Packages changed: btrfsprogs cilium (1.5.5 -> 1.6.3) file flannel libcontainers-common podman (1.5.1 -> 1.6.1) rpm-config-SUSE (0.g35 -> 0.g40) vim (8.1.2052 -> 8.1.2148) yomi-formula (0.0.1+git.1570457098.f38ad71 -> 0.0.1+git.1570614306.1a4ae0f) === Details === ==== btrfsprogs ==== - Enable build of python-bindings for libbtrfsutil ==== cilium ==== Version update (1.5.5 -> 1.6.3) - Update to version 1.6.3: * Highlights * KVStore free operation * 100% Kube-proxy replacement * Socket-based load-balancing * Policy scalability improvements * Generic CNI chaining * Native AWS ENI mode * Key Fixes * Fix IP leak on main interface when using ENI IPAM * Fix deadlock caused by buffered channel being full when large amounts of local identities are allocated while FQDNSelectors are being updated * Minor Bug Fixes * Fix apiVersion in micropk8s Daemonset in microk8s-prepull.yml to apps/v1 * Do not try to delete CiliumEndpoint from K8s if name / namespace fields are empty * Configure sysctl if IPv6 is disabled for the health endpoint's device to have IPv6 disabled as well in order to avoid emitting IPv6 autoconf frames * Fix monitor reporting status to not show monitor as always being disabled * Fix sockops compilation / verification on newer LLVM versions * Ensure that unroutable packets are dropped as being unroutable when they are unroutable via cilium_host device * Fix bug where L7 wildcarding for policy was not occurring for CIDR-based policy rules * Enhancements * Populate source and destination ports for DNS records in the monitor * Backport of pkg/sysctl to make it easier to configure sysctl options * Support client certificate rotation in the etcd client * Encryption Fixes * Fix packet drops when using encryption by setting output-mark to use table 200 post-encryption and set different MTU for main/200 tables / not using policies/states for subnets * Dependencies * Update netlink library to get support for output-mark * Update golang version in Docker images to v1.12.10 * Always run update when building dependencies in Docker images * Bump K8s dependency to v1.16.1 * Bump golang.org/sys/unix library version * Documentation * Update supported Kubernetes versions * Update microk8s instructions to use cilium plugin to microk8s ==== file ==== - Add temporary patch CVE-2019-18218-46a8443f.patch from upstream to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c - Let python-magic build with latest rpm ==== flannel ==== - It's apps/v1, not apps/v1beta1 - Fix some more typos - Fix typo in updated flannel manifest - Update flannel manifest to match upstream and support k8s 1.16 API ==== libcontainers-common ==== - Update to image 4.0.0 - Add http response to log - Add tests for parsing OpenShift kubeconfig files - Compress: define some consts for the compression algos - Compression: add support for the zstd - Compression: allow to specify the compression format - Copy: add nil checks - Copy: compression: default to gzip - Copy: don't lose annotations of BlobInfo - Copy: fix options.DestinationCtx nil check - Copy: use a bigger buffer for the compression - Fix cross-compilation by vendoring latest c/storage - Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR - Keyctl: clean up after tests - Make container tools work with go+openssl - Make test-skopeo: replace c/image module instead of copying code - Media type checks - Move keyctl to internal & func remove auth from keyring - Replace vendor.conf by go.mod - Update dependencies - Update test certificates - Update to mergo v0.3.5 - Vendor.conf: update reference for containers/storage - Update to storage 1.13.4 - Update generated files - ImageBigData: distinguish between no-such-image and no-such-item - ImageSize: don't get tripped up by images with no layers - tarlogger: disable raw accouting - Update to libpod 1.6.0 - Nothing changed regarding the OCI hooks documentation provided by this package ==== podman ==== Version update (1.5.1 -> 1.6.1) - Update podman to v1.6.1 * Features - The podman network create, podman network rm, podman network inspect, and podman network ls commands have been added to manage CNI networks used by Podman - The podman volume create command can now create and mount volumes with options, allowing volumes backed by NFS, tmpfs, and many other filesystems - Podman can now run containers without CGroups for better integration with systemd by using the --cgroups=disabled flag with podman create and podman run. This is presently only supported with the crun OCI runtime - The podman volume rm and podman volume inspect commands can now refer to volumes by an unambiguous partial name, in addition to full name (e.g. podman volume rm myvol to remove a volume named myvolume) (#3891) - The podman run and podman create commands now support the - -pull flag to allow forced re-pulling of images (#3734) - Mounting volumes into a container using --volume, --mount, and - -tmpfs now allows the suid, dev, and exec mount options (the inverse of nosuid, nodev, noexec) (#3819) - Mounting volumes into a container using --mount now allows the relabel=Z and relabel=z options to relabel mounts. - The podman push command now supports the --digestfile option to save a file containing the pushed digest - Pods can now have their hostname set via podman pod create - -hostname or providing Pod YAML with a hostname set to podman play kube (#3732) - The podman image sign command now supports the --cert-dir flag - The podman run and podman create commands now support the - -security-opt label=filetype:$LABEL flag to set the SELinux label for container files - The remote Podman client now supports healthchecks * Bugfixes - Fixed a bug where remote podman pull would panic if a Varlink connection was not available (#4013) - Fixed a bug where podman exec would not properly set terminal size when creating a new exec session (#3903) - Fixed a bug where podman exec would not clean up socket symlinks on the host (#3962) - Fixed a bug where Podman could not run systemd in containers that created a CGroup namespace - Fixed a bug where podman prune -a would attempt to prune images used by Buildah and CRI-O, causing errors (#3983) - Fixed a bug where improper permissions on the ~/.config directory could cause rootless Podman to use an incorrect directory for storing some files - Fixed a bug where the bash completions for podman import threw errors - Fixed a bug where Podman volumes created with podman volume create would not copy the contents of their mountpoint the first time they were mounted into a container (#3945) - Fixed a bug where rootless Podman could not run podman exec when the container was not run inside a CGroup owned by the user (#3937) - Fixed a bug where podman play kube would panic when given Pod YAML without a securityContext (#3956) - Fixed a bug where Podman would place files incorrectly when storage.conf configuration items were set to the empty string (#3952) - Fixed a bug where podman build did not correctly inherit Podman's CGroup configuration, causing crashed on CGroups V2 systems (#3938) - Fixed a bug where podman cp would improperly copy files on the host when copying a symlink in the container that included a glob operator (#3829) - Fixed a bug where remote podman run --rm would exit before the container was completely removed, allowing race conditions when removing container resources (#3870) - Fixed a bug where rootless Podman would not properly handle changes to /etc/subuid and /etc/subgid after a container was launched - Fixed a bug where rootless Podman could not include some devices in a container using the --device flag (#3905) - Fixed a bug where the commit Varlink API would segfault if provided incorrect arguments (#3897) - Fixed a bug where temporary files were not properly cleaned up after a build using remote Podman (#3869) - Fixed a bug where podman remote cp crashed instead of reporting it was not yet supported (#3861) - Fixed a bug where podman exec would run as the wrong user when execing into a container was started from an image with Dockerfile USER (or a user specified via podman run --user) (#3838) - Fixed a bug where images pulled using the oci: transport would be improperly named - Fixed a bug where podman varlink would hang when managed by systemd due to SD_NOTIFY support conflicting with Varlink (#3572) - Fixed a bug where mounts to the same destination would sometimes not trigger a conflict, causing a race as to which was actually mounted - Fixed a bug where podman exec --preserve-fds caused Podman to hang (#4020) - Fixed a bug where removing an unmounted container that was unmounted might sometimes not properly clean up the container (#4033) - Fixed a bug where the Varlink server would freeze when run in a systemd unit file (#4005) - Fixed a bug where Podman would not properly set the $HOME environment variable when the OCI runtime did not set it - Fixed a bug where rootless Podman would incorrectly print warning messages when an OCI runtime was not found (#4012) - Fixed a bug where named volumes would conflict with, instead of overriding, tmpfs filesystems added by the --read-only-tmpfs flag to podman create and podman run - Fixed a bug where podman cp would incorrectly make the target directory when copying to a symlink which pointed to a nonexistent directory (#3894) - Fixed a bug where remote Podman would incorrectly read STDIN when the -i flag was not set (#4095) - Fixed a bug where podman play kube would create an empty pod when given an unsupported YAML type (#4093) - Fixed a bug where podman import --change improperly parsed CMD (#4000) - Fixed a bug where rootless Podman on systems using CGroups V2 would not function with the cgroupfs CGroups manager - Fixed a bug where rootless Podman could not correctly identify the DBus session address, causing containers to fail to start (#4162) - Fixed a bug where rootless Podman with slirp4netns networking would fail to start containers due to mount leaks * Misc - Significant changes were made to Podman volumes in this release. If you have pre-existing volumes, it is strongly recommended to run podman system renumber after upgrading. - Version 0.8.1 or greater of the CNI Plugins is now required for Podman - Version 2.0.1 or greater of Conmon is strongly recommended - Updated vendored Buildah to v1.11.2 - Updated vendored containers/storage library to v1.13.4 - Improved error messages when trying to create a pod with no name via podman play kube - Improved error messages when trying to run podman pause or podman stats on a rootless container on a system without CGroups V2 enabled - TMPDIR has been set to /var/tmp by default to better handle large temporary files - podman wait has been optimized to detect stopped containers more rapidly - Podman containers now include a ContainerManager annotation indicating they were created by libpod - The podman info command now includes information about slirp4netns and fuse-overlayfs if they are available - Podman no longer sets a default size of 65kb for tmpfs filesystems - The default Podman CNI network has been renamed in an attempt to prevent conflicts with CRI-O when both are run on the same system. This should only take effect on system restart - The output of podman volume inspect has been more closely matched to docker volume inspect ==== rpm-config-SUSE ==== Version update (0.g35 -> 0.g40) - Update to version 0.g40: * locale.prov: also work with -locale packages * locale.prov: discard input in error case - Update to version 0.g37: * Add macros for locale provides ==== vim ==== Version update (8.1.2052 -> 8.1.2148) - Add python38-config.patch to make vim buildable with new Python 3.8. (gh#vim/vim#4080) - Updated to version 8.1.2148, fixes the following problems * Using "x" before a closed fold may delete that fold. * SafeStateAgain not triggered if callback uses feedkeys(). * Compiler test for Perl may fail. * Not easy to jump to function line from profile. * "make test" for indent files doesn't cause make to fail. * The screen.c file is much too big. * Function for ex command is named inconsistently. * Fix for "x" deleting a fold has side effects. * "precedes" in 'listchars' not used properly. * The mouse code is spread out. * Some tests fail when +balloon_eval_term is missing but _balloon_eval is present. (Dominique Pelle) * No tests for state(). * No tests for SafeState and SafeStateAgain. * Test for SafeState and SafeStateAgain may fail. * Test for SafeStateAgain may still fail. * Mouse code is spread out. * When 'wincolor' is set text property changes highlighting. (Andy Stewart) * "gk" moves to start of line instead of upwards. * When editing a buffer 'colorcolumn' may not work. * Test for SafeState autocommand is a bit flaky. * Get many log messages when waiting for a typed character. * Crash when trying to put a terminal buffer in a popup window. * The ops.c file is too big. * Build error with +textprop but without +terminal. (Tony Mechelynck) * Popup window test fails without +terminal. * The terminal API is limited and can't be disabled. * The spell.c file is too big. * Some files have a weird name to fit in 8.3 characters. * Multi-byte chars do not work properly with "%.*S" in printf(). * Missing a few changes for the renamed files. * Cannot easily select one test function to execute. * Renamed libvterm mouse.c file not in distributed file list. * Do not get a hint that $TEST_FILTER was active. * Not clear why channel log file ends. * Double free when memory allocation fails. (Zu-Ming Jiang) * The fileio.c file is too big. * Leaking memory when getting item from dict. * Too many #ifdefs. * :mksession is not sufficiently tested. * mksession test fails on MS-Windows. * state() test fails on some Mac systems. * :mksession is not sufficiently tested. * write_session_file() often defined but not used. * Can't build with GTK and FEAT_GUI_GNOME. (Tony Mechelynck) * wrong error message if "termdebugger" is not executable. * The normal.c file is too big. * No tests for dragging the mouse beyond the window. * Various memory leaks reported by asan. * Cannot close the cmdline window from CmdWinEnter. (George Brown) * popup_getoptions() hangs with tab-local popup. * CTRL-C closes two popups instead of one. * Viminfo file not sufficiently tested. * Build number for ConPTY is outdated. * ":help expr-!~?" only works after searching. * When a popup is closed with CTRL-C the callback aborts. * No check for out of memory. * CursorLine highlight used while 'cursorline' is off. * Termcodes test fails when $TERM is "dumb". * memory access error for empty string when 'encoding' is a single byte encoding. * Some MB_ macros are more complicated than necessary. (Dominique Pelle) * Mode is not updated when switching to terminal in Insert mode. * Cannot build without terminal feature. * Parsing CSI sequence is messy. * Ruler is not updated if win_execute() moves cursor. * Fnamemodify() fails when repeating :e. * Viminfo not sufficiently tested. * The indent.c file is a bit big. * Renamed libvterm sources makes merging difficult. * Using hard coded executable path in test. * MSVC build fails. * MSVC tests fail. * MS-Windows: screen mess when not recognizing insider build. * Some tests fail when run as root. * Modifier keys are not always recognized. * With modifyOtherKeys Alt-a does not work properly. * using freed memory with autocmd from fuzzer. (Dhiraj Mishra, Dominique Pelle) * Parsing the termresponse is not tested. * Including the build number in the Win32 binary is confusing. * The modifyOtherKeys codes are not tested. * "gk" and "gj" do not work correctly in number column. * :tselect has an extra hit-enter prompt. * Some key mappings do not work with modifyOtherKeys. * Cannot see each command even when 'verbose' is set. * Side effects when using t_ti to enable modifyOtherKeys. * Cannot map when modifyOtherKeys is enabled. * Build failure. * Crash when allocating memory fails. (Zu-Ming Jiang) * No test for right click extending Visual area. ==== yomi-formula ==== Version update (0.0.1+git.1570457098.f38ad71 -> 0.0.1+git.1570614306.1a4ae0f) - Update to version 0.0.1+git.1570614306.1a4ae0f: * README: update FQDN where master lives by default