadget: Delay starting transfer (bnc#1012628). - usb: typec: tcpci: mask event interrupts when remove driver (bnc#1012628). - objtool: Silence build output (bnc#1012628). - usb: gadget: f_fs: set req->num_sgs as 0 for non-sg transfer (bnc#1012628). - usb: gadget: legacy: set max_speed to super-speed (bnc#1012628). - usb: gadget: f_ncm: Use atomic_t to track in-flight request (bnc#1012628). - usb: gadget: f_ecm: Use atomic_t to track in-flight request (bnc#1012628). - ALSA: usb-audio: Fix endianess in descriptor validation (bnc#1012628). - ALSA: usb-audio: Annotate endianess in Scarlett gen2 quirk (bnc#1012628). - ALSA: dummy: Fix PCM format loop in proc output (bnc#1012628). - memcg: fix a crash in wb_workfn when a device disappears (bnc#1012628). - mm/sparse.c: reset section's mem_map when fully deactivated (bnc#1012628). - utimes: Clamp the timestamps in notify_change() (bnc#1012628). - mm/migrate.c: also overwrite error when it is bigger than zero (bnc#1012628). - mm/memory_hotplug: fix remove_memory() lockdep splat (bnc#1012628). - mm: thp: don't need care deferred split queue in memcg charge move path (bnc#1012628). - mm: move_pages: report the number of non-attempted pages (bnc#1012628). - media/v4l2-core: set pages dirty upon releasing DMA buffers (bnc#1012628). - media: v4l2-core: compat: ignore native command codes (bnc#1012628). - media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments (bnc#1012628). - lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() (bnc#1012628). - irqdomain: Fix a memory leak in irq_domain_push_irq() (bnc#1012628). - x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR (bnc#1012628). - platform/x86: intel_scu_ipc: Fix interrupt support (bnc#1012628). - ALSA: hda: Add Clevo W65_67SB the power_save blacklist (bnc#1012628). - ALSA: hda: Add JasperLake PCI ID and codec vid (bnc#1012628). - ALSA: hda - Fix DP-MST support for NVIDIA codecs (bnc#1012628). - arm64: acpi: fix DAIF manipulation with pNMI (bnc#1012628). - KVM: arm64: Correct PSTATE on exception entry (bnc#1012628). - KVM: arm/arm64: Correct CPSR on exception entry (bnc#1012628). - KVM: arm/arm64: Correct AArch32 SPSR on exception entry (bnc#1012628). - KVM: arm64: Only sign-extend MMIO up to register width (bnc#1012628). - MIPS: syscalls: fix indentation of the 'SYSNR' message (bnc#1012628). - MIPS: fix indentation of the 'RELOCS' message (bnc#1012628). - MIPS: boot: fix typo in 'vmlinux.lzma.its' target (bnc#1012628). - MIPS: SGI-IP30: Check for valid pointer before using it (bnc#1012628). - MIPS: asm: local: add barriers for Loongson (bnc#1012628). - s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bnc#1012628). - powerpc/mmu_gather: enable RCU_TABLE_FREE even for !SMP case (bnc#1012628). - powerpc/ptdump: Fix W+X verification (bnc#1012628). - powerpc/xmon: don't access ASDR in VMs (bnc#1012628). - powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() (bnc#1012628). - powerpc/32s: Fix bad_kuap_fault() (bnc#1012628). - powerpc/32s: Fix CPU wake-up from sleep mode (bnc#1012628). - PCI/ATS: Use PF PASID for VFs (bnc#1012628). - PCI: tegra: Fix return value check of pm_runtime_get_sync() (bnc#1012628). - PCI: keystone: Fix outbound region mapping (bnc#1012628). - PCI: keystone: Fix link training retries initiation (bnc#1012628). - PCI: keystone: Fix error handling when "num-viewport" DT property is not populated (bnc#1012628). - mmc: spi: Toggle SPI polarity, do not hardcode it (bnc#1012628). - ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards (bnc#1012628). - ACPI / battery: Deal with design or full capacity being reported as -1 (bnc#1012628). - ACPI / battery: Use design-cap for capacity calculations if full-cap is not available (bnc#1012628). - ACPI / battery: Deal better with neither design nor full capacity not being reported (bnc#1012628). - smb3: fix default permissions on new files when mounting with modefromsid (bnc#1012628). - alarmtimer: Unregister wakeup source when module get fails (bnc#1012628). - fscrypt: don't print name of busy file when removing key (bnc#1012628). - ubifs: don't trigger assertion on invalid no-key filename (bnc#1012628). - ubifs: Fix wrong memory allocation (bnc#1012628). - ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag (bnc#1012628). - ubifs: Fix deadlock in concurrent bulk-read and writepage (bnc#1012628). - mmc: sdhci-of-at91: fix memleak on clk_get failure (bnc#1012628). - ASoC: tegra: Revert 24 and 32 bit support (bnc#1012628). - ASoC: topology: fix soc_tplg_fe_link_create() - link->dobj initialization order (bnc#1012628). - hv_balloon: Balloon up according to request page number (bnc#1012628). - mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile (bnc#1012628). - nvmem: imx: scu: fix write SIP (bnc#1012628). - nvmem: core: fix memory abort in cleanup path (bnc#1012628). - crypto: api - Check spawn->alg under lock in crypto_drop_spawn (bnc#1012628). - crypto: ccree - fix backlog memory leak (bnc#1012628). - crypto: ccree - fix AEAD decrypt auth fail (bnc#1012628). - crypto: ccree - fix pm wrongful error reporting (bnc#1012628). - crypto: ccree - fix FDE descriptor sequence (bnc#1012628). - crypto: ccree - fix PM race condition (bnc#1012628). - padata: Remove broken queue flushing (bnc#1012628). - fs: allow deduplication of eof block into the end of the destination file (bnc#1012628). - scripts/find-unused-docs: Fix massive false positives (bnc#1012628). - erofs: fix out-of-bound read for shifted uncompressed block (bnc#1012628). - scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (bnc#1012628). - scsi: qla2xxx: Fix stuck login session using prli_pend_timer (bnc#1012628). - scsi: qla2xxx: Fix mtcp dump collection failure (bnc#1012628). - cpupower: Revert library ABI changes from commit ae2917093fb60bdc1ed3e (bnc#1012628). - power: supply: axp20x_ac_power: Fix reporting online status (bnc#1012628). - power: supply: ltc2941-battery-gauge: fix use-after-free (bnc#1012628). - ovl: fix wrong WARN_ON() in ovl_cache_update_ino() (bnc#1012628). - ovl: fix lseek overflow on 32bit (bnc#1012628). - f2fs: fix miscounted block limit in f2fs_statfs_project() (bnc#1012628). - f2fs: code cleanup for f2fs_statfs_project() (bnc#1012628). - f2fs: fix dcache lookup of !casefolded directories (bnc#1012628). - f2fs: fix race conditions in ->d_compare() and ->d_hash() (bnc#1012628). - PM: core: Fix handling of devices deleted during system-wide resume (bnc#1012628). - cpufreq: Avoid creating excessively large stack frames (bnc#1012628). - of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc (bnc#1012628). - ARM: dma-api: fix max_pfn off-by-one error in __dma_supported() (bnc#1012628). - dm zoned: support zone sizes smaller than 128MiB (bnc#1012628). - dm space map common: fix to ensure new block isn't already in use (bnc#1012628). - dm writecache: fix incorrect flush sequence when doing SSD mode commit (bnc#1012628). - dm crypt: fix GFP flags passed to skcipher_request_alloc() (bnc#1012628). - dm crypt: fix benbi IV constructor crash if used in authenticated mode (bnc#1012628). - dm thin metadata: use pool locking at end of dm_pool_metadata_close (bnc#1012628). - dm thin: fix use-after-free in metadata_pre_commit_callback (bnc#1012628). - dm: fix potential for q->make_request_fn NULL pointer (bnc#1012628). - tracing: Annotate ftrace_graph_hash pointer with __rcu (bnc#1012628). - tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu (bnc#1012628). - ftrace: Add comment to why rcu_dereference_sched() is open coded (bnc#1012628). - ftrace: Protect ftrace_graph_hash with ftrace_sync (bnc#1012628). - crypto: pcrypt - Avoid deadlock by using per-instance padata queues (bnc#1012628). - btrfs: fix improper setting of scanned for range cyclic write cache pages (bnc#1012628). - btrfs: Handle another split brain scenario with metadata uuid feature (bnc#1012628). - riscv, bpf: Fix broken BPF tail calls (bnc#1012628). - libbpf: Fix readelf output parsing for Fedora (bnc#1012628). - libbpf: Fix printf compilation warnings on ppc64le arch (bnc#1012628). - libbpf: Don't attach perf_buffer to offline/missing CPUs (bnc#1012628). - selftests/bpf: Fix perf_buffer test on systems w/ offline CPUs (bnc#1012628). - flow_dissector: Fix to use new variables for port ranges in bpf hook (bnc#1012628). - bpf, devmap: Pass lockdep expression to RCU lists (bnc#1012628). - libbpf: Add missing newline in opts validation macro (bnc#1012628). - libbpf: Fix realloc usage in bpf_core_find_cands (bnc#1012628). - tc-testing: fix eBPF tests failure on linux fresh clones (bnc#1012628). - samples/bpf: Don't try to remove user's homedir on clean (bnc#1012628). - samples/bpf: Xdp_redirect_cpu fix missing tracepoint attach (bnc#1012628). - samples/bpf: Reintroduce missed build targets (bnc#1012628). - selftests/bpf: Fix test_attach_probe (bnc#1012628). - selftests/bpf: Skip perf hw events test if the setup disabled it (bnc#1012628). - selftests: bpf: Use a temporary file in test_sockmap (bnc#1012628). - selftests: bpf: Ignore FIN packets for reuseport tests (bnc#1012628). - crypto: sun8i-ss - fix removal of module (bnc#1012628). - crypto: amlogic - fix removal of module (bnc#1012628). - crypto: sun8i-ce - fix removal of module (bnc#1012628). - crypto: api - fix unexpectedly getting generic implementation (bnc#1012628). - crypto: hisilicon - Fix issue with wrong number of sg elements after dma map (bnc#1012628). - crypto: hisilicon - Use the offset fields in sqe to avoid need to split scatterlists (bnc#1012628). - crypto: ccp - set max RSA modulus size for v3 platform devices as well (bnc#1012628). - crypto: arm64/ghash-neon - bump priority to 150 (bnc#1012628). - crypto: pcrypt - Do not clear MAY_SLEEP flag in original request (bnc#1012628). - crypto: hisilicon - select CRYPTO_SKCIPHER, not CRYPTO_BLKCIPHER (bnc#1012628). - crypto: atmel-aes - Fix counter overflow in CTR mode (bnc#1012628). - crypto: api - Fix race condition in crypto_spawn_alg (bnc#1012628). - crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill (bnc#1012628). - powerpc/futex: Fix incorrect user access blocking (bnc#1012628). - scsi: qla2xxx: Fix unbound NVME response length (bnc#1012628). - NFS: Fix memory leaks and corruption in readdir (bnc#1012628). - NFS: Directory page cache pages need to be locked when read (bnc#1012628). - nfsd: fix filecache lookup (bnc#1012628). - jbd2_seq_info_next should increase position index (bnc#1012628). - ext4: fix deadlock allocating crypto bounce page from mempool (bnc#1012628). - ext4: fix race conditions in ->d_compare() and ->d_hash() (bnc#1012628). - Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES (bnc#1012628). - Btrfs: make deduplication with range including the last block work (bnc#1012628). - Btrfs: fix infinite loop during fsync after rename operations (bnc#1012628). - btrfs: set trans->drity in btrfs_commit_transaction (bnc#1012628). - btrfs: drop log root for dropped roots (bnc#1012628). - btrfs: free block groups after free'ing fs trees (bnc#1012628). - Btrfs: fix race between adding and putting tree mod seq elements and nodes (bnc#1012628). - btrfs: flush write bio if we loop in extent_write_cache_pages (bnc#1012628). - btrfs: Correctly handle empty trees in find_first_clear_extent_bit (bnc#1012628). - Btrfs: send, fix emission of invalid clone operations within the same file (bnc#1012628). - ARM: tegra: Enable PLLP bypass during Tegra124 LP1 (bnc#1012628). - iwlwifi: don't throw error when trying to remove IGTK (bnc#1012628). - mwifiex: fix unbalanced locking in mwifiex_process_country_ie() (bnc#1012628). - sunrpc: expiry_time should be seconds not timeval (bnc#1012628). - gfs2: fix gfs2_find_jhead that returns uninitialized jhead with seq 0 (bnc#1012628). - gfs2: move setting current->backing_dev_info (bnc#1012628). - gfs2: fix O_SYNC write handling (bnc#1012628). - drm: atmel-hlcdc: use double rate for pixel clock only if supported (bnc#1012628). - drm: atmel-hlcdc: enable clock before configuring timing engine (bnc#1012628). - drm: atmel-hlcdc: prefer a lower pixel-clock than requested (bnc#1012628). - drm/rect: Avoid division by zero (bnc#1012628). - media: iguanair: fix endpoint sanity check (bnc#1012628). - media: rc: ensure lirc is initialized before registering input device (bnc#1012628). - tools/kvm_stat: Fix kvm_exit filter name (bnc#1012628). - xen/balloon: Support xend-based toolstack take two (bnc#1012628). - xen/gntdev: Do not use mm notifiers with autotranslating guests (bnc#1012628). - watchdog: fix UAF in reboot notifier handling in watchdog core code (bnc#1012628). - bcache: add readahead cache policy options via sysfs interface (bnc#1012628). - io_uring: don't map read/write iovec potentially twice (bnc#1012628). - io_uring: spin for sq thread to idle on shutdown (bnc#1012628). - eventfd: track eventfd_signal() recursion depth (bnc#1012628). - aio: prevent potential eventfd recursion on poll (bnc#1012628). - KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (bnc#1012628). - KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (bnc#1012628). - KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform (bnc#1012628). - KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails (bnc#1012628). - KVM: PPC: Book3S PR: Free shared page if mmu initialization fails (bnc#1012628). - kvm/svm: PKU not currently supported (bnc#1012628). - KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM (bnc#1012628). - KVM: x86: use CPUID to locate host page table reserved bits (bnc#1012628). - KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM (bnc#1012628). - KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (bnc#1012628). - KVM: x86: Don't let userspace set host-reserved cr4 bits (bnc#1012628). - KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails (bnc#1012628). - KVM: x86: fix overlap between SPTE_MMIO_MASK and generation (bnc#1012628). - KVM: x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu() (bnc#1012628). - KVM: x86: Ensure guest's FPU state is loaded when accessing for emulation (bnc#1012628). - KVM: x86: Revert "KVM: X86: Fix fpu state crash in kvm guest" (bnc#1012628). - KVM: s390: do not clobber registers during guest reset/store status (bnc#1012628). - KVM: x86: reorganize pvclock_gtod_data members (bnc#1012628). - KVM: x86: use raw clock values consistently (bnc#1012628). - ocfs2: fix oops when writing cloned file (bnc#1012628). - mm/page_alloc.c: fix uninitialized memmaps on a partially populated last section (bnc#1012628). - arm64: dts: qcom: qcs404-evb: Set vdd_apc regulator in high power mode (bnc#1012628). - mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush (bnc#1012628). - clk: tegra: Mark fuse clock as critical (bnc#1012628). - drm/amdgpu/navi: fix index for OD MCLK (bnc#1012628). - drm/tegra: Relax IOMMU usage criteria on old Tegra (bnc#1012628). - drm/tegra: Reuse IOVA mapping where possible (bnc#1012628). - drm/amd/powerplay: fix navi10 system intermittent reboot issue V2 (bnc#1012628). - drm/amd/dm/mst: Ignore payload update failures (bnc#1012628). - drm/amdgpu: fetch default VDDC curve voltages (v2) (bnc#1012628). - drm/amdgpu/navi10: add OD_RANGE for navi overclocking (bnc#1012628). - drm/amdgpu/smu_v11_0: Correct behavior of restoring default tables (v2) (bnc#1012628). - virtio-balloon: initialize all vq callbacks (bnc#1012628). - virtio-pci: check name when counting MSI-X vectors (bnc#1012628). - fix up iter on short count in fuse_direct_io() (bnc#1012628). - broken ping to ipv6 linklocal addresses on debian buster (bnc#1012628). - percpu: Separate decrypted varaibles anytime encryption can be enabled (bnc#1012628). - ASoC: meson: axg-fifo: fix fifo threshold setup (bnc#1012628). - scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type (bnc#1012628). - scsi: csiostor: Adjust indentation in csio_device_reset (bnc#1012628). - scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free (bnc#1012628). - scsi: ufs: Recheck bkops level if bkops is disabled (bnc#1012628). - compat: scsi: sg: fix v3 compat read/write interface (bnc#1012628). - mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bnc#1012628). - phy: qualcomm: Adjust indentation in read_poll_timeout (bnc#1012628). - ext2: Adjust indentation in ext2_fill_super (bnc#1012628). - powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize (bnc#1012628). - drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable (bnc#1012628). - NFC: pn544: Adjust indentation in pn544_hci_check_presence (bnc#1012628). - ppp: Adjust indentation into ppp_async_input (bnc#1012628). - net: smc911x: Adjust indentation in smc911x_phy_configure (bnc#1012628). - net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (bnc#1012628). - IB/mlx5: Fix outstanding_pi index for GSI qps (bnc#1012628). - IB/core: Fix ODP get user pages flow (bnc#1012628). - IB/core: Fix ODP with IB_ACCESS_HUGETLB handling (bnc#1012628). - staging: wfx: revert unexpected change in debugfs output (bnc#1012628). - nfsd: fix delay timer on 32-bit architectures (bnc#1012628). - nfsd: fix jiffies/time_t mixup in LRU list (bnc#1012628). - nfsd: Return the correct number of bytes written to the file (bnc#1012628). - virtio-balloon: Fix memory leak when unloading while hinting is in progress (bnc#1012628). - virtio_balloon: Fix memory leaks on errors in virtballoon_probe() (bnc#1012628). - ubi: fastmap: Fix inverted logic in seen selfcheck (bnc#1012628). - ubi: Fix an error pointer dereference in error handling code (bnc#1012628). - ubifs: Fix memory leak from c->sup_node (bnc#1012628). - regulator: core: Add regulator_is_equal() helper (bnc#1012628). - ASoC: sgtl5000: Fix VDDA and VDDIO comparison (bnc#1012628). - ASoC: Intel: skl_hda_dsp_common: Fix global-out-of-bounds bug (bnc#1012628). - mfd: da9062: Fix watchdog compatible string (bnc#1012628). - mfd: rn5t618: Mark ADC control register volatile (bnc#1012628). - mfd: bd70528: Fix hour register mask (bnc#1012628). - mfd: ab8500: Fix ab8500-clk typo (bnc#1012628). - bpf: Fix trampoline usage in preempt (bnc#1012628). - libbpf: Extract and generalize CPU mask parsing logic (bnc#1012628). - x86/timer: Don't skip PIT setup when APIC is disabled or in legacy mode (bnc#1012628). - bonding/alb: properly access headers in bond_alb_xmit() (bnc#1012628). - devlink: report 0 after hitting end in region read (bnc#1012628). - dpaa_eth: support all modes with rate adapting PHYs (bnc#1012628). - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (bnc#1012628). - net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port (bnc#1012628). - net: dsa: microchip: enable module autoprobe (bnc#1012628). - net: mvneta: move rx_dropped and rx_errors in per-cpu stats (bnc#1012628). - net_sched: fix a resource leak in tcindex_set_parms() (bnc#1012628). - net: stmmac: fix a possible endless loop (bnc#1012628). - net: systemport: Avoid RBUF stuck in Wake-on-LAN mode (bnc#1012628). - net/mlx5: IPsec, Fix esp modify function attribute (bnc#1012628). - net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx (bnc#1012628). - net: macb: Remove unnecessary alignment check for TSO (bnc#1012628). - net: macb: Limit maximum GEM TX length in TSO (bnc#1012628). - net: stmmac: fix incorrect GMAC_VLAN_TAG register writting in GMAC4+ (bnc#1012628). - net: stmmac: xgmac: fix incorrect XGMAC_VLAN_TAG register writting (bnc#1012628). - net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (bnc#1012628). - net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (bnc#1012628). - net: stmmac: update pci platform data to use phy_interface (bnc#1012628). - taprio: Fix enabling offload with wrong number of traffic classes (bnc#1012628). - taprio: Fix still allowing changing the flags during runtime (bnc#1012628). - taprio: Add missing policy validation for flags (bnc#1012628). - taprio: Use taprio_reset_tc() to reset Traffic Classes configuration (bnc#1012628). - taprio: Fix dropping packets when using taprio + ETF offloading (bnc#1012628). - ipv6/addrconf: fix potential NULL deref in inet6_set_link_af() (bnc#1012628). - qed: Fix timestamping issue for L2 unicast ptp packets (bnc#1012628). - drop_monitor: Do not cancel uninitialized work item (bnc#1012628). - net/mlx5: Fix deadlock in fs_core (bnc#1012628). - net/mlx5: Deprecate usage of generic TLS HW capability bit (bnc#1012628). - r8169: fix performance regression related to PCIe max read request size (bnc#1012628). - net/mlx5e: TX, Error completion is for last WQE in batch (bnc#1012628). - cifs: fail i/o on soft mounts if sessionsetup errors out (bnc#1012628). - cifs: fix mode bits from dir listing when mounted with modefromsid (bnc#1012628). - x86/apic/msi: Plug non-maskable MSI affinity race (bnc#1012628). - clocksource: Prevent double add_timer_on() for watchdog_timer (bnc#1012628). - perf/core: Fix mlock accounting in perf_mmap() (bnc#1012628). - perf/cgroups: Install cgroup events to correct cpuctx (bnc#1012628). - drm/dp_mst: Remove VCPI while disabling topology mgr (bnc#1012628). - io_uring: enable option to only trigger eventfd for async completions (bnc#1012628). - io_uring: prevent potential eventfd recursion on poll (bnc#1012628). - KVM: x86: Protect exit_reason from being used in Spectre-v1/L1TF attacks (bnc#1012628). - KVM: nVMX: vmread should not set rflags to specify success in case of #PF (bnc#1012628). - KVM: Use vcpu-specific gva->hva translation when querying host page size (bnc#1012628). - KVM: Play nice with read-only memslots when querying host page size (bnc#1012628). - rxrpc: Fix service call disconnection (bnc#1012628). - IB/core: Fix build failure without hugepages (bnc#1012628). - crypto: atmel-{aes,tdes} - Do not save IV for ECB mode (bnc#1012628). - crypto: atmel-aes - Fix saving of IV for CTR mode (bnc#1012628). - crypto: atmel-aes - Fix CTR counter overflow when multiple fragments (bnc#1012628). - crypto: atmel-tdes - Map driver data flags to Mode Register (bnc#1012628). - regulator fix for "regulator: core: Add regulator_is_equal() helper" (bnc#1012628). - powerpc/kuap: Fix set direction in allow/prevent_user_access() (bnc#1012628). - compat: ARM64: always include asm-generic/compat.h (bnc#1012628). - Update config files. - commit ffbbfe8 - cgroup: init_tasks shouldn't be linked to the root cgroup (bsc#1163370). - commit 00b4c73 - ipmi_si: Avoid spurious errors for optional IRQs (bsc#1161943). - commit 481e5b9 - media: go7007: Fix URB type for interrupt handling (bsc#1162583). - commit ae333f8 - iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices (bsc#1163213). - commit f4b8e5e ==== libeconf ==== Version update (0.3.3+git20191028.3ac14ce -> 0.3.5+git20200203.3144b69) - Update to version 0.3.5+git20200203.3144b69: * Release version 0.3.5 * Use float.h instead of obsolete gnuism values.h * Remove gnuism (strdupa) * Check for empty value (NULL pointer) before calling strdup. - Update to version 0.3.4+git20200121.febebf2: * Release version 0.3.4 * Fix buffer overflow in econf_readDirs * Fix parsing of quoted strings, and values starting with delimiters * tests: add test for quoted strings * tests: tst-configdirs5: fix config dir paths ==== libxcrypt ==== Version update (4.4.10 -> 4.4.12) - Update to version 4.4.12 * Another fix for GCC v10.x, which occurs on s390 architectures only. - Update to version 4.4.11 * Fixes for GCC v10.x * Change how the known-answer tests are parallelized - gcc10.patch: remove ==== openssh ==== - Add patches to fix the sandbox blocking glibc on 32bit platforms (boo#1164061): * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-seccomp-clock_gettime64.patch ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Move fcoe-utils and irqbalance to hardware pattern, not useful on guest install. - Introduce MicroOS Desktop patterns [boo#1163453] ==== podman ==== Version update (1.7.0 -> 1.8.0) Subpackages: podman-cni-config - Remove: 0001-clarify-container-prune-force.patch because it's now included in the release - Update podman to v1.8.0: * Features - The podman system service command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The podman untag command has been added to remove tags from images without deleting them - The podman inspect command on images now displays previous names they used - The podman generate systemd command now supports a --new option to generate service files that create and run new containers instead of managing existing containers - Support for --log-opt tag= to set logging tags has been added to the journald log driver - Added support for using Seccomp profiles embedded in images for podman run and podman create via the new --seccomp-policy CLI flag - The podman play kube command now honors pull policy * Bugfixes - Fixed a bug where the podman cp command would not copy the contents of directories when paths ending in /. were given - Fixed a bug where the podman play kube command did not properly locate Seccomp profiles specified relative to localhost - Fixed a bug where the podman info command for remote Podman did not show registry information - Fixed a bug where the podman exec command did not support having input piped into it - Fixed a bug where the podman cp command with rootless Podman on CGroups v2 systems did not properly determine if the container could be paused while copying - Fixed a bug where the podman container prune --force command could possible remove running containers if they were started while the command was running - Fixed a bug where Podman, when run as root, would not properly configure slirp4netns networking when requested - Fixed a bug where podman run --userns=keep-id did not work when the user had a UID over 65535 - Fixed a bug where rootless podman run and podman create with the --userns=keep-id option could change permissions on /run/user/$UID and break KDE - Fixed a bug where rootless Podman could not be run in a systemd service on systems using CGroups v2 - Fixed a bug where podman inspect would show CPUShares as 0, instead of the default (1024), when it was not explicitly set - Fixed a bug where podman-remote push would segfault - Fixed a bug where image healthchecks were not shown in the output of podman inspect - Fixed a bug where named volumes created with containers from pre-1.6.3 releases of Podman would be autoremoved with their containers if the --rm flag was given, even if they were given names - Fixed a bug where podman history was not computing image sizes correctly - Fixed a bug where Podman would not error on invalid values to the --sort flag to podman images - Fixed a bug where providing a name for the image made by podman commit was mandatory, not optional as it should be - Fixed a bug where the remote Podman client would append an extra " to %PATH - Fixed a bug where the podman build command would sometimes ignore the -f option and build the wrong Containerfile - Fixed a bug where the podman ps --filter command would only filter running containers, instead of all containers, if - -all was not passed - Fixed a bug where the podman load command on compressed images would leave an extra copy on disk - Fixed a bug where the podman restart command would not properly clean up the network, causing it to function differently from podman stop; podman start - Fixed a bug where setting the --memory-swap flag to podman create and podman run to -1 (to indicate unlimited) was not supported * Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more here - Many formatting corrections have been made to the manpages - The changes to address (#5009) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 - Updated vendored containers/storage to v1.15.8 - Updated vendored containers/image to v5.2.0 ==== sudo ==== Version update (1.8.28p1 -> 1.8.31) - Update to 1.8.31 Major changes between version 1.8.31 and 1.8.30: * This version fixes a potential security issue that can lead to a buffer overflow if the pwfeedback option is enabled in sudoers [CVE-2019-18634] [bsc#1162202] * The sudoedit_checkdir option now treats a user-owned directory as writable, even if it does not have the write bit set at the time of check. Symbolic links will no longer be followed by sudoedit in any user-owned directory. Bug #912. * Fixed a crash introduced in sudo 1.8.30 when suspending sudo at the password prompt. Bug #914. * Fixed compilation on systems where the mmap MAP_ANON flag is not available. Bug #915. Major changes between version 1.8.30 and 1.8.29: * Sudo now closes file descriptors before changing uids. This prevents a non-root process from interfering with sudo's ability to close file descriptors on systems that support the prlimit(2) system call. * Sudo now treats an attempt to run sudo sudoedit as simply sudoedit If the sudoers file contains a fully-qualified path to sudoedit, sudo will now treat it simply as sudoedit (with no path). Visudo will will now treat a fully-qualified path to sudoedit as an error. Bug #871. * Fixed a bug introduced in sudo 1.8.28 where sudo would warn about a missing /etc/environment file on AIX and Linux when PAM is not enabled. Bug #907. * Fixed a bug on Linux introduced in sudo 1.8.29 that prevented the askpass program from running due to an unlimited stack size resource limit. Bug #908. * If a group provider plugin has optional arguments, the argument list passed to the plugin is now NULL terminated as per the documentation. * The user's time stamp file is now only updated if both authentication and approval phases succeed. This is consistent with the behavior of sudo prior to version 1.8.23. Bug #910. * The new allow_unknown_runas_id sudoers setting can be used to enable or disable the use of unknown user or group IDs. Previously, sudo would always allow unknown user or group IDs if the sudoers entry permitted it, including via the ALL alias. As of sudo 1.8.30, the admin must explicitly enable support for unknown IDs. * The new runas_check_shell sudoers setting can be used to require that the runas user have a shell listed in the /etc/shells file. On many systems, users such as bin, do not have a valid shell and this flag can be used to prevent commands from being run as those users. * Fixed a problem restoring the SELinux tty context during reboot if mctransd is killed before sudo finishes. GitHub Issue #17. * Fixed an intermittent warning on NetBSD when sudo restores the initial stack size limit. Major changes between version 1.8.29 and 1.8.28p1: * The cvtsudoers command will now reject non-LDIF input when converting from LDIF format to sudoers or JSON formats. * The new log_allowed and log_denied sudoers settings make it possible to disable logging and auditing of allowed and/or denied commands. * The umask is now handled differently on systems with PAM or login.conf. If the umask is explicitly set in sudoers, that value is used regardless of what PAM or login.conf may specify. However, if the umask is not explicitly set in sudoers, PAM or login.conf may now override the default sudoers umask. Bug #900. * For make install, the sudoers file is no longer checked for syntax errors when DESTDIR is set. The default sudoers file includes the contents of /etc/sudoers.d which may not be readable as non-root. Bug #902. * Sudo now sets most resource limits to their maximum value to avoid problems caused by insufficient resources, such as an inability to allocate memory or open files and pipes. Fixed a regression introduced in sudo 1.8.28 where sudo would refuse to run if the parent process was not associated with a session. This was due to sudo passing a session ID of -1 to the plugin. - refresh sudo-sudoers.patch