Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20211011
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
glibc
haproxy (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
hwinfo (21.76 -> 21.77)
kubernetes1.21
libx86emu (3.2 -> 3.3)
libzypp (17.28.4 -> 17.28.5)
open-iscsi
openssh (8.4p1 -> 8.8p1)
patterns-microos
=== Details ===
==== glibc ====
Subpackages: glibc-locale-base
- ld-show-auxv-colon.patch: elf: Fix missing colon in LD_SHOW_AUXV output
(BZ #282539
- x86-string-control-test.patch: x86-64: Use testl to check
__x86_string_control
- pthread-kill-fail-after-exit.patch: nptl: pthread_kill, pthread_cancel
should not fail after exit (BZ #19193)
- pthread-kill-race-thread-exit.patch: nptl: Fix race between pthread_kill
and thread exit (BZ #12889)
- getcwd-attribute-access.patch: posix: Fix attribute access mode on
getcwd (BZ #27476)
- pthread-kill-return-esrch.patch: nptl: pthread_kill needs to return
ESRCH for old programs (BZ #19193)
- pthread-mutexattr-getrobust-np-type.patch: nptl: Fix type of
pthread_mutexattr_getrobust_np, pthread_mutexattr_setrobust_np (BZ
[#28036])
- setxid-deadlock-blocked-signals.patch: nptl: Avoid setxid deadlock with
blocked signals in thread exit (BZ #28361)
- pthread-kill-send-specific-thread.patch: nptl: pthread_kill must send
signals to a specific thread (BZ #28407)
- sysconf-nprocessors-affinity.patch: linux: Revert the use of
sched_getaffinity on get_nproc (BZ #28310)
- iconv-charmap-close-output.patch: renamed from
icon-charmap-close-output.patch
==== haproxy ====
Version update (2.4.4+git0.acb1d0bea -> 2.4.7+git0.b5e51a5e2)
- Update to version 2.4.7+git0.b5e51a5e2:
* [RELEASE] Released version 2.4.7
* BUG/MEDIUM: http-ana: Clear request analyzers when applying redirect rule
- Update to version 2.4.6+git0.d83fd76a1:
* [RELEASE] Released version 2.4.6
* BUG/MEDIUM: filters: Fix a typo when a filter is attached blocking the release
- Update to version 2.4.5+git0.e74a1b34b:
* [RELEASE] Released version 2.4.5
* MINOR: tasks: catch TICK_ETERNITY with BUG_ON() in __task_queue()
* BUG/MINOR: tcp-rules: Stop content rules eval on read error and end-of-input
* BUG/MINOR: tcpcheck: Don't use arg list for default proxies during parsing
* MINOR: arg: Be able to forbid unresolved args when building an argument list
* BUG/MAJOR: lua: use task_wakeup() to properly run a task once
* BUG/MEDIUM: lua: fix wakeup condition from sleep()
* MINOR: Makefile: add MEMORY_POOLS to the list of DEBUG_xxx options
* DOC: peers: fix doc "enable" statement on "peers" sections
* BUG/MINOR: mux-h1/mux-fcgi: Sanitize TE header to only send "trailers"
* MINOR: stream-int: Notify mux when the buffer is not stuck when calling rcv_buf
* BUG/MEDIUM: stream-int: Defrag HTX message in si_cs_recv() if necessary
* MINOR: htx: Add a function to know if the free space wraps
* MINOR: htx: Add an HTX flag to know when a message is fragmented
* MINOR: stream-int: Set CO_RFL transient/persistent flags apart in si_cs_rcv()
* BUG/MEDIUM: stream: Stop waiting for more data if SI is blocked on RXBLK_ROOM
* BUG/MEDIUM: stream-int: Notify stream that the mux wants more room to xfer data
* BUG/MEDIUM: mux-h1: Adjust conditions to ask more space in the channel buffer
* BUG/MINOR: stats: use refcount to protect dynamic server on dump
* MINOR: server: return the next srv instance on free_server
* BUG/MINOR: server: do not use refcount in free_server in stopping mode
* MINOR: global: define MODE_STOPPING
* MINOR: server: implement a refcount for dynamic servers
* BUG/MINOR: http-ana: increment internal_errors counter on response error
* BUG/MINOR: h1-htx: Fix a typo when request parser is reset
* BUG/MEDIUM: leastconn: fix rare possibility of divide by zero
* BUG/MINOR: server: allow 'enable health' only if check configured
* BUILD: threads: fix -Wundef for _POSIX_PRIORITY_SCHEDULING on libmusl
* BUILD: halog: fix a -Wundef warning on non-glibc systems
* BUILD: compiler: fixed a missing test on defined(__GNUC__)
* BUILD: fix dragonfly build again on __read_mostly
* BUG/MINOR: vars: do not talk about global section in CLI errors for set-var
* BUG/MINOR: vars: truncate the variable name in error reports about scope.
* BUG/MINOR: vars: properly set the argument parsing context in the expression
* MINOR: sample: add missing ARGC_ entries
* BUG/MINOR: vars: improve accuracy of the rules used to check expression validity
* BUILD: tools: properly guard __GLIBC__ with defined()
* BUILD: ssl: fix two remaining occurrences of #if USE_OPENSSL
* BUILD: ssl: next round of build warnings on LIBRESSL_VERSION_NUMBER
* BUILD/MINOR: regex: avoid a build warning on USE_PCRE2 with -Wundef
* IMPORT: slz: silence a build warning with -Wundef
* BUILD/MINOR: ssl: avoid a build warning on LIBRESSL_VERSION with -Wundef
* BUILD/MINOR: defaults: eliminate warning on MAXHOSTNAMELEN with -Wundef
* BUILD: activity: use #ifdef not #if on USE_MEMORY_PROFILING
* MINOR: proc: setting the process to produce a core dump on FreeBSD.
* MINOR: tools: add FreeBSD support to get_exec_path()
* BUILD: tools: get the absolute path of the current binary on NetBSD.
* BUG/MINOR: flt-trace: fix an infinite loop when random-parsing is set
* BUG/MINOR: cli/payload: do not search for args inside payload
* BUILD: ist: prevent gcc11 maybe-uninitialized warning on istalloc
* BUG/MINOR: connection: prevent null deref on mux cleanup task allocation
* DOC: management: certificate files must be sanitized before injection
* BUG/MINOR: tcpcheck: Improve LDAP response parsing to fix LDAP check
* BUG/MAJOR: mux-h1: Don't eval input data if an error was reported
* MINOR: pools: use mallinfo2() when available instead of mallinfo()
* MINOR: pools: automatically disable malloc_trim() with external allocators
* CLEANUP: pools: factor all malloc_trim() calls into trim_all_pools()
* BUG/MINOR: compat: make sure __WORDSIZE is always defined
* BUG/MEDIUM: stream-int: Don't block SI on a channel policy if EOI is reached
* CLEANUP: mux-h1: Remove condition rejecting upgrade requests with payload
* MINOR: htx: Skip headers with no value when adding a header list to a message
* BUG/MEDIUM: mux-h1: Remove "Upgrade:" header for requests with payload
* BUG/MINOR: systemd: ExecStartPre must use -Ws
* BUG/MINOR: filters: Set right FLT_END analyser depending on channel
* BUG/MINOR: filters: Always set FLT_END analyser when CF_FLT_ANALYZE flag is set
* BUG/MEDIUM: http-ana: Reset channels analysers when returning an error
* BUG/MINOR: stream: Don't release a stream if FLT_END is still registered
* BUG/MINOR: lua: Don't yield in channel.append() and channel.set()
* BUG/MINOR: lua: Yield in channel functions only if lua context can yield
* MINOR: lua: Add a flag on lua context to know the yield capability at run time
==== hwinfo ====
Version update (21.76 -> 21.77)
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
==== kubernetes1.21 ====
- Bump disk requirements in _constraints to 12GB. Data based on the
last successful build consumed storage.
==== libx86emu ====
Version update (3.2 -> 3.3)
- merge gh#wfeldt/libx86emu#34
- Migrate CI to GitHub Actions
- 3.3
==== libzypp ====
Version update (17.28.4 -> 17.28.5)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
==== open-iscsi ====
Subpackages: iscsiuio libopeniscsiusr0_2_0
- Fix possible systemd cycle by adding an "obsoletes" for
the old libopeniscsiusr for older versions.
==== openssh ====
Version update (8.4p1 -> 8.8p1)
Subpackages: openssh-clients openssh-common openssh-server
- Version update to 8.8p1:
= Security
* sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
= Potentially-incompatible changes
* This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for