[opensuse-kubic] New Kubic snapshot 20200902 released!
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20200902 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: busybox-k8s-yaml ceph (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) kubernetes (1.18.8 -> 1.19.0) kubernetes1.18 kubic-control (0.10.1 -> 0.10.2) libzypp (17.24.1 -> 17.24.2) mozilla-nss (3.54 -> 3.55) open-vm-tools (11.1.0 -> 11.1.5) procps weave (2.6.5 -> 2.7.0) yast2 (4.3.19 -> 4.3.24) zypper (1.14.37 -> 1.14.38) === Details === ==== busybox-k8s-yaml ==== - Use pause command instead of sleep, else the container will always quit hard after 1 hour. ==== ceph ==== Version update (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.0.0-4862-g8ac6038555: + rebase on tip of upstream "master" branch, SHA1 46c912978aa6a0b0f67094a27933c7bea829e6c9 - checkin.sh: build only one frontend language (English) by default, to speed up tarball generation - Update to 15.2.4-822-g24d833526b + rebase on tip of upstream "octopus" branch, SHA1 0887d548597b9d2381de42c1cc8a5c01d264ae8b - Update to 15.2.4.557+g4ac763f0b3 + rebase on tip of upstream "octopus" branch, SHA1 96411838ef6fef9a5285ca4d5c0708e6a599632e - Update to 15.2.4-511-g40953bf9d6 + rebase on tip of upstream "octopus" branch, SHA1 f3b8bc0d11ca4f8167615007645759e905b1ada5 - Update to 15.2.4-465-g5e8d9ae6bd + rebase on tip of upstream "octopus" branch, SHA1 213e2c803b4f68c9f0b33119c64638a6813d2692 - Update to 15.2.4-381-g734ae877b4: + rebase on tip of upstream "octopus" branch, SHA1 d0da4070a19a55ebe9c55904d6da2ad38833aae0 - Update to 15.2.4-342-g6987dec446: + cmake: add empty RPATH to ceph-diff-sorted - Update to 15.2.4-337-g55cec95eaf: + rebase on tip of upstream "octopus" branch, SHA1 405556b2629d8274dea2e14ee017c70a7dfb24a1 + Monitoring: Use downstream container images ==== dracut ==== Version update (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) Subpackages: dracut-ima - Update to version 050+suse.75.g266a76d9: * net-lib.sh: support infiniband network mac addresses (bsc#996146) * 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) * 95nfs: use ip_params_for_remote_addr() (bsc#1167494) * dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) - Update to version 050+suse.71.g390f4d72: * 01fips: modprobe failures during manual module loading is not fatal (bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828) * 95iscsi: fix ipv6 target discovery (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file (bsc#1172807) ==== kubernetes ==== Version update (1.18.8 -> 1.19.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Introduce -etcd, -etcdminus1, -coredns and -corednsminus1 subpackages. This is so etcd and coredns container images can be made for specific kubernetes versions. - Bump to kubernetes 1.19.0 - kubernetes-kubeadm now requires kubernetes%{baseversion}-kubelet and kubernetes%{baseversionminus1}-kubelet. This is to ensure both are installed on Kubic even though kubernetes{%baseversion}-kubeadm only hard requires either kubelet. ==== kubernetes1.18 ==== - Introduce kubernetes$FOO-client-common package to make -client truely parralel installable - Harmonise macro names, use baseversionminus1 across all k8s packages for previous version number - Remove old macro on maxcriversion, with the new relaxed constraints - Relax constraints on kubeadm ==== kubic-control ==== Version update (0.10.1 -> 0.10.2) Subpackages: kubic-haproxycfg kubicctl kubicd - Update to version 0.10.2 - Fix apiserver argument handling in multi-master mode - Minor bug fixes - kubicctl: align options ==== libzypp ==== Version update (17.24.1 -> 17.24.2) - VendorAttr: Const-correct API and let Target provide its settings (bsc#1174918) - Support buildnr with commit hash in purge-kernels (bsc#1175342) This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. - Improve Italian traslation of the "breaking dependencies" message (bsc#1173529) - Make sure reading from lsof does not block forever (bsc#1174240) - Just collect details for the signatures found (fixes #229) - version 17.24.2 (22) ==== mozilla-nss ==== Version update (3.54 -> 3.55) - update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. ==== open-vm-tools ==== Version update (11.1.0 -> 11.1.5) Subpackages: libvmtools0 - Update to 11.1.5 (build 16724464) (boo#1175573) + This source release rolls up the SDMP fixes release post 11.1.0. + Fix serveral Coverity reported issues. + Address github issues: https://github.com/vmware/open-vm-tools/issues/451 https://github.com/vmware/open-vm-tools/issues/429 https://github.com/vmware/open-vm-tools/issues/428 - Drop unnecessary patch: - gcc10-warning.patch - sdmp-get-version.patch - sdmp-netstat-to-ss.patch - sdmp-warnings.patch ==== procps ==== Subpackages: libprocps8 - Enable pidof by default ==== weave ==== Version update (2.6.5 -> 2.7.0) - Update to version 2.7.0 - https://github.com/weaveworks/weave/releases/tag/v2.7.0 - obsoletes vendor.tar.xz ==== yast2 ==== Version update (4.3.19 -> 4.3.24) - Fixed accidentaly broken dependencies (related to bsc#1175317) - 4.3.24 - Yet another unit test architecture fix :-( (related to bsc#1175317) - 4.3.23 - Fix for the previous change: fixed unit test failure on non x86_64 archs (related to bsc#1175317) - 4.3.22 - Y2Packager::Resolvable.find(): improved error handling, added more unit tests (related to bsc#1175317) - 4.3.21 - Unify profile element paths (bsc#1175680). - 4.3.20 ==== zypper ==== Version update (1.14.37 -> 1.14.38) Subpackages: zypper-needs-restarting - Directly list subcommands in 'zypper help' (bsc#1165424) - man: enhance description of the global package cache (bsc#1175592) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks (bsc#1174561) - Fix help command for list-patches - man: Point out that plain rpm packages are not downloaded to the global package cache (bsc#1173273) - version 1.14.38 -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
On Fri, 2020-09-04 at 14:05 +0000, Richard Brown wrote:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=1&version=Tumbleweed&build=20200902 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=- --
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: busybox-k8s-yaml ceph (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) kubernetes (1.18.8 -> 1.19.0) kubernetes1.18 kubic-control (0.10.1 -> 0.10.2) libzypp (17.24.1 -> 17.24.2) mozilla-nss (3.54 -> 3.55) open-vm-tools (11.1.0 -> 11.1.5) procps weave (2.6.5 -> 2.7.0) yast2 (4.3.19 -> 4.3.24) zypper (1.14.37 -> 1.14.38)
Hi everyone, Just a quick note, while this snapshot does include Kubernetes 1.19, all of the appliance images at https://download.opensuse.org/tumbleweed/appliances/ still contain kubernetes 1.18 by default. This was caught in testing, but the decision was made to release anyway, because they work fine, just at the wrong version. Our new multi-version packaging of everything ensures both the 1.18 and 1.19 stacks are fully supported, but obviously those appliance images are no good for quickly spinning up a fresh kubernetes 1.19 cluster right now. If you want to use those images today for a k8s 1.19 cluster, please do the following before bootstrapping the cluster - `transactional-update dup` and reboot - change /etc/sysconfig/kubelet to read "KUBELET_VER=1.19" - then setup your cluster as usual Alternatively, install Kubic using the ISO installer method Alternatively, wait until the next snapshot which should have corrected images The official 'Kubic has kubernetes 1.19' announcement will follow once the images are fixed also Thanks for your understanding, -- Richard Brown Linux Distribution Engineer - Future Technology Team Phone +4991174053-361 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, D-90409 Nuernberg (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org
participants (1)
-
Richard Brown