New ARM Kubic snapshot 20210429 released!
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20210429
https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=---
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org.
For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
PackageKit
apparmor
ceph (16.1.0.1217+g8e1da7347e -> 16.2.0.91+g24bd0c4acf)
cloud-init
cni-plugins (0.9.0 -> 0.9.1)
conmon (2.0.26 -> 2.0.27)
container-selinux (2.158.0 -> 2.160.1)
containers-systemd (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691)
cri-o (1.19.1 -> 1.21.0)
cri-tools (1.20.0 -> 1.21.0)
curl (7.75.0 -> 7.76.1)
dbus-1
dnf (4.6.1 -> 4.7.0)
dracut (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d)
etcd
expat (2.2.10 -> 2.3.0)
file (5.39 -> 5.40)
filesystem
findutils
fuse3 (3.10.2 -> 3.10.3)
gdk-pixbuf (2.42.2 -> 2.42.6)
glib-networking (2.66.0 -> 2.68.0)
glib2 (2.66.7 -> 2.68.1)
glibc
gmp
gobject-introspection (1.66.1 -> 1.68.0)
grub2
gsettings-desktop-schemas (3.38.0 -> 40.0)
hwinfo (21.72 -> 21.73)
installation-images-MicroOS (16.56 -> 17.0)
irqbalance (1.7.0+git20210222.9db8d5c -> 1.8.0)
k9s (0.24.2 -> 0.24.7)
kdump
kernel-firmware (20210315 -> 20210419)
kexec-tools (2.0.20 -> 2.0.21)
krb5
kubectl-who-can (0.0+git20190606.c185aaa -> 0.3.0)
kubernetes (1.20.2 -> 1.21.0)
kubernetes1.20 (1.20.2 -> 1.20.6)
kubic-control
ldb (2.2.1 -> 2.3.0)
less (563 -> 581)
libapparmor
libassuan (2.5.4 -> 2.5.5)
libcap
libcontainers-common
libdnf (0.60.0 -> 0.62.0)
libeconf (0.3.8+git20200710.5126fff -> 0.4.0+git20210413.fdb8025)
libfido2 (1.6.0 -> 1.7.0)
libgcrypt (1.9.2 -> 1.9.3)
libhugetlbfs
libjpeg-turbo
libksba (1.5.0 -> 1.5.1)
libpeas (1.28.0 -> 1.30.0)
librepo (1.13.0 -> 1.14.0)
libselinux
libsolv (0.7.17 -> 0.7.19)
libxcrypt (4.4.18 -> 4.4.19)
libzypp (17.25.8 -> 17.25.9)
lua54 (5.4.2 -> 5.4.3)
lvm2
lvm2-device-mapper
makedumpfile (1.6.7 -> 1.6.8)
microdnf (3.7.1 -> 3.8.0)
mozilla-nss (3.62 -> 3.63.1)
multipath-tools (0.8.5+29+suse.5dabcd2 -> 0.8.5+30+suse.633836e)
ncurses (6.2.20210313 -> 6.2.20210424)
openSUSE-build-key
openssl (1.1.1j -> 1.1.1k)
openssl-1_1 (1.1.1j -> 1.1.1k)
pam
patterns-microos
pcre2
perl-Bootloader (0.933 -> 0.934)
pkgconf
podman (3.0.1 -> 3.1.2)
python-M2Crypto
python-MarkupSafe
python-cryptography
python-gobject (3.38.0 -> 3.40.1)
python-importlib-metadata (3.7.0 -> 3.7.2)
python-jsonpatch (1.28 -> 1.31)
python-rpm (4.16.0 -> 4.16.1.3)
raspberrypi-firmware-config
raspberrypi-firmware-dt
rbac-lookup (0.6.3 -> 0.6.4)
rook (1.5.7+git4.gae949004e -> 1.5.10+git4.g309ad2f64)
rpcbind
rpm (4.16.0 -> 4.16.1.3)
rpm-config-SUSE (0.g64 -> 0.g76)
runc
salt
selinux-policy (20210309 -> 20210419)
sg3_utils (1.45~815+5.6aa67ed -> 1.46)
shadow
shim (15+git47 -> 15.4)
snapper (0.8.16 -> 0.9.0)
sqlite3 (3.35.2 -> 3.35.5)
sssd
sudo (1.9.5p2 -> 1.9.6p1)
suse-module-tools (15.3.5 -> 15.4.1)
systemd (246.11 -> 246.13)
systemd-presets-common-SUSE
talloc (2.3.1 -> 2.3.2)
tiff (4.2.0 -> 4.3.0)
toolbox (2.1+git20210311.15cb3ad -> 2.1+git20210329.d14ac82)
u-boot-rpiarm64 (2021.01 -> 2021.04)
vim (8.2.2607 -> 8.2.2800)
wpa_supplicant
yast2 (4.3.60 -> 4.4.2)
zchunk (1.1.5 -> 1.1.9)
=== Details ===
==== PackageKit ====
Subpackages: PackageKit-backend-dnf libpackagekit-glib2-18
- Add PackageKit-cancel-transaction-if-daemon-disappears.patch:
Fix hangs in packagekit-glib2 client if daemon crashes
(gh#hughsie/PackageKit#464).
==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
==== ceph ====
Version update (16.1.0.1217+g8e1da7347e -> 16.2.0.91+g24bd0c4acf)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- _constraints: raise s390x disk constraint to 42G after seeing a build fail
with "write error: No space left on device"
- Update to 16.2.0-91-g24bd0c4acf:
+ rebase on top of upstream pacific SHA1 4cbaf866034715d053e6259dcd5bd8e4e1d1e1ed
- Update to 16.2.0-31-g5922b2b9c1:
+ rebase on top of upstream v16.2.0 (first stable release in Pacific series)
see https://ceph.io/releases/v16-2-0-pacific-released/
==== cloud-init ====
- Add cloud-init-bonding-opts.patch (bsc#1184085)
+ Write proper bonding option configuration for SLE/openSUSE
- Fix application and inclusion of
use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283)
==== cni-plugins ====
Version update (0.9.0 -> 0.9.1)
- Update to version 0.9.1:
* ipam/dhcp: Add broadcast flag
* add flannel to support dual stack ip
* bandwidth: fix panic in tests
* host-device: Add support for DPDK device
* [main/vlan] Fix error handling for delegate IPAM plugin
* dhcp: default dhcp clien timeout is 10s
* vlan: fix error message text by removing ptp references
* dhcp: daemon dhcp client timeout is configurable
* dhcp: timeout value is set in DHCP daemon
* remove unused function
* deps: go mod tidy coreos/go-iptables
* deps: bump coreos/go-iptables
==== conmon ====
Version update (2.0.26 -> 2.0.27)
- Update to version 2.0.27:
* bump to v2.0.27
* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary
* bump to v2.0.27-dev
==== container-selinux ====
Version update (2.158.0 -> 2.160.1)
- Fix container runtime binary labels (bsc#1185030). You need to
relable at least /usr/sbin if you're affected
==== containers-systemd ====
Version update (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691)
- Update to version 0.0+git20210407.9384691:
* Add service for wsdd
==== cri-o ====
Version update (1.19.1 -> 1.21.0)
Subpackages: cri-o-kubeadm-criconfig
- Update to version 1.21.0:
* bump to v1.21.0
* config: drop registries field as it is no longer supported
* Revert "test: drop unneeded sed statement"
* WIP: add debug print
* test: drop unneeded sed statement
* config: fix template insecure_registries field
* config: drop commented config lines
* build(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0
* Bump OpenShift CI cri-tools version and fix build path
* build(deps): bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
* Bump cri-tools to v1.21.0
* Update Kubernetes to v1.21.0
* Add container out of memory metrics
* [CLI] "crio config" only prints the fields that are differet than the default.
* Set short name mode to permissive
* docs-validation: update to handle workloads
* Fix unnecessary conversion lint report
* add tests for workloads
* integrate with server
* config: update workloads structure
* Clarify release cadence and version skew
* Add correct start time to initial log output
* Add support for workload settings
* refactor handling of allowed_annotations
* Do not push main binary into cachix cache
* resourcestore: introduce ResourceCleaner
* Use internal logging when context available
* build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
* server: remove dead code
* sandbox: use defined CRI type for NamespaceOption
* config: remove dead code
* oci: remove dead code
* lib: remove dead code
* build(deps): bump github.com/containers/podman/v3
* build(deps): bump k8s.io/client-go from 0.20.1 to 0.20.5
* update pause image to 3.5 for non-root
* build(deps): bump github.com/soheilhy/cmux from 0.1.4 to 0.1.5
* build(deps): bump google.golang.org/grpc from 1.34.0 to 1.36.1
* build(deps): bump github.com/containers/buildah from 1.19.8 to 1.20.0
* build(deps): bump github.com/prometheus/client_golang
* build(deps): bump github.com/godbus/dbus/v5 from 5.0.3 to 5.0.4
* build(deps): bump k8s.io/cri-api from 0.20.1 to 0.20.5
* build(deps): bump github.com/containers/podman/v3
* build(deps): bump k8s.io/kubernetes from 1.13.0 to 1.20.5
* crio-wipe: only clear storage if CleanShutdownFile is supported
* Add static bundle node e2e tests to GitHub actions
* Reload the main config file when reloading configs
* crio wipe: only completely wipe storage after a reboot
* Bump static binary dependency versions
* Add dependabot config file
* runtimeVM: Fix shimv2 binary name construction
* config,runtimeVM: Improve runtime_path validation
* oci_test: Add basic coverage to "RuntimeType()"
* oci_test: Add basic coverage to "privileged_without_host_devices"
* oci_test: Leave invalidRuntime on its own line
* tweak scope dependencies
* Do not return `<none>` placeholders for images any more
* Fix invalid libcontainer GetExecUser call
* Update dependencies
* config: Don't fail if the non default runtime doesn't pass validation
* Remove check for CI env variable for release-notes and dependencies
* cgmgr: add CreateSandboxCgroup method
* inspect: send container PID for dropped infra sandbox
* oci: specify sbox id when creating spoofed container
* Run GitHub actions on release branches
* Update bats to v1.3.0 (#4661)
* use happy-eyeballs for port-forwarding
* fix mock issues
* fix lint issues
* install: drop support matrix and update instructions
* do not store context in runtime vm
* Fix lint GitHub action
* pkg/container: take process args
* Use and publish version marker for CRI-O
* Add GitHub API pages support to `get` script
* add libbtrfs-dev to unit tests
* Revert "server: use IsAlive() more"
* Fix GitHub actions cache key
* Bug 1881694: Add pull source as info level log
* test: use latest conmon
* runtime_vm: Create the global fifo inside the runtime root path
* stats: fix log spam
* Support CRI seccomp security profiles
* oci: add unit tests for stop timeouts
* oci: don't update stop timeout if it's earlier than old one
* oci: update timeout even if we're ignoring kill
* oci: don't wait too long on a long stop
* oci: check process is still around with kill
* Add integration test for started/finished container time
* fix: Don't set `image-endpoint` in crictl config
* feat: Add CLI option to set registries.conf.d path
* Add allowed io.containers.trace-syscall annotation to static bundle
* Make `get` script independent from `make`
* test: correct the env variable for dropping the infra container
* Add metric to grab latency of individual cri calls
* Fix `get` script commit SHA retrieval
* Add arm64 static build to GitHub actions
* Fix GitHub actions workflow syntax
* Updates yq commnands for yq v4
* gh-actions: also run on release branches
* pkg/sandbox: add InitInfraContainer endpoint
* test: reconfigure how runtimes are passed in
* test: add runtime() function
* sandbox/container: drop context
* test: drop workaround for crun
* pkg/sandbox: cleanup unused funcs/files
* fix doc log_level adding trace option
* Fix oci container update config
* Update e2e-aws logic for 4.8
* nsmgr: take Initalize method
* Switch to go 1.16 for GitHub actions and remove scripts/build-test-image
* config: remove and create the correct dir
* Update nix pin with `make nixpkgs`
* server: mount cgroup with rslave
* crio wipe: ensure a clean shutdown
* Move integration tests to GitHub actions
* Run release-notes GitHub action after dependencies
* Bumps github.com/containers/ocicrypt from 1.0.3 to 1.1.0.
* config/node: refactor checking for CollectMode
* Fix GitHub actions checkout permissions
* change binary version to 1.21.0-dev
* Set conmon scope KillSignal to SIGPIPE
* Move repo modification jobs to GitHub actions
* bump protobuf to 1.3.2
* Log container stop timeout
* ResourceStore: add close method
* Allow seccomp hook tracing for separate containers
* ResourceStore: extend tests to test WatcherForResource
* ResourceStore: update tests to all run
* ResourceStore: update docs for WatcherForResource
* ResourceStore: don't segfault
* server: support setting raw unified cgroupv2 settings
* vendor: update runtime-specs
* cgroup: implement fix for swap memcg on cgroup v2
* server: leave swap mem limit unset if not supported
* test: skip ServiceAccountIssuerDiscovery test
* hostport manager clean up host ports
* allows stream timeout to be set from config
* config: pre-create pinns directories
* Bump containers image to v5.10.1
* Move unit tests to GitHub actions
* Move go1.14 and 386 builds to GitHub actions
* set kubelet node IP
* Fix validate-completions GitHub action
* Add integration test for pprof over unix socket
* Add a flag for enabling profile over unix socket
* Lookup echo command for unit tests
* Move static build to GitHub actions
* pinns: Fixup 'pwarn' output to match 'pwarnf' output
* pinns: Don't put errno in the exit message for argument checks
* nsmgr: use host option
* nsmgr: Use config struct for NewPodNamespaces
* pinns: support pinning host ns
* Remove implicit GitHub action `name` fields
* Move docs and completions validation to GitHub actions
* Bump golangci-lint to v1.35.2
* Make config tests work rootless
* Make rootless namespace unit test execution work
* config: fix template to show infra_ctr_cpus option
* Do not log file path on ioutil.ReadFile
* fixes version_test.go
* Close the stdin/tty on server start to avoid shortname prompts
* docs: fix http link
* docs: update kubeadm tutorial
* Fix `make lint`
* Return runtime API version based on protocol
* Update compatibility matrix to mention v1.20
* add method comment
* restore irqbalance config only on system restart
* add blurb in doc and more informative name for unit tests
* add is-enabled check for irqbalance service
* fix unit tests
* add unit tests
* fix bash/zsh completions
* fix the docs validation
* handle irqbalance service
* runtime_vm: set finished time when containers stop
* nsmgr: fix/add calls to GetNamespace
* managed namespaces: move to dedicated package
* Provide integration test for infra-ctr-cpuset feature
* Set CPUs for the infra containers during the creation
* Add shell completion for infra-containers-cpu flag
* Add new infra-containers-cpus to the CLI and config file
* refine `registries` deprecation message
* Circle CI: install test/registries.conf
* crio.8.md: runroot defaults to /run/containers/storage
* support short-name aliases
* pull: do check for blocked registries
* config: deprecate registries
* Rollback gocapability vendor bump
* vendor: bump containers/storage to v1.24.4
* Update nix pin with `make nixpkgs`
* contrib/test/int: add Kata Containers runtime support
* contrib/test/int: enforce linking in parallel build process
* contrib/test/int: build parallel from sources in CentOS
* contrib/test/int: allow to skip user namespace testing
* contrib/test/int: allow to configure test timeout
* Capitalize Kubernetes
* modify the error url of podctl
* Add Digital Science to adopters
* crio.service: Request to be run before kubelet.service
* pinns: make binary not always static
* server: use IsAlive() more
* Support CRI v1 and v1alpha2 at the same time
* drop support for ManageNSLifecycle
* test/timeout.bats: increase timeout to fix flakes
* release-notes: fix flags
* test/timeout.bats: fix comments
* int/resourcestore: fix comment about Put
* test/image.bats: simplify some loops
* test/helpers.bats: simplify cleanup_*
* contrib/test/int: rm node-e2e test
* contrib/test/int: fix iptables rule
* critest: add unix:// prefix
* critest.yml: don't skip test on RHEL
* test: add timeout.bats
* bump network creation timeout to 5 minutes
* resourcecache: add watcher idiom
* server: use ResourceCache instead of dropping progress
* Add unit tests for ResourceCache
* Introduce ResourceCache
* moves shmsize to a handler allowed annotation
* image pull: close progress chan
* test/ctr.bats: fix a "ctr execsync" flake
* Fix the functions' name in completions
* make: drop link to crio.service
* test: rm "run ctr with image with Config.Volumes"
* test: add no-pull-on-run=true
* test/devices.bats: fix "additional device permissions" case
* test/devices.bats: rm unneeded run
* test/devices.bats: skip earlier
* Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/band...
- Drop config-fix-tz.patch as upstream dependency was patched
- Update to version 1.20.2:
* bump to latest c/storage 1.24 branch
* Remove check for CI env variable for release-notes and dependencies
* fix lint
* test: pin cri-tools to 1.20
* bump to v1.20.2
* Run GitHub actions on release branches
* Pin gocapability to v0.0.0-20180916011248-d98352740cb2
* [PATCH 9/9] add method comment
* [PATCH 8/9] restore irqbalance config only on system restart
- Add vendor.tar.gz to avoid dependency downloads
- Add config-fix-tz.patch to fix crio validation error while building
==== cri-tools ====
Version update (1.20.0 -> 1.21.0)
- Update to version 1.21.0:
* Bump README versions to v1.21.0
* Update dependencies
* Add dependabot config file
* Simplify test image build process for user images
* Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools
* Fix UID/GID and username values for test images
* Bump gcb-docker-gcloud image to v20210331-c732583
* Fix CRI-O master installation in GitHub actions
==== curl ====
Version update (7.75.0 -> 7.76.1)
Subpackages: libcurl4
- update to 7.76.1:
- ngtcp2: Use ALPN h3-29 for now
- TODO: remove 18.22 --fail-with-body
- Update to 7.76.0
* Security fixes:
- [bsc#1183933, CVE-2021-22876]: strip credentials from the
auto-referer header field
- [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to
Curl_ssl_get/addsessionid()
* Changes:
- cookies: Support multiple -b parameters
- curl: add --fail-with-body
- doh: add options to disable ssl verification
- http: add support to read and store the referrer header
- sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
- vtls: initial implementation of rustls backend
* Bugfixes:
- CVE-2021-22876: strip credentials from the auto-referer header field
- CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid()
- c-hyper: support automatic content-encoding
- configure: only add OpenSSL paths if they are defined
- configure: provide Largefile feature for curl-config
- curl: set CURLOPT_NEW_FILE_PERMS if requested
- doh: Fix sharing user's resolve list with DOH handles
- doh: Inherit CURLOPT_STDERR from user's easy handle
- dynbuf: bump the max HTTP request to 1MB
- ftp: add 'list_only' to the transfer state struct
- ftp: add 'prefer_ascii' to the transfer state struct
- ftp: allow SIZE to fail when doing (resumed) upload
- ftp: avoid SIZE when asking for a TYPE A file
- ftp: fix memory leak in ftp_done
- ftp: never set data->set.ftp_append outside setopt
- gnutls: assume nettle crypto support
- http2: don't set KEEP_SEND when there's no more data to be sent
- http2: fail if connection terminated without END_STREAM
- http: do not add a referrer header with empty value
- http: strip default port from URL sent to proxy
- http: use credentials from transfer, not connection
- lib: remove 'conn->data' completely
- multi: close the connection when h2=>h1 downgrading
- multi: do once-per-transfer inits in before_perform in DID state
- multi: rename the multi transfer states
- multi: update pending list when removing handle
- ngtcp2: adapt to the new recv_datagram callback
- ngtcp2: clarify calculation precedence
- ngtcp2: sync with recent API updates
- openssl: adapt to v3's new const for a few API calls
- openssl: ensure to check SSL_CTX_set_alpn_protos return values
- openssl: remove get_ssl_version_txt in favor of SSL_get_version
- parse_proxy: fix a memory leak in the OOM path
- url: fix memory leak if OOM in the HSTS handling
- url: fix possible use-after-free in default protocol
- urldata: don't touch data->set.httpversion at run-time
- urldata: merge "struct DynamicStatic" into "struct UrlState"
- urldata: remove the 'rtspversion' field
- urldata: remove the _ORIG suffix from string names
- wolfssl: don't store a NULL sessionid
==== dbus-1 ====
Subpackages: libdbus-1-3
- avoid listing cmake directory - owned by cmake package
==== dnf ====
Version update (4.6.1 -> 4.7.0)
- Update to version 4.7.0
+ Improve repo config path ordering to fix a comps merging issue (rh#1928181)
+ Keep reason when package is removed (rh#1921063)
+ Improve mechanism for application of security filters (rh#1918475)
+ [doc] Add description for new API
+ [API] Add new method for reset of security filters
+ [doc] Improve documentation for Hotfix repositories
+ [doc] fix: "makecache" command downloads only enabled repositories
+ Use libdnf.utils.checksum_{check,value}
+ [doc] Add info that maximum parallel downloads is 20
+ Increase loglevel in case of invalid config options
+ [doc] installonly_limit documentation follows behavior
+ Prevent traceback (catch ValueError) if pkg is from cmdline
+ Add documentation for config option sslverifystatus (rh#1814383)
+ Check for specific key string when verifing signatures (rh#1915990)
+ Use rpmkeys binary to verify package signature (rh#1915990)
+ Bugs fixed (rh#1916783)
+ Preserve file mode during log rotation (rh#1910084)
==== dracut ====
Version update (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d)
Subpackages: dracut-ima
- Update to version 053+suse.93.g039ac07d:
* fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs
- Update to version 053+suse.91.g4a0bdda1:
* fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs (bsc#1180822)
==== etcd ====
- update etcd.service: avoid args from commandline and environment
as it leads to start failure (bsc#1183703)
==== expat ====
Version update (2.2.10 -> 2.3.0)
- Do not BuildRequire cmake: expat is part of the distro bootstrap
cycle and any additional dependency makes the ring larger. In
this case here, cmake was even only used to own a directory.
- update to 2.3.0:
* When calling XML_ParseBuffer without a prior successful call to
XML_GetBuffer as a user, no longer trigger undefined behavior
(by adding an integer to a NULL pointer) but rather return
XML_STATUS_ERROR and set the error code to (new) code
XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
of Clang 11 (but not Clang 9).
* xmlwf: Exit status 2 was used for both:
- malformed input files (documented) and
- invalid command-line arguments (undocumented).
case of invalid command-line arguments now
has its own exit status 4, resolving the ambiguity.
* Other changes
==== file ====
Version update (5.39 -> 5.40)
Subpackages: file-magic libmagic1
- Add patch file-5.40-ascii.patch
* fix regressions on dection of smaller ASCII files (boo#1184899)
- Add upstream comitts as patches
* file-5.40-9b0459af.patch
put attributes inside the xz magic. (boo#1184888, boo#1184891)
* file-5.40-749e1ecf.patch
If the file is less than 3 bytes, use the file length to determine type
* file-5.40-f0601504.patch
Fix regression after unsigned/signed printing changes
* file-5.40-f7705dca.patch
fix previous (cast >>)
* file-5.40-3096f87f.patch
Correct return values to exptexted
* file-5.40-4c5fe1ad.patch
Add missing parens
- Port patch
* file-5.28-btrfs-image.dif
due patch file-5.40-f0601504.patch
- Add upstream commits as patches
* file-5.40-1c677c04.patch
Don't count each byte encounter as 1, count the total number
of bytes found (Anatol Belski). This makes it behave like 5.39
* file-5.40-6b34436a.patch
remove "u" from the pattern (Joerg Jenderek)
* file-5.40-9e2becec.patch
Encoding bug fix
- Fix offsets of patches
* file-5.17-option.dif
* file-5.19-biorad.dif
* file-5.19-printf.dif
* file-5.19-zip2.0.dif
* file-5.22-elf.dif
* file-5.23-endian.patch
* file-5.28-btrfs-image.dif
* file-5.38-allow-readlinkat.dif
* file-secure_getenv.patch
- update to 5.40:
* Add limit to the number of bytes to scan for encoding
* Fix /T (trim flag) for regex
* Trim trailing separator.
* Convert system read errors from corrupt ELF
files into human readable error messages
* Exclude surrogate pairs from utf-8 detection
- drop upstreamed patches:
* file-5.16-ocloexec.patch
* file-5.39-alternate_format.dif
==== filesystem ====
- also fix /var/lib/empty to be readonly
- make bindir/ _lib and _libdir readonly (mode 0555) to avoid
runpath-to-writeable-directory warning
==== findutils ====
- Use new Group Release Keyring
==== fuse3 ====
Version update (3.10.2 -> 3.10.3)
- Update to release 3.10.3
* Fix returning d_ino and d_type from readdir(3) in non-plus mode
==== gdk-pixbuf ====
Version update (2.42.2 -> 2.42.6)
Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0
- Update to stable 2.42.6
+ Yield gtk_doc option value in subprojects
+ Always initialise locale on thumbnailer startup
+ Add fallback subproject for libjpeg
+ Use type:array for the builtin_loaders option
+ Default to using builtin png and jpeg loaders
- Disable building of docs: creates a cycle with python:
+ Drop python3-gi-docgen BuildRequires.
+ Pass gtk_doc=false to meson
- Update to version 2.42.4:
+ Make enum type registration thread safe.
+ Do not install skipped test files.
+ Fix GIF initialization.
+ Always run GIF loader tests.
+ Fix leaks discovered via ASan.
+ Expose GdkPixbufLoader API via introspection.
+ Fix revert-to-previous first frame behaviour for GIF files.
+ Link to libintl if needed.
+ Improve support for using gdk-pixbuf as a subproject.
+ Fix build with GModule disabled.
+ Use gi-docgen to generate the API reference from introspection
data.
- Replace gtk-doc BuildRequires with python3-gi-docgen: follow
upstreams port.
- As a workaround to
https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete
the installed gi-docgen program files.
==== glib-networking ====
Version update (2.66.0 -> 2.68.0)
- Update to version 2.68.0:
+ Fix double free in GnuTLS client certificate request code.
- Update to version 2.68.rc:
+ Improve heuristic for returning
G_TLS_ERROR_CERTIFICATE_REQUIRED.
+ Fix check for certain handshake failure conditions.
- Update to version 2.68.alpha:
+ Download and validate missing intermediate certificates
(requires GnuTLS 3.7).
+ OpenSSL backend now uses system crypto policy.
+ Remove use of g_assert in testsuite.
+ Restore support for old versions of OpenSSL.
+ Implement TLS channel bindings API.
+ Implement PKCS#11 API.
+ Update testsuite for Fedora 33 crypto policy.
+ Fix NULL dereference in g_tls_connection_base_read_message.
+ Fix a couple code issues found by Coverity.
==== glib2 ====
Version update (2.66.7 -> 2.68.1)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0
- Update to version 2.68.1:
+ Fix a crash in `GKeyFile` when parsing a file which contains
translations using a `GKeyFile` instance which has loaded
another file previously.
+ Pin GIO DLL in memory on Windows.
+ Updated translations.
- Update to version 2.68.0:
+ Bugs fixed:
- build: Drop gconstructor_as_data_h usage from
glib-compile-schemas.
- glib.supp: Generalize some suppressions.
- gbytesicon: Fix error in g_bytes_icon_new() documentation.
- glocalfileoutputstream: Tidy up error handling.
- tests: Fix copy/paste error in queue test.
- Update to version 2.67.6:
+ Fix a security issue when using `g_file_replace()` with
`G_FILE_CREATE_REPLACE_DESTINATION`.
+ Disallow operations on the empty path with
`g_file_new_from_path()`.
+ Various fixes for GLib when building with clang-cl on Windows.
+ Updated translations.
- Update to version 2.67.5:
+ Fix more issues with `glib_typeof` macro from 2.67.3?2.67.4.
+ Fix regression with some FD mappings passed to
`g_subprocess_launcher_spawnv()` caused by changes for #2097 in
GLib 2.67.4.
+ Fix detection of `str[n]casecmp()` when building with
`clang-cl`.
+ Use zlib from subproject if configured with
`wrap_mode=forcefallback`.
+ Updated translations.
- Update to version 2.67.4:
+ Add a `g_string_replace()` function.
+ Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag
to simplify the common case for writing a D-Bus authentication
observer, allowing most uses of `GDBusAuthObserver` to be
dropped.
+ Add a new `g_spawn_with_pipes_and_fds()` variant which supports
renumbering FDs.
+ Add new g_memdup2() API to replace g_memdup(), which is
vulnerable to a silent integer truncation and heap overflow
problem if not used carefully.
+ Fix various regressions caused by rushed security fixes in
2.66.6.
+ Fix a silent integer truncation when calling
g_byte_array_new_take() for byte arrays bigger than G_MAXUINT.
+ Fix `g_utf8_strdown()` to fix some issues in Turkish.
+ Updated translations.
==== glibc ====
Subpackages: glibc-locale glibc-locale-base
- Enable support for static PIE (bsc#1184646)
- select-modify-timeout.patch: linux: always update select timeout
(bsc#1184339, BZ #27706)
- Don't remove -f[asynchronous-]unwind-tables during configure run, no
longer needed
==== gmp ====
- Compute FIPS hmac for libgmp.so.10 [bsc#1184555]
- do not break SLE 12 build when applying spec-cleaner
==== gobject-introspection ====
Version update (1.66.1 -> 1.68.0)
Subpackages: girepository-1_0 libgirepository-1_0-1
- Update to version 1.68.0:
+ Update GLib annotations.
+ docs: cleanup.
+ Fix syntax errors in gir-1.2.rnc.
- Update to version 1.67.1:
+ Requires Python 3.6+.
+ Update GLib annotations.
+ Fix compatibility with Python 3.10.
+ Fix build with GIR data disabled.
+ Add test object for signal marshallers.
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Fix obsolete syslog in systemd unit file and updating to use journal as
StandardOutput (bsc#1185149)
* grub2-once.service
- Fix build error on armv6/armv7 (bsc#1184712)
* 0001-emu-fix-executable-stack-marking.patch
- Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012)
* 0001-Workaround-volatile-efi-boot-variable.patch
==== gsettings-desktop-schemas ====
Version update (3.38.0 -> 40.0)
- Update to version 40.0:
+ Updated translations.
- Update to version 40.rc:
+ Updated translations.
- Update to version 40.beta:
+ Use pgUp/Down shortcuts for horizontal workspace switching.
+ Add super-based workspace navigation shortcuts.
+ Remove ?gnome-fallback? as a valid session name.
+ Fix summary of `two-finger-scroll-enabled` key.
+ Updated translations.
- Update to version 40.alpha:
+ Add scroll button locking to trackballs.
+ Move mouse drag-threshold/double-click settings here.
+ Move antialiasing/hinting/rgba-order settings here.
+ Updated translations.
==== hwinfo ====
Version update (21.72 -> 21.73)
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
==== installation-images-MicroOS ====
Version update (16.56 -> 17.0)
- merge gh#openSUSE/installation-images#498
- rescue: make sure /var/run is a link to /run
- rescue: link modules and firmware from correct location
- 17.0
- merge gh#openSUSE/installation-images#504
- no more libstoragemgmt-netapp-plugin
- 16.74
- merge gh#openSUSE/installation-images#503
- make usrmerge case depend on /lib link in filesystem package
- 16.73
- merge gh#openSUSE/installation-images#502
- extend 'exists' operator to test for a specfic type
- merge gh#openSUSE/installation-images#500
- fix NVMf autoconnect udev rule (bsc#1184908)
- 16.72
- merge gh#openSUSE/installation-images#490
- re-enable SecureBoot on AARCH64 on SLE Micro enable building the
SLE Micro flavor based on OBS macro
- 16.71
- merge gh#openSUSE/installation-images#497
- add udev rules for NVMf autoconnect in the installation system
(bsc#1184908)
- 16.70
- merge gh#openSUSE/installation-images#496
- add even more USB Type-C modules (bsc#1185010)
- 16.69
- merge gh#openSUSE/installation-images#492
- allow loading of unsupported modules (bsc#1184413, bsc#1183140)
- 16.68
- merge gh#openSUSE/installation-images#491
- build with kernel-default-optional on Leap (bsc#1184413)
- 16.67
- merge gh#openSUSE/installation-images#487
- gefrickel: don't skip non-existing
- 16.66
- merge gh#openSUSE/installation-images#484
- add USB Type-C modules (bsc#1184867)
- 16.65
- merge gh#openSUSE/installation-images#481
- enable multipathd in rescue system (bsc#1184686)
- merge gh#openSUSE/installation-images#480
- build with kernel-default-extra on Leap (bsc#1184413, bsc#1183140)
- 16.64
- merge gh#openSUSE/installation-images#478
- Fix grub branding for %{arm}
- 16.63
- merge gh#openSUSE/installation-images#473
- adjust NVME config initialisation (bsc#1183230)
- 16.62
- merge gh#openSUSE/installation-images#470
- Fix firmware dir for usrmerge (boo#1029961)
- remote_log_setup: support loghost with port
- 16.61
- merge gh#openSUSE/installation-images#450
- Add support for riscv64
- 16.60
- merge gh#openSUSE/installation-images#475
- remove bind-libs BuildRequires
- 16.59
- merge gh#openSUSE/installation-images#474
- remove changelog file
- update git2log script to latest version
- clean up VERSION
- remove .gitignore
- 16.58
- merge gh#openSUSE/installation-images#472
- handle update-alternative symlinks automatically
- remove update-alternative hacks
- 16.57
==== irqbalance ====
Version update (1.7.0+git20210222.9db8d5c -> 1.8.0)
- Add _service file pointing to github sources
A _service
- Update to version 1.8.0:
* Add return value check of opendir in do_one_cpu
* Hotplug may occur again during sleep, so wait until there is no hotplug
==== k9s ====
Version update (0.24.2 -> 0.24.7)
- Update to version 0.24.7:
* cleaning up
* bump rev
* maintenance #1067 #1061 #1060
* rev up
* merge prs + dep updates
* ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062)
* bugs #1063 #1061 #1059 #177
* Add release tag (#1058)
* fix #1056 #1024
* fix po feature col + lockouts?
- Update to version 0.24.6:
* rev up
* merge prs + dep updates
* ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062)
* bugs #1063 #1061 #1059 #177
* Add release tag (#1058)
* fix #1056 #1024
* fix po feature col + lockouts?
* fix #1024
* update deps and image
- Rename Makefile.diff to Makefile.patch
==== kdump ====
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
dracut command line (bsc#1182309).
==== kernel-firmware ====
Version update (20210315 -> 20210419)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network
- Update to version 20210419 (git commit 940b7f42d45d):
* cxgb4: Update firmware to revision 1.25.4.0
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2438
* brcm: Link CM4's WiFi firmware with DMI machine name.
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* amdgpu: update navi14 smc firmware
* amdgpu: update navi10 SMC firmware
* QCA: Update Bluetooth firmware for QCA6174
* WHENCE: link to similar config file for rtl8821a support
* nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.14.A.6
* amdgpu: add arcturus firmware
* rtl_bt: Add rtl8723bs_config-OBDA0623.bin symlink
* brcm: Add nvram for the Chuwi Hi8 (CWI509) tablet
* brcm: Add nvram for the Predia Basic tablet
* qcom: sm8250: update remoteproc firmware
* qcom: update a650 firmware files
* rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x59A_76A3
* amdgpu: update sienna cichlid firmware for 20.50
* amdgpu: update vega20 firmware for 20.50
* amdgpu: update picasso firmware for 20.50
* amdgpu: update navi14 firmware for 20.50
* amdgpu: update vega12 firmware for 20.50
* amdgpu: update navi12 firmware for 20.50
* amdgpu: update vega10 firmware for 20.50
* amdgpu: update renoir firmware for 20.50
* amdgpu: update navi10 firmware for 20.50
* amdgpu: update raven2 firmware for 20.50
* amdgpu: update raven firmware for 20.50
* amdgpu: add initial support for navy flounder
- Update aliases
==== kexec-tools ====
Version update (2.0.20 -> 2.0.21)
- kexec-tools-remove-duplicate-ramdisk-definition.patch:
Remove duplicate definition of ramdisk (fix ppc build).
- Bump version to 2.0.21
- Drop patches from upstream git:
* kexec-tools-add-variant-helper-functions.patch
* kexec-tools-arm64-kexec-allocate-memory-space-avoiding-reserved-regions.patch
* kexec-tools-arm64-kdump-deal-with-resource-entries-in-proc-iomem.patch
* kexec-tools-build-multiboot2-for-i386.patch
* kexec-tools-fix-kexec_file_load-error-handling.patch
* kexec-tools-reset-getopt-before-falling-back-to-legacy.patch
* kexec-tools-s390-Reset-kernel-command-line-on-syscal.patch
* kexec-tools-Remove-duplicated-variable-declarations.patch
- Hardening: Link as PIE (bsc#1185020).
==== krb5 ====
- Use /run instead of /var/run for daemon PID files; (bsc#1185163);
- do not own %sbindir, it comes from filesystem package
==== kubectl-who-can ====
Version update (0.0+git20190606.c185aaa -> 0.3.0)
- Update to version 0.3.0:
* chore: Bump up Go to v1.15 (#82)
* feat: Add JSON export functionality (#81)
* chore: Switch to main branch (#80)
* feat: Add -o wide flag to print the ROLE column (#79)
* chore: Add krew-release-bot for publishing plugin releases (#78)
* refactor: Use KIND to run integration tests (#77)
* chore: Bump up Go from 1.12 to 1.14 (#76)
* chore: Remove Travis CI config (#75)
* chore: Migrate from Travis CI to GitHub Actions (#74)
* chore: Replace google/glog with kubernetes/klog (#71)
==== kubernetes ====
Version update (1.20.2 -> 1.21.0)
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet
- Remove BuildRequires for Go, bump kubernetes to 1.21.0 and 1.20.5
- add BuildRequires for go >= 1.15.5, to align with kubernetes1.20 package
==== kubernetes1.20 ====
Version update (1.20.2 -> 1.20.6)
- Update to version 1.20.6:
* azure: fix node public IP not able to fetch issues from IMDS
* Fix test now that empty struct are tracked in mangaed fields
* make generated_files
* Update bazel and dependencies.
* Update to use cliflag.NamedFlagSets
* Address comments.
* Update NodeIPAM wrapper
* Delete build file based on latest changes.
* Update extension mechanism and related sample.
* Address review comments
* Address review comments
* Modify integration test to fill CCM test gap
* Update test
* Move initialize cloud provider with client builder reference inside controller start func
* Separate example func and add README.md
* Separate func
* Add demonstration of wiring nodeIPAMController config object
* Remove cloud provider name as input parameter.
* Fix flag passing in CCM.
* Use apply to create objects in TestApplyStatus
* Stop skipping APIService in apply test
* Stop clearing OpenAPIConfig for kube-aggregator
* Declare TCP default for service port protocol
* Add ability to skip OpenAPI handler installation
* do not tag user created public IPs
* apf: fix test flake
* update gogo/protobuf to v1.3.2
* Fixed describe ingress causing SEGFAULT
* Update sigs.k8s.io/structured-merge-diff to v4.0.3
* Stop probing a pod during graceful shutdown
* apf: handle error from PollImmediateUntil
* staging/publishing: Set default go version to go1.15.10
* webhook config manager: HasSynced returns true when the manager is synced with existing webhookconfig objects at startup
* update metadata-concealment to 1.6 for removing legacy checking
* slice mirroring controller mirror annotations
* additional subnet configuration for AWS ELB
* Revert "Automated cherry pick of #97417: fix azure file secret not found issue"
* Use the correct volum handle format for GCE regional PD.
* Increasing maximum number of ports allowed in EndpointSlice
* Support > 5 ports in L4 ILB.
* build: Update to k/repo-infra@v0.1.5 (supports go1.15.10)
* Use go-runner:v2.3.1-go1.15.10-buster.0 image (built on go1.15.10)
* Update to go1.15.10
* Update CHANGELOG/CHANGELOG-1.20.md for v1.20.5
* fix a bug where only service with less than 100 ports can have GCE load balancer
* bazel
* deepcopy statefulsets
* full deepcopy on munged pod spec
* remove pod toleration toleration seconds mutation
* add markers for inspected validation mutation hits
* move secret mutation from validation to prepareforupdate
* remove unnecessary mutations in validation
* tweak validation to avoid mutation
* For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP
* Moving docker options to daemon.json
* e2e fix: loosen configmap to 10 in resource quota
* api-server add --lease-max-object-count
* apiserver add metric etcd_lease_object_counts
* apiserver add --lease-reuse-duration-seconds to config lease reuse duration
* Bump Cluster Autoscaler to v1.20.0
- Rebase opensuse-version-checks.patch
- Update to version 1.20.5:
* Updating EndpointSliceMirroring controller to wait for cache to be updated
* Updating EndpointSlice controller to wait for cache to be updated
* Add tests for populated volumes
* Fix comment on getPodVolumeSubpathListFromDisk
* Fix tests to test for new behavior
* Add warnings after cleanup back
* Automatically remove orphaned pod's dangling volumes
* Count pod overhead as an entity's resource usage
* Ensure only one LoadBalancer rule is created when HA mode is enabled
* Fix issue in checking domain socket for plugin watcher
* Use Lstat in plugin watcher to avoid Windows problem
* Skip visiting empty secret and configmap names
* Number of sockets is assumed to be same as NUMA nodes
* disables APF if the aggregated apiserver cannot locate the core kube-apiserver
* Fix repeatedly aquire the inhibit lock
* Sync node status during kubelet node shutdown
* remove executable permission bits
* Upgrading vendored dependencies
* Upgrading cAdvisor to 0.38.8
* Update CHANGELOG/CHANGELOG-1.20.md for v1.20.4
* build/OWNERS: Add Dan and Sascha as reviewers
* OWNERS(CHANGELOG): Move reviewers/approvers to CHANGELOG/ dir
* Bump konnectivity-client to v0.0.15 in release-1.20
* Storage e2e: Remove pd csi driver installation in GKE
* Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3
* kube-cross: update image to use v1.15.8-legacy-1
* [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8)
* Use go-runner:buster-v2.3.1 image (built on go1.15.8)
* staging/publishing: Set default go version to go1.15.8
* Update to go1.15.8
* Fix dbus shutdown events not continuing if they are not valid
* Revert "make hostPort match test linuxonly"
* Revert "conformance changes"
* kube-proxy: clear conntrack entries after rules are in place
* Use -LiteralPath instead of -Path
* Escape the special character in vsphere windows path
* Include unit test
* Adjust defer to correctly call
* do not remove volume dir when saveVolumeData fails
* kubeadm: drop explicit constant override in version test
* kubeadm: get k8s CI version markers from k8s infra bucket
* dockershim hostport respect IPFamily
* dockershim hostport manager use HostIP
* Balance nodes in scheduling e2e
* e2e: Pod should avoid nodes that have avoidPod annotation: clean remaining pods
* Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate
* fix kube-scheduler cannot send event because the Note field is too large
* Fix nil pointer dereference in disruption controller
* Update region_pd e2e test to support PV have GA topology
* Recover CSI volumes from dangling attachments
* IsVolumeAttachedToNode() renamed to GetAttachState(), and returns 3 states instead of combining "uncertain" and "detached" into "false"
* Fixes Attach Detach Controller reconciler race reading ActualStateOfWorld and operation pending states; fixes reconciler_test mock detach to account for multiple attaches on a node
* Fix translation of Cinder storage classess to CSI
* OWNERS(CHANGELOG): Add release-engineering-reviewers as reviewers
* OWNERS(CHANGELOG): Add release-engineering-reviewers as approvers
* Resolve IP addresses of host-only in filtered dialer
* Deflake ingress updates
* make podTopologyHints protected by lock
* ignore cgroup driver check in windows node upgrade
* OWNERS(sig-release): Add CHANGELOG aliases
* OWNERS(build-image): Add Release Managers as reviewers
* OWNERS(releng): Sync Release Managers
* OWNERS(sig-release): Remove SIG Release approvers alias
* aggregate errors when putting vmss
* fix azure file migration issue
* kubelet: Fix mirrorPodTerminationMap leak
* kubelet: Delete static pods gracefully
* kubeadm: change the default image repository for CI images from gcr.io/kubernetes-ci-images to gcr.io/k8s-staging-ci-images
* kubelet logs print 'kubelet nodes sync' frequently
* reduce buckets for etcd_request_duration_seconds
* Merge pull request #96876 from howieyuen/no-execute-taint-missing
* cleanup subnet in frontend ip configs
* conformance changes
* make hostPort match test linuxonly
* Clean up namespaced children of missing virtual parents with incorrectly cluster-scoped nodes
* Add unit test for child scope mismatch with missing parent
* vendor: update cAdvisor to v0.38.7
* Use volumeHandle as PV name when translating EBS inline volume
* Update CHANGELOG/CHANGELOG-1.20.md for v1.20.2
* kubectl-convert import known versions
* Revert "Merge pull request #92817 from kmala/kubelet"
* WIP: node sync at least once
* fixes nil panic for nil delegated auth options
* Lower the frequency of volume plugin deprecation warning
* handle webhook authenticator and authorizer error
* fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable
* Avoid checking the entire backend service URL for FR equality.
* Use non privileged ports
==== kubic-control ====
Subpackages: kubic-haproxycfg kubicctl kubicd
- kubicd: require kubernetes-kubeadm
- pin to go 1.14, the certificate handling changes in 1.15 are
incompatible (issues/30)
==== ldb ====
Version update (2.2.1 -> 2.3.0)
- Update to ldb 2.3.0
==== less ====
Version update (563 -> 581)
- less 581:
* Change ESC-u command to toggle, not disable, highlighting per
man page
* Add ESC-U command
* Add ctrl-W search modifier for wrapping search
* F command can be interrupted by ^X
* Support OSC 8 hyperlinks when -R is in effect
* g command with no number will ignore -j and put first line at
top of screen
* Multiple + or -p command line options are handled better
* Add the --incsearch option
* Add the --line-num-width option
* Add the --status-col-width option
* Add the --use-color and --color options
* Display -w highlight even if highlighted line is empty
* If search result is in a long line, scroll to ensure it is
visible
* Editing the same file under different names now creates only
one entry in the file list.
* Make visual bell more visible on some terminals
* Ring end-of-file bell no more than once per second
* Build can use either Python or Perl for Makefile.aut operations
* Fix crash when using the @ search modifier.
* Fix crash in the 's' command due to duplicate free
- drop less-429-save_line_position.patch which was never accepted
upstream due to solving one problem and creating others
==== libapparmor ====
- add crypto-policies-mr720.diff to allow reading crypto policies
in abstractions/ssl_certs (boo#1183597)
- replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in
systemd into containers just because apparmor-parser ships a *.service file
==== libassuan ====
Version update (2.5.4 -> 2.5.5)
- update to 2.5.5:
* Fix a crash in the logging code
* Upgrade autoconf
==== libcap ====
- Add explicit dependency on libcap2 with version to libcap-progs
(bsc#1184690)
==== libcontainers-common ====
- Force overlay as default storage driver if system is not btrfs
(gh#containers/buildah#3153)
- Update common to 0.36.0
- Update podman to 3.1.1
- Update storage to 1.29.0
- Update image to 5.11.0
- Update common to 0.35.3
- Update podman to 3.1.0
- Update storage to 1.28.1
- Update image to 5.10.5
==== libdnf ====
Version update (0.60.0 -> 0.62.0)
Subpackages: libdnf-repo-config-zypp libdnf2
- Add patch to fix crash when loading DVD repositories
+ Patch: 0001-Fix-a-crash-when-repoId-not-found-in-loaded-conf-gke.patch
- Update to 0.62.0
+ Change order of TransactionItemReason (rh#1921063)
+ Add two new comperators for security filters (rh#1918475)
+ Apply security filters for candidates with lower priority
+ Fix: Goal - translation of messages in global maps
+ Enhance description of modular solvables
+ Improve performance for module query
+ Change mechanism of modular errata applicability (rh#1804234)
+ dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags
+ Fix a couple of memory leaks
+ Fix: Setting of librepo handle in newHandle function
+ Remove failsafe data when module is not enabled (rh#1847035)
+ Expose librepo's checksum functions via SWIG
+ Fix: Mising check of "hy_split_nevra()" return code
+ Do not allow 1 as installonly_limit value (rh#1926261)
+ Fix check whether the subkey can be used for signing
+ Hardening: add signature check with rpmcliVerifySignatures
(CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, boo#1183779)
+ Add a config option sslverifystatus, defaults to false (rh#1814383)
+ [context] Add API for distro-sync
==== libeconf ====
Version update (0.3.8+git20200710.5126fff -> 0.4.0+git20210413.fdb8025)
- Removed doxygen from build requires.
- Update to version 0.4.0+git20210413.fdb8025:
* Installing man pages via meson. (#147)
- Update to version 0.4.0+git20210412.1513a26:
* Added econftool cat option (#146)
* new API call: econf_readDirsHistory (showing ALL locations)
* new API call: econf_getPath (absolute path of the configuration file)
- Update to version 0.4.0+git20210408.6d33e5e:
* Man pages libeconf.3 and econftool.8.
* Handling multiline strings.
* Added libeconf_ext which returns more information like
line_nr, comments, path of the configuration file,...
* Econftool, an command line interface for handling configuration
files.
* Generating HTML API documentation with doxygen.
* Improving error handling and semantic file check.
* Joining entries with the same key to one single entry if
env variable ECONF_JOIN_SAME_ENTRIES has been set.
==== libfido2 ====
Version update (1.6.0 -> 1.7.0)
Subpackages: libfido2-1 libfido2-udev
- Update to version 1.7.0:
* hid_win: detect devices with vendor or product IDs > 0x7fff
* Support for FIDO 2.1 authenticator configuration.
* Support for FIDO 2.1 UV token permissions.
* Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
* New API calls
* New fido_init flag to disable fido_dev_open?s U2F fallback
* Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
* Added fix-cmake-linking.patch to fix linking
==== libgcrypt ====
Version update (1.9.2 -> 1.9.3)
- libgcrypt 1.9.3:
* Bug fixes:
- Fix build problems on i386 using gcc-4.7.
- Fix checksum calculation in OCB decryption for AES on s390.
- Fix a regression in gcry_mpi_ec_add related to certain usages
of curve 25519.
- Fix a symbol not found problem on Apple M1.
- Fix for Apple iOS getentropy peculiarity.
- Make keygrip computation work for compressed points.
* Performance:
- Add x86_64 VAES/AVX2 accelerated implementation of Camellia.
- Add x86_64 VAES/AVX2 accelerated implementation of AES.
- Add VPMSUMD acceleration for GCM mode on PPC.
* Internal changes.
- Harden MPI conditional code against EM leakage.
- Harden Elgamal by introducing exponent blinding.
==== libhugetlbfs ====
- Hardening: Link as PIE (bsc#1184123).
==== libjpeg-turbo ====
- version update to 2.1.0
lot of changes, see
* https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.90
* https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.1.0
==== libksba ====
Version update (1.5.0 -> 1.5.1)
- libksba 1.5.1:
* Support Brainpool curves specified by ECDomainParameters
==== libpeas ====
Version update (1.28.0 -> 1.30.0)
- Update to version 1.30.0:
+ Build system improvements.
+ Improvements when running on Windows.
+ Updated translations.
==== librepo ====
Version update (1.13.0 -> 1.14.0)
- Update to 1.14.0
+ Fix LRO_PRESERVETIME behavior
+ Support multiple checksums in xattr (rh#1931904)
+ Return "calculated" checksum if requested w/caching
+ Fix lr_yum_download_url in case lr_handle is NULL
==== libselinux ====
Subpackages: libselinux1 selinux-tools
- Remove Recommends for selinux-autorelabel. It's better to have this
in the policy package itself (bsc#1181837)
==== libsolv ====
Version update (0.7.17 -> 0.7.19)
- fix rare segfault in resolve_jobrules() that could happen
if new rules are learnt
- fix a couple of memory leaks in error cases
- fix error handling in solv_xfopen_fd()
- bump version to 0.7.19
- fixed regex code on win32
- fixed memory leak in choice rule generation
- repo_add_conda: add flag to skip v2 packages
- bump version to 0.7.18
==== libxcrypt ====
Version update (4.4.18 -> 4.4.19)
- Update to 4.4.19
* Improve fallback implementation of explicit_bzero.
* Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver.
These were added in GNU libc 2.29, 2.32, and 2.33 respectively
* Do not build xcrypt.h if we?re not going to install it.
* Do not apply --enable-obsolete-api-enosys mode to fcrypt.
* Compilation fix for NetBSD. NetBSD?s
participants (1)
-
Guillaume Gardet