Packages changed: apparmor boost-base btrfsprogs (5.2.2 -> 5.3.1) hello-kubic (1.1 -> 1.2) kernel-firmware (20191023 -> 20191108) podman (1.6.1 -> 1.6.2) read-only-root-fs (1.0+git20190607.11f8587 -> 1.0+git20191112.42add9e) rook (1.1.1+git0.g9a2641a6 -> 1.1.6+git0.g91d6f635) rpm-config-SUSE (0.g42 -> 0.g45) weave (2.5.2 -> 2.6.0) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-profiles apparmor-utils - add libapparmor-python3.8.diff to fix building the libapparmor python bindings (deb#943657) ==== boost-base ==== - Make sure openmpi-macros-devel is not required for base flavor -- consolidate build_mpi/mpi macro into just one. - Remove BuildArch guards, no longer relevant since SuSE 11.2 ==== btrfsprogs ==== Version update (5.2.2 -> 5.3.1) - Update to 5.3.1: * libbtrfs: fix link breakage due to missing symbols - Updaet to 5.3: * mkfs: * new option to specify checksum algorithm (only crc32c) * fix xattr enumeration * dump-tree: BFS (breadth-first) traversal now default * libbtrfsutil: remove stale BTRFS_DEV_REPLACE_ITEM_STATE_x defines * ci: add support for gitlab * other: * preparatory work for more checksum algorithms * docs update * switch to docbook5 backend for asciidoc * fix build on uClibc due to missing backtrace() * lots of printf format fixups ==== hello-kubic ==== Version update (1.1 -> 1.2) - Update to version 1.2 - use official openSUSE container image ==== kernel-firmware ==== Version update (20191023 -> 20191108) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20191108 (git commit f1100ddf581f): * i915: Add HuC firmware v7.0.3 for TGL * i915: Add GuC firmware v35.2.0 for TGL * i915: Add HuC firmware v9.0.0 for EHL * i915: Add GuC firmware v33.0.4 for EHL * rtw88: RTL8723D: add firmware file v48 * qed: Add firmware 8.40.33.0 * amdgpu: add new navi14 wks gfx firmware for 19.30 * amdgpu: update navi14 firmware for 19.30 * amdgpu: update raven firmware for 19.30 * linux-firmware: Add firmware file for Intel Bluetooth AX201 ==== podman ==== Version update (1.6.1 -> 1.6.2) - Add container-start-fix.patch to correct output of container-start to show container_name, not _id. - Update podman to v1.6.2 * Features - Added a --runtime flag to podman system migrate to allow the OCI runtime for all containers to be reset, to ease transition to the crun runtime on CGroups V2 systems until runc gains full support - The podman rm command can now remove containers in broken states which previously could not be removed - The podman info command, when run without root, now shows information on UID and GID mappings in the rootless user namespace - Added podman build --squash-all flag, which squashes all layers (including those of the base image) into one layer - The --systemd flag to podman run and podman create now accepts a string argument and allows a new value, always, which forces systemd support without checking if the the container entrypoint is systemd * Bugfixes - Fixed a bug where the podman top command did not work on systems using CGroups V2 (#4192) - Fixed a bug where rootless Podman could double-close a file, leading to a panic - Fixed a bug where rootless Podman could fail to retrieve some containers while refreshing the state - Fixed a bug where podman start --attach --sig-proxy=false would still proxy signals into the container - Fixed a bug where Podman would unconditionally use a non-default path for authentication credentials (auth.json), breaking podman login integration with skopeo and other tools using the containers/image library - Fixed a bug where podman ps --format=json and podman images - -format=json would display null when no results were returned, instead of valid JSON - Fixed a bug where podman build --squash was incorrectly squashing all layers into one, instead of only new layers - Fixed a bug where rootless Podman would allow volumes with options to be mounted (mounting volumes requires root), creating an inconsistent state where volumes reported as mounted but were not (#4248) - Fixed a bug where volumes which failed to unmount could not be removed (#4247) - Fixed a bug where Podman incorrectly handled some errors relating to unmounted or missing containers in containers/storage - Fixed a bug where podman stats was broken on systems running CGroups V2 when run rootless (#4268) - Fixed a bug where the podman start command would print the short container ID, instead of the full ID - Fixed a bug where containers created with an OCI runtime that is no longer available (uninstalled or removed from the config file) would not appear in podman ps and could not be removed via podman rm - Fixed a bug where containers restored via podman container restore --import would retain the CGroup path of the original container, even if their container ID changed; thus, multiple containers created from the same checkpoint would all share the same CGroup * Misc - The default PID limit for containers is now set to 4096. It can be adjusted back to the old default (unlimited) by passing - -pids-limit 0 to podman create and podman run - The podman start --attach command now automatically attaches STDIN if the container was created with -i - The podman network create command now validates network names using the same regular expression as container and pod names - The --systemd flag to podman run and podman create will now only enable systemd mode when the binary being run inside the container is /sbin/init, /usr/sbin/init, or ends in systemd (previously detected any path ending in init or systemd) - Updated vendored Buildah to 1.11.3 - Updated vendored containers/storage to 1.13.5 - Updated vendored containers/image to 4.0.1 ==== read-only-root-fs ==== Version update (1.0+git20190607.11f8587 -> 1.0+git20191112.42add9e) - Update to version 1.0+git20191112.42add9e: * Add RequiresMountsFor=/etc override for systemd-udevd.service ==== rook ==== Version update (1.1.1+git0.g9a2641a6 -> 1.1.6+git0.g91d6f635) - Update rook to v1.1.6: * Flex driver should not allow attach before detach on a different node (#3582) * Properly set the ceph-mgr annotations (#4195) * Only trigger an orchestration if the cluster CR changed (#4252) * Fix setting rbdGrpcMetricsPort in the helm chart (#4202) * Document all helm chart settings (#4202) * Support all layers of CRUSH map with node labels (#4236) * Skip orchestration restart on device config map update for osd on pvc (#4124) * Deduplicate tolerations collected for the drain canary pods (#4220) * Role bindings are missing for pod security policies (#3851) * Continue with orchestration if a single mon pod fails to start (#4146) * OSDs cannot call 'restorecon' when selinux is enabled (#4214) * Use the rook image for drain canary pods (#4213) * Allow setting of osd prepare resource limits (#4182) * Documentation for object bucket provisioning (#3882) - Update rook to v1.1.4: * OSD config overrides were ignored for some upgraded OSDs (#4161) * Enable restoring a cluster after disaster recovery (#4021) * Enable upgrade of OSDs configured on PVCs (#3996) * Automatically removing OSDs requires setting: removeOSDsIfOutAndSafeToRemove(#4116) * Rework csi keys and secrets to use minimal privileges (#4086) * Expose OSD prepare pod resource limits (#4083) * Minimum K8s version for running OSDs on PVCs is 1.13 (#4009) * Add 'rgw.buckets.non-ec' to list of RGW metadataPools (#4087) * Hide wrong error for clusterdisruption controller (#4094) * Multiple integration test fixes to improve CI stability (#4098) * Detect mount fstype more accurately in the flex driver (#4109) * Do not override mgr annotations (#4110) * Add OSDs to proper buckets in crush hierarchy with topology awareness (#4099) * More robust removal of cluster finalizer (#4090) * Take activeStandby into account for the CephFileSystem disruption budget (#4075) * Update the CSI CephFS registration directory name (#4070) * Fix incorrect Ceph CSI doc links (#4081) * Remove decimal places for osdMemoryTargetValue monitoring setting (#4046) * Relax pre-requisites for external cluster to allow connections to Luminous (#4025) * Avoid nodes getting stuck in OrchestrationStatusStarting during OSD config (#3817) * Make metrics and liveness port configurable (#4005) * Correct system namespace for CSI driver settings during upgrade (#4040) - Update csi-dummy-images.patch - Update csi-template-paths.patch - Update 0001-bsc-1152690-ceph-csi-Driver-will-fail-with-error.patch ==== rpm-config-SUSE ==== Version update (0.g42 -> 0.g45) - Update to version 0.g45: * Use -flto=auto for _lto_cflags for now - Update to version 0.g44: * Sync specfile changes * Add _lto_cflags to suse_macros for now ==== weave ==== Version update (2.5.2 -> 2.6.0) - Update weave to 2.6.0 - Fix a race condition in Kubernetes addon when reclaiming IP addresses after node deletion #3724, #3716 - Buffer events so Docker won't drop them, and Weave Net can clean up after dead containers #3432, #3705 - Weave reconnect occasionally fails after network interface disconnect #3666, #3669, #3676 - Ingress NetworkPolicy would accepts all traffic when specifying both IPBlock and port #3653, #3654 - Support both podSelector and namespaceSelector in NetworkPolicy #3312, #3647 - Only add default-drop egress rule if network policies are in use #3639 - Manifests use 'apps/v1' rather than deprecated 'apps/v1beta1' #3660 - Avoid Weave Net pods being evicted by setting priorityClassName: system-node-critical #3697 - Manifests use recommended DNS policy ClusterFirstWithHostNet #3692 - Weave Net now tolerates 'NoExecute' taint #3655 - Allow extra arguments to NetworkPolicy controller to be set in an environment variable #3683 - Stop reporting a failure to connect to self #3454, #3585 - Minor reduction in log noise when reclaiming IPs #3710 - Update weave.yaml for kubernetes 1.16