Packages changed: breeze cryptsetup (2.4.3 -> 2.5.0) gnome-bluetooth (42.2 -> 42.3) libcdio libqt5-qtquickcontrols2 (5.15.5+kde5 -> 5.15.5+kde6) libtasn1 (4.18.0 -> 4.19.0) multipath-tools (0.9.0+39+suse.51a2ab1 -> 0.9.0+55+suse.33d8854) ndctl (73 -> 74) ovmf (202202 -> 202205) perl-IO-Socket-INET6 (2.72 -> 2.73) psutils sudo (1.9.10 -> 1.9.11p3) tar yast2-tune (4.5.0 -> 4.5.1) === Details === ==== breeze ==== Subpackages: breeze5-cursors breeze5-decoration breeze5-style breeze5-style-lang libbreezecommon5-5 - Add patch to fix progress bars in some applications: * 0001-Look-at-QStyleOptionProgressBar-orientation-again.patch ==== cryptsetup ==== Version update (2.4.3 -> 2.5.0) Subpackages: cryptsetup-lang libcryptsetup12 libcryptsetup12-32bit libcryptsetup12-hmac - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. * Fix activation of LUKS2 device with integrity and detached header. * Add ZEROOUT IOCTL support for crypt_wipe API call. * VERITY: set loopback sector size according to dm-verity block sizes. * veritysetup: dump device sizes. * LUKS2 token: prefer token PIN query before passphrase in some cases. When a user provides --token-type or specific --token-id, a token PIN query is preferred to a passphrase query. * LUKS2 token: allow tokens to be replaced with --token-replace option for cryptsetup token command. * LUKS2 token: do not continue operation when interrupted in PIN prompt. * Add --progress-json parameter to utilities. * Add support for --key-slot option in luksResume action. - move man pages to separate subpackage - drop backports handling ==== gnome-bluetooth ==== Version update (42.2 -> 42.3) Subpackages: gnome-bluetooth-lang libgnome-bluetooth-3_0-13 libgnome-bluetooth-ui-3_0-13 typelib-1_0-GnomeBluetooth-3_0 - Update to version 42.3: + This version adds a new API for more precise adapter power state, and fixes a number of small UI problems in bluetooth-sendto. ==== libcdio ==== Subpackages: libcdio19 libiso9660-11 - Add fix-undefined-behavior-in-readlink.patch that fixes boo#1202214. ==== libqt5-qtquickcontrols2 ==== Version update (5.15.5+kde5 -> 5.15.5+kde6) Subpackages: libQt5QuickControls2-5 libQt5QuickTemplates2-5 - Update to version 5.15.5+kde6: * Fix scroll bars not showing up when binding to standalone contentItem ==== libtasn1 ==== Version update (4.18.0 -> 4.19.0) Subpackages: libtasn1-6 libtasn1-6-32bit - libtasn1 4.19.0: * Clarify libtasn1.map license * Fix ETYPE_OK out of bounds read * Update gnulib files and various maintenance fixes ==== multipath-tools ==== Version update (0.9.0+39+suse.51a2ab1 -> 0.9.0+55+suse.33d8854) Subpackages: kpartx libmpath0 - Update to version 0.9.0+55+suse.33d8854: * Avoid linking to libreadline to avoid licensing issue (bsc#1202616) ==== ndctl ==== Version update (73 -> 74) - Update to version 74 (jsc#PED-1080): * Many CXL fixes * Some build system fixes * monitor: Fix the monitor config file parsing * ndctl/bus: Handle missing scrub commands more gracefully * ndctl/dimm: Flush invalidated labels after overwrite - Remove upstreamed patch - ndctl-build-Fix-systemd-unit-directory-detection.patch - ndctl-meson-make-modprobedatadir-an-option.patch ==== ovmf ==== Version update (202202 -> 202205) Subpackages: qemu-ovmf-x86_64 - Removed patches in ovmf-bsc1196879-sev-fix.patch which are merged to edk2-stable202205: - OvmfPkg/AmdSev: reserve snp pages - de463163d9 edk2-stable202205-rc1~292 - OvmfPkg/ResetVector: cache the SEV status MSR value - 63c50d3ff2 edk2-stable202205-rc1~291 - OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR - f1d1c337e7 edk2-stable202205-rc1~290 - Update to edk2-stable202205 - Features (https://github.com/tianocore/edk2/releases): Support PEI 64bit in IntelFsp2Pkg and IntelFsp2WrapperPkg IntelFsp2Pkg: BaseFspCommonLib Support for X64 Build Add PrmPkg BaseTools Enhance GenFw to support PRM GCC build Enable Intel TDX in OvmfPkg Generate CloudHv target as PVH ELF binary Add parallel hash feature into BaseCryptLib Configure/Enable elliptic curve ciphers in OpenSSL Add FMMT tool into edk2 BaseTools Dynamic variable flash information cannot be passed in Standalone MM - Patches (git log --oneline --reverse edk2-stable202202~..edk2-stable202205): b24306f15d NetworkPkg: Fix incorrect unicode string of the AKM/Cipher Suite 2dbed52506 ArmVirtPkg/ArmVirtMemoryInitPeiLib: avoid redundant cache invalidation 54cddc3ad4 ArmVirtPkg/ArmVirtKvmTool: wire up configurable timeout de463163d9 OvmfPkg/AmdSev: reserve snp pages 63c50d3ff2 OvmfPkg/ResetVector: cache the SEV status MSR value in workarea f1d1c337e7 OvmfPkg/BaseMemEncryptLib: use the SEV_STATUS MSR value from workarea b1b89f9009 MdeModulePkg: Correct high-memory use in NvmExpressDxe 84338c0d49 MdeModulePkg: Replace Opcode with the corresponding instructions. d3febfd9ad MdePkg: Replace Opcode with the corresponding instructions. 7bc8b1d9f4 SourceLevelDebugPkg: Replace Opcode with the corresponding instructions. 2aa107c0aa UefiCpuPkg: Replace Opcode with the corresponding instructions. bbaa00dd01 MdePkg: Remove the macro definitions regarding Opcode. 6a890db161 BaseTools: Upgrade the version of NASM tool 497ac7b6d7 UefiPayloadPkg/PayloadLoaderPeim: Use INT64 as input parameter dc39554d58 edk2/MdeModulePkg/Debuglib: Add Standalone MM support 906242343f MdeModulePkg/GraphicsConsoleDxe: Check status to make sure no error b422b0fcf9 EmulatorPkg/EmuGopDxe: Set ModeInfo after Open successfully 589d51df26 MdeModulePkg/Usb/Keyboard.c: Don't request protocol before setting b909b4ad09 OvmfPkg: Make the Xen ELF header generator more flexible 0a707eb258 OvmfPkg: Xen: Use a new fdf include for the PVH ELF header 0015a4e0a8 OvmfPkg: Xen: Generate fdf include file from ELF header generator 9ac8c85d50 OvmfPkg: CloudHv: Remove VARS and CODE sections e1c7f9b4e5 OvmfPkg: Generate CloudHv as a PVH ELF binary d50d9e5549 OvmfPkg: CloudHv: Retrieve RSDP address from PVH 82bfd2e86d OvmfPkg: CloudHv: Rely on PVH memmap instead of CMOS b83d0a6438 OvmfPkg: CloudHv: Add README 4a68176cb5 UefiCpuPkg: Extend SMM CPU Service with rendezvous support. 949b8a3d97 Maintainers.txt: Add new reviewer for UefiPayloadPkg 091b6a1197 UefiPayloadPkg: Add build option for Above 4G Memory 4adc364c75 UefiPayloadPkg: Fix case of protocol 79f2734e5a MdeModulePkg: Add a check for metadata size in NvmExpress Driver af74efe494 UefiPayloadPkg: Make Boot Manager Key configurable 62fa37fe7b BlSupportSmm: fix definition of SetSmrr() 56530dec11 .pytool/Plugin/UncrustifyCheck: Output file diffs by default 2aac8bb7ef .pytool: Update to newest pytools c63ef58698 .azurepipelines: Updated python version f06941cc46 MdeModulePkg: Add bRefClkFreq card attribute programming support 2b175eeb6a RedfishPkg: fix memory leak issue 10b4c8f3b7 Maintainers: Update Maintainers.txt for edk2 Redfish modules 0fdd466c75 UefiCpuPkg/MpInitLib:remove optional in declaration 52e09dcd7a UefiCpuPkg: Support FFS3 GUID in SearchForBfvBase.asm a13dfc769b MdeModulePkg/DxeIpl: Create 5-level page table for long mode c8ea48bdf9 DynamicTablesPkg: Fix serial port namespace path in DBG2 414cd2a4d5 BaseTools/GenFw: Enhance GenFw to support PRM GCC build 33438f7354 EmulatorPkg/RedfishPlatformCredentialLib: Check EFI_SECURE_BOOT_MODE_NAME 5b56c52b5c EmulatorPkg/RedfishPlatformCredentialLib: Don't stop Redfish service 0531f61376 IntelFsp2Pkg: BaseFspDebugLibSerialPort Support for X64 411b3ff6dd IntelFsp2Pkg: BaseFspSwitchStackLib Support for X64 b429959bb6 MdeModulePkg/SdMmcPciHcDxe: Make timeout for SD card configurable 79a705fbaf UefiPayloadPkg: Hookup SD/MMC timeout 28eeb08d86 MdePkg/Include: Smbios Specification 3.5.0 changes c1e662101a CryptoPkg: Add new hash algorithm ParallelHash256HashAll in BaseCryptLib. 267a92fef3 MdePkg/AcpiXX.h: Update Error Severity type for Generic Error Status Block ec0b54849b IntelFsp2Pkg: BaseFspCommonLib Support for X64 5d8d8b5148 MdeModulePkg/NvmExpressDxe: fix check for Cap.Css 69218d5d28 MdeModulePkg/NvmExpressPei: fix check for NVM command set bf9230a9f3 BaseTools: Add the FeatureFlagExpression usage to the Source Section 3115377bf0 BaseTools: Remove the redundant __FLEXIBLE_SIZE from PcdValueInit.c 4a2e1000a1 CryptoPkg: update openssl submodule to 1.1.1n 355515a06a CryptoPkg? Redefinition bug in CrtLibSupport.h. 7b005f344e BaseTools: fix gcc12 warning 85021f8cf2 BaseTools: fix gcc12 warning 22130dcd98 Basetools: turn off gcc12 warning ec30a4a0c3 BaseTools:Support decimal version number in ECC check 3ef2071927 UefiCpuPkg: Update BFV searching algorithm in VTF0 691b178667 ShellPkg/AcpiView: Adds ACPI_PARSER bitfield parser 40004ff9d5 ShellPkg/AcpiView: PrintFormatter for FADT Flags field 7456990e8e MdeModulePkg/Ufs: bRefClkFreq attribute be programmed after fDeviceInit 237c966396 UefiPayloadPkg/UefiPayloadPkg.ci.yaml: Remove duplicated entry 76191052fd UefiPayloadPkg: Fix build error 449eb01a8d UefiPayloadPkg: Fix architecture in the build instruction c248802e40 UefiPayloadPkg: Fix PciHostBridgeLib 2b4b8013fe UefiPayloadPkg/Library/PlatformBootManagerLib: Remove broken VGA detection 55637a2894 UefiPayloadPkg: Make Boot Timeout configurable 2268920afc .azurepipelines: Use Python 3.8 c3ca70669e .azurepipelines: Use windows-2019 VM image 3b0de44759 EmulatorPkg: Use windows-2019 VM image 75628d27c0 OvmfPkg: Use windows-2019 VM image ... changelog too long, skipping 258 lines ... - [ovmf-x86_64]="-p OvmfPkg/OvmfPkgX64.dsc -D FD_SIZE_4MB" ==== perl-IO-Socket-INET6 ==== Version update (2.72 -> 2.73) - updated to 2.73 see /usr/share/doc/packages/perl-IO-Socket-INET6/ChangeLog 2021-12-10 Shlomi Fish * Deprecate in favour of L . * New Release IO-Socket-INET6-2.73 ==== psutils ==== - Require new package libpaper-tools (boo#1202402) instead of old package paper ==== sudo ==== Version update (1.9.10 -> 1.9.11p3) Subpackages: sudo-plugin-python - Update to 1.9.11p3: * Changes in Sudo 1.9.11 * Fixed a crash in the Python module with Python 3.9.10 on some systems. Additionally, make check now passes for Python 3.9.10. * Error messages sent via email now include more details, including the file name and the line number and column of the error. Multiple errors are sent in a single message. Previously, only the first error was included. * Fixed logging of parse errors in JSON format. Previously, the JSON logger would not write entries unless the command and runuser were set. These may not be known at the time a parse error is encountered. * Fixed a potential crash parsing sudoers lines larger than twice the value of LINE_MAX on systems that lack the getdelim() function. * The tests run by make check now unset the LANGUAGE environment variable. Otherwise, localization strings will not match if LANGUAGE is set to a non-English locale. Bug #1025. * The “starttime” test now passed when run under Debian faketime. Bug #1026. * The Kerberos authentication module now honors the custom password prompt if one has been specified. * The embedded copy of zlib has been updated to version 1.2.12. * Updated the version of libtool used by sudo to version 2.4.7. * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the header files (currently only GNU libc). This is required to allow the use of 64-bit time values on some 32-bit systems. * Sudo’s intercept and log_subcmds options no longer force the command to run in its own pseudo-terminal. It is now also possible to intercept the system(3) function. * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit point messages sent by the server were incorrect if the command was suspended or received a window size change event. * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration setting was used. * The intercept and log_subcmds functionality can now use ptrace(2) on Linux systems that support seccomp(2) filtering. This has the advantage of working for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode. The following architectures are currently supported: i386, x86_64, aarch64, arm, mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use ptrace(2) where possible; the new intercept_type sudoers setting can be used to explicitly set the type. * New Georgian translation from translationproject.org. * Fixed creating packages on CentOS Stream. * Fixed a bug in the intercept and log_subcmds support where the execve(2) wrapper was using the current environment instead of the passed environment pointer. Bug #1030. * Added AppArmor integration for Linux. A sudoers rule can now specify an APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were being treated as paths and an actual path was treated as an error. * Changes in Sudo 1.9.11p1: * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on some systems when piping a large amount of data through sudo, such as via rsync. Bug #963. * Changes to avoid implementation or unspecified behavior when bit shifting signed values in the protobuf library. * Fixed a compilation error on Linux/aarch64. * Fixed the configure check for seccomp(2) support on Linux. * Corrected the EBNF specification for tags in the sudoers manual page. GitHub issue #153. * Changes in Sudo 1.9.11p2: * Fixed a compilation error on Linux/x86_64 with the x32 ABI. * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to sudo_logsrvd if the command returned no output. * Changes in Sudo 1.9.11p3: * Fixed “connection reset” errors on AIX when running shell scripts with the intercept or log_subcmds sudoers options enabled. Bug #1034. * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers options are set on systems that enable Nagle’s algorithm on the loopback device, such as AIX. Bug #1034. * Modified sudo-sudoers.patch - Added sudo-1.9.10-update_sudouser_to_utf8.patch * [bsc#1197998] * Enable sudouser LDAP schema to use UTF-8 encodings. * Sourced from https://github.com/sudo-project/sudo/pull/163 * Credit to William Brown, william.brown@suse.com ==== tar ==== Subpackages: tar-lang tar-rmt - drop tar-recursive--files-from.patch (causes bsc#918487) - bsc1200657.patch was previously incomplete leading to deadlocks * bsc#1202436 * bsc1200657.patch updated - Fix race condition while creating intermediate subdirectories, bsc#1200657 * bsc1200657.patch ==== yast2-tune ==== Version update (4.5.0 -> 4.5.1) - Added runtime dependency on hwinfo (bsc#1202651) - 4.5.1