Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20200604 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor cloud-init cracklib cryptsetup (2.3.1 -> 2.3.3) gptfdisk (1.0.4 -> 1.0.5) haproxy (2.1.4+git0.3cfc2f1d9 -> 2.1.5+git0.36e14bd31) haveged (1.9.4 -> 1.9.8) irqbalance (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) kmod (26 -> 27) less (557 -> 562) libksba (1.3.5 -> 1.4.0) libsolv (0.7.13 -> 0.7.14) libzypp (17.23.4 -> 17.23.5) lvm2 lvm2-device-mapper nano (4.9.2 -> 4.9.3) zstd (1.4.4 -> 1.4.5) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add changes-since-2.13.4.diff with upstream changes and fixes since 2.13.4 up to 5f61bd4c: - add several abstractions related to xdg-open: dbus-network-manager-strict, exo-open, gio-open, gvfs-open, kde-open5, xdg-open - introduce @{run} variable - update dnsmasq and winbindd profile - update mdns, mesa and nameservice abstraction - some bugfixes in the aa-* tools, including a remote bugfix in the YaST AppArmor module (boo#1171315) - drop upstream(ed) patches (now part of changes-since-2.13.4.diff): - make-4.3-capabilities.diff - make-4.3-capabilities-vim.diff - make-4.3-fix-utils-network-test.diff - make-4.3-network.diff - abstractions-add-etc-mdns.allow-to-etc-apparmor.d-abstractions-mdns.patch - apply usr-etc-abstractions-base-nameservice.diff only for Tumbleweed, but not for Leap 15.x where it's not needed - refresh usr-etc-abstractions-base-nameservice.diff ==== cloud-init ==== - bsc#1170154: rsyslog warning, '~' is deprecated + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/ ==== cracklib ==== Subpackages: cracklib-dict-small libcrack2 - Enable translation-update-upstream on leap, to remove the use of is_opensuse (jsc#SLE-12096). - use /usr/lib instead of %{_libexecdir}, %{_libexecdir} should contain internal binaries, not data ==== cryptsetup ==== Version update (2.3.1 -> 2.3.3) Subpackages: libcryptsetup12 - Update to 2.3.3: * Fix BitLocker compatible device access that uses native 4kB sectors * Support large IV count (--iv-large-sectors) cryptsetup option for plain device mapping * Fix a memory leak in BitLocker compatible handling * Allow EBOIV (Initialization Vector algorithm) use * LUKS2: Require both keyslot cipher and key size option, do not fail silently - includes changes from 2.3.2: * Add option to dump content of LUKS2 unbound keyslot * Add support for discards (TRIM) for standalone dm-integrity devices (Kernel 5.7) via --allow-discards, not for LUKS2 * Fix cryptsetup-reencrypt to work on devices that do not allow direct-io device access. * Fix a crash in the BitLocker-compatible code error path * Fix Veracrypt compatible support for longer (>64 bytes) passphrases ==== gptfdisk ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 * Changed number of columns in type code output ("sgdisk -L" and equivalents in gdisk and cgdisk) from 3 to 2, since some descriptions are long enough that they are ambiguous with three columns. * You can now put the 0xEE partition last in a hybrid MBR using sgdisk. (Previously, this was possible with gdisk but not with sgdisk.) See the sgdisk man page for details. * Added numerous type codes for Container Linux, Veracrypt, and Freedesktop.org's Discoverable Partitions Specification * Partition type name searches are now case-insensitive. * It is now possible to quit out of partition type name searches by typing "q". * When changing a partition type code, the default is now the current type code, not a platform-specific type code. ==== haproxy ==== Version update (2.1.4+git0.3cfc2f1d9 -> 2.1.5+git0.36e14bd31) - Update to version 2.1.5+git0.36e14bd31: * [RELEASE] Released version 2.1.5 * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf * BUG/MINOR: lua: Add missing string length for lua sticktable lookup * BUG/MEDIUM: logs: fix trailing zeros on log message. * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used * BUG/MINOR: logs: prevent double line returns in some events. * DOC: SPOE is no longer experimental * DOC/MINOR: halog: Add long help info for ic flag * DOC: retry-on can only be used with mode http * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified * BUG/MEDIUM: ring: write-lock the ring while attaching/detaching * BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason * BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. * BUILD: select: only declare existing local labels to appease clang * BUG/MINOR: soft-stop: always wake up waiting threads on stopping * BUG/MINOR: pollers: remove uneeded free in global init * BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer * BUG/MINOR: http-ana: fix NTLM response parsing again * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() * BUG/MINOR: sample: Set the correct type when a binary is converted to a string * CLEANUP: connections: align function declaration * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() * BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed * BUG/MEDIUM: connections: force connections cleanup on server changes * BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach() * BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release() * BUG/MINOR: checks: Remove a warning about http health checks * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks * BUG/MINOR: checks/server: use_ssl member must be signed * Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" * Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections" * REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script * REGTEST: ssl: test the client certificate authentication * BUILD: Makefile: add linux-musl to TARGET * BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr() * BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms * MINOR: debug: dump the whole trace if we can't spot the starting point * MINOR: debug: use our own backtrace function on clang+x86_64 * MINOR: debug: improve backtrace() on aarch64 and possibly other systems * MINOR: debug: report the number of entries in the backtrace * MINOR: wdt: do not depend on USE_THREAD * BUILD: Makefile: include librt before libpthread * MINOR: debug: call backtrace() once upon startup * MEDIUM: debug: add support for dumping backtraces of stuck threads * MINOR: cli: make "show fd" rely on resolve_sym_name() * MINOR: debug: use resolve_sym_name() to dump task handlers * MINOR: tools: add resolve_sym_name() to resolve function pointers * MINOR: tools: add new function dump_addr_and_bytes() * MINOR: haproxy: export run_poll_loop * MINOR: stream: report the list of active filters on stream crashes * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock * BUG/MEDIUM: shctx: really check the lock's value while waiting * BUG/MINOR: debug: properly use long long instead of long for the thread ID * MINOR: threads: export the POSIX thread ID in panic dumps * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream * BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam * BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream * BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function * BUG/MINOR: checks: chained expect will not properly wait for enough data * BUG/MEDIUM: server/checks: Init server check during config validity check * BUG/MINOR: checks: Respect the no-check-ssl option * MINOR: checks: Add a way to send custom headers and payload during http chekcs * BUG/MINOR: check: Update server address and port to execute an external check * MINOR: contrib: make the peers wireshark dissector a plugin * MEDIUM: memory: make pool_gc() run under thread isolation * DOC: option logasap does not depend on mode * BUG/MINOR: http: make url_decode() optionally convert '+' to SP * BUG/MINOR: tools: fix the i386 version of the div64_32 function * BUG/MEDIUM: http-ana: Handle NTLM messages correctly. * BUG/MINOR: ssl: default settings for ssl server options are not used * DOC: Improve documentation on http-request set-src * MINOR: version: Show uname output in display_version() * DOC: hashing: update link to hashing functions * BUG/MINOR: peers: Incomplete peers sections should be validated. * BUG/MINOR: connection: always send address-less LOCAL PROXY connections * BUG/MINOR: ssl: memleak of the struct cert_key_and_chain * BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' * MINOR: ssl: improve the errors when a crt can't be open * BUG/MINOR: protocol_buffer: Wrong maximum shifting. ==== haveged ==== Version update (1.9.4 -> 1.9.8) Subpackages: libhavege1 - Update to version 1.9.8: * Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync [Jirka Hladky] * order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian Hesse] * use systemd security features [Christian Hesse] * do not run in container [Christian Hesse] * do not use carriage return in line break [Christian Hesse] * Fixed invalid UTF-8 codes in ChangeLog [Jirka Hladky] - Changes for version 1.9.5: * Added test for /dev/random symlink [Jirka Hladky] * Update to automake 1.16 [Jirka Hladky] * Fix segv at start [Andrew] * Fixed built issue on Cygwin [jbaker6953] * Fix segfault on arm machines (origin/pr/7) [Natanael Copa] * init.d/Makefile.am - add missing dependency [Jackie Huang] * service.redhat - update PIDFile [Pierre-Jean Texier] * Fix type mismatch in get_poolsize [Andreas Schwab] * Fixup upstream changelog [Nicolas Braud-Santoni] * Remove support for CPUID on ia64 (origin/pr/19) [Jeremy Bobbio] * Output some progress during CUSUM and RANDOM EXCURSION test [Sven Hartge] * Diagnostics capture mode now works correctly [Ethan Rahn] - Drop upstream patches: * f2193587.patch * get-poolsize.patch ==== irqbalance ==== Version update (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) - Update to latest git HEAD version 0348a3b. There has been no version update for quite some time, but some restructuring and fixes we want to have included. D install-man-pages.patch ==== kmod ==== Version update (26 -> 27) Subpackages: kmod-compat libkmod2 - Update to release 27 * Link to libcrypto rather than requiring openssl. * Use PKCS#7 instead of CMS for parsing module signature to be compatible with LibreSSL and OpenSSL < 1.1.0. * Teach modinfo to parse modules.builtin.modinfo. When using Linux kernel >= v5.2~rc1, it is possible to get module information from this new file. ==== less ==== Version update (557 -> 562) - less 562: * Update unicode tables * formatting changes in man pages ==== libksba ==== Version update (1.3.5 -> 1.4.0) - libksba 1.4.0: * Supports ECDSA and EdDSA certificate creation and parsing. * Supports ECDH enveloped data. * Supports ECDSA and EdDSA signed data. * Supports rsaPSS signature verification. * Supports standard file descriptors in ksba_reader_read. * Allows for optional elements in keyinfo objects. * Fixes error detection in the CMS parser. * Fixes memory leak in ksba_cms_identify. * New constants KSBA_VERSION and KSBA_VERSION_NUMBER. * New API to make creation of DER objects easy. * Interface changes relative to the 1.3.5 release: KSBA_VERSION NEW. KSBA_VERSION_NUMBER NEW. KSBA_CT_SPC_IND_DATA_CTX NEW. KSBA_CLASS_* NEW. KSBA_TYPE_* NEW. ksba_der_t NEW. ksba_der_release NEW. ksba_der_builder_new NEW. ksba_der_builder_reset NEW. ksba_der_add_ptr NEW. ksba_der_add_val NEW. ksba_der_add_int NEW. ksba_der_add_oid NEW. ksba_der_add_bts NEW. ksba_der_add_der NEW. ksba_der_add_tag NEW. ksba_der_add_end NEW. ksba_der_builder_get NEW. ==== libsolv ==== Version update (0.7.13 -> 0.7.14) - Support blacklisted packages in solver_findproblemrule() [bnc#1172135] - Support rules with multiple negative literals in choice rule generation - bump version to 0.7.14 ==== libzypp ==== Version update (17.23.4 -> 17.23.5) - Enable zchunk on SLE-15-SP2. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - version 17.23.5 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== nano ==== Version update (4.9.2 -> 4.9.3) - GNU nano 4.9.3: * fix a crash when the terminal screen is resized while at a lock-file prompt ==== zstd ==== Version update (1.4.4 -> 1.4.5) - Update to version 1.4.5 * perf: Improved decompression speed (x64 >+5%, ARM >+15%) * perf: Automatically downsizes ZSTD_DCtx when too large for too * perf: Improved fast compression speed on aarch64 (#2040, ~+3%) * perf: Small level 1 compression speed gains (depending on compiler) * fix: Compression ratio regression on huge files (> 3 GB) using high levels (--ultra) and multithreading * api: ZDICT_finalizeDictionary() is promoted to stable * api: new experimental parameter ZSTD_d_stableOutBuffer * cli: New --patch-from command, create and apply patches from files * cli: --filelist= : Provide a list of files to operate upon from a file * cli: -b can now benchmark multiple files in decompression mode * cli: New --no-content-size command * cli: New --show-default-cparams command * misc: new diagnosis tool, checked_flipped_bits, in contrib/ * misc: Extend largeNbDicts benchmark to compression * misc: experimental edit-distance match finder in contrib/