Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20200728 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor branding-openSUSE cri-o (1.18.2 -> 1.18.3) grub2 haproxy (2.2.0+git0.3a00c915f -> 2.2.1+git0.0ef71a557) ima-evm-utils (1.2.1 -> 1.3) libedit patterns-base patterns-microos perl-Bootloader (0.929 -> 0.931) python-rpm-macros (20200701.9f5a2f6 -> 20200714.252de1f) python38-core (3.8.3 -> 3.8.4) raspberrypi-firmware-dt read-only-root-fs sudo (1.9.1 -> 1.9.2) sysconfig (0.85.4 -> 0.85.5) yast2 (4.3.15 -> 4.3.17) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add abstractions-X-xauth-mr582.diff to allow reading the xauth file from its new sddm location (boo#1174290, boo#1174293) ==== branding-openSUSE ==== Subpackages: grub2-branding-openSUSE - Stop building grub2-branding-openSUSE for Power architectures [boo#1171146] ==== cri-o ==== Version update (1.18.2 -> 1.18.3) Subpackages: cri-o-kubeadm-criconfig - Update to version 1.18.3: - Fix a bug where a sudden reboot causes incomplete image writes. This could cause image storage to be corrupted, resulting in an error layer not known. - Fixed bug where pod names would sometimes leak on creation, causing the kubelet to fail to recreate - If conmon is v2.0.19 or greater, ExecSync requests will not double fork, causing systemd to have fewer conmons re-parented to it ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - No 95_textmode for PowerPC (boo#1174166) ==== haproxy ==== Version update (2.2.0+git0.3a00c915f -> 2.2.1+git0.0ef71a557) - Update to version 2.2.1+git0.0ef71a557: * [RELEASE] Released version 2.2.1 * BUG/MEDIUM: http-ana: Only set CF_EXPECT_MORE flag on data filtering * BUG/MEDIUM: stream-int: Don't set MSG_MORE flag if no more data are expected * BUG/MINOR: htx: add two missing HTX_FL_EOI and remove an unexpected one * MEDIUM: htx: Add a flag on a HTX message when no more data are expected * BUG/MEDIUM: dns: Release answer items when a DNS resolution is freed * BUG/MAJOR: dns: Make the do-resolve action thread-safe * BUG/MAJOR: tasks: don't requeue global tasks into the local queue * BUG/MEDIUM: resolve: fix init resolving for ring and peers section. * BUG/MEDIUM: arg: empty args list must be dropped * DOC: ssl: req_ssl_sni needs implicit TLS * BUILD: config: fix again bugs gcc warnings on calloc * BUG/MAJOR: tasks: make sure to always lock the shared wait queue if needed * BUILD: config: address build warning on raspbian+rpi4 * BUG/MEDIUM: channel: Be aware of SHUTW_NOW flag when output data are peeked * BUG/MEDIUM: server: fix possibly uninitialized state file on close * BUG/MEDIUM: server: resolve state file handle leak on reload * BUG/MEDIUM: fcgi-app: fix memory leak in fcgi_flt_http_headers * BUG/MEDIUM: log: issue mixing sampled to not sampled log servers. * BUG/MINOR: mux-fcgi: Set flags on the right stream field for empty FCGI_STDOUT * BUG/MINOR: mux-fcgi: Set conn state to RECORD_P when skipping the record padding * BUG/MINOR: mux-fcgi: Handle empty STDERR record * BUG/MEDIUM: mux-h1: Continue to process request when switching in tunnel mode * BUG/MEDIUM: mux-fcgi: Don't add private connections in available connection list * BUG/MEDIUM: mux-h2: Don't add private connections in available connection list * CONTRIB: da: fix memory leak in dummy function da_atlas_open() * BUG/MEDIUM: lists: add missing store barrier in MT_LIST_ADD/MT_LIST_ADDQ * BUG/MEDIUM: lists: add missing store barrier on MT_LIST_BEHEAD() * BUG/MINOR: sample: Free str.area in smp_check_const_meth * BUG/MINOR: sample: Free str.area in smp_check_const_bool ==== ima-evm-utils ==== Version update (1.2.1 -> 1.3) - Use %autosetup -p1 - Remove suse_version check for tpm2-0-tss-devel as the package is available for back as far as SLE 12 SP2 and respective openSUSE versions (also check was wrong, should have been 1500). - Fixes from previous SR (reported by fvogt): * Move ibmtss runtime dependency to evmctl package * Remove dependencies to devel package (should not be needed) - Update to version 1.3 version 1.3 new features: * NEW ima-evm-utils regression test infrastructure with two initial tests: - ima_hash.test: calculate/verify different crypto hash algorithms - sign_verify.test: EVM and IMA sign/verify signature tests * TPM 2.0 support - Calculate the new per TPM 2.0 bank template data digest - Support original padding the SHA1 template data digest - Compare ALL the re-calculated TPM 2.0 bank PCRs against the TPM 2.0 bank PCR values - Calculate the per TPM bank "boot_aggregate" values, including PCRs 8 & 9 in calculation - Support reading the per TPM 2.0 Bank PCRs using Intel's TSS - boot_aggregate.test: compare the calculated "boot_aggregate" values with the "boot_aggregate" value included in the IMA measurement. * TPM 1.2 support - Additionally support reading the TPM 1.2 PCRs from a supplied file ("--pcrs" option) * Based on original IMA LTP and standalone version support - Calculate the TPM 1.2 "boot_aggregate" based on the exported TPM 1.2 BIOS event log. - In addition to verifying the IMA measurement list against the the TPM PCRs, verify the IMA template data digest against the template data. (Based on LTP "--verify" option.) - Ignore file measurement violations while verifying the IMA measurment list. (Based on LTP "--validate" option.) - Verify the file data signature included in the measurement list based on the file hash also included in the measurement list (--verify-sig) - Support original "ima" template (mixed templates not supported) * Support "sm3" crypto name Bug fixes and code cleanup: * Don't exit with -1 on failure, exit with 125 * On signature verification failure, include pathname. * Provide minimal hash_info.h file in case one doesn't exist, needed by the ima-evm-utils regression tests. * On systems with TPM 1.2, skip "boot_aggregate.test" using sample logs * Fix hash_algo type comparison mismatch * Simplify/clean up code * Address compiler complaints and failures * Fix memory allocations and leaks * Sanity check provided input files are regular files * Revert making "tsspcrread" a compile build time decision. * Limit additional messages based on log level (-v) - Add patch 0001-pcr_tss-Fix-compilation-for-old-compilers.patch - Upstream bumped soname to 2.0.0 - Add tpm2-0-tss-devel for Tumbleweed as build dependency, for the rest ibmtss as runtime dependency (needed for for reading PCR in ima_boot_aggregate cmd; better to use libtss2-esys and libtss2-rc than require tsspcrread binary in runtime, but tpm2-0-tss-devel is available only for Tumbleweed) + the same logic as runtime dependency for devel package - Mark COPYING as %license ==== libedit ==== - autoreconf already runs libtoolize no need to run twice ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-bootloader patterns-base-minimal_base - Move pam_pwquality to Recommends section, as it is not required and user should be able to de-install the full pwquality stack. - Stop trying to install grub2-branding on ppc64/ppc64le [boo#1171146] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Re-add kernel-firmware back to the DVDs [bsc#1174521] ==== perl-Bootloader ==== Version update (0.929 -> 0.931) - merge gh#openSUSE/perl-bootloader#129 - Check tpm.mod in the new grub2 directory (bsc#1174320) - 0.931 - merge gh#openSUSE/perl-bootloader#130 - Throw less warnings about fstab - 0.930 ==== python-rpm-macros ==== Version update (20200701.9f5a2f6 -> 20200714.252de1f) - Update to version 20200714.252de1f: * Add pyunittest and pyunittest_arch macros ==== python38-core ==== Version update (3.8.3 -> 3.8.4) - Minor spec file fixes - Fix minor issues found in the staging. - Update to 3.8.4: - Assignment expressions (PEP-572) - Positional-only parameters (PEP-570) - Parallel filesystem cache for compiled bytecode files (PYTHONPYCACHEPREFIX variable) - Debug build uses the same ABI as release build - f-strings support = for self-documenting expressions and debugging - Python Runtime Audit Hooks (PEP-578) - Python Initialization Configuration (PEP-587) - Vectorcall: a fast calling protocol for CPython (PEP-590) - Pickle protocol 5 with out-of-band data buffers (PEP-574) - Many other smaller bug fixes - Removed OBS_dev-shm.patch: contained in upstream - Removed bpo40784-Fix-sqlite3-deterministic-test.patch: contained in upstream - Changed bpo-31046_ensurepip_honours_prefix.patch: to be compatible with new version - Fix %py3_compile being incorrectly defined - Update pre_checkin.sh and regenerate - Convert few dependencies to their pkgconfig counterparts - Remove release requirement on libpython, it is not really needed to be equal as the abi changes with versions - Add provides python3-bla on all the subpkgs in case we are primary provider of the functionality - Remove unversioned files from devel subpkg too - Remove main python3 files from -base based whether we are primary interpreter or not - Fix idle to be co-installable - Add condition to be primary to provide/obsolete python3-* - Fix doc to build in versioned folder so the pythons can be installed next to each other - Revert the full versioning of calls on the macros. These are generic so they should really just call python3 X - For the doc package we can build with generic flavor, we don't need the our-interpreter based one - Add provides for pytohn3X-typing/etc to allow BR on those still to work when needed - Change macros.python3 to use full versioned 3.8 instead of just 3 for python interpreter ==== raspberrypi-firmware-dt ==== - Add vl805-firware-loader-overlay.dts which registers a reset controller that'll take care of triggering vl805's firmware load. ==== read-only-root-fs ==== - Use file requires, add sed ==== sudo ==== Version update (1.9.1 -> 1.9.2) - Update to 1.9.2: * The configure script now uses pkg-config to find the openssl cflags and libs where possible. * The contents of the log.json I/O log file is now documented in the sudoers manual. * The sudoers plugin now properly exports the sudoers_audit symbol on systems where the compiler lacks symbol visibility controls. This caused a regression in 1.9.1 where a successful sudo command was not logged due to the missing audit plugin. Bug #931. * Fixed a regression introduced in 1.9.1 that can result in crash when there is a syntax error in the sudoers file. Bug #934. - Rebase sudo-sudoers.patch ==== sysconfig ==== Version update (0.85.4 -> 0.85.5) Subpackages: sysconfig-netconfig - version 0.85.5 - spec: Fix Requires, use file requires (https://github.com/openSUSE/sysconfig/pull/25) - ntp: call chrony helper in background (bsc#1173391) ==== yast2 ==== Version update (4.3.15 -> 4.3.17) - Provide a way to determine which resources (zones, services...) have been modified from the default values (bsc#1171356) - 4.3.17 - update is_wsl function to match wsl1 and wsl2 osrelease spellings (boo#1174183) - Add Layout class to configure a Wizard layout. - Related to jsc#PM-1998. - 4.3.16 -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org