Packages changed: NetworkManager (1.36.0 -> 1.36.2) busybox-links cockpit container-selinux (2.171.0 -> 2.180.0) cri-o (1.22.0 -> 1.23.2) cri-tools (1.22.0 -> 1.23.0) dbus-1 grep grub2 kernel-source (5.16.14 -> 5.16.15) kubernetes (1.23.0 -> 1.23.4) kubernetes1.22 (1.22.4 -> 1.22.7) kubernetes1.23 (1.23.0 -> 1.23.4) libepoxy (1.5.9 -> 1.5.10) libnvme (1.0~6 -> 1.0~7) librsvg (2.52.7 -> 2.52.8) libsigc++2 (2.10.7 -> 2.10.8) nvme-cli (2.0~6 -> 2.0~7) openSUSE-build-key p11-kit (0.23.22 -> 0.24.1) protobuf toolbox === Details === ==== NetworkManager ==== Version update (1.36.0 -> 1.36.2) Subpackages: libnm0 - Do not requires dhcp-client, NM is using its internal client by default for a long time now. - Convert iproute2 and iputils requires to recommends, they should not be hard requires. - Update to version 1.36.2: + When the list of plugins is not specified via "main.plugins" in NetworkManager.conf and no build-time default is set with "--with-config-plugins-default" configure argument, now all known plugins found in the plugin directory are loaded (and the built-in "keyfile" plugin is preferred over others). + Preserve external ports during checkpoint rollback. + Fix removal of ovsdb entry when an OVS interface goes away. + Fix DNS configuration for WWAN connections. ==== busybox-links ==== Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed busybox-xz - replace copy from buildroot's gzip with a reimplementation that is not GPLv3 (jsc#PM-3301) ==== cockpit ==== Subpackages: cockpit-bridge cockpit-packagekit cockpit-system - re-add suse-microos-branding.patch from GitHub - add hide-docs.patch (bsc#1197003) - make package compatible with OBS version (bsc#1197224): * move branding images to distribution-logos-SLE package * re-add dependency on distribution-logos * remove branding patch and assets (suse-microos-branding.patch, suse-microos-branding.tar.gz); moved to GitHub fork * remove local __python3 macro * apply SLE specific patches only on SLE - add hide-pcp.patch to hide references to PCP (Performance Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp package is not included in SLE Micro 5.2 base and these parts require it. - change self-signed cert group from cockpit-wsintance to cockpit-ws on upgrade - update to new LTS version from openSUSE:Factory - port remove-pwscore.patch * remove dependency on pwscore (bsc#1182924) * remove password strenth indicator - port branding changes as suse-microos "theme" * remove suse_cockpit_assets.tar.gz * add suse-microos-branding.tar.gz * remove branding_tests.patch * add suse-microos-branding.patch - remove files not needed to build this version anymore * webpack-warnings-are-not-errors.patch * github_package.patch * nodejs_output_helper.bash - remove cockpit.permissions workaround (bsc#1169614) ==== container-selinux ==== Version update (2.171.0 -> 2.180.0) - Update to version 2.180.0 * Allow container domains to read/write kvm_device_t * Update kublet mappings to inlcude /usr/local/* * Allow container domains to use container runtime tcp and udp sockets * Alow containers to use unix_stream_sockets leaked from container runtimes * Allow userdomains to execute conmon_exec_t and use it as an entrypoint * Allow conmon_exec_t as an entrypoint * Add container_use_devices boolean to allow containers to use any device * Add explicit range transition for conmon * Add missing dbus class declaration into container_runtime_run() * Remove lockdown allow rules * Remove k3s fcontexts * Allow container domains to be used by user roles - Changed source url to allow for download via source service ==== cri-o ==== Version update (1.22.0 -> 1.23.2) Subpackages: cri-o-kubeadm-criconfig - Update to version 1.23.2: * config/sysctl: fail if there is a + in the value * Revert "config/sysctl: fail if there is a + in the value" * bump to version 1.23.2 * config/sysctl: fail if there is a + in the value * config/sysctls: validate against invalid spaces * server: stop deleting pod from idIndex if already gone * [1.23] ci: use kubernetes 1.23, cri-tools 1.23 * contrib/test/int/build/kubernetes: rm deprecated RunAsGroup * hack/build-rpms.sh: fix yum-builddep failures * image: use imageCache value for ImageStatus() * oci: fix a leaked goroutine * Reuse createContainerIO in CreateContainer * Fix vm containers couldn't restore after CRI-O restart * release-notes: add args for checksum fields * Updated format * Generate checksum files for artifacts * bump to v1.23.1 * test: add test for skipped sysctls * server: skip sysctls that would affect the host * server: don't set memory swap when it's not enabled * deep copy List{PodSandbox,Container} structs * ci: use main branch for conmon * server: fix race with kubelet * Fix runtime panic on pod sandbox stats retrieval * ci: use main version of runc * openshift e2e: bump ci image * server: fix a potential NULL-pointer dereference. * pass the main mount point to fix crypto profiles binding * test: update tests for allowed_devices * config: add AllowedDevices option * server: drop duplicate log message * test: add test ensuring a stopped pod is restored * sandbox stop: remove namespaces * restore: handle removed namespaces * Partially revert "restore: restore stop before managing namespace" * restore: ensure containers are wiped on reboot * use cmdrunner singleton * conmonmgr: refactor for new CommandRunner * cmdrunner: update mocks and add target to makefile * config: prepend commands with taskset if InfraCtrCPUSet is configured * cmdrunner: add tests for prepended commands * cmdrunner: create singleton * Use timeout for conmon cgroup move * Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels * vendor: bump c/image to 5.17.0 * Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases * unit test: fix relative log test * unit tests: update pinns path in case it isn't found in PATH * test: skip target tests for userns * test: add test for target namespace * add support for target PID namespaces * test: give testunit sudo * oci: add managed pidns to container object * pkg/container: take container namespace configuration * nsmgrtest: take some namespace related test code * nsmgr: add function to pin existing namespace * nsmgr: take (and rename) NamespacePathFromProc * pkg/sandbox: take config initialization * Bump Kubernetes to v1.23.0 * set user.max_user_namespaces in case it's not * lint: bump cyclo complexity * gh-actions/contrib: setup sub{g,u}id * docs: add tutorial for setting up user namespaces * oci: put conmon in infra ctr cpuset if it is in the pod cgroup * test: add tests for user namespace annotations * test: move workload creation function to helpers * cni manager: catch server shutdown * server: notify user when network isn't ready yet * stop using hardcoded "pod" const * oci: always reap conmon zombies * clarify some error messages * Drop intermediate CRI types * Relabel containerenv files * Add minimum_mappable_(u|g)id settings * Fix runtime panic on stats server shutdown * restore: restore stop before managing namespace * server: add {,List}SandboxStats * server: refactor sandbox list * server: use stats server to get container stats * container server: use stats server * stats: add stats server * config: add StatsCollectionPeriod field * cgmgr: move most of stats handling to cgmgr * oci: make changes in preparation for moving stats functionality: * server: stub {List,}PodSandboxStats * server/cri: add PodSandboxStats support * vendor: bump cri-api * server/cri: refactor to make stats processing unified * pkg/config: use iota * Add go 1.17+ go:build tags * Remove redundant build tags * Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic. * build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8 * config: merge runtime and workload allowed annotations * Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/) * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc * Specify runtime table format in the error message * build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0 * server: fix segfault when using cgroupv2 * gh-actions: add sed for kube e2e * release-notes: update to main * build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0 * build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc * Bug 2012838: fix override storage options from storage.conf * oci: fix deadlock in container stop code * build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0 * oci: always close chControl * oci: make some channels buffered * build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc * build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc * build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6 * Add annotation that makes /sys/fs/cgroup writable * Add support for CNI plugins v1.0.1 * bump(deps-opentelemetry) * pin go.opentelemetry grpc/otelgrpc v0.25.0 * opentelemetry: add gRPC tracing * build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0 * build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0 * version: bump to 1.23.0 * build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1 * build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0 * test: drop swap disable playbook * server: add support for CRI unified field * server: implement swap support * server/cri: add support for 1.22 features * test: bump cri-tools version * scripts: pin cri-tools version * server: reduce needless copying for sb.NamespaceOptions * oci: refactor internal structure to use CRI type * oci: use server CRI metadata type for containers * sandbox: refactor internal structure to use CRI type * sandbox: save createdAt as a int64 * build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2 * build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17 * build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1 * Bump Kubernetes to v1.22.2 * sandbox: use server CRI metadata type * docs: emphasize deprecation notice * update documentation for workloads * add allowed annotations to workloads * Log HTTP response writer message instead an error * oci: use c/common signal parsing function * Skip volume relabel for super privileged containers * oci: chown stdin pipe to user in the container * test: fix selinux test failures * build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * Fix runtime handler docs * build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1 * scripts: fix release branch forward script * server: FilterDisallowedAnnotations of containers earlier * server: conditionally relabel volumes given annotation * build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0 * test: refactor allowed_annotation tests * server: reduce args in addOCIBindMounts * build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 * test: add label for openshift e2e in dockerfile * build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7 * test: skip certificate check for downloading parallel * Remove usge of deprecated apt-key in Ubuntu install * Fix install.md links * build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0 * use a more appropriate console with code block * build(deps): bump k8s.io/api from 0.22.1 to 0.22.2 * build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2 * build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 * build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16 * build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2 * fix node e2e * build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0 * bump crio commit used by node e2e installer * server: mount cgroup if hostNetwork * server: use container level host network setting * server: don't recalculate hostnet * Fix typo in install.md * Remove one of the explanations for `bind_mount_prefix` because it is duplicated. * node e2e: keep infra container * add unit test for the `server/sandbox_remove`. * test: fix journald test for new conmon * fix shfmt * update `install.md` for debian and ubuntu * build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12 * build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2 * fix shfmt * server: set spec when dropping infra * Update 'master' branch links to 'main' * bumps pause image to 3.6 * server: don't wait forever on conmon cgroup move fail * build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0 * Remove bashism in sh script * Do not log if Intel RDT is not supported * build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5 * Fix cluster.yaml for kubectl create * call cmd.Wait() in all cases we call Start() * oci: call wait on conmon if cgroup move fails * build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0 * Fix `crio_image_pulls_layer_size_` metrics docs * Adapt to klog incompatible changes * build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0 * Add `--profile-cpu` and `--profile-mem` options * build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1 * server: remove ineffective `updateLock`. * Fix missing quantile in `latency_microseconds_total` metrics * Update crio commit for node e2e * build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1 * Bump runc binary to 1.0.2 * Switch to go1.17 for CI * fix debian 10 build doc * test/testdata/sandbox_config.json: fix the dns_config * adds updating instructions to install.md ==== cri-tools ==== Version update (1.22.0 -> 1.23.0) - Update to version 1.23.0: * Bump docs to v1.23.0 * Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0 * Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3 * Bump github.com/docker/docker * Bump google.golang.org/grpc from 1.42.0 to 1.43.0 * 1.5.9 * Use same grpc max message size as Kubelet * Add support for cri-dockerd * Add support for specifying custom test container images. * Fix cri-dockerd CI runs * Fix Containerd main branch CI for Windows * fix ci for dockershim-critest * Update Windows images for ltsc2022 * images: use k8s-staging-test-infra/gcb-docker-gcloud * Bump github.com/onsi/gomega from 1.16.0 to 1.17.0 * Refactor fish completion * Rename bash and zsh completion functions * Add zsh compinit tag * Bump google.golang.org/grpc from 1.41.0 to 1.42.0 * Bump github.com/docker/docker * Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5 * Add release publishing workflow * Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1 * Add SHA512 sum for release files * Bump github.com/docker/docker * Bump google.golang.org/grpc from 1.40.0 to 1.41.0 * Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 * Bump k8s.io/api from 0.22.1 to 0.22.2 * Bump k8s.io/cri-api from 0.22.1 to 0.22.2 * Bump k8s.io/apimachinery from 0.22.1 to 0.22.2 * Bump k8s.io/client-go from 0.22.1 to 0.22.2 * Bump k8s.io/kubectl from 0.22.1 to 0.22.2 * Updates E2E test images registry * Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5 * Switch to go1.17 for CI * Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2 * Added dropping/adding `ALL` capabilities case to critest * Bump github.com/onsi/gomega from 1.15.0 to 1.16.0 * Bump k8s.io/cri-api from 0.22.0 to 0.22.1 * Bump k8s.io/client-go from 0.22.0 to 0.22.1 * Bump k8s.io/api from 0.22.0 to 0.22.1 * Bump k8s.io/apimachinery from 0.22.0 to 0.22.1 * Bump k8s.io/kubectl from 0.22.0 to 0.22.1 * Bump google.golang.org/grpc from 1.39.1 to 1.40.0 * Bump github.com/onsi/gomega from 1.14.0 to 1.15.0 * Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4 * Bump google.golang.org/grpc from 1.39.0 to 1.39.1 ==== dbus-1 ==== Subpackages: libdbus-1-3 - Drop use of %{with libalternatives}, there's no such bcond defined and in many other places it's not optional anyway (boo#1197258) ==== grep ==== - Make profiling deterministic (bsc#1040589) ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186) * 0001-grub-probe-Deduplicate-probed-partmap-output.patch - Fix GCC 12 build failure (bsc#1196546) * 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch * 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch * 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch - Revised * grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch * 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch ==== kernel-source ==== Version update (5.16.14 -> 5.16.15) - Linux 5.16.15 (bsc#1012628). - arm64: dts: qcom: sm8350: Describe GCC dependency clocks (bsc#1012628). - arm64: dts: qcom: sm8350: Correct UFS symbol clocks (bsc#1012628). - HID: elo: Revert USB reference counting (bsc#1012628). - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (bsc#1012628). - ARM: boot: dts: bcm2711: Fix HVS register range (bsc#1012628). - clk: qcom: gdsc: Add support to update GDSC transition delay (bsc#1012628). - clk: qcom: dispcc: Update the transition delay for MDSS GDSC (bsc#1012628). - soc: mediatek: mt8192-mmsys: Fix dither to dsi0 path's input sel (bsc#1012628). - HID: vivaldi: fix sysfs attributes leak (bsc#1012628). - HID: nintendo: check the return value of alloc_workqueue() (bsc#1012628). - arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias (bsc#1012628). - tipc: fix kernel panic when enabling bearer (bsc#1012628). - vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET command (bsc#1012628). - vduse: Fix returning wrong type in vduse_domain_alloc_iova() (bsc#1012628). - net: phy: meson-gxl: fix interrupt handling in forced mode (bsc#1012628). - mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1012628). - vhost: fix hung thread due to erroneous iotlb entries (bsc#1012628). - virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (bsc#1012628). - virtio-blk: Remove BUG_ON() in virtio_queue_rq() (bsc#1012628). - vdpa: fix use-after-free on vp_vdpa_remove (bsc#1012628). - isdn: hfcpci: check the return value of dma_set_mask() in setup_hw() (bsc#1012628). - net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (bsc#1012628). - esp: Fix BEET mode inter address family tunneling on GSO (bsc#1012628). - net: gro: move skb_gro_receive_list to udp_offload.c (bsc#1012628). - qed: return status of qed_iov_get_link (bsc#1012628). - smsc95xx: Ignore -ENODEV errors when device is unplugged (bsc#1012628). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (bsc#1012628). - drm/i915/psr: Set "SF Partial Frame Enable" also on full update (bsc#1012628). - drm/sun4i: mixer: Fix P010 and P210 format numbers (bsc#1012628). - net: dsa: mt7530: fix incorrect test in mt753x_phylink_validate() (bsc#1012628). - ARM: dts: aspeed: Fix AST2600 quad spi group (bsc#1012628). - iavf: Fix handling of vlan strip virtual channel messages (bsc#1012628). - i40e: stop disabling VFs due to PF error responses (bsc#1012628). - ice: stop disabling VFs due to PF error responses (bsc#1012628). - ice: Fix error with handling of bonding MTU (bsc#1012628). - ice: Don't use GFP_KERNEL in atomic context (bsc#1012628). - ice: Fix curr_link_speed advertised speed (bsc#1012628). - ethernet: Fix error handling in xemaclite_of_probe (bsc#1012628). - tipc: fix incorrect order of state message data sanity check (bsc#1012628). - net: ethernet: ti: cpts: Handle error for clk_enable (bsc#1012628). - net: ethernet: lpc_eth: Handle error for clk_enable (bsc#1012628). - net: marvell: prestera: Add missing of_node_put() in prestera_switch_set_base_mac_addr (bsc#1012628). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (bsc#1012628). - net/mlx5: Fix size field in bufferx_reg struct (bsc#1012628). - net/mlx5: Fix a race on command flush flow (bsc#1012628). - net/mlx5e: Lag, Only handle events from highest priority multipath entry (bsc#1012628). - net/mlx5e: SHAMPO, reduce TIR indication (bsc#1012628). - NFC: port100: fix use-after-free in port100_send_complete (bsc#1012628). - selftests: pmtu.sh: Kill tcpdump processes launched by subshell (bsc#1012628). - selftests: pmtu.sh: Kill nettest processes launched in subshell (bsc#1012628). - gpio: ts4900: Do not set DAT and OE together (bsc#1012628). - mm: gup: make fault_in_safe_writeable() use fixup_user_fault() (bsc#1012628). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (bsc#1012628). - net: phy: DP83822: clear MISR2 register to disable interrupts (bsc#1012628). - sctp: fix kernel-infoleak for SCTP sockets (bsc#1012628). - net: arc_emac: Fix use after free in arc_mdio_probe() (bsc#1012628). - net: bcmgenet: Don't claim WOL when its not available (bsc#1012628). - net: phy: meson-gxl: improve link-up behavior (bsc#1012628). - selftests/bpf: Add test for bpf_timer overwriting crash (bsc#1012628). - swiotlb: fix info leak with DMA_FROM_DEVICE (bsc#1012628). - usb: dwc3: pci: add support for the Intel Raptor Lake-S (bsc#1012628). - pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID" (bsc#1012628). - KVM: Fix lockdep false negative during host resume (bsc#1012628). - kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (bsc#1012628). - spi: rockchip: Fix error in getting num-cs property (bsc#1012628). - spi: rockchip: terminate dma transmission when slave abort (bsc#1012628). - drm/vc4: hdmi: Unregister codec device on unbind (bsc#1012628). - of/fdt: move elfcorehdr reservation early for crash dump kernel (bsc#1012628). - x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU (bsc#1012628). - drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() (bsc#1012628). - net-sysfs: add check for netdevice being present to speed_show (bsc#1012628). - hwmon: (pmbus) Clear pmbus fault/warning bits after read (bsc#1012628). - nvme-tcp: send H2CData PDUs based on MAXH2CDATA (bsc#1012628). - PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken (bsc#1012628). - gpio: Return EPROBE_DEFER if gc->to_irq is NULL (bsc#1012628). - drm/amdgpu: bypass tiling flag check in virtual display case (v2) (bsc#1012628). - Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" (bsc#1012628). - Revert "xen-netback: Check for hotplug-status existence before watching" (bsc#1012628). - ipv6: prevent a possible race condition with lifetimes (bsc#1012628). - tracing: Ensure trace buffer is at least 4096 bytes large (bsc#1012628). - tracing/osnoise: Make osnoise_main to sleep for microseconds (bsc#1012628). - tracing: Fix selftest config check for function graph start up test (bsc#1012628). - selftest/vm: fix map_fixed_noreplace test failure (bsc#1012628). - selftests/memfd: clean up mapping in mfd_fail_write (bsc#1012628). - ARM: Spectre-BHB: provide empty stub for non-config (bsc#1012628). - fuse: fix fileattr op failure (bsc#1012628). - fuse: fix pipe buffer lifetime for direct_io (bsc#1012628). - staging: rtl8723bs: Fix access-point mode deadlock (bsc#1012628). - staging: gdm724x: fix use after free in gdm_lte_rx() (bsc#1012628). - net: macb: Fix lost RX packet wakeup race in NAPI receive (bsc#1012628). - riscv: alternative only works on !XIP_KERNEL (bsc#1012628). - mmc: meson: Fix usage of meson_mmc_post_req() (bsc#1012628). - riscv: Fix auipc+jalr relocation range checks (bsc#1012628). - tracing/osnoise: Force quiescent states while tracing (bsc#1012628). - tracing/osnoise: Do not unregister events twice (bsc#1012628). - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (bsc#1012628). - arm64: Ensure execute-only permissions are not allowed without EPAN (bsc#1012628). - arm64: kasan: fix include error in MTE functions (bsc#1012628). - swiotlb: rework "fix info leak with DMA_FROM_DEVICE" (bsc#1012628). - virtio: unexport virtio_finalize_features (bsc#1012628). - virtio: acknowledge all features before access (bsc#1012628). - net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE (bsc#1012628). - ARM: fix Thumb2 regression with Spectre BHB (bsc#1012628). - watch_queue: Fix filter limit check (bsc#1012628). - watch_queue, pipe: Free watchqueue state after clearing pipe ring (bsc#1012628). - watch_queue: Fix to release page in ->release() (bsc#1012628). - watch_queue: Fix to always request a pow-of-2 pipe ring size (bsc#1012628). - watch_queue: Fix the alloc bitmap size to reflect notes allocated (bsc#1012628). - watch_queue: Free the alloc bitmap when the watch_queue is torn down (bsc#1012628). - watch_queue: Fix lack of barrier/sync/lock between post and read (bsc#1012628). - watch_queue: Make comment about setting ->defunct more accurate (bsc#1012628). - x86/boot: Fix memremap of setup_indirect structures (bsc#1012628). - x86/boot: Add setup_indirect support in early_memremap_is_setup_data() (bsc#1012628). - x86/module: Fix the paravirt vs alternative order (bsc#1012628). - x86/sgx: Free backing memory after faulting the enclave page (bsc#1012628). - x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1012628). - drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (bsc#1012628). - perf parse: Fix event parser error for hybrid systems (bsc#1012628). - btrfs: make send work with concurrent block group relocation (bsc#1012628). - riscv: dts: k210: fix broken IRQs on hart1 (bsc#1012628). - vhost: allow batching hint without size (bsc#1012628). - commit 2bd8d63 - config: enable XFS_RT (bsc#1197190) - commit d8f0e40 - esp: Fix possible buffer overflow in ESP transformation (CVE-2022-0886 bsc#1197131). - commit f5ed8a3 ==== kubernetes ==== Version update (1.23.0 -> 1.23.4) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump kubernetes-* to 1.23.4, *-minus1 to 1.22.7 ==== kubernetes1.22 ==== Version update (1.22.4 -> 1.22.7) - Update to version 1.22.7: * Update Go to 1.16.14 * add namespace in azurefile volumeid * fix: azurefile volumeid conflict in csi migration * Execute sync before taking the snapshot * Mark device as uncertain if unmount device succeeds * Set max results if its not set * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.6 * Update k/utils to v0.0.0-20211116205334-6203023598ed * [go] update to Go 1.16.13 * Enabling kube-proxy metrics on windows kernel mode * fix: ignore the case when comparing azure tags in service annotation * fix: remove outdated ipv4 route when the corresponding node is deleted * fix: delete non existing disk issue * fix containers order after applying * generated: ./hack/update-vendor.sh * upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1 * fix: azuredisk parameter lowercase translation issue * fix: do not delete the lb that does not exist * removed unnecessary log line * Fix header mutation race in timeout filter * use node informer to check volumes attachment status before backoff * When volume is not marked in-use, do not backoff * kubeadm: remove the restriction that the ca.crt can only contain one certificate * flake fix: remove the error handler for cronjob integration test * vendor: bump cAdvisor to v0.39.3 * Fix the leak of vSphere client sessions * fix nil pointer in create secret commands * client-go: Clear the ResourceVersionMatch on paged list calls * Update GCE manifest to use konnectivity 0.0.27 * Update to apiserver-network-proxy v0.0.27 * add gce loadbalancer no-op finalizer and existingFwdRule tests * disable gce service handling if has rbs forwarding rule * add ELBRbsFinalizer * add gce elb rbs opt-in annotation * Improving performance of EndpointSlice controller metrics cache * fix the error when cleaning up jobs for cronjob * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.5 * Add test to confirm containers won't start * Check for failed sandbox and failed workload containers * mount-utils: Detect potential stale file handle * [go1.16] Update to go1.16.12 * Skip creating HNS loadbalancer with empty endpoints * dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 * kubeadm: avoid requiring a CA key during kubeconfig expiration checks * kubeadm: print the CA of kubeconfig files in "check expiration" * kubeadm: validate local etcd certficates during expiration checks * kubelet: set failed phase during graceful shutdown * [go1.16] Update to go1.16.11 * fix: ignore the case when updating tags * Ensure deletion of pods in queues and cache * kubelet: Rejected pods should be filtered from admission * kube-scheduler: Increase the duration to expire an assumed pod * Skip check for all topology labels when using system default spreading * workqueue: fix leak in queue preventing objects from being GCed * Fix workqueue memory leak * Ignore 'wait: no child processes' error when calling mount/umount * Reduce calls to docker from dockershim for stats * Update CHANGELOG/CHANGELOG-1.22.md for v1.22.4 * Add warning about using unsupported CRON_TZ * Fix flake caused by sampling signal counter too early. * Ensure there is one running static pod with the same full name * NodeConformance: Respect grace period when updating static pod * Fix concurrent map writes error in kube-apiserver * e2e: node: release-1.22: backport findKubeletServiceName * node: e2e: add test for the checkpoint recovery * devicemanager: checkpoint: support pre-1.20 data * fix: remove VMSS and VMSS instances from SLB backend pool only when necessary * fix: leave the probe path empty for TCP probes * fix: skip instance not found when decoupling vmss from lb ==== kubernetes1.23 ==== Version update (1.23.0 -> 1.23.4) Subpackages: kubernetes1.23-client kubernetes1.23-client-common kubernetes1.23-kubeadm kubernetes1.23-kubelet kubernetes1.23-kubelet-common - Update to version 1.23.4: * Update Go to 1.17.7 * Use serializable struct for x-kubernetes-validations in openapi * Make JSON schema round tripping test more strict * ignore CRI PodSandboxNetworkStatus for host network pods * set secondary address on host-network pods * Deeply copy JSONSchemaProps.XValidations. * Ensure the execHostnameTest() compares hostnames * Revert "Fix comparison between FQDN and hostname" * service REST: Call Decorator(old) on update path * add namespace in azurefile volumeid * fix: azurefile volumeid conflict in csi migration * Mark device as uncertain if unmount device succeeds * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3 * kubelet: fix podstatus not containing pod full name * Fix bug with node restriction blocking pvc.status.resizestatus change * Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true * Set max results if its not set * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2 * Update k/utils to v0.0.0-20211116205334-6203023598ed * [go] update to Go 1.17.6 * fix: remove outdated ipv4 route when the corresponding node is deleted * fix: delete non existing disk issue * Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration." * fix containers order after applying * generated: ./hack/update-vendor.sh * upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1 * Execute sync before taking the snapshot * Correct the feature gate string for RBD migration. * fix: azuredisk parameter lowercase translation issue * removed unnecessary log line * kubectl: add integration test for result reporting * cli: let kubectl handle error printing * cli: avoid logging command line errors in more cases * Fix header mutation race in timeout filter * clear pod's .status.nominatedNodeName when necessary * use node informer to check volumes attachment status before backoff * When volume is not marked in-use, do not backoff * kubeadm: remove the restriction that the ca.crt can only contain one certificate * flake fix: remove the error handler for cronjob integration test * Fix the leak of vSphere client sessions * fix nil pointer in create secret commands * Fix order of commands in the snapshot tests for persistent volumes * client-go: Clear the ResourceVersionMatch on paged list calls * Improving performance of EndpointSlice controller metrics cache * fix the error when cleaning up jobs for cronjob * Update CHANGELOG to add missing release notes. * apf: ensure exempt request notes the classification * Enabling kube-proxy metrics on windows kernel mode * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1 * add gce loadbalancer no-op finalizer and existingFwdRule tests * disable gce service handling if has rbs forwarding rule * add ELBRbsFinalizer * add gce elb rbs opt-in annotation * cherry pick of knp 0.0.27 * Remove JSON logging performance regression * Re-introduce removed kubectl --dry-run values. * Point flowcontrol users at v1beta2 * [go1.17] Update to go1.17.5 * dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63 * mount-utils: Detect potential stale file handle * Skip creating HNS loadbalancer with empty endpoints * Add regression test for CPUManager distribute NUMA algorithm * Add unit test for CPUManager distribute NUMA algorithm verifying fixes * Fix accounting bug in CPUManager distribute NUMA policy * Fix error handling in CPUManager distribute NUMA tests * Add a sum() helper to the CPUManager cpuassignment logic * Allow the map.Values() function in the CPUManager to take a set of keys * Fix CPUManager algo to calculate min NUMA nodes needed for distribution * Fix unit tests following bug fix in CPUManager for map functions (2/2) * Fix unit tests following bug fix in CPUManager for map functions (1/2) * Fix bug in CPUManager map.Keys() and map.Values() implementations * Ensure we balance across *all* NUMA nodes in NUMA distribution algo * Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize * Round the CPUManager mean and stddev calculations to the nearest 1000th * updated deprecation messages from 1.23 to 1.24 * kubelet: set failed phase during graceful shutdown * kubeadm: avoid requiring a CA key during kubeconfig expiration checks * kubeadm: print the CA of kubeconfig files in "check expiration" * kubeadm: validate local etcd certficates during expiration checks * publishing-bot/doc: add component-helpers to the readme * publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules * Changelog: mention kube-scheduler bits deprication * rbd: initialize ceph monitors slice with an empty value. * Direct v2betaX users to migrate to HPA v2 * DelegateFSGroupToCSIDriver e2e: skip tests with chgrp * Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0 * [go1.17] Update to go1.17.4 ==== libepoxy ==== Version update (1.5.9 -> 1.5.10) - Update to version 1.5.10: + Fix for building with MSVC on non-English locale. + Fix build on Android. + Add the right include paths for EGL and X11 headers. - Upstream tarball url changed, probably by mistake, so leave old url in place, but disabled. ==== libnvme ==== Version update (1.0~6 -> 1.0~7) - Update to version 1.0-rc7: * linux: fixup log page offset in nvme_get_log_page() * tree: Add support for default trsvcid for all controllers (bsc#1195858) * tree: fixup coredump during nvme discover ==== librsvg ==== Version update (2.52.7 -> 2.52.8) Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2 - Update to version 2.52.8: + Catch circular references when rendering patterns (glgo#GNOME/librsvg#721). ==== libsigc++2 ==== Version update (2.10.7 -> 2.10.8) - Update to version 2.10.8: + Build: - Meson build: Perl is not required by new versions of mm-common - NMake Makefiles: Support building with VS2022 + Documentation: Upgrade the manual from DocBook 4.1 to DocBook 5.0 ==== nvme-cli ==== Version update (2.0~6 -> 2.0~7) - Update to version 2.0-rc7: * netapp-nvme: fix smdevices segfault in json output (bsc#1195937) * fabrics: keep the backward compatibility * nvme: Do not slash escape strings in JSON output (bsc#1195937) * nvme: Print full device path * nvme-print: Make JSON keys consistent with nvme-cli 1.x * nvme-print: print generic device in list command * fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061) * connect: Set errno to zero on nvmf_add_ctrl() success * documenation updates - Set path to systemctl via newly introduced config option - Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename - Moved bash completion script to /usr/share/bash-completion/completions/nvme ==== openSUSE-build-key ==== - gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key and try to remove it from installed systems via Obsoletes. ==== p11-kit ==== Version update (0.23.22 -> 0.24.1) Subpackages: libp11-kit0 p11-kit-tools - make sure p11-kit components have matching versions (boo#1196812) - Update to version 0.24.1: * rpc: Support protocol version negotiation. * proxy: Support copying attribute array recursively. * Link libp11-kit so that it cannot unload. * Translation improvements. * Build fixes. - Update to version 0.24.0: * Use inclusive language on certificate distrust. Note: This changes the directory and attribute names to distrust certain CAs to "blocklist". * Fix issues spotted by coverity and ASan. * Integrate gettext with tools more tightly. * rpc: Forbid use of array of attributes. * Build fixes. - Change dirs from blacklist to blocklist ref upstream changes. ==== protobuf ==== - Change Requires: zlib-devel to pkgconfig(zlib) so as not to conflict with libz-ng-compat1. ==== toolbox ==== - adjusted the patch to the toolbox container in registry