Packages changed: cni (0.8.1 -> 1.0.1) cni-plugins (0.9.1 -> 1.1.1) dhcp expat (2.4.7 -> 2.4.8) grub2 kdump (1.0.2 -> 1.0.2+git8.g51e8c4d) kmod libfido2 (1.9.0 -> 1.10.0) libnvme (1.0~7 -> 1.0~8) libtool (2.4.6 -> 2.4.7) lvm2 lvm2-device-mapper ncurses (6.3.20220312 -> 6.3.20220319) nvme-cli (2.0~7 -> 2.0~8) open-vm-tools (11.3.5 -> 12.0.0) openSUSE-build-key openslp python-prettytable (2.5.0 -> 3.2.0) python-pyrsistent (0.18.0 -> 0.18.1) python38 (3.8.12 -> 3.8.13) python38-core (3.8.12 -> 3.8.13) qemu rakkess runc (1.1.0 -> 1.1.1) sqlite3 (3.38.1 -> 3.38.2) weave === Details === ==== cni ==== Version update (0.8.1 -> 1.0.1) - Update to version v1.0.1: * Rewritten spec + non-List configurations are removed + the version field in the interfaces array was redundant and is removed * libcni improvements - Employ RPM macros.go where feasible - Use vendor tarball - Remove ./build.sh ==== cni-plugins ==== Version update (0.9.1 -> 1.1.1) - Update to version 1.1.1: * ipam/dhcp: Fix client id in renew/release * call ipam.ExceDel after clean up device in netns fix #666 * portmap: fix checkPorts result when chain does not exist * portmap: fix bug that new udp connection deletes all existing conntrack entries * Enhanced dad set to 1 * Add boolean to enable/disable dad * Disable DAD for container side veth * firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker * Fix host-device gofmt * host-device: Bring interfaces up after moving into container * pkg/ns: use file system magic numbers from golang.org/x/sys/unix * gofmt * go mod tidy * build: bump to go 1.17 * Remove arp notify setting per comment * plugins: replace arping package with arp_notify * fix #685 * Ran go fmt so tests would pass * Fixed DHCP problem that broke when fast retry was added. * dhcp ipam: adjust retry mechanism * add ipam tests for dpdk device * add ipam support for dpdk device * ipvlan: Send Gratuitous ARP after IPs are set * dhcp ipam: fix client id * dhcp ipam: rename inconsistent options among files * dhcp ipam: add more options capable for sending * dhcp ipam: add fast retry * dhcp ipam: support customizing dhcp options * dhcp ipam: truncate client id to 254 bytes * dhcp ipam: print error correctly without format string * dhcp ipam: using full config to regular the code * Allow setting sysctls on a particular interface * dhcp: remove implemented TODO * Don't redundantly filepath.Clean the output of filepath.Join * Use crypto/rand.Read, not crypto.Reader.Read * bridge: Add macspoofchk support * plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped * vendor: bump to libcni v1.0.1 * static ipam: do not parse the CIDR twice * static ipam: improve error msgs when provisioning invalid CIDR * bump go to 1.16, other misc fixes * vendor: bump all direct dependencies * vendor: bump to libcni v1.0 * docs: Update the CI badge from Travis CI to GitHub Actions * bridge: Fix typo in error message for promiscuous mode * ip: place veth peer in host namspace directly * bridge: Add mac field to specify container iface mac * static ipam: decide wrong cidr error msg * static ipam: stop wrapping net.ParseCIDR errors * static ipam: show confusing error msg * utils, hwaddr: Remove unused package * ip, link_linux: Remove unused SetHWAddrByIP function * plugins: remove flannel * refactor(win-bridge): netconf * refactor(win-bridge): hcn api processing * refactor(win-bridge): hns api processing * chore(win-bridge): location related * chore(win-bridge): text related * Remove Bryan Boreham as maintainer * host-local: support ip/prefix in env args and CNI args * [sbr]: Use different tableID for every ipCfg Check tableID not in use for every ipCfg * Small typo improves in README.md * Allow multiple routes to be added for the same prefix. Enables ECMP * Update to lastest vendor/github.com/vishvananda/netlink * tuning: always update MAC in CNI result * vendor: bump to libcni v1.0-rc1 * tuning: Add support of altering the allmulticast flag * [sbr]: Use different tableID for every ipCfg Move default table routes which match the ipCfg config * Fix nil-pointer check * host-local: support custom IPs allocation through runtime configuration * pkg/ip: introduce a new type `IP` to support formated [/] * go.mod: github.com/j-keck/arping v1.0.1 * go.mod: github.com/buger/jsonparser v1.1.1 * go.mod: github.com/alexflint/go-filemutex v1.1.0 * go.mod github.com/Microsoft/hcsshim v0.8.16 * go.mod: godbus/dbus/v5 v5.0.3, coreos/go-systemd v22.2.0 * go.mod: github.com/mattn/go-shellwords v1.0.11 * go.mod: github.com/sirupsen/logrus v1.8.1 * CI: Install linux-modules-extra for VRF module * Fix broken links to online docs in plugin READMEs * gha: update actions/setup-go@v2 * remove redundant startRange in RangeIter due to overlap check on multi ranges * fix(win-bridge): panic while calling HNS api * portmap: use slashes in sysctl template to support interface names which separated by dots * pkg/ipam: use slash as sysctl separator so interface name can have dot * [macvlan] Stop setting proxy-arp on macvlan interface * tuning: increase test coverage to 1.0.0 and older spec versions * portmap: increase test coverage to 1.0.0 and older spec versions * flannel: increase test coverage to 1.0.0 and older spec versions * firewall: increase test coverage to 1.0.0 and older spec versions * bandwidth: increase test coverage to 1.0.0 and older spec versions * host-local: increase test coverage to 1.0.0 and older spec versions * static: increase test coverage to 1.0.0 and older spec versions * dhcp: increase test coverage to 1.0.0 and older spec versions * dhcp: add -resendmax option to limit lease acquisition time for testcases * vlan: increase test coverage to 1.0.0 and older spec versions * ptp: increase test coverage to 1.0.0 and older spec versions * macvlan: increase test coverage to 1.0.0 and older spec versions * loopback: increase test coverage to 1.0.0 and older spec versions * ipvlan: increase test coverage to 1.0.0 and older spec versions * host-device: increase test coverage to 1.0.0 and older spec versions * bridge: increase test coverage to 1.0.0 and older spec versions * bridge: simplify version-based testcase code * testutils: add test utilities for spec version features * plugins: update to spec version 1.0.0 * vendor: bump CNI to 1.0.0-pre @ 62e54113 - Drop %go_nostrip ==== dhcp ==== Subpackages: dhcp-client - Require hostname binary, not package [bsc#1197087] ==== expat ==== Version update (2.4.7 -> 2.4.8) - update to 2.4.8: * Other changes: - pkg-config: Move "-lm" to section "Libs.private" - CMake|MSVC: Fix pkg-config section "Libs" - CMake|macOS: Start using linker arguments "-compatibility_version " and "-current_version " in a way compatible with GNU Libtool - Version info bumped from 9:7:8 to 9:8:8; see https://verbump.de/ for what these numbers do ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix wrong order in kernel sorting of listing rc before final release (bsc#1197376) * grub2-use-rpmsort-for-version-sorting.patch ==== kdump ==== Version update (1.0.2 -> 1.0.2+git8.g51e8c4d) - pull sources directly from git using obs_scm - fix bsc#1190299, bsc#1186272 - add support for Zstandard compression algorithm - remove patches included in upstream git: kdump-calibrate-include-af_packet.patch, kdump-calibrate-fix-nic-naming.patch, kdump-calibrate.conf-depends-on-kdumptool.patch ==== kmod ==== Subpackages: libkmod2 - add keyring so that gpg validation actually does something ==== libfido2 ==== Version update (1.9.0 -> 1.10.0) - Version 1.10.0 (2022-01-17) * hid_osx: handle devices with paths > 511 bytes; gh#462. * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480. * winhello: fallback to GetTopWindow() if GetForegroundWindow() fails. * winhello: fallback to hid_win.c if webauthn.dll isn?t available. * New API calls: - fido_dev_info_set; - fido_dev_io_handle; - fido_dev_new_with_info; - fido_dev_open_with_info. * Cygwin and NetBSD build fixes. * Documentation and reliability fixes. * Support for TPM 2.0 attestation of COSE_ES256 credentials. ==== libnvme ==== Version update (1.0~7 -> 1.0~8) - Update to version 1.0-rc8: * types: Add support for get log - MI Command Supported * types: Add new Identify constant * types: Update persistent event entry struct added new fields * types: Add Host Initiated Data Gen Number to telemetry log struct * tree: always allocate config file in nvme_read_config() * tree: rework nvme_scan_subsystem() * tree: make subsystem name mandatory in nvme_scan_ctrl() * tree: move nvme_init_subsystem() into nvme_lookup_subsystem() * tree: do not return error when filtering out subsystems * tree: add debugging messages during scanning * tree: Handle NULL subsysname in nvme_scan_ctrl() * tree: Fix subsystem initialization in nvme_scan_ctrl() * tree: Fix leaking 'name' in nvme_subsystem_lookup_namespace() * tree: Avoid dereferencing nvme_subsystem_t before its check for NULL * tree: Clarify NULL return values from nvme_get_attr() * fabrics: Invoke nvmf_dim() with provided tas argument * fabrics: add 'nvmf_update_config()' * fabrics: Avoid out of bounds string chomping * fabrics: Free old traddr in nvmf_add_ctrl * fabrics: update log level for write failures * fabrics: Streamlining documentation * fabrics: Fix leaking ctrl in nvmf_connect_disc_entry() * fabrics: Add missing break in a switch * ioctl: Remove attribute packed and alignedof for args structs * ioctl: Align arguments indentation with braces * json: fix endless loop scanning for controllers * Remove nvme_init_id_ns * Add lbstm support for create-ns * documentation updates ==== libtool ==== Version update (2.4.6 -> 2.4.7) - add handle-Werror-return-type.patch - disable lto, breaks libtool as seen in testsuite - update to 2.4.7: - Libtool script now supports (configure-time and runtime) ARFLAGS variable, which obsoletes AR_FLAGS. This is due to naming conventions among other *FLAGS and to be consistent with Automake's ARFLAGS. - Gnulib testsuite is enabled and run during 'make check'. - Support the Windows version of the Intel C Compiler (icl) in libtool script. - Pass '-fsanitize=*' flags for GCC and LLVM, and '-specs=*' for GCC to linker. - Pass '-Xassembler=*' and '-Wa,*' flag to compilers and linkers. - The variable 'FILECMD' with default value of '/usr/bin/file' was used to replace existing hard coded references to '/usr/bin/file'. - Add MidnightBSD support. - Libtool changed ARFLAGS/AR_FLAGS default from 'cru' to 'cr'. - Do not pass '-pthread' to Solaris linker. - 'libtool' and 'libtoolize' scripts now use '#! /usr/bin/env sh' shebang. Previously '#! /bin/sh' was used, which presents challenges for containerized environments. - Fix significant slowdown of libtoolize for certain projects (regression introduced in 2.4.3 release) caused by infinite m4 macro recursion. - Mitigate the slowdown of libtool script (introduced in v2.4.3) caused by increased number of calls to '$SED $sed_quote_subst' (bug#20006). - Properly parse and export TLS symbols on AIX. - Various bug fixes surrounding use of 'sed'. - Darwin systems set proper "allow undefined" flag on OSX 11, and PowerPC 10.5. - Removed some deprecated tests related to 'Makefile.inc' files. - merge in testsuite, disable for now, isn't building for a while ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - lvm2-monitor.service reported warning messages for udev didn't finish to set up device database (bsc#1197183) + 0025-vgchange-monitor-don-t-use-udev-info.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - lvm2-monitor.service reported warning messages for udev didn't finish to set up device database (bsc#1197183) + 0025-vgchange-monitor-don-t-use-udev-info.patch ==== ncurses ==== Version update (6.3.20220312 -> 6.3.20220319) Subpackages: libncurses6 ncurses-utils terminfo-base - Make extended status line support of xterm a switch (boo#1197313) - Add ncurses patch 20220319 + add xgterm -TD + correct setal in mintty/tmux entries, add to vte-2018 (report by Robert Lange) + add blink to vte-2018 (report by Robert Lange) + improve tic warning about XT versus redundant tsl, etc. ==== nvme-cli ==== Version update (2.0~7 -> 2.0~8) - Update to version 2.0-rc8: * fabrics: Add DIM command * fabrics: Introduce force flag to overwrite persistence logic (bsc#1197076) * fabrics: Free non-matching controller during discovery * fabrics: add 'nvme config' command * fabrics: Correctly stringify discovery.conf and config.json paths * nvme-print: Add human readable print for nsattr field * nvme-print: Update Persistent Event log fields * nvme-print: print discovery async event support * nvme-rpmb: Fix spelling for 'Partition' * nvme-copy: add missing field to the command * nvme: add get_mi_cmd_support_effects_log command * nvme: Fixup namespace filtering yet again * nvme: Use type bool for OPT_FLAG * nvme: use filter for 'list-subsys ' (bsc#1195938) * Add lbstm option to create-ns * argconfig: Do not use default value loading by getopt_long_only * argconfig: Rename CFG_NONE to CFG_FLAG * plugins: Use type bool for OPT_FLAG * documenation updates - Drop 'ProtectKernelTunables=true' (bsc#1197076) ==== open-vm-tools ==== Version update (11.3.5 -> 12.0.0) Subpackages: libvmtools0 - Update to 12.0.0 (build 19345655) (boo#1196803) - jsc#SLE-24097 ECO Update open-vm-tools 12.0.0 + New/Updated features: - Support for managing Salt Minion through guest variables. A new open-vm-tools-salt-minion rpm is added to handle this support. jsc#SLE-24094 Update open-vm-tools 12.0.0 SLES15SP4 jsc#SLE-24095 Update open-vm-tools 12.0.0 SLES15SP3 jsc#SLE-24096 Update open-vm-tools 12.0.0 SLES12SP5 - New ComponentMgr plugin to manage (add, remove, monitor) components on the guest VM. - Patch to fix potential Fail to Build from Source [FTBFS] (boo#1196804). - Build vmhgfs with either libfuse2 or libfuse3. + A number of Coverity and Codacy reported issues have been addressed. + The following issues and pull requests reported on github.com/vmware/open-vm-tools have been addressed: Issue # 128, Issue # 314, Pull # 513, Pull # 544, Pull # 573 - Added patches + gcc_size_t.patch (boo#1196804) ==== openSUSE-build-key ==== - gpg-pubkey-307e3d54-5aaa90a5 is actually "package gpg-pubkey, version-release 307e3d54-5aaa90a5" ==== openslp ==== - Added hardening to systemd service(s) (bsc#1181400). Modified: * slpd.service ==== python-prettytable ==== Version update (2.5.0 -> 3.2.0) - Update to 3.2.0 * Drop support for EOL Python 3.6 (#152) @hugovk * Use tags to print html table titles (#160) @daibhid * Add colorful tables and themes (#140) @BD103 * Convert None to empty cell or custom value (#164) @av-guy * Resolve "KeyError" issue on _stringify_row (#167) @michal-jagiello-tmpl * Use concrete built-in exceptions instead of Exception base class (#169) @hugovk * Fix width for custom none_format (#174) @av-guy * Enforce max widths for field names (#171) @OlafvdSpek ==== python-pyrsistent ==== Version update (0.18.0 -> 0.18.1) - update to 0.18.1: * Add universal wheels for MacOS, thanks @ntamas for this! * Add support for Python 3.10, thanks @hugovk for this! * Fix #236 compilation errors under Python 3.10. * Drop official support for Python 3.6 since it's EOL since 2021-12-23. * Fix #238, failing doc tests on Python 3.11, thanks @musicinmybrain for this! ==== python38 ==== Version update (3.8.12 -> 3.8.13) - Update to 3.8.13: Core and Builtins bpo-46794: Bump up the libexpat version into 2.4.6 bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) bpo-46932: Update bundled libexpat to 2.4.7 bpo-46811: Make test suite support Expat >=2.4.5 bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. bpo-41028: Language and version switchers, previously maintained in every cpython branches, are now handled by docsbuild-script. bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don?t expect it in the output. bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don?t expect it in the output. bpo-45405: Prevent internal configure error when running configure with recent versions of clang. - Remove upstreamed patches: - support-expat-245.patch ==== python38-core ==== Version update (3.8.12 -> 3.8.13) Subpackages: libpython3_8-1_0 python38-base - Update to 3.8.13: Core and Builtins bpo-46794: Bump up the libexpat version into 2.4.6 bpo-46985: Upgrade pip wheel bundled with ensurepip (pip 22.0.4) bpo-46932: Update bundled libexpat to 2.4.7 bpo-46811: Make test suite support Expat >=2.4.5 bpo-46784: Fix libexpat symbols collisions with user dynamically loaded or statically linked libexpat in embedded Python. bpo-46400: expat: Update libexpat from 2.4.1 to 2.4.4 bpo-46474: In importlib.metadata.EntryPoint.pattern, avoid potential REDoS by limiting ambiguity in consecutive whitespace. bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. bpo-41028: Language and version switchers, previously maintained in every cpython branches, are now handled by docsbuild-script. bpo-45195: Fix test_readline.test_nonascii(): sometimes, the newline character is not written at the end, so don?t expect it in the output. bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don?t expect it in the output. bpo-45405: Prevent internal configure error when running configure with recent versions of clang. - Remove upstreamed patches: - support-expat-245.patch ==== qemu ==== - Support the SGX feature (bsc#1197807) * Patches added: doc-Add-the-SGX-numa-description.patch numa-Enable-numa-for-SGX-EPC-sections.patch numa-Support-SGX-numa-in-the-monitor-and.patch - Backport CVE-2021-3929 (bsc#1193880) * Patches added: hw-nvme-fix-CVE-2021-3929.patch - The patches from upstream cause testsuit failures (bsc#1197150 bsc#1197528) * Patches added: Revert-python-iotests-replace-qmp-with-a.patch Revert-python-machine-add-instance-disam.patch Revert-python-machine-add-sock_dir-prope.patch Revert-python-machine-handle-fast-QEMU-t.patch Revert-python-machine-move-more-variable.patch Revert-python-machine-remove-_remove_mon.patch - Add missing patch from a PTFs (bsc#1194938) * Patches added: scsi-generic-check-for-additional-SG_IO-.patch - Kill downstream patches around bifmt handling that makes cumbersome to run multi-arch containers, and switch to the upstream behavior, which is well documented and valid on all other distros. This is possible thanks to Linux kernel commit 2347961b11d4 and QEMU commit 6e1c0d7b951e19c53 (so it can only work on Leap/SLE 15.4 and higher). (bsc#1197298) * Patches dropped: qemu-binfmt-conf.sh-allow-overriding-SUS.patch qemu-binfmt-conf-use-qemu-ARCH-binfmt.patch - Fix update_git.sh wiping all the package file of the local checkout while cloning the git repository on demand (in case they don't exist and the user as to do so). - Improve test reliability * Patches added: Fix-the-module-building-problem-for-s390.patch tests-qemu-iotests-040-Skip-TestCommitWi.patch tests-qemu-iotests-testrunner-Quote-case.patch ==== rakkess ==== - Set GOARCH on riscv64 ==== runc ==== Version update (1.1.0 -> 1.1.1) - Update to runc v1.1.1. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1. * runc run/start can now run a container with read-only /dev in OCI spec, rather than error out. (#3355) * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403) libcontainer systemd v2 manager no longer errors out if one of the files listed in /sys/kernel/cgroup/delegate do not exist in container's cgroup. (#3387, #3404) * Loosen OCI spec validation to avoid bogus "Intel RDT is not supported" error. (#3406) * libcontainer/cgroups no longer panics in cgroup v1 managers if stat of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435) ==== sqlite3 ==== Version update (3.38.1 -> 3.38.2) - update to 3.38.2: * Fix a problem with the Bloom filter optimization that might cause an incorrect answer when doing a LEFT JOIN with a WHERE clause constraint that says that one of the columns on the right table of the LEFT JOIN is NULL. * Other minor patches. - Remove obsolete configure flags - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ==== weave ==== - Add patch to fix compatibility with runtimes using cni >= 1.0.0 (boo#1197490, gh#weaveworks/weave#3936): * 0001-cni-Add-cniVersion-to-Result.patch