Packages changed: aaa_base (84.87+git20200507.e2243a4 -> 84.87+git20200804.d7fb210) apparmor augeas (1.11.0 -> 1.12.0) bash (5.0.11 -> 5.0.18) brotli busybox busybox-links chrony cloud-init (19.4 -> 20.2) curl (7.71.1 -> 7.72.0) dbus-1 (1.12.16 -> 1.12.20) efivar etcd (3.4.3 -> 3.4.10) ethtool (5.7 -> 5.8) filesystem findutils flannel (0.11.0 -> 0.12.0) fuse (2.9.8 -> 2.9.9) fuse-overlayfs (1.1.0 -> 1.1.2) fuse3 (3.9.2 -> 3.9.3) gcc10 (10.2.1+git465 -> 10.2.1+git501) grub2 helm (3.2.4 -> 3.3.0) ima-evm-utils (1.3 -> 1.3.1) installation-images-MicroOS (16.3 -> 16.8) iputils irqbalance (1.6.0+git20200317.0348a3b -> 1.7.0) k9s (0.18.1 -> 0.21.7) kernel-firmware (20200716 -> 20200807) kernel-source (5.7.11 -> 5.8.0) krb5 kubernetes (1.18.6 -> 1.18.8) kubernetes1.17 (1.17.9 -> 1.17.11) kubernetes1.18 (1.18.6 -> 1.18.8) kured (1.4.3 -> 1.4.5) less (562 -> 563) libcap (2.32 -> 2.42) libevent (2.1.11 -> 2.1.12) libressl (3.1.3 -> 3.1.4) libyaml (0.2.4 -> 0.2.5) makedumpfile microos-tools (2.2 -> 2.4) openldap2 (2.4.50 -> 2.4.51) permissions (1550_20200727 -> 1550_20200811) pigz pkgconf podman popt (1.16 -> 1.18) python-cffi (1.14.0 -> 1.14.1) python-ordered-set python-rpm-macros (20200714.252de1f -> 20200806.f44d3ac) python38 (3.8.4 -> 3.8.5) python38-core (3.8.4 -> 3.8.5) rook (1.3.4+git0.ga5114030 -> 1.4.0+git0.g801c5934) rsync (3.2.2 -> 3.2.3) salt sqlite3 (3.32.3 -> 3.33.0) sssd transactional-update (2.23 -> 2.24.1) u-boot-rpiarm64 vim (8.2.1253 -> 8.2.1412) xfsprogs zlib === Details === ==== aaa_base ==== Version update (84.87+git20200507.e2243a4 -> 84.87+git20200804.d7fb210) - Let's own /etc/init.d/ as it is gone from package filesystem - Don't create/ship halt.local, systemd support for it was dropped. - Update to version 84.87+git20200804.d7fb210: * bashrc: fix bash: -s: command not found - Update to version 84.87+git20200804.00680c3: * Add proper quoting to last change * add screen.xterm-256color to DIR_COLORS - Update to version 84.87+git20200708.f5e90d7: * check for Packages.db and use this instead of Packages (boo#1171762) * Add also support for /usr/etc/profile.d for tcsh * Do add some support for /usr/etc/profile.d ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - sevdb-caps-mr589.diff: add new capabilities CAP_BPF and CAP_PERFMON to severity.db (lp#1890547) ==== augeas ==== Version update (1.11.0 -> 1.12.0) - update to 1.12.0 General changes/additions - update gnulib to 91584ed6 Lens changes/additions - Anaconda: new lens to process /etc/sysconfig/anaconda instead of Shellvars (Pino Toscano) (Issue #597) - DevfsRules: add lens for FreeBSD devfs.rules files - Dovecot: permit ! in block titles (Nathan Ward) (Issue #599) - Hostname: Allow creation of hostname when file is missing (David Farrell) (Issue #606) - Krb5: add more pkinit_* options (Issue #603) - Logrotate: fix missing recognition of double quoted filenames (Issue #611) - Multipath: accept values enclosed in quotes (Issue #583) - Nginx: support unix sockets as server address (Issue #618) - Nsswitch: add merge action (Issue #609) - Pam: accept continuation lines (Issue #590) - Puppetfile: allow symbols as (optional) values (Issue #619) allow comments in entries (Issue #620) - Rsyslog: support dynamic file paths (Issue #622) treat #!/+/- as comment (arnolda, PR #595) - Syslog: accept 'include' directive (Issue #486) - Semanage: new lens to process /etc/selinux/semanage.conf instead of Simplevars (Pino Toscano) (Issue #594) - Shellvars: allow and/or in @if conditions (#582) accept functions wrapped in round brackets, accept variables with a dash in their name, exclude csh/tcsh profile scripts (Pino Toscano) (Issue #600) accept variable as command (Issue #601) - Ssh: accept RekeyLimit (Issue #605) - Sshd: accept '=' to separate option names from their values (Emil Dragu, #587) - Sudoers: support 'always_query_group_plugin' flag (Steve Traylen, #588) - Strongswan: parse lists. This is a backwards-incompatible change since list entries that were parsed into a single string are now split into a list of entries (Kaarle Ritvanen) - Toml: new lens to parse .toml files (PR #91) - Xorg: accept empty values for options (arnolda, PR #596) - refresh patches - run spec-cleaner ==== bash ==== Version update (5.0.11 -> 5.0.18) - Bump bpatchlvl version to 18 which was missed in previous change ==== brotli ==== Subpackages: libbrotlicommon1 libbrotlidec1 - Fix W: shared-lib-calls-exit /usr/lib64/libbrotlienc.so.1.0.7 exit@GLIBC_2.2.5. ==== busybox ==== - Enable SELinux for the dynamic version ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-xz - Fix typo in spec file - Create new sub-packages: selinux-tools and policycoreutils ==== chrony ==== Subpackages: chrony-pool-openSUSE - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== cloud-init ==== Version update (19.4 -> 20.2) - Update to version 20.2 (bsc#1174443, bsc#1174444) + Remove patches included upstream: - 0001-Make-tests-work-with-Python-3.8-139.patch - cloud-init-ostack-metadat-dencode.patch - cloud-init-use-different-random-src.diff - cloud-init-long-pass.patch - cloud-init-mix-static-dhcp.patch + Remove patches build switched to Python 3 for all distributions - cloud-init-python2-sigpipe.patch - cloud-init-template-py2.patch + Add - cloud-init-after-kvp.diff - cloud-init-recognize-hpc.patch + doc/format: reference make-mime.py instead of an inline script (#334) + Add docs about creating parent folders (#330) [Adrian Wilkins] + DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470) + schema: ignore spurious pylint error (#332) + schema: add json schema for write_files module (#152) + BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder] + nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder] + cloudinit: drop dependencies on unittest2 and contextlib2 (#322) + distros: handle a potential mirror filtering error case (#328) + log: remove unnecessary import fallback logic (#327) + .travis.yml: don't run integration test on ubuntu/* branches (#321) + More unit test documentation (#314) + conftest: introduce disable_subp_usage autouse fixture (#304) + YAML align indent sizes for docs readability (#323) [Tak Nishigori] + network_state: add missing space to log message (#325) + tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910) + test_mounts: expand happy path test for both happy paths (#319) + cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836) + swap file "size" being used before checked if str (#315) [Eduardo Otubo] + HACKING.rst: add pytest version gotchas section (#311) + docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers] + readme: OpenBSD is now supported (#309) [Gonéri Le Bouder] + net: ignore 'renderer' key in netplan config (#306) (LP: #1870421) + Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370) + openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder] + tools/.github-cla-signers: add beezly as CLA signer (#301) + util: remove unnecessary lru_cache import fallback (#299) + HACKING.rst: reorganise/update CLA signature info (#297) + distros: drop leading/trailing hyphens from mirror URL labels (#296) + HACKING.rst: add note about variable annotations (#295) + CiTestCase: stop using and remove sys_exit helper (#283) + distros: replace invalid characters in mirror URLs with hyphens (#291) (LP: #1868232) + rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy] + Fix cloud-init ignoring some misdeclared mimetypes in user-data. [Kurt Garloff] + net: ubuntu focal prioritize netplan over eni even if both present (#267) (LP: #1867029) + cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292) + net/cmdline: replace type comments with annotations (#294) + HACKING.rst: add Type Annotations design section (#293) + net: introduce is_ip_address function (#288) + CiTestCase: remove now-unneeded parse_and_read helper method (#286) + .travis.yml: allow 30 minutes of inactivity in cloud tests (#287) + sources/tests/test_init: drop use of deprecated inspect.getargspec (#285) + setup.py: drop NIH check_output implementation (#282) + Identify SAP Converged Cloud as OpenStack [Silvio Knizek] + add Openbsd support (#147) [Gonéri Le Bouder] + HACKING.rst: add examples of the two test class types (#278) + VMWware: support to update guest info gc status if enabled (#261) [xiaofengw-vmware] + Add lp-to-git mapping for kgarloff (#279) + set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder] + HACKING.rst: add Unit Testing design section (#277) + util: read_cc_from_cmdline handle urlencoded yaml content (#275) + distros/tests/test_init: add tests for _get_package_mirror_info (#272) + HACKING.rst: add links to new Code Review Process doc (#276) + freebsd: ensure package update works (#273) [Gonéri Le Bouder] + doc: introduce Code Review Process documentation (#160) + tools: use python3 (#274) + cc_disk_setup: fix RuntimeError (#270) (LP: #1868327) + cc_apt_configure/util: combine search_for_mirror implementations (#271) + bsd: boottime does not depend on the libc soname (#269) [Gonéri Le Bouder] + test_oracle,DataSourceOracle: sort imports (#266) + DataSourceOracle: update .network_config docstring (#257) + cloudinit/tests: remove unneeded with_logs configuration (#263) + .travis.yml: drop stale comment (#255) + .gitignore: add more common directories (#258) + ec2: render network on all NICs and add secondary IPs as static (#114) (LP: #1866930) + ec2 json validation: fix the reference to the 'merged_cfg' key (#256) [Paride Legovini] + releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini] + cloudinit: remove six from packaging/tooling (#253) + util/netbsd: drop six usage (#252) + workflows: introduce stale pull request workflow (#125) + cc_resolv_conf: introduce tests and stabilise output across Python versions (#251) + fix minor issue with resolv_conf template (#144) [andreaf74] + doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder] + Add Netbsd support (#62) [Gonéri Le Bouder] + tox.ini: avoid substition syntax that causes a traceback on xenial (#245) + Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby] + Introduce and use of a list of GitHub usernames that have signed CLA (#244) + workflows/cla.yml: use correct username for CLA check (#243) + tox.ini: use xenial version of jsonpatch in CI (#242) + workflows: CLA validation altered to fail status on pull_request (#164) + tox.ini: bump pyflakes version to 2.1.1 (#239) + cloudinit: move to pytest for running tests (#211) + instance-data: add cloud-init merged_cfg and sys_info keys to json (#214) (LP: #1865969) + ec2: Do not fallback to IMDSv1 on EC2 (#216) + instance-data: write redacted cfg to instance-data.json (#233) (LP: #1865947) + net: support network-config:disabled on the kernel commandline (#232) (LP: #1862702) + ec2: only redact token request headers in logs, avoid altering request (#230) (LP: #1865882) + docs: typo fixed: dta ? data [Alexey Vazhnov] + Fixes typo on Amazon Web Services (#217) [Nick Wales] + Fix docs for OpenStack DMI Asset Tag (#228) [Mark T. Voelker] (LP: #1669875) + Add physical network type: cascading to openstack helpers (#200) [sab-systems] + tests: add focal integration tests for ubuntu (#225) - From 20.1 (first vesrion after 19.4) + ec2: Do not log IMDSv2 token values, instead use REDACTED (#219) (LP: #1863943) + utils: use SystemRandom when generating random password. (#204) [Dimitri John Ledkov] + docs: mount_default_files is a list of 6 items, not 7 (#212) + azurecloud: fix issues with instances not starting (#205) (LP: #1861921) + unittest: fix stderr leak in cc_set_password random unittest output. (#208) + cc_disk_setup: add swap filesystem force flag (#207) + import sysvinit patches from freebsd-ports tree (#161) [Igor Gali?] + docs: fix typo (#195) [Edwin Kofler] + sysconfig: distro-specific config rendering for BOOTPROTO option (#162) [Robert Schweikert] (LP: #1800854) + cloudinit: replace "from six import X" imports (except in util.py) (#183) + run-container: use 'test -n' instead of 'test ! -z' (#202) [Paride Legovini] + net/cmdline: correctly handle static ip= config (#201) [Dimitri John Ledkov] (LP: #1861412) + Replace mock library with unittest.mock (#186) + HACKING.rst: update CLA link (#199) + Scaleway: Fix DatasourceScaleway to avoid backtrace (#128) [Louis Bouchard] + cloudinit/cmd/devel/net_convert.py: add missing space (#191) + tools/run-container: drop support for python2 (#192) [Paride Legovini] + Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789) + Make the RPM build use Python 3 (#190) [Paride Legovini] + cc_set_password: increase random pwlength from 9 to 20 (#189) (LP: #1860795) + .travis.yml: use correct Python version for xenial tests (#185) + cloudinit: remove ImportError handling for mock imports (#182) + Do not use fallocate in swap file creation on xfs. (#70) [Eduardo Otubo] (LP: #1781781) + .readthedocs.yaml: install cloud-init when building docs (#181) (LP: #1860450) + Introduce an RTD config file, and pin the Sphinx version to the RTD default (#180) + Drop most of the remaining use of six (#179) + Start removing dependency on six (#178) + Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy] + docs: add proposed SRU testing procedure (#167) + util: rename get_architecture to get_dpkg_architecture (#173) + Ensure util.get_architecture() runs only once (#172) + Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann] + freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder] + ssh_auth_key_fingerprints_disable test: fix capitalization (#165) [Paride Legovini] + util: move uptime's else branch into its own boottime function (#53) [Igor Gali?] (LP: #1853160) + workflows: add contributor license agreement checker (#155) + net: fix rendering of 'static6' in network config (#77) (LP: #1850988) + Make tests work with Python 3.8 (#139) [Conrad Hoffmann] + fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74] + freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder] + doc: make apt_update example consistent (#154) + doc: add modules page toc with links (#153) (LP: #1852456) + Add support for the amazon variant in cloud.cfg.tmpl (#119) [Frederick Lefebvre] + ci: remove Python 2.7 from CI runs (#137) + modules: drop cc_snap_config config module (#134) + migrate-lp-user-to-github: ensure Launchpad repo exists (#136) + docs: add initial troubleshooting to FAQ (#104) [Joshua Powers] + doc: update cc_set_hostname frequency and descrip (#109) [Joshua Powers] (LP: #1827021) + freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder] + cc_snappy: remove deprecated module (#127) + HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130) + freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder] + cloud-init: fix capitalisation of SSH (#126) + doc: update cc_ssh clarify host and auth keys [Joshua Powers] (LP: #1827021) + ci: emit names of tests run in Travis (#120) ==== curl ==== Version update (7.71.1 -> 7.72.0) Subpackages: libcurl4 - Update to 7.72.0 [bsc#1175109, CVE-2020-8231] * Changes: - content_encoding: add zstd decoding support - CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream - CURLINFO_EFFECTIVE_METHOD: added * Bugfixes: - CVE-2020-8231: libcurl: wrong connect-only connection - curl-config: ignore REQUIRE_LIB_DEPS in --libs output - curl: improve the existing file check with -J - curl_multi_setopt: fix compiler warning "result is always false" - curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated - docs: Add video link to docs/CONTRIBUTE.md - docs: clarify MAX_SEND/RECV_SPEED functionality - ftp: don't do ssl_shutdown instead of ssl_close - ftpserver: don't verify SMTP MAIL FROM names - getinfo: reset retry-after value in initinfo - gnutls: repair the build with 'CURL_DISABLE_PROXY' - gtls: survive not being able to get name/issuer - h2: repair trailer handling - http2: close the http2 connection when no more requests may be sent - http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages - libssh2: s/ssherr/sftperr/ - mprintf: Fix dollar string handling - mprintf: Fix stack overflows - multi_remove_handle: close unused connect-only connections - ngtcp2: adapt to error code rename - ngtcp2: adjust to recent sockaddr updates - ngtcp2: update to modified qlog callback prototype - ntlm: free target_info before (re-)malloc - page-header: provide protocol details in the curl.1 man page - quiche: handle calling disconnect twice - setopt: unset NOBODY switches to GET if still HEAD - smtp_parse_address: handle blank input string properly - socks: use size_t for size variable - tls-max.d: this option is only for TLS-using connections - tlsv1.3.d. only for TLS-using connections - tool_getparam: make --krb option work again - transfer: fix data_pending for builds with both h2 and h3 enabled - transfer: fix memory-leak with CURLOPT_CURLU in a duped handle - transfer: move retrycount from connect struct to easy handle - url: fix CURLU and location following ==== dbus-1 ==== Version update (1.12.16 -> 1.12.20) Subpackages: libdbus-1-3 - Update to 1.12.20 * On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) - From 1.12.18 * CVE-2020-12049: If a message contains more file descriptors than can be sent, close those that did get through before reporting error. Previously, a local attacker could cause the system dbus-daemon (or another system service with its own DBusServer) to run out of file descriptors, by repeatedly connecting to the server and sending fds that would get leaked. Thanks to Kevin Backhouse of GitHub Security Lab. (dbus#294, GHSL-2020-057; Simon McVittie) * Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) * The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 (fd.o #48816, dbus!115; Chris Morin) * Fix a wrong environment variable name in dbus-daemon(1) (dbus#275, dbus!122; Mubin, Philip Withnall) * Fix formatting of dbus_message_append_args example (dbus!126, Felipe Franciosi) * Avoid a test failure on Linux when built in a container as uid 0, but without the necessary privileges to increase resource limits (dbus!58, Debian #908092; Simon McVittie) * When building with CMake, cope with libX11 in a non-standard location (dbus!129, Tuomo Rinne) - Run spec-cleaner - Move generation of API docs to a separate package, avoid doxygen dependency for building main package. - Build x11 and devel-doc (API doc) using _multibuild. - Drop no longer required call to autoreconf, remove obsolete BuildRequires for libtool and autoconf-archive. ==== efivar ==== - Do not partition LTO as we may reach new GAS error: Error: invalid attempt to declare external version name as default in symbol `efi_set_variable@@LIBEFIVAR_0.24' ==== etcd ==== Version update (3.4.3 -> 3.4.10) - Update to version 3.4.10 [CVE-2020-15106][boo#1174951]: * version: 3.4.10 * Documentation: note on data encryption * etcdserver: change protobuf field type from int to int64 (#12000) * pkg: consider umask when use MkdirAll * etcdmain: let grpc proxy warn about insecure-skip-tls-verify * etcdmain: fix shadow error * pkg/fileutil: print desired file permission in error log * pkg: Fix dir permission check on Windows * auth: Customize simpleTokenTTL settings. * mvcc: chanLen 1024 is to biger,and it used more memory. 128 seems to be enough. Sometimes the consumption speed is more than the production speed. * auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. * etcdmain: fix shadow error * doc: add TLS related warnings * etcdserver:FDUsage set ticker to 10 minute from 5 seconds. This ticker will check File Descriptor Requirements ,and count all fds in used. And recorded some logs when in used >= limit/5*4. Just recorded message. If fds was more than 10K,It's low performance due to FDUsage() works. So need to increase it. * clientv3: cancel watches proactively on client context cancellation * wal: check out of range slice in "ReadAll", "decoder" * etcdctl, etcdmain: warn about --insecure-skip-tls-verify options * Documentation: note on the policy of insecure by default * etcdserver: don't let InternalAuthenticateRequest have password * auth: a new error code for the case of password auth against no password user * Documentation: note on password strength * etcdmain: best effort detection of self pointing in tcp proxy * Discovery: do not allow passing negative cluster size * wal: fix panic when decoder not set * embed: fix compaction runtime err * pkg: check file stats * etcdserver, et al: add --unsafe-no-fsync flag * version: 3.4.9 * wal: add TestValidSnapshotEntriesAfterPurgeWal testcase * wal: fix crc mismatch crash bug * rafthttp: log snapshot download duration * version: 3.4.8 * rafthttp: improve snapshot send logging * *: make sure snapshot save downloads SHA256 checksum * etcdserver/api/snap: exclude orphaned defragmentation files in snapNames * etcdserver: continue releasing snap db in case of error * etcdserver,wal: fix inconsistencies in WAL and snapshot * cherry pick of #11564 (#11880) * mvcc: fix deadlock bug * auth: optimize lock scope for CheckPassword * auth: ensure RoleGrantPermission is compatible with older versions * etcdserver: print warn log when failed to apply request * auth: cleanup saveConsistentIndex in NewAuthStore * auth: print warning log when error is ErrAuthOldRevision * auth: add new metric 'etcd_debugging_auth_revision' * tools/etcd-dump-db: add auth decoder, optimize print format * *: fix auth revision corruption bug * etcdserver: watch stream got closed once one request is not permitted (#11708) * version: 3.4.7 * wal: add "etcd_wal_writes_bytes_total" * pkg/ioutil: add "FlushN" * test: auto detect branch when finding merge base * mvcc/kvstore:when the number key-value is greater than one million, compact take too long and blocks other requests * version: 3.4.6 * lease: fix memory leak in LeaseGrant when node is follower * version: 3.4.5 * words: whitelist "racey" * Revert "version: 3.4.5" * words: whitelist "hasleader" * version: 3.4.5 * etcdserver/api/v3rpc: handle api version metadata, add metrics * clientv3: embed api version in metadata * etcdserver/api/etcdhttp: log server-side /health checks * proxy/grpcproxy: add return on error for metrics handler * etcdctl: fix member add command * version: 3.4.4 * etcdserver: fix quorum calculation when promoting a learner member * etcdserver: corruption check via http * mvcc/backend: check for nil boltOpenOptions * mvcc/backend: Delete orphaned db.tmp files before defrag * auth: correct logging level * e2e: test curl auth on onoption user * auth: fix NoPassWord check when add user * auth: fix user.Options nil pointer * mvcc/kvstore:fixcompactbug * mvcc: update to "etcd_debugging_mvcc_total_put_size_in_bytes" * mvcc: add "etcd_mvcc_put_size_in_bytes" to monitor the throughput of put request. * clientv3: fix retry/streamer error message * etcdserver: wait purge file loop during shutdown * integration: disable TestV3AuthOldRevConcurrent * etcdserver: remove auth validation loop * scripts/release: list GPG key only when tagging is needed ==== ethtool ==== Version update (5.7 -> 5.8) - update to new upstream release 5.8 * netlink handler for device features * netlink handler for private flags * netlink handler for ring sizes * netlink handler for channels counts * netlink handler for coalescing parameters * netlink handler for pause parameters * netlink handler for EEE settings * netlink handler for timestamping info * master/slave configuration support * LINKSTATE SQI support * cable test support * cable test TDR support * JSON output for cable test commands * igc driver support * support for get/set ethtool_tunable * dsa: mv88e6xxx: add pretty dump for 88E6352 SERDES * fix some build warnings - drop patches present in 5.8 release: * netlink-fix-build-warnings.patch * netlink-fix-error-message-suppression.patch * netlink-fix-unwanted-switch-fall-through-in-family_i.patch - ethtool.keyring: add new upstream maintainer's key (F4554567B91DE934) ==== filesystem ==== - Ignore init.d/*.local ghost files from aaa_base and remove /etc/init.d (it's part of insserv-compat since a long time) [jsc#SMO-14] ==== findutils ==== - findutils.keyring: Update GPG keys of Bob Proulx. Prompted by an error of 'osc service localrun download_files'. ==== flannel ==== Version update (0.11.0 -> 0.12.0) - update to 0.12.0: * fix deleteLease * Use publicIP lookup iface if --public-ip indicated * kubernetes 1.16 cni error * Add cniVersion to general CNI plugin configuration. * Needs to clear NodeNetworkUnavailable flag on Kubernetes * Replaces gorillalabs go-powershell with bhendo/go-powershell * Make VXLAN device learning attribute configurable * change nodeSelector to nodeAffinity and schedule the pod to linux node * This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap * EnableNonPersistent flag for Windows Overlay networks * snap package. * Update lease with DR Mac * main.go: add the "net-config-path" flag * Deploy Flannel with unprivileged PSP * Enable local host to local pod connectivity in Windows VXLAN * Update hcsshim for HostRoute policy in Windows VXLAN ==== fuse ==== Version update (2.9.8 -> 2.9.9) - update to 2.9.9: * Added OpenAFS to whitelist (so users can now mount FUSE filesystems on mountpoints within OpenAFS filesystems). * Added a test of seekdir to test_syscalls. * Fixed readdir bug when non-zero offsets are given to filler and the filesystem client, after reading a whole directory, re-reads it from a non-zero offset e. g. by calling seekdir followed by readdir. ==== fuse-overlayfs ==== Version update (1.1.0 -> 1.1.2) - udpate to 1.1.2 - fix build issues with libmusl. - fix memory leak when creating whiteout files. - fix lookup for overflow uid when it is different than the overflow gid. ==== fuse3 ==== Version update (3.9.2 -> 3.9.3) - Update to version 3.9.3 * Minor bugfixes, documentation updates ==== gcc10 ==== Version update (10.2.1+git465 -> 10.2.1+git501) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to gcc-10 branch head (dda1e9d08434def88ed86557d0), git501. * Includes fix for AARCH64 kernel build failure. [bsc#1174817] * Includes aarch64 SLS mitigation changes. [bsc#1172798, CVE-2020-13844] - Add gcc10-streamer-backports1.patch and gcc10-streamer-backports2.patch. - Enable x86 CET runtime for SLES15 and Leap15 also. - Do not enable the now deprecated HSA offloading capability. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Make grub-calloc inline to avoid symbol not found error as the system may not use updated grub to boot the system (bsc#1174782) (bsc#1175060) (bsc#1175036) * 0001-kern-mm.c-Make-grub_calloc-inline.patch ==== helm ==== Version update (3.2.4 -> 3.3.0) - Update to version 3.3.0: * Fix issue with install and upgrade running all hooks * bump version to v3.3 * fix(template):Issue:helm template with --output-dir (#8156) * Adding v4 link * Updating for today's actual milestone practices * fix(cmd): display warnings on stderr * Determine chart digest by manifest (#8249) * Fix some go-lint warnings * Fix golint issue * feat(comp): Complete revision for rollback command * fix template command use --show-only flags error in windows environment * version bump * remove s390x arch check * feat(comp): Provide completion for --version flag * chore(Makefile): Remove unused variable * Improve the extractor and add tests (#8317) * Add HelmVersion to Capabilities * feat(cmd): Subcommands for the completion command * fix(chartutil): do not set helpers.tpl filetype for vim * Add unit test case * feat(comp): Move custom completions to Cobra 1.0 * fix(doc): generic description for --version/verify * Fix description is ignore when installed with upgrade * Add unit test for man-in-the-middle attack on pull * chore(helm): Avoid confusion in command usage * Fix crashing `helm chart list` with large list * Show errors when linting for Chart.yaml version and appVersion fields of type non-string * ref(tests): localize unit test fixtures to package * Fix issue with unhandled error on Stat * Removing legacy completions.bash file * Using flags instead of persistent flags on status * Removing tiller language * Added s390x support * add kind_sorter support for SecretList * Fix unit test * Fix repo cache setting * Update the Helm version docs * Revert "group command for easy read" * Catching a potential panic in strval parsing * Recovering from panic that can occur with make * Fixing error with strvals parsing * ref(pkg/chartutil): use minimal in-memory fixtures * feat: Detect missing selector during lint * Add new line to fix code formatting in doc * fix(comp): Prepare plugin completion for Cobra 1.0 * feat(test): Update golangci-lint to 1.27.0 * chore(*): Fix formatting * Fixing PAX Header handling (#8086) * fix: upgrade using --force shoud not run patch logic (#8000) * feat(getter): add timeout option (#7950) * fix security mailing list address * bump DefaultCapabilities to 1.18 * bump to kubernetes 1.18.2 * scripts: do not use optional 'which' command in get-helm installation (#8048) * feat: make the linter coalesce the passed-in values before running values tests (#7984) * Removed scheme * Fixes repo parsing * Fixes repo parsing * Set DisableCompression to true to disable unwanted httpclient transformation * Update lint deprecation list * refactor: alter constant `pluginFileName` to `PluginFileName` * Fixing argument to be lower case * docs: fix capitalization in a few help messages * bump version to v3.2 * fix: removed strict template errors in linter (#8017) * Add checking of length of resourceList before creating of deleting * fix: use correct regular expression for Kubernetes names (#8013) * feat: implement deprecation warnings in helm lint (#7986) * added option --insecure-skip-tls-verify for helm install, addresses #7875 * added option --insecure-skip-tls-verify for helm pull, addresses #7875 * polish to keep the same log style * Fix markdown table in helm command doc * feat: lint the names of templated resources (#8011) * Adding Helm env vars where XDG exposed * Fix : Prints empty list in json/yaml is no repositories are present (#7949) * Updating CONTRIBUTING to match current practice * Adding PR template from dev-v2 branch * Add unit test for pkg/chart/chart.go * fix: write index.yaml file atomically (#7954) * test: add test for bom test data integrity * Fixing docs from version to appVersion (#7975) * Modify Circle config to use Go 1.14 (#7980) * fix(pkg/cli): ensure correct configuration from kubeconfig file * fix(cmd/env): make helm env command respect cli flags (#7978) * fix(*): remove bom in utf files when loading chart files (#6081) * Helm upgrades with --reuse-values and nil user values -- with tests (#7959) * fix(pkg/plugin): copy plugins directly to the data directory (#7962) * fix linting error with lookup function (#7969) * Parse reference templates in predictable order (#7702) * group command for easy read * fs_test: use os.Getuid() instead user.Current() to determine if a test is executed with root privileges. * fix(helm): allow a previously failed release to be upgraded (#7653) * Updating get stripts to skip pre-releases * fix(pkg/kube): continue deleting objects when one fails * Add comments about release Version variable * fixed to mirror master * removed panic, and replaced with error * fix test * added config file string * Fix a typo "update" -> "updates" (#7346) * fix(cmd): Fixes logging on action conf init error (#6909) * Remove duplicated words (#7336) ==== ima-evm-utils ==== Version update (1.3 -> 1.3.1) Subpackages: evmctl libimaevm2 - Update to version 1.3.1 * "--pcrs" support for per crypto algorithm * Drop/rename "ima_measurement" options * Moved this summary from "Changelog" to "NEWS", removing requirement for GNU empty files * Distro build fixes * Remove 0001-pcr_tss-Fix-compilation-for-old-compilers.patch (from this release) ==== installation-images-MicroOS ==== Version update (16.3 -> 16.8) - merge gh#openSUSE/installation-images#408 - document default network repo location - 16.8 - merge gh#openSUSE/installation-images#407 - rename product release package 'SUSE_MicroOS' to 'SUSE-MicroOS' - rename 'SUSE_MicroOS' to 'SUSE-MicroOS' - 16.7 - merge gh#openSUSE/installation-images#406 - use $releasever in repo URL (bsc#1171018) - 16.6 - merge gh#openSUSE/installation-images#405 - rename MicroOSNG to "SUSE MicroOS" - 16.5 - merge gh#openSUSE/installation-images#401 - wicked started using /usr/libexec (bsc#1174957) - fix nokogiri update-alternatives handling - 16.4 ==== iputils ==== - Remove 2 old patches (iputils-sec-ping-unblock.diff, iputils-ping-interrupt.diff) Although not documented, they both belong to bsc#674304. Fix from 2011 was resolved upstream in commit 810dd7f ("ping,ping6: Unmask signals on start-up.") [1], released in s20121112. - Use %autosetup -p1 ==== irqbalance ==== Version update (1.6.0+git20200317.0348a3b -> 1.7.0) - update to 1.7.0: * Strlen checking for IRQBALANCE_BANNED_CPU env var * Typo cleanup in SOCKET_TMPFS * consolidation of numa node creation on non-numa systems * fix uninitialized use of package_mask in affinity setup * use num_online_cpus instead of core_count * fix a null ptr crash in do_one_cpu * make list searching common from glib * fix a calloc parameter bug * remove some unused variables * use g_list_free_full * remove redundant call to free_cl_opts * fix some resource leaks in main() * fix some use after free issues in check_for_irq_ban * fix resource leaks in irqballance-ui, and in add_one_node - remove Correct-capitalizing-in-service-file.patch: upstream ==== k9s ==== Version update (0.18.1 -> 0.21.7) - update to 0.21.7: - see https://github.com/derailed/k9s/releases ==== kernel-firmware ==== Version update (20200716 -> 20200807) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20200807 (git commit c331aa9c49ce): * amdgpu: update vega20 firmware for 20.30 * amdgpu: update vega12 firmware for 20.30 * amdgpu: update vega10 firmware for 20.30 * amdgpu: update renoir firmware for 20.30 * amdgpu: update raven2 firmware for 20.30 * amdgpu: update raven firmware for 20.30 * amdgpu: update picasso firmware for 20.30 * amdgpu: update navi14 firmware for 20.30 * amdgpu: update navi10 firmware for 20.30 * linux-firmware: update NXP SDSD-8997 firmware image * Mellanox: Add new mlxsw_spectrum firmware xx.2008.1036 * linux-firmware: Update AMD SEV firmware * QCA: Add correct bin file for WCN3991 - Still keep the revert of AMDGPU Picasso firmware due to the regression (bsc#1174278) - Move a big prestera firmware file in platform subpackage into the own subpackage, kernel-firmware-prestera - Update aliases from 5.8 kernel packages ==== kernel-source ==== Version update (5.7.11 -> 5.8.0) - config: armv7hl: Update to 5.8 - commit ede84e7 - config: armv6hl: Update to 5.8 - commit ecdaa95 - Fix for missing check in vgacon scrollback handling (bsc#1174205 CVE-2020-14331). Update to the latest findings/submission. - commit e91a540 - Update to 5.8 final - refresh configs (headers only) - commit c02ba5f - Linux 5.7.12 (bnc#1012628). - regmap: debugfs: check count when read regmap file (bnc#1012628). - io_uring: ensure double poll additions work with both request types (bnc#1012628). - tipc: allow to build NACK message in link timeout function (bnc#1012628). - udp: Improve load balancing for SO_REUSEPORT (bnc#1012628). - udp: Copy has_conns in reuseport_grow() (bnc#1012628). - sctp: shrink stream outq when fails to do addstream reconf (bnc#1012628). - sctp: shrink stream outq only when new outcnt < old outcnt (bnc#1012628). - AX.25: Prevent integer overflows in connect and sendmsg (bnc#1012628). - tcp: allow at most one TLP probe per flight (bnc#1012628). - rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA (bnc#1012628). - rtnetlink: Fix memory(net_device) leak when ->newlink fails (bnc#1012628). - qrtr: orphan socket in qrtr_release() (bnc#1012628). - net: udp: Fix wrong clean up for IS_UDPLITE macro (bnc#1012628). - net-sysfs: add a newline when printing 'tx_timeout' by sysfs (bnc#1012628). - net/sched: act_ct: fix restore the qdisc_skb_cb after defrag (bnc#1012628). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (bnc#1012628). - drivers/net/wan/x25_asy: Fix to make it work (bnc#1012628). - dev: Defer free of skbs in flush_backlog (bnc#1012628). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (bnc#1012628). - AX.25: Fix out-of-bounds read in ax25_connect() (bnc#1012628). - commit 9c98feb ==== krb5 ==== - Don't fail if %{_lto_cflags} is empty ==== kubernetes ==== Version update (1.18.6 -> 1.18.8) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump to kubernetes 1.18.8 and 1.17.11 ==== kubernetes1.17 ==== Version update (1.17.9 -> 1.17.11) - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib - Update to version 1.17.11: * [go1.13] Update to go1.13.15 * [go1.15] build: Update to k/repo-infra@v0.0.12 (supports go1.15.0) * Update others OWNERS files from master * Promote spiffxp to build/ approver * build: Update Debian base images * build: Remove Debian base image building * Update to json-patch 4.8.0 * Revert "Automated cherry pick of #93272: fix 68211: modified subpath configmap mount fails when" * Fix panic on /readyz * Azure: per VMSS, incremental VMSS VMs cache * add dashpole as kubelet approver * Fix instance not found issues when an Azure Node is recreated in a short time * Use local daemonset manifest for installing Nvidia drivers * fix: don't use docker config cache if it's empty * tests: Fixes Windows kubelet-stats test * update e2e test * autogen files update * fix 68211: modified subpath configmap mount fails when container restart * Update Golang to v1.13.14 * Add bazel_skylib_workspace to fix make bazel-test 'no matching toolchains found' error * Update repo-infra to v0.0.8 (to support go1.14.6 and go1.13.14) * build: Update to repo-infra@v0.0.5 to support go1.14.3 and go1.13.11 * Update to repo-infra v0.0.4 * Update bazel to 2.2.0 * fix: initial delay in mounting azure disk/file * Skip ensuring VMSS in pool for nodes which should be excluded from lb * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.9 * kubelet: Clear the podStatusChannel before invoking syncBatch * kubelet: Never restart containers in deleting pods * kubelet: Don't delete pod until all container status is available * kubelet: Preserve existing container status when pod terminated * Test that an always-fail container can't report the pod Succeeded * Fix range copy issue * Mark kubectl e2e tests that use deprecated features with [Deprecated] so they can be filtered out when skew tests are performed ==== kubernetes1.18 ==== Version update (1.18.6 -> 1.18.8) Subpackages: kubernetes1.18-client kubernetes1.18-kubeadm kubernetes1.18-kubelet kubernetes1.18-kubelet-common - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib - update url - Update to version 1.18.8: * [go1.13] Update to go1.13.15 * [go1.15] build: Update to k/repo-infra@v0.0.12 (supports go1.15.0) * Update others OWNERS files from master * Promote spiffxp to build/ approver * build: Update Debian base images * build: Remove Debian base image building * Update to json-patch 4.8.0 * Revert "Automated cherry pick of #89629: fix 68211: modified subpath configmap mount fails when" * Azure: per VMSS, incremental VMSS VMs cache * Fix panic on /readyz * add dashpole as kubelet approver * Fix instance not found issues when an Azure Node is recreated in a short time * Use local daemonset manifest for installing Nvidia drivers * Fix scheduler issue with nodetree additions * tests: Fixes Windows kubelet-stats test * Fix a bug whereby reusable CPUs and devices were not being honored * Simplify logic in devicemanager TopologyHint generation * Add AnySet() to topologymanager bitmask API * update e2e test * autogen files update * fix 68211: modified subpath configmap mount fails when container restart * Fix ListZonesInRegion() after client BasePath change * Update Golang to v1.13.14 * Add bazel_skylib_workspace to fix make bazel-test 'no matching toolchains found' error * Update repo-infra to v0.0.8 (to support go1.14.6 and go1.13.14) * build: Update to repo-infra@v0.0.5 to support go1.14.3 and go1.13.11 * Update to repo-infra v0.0.4 * Update bazel to 2.2.0 * fix: initial delay in mounting azure disk/file * Skip ensuring VMSS in pool for nodes which should be excluded from lb * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.6 * defaultpodtopologyspread: access listers in plugin instantiation ==== kured ==== Version update (1.4.3 -> 1.4.5) - Update to version 1.4.5: * document how releases are town wrt Helm bits * bump versions for 1.4.5 release * Use nindent, not indent * chart: update readme * Bump chart version * Add missing 'end' * Chart: Support extraEnvVars * update install instructions to use latest * update chart version * Prep for 1.4.4 release * bump and fix * split matchLabels template * restructured and improved service ==== less ==== Version update (562 -> 563) - update to 563: * Update Unicode tables. * Treat Hangul Jamo medial vowels and final consonants as zero width. * Display error message immediately when -o is toggled and input is not a pipe. * Fix regression: make screen repaint when "squished" and a no-movement command is given. * Fix erroneous EOF calculation when F command is interrupted. * Make WIN32C version include this fix from 551: Don't count lines in initial screen if using -X with -F. * Fix display bug in WIN32C version. * Fix memory corruption when built with libtermcap. * Support libtinfow. ==== libcap ==== Version update (2.32 -> 2.42) - Update to version 2.42: * Closed a potential issue with "libcap/psx" Go package and errno * Documentation updates * Minor optimization for cap_to_text() and (*cap.Set).String() * Discovered and added a missing function (*cap.Set).SetNSOwner() to achieve parity with libcap * Multiple fixes * Support Go module abstraction * A new kernel capability: CAP_BPF * Better support for cross-compilation * pam_cap now honors PAM_REINITIALIZE_CRED * implements cap_launch functionality ==== libevent ==== Version update (2.1.11 -> 2.1.12) - Update to 2.1.12 stable * buffer: do not pass NULL to memcpy() from evbuffer_pullup() * http: fix undefined-shift in EVUTIL_IS*_ helpers * Check error code of evhttp_add_header_internal() in evhttp_parse_query_impl() * http: fix EVHTTP_CON_AUTOFREE in case of timeout * evdns: Add additional validation for values of dns options * Fix memory corruption in EV_CLOSURE_EVENT_FINALIZE with debug enabled * increase segment refcnt only if evbuffer_add_file_segment() succeeds * evdns: fix a crash when evdns_base with waiting requests is freed * event_base_once: fix potential null pointer threat * http: do not assume body for CONNECT * evbuffer_add_file: fix freeing of segment in the error path * Fix checking return value of the evdns_base_resolv_conf_parse() * Support EV_CLOSED on linux for poll(2) * Parse IPv6 scope IDs. * evutil_time: detect and use _gmtime64_s()/_gmtime64() * bufferevent: allow setting priority on socket and openssl type * Fix EV_CLOSED detection/reporting * Revert "Warn if forked from the event loop during event_reinit()" ==== libressl ==== Version update (3.1.3 -> 3.1.4) Subpackages: libcrypto46 libssl48 libtls20 - Update to release 3.1.4 * TLS 1.3 client improvements: * Improve client certificate selection to allow EC certificates instead of only RSA certificates. * Do not error out if a TLSv1.3 server requests an OCSP response as part of a certificate request. * Fix SSL_shutdown behavior to match the legacy stack. The previous behaviour could cause a hang. * Fix a memory leak and add a missing error check in the handling of the key update message. * Fix a memory leak in tls13_record_layer_set_traffic_key. * Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes. * Ensure that only PSS may be used with RSA in TLSv1.3 in order to avoid using PKCS1-based signatures. * Add the P-521 curve to the list of curves supported by default in the client. ==== libyaml ==== Version update (0.2.4 -> 0.2.5) - update to 0.2.5: * Allow question marks in plain scalars in flow collections * Emitter: Don't output trailing space for empty scalar nodes * Emitter: Output space after an alias mapping key * Add -h and --flow (on|off|keep) to run-*-test-suite * Remove unnecessary include and malloc * Add specific files back to .gitignore * Output error position in run-parser-test-suite.c * A couple patches to improve test suite support ==== makedumpfile ==== - makedumpfile-sadump-Fix-failure-of-reading.patch: sadump: Fix failure of reading __per_cpu_load memory (bsc#1168798). ==== microos-tools ==== Version update (2.2 -> 2.4) - Update to version 2.4 - fixes for autorelabel in initrd - Use systemds tmpfiles.d/tmp.conf to relabel /tmp and cleanup /tmp after 10 days and /var/tmp after 30 days - Don't install tmp.mount.d/selinux.conf on Factory [bsc#1175379] - Add tmp.mount for SUSE MicroOS 5.0 [jsc#SMO-2] - Update to version 2.3 - SELinux support [jsc#SMO-15] - overwrite tmp.mount options with SELinux label for /tmp - Add generator to label mount points if required - Add dracut module to relabel core system if required - Add locale-check to reset locale to system default if the one set by SSH does not exist [bsc#1156175] - Set TMPDIR for salt to not use /tmp (preparation for noexec) ==== openldap2 ==== Version update (2.4.50 -> 2.4.51) - Drop obsolete, not working DB_CONFIG - Remove init.d header from start script, does not work - Use bash for start script as syntax is not POSIX sh supported - Remove UPDATE_NEEDED section in start script, does never match - Remove remaining rc.status usage in start script - updated to 2.4.51 - removed obsolete patch 0014-ITS-8650-fix-debug-usage.patch OpenLDAP 2.4.51 Release (2020/08/11) Added slapo-ppolicy implement Netscape password policy controls (ITS#9279) Fixed libldap retry loop in ldap_int_tls_connect (ITS#8650) Fixed libldap to use getaddrinfo in ldap_pvt_get_fqdn (ITS#9287) Fixed slapd to enforce singular existence of some overlays (ITS#9309) Fixed slapd syncrepl to not delete non-replicated attrs (ITS#9227) Fixed slapd syncrepl to correctly delete entries on resync (ITS#9282) Fixed slapd syncrepl to use replace on single valued attrs (ITS#9294, ITS#9295) Fixed slapd-perl dynamic config with threaded slapd (ITS#7573) Fixed slapo-ppolicy to expose the ppolicy control (ITS#9285) Fixed slapo-ppolicy race condition for pwdFailureTime (ITS#9302) Fixed slapo-ppolicy so it can only exist once per DB (ITS#9309) Fixed slapo-chain to check referral (ITS#9262) Build Environment Fix test064 so it no longer uses bashisms (ITS#9263) Contrib Fix default prefix value for pw-argon2, pw-pbkdf2 modules (ITS#9248) slapo-allowed - Fix usage of unitialized variable (ITS#9308) Documentation ldap_parse_result(3) - Document ldap_parse_intermediate (ITS#9271) ==== permissions ==== Version update (1550_20200727 -> 1550_20200811) Subpackages: chkstat permissions-config - Update to version 20200811: * regtest: support new getcap output format in libcap-2.42 * regtest: print individual test case errors to stderr ==== pigz ==== - Build with -fexceptions to get compiler/os specific (aka. sane) implementations of pthread_cleanup* routines. ==== pkgconf ==== Subpackages: libpkgconf3 pkgconf-m4 pkgconf-pkg-config - Add /usr/local paths to pkg-config(1) search path for non RPM builds (boo#1175039) ==== podman ==== Subpackages: podman-cni-config - Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib - Change hard requires for AppArmor to Recommends. They are not needed for runtime or with SELinux but already installed if AppArmor is used [jsc#SMO-15] - Add BuildRequires for pkg-config(libselinux) to build with SELinux support [jsc#SMO-15] ==== popt ==== Version update (1.16 -> 1.18) - Update to version 1.18: * fix an ugly and ancient security issue with popt failing to drop privileges on alias exec from a SUID/SGID program * perform rudimentary sanity checks when reading in popt config files * collect accumulated misc fixes (memleaks etc) from distros * convert translations to utf-8 encoding * convert old postscript documentation to pdf * dust off ten years worth of autotools sediment * reorganize and clean up the source tree for clarity * remove the obnoxious splint annotations from the sources - popt-alignment-checks.patch removed: contained in upstream - popt-libc-updates.patch changed: to be compatible with new version. ==== python-cffi ==== Version update (1.14.0 -> 1.14.1) - update to 1.14.1: * CFFI source code is now hosted on Heptapod. * Improved support for typedef int my_array_t[...]; with an explicit dot-dot-dot in API mode (issue #453) * Windows (32 and 64 bits): multiple fixes for ABI-mode call to functions that return a structure. * Experimental support for MacOS 11 on aarch64. * and a few other minor changes and bug fixes. ==== python-ordered-set ==== - Replace Source URL with the standard one ==== python-rpm-macros ==== Version update (20200714.252de1f -> 20200806.f44d3ac) - Update to version 20200806.f44d3ac: * fix unittest macros ==== python38 ==== Version update (3.8.4 -> 3.8.5) - Update to version 3.8.5: - bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(?). - bpo-41295: Resolve a regression in CPython 3.8.4 where defining ?__setattr__? in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types. - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. - bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). - bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel() - bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan. - bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4. - Few minor fixes for the non-primary-interpreter option found in py3.9 ==== python38-core ==== Version update (3.8.4 -> 3.8.5) Subpackages: libpython3_8-1_0 python38-base - Update to version 3.8.5: - bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(?). - bpo-41295: Resolve a regression in CPython 3.8.4 where defining ?__setattr__? in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types. - bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing. - bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907, bsc#1174091). - bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel() - bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan. - bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4. - Few minor fixes for the non-primary-interpreter option found in py3.9 ==== rook ==== Version update (1.3.4+git0.ga5114030 -> 1.4.0+git0.g801c5934) - Update to v1.4.0: * Ceph-CSI 3.0 is deployed by default * Multi Architecture docker images are published (amd64 and arm64) * Create/Delete beta snapshot for RBD, while support for Alpha snapshots is removed. * Create PVCs from RBD snapshots and PVCs * Support ROX volumes for RBD and CephFS * The dashboard for the ceph object store will be enabled if the dashboard module is enabled. * An admission controller enhances CRD validations (Experimental) * The admission controller is not enabled by default. * Support for Ceph CRDs is provided. Some validations for CephClusters are included and a framework for additional validations is in place for other CRDs. * RGW Multisite is available through new CRDs for zones, zone groups, and realms. (Experimental) * CephObjectStore CRD changes: * Health displayed in the Status field * Run health checks on the object store endpoint by creating a bucket and writing to it periodically. * The endpoint is stored for reference in the Status field * OSD changes: * OSDs on PVC now support multipath and crypt device types. * OSDs on PVC can now be encrypted by setting encrypted: true on the storageClassDeviceSet. * OSDs can now be provisioned using Ceph's Drive Groups definitions for Ceph Octopus v15.2.5+. * OSDs can be provisioned on the device path such as /dev/disk/by-path/pci-HHHH:HH:HH.H with colons (:) * A new CephRBDMirror CR will configure the RBD mirroring daemons. The RBD mirror settings were previously included in the CephCluster CR. * Multus support is improved, though still in experimental mode * Added support for the Whereabouts IPAM * CephCluster CRD changes: * Converted to use the controller-runtime framework * Added settings to configure health checks as well as pod liveness probes. * CephBlockPool CRD has a new field called parameters which allows to set any Ceph pool property on a given pool * OBC changes: * Updated the lib bucket provisioner version to support multithreading * Added support for quota, have options for object count and total size. * Prometheus monitoring for external clusters is now possible, refer to the external cluster section * The operator will check for the presence of the lvm2 package on the host where OSDs will run. If not available, the prepare job will fail. This will prevent issues of OSDs not restarting on node reboot. * Added a new label ceph_daemon_type to Ceph daemon pods. * Added a toolbox job example for running a script with Ceph commands, similar to running commands in the Rook toolbox. ==== rsync ==== Version update (3.2.2 -> 3.2.3) - Updated to version 3.2.3 * Fixes a memory usage regression introduced in 3.2.2 * Too many changes to list, see included NEWS.md file. - acls.diff, time-limit.diff and xattrs.diff are now upstream. - Drop rsync-add_back_use_slp_directive.patch, included in upstream slp.diff - Add BR on c++_compiler needed for SIMD support - Add --enable-simd configure option on x86_64 - Change BR on xxhash-devel to pkgconfig(libxxhash) and depend on xxhash >= 0.8.0 since this is needed for XXH3 - Use xxhash only on suse_version >= 1550 since xxhash 0.8.0 is not available elsewhere. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Require /usr/bin/python instead of /bin/python for RHEL-family (bsc#1173936) - Don't install SuSEfirewall2 service files in Factory - Fix __mount_device wrapper to accept separate args and kwargs - Added: * fix-__mount_device-wrapper-254.patch ==== sqlite3 ==== Version update (3.32.3 -> 3.33.0) - SQLite 3.33.0: * Support for UPDATE FROM following the PostgreSQL syntax * Increase the maximum size of database files to 281 TB * Extend the PRAGMA integrity_check statement so that it can optionally be limited to verifying just a single table and its indexes, rather than the entire database file. * Add the decimal extension for doing arbitrary-precision decimal arithmetic * Enhancements to the ieee754 extension for working with IEEE 754 binary64 numbers * cli: Add four new output modes: "box", "json", "markdown", and "table" * cli: The "column" output mode automatically expands columns to contain the longest output row and automatically turns ".header" on if it has not been previously set * cli: The "quote" output mode honors ".separator" * cli: The decimal extension and the ieee754 extension are built-in to the CLI * multiple query planner improvements ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Build sssd's KCM. ==== transactional-update ==== Version update (2.23 -> 2.24.1) Subpackages: transactional-update-zypp-config - Version 2.24.1 - SELinux: adjust labels for etc, fstab and grub.cfg - Version 2.24 - Add partial SELinux support ==== u-boot-rpiarm64 ==== Subpackages: u-boot-rpiarm64-doc - Use python3 for pyelftools ==== vim ==== Version update (8.2.1253 -> 8.2.1412) Subpackages: vim-data-common vim-small - Updated to version 8.2.1412, fixes the following problems - refreshed vim-7.4-highlight_fstab.patch * CTRL-K in Insert mode gets inserted. (Roland Puntaier) * MS-Windows: regexp test may fail if 'iskeyword' set wrongly. * Cannot use a lambda with quickfix functions. * Vim9: type wrong after getting dict item in lambda. * Vim9: list unpack doesn't work at the script level. * CursorHold does not work well.a (Shane-XB-Qian) * Empty group in 'tabline' may cause using an invalid pointer. * There is no good test for CursorHold. * Vim9: common type of function not tested. * src/ex_cmds.c file is too big. * Vim9: comperators use 'ignorecase' in Vim9 script. * Terminal getwinpos() test is a bit flaky. * Crash with EXITFREE when split() fails. * Makefile preferences were accidentally included. * Vim9: no error for using double quote comment after :func or :def. * Language and locale code spread out. * Vim9: not skipping over function type declaration with only a return type. * Vim9: Error for Funcref function argument type. * Vim9: type not checked if declaration also assigns value. * Vim9: no error for missing white space in assignment at script level. * Vim9: compiler warning for buffer size. * Tests on Travis do not run with EXITFREE. * Vim9: line break after "->" only allowed in :def function. * Some tests on Travis have EXITFREE duplicated. * Ex command error cannot contain an argument. * The "trailing characters" error can be hard to understand. * Vim9: crash when using CheckScriptFailure() in Test_vim9script_call_fail_decl(). * Vim9: error for misplaced -> lacks argument. * Vim9: skipping over type includes following white space, leading to an error for missing white space. * Vim9: argument types are not checked on assignment. * Vim9: No error when using a type to a window variable * Vim9: crash when using an imported function. * Vim9: cannot use mark in range. * Crash when using a custom completion function. * Vim9: cannot replace a global function. * Vim9: type of varargs items is not checked. * AIDL filetype not recognized. * Vim9: :execute mixes up () expression and function call. * Vim9: error when using vim9script in TextYankPost. * Tests 44 and 99 are old style. * Some part of using 'smarcase' was not tested. * When a test fails it's often not easy to see what the call stack is. * Compiler warning for unused argument in small version. * Compiler warning for using size_t for int and void pointer. * Vim9: optional argument type not parsed properly. * Vim9: varargs argument type not parsed properly. * Vim9: varargs arg after optional arg does not work * Calling popup_setoptions() resets 'signcolumn'. * Debug backtrace isn't tested much. * Some tests are still old style. * Checking for first character of dict key is inconsistent. * popup window width does not include number, fold of sign column width. * Vim9: accidentally using "x" causes Vim to exit. * Build failure with tiny version. * Configure with Xcode 12 fails to check for tgetent. * Test failures with legacy Vim script. * Vim9 script: cannot assign to environment variable. * Vim9: rule for comment after :function is confusing. * Vim9: cannot declare some single letter variables. * Vim9: method on double quoted string doesn't work. * Vim9: invalid operators only rejected in :def function. * Vim9: line break after "=" does not work. * Vim9: using Vim9 script for autaload not tested. * Vim9: skipping over white space after list. * No space allowed before comma in list. * Vim9: cannot define global function inside :def function. * Vim9: :echo with two lists doesn't work. * Vim9: memory leak when using nested global function. * Vim9: memory leak when using nested global function. * Github workflow timeout needs tuning * CTRL-C in the GUI doesn't interrupt. (Sergey Vlasov) * Build failure on non-Unix systems. * Vim9: cannot use empty key in dict assignment. * Vim9: assigning to script-local variable doesn't check type. * Vim9: assigning to global dict variable doesn't work. * Some tests fail on Cirrus CI and/or with FreeBSD. * Build failures. * Vim9: accidentally using "x" gives a confusing error. * Vim9: cannot find global function when using g: when local function with the same name exists. * Vim9: No test for trying to redefine global function. * Redraw error when using visual block and scroll. * Small build fails. * Cannot easily get the script ID. * Build failure without the eval feature. * Vim9: can define a function with the name of an import. * Vim9: no test for error message when redefining function. * Vim9: no proper error if using namespace for nested function. * Vim9: no error for shadowing a script-local function by a nested function. * Crash when drawing double-wide character in terminal window. (Masato Nishihata) * Vim9: no error using :let for options and registers. * Vim9: cannot get the percent register. * Vim9: cannot assign to / register. * Vim9: test fails with +dnd is not available. * Vim9: cannot assign to / register in Vim9 script. * Stray error for white space after expression. * Error for white space after expression in assignment. * Last entry of ":set term=xxx" overwritten by error message when 'cmdheight' is two or more. (Tony Mechelynck) * Test trying to run terminal when it is not supported. * Invalid memory access when searching for raw string. * Vim9: no error for missing white space around operator. * Test 49 is old style. * Vim9: no error for missing white space around operator. * Vim9: no error for assigning to non-existing script var. * Vim9: error for assigning empty list to script variable. * Vim9: method name with digit not accepted. * Vim9: expression mapping causes error for using :import. * Triggering the ATTENTION prompt causes typeahead to be messed up. * Cannot put space between function name and paren. * Curly braces expression ending in " }" does not work. * Vim9: return type of getreg() is always a string. * Vim9: using :import in filetype plugin gives an error. * Test 49 is old style. * No ATTENTION prompt for :vimgrep first match file. * No testing on ARM. * Backslash not removed afer space in option with space in 'isfname'. * Vim9: cannot assign to single letter variable with type. * Vim9: += only works for numbers. * File missing from the distribution. * Vim9: type error after storing an option value. * Vim9: no error for shadowing a script function. * Vim9: error line number incorrect after skipping over comment lines. * Insufficient testing for script debugging. * Vim9: compiling a function interferes with command modifiers. * Vim9: no error if declaring a funcref with a lower case letter. * Vim9: no error for unexpectedly returning a value. * Vim9: return type of maparg() not adjusted for fourth argument. * Autoload script sourced twice if sourced directly. * Vim9: may find imported item in wrong script. * Vim9: test does not delete written files. * Cannot jump to the last used tabpage. * s390x tests always fail. * Vim9: Vim highlighting fails in cmdline window if it uses Vim9 commands. * Vim9: script test fails in the GUI. * Vim9: vim9compile.c is getting too big. * Popupwindow lacks scrollbar if no "maxheight" is used. * Vim9: type of list and dict only depends on first item. * Vim9: type casting not supported. * Nmpmrc and php.ini filetypes not recognized. * Adding compiler plugin requires test change. * when splitting a window localdir is copied but prevdir is not. * Vim: not operator does not result in boolean. ==== xfsprogs ==== - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== zlib ==== - Permit a deflateParams() parameter change as soon as possible(bsc#1174736) * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch Fix DFLTCC not flushing EOBS when creating raw streams(bsc#1174551) * bsc1174551-fxi-imcomplete-raw-streams.patch