Packages changed: grub2 (2.02 -> 2.04) hwdata (0.330 -> 0.331) kernel-firmware (20191118 -> 20200107) podman (1.6.4 -> 1.7.0) transactional-update (2.20 -> 2.20.1) === Details === ==== grub2 ==== Version update (2.02 -> 2.04) Subpackages: grub2-arm64-efi grub2-snapper-plugin - Correct awk pattern in 20_linux_xen (bsc#900418, bsc#1157912) - Correct linux and initrd handling in 20_linux_xen (bsc#1157912) M grub2-efi-xen-cfg-unquote.patch M grub2-efi-xen-chainload.patch M grub2-efi-xen-cmdline.patch M grub2-efi-xen-removable.patch - Disable btrfs zstd support for i386-pc to workaround core.img too large to be embedded in btrfs bootloader area or MBR gap (boo#1154809) * 0001-btrfs-disable-zstd-support-for-i386-pc.patch - Fix grub2.sleep to load old kernel after hibernation (boo#1154783) - Enable support for riscv64 - Backports from upstream: * risc-v-fix-computation-of-pc-relative-relocation-offset.patch * risc-v-add-clzdi2-symbol.patch * grub-install-define-default-platform-for-risc-v.patch - Version bump to 2.04 * removed - translations-20170427.tar.xz * grub2.spec - Make signed grub-tpm.efi specific to x86_64-efi build, the platform currently shipped with tpm module from upstream codebase - Add shim_lock to signed grub.efi in x86_64-efi build - x86_64: linuxefi now depends on linux, both will verify kernel via shim_lock - Remove translation tarball and po file hacks as it's been included in upstream tarball * rediff - grub2-setup-try-fs-embed-if-mbr-gap-too-small.patch - grub2-commands-introduce-read_file-subcommand.patch - grub2-secureboot-add-linuxefi.patch - 0001-add-support-for-UEFI-network-protocols.patch - grub2-efi-HP-workaround.patch - grub2-secureboot-install-signed-grub.patch - grub2-linux.patch - use-grub2-as-a-package-name.patch - grub2-pass-corret-root-for-nfsroot.patch - grub2-secureboot-use-linuxefi-on-uefi.patch - grub2-secureboot-no-insmod-on-sb.patch - grub2-secureboot-provide-linuxefi-config.patch - grub2-secureboot-chainloader.patch - grub2-s390x-01-Changes-made-and-files-added-in-order-to-allow-s390x.patch - grub2-s390x-02-kexec-module-added-to-emu.patch - grub2-s390x-04-grub2-install.patch - grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch - grub2-efi-chainloader-root.patch - grub2-ppc64le-disable-video.patch - grub2-ppc64-cas-reboot-support.patch - grub2-Fix-incorrect-netmask-on-ppc64.patch - 0003-bootp-New-net_bootp6-command.patch - 0006-bootp-Add-processing-DHCPACK-packet-from-HTTP-Boot.patch - 0012-tpm-Build-tpm-as-module.patch - grub2-emu-4-all.patch - grub2-btrfs-09-get-default-subvolume.patch - grub2-ppc64le-memory-map.patch - grub2-ppc64-cas-fix-double-free.patch - 0008-efinet-Setting-DNS-server-from-UEFI-protocol.patch * drop upstream patches - grub2-fix-locale-en.mo.gz-not-found-error-message.patch - grub2-fix-build-with-flex-2.6.4.patch - grub2-accept-empty-module.patch - 0001-Fix-packed-not-aligned-error-on-GCC-8.patch - 0001-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled-MMIO-da.patch - unix-exec-avoid-atexit-handlers-when-child-exits.patch - 0001-xfs-Accept-filesystem-with-sparse-inodes.patch - grub2-binutils2.31.patch - grub2-msdos-fix-overflow.patch - 0001-tsc-Change-default-tsc-calibration-method-to-pmtimer.patch - grub2-efi-Move-grub_reboot-into-kernel.patch - grub2-efi-Free-malloc-regions-on-exit.patch - grub2-move-initrd-upper.patch - 0002-Add-Virtual-LAN-support.patch - 0001-ofnet-Initialize-structs-in-bootpath-parser.patch - 0001-misc-fix-invalid-character-recongition-in-strto-l.patch - 0001-tpm-Core-TPM-support.patch - 0002-tpm-Measure-kernel-initrd.patch - 0003-tpm-Add-BIOS-boot-measurement.patch - 0004-tpm-Rework-linux-command.patch - 0005-tpm-Rework-linux16-command.patch - 0006-tpm-Measure-kernel-and-initrd-on-BIOS-systems.patch - 0007-tpm-Measure-the-kernel-commandline.patch - 0008-tpm-Measure-commands.patch - 0009-tpm-Measure-multiboot-images-and-modules.patch - 0010-tpm-Fix-boot-when-there-s-no-TPM.patch - 0011-tpm-Fix-build-error.patch - 0013-tpm-i386-pc-diskboot-img.patch - grub2-freetype-pkgconfig.patch - 0001-cpio-Disable-gcc9-Waddress-of-packed-member.patch - 0002-jfs-Disable-gcc9-Waddress-of-packed-member.patch - 0003-hfs-Fix-gcc9-error-Waddress-of-packed-member.patch - 0004-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch - 0005-acpi-Fix-gcc9-error-Waddress-of-packed-member.patch - 0006-usbtest-Disable-gcc9-Waddress-of-packed-member.patch - 0007-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch - 0008-efi-Fix-gcc9-error-Waddress-of-packed-member.patch - Consistently find btrfs snapshots on s390x. (bsc#1136970) * grub2-s390x-04-grub2-install.patch ==== hwdata ==== Version update (0.330 -> 0.331) - Update to version 0.331: * Updated pci, usb and vendor ids. ==== kernel-firmware ==== Version update (20191118 -> 20200107) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20200107 (git commit 67d4ff59bf33): * Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714 * radeon: update oland rlc microcode from amdgpu * amdgpu: update vega20 microcode for 19.50 * amdgpu: update vega12 microcode for 19.50 * amdgpu: update vega10 microcode for 19.50 * amdgpu: update picasso microcode for 19.50 * amdgpu: update raven2 microcode for 19.50 * amdgpu: update raven microcode for 19.50 * amdgpu: update navi10 microcode for 19.50 * amdgpu: update navi14 microcode for 19.50 * amdgpu: add TA microcode for Raven asics * qed: Add firmware 8.42.2.0 * Adjust WHENCE entry to check_whence doesn't complain * qcom: Switch SDM845 WLAN firmware * linux-firmware: add NXP firmware licence file - Update to version 20191220 (git commit 6871bffa79ed): * ath10k: WCN3990 hw1.0: add firmware WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1 * ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00070 * ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00047 * ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00070 * ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00047 * ath10k: QCA6174 hw3.0: update board-2.bin - Update to version 20191218 (git commit c4586ffaac0c): * linux-firmware: Update AMD cpu microcode * inside-secure: add new "mini" firmware for the EIP197 driver * WHENCE: Add raspberry-pi4 SDIO file * qcom: update venus firmware files for v5.4 * cxgb4: Update firmware to revision 1.24.11.0 * brcm: Add BCM43455 NVRAM for Raspberry Pi 4 B * qcom: Add SDM845 Compute DSP firmware * qcom: Add SDM845 Audio DSP firmware * qcom: Add SDM845 modem firmware - Update topics and aliases for 5.5 kernels ==== podman ==== Version update (1.6.4 -> 1.7.0) - Add: 0001-clarify-container-prune-force.patch to fix the --force flag for the "container prune" command. (https://github.com/containers/libpod/issues/4844) - Update podman to v1.7.0 * Features - Added support for setting a static MAC address for containers - Added support for creating macvlan networks with podman network create, allowing Podman containers to be attached directly to networks the host is connected to - The podman image prune and podman container prune commands now support the --filter flag to filter what will be pruned, and now prompts for confirmation when run without --force (#4410 and #4411) - Podman now creates CGroup namespaces by default on systems using CGroups v2 (#4363) - Added the podman system reset command to remove all Podman files and perform a factory reset of the Podman installation - Added the --history flag to podman images to display previous names used by images (#4566) - Added the --ignore flag to podman rm and podman stop to not error when requested containers no longer exist - Added the --cidfile flag to podman rm and podman stop to read the IDs of containers to be removed or stopped from a file - The podman play kube command now honors Seccomp annotations (#3111) - The podman play kube command now honors RunAsUser, RunAsGroup, and selinuxOptions - The output format of the podman version command has been changed to better match docker version when using the - -format flag - Rootless Podman will no longer initialize containers/storage twice, removing a potential deadlock preventing Podman commands from running while an image was being pulled (#4591) - Added tmpcopyup and notmpcopyup options to the --tmpfs and - -mount type=tmpfs flags to podman create and podman run to control whether the content of directories are copied into tmpfs filesystems mounted over them - Added support for disabling detaching from containers by setting empty detach keys via --detach-keys="" - The podman build command now supports the --pull and - -pull-never flags to control when images are pulled during a build - The podman ps -p command now shows the name of the pod as well as its ID (#4703) - The podman inspect command on containers will now display the command used to create the container - The podman info command now displays information on registry mirrors (#4553) * Bugfixes - Fixed a bug where Podman would use an incorrect runtime directory as root, causing state to be deleted after root logged out and making Podman in systemd services not function properly - Fixed a bug where the --change flag to podman import and podman commit was not being parsed properly in many cases - Fixed a bug where detach keys specified in libpod.conf were not used by the podman attach and podman exec commands, which always used the global default ctrl-p,ctrl-q key combination (#4556) - Fixed a bug where rootless Podman was not able to run podman pod stats even on CGroups v2 enabled systems (#4634) - Fixed a bug where rootless Podman would fail on kernels without the renameat2 syscall (#4570) - Fixed a bug where containers with chained network namespace dependencies (IE, container A using --net container=B and container B using --net container=C) would not properly mount /etc/hosts and /etc/resolv.conf into the container (#4626) - Fixed a bug where podman run with the --rm flag and without - d could, when run in the background, throw a 'container does not exist' error when attempting to remove the container after it exited - Fixed a bug where named volume locks were not properly reacquired after a reboot, potentially leading to deadlocks when trying to start containers using the volume (#4605 and [#4621]) - Fixed a bug where Podman could not completely remove containers if sent SIGKILL during removal, leaving the container name unusable without the podman rm --storage command to complete removal (#3906) - Fixed a bug where checkpointing containers started with --rm was allowed when --export was not specified (the container, and checkpoint, would be removed after checkpointing was complete by --rm) (#3774) - Fixed a bug where the podman pod prune command would fail if containers were present in the pods and the --force flag was not passed (#4346) - Fixed a bug where containers could not set a static IP or static MAC address if they joined a non-default CNI network (#4500) - Fixed a bug where podman system renumber would always throw an error if a container was mounted when it was run - Fixed a bug where podman container restore would fail with containers using a user namespace - Fixed a bug where rootless Podman would attempt to use the journald events backend even on systems without systemd installed - Fixed a bug where podman history would sometimes not properly identify the IDs of layers in an image (#3359) - Fixed a bug where containers could not be restarted when Conmon v2.0.3 or later was used - Fixed a bug where Podman did not check image OS and Architecture against the host when starting a container - Fixed a bug where containers in pods did not function properly with the Kata OCI runtime (#4353) - Fixed a bug where `podman info --format '{{ json . }}' would not produce JSON output (#4391) - Fixed a bug where Podman would not verify if files passed to - -authfile existed (#4328) - Fixed a bug where podman images --digest would not always print digests when they were available - Fixed a bug where rootless podman run could hang due to a race with reading and writing events - Fixed a bug where rootless Podman would print warning-level logs despite not be instructed to do so (#4456) - Fixed a bug where podman pull would attempt to fetch from remote registries when pulling an unqualified image using the docker-daemon transport (#4434) - Fixed a bug where podman cp would not work if STDIN was a pipe - Fixed a bug where podman exec could stop accepting input if anything was typed between the command being run and the exec session starting (#4397) - Fixed a bug where podman logs --tail 0 would print all lines of a container's logs, instead of no lines (#4396) - Fixed a bug where the timeout for slirp4netns was incorrectly set, resulting in an extremely long timeout (#4344) - Fixed a bug where the podman stats command would print CPU utilizations figures incorrectly (#4409) - Fixed a bug where the podman inspect --size command would not print the size of the container's read/write layer if the size was 0 (#4744) - Fixed a bug where the podman kill command was not properly validating signals before use (#4746) - Fixed a bug where the --quiet and --format flags to podman ps could not be used at the same time - Fixed a bug where the podman stop command was not stopping exec sessions when a container was created without a PID namespace (--pid=host) - Fixed a bug where the podman pod rm --force command was not removing anonymous volumes for containers that were removed - Fixed a bug where the podman checkpoint command would not export all changes to the root filesystem of the container if performed more than once on the same container (#4606) - Fixed a bug where containers started with --rm would not be automatically removed on being stopped if an exec session was running inside the container (#4666) * Misc - The fixes to runtime directory path as root can cause strange behavior if an upgrade is performed while containers are running - Updated vendored Buildah to v1.12.0 - Updated vendored containers/storage library to v1.15.4 - Updated vendored containers/image library to v5.1.0 - Kata Containers runtimes (kata-runtime, kata-qemu, and kata-fc) are now present in the default libpod.conf, but will not be available unless Kata containers is installed on the system - Podman previously did not allow the creation of containers with a memory limit lower than 4MB. This restriction has been removed, as the crun runtime can create containers with significantly less memory - Remove no longer needed workaround for *.5.md man page sources ==== transactional-update ==== Version update (2.20 -> 2.20.1) - Update to version 2.20.1 - Add missing documentation about --continue option - Avoid error message about missing fstab file on first snapshot creation. [boo#1160213]