Packages changed: apparmor cockpit (250 -> 251.3) ethtool (5.15 -> 5.16) fcoe-utils fontconfig glib2 (2.70.2 -> 2.70.3) graphite2 installation-images-MicroOS (17.38 -> 17.39) iputils kernel-source (5.16.1 -> 5.16.2) keylime (6.2.1 -> 6.3.0) libapparmor polkit procps python-py (1.10.0 -> 1.11.0) qemu raspberrypi-firmware (2021.12.01 -> 2022.01.24) raspberrypi-firmware-config (2021.12.01 -> 2022.01.24) raspberrypi-firmware-dt (2021.11.19 -> 2022.01.19) salt (3003.3 -> 3004) selinux-policy (20211111 -> 20220124) snapper (0.9.0 -> 0.9.1) suse-module-tools (16.0.18 -> 16.0.19) toolbox u-boot-rpiarm64 userspace-rcu (0.13.0 -> 0.13.1) util-linux (2.37.2 -> 2.37.3) vim (8.2.4063 -> 8.2.4186) wpa_supplicant (2.9 -> 2.10) yast2 (4.4.39 -> 4.4.43) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== cockpit ==== Version update (250 -> 251.3) Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - new version 251.3 * https://cockpit-project.org/blog/cockpit-251.html with additional fixes * Fix "Administrative Access" prompt for "Duo" MFA ==== ethtool ==== Version update (5.15 -> 5.16) - update to upstream release 5.16 * Feature: use memory maps for module EEPROM parsing (-m) * Feature: show CMIS diagnostic information (-m) * Fix: fix dumping advertised FEC modes (--show-fec) * Fix: ignore cable test notifications from other devices (--cable-test) * Fix: do not show duplicate options in help text (--help) ==== fcoe-utils ==== - Added upstream commit to fix gcc12 warning/errors: * fcoe-utils-Fix-GCC-12-warning.patch ==== fontconfig ==== Subpackages: libfontconfig1 - adding bug reference to this changelog [bsc#1172301] ==== glib2 ==== Version update (2.70.2 -> 2.70.3) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.70.3: + Several important fixes to FD handling in gspawn. + Several important fixes to GDBus message and GVariant parsing of invalid data. + Fix potential data loss due to missing fsync when saving files on btrfs. + Bugs fixed: glgo#GNOME/GLib#2503, glgo#GNOME/GLib#2506, glgo#GNOME/GLib#2557, glgo#GNOME/GLib#2572, glgo#GNOME/GLib#2580, glgo#GNOME/GLib!2394, glgo#GNOME/GLib!2415, glgo#GNOME/GLib!2437, glgo#GNOME/GLib!2444, glgo#GNOME/GLib!2455. + Updated translations. ==== graphite2 ==== - Fix license header so that it corresponds to SPDX abbreviation ==== installation-images-MicroOS ==== Version update (17.38 -> 17.39) - merge gh#openSUSE/installation-images#571 - use for build proper schema flavor (jsc#SLE-18820) - 17.39 ==== iputils ==== - temporarily reintroduce rarpd and rdisc tools to get them into 15sp4 [jsc#SLE-23521] ==== kernel-source ==== Version update (5.16.1 -> 5.16.2) - Update patches.kernel.org/5.16.2-005-vfs-fs_context-fix-up-param-length-parsing-in-.patch (bsc#1012628 CVE-2022-0185 bsc#1194517). Add CVE reference. - commit 0d710a8 - s390/mm: fix 2KB pgtable release race (bsc#1188896). - commit 6f62d73 - HID: wacom: Avoid using stale array indicies to read contact count (bsc#1194667). - HID: wacom: Ignore the confidence flag when a touch is removed (bsc#1194667). - HID: wacom: Reset expected and received contact counts at the same time (bsc#1194667). - commit 07a970c - Linux 5.16.2 (bsc#1012628). - ALSA: hda/realtek: Re-order quirk entries for Lenovo (bsc#1012628). - ALSA: hda/realtek: Add quirk for Legion Y9000X 2020 (bsc#1012628). - ALSA: hda/tegra: Fix Tegra194 HDA reset failure (bsc#1012628). - ALSA: hda: ALC287: Add Lenovo IdeaPad Slim 9i 14ITL5 speaker quirk (bsc#1012628). - ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (bsc#1012628). - ALSA: hda/realtek: Use ALC285_FIXUP_HP_GPIO_LED on another HP laptop (bsc#1012628). - ALSA: hda/realtek: Add speaker fixup for some Yoga 15ITL5 devices (bsc#1012628). - perf annotate: Avoid TUI crash when navigating in the annotation of recursive functions (bsc#1012628). - firmware: qemu_fw_cfg: fix kobject leak in probe error path (bsc#1012628). - firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (bsc#1012628). - firmware: qemu_fw_cfg: fix sysfs information leak (bsc#1012628). - rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (bsc#1012628). - media: uvcvideo: fix division by zero at stream start (bsc#1012628). - video: vga16fb: Only probe for EGA and VGA 16 color graphic cards (bsc#1012628). - 9p: fix enodata when reading growing file (bsc#1012628). - 9p: only copy valid iattrs in 9P2000.L setattr implementation (bsc#1012628). - NFSD: Fix zero-length NFSv3 WRITEs (bsc#1012628). - remoteproc: qcom: pas: Add missing power-domain "mxc" for CDSP (bsc#1012628). - KVM: s390: Clarify SIGP orders versus STOP/RESTART (bsc#1012628). - KVM: x86: don't print when fail to read/write pv eoi memory (bsc#1012628). - KVM: x86: Register Processor Trace interrupt hook iff PT enabled in guest (bsc#1012628). - KVM: x86: Register perf callbacks after calling vendor's hardware_setup() (bsc#1012628). - perf: Protect perf_guest_cbs with RCU (bsc#1012628). - vfs: fs_context: fix up param length parsing in legacy_parse_param (bsc#1012628). - remoteproc: qcom: pil_info: Don't memcpy_toio more than is provided (bsc#1012628). - orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (bsc#1012628). - drm/amd/display: explicitly set is_dsc_supported to false before use (bsc#1012628). - devtmpfs regression fix: reconfigure on each mount (bsc#1012628). - commit 6fa29ec - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - commit 68b36f0 - disable the Bluetooth patch again The kernel is currently tested whether the patch is needed at all. As 95655456e7ce in upstream might fix the issue too (but differently). - commit c3bbaae - series.conf: cleanup - move mainline patches into sorted section: - patches.suse/mwifiex-Fix-skb_over_panic-in-mwifiex_usb_recv.patch - patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch - patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch - update upstream references and move into sorted section: - patches.suse/ALSA-usb-audio-Add-minimal-mute-notion-in-dB-mapping.patch - patches.suse/ALSA-usb-audio-Fix-dB-level-of-Bose-Revolve-SoundLin.patch - patches.suse/ALSA-usb-audio-Use-int-for-dB-map-values.patch No effect on expanded tree. - commit 607f978 - Refresh and reenable patches.suse/Bluetooth-Apply-initial-command-workaround-for-more-.patch. - commit a7b7c0d - series.conf: Add sorted section header/footer Even though we don't carry many patches in the stable or master branches, having the sorted section header/footer allows the automated tools to work. - commit 05f8150 ==== keylime ==== Version update (6.2.1 -> 6.3.0) Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime - Drop patches beacuse merged upstream: * 0001-Drop-dataclasses-module-usage.patch * 0001-config-support-merge-multiple-config-files.patch * 0001-ca-support-back-old-cyptography-API.patch - Update to version v6.3.0: * Coordinated update to fix: + bsc#1193997 (CVE-2022-23948) + bsc#1193998 (CVE-2021-43310) + bsc#1194000 (CVE-2022-23949) + bsc#1194002 (CVE-2022-23950) + bsc#1194004 (CVE-2022-23951) + bsc#1194005 (CVE-2022-23952) * secure_mount: add umount function * secure_mount: use /proc/self/mountinfo * Validate user ID in all public interfaces * validators: add uuid and agent_id validators * validators: create validators module * revocation_notifier: move zmq socket to /var/run/keylime * Update API version from 1.0 to 2.0 * tpm: do not compress quote with zlib by default * verifier: persist AK and mTLS certificate to DB * verifier: use "supported_version" for agent connections * tenant: add support for "supported_version" option for the verifier * api_version: add the option for basic validation * verifier: add supported_version field to DB and API * agent: add /version to REST API * verifier, tenant: allow agents to not use mTLS * tenant, verifier: allow manual configuration of agent mTLS * tests: migrate to mTLS * tenant: connect to the agent via mTLS * verifier: connect to the agent via mTLS * tornado_requests: handle SSLError * web_util: add mTLS context generation for agent * agent: Enable mTLS for agent REST API * crypto: add helper function for creating self signed certs * registrar: Allow the agent to registrar with a mTLS certificate * request_client: add workaround for handling certificates * request_client: add the option to ignore hostname validation * Better docs and errors about IMA hash mismatches * tests: use JSON instead Python string for IMA tests * verifier: use json.loads(..) instead of ast.literal_eval(..) * Adding Nuvoton certificate for a post 2020 TPM device. The EK cert of the device directs to the following download site: 'https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 1111.cer' (yes, including the spaces) * Improve revocation notifier IP description in keylime.conf * tornado_requests: set Content-Type header correctly for JSON * tenant: post U key to agent with correct Content-Type header * Explicitly set permissions on new keylime.conf files installed * tpm_main: close file descriptor for aik handle * verifier: do not call finish() twice * agent: fix payload execution * tests: add initial tests for web_util module * config, web_util: move get_restful_params(..) to web_util * verifier: Also retry on HTTP 500 status code * agent: improve startup and shutdown * registrar: cleanup start function * web_util: move echo_json_response(..) out of config.py * verifier: fix failure generation for V key * tornado_requests: cleanup TornadoResponse class * web_util, verifier: move mTLS SSLContext generation into separate module * ca: support back old cyptography API * Fix test branch reference in packit.yaml * ci: disable DeprecationWarning from pylint in tox * Enable new test in Packit CI * tenant: fix reactivate command * config: support merge multiple config files * ci: use only fedora-stable for packit * elchecking: harden example policy against event type manipulation * elchecking: add new tests * tests: fix stdout formatting for agent and verifier * Drop dataclasses module usage * revocation notifier: handle shutdown of process gracefully * verifier: handle SIGINT and SIGTERM correctly * ima_emulator: fix IMA hash validation and add more options * ima_ast: fix handling ToMToU errors * Remove leftovers of TPM 1.2 support * agent: improved validation for post function * agent: better validation for mask and nonce * config: add function to validate hex strings * agent: keys/verify check if challenge was provided * tpm_main: do not append /usr/local/{bin,lib} to default env * db: only set length on Text type if supported * json: do not make sqlalchemy a hard requirement * Enable functional testing with Packit CI * ima_emulator: specify sys.argv as the named parameter argv in main() * elchecking example policy: make it work with Fedora 34 * elchecking example policy: initrd* might be also called initramfs* * scripts: add mb_refstate generator for example policy * config: change tpm_hash_alg to SHA1 by default * parse_mb_bootlog: specify the used hash algorithm used for PCRs * agent: add warning that on kernels <5.10 IMA only works with SHA1 * tpm: explicitly pass hash alg to sim_extend(..) * ima emulator: use IMA AST and support multiple hash algorithms * tests: update IMA allowlist version number * ima: add option 'log_hash_alg' to IMA allowlist * ima: remove hard requirement for SHA1 PCR 10 * algorithms: extend Hash class to simplify computing hash values * config, tpm_main: explicitly handle YAML load errors * config: private_key must be set to -private.pem not -public.pem * agent: add UUID option environment * agent: drop openstack uuid option - Set /var/lib/keylime under the same permissions expected by the code ==== libapparmor ==== - add ruby-3.1-build-fix.diff: fix build with ruby 3.1 (boo#1194221, MR 827) ==== polkit ==== Subpackages: libpolkit-agent-1-0 libpolkit-gobject-1-0 - Switch from mozjs to duktape: * Add duktape-support.patch - Fixed pkexec Local Privilege Escalation aka pwnkit (CVE-2021-4034 bsc#1194568) CVE-2021-4034-pkexec-fix.patch ==== procps ==== Subpackages: libprocps8 - Correct used URLs ==== python-py ==== Version update (1.10.0 -> 1.11.0) - update to 1.11.0: * Support Python 3.11 * Support ``NO_COLOR`` environment variable * Update vendored apipkg: 1.5 => 2.0 ==== qemu ==== - Enable modules for testsuite * Patches added: meson-build-all-modules-by-default.patch ==== raspberrypi-firmware ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-config ==== Version update (2021.12.01 -> 2022.01.24) - Update to 9c04ed2c1a (2022-01-24): * firmware: platform: Limit max clock-id to CLOCK_VEC for now See: #1688 - Update to 827fdd0736 (2022-01-20): * firmware: dtoverlay: Don't mix non-fatal errors and offsets See: #1686 * firmware: arm_loader: Load vl805 overlay on CM4 See: https://forums.raspberrypi.com/viewtopic.php?t=326088 * firmware: gencmdserv: Add mailbox interface to gencmd * firmware: improve firmware camera detection * firmware: arm-loader: Fix kernel8.img selection on 2837 with arm_64bit=1 See: #1671 * firmware: ldconfig: Discard subsequent chunks from a truncated line See: #1669 * firmware: cec: Fail set_passive_mode when running with kms * firmware: Firmware: Remove PWM/audio traits for CM4 * firmware: usb: Fix non-BCM2711 MSD support See: raspberrypi/usbboot#102 ==== raspberrypi-firmware-dt ==== Version update (2021.11.19 -> 2022.01.19) - Switch to 5.16 branch - boo#1194423 - Update to ffd6c6dc4dbf (2022-01-19) ==== salt ==== Version update (3003.3 -> 3004) Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration salt-transactional-update - Update to version 3004, see release notes: https://docs.saltproject.io/en/master/topics/releases/3004.html - Don't check for cached pillar errors on state.apply (bsc#1190781) - Added: * state.apply-don-t-check-for-cached-pillar-errors.patch - Modified: * add-migrated-state-and-gpg-key-management-functions-.patch * switch-firewalld-state-to-use-change_interface.patch * include-aliases-in-the-fqdns-grains.patch * debian-info_installed-compatibility-50453.patch * info_installed-works-without-status-attr-now.patch * fix-traceback.print_exc-calls-for-test_pip_state-432.patch * add-custom-suse-capabilities-as-grains.patch * add-rpm_vercmp-python-library-for-version-comparison.patch * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch * support-transactional-systems-microos.patch * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch * update-target-fix-for-salt-ssh-to-process-targets-li.patch * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch * enhance-openscap-module-add-xccdf_eval-call-386.patch * add-environment-variable-to-know-if-yum-is-invoked-f.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * run-salt-master-as-dedicated-salt-user.patch * 3003.3-postgresql-json-support-in-pillar-423.patch * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch * early-feature-support-config.patch * implementation-of-held-unheld-functions-for-state-pk.patch * x509-fixes-111.patch * fix-issues-with-salt-ssh-s-extra-filerefs.patch * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch * use-adler32-algorithm-to-compute-string-checksums.patch * refactor-and-improvements-for-transactional-updates-.patch * improvements-on-ansiblegate-module-354.patch * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch - Removed: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch * do-not-break-master_tops-for-minion-with-version-low.patch * don-t-call-zypper-with-more-than-one-no-refresh.patch * do-not-monkey-patch-yaml-bsc-1177474.patch * add-missing-aarch64-to-rpm-package-architectures-405.patch * figure-out-python-interpreter-to-use-inside-containe.patch * parsing-epoch-out-of-version-provided-during-pkg-rem.patch * fix-a-test-and-some-variable-names-229.patch * add-astra-linux-common-edition-to-the-os-family-list.patch * better-handling-of-bad-public-keys-from-minions-bsc-.patch * templates-move-the-globals-up-to-the-environment-jin.patch * virt-enhancements.patch * fix-aptpkg.normalize_name-when-package-arch-is-all.patch * adding-preliminary-support-for-rocky.-59682-391.patch * fix-save-for-iptables-state-module-bsc-1185131-372.patch ==== selinux-policy ==== Version update (20211111 -> 20220124) Subpackages: selinux-policy-targeted - Update to version 20220124. Refreshed: * fix_hadoop.patch * fix_init.patch * fix_kernel_sysctl.patch * fix_systemd.patch * fix_systemd_watch.patch - Added fix_hypervkvp.patch to fix issues with hyperv labeling (bsc#1193987) ==== snapper ==== Version update (0.9.0 -> 0.9.1) Subpackages: libsnapper5 - added bash completion provided by community - look for most configuration files in /etc/snapper and /usr/share/snapper (bsc#1189601) - version 0.9.1 ==== suse-module-tools ==== Version update (16.0.18 -> 16.0.19) - Update to version 16.0.19: * Add /etc/modprobe.d/README on SLE/Leap (bsc#1195051) * rpm-script: force-copy kernel to /boot (boo#1194501) ==== toolbox ==== - Allow docker as an alternative to podman in the package Requires. This was supported since 2.2. ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2022.01 * Patches added: 0016-mx6qsabrelite-Enable-DM_ETH-to-re-e.patch 0017-rockchip-sdhci-Fix-RK3399-eMMC-PHY-.patch ==== userspace-rcu ==== Version update (0.13.0 -> 0.13.1) - update to 0.13.1: * fix: properly detect 'cmpxchg' on x86-32 * fix: use urcu-tls compat with c++ compiler * fix: remove autoconf features default value in help message * fix: add missing pkgconfig file for memb flavour lib * Make temporary variable in _rcu_dereference non-const * Fix: x86 and s390: uatomic __hp() macro C++ support * Fix: x86 and s390: uatomic __hp() macro clang support * Fix: x86 and s390 uatomic: __hp() macro warning with gcc 11 ==== util-linux ==== Version update (2.37.2 -> 2.37.3) Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - update to 2.37.3 (bsc#1194976): This release fixes two security mount(8) and umount(8) issues: * CVE-2021-3996 Improper UID check in libmount allows an unprivileged user to unmount FUSE filesystems of users with similar UID. * CVE-2021-3995 This issue is related to parsing the /proc/self/mountinfo file allows an unprivileged user to unmount other user's filesystems that are either world-writable themselves or mounted in a world-writable directory. ==== vim ==== Version update (8.2.4063 -> 8.2.4186) Subpackages: vim-data-common vim-small - Updated to version 8.2.4186, fixes the following problems * Vim9: exported function in autoload script not found. (Yegappan Lakshmanan) * Foam files are not detected. * Computation overflow with large count for :yank. * Vim9: imported autoload script loaded again. * Vim9: cannot call imported function with :call. (Drew Vogel) * Vim9: import test fails. * Vim9: import test fails on MS-Windows. * Using uninitialized memory when reading empty file. * Vim9: no detection of return in try/endtry. (Dominique Pellé) * Vim9: compiling function fails when autoload script is not loaded yet. * Coverity warns for using NULL pointer. * Going over the end of NameBuff. * Test failures. * Memory leak in autoload import. * Not all Libsensors files are recognized. * Terminal test for current directory not used on FreeBSD. * MS-Windows: "gvim --version" didn't work when build with VIMDLL. * Not sufficient test coverage for xxd. * CodeQL reports problem in if_cscope causing it to fail. * Check for autoload file name and prefix fails. (Christian J. Robinson) * Vim9: no test for "vim9script autoload' and using script variable in the same script. * Memory leak when looking for autoload prefixed variable. * Vim9: no test for using import in legacy script. * "cctx" argument of find_func_even_dead() is unused. * Cannot test items from an autoload script easily. * Xxd cannot output everything in one line. * Terminal test for current directory fails on FreeBSD. * After restoring a session buffer order can be quite different. * Virtcol is recomputed for statusline unnecessarily. * MacOS CI: unnecessarily doing "Install packages". * Cached breakindent values not initialized properly. * 'virtualedit' is window-local but using buffer-local enum. * Sed script not recognized by the first line. * Linux CI: unnecessarily installing packages * Wrong number in error message on 32 bit system. (John Paul Adrian Glaubitz) * Typing "interrupt" at debug prompt may keep exception around, causing function calls to fail. * Vim9: cannot use Vim9 syntax in mapping. * Early return when getting the 'formatlistpat' value. * Warning for unused argument in tiny version. * Vim9: import cannot be used after method. * Vim9: variable declared in for loop not initialzed. * Vim9: lower casing the autoload prefix causes problems. * Translation related comment in the wrong place. * Going over the end of the w_lines array. * Script context not restored after using . * Going over the end of the w_lines array. * MS-Windows: high dpi support is outdated. * Coverity warns for using NULL pointer. * Potential proglem when map is deleted while executing. * Function not deleted at end of test. * Typo on DOCMD_RANGEOK results in not recognizing command. * Vim9: type checking for a funcref does not work for when it is used in a method. * Cannot use a method with a complex expression. * Vim9: cannot use a method with a complex expression in a :def function. * Vim9: wrong white space error after using imported item. * Using UNUSED for argument that is used. * Build failure when disabling the channel feature. * Block insert goes over the end of the line. * Visual test fails on MS-Windows. * ":command Cmd" does not show custom completion argument. * Complete function cannot be import.Name. * Vim9: method in compiled function may not see script item. * Completion tests fail. * Crash on exit when built with dynamic Tcl and EXITFREE is defined. (Dominique Pellé) * Build failure without the +eval feature. * Crash when method cannot be found. (Christian J. Robinson) * Building with +sound but without +eval fails. (Dominique Pellé) * MS-Windows: MSVC build may have libraries duplicated. * Vim9: calling function in autoload import does not work in a :def function. * Vim9: wrong error message when autoload script can't be found. * output of ":scriptnames" goes into the message history, while this des not happen for other commands, such as ":ls". * MS-Windows: test for import with absolute path fails. * Vim9: ":scriptnames" shows unloaded imported autoload script. * Vim9: the "autoload" argument of ":vim9script" is not useful. * Vim9: calling import with and without method is inconsistent. * Vim9: no error for return with argument when the function does not return anything. * Using freed memory if an expression abbreviation deletes the abbreviation. * maparg() does not indicate the type of script where it was defined. * Vim9 builtin functions test fails. * Build failure with normal features without persistent undo. * MS-Windows: IME support for Win9x is obsolete. * Cannot load libsodium dynamically. * Confusing error when using name of import for a function. * Vim9: shadowed function can be used in compiled function but not at script level. * E464 does not always include the offending command. * Deleting any mapping may cause to not set the script context. * Test override not restored, autocommand left behind. * Coverity warns for using pointer after free. * Reading beyond the end of a line. * Block insert with double wide character fails. * MS-Windows: Global IME is no longer supported. * ml_get error when exchanging windows in Visual mode. * Translating strftime() argument results in check error. * Fileinfo message overwrites echo'ed message. * Terminal test fails because Windows sets the title. * MS-Windows: memory leak in :browse. * MS-Windows: _WndProc() is very long. * Cannot change the register used for Select mode delete. * Vim9: warning for missing white space after imported variable. * Vim9: no error for redefining function with export. * No error for omitting function name after autoload prefix. * Error in legacy code for function shadowing variable. * The nv_g_cmd() function is too long. * Undo synced when switching buffer in another window. * Vim9: error message for old style import. * Disallowing empty function name breaks existing plugins. * MS-Windows: unnessary casts and other minor things. * MS-Windows: still using old message API calls. * Cannot invoke option function using autoload import. * Filetype detection for BASIC is not optimal. * Cannot use an import in 'foldexpr'. * Vim9: can use an autoload name in normal script. * MS-Windows: runtime check for multi-line balloon is obsolete. * Vim9: cannot use imported function with call(). * Vim9: autoload script not loaded after "vim9script noclear". * Vim9: invalid error for return type of lambda when debugging. * 'foldtext' is evaluated in the current script context. * 'balloonexpr' is evaluated in the current script context. * Vim9: cannot use an import in 'diffexpr'. * Memory leak when evaluating 'diffexpr'. * Cannot use an import in 'formatexpr'. * Cannot use an import in 'includeexpr'. * Cannot use an import in 'indentexpr'. * Cannot use an import in 'patchexpr'. ==== wpa_supplicant ==== Version update (2.9 -> 2.10) - update to 2.10.0: * SAE changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] - added support for the hash-to-element mechanism (sae_pwe=1 or sae_pwe=2); this is currently disabled by default, but will likely get enabled by default in the future - fixed PMKSA caching with OKC - added support for SAE-PK * EAP-pwd changes - improved protection against side channel attacks [https://w1.fi/security/2022-1/] * fixed P2P provision discovery processing of a specially constructed invalid frame [https://w1.fi/security/2021-1/] * fixed P2P group information processing of a specially constructed invalid frame [https://w1.fi/security/2020-2/] * fixed PMF disconnection protection bypass in AP mode [https://w1.fi/security/2019-7/] * added support for using OpenSSL 3.0 * increased the maximum number of EAP message exchanges (mainly to support cases with very large certificates) * fixed various issues in experimental support for EAP-TEAP peer * added support for DPP release 2 (Wi-Fi Device Provisioning Protocol) * a number of MKA/MACsec fixes and extensions * added support for SAE (WPA3-Personal) AP mode configuration * added P2P support for EDMG (IEEE 802.11ay) channels * fixed EAP-FAST peer with TLS GCM/CCM ciphers * improved throughput estimation and BSS selection * dropped support for libnl 1.1 * added support for nl80211 control port for EAPOL frame TX/RX * fixed OWE key derivation with groups 20 and 21; this breaks backwards compatibility for these groups while the default group 19 remains backwards compatible * added support for Beacon protection * added support for Extended Key ID for pairwise keys * removed WEP support from the default build (CONFIG_WEP=y can be used to enable it, if really needed) * added a build option to remove TKIP support (CONFIG_NO_TKIP=y) * added support for Transition Disable mechanism to allow the AP to automatically disable transition mode to improve security * extended D-Bus interface * added support for PASN * added a file-based backend for external password storage to allow secret information to be moved away from the main configuration file without requiring external tools * added EAP-TLS peer support for TLS 1.3 (disabled by default for now) * added support for SCS, MSCS, DSCP policy * changed driver interface selection to default to automatic fallback to other compiled in options * a large number of other fixes, cleanup, and extensions - drop wpa_supplicant-p2p_iname_size.diff, CVE-2021-30004.patch, CVE-2021-27803.patch, CVE-2021-0326.patch, CVE-2019-16275.patch: upstream - refresh config from 2.10 defconfig, re-enable CONFIG_WEP ==== yast2 ==== Version update (4.4.39 -> 4.4.43) - ProductFeatures: add boot timeout option (jsc#SLE-22667) - 4.4.43 - Added Y2Packager::NewRepositorySetup to track new repositories (related to bsc#1194453) - 4.4.42 - Fix PackageAI call to PackagesProposal.GetResolvable. It prevents a crash when cloning a system (bsc#1195137). - 4.4.41 - Use Package module instead of PackageSystem (bsc#1194886). - 4.4.40