Please note that this mail was generated by a script. The described changes are computed based on the aarch64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=kubic&groupid=3&version=Tumbleweed&build=20201018 https://bugzilla.opensuse.org/buglist.cgi?product=openSUSE%20Tumbleweed&component=Kubic&query_format=advanced&resolution=--- Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: apparmor bc dmidecode (3.2 -> 3.3) dracut (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843) filesystem installation-images-MicroOS (16.23 -> 16.24) kernel-default-base kubernetes (1.19.2 -> 1.19.3) kubernetes1.18 (1.18.9 -> 1.18.10) kubernetes1.19 (1.19.2 -> 1.19.3) ldb libcontainers-common lvm2 lvm2-device-mapper openldap2 (2.4.53 -> 2.4.54) openssh openssl-1_1 (1.1.1g -> 1.1.1h) permissions (1550_20200930 -> 1550_20201008) python38 python38-core qrencode (4.1.0 -> 4.1.1) salt shadow systemd talloc transactional-update (2.26 -> 2.27) vim (8.2.1775 -> 8.2.1840) yast2 (4.3.29 -> 4.3.37) yomi-formula (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff) - %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x ==== bc ==== - fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc - deleted patches - bc-1.06-dc_ibase.patch (upstreamed) ==== dmidecode ==== Version update (3.2 -> 3.3) - Update to upstream version 3.3: * [COMPATIBILITY] Document how the UUID fields are interpreted. * [PORTABILITY] Don't use memcpy on /dev/mem on arm64. * Add bios-revision, firmware-revision and system-sku-number to -s option. * Use the most appropriate unit for cache size. * Decode system slot base bus width and peers. * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch, dmidecode-add-logical-non-volatile-device.patch, dmidecode-allow-overriding-build-settings-from-env.patch, dmidecode-dont-choke-on-invalid-processor-voltage.patch, dmidecode-fix-formatting-of-tpm-table-output.patch, dmidecode-fix-redfish-hostname-print-length.patch, dmidecode-fix-system-slot-information-for-pcie-ssd.patch, dmidecode-fix-the-alignment-of-type-25-name.patch, dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch, and dmidecode-print-type-33-name-unconditionally.patch. ==== dracut ==== Version update (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843) Subpackages: dracut-ima - Update to version 050+suse.250.ge6b6e843: * Revert "Revert "install: also install post weak dependencies of kernel modules"" * 98dracut-systemd: don't wait for root device if remote cryptsetup active * cryptroot-ask: unify /etc/crypttab and rd.luks.key * 90kernel-modules: arm: add drivers/hwmon for arm/arm64 * rootfs-block: only write root argument for block device * 90crypt: pull in remote-cryptsetup.target enablement * 00systemd: add missing cryptsetup-related targets * 95nvmf: Implement 'fc,auto' commandline syntax * 95nvmf: add nvmf-autoconnect script * 95nvmf: Fixup FC connections * 95nvmf: add documentation * 95nvmf: rework parameter handling * dracut-install: fix edge-case regression with weak modules * dracut-install: ignore bogus preload libs * dracut.spec: Use make macros * dracut.spec: remove fedora pre 30 quirks * 50drm: Check drm_encoder_init along drm_crtc_init * 50drm: Include drm platform drivers in hostonly * 50drm: fix ambiguous redirects * Include devfreq drivers in initrd * dracut.spec: include the 04watchdog-modules module - Update to version 050+suse.228.gd0d6792d: * 99memstrack: use /bin/bash ==== filesystem ==== - Add /usr/etc/X11 (boo#1173049) - Add /usr/etc/xdg (boo#1173316) - Add /usr/etc/profile.d (boo#1173310) ==== installation-images-MicroOS ==== Version update (16.23 -> 16.24) - merge gh#openSUSE/installation-images#430 - Refresh spec file. - Support 32bit ARM (boo#1177264). - 16.24 ==== kernel-default-base ==== - Create the list of crypto modules dynamically, supersedes hardcoded list of crc32 implementations (boo#1177577) ==== kubernetes ==== Version update (1.19.2 -> 1.19.3) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump kubernetes to 1.18.10 - Bump kubernetes to 1.19.3 ==== kubernetes1.18 ==== Version update (1.18.9 -> 1.18.10) - Update to version 1.18.10: * Fix reporting network_programming_latency metrics in kube-proxy * Azure: fix node removal race condition on VMSS deletion * make download-or-bust compatible with both sha512/sha1 * replace sha1 with sha512 * use more granular buckets for azure api calls * avoid potential secret leaking while reading .dockercfg * Mask Ceph RBD adminSecrets in logs when logLevel >= 4 * fix: azure disk resize error if source does not exist * fix detach azure disk issue when vm not exist * Fix UpdateSnapshot when Node is partially removed * kubeadm: make the CP join handling of kubeconfig similar to "init" * kubeadm: warn but do not error out on missing CA keys on CP join * fix: detach azure disk broken on Azure Stack * Handle nil elements when sorting, instead of panicking * do not mutate endpoints in the apiserver * Remove HeadlessService label in endpoints controller before comparing * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.9 * count of etcd object should be limited to the specified resource * Track pods with required anti-affinity in scheduler NodeInfo and Snapshot. * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null * Update staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go * Allow 404 error on lb deletion in azure * chore: add diskclient.Update interface * chore: add diskclient.ListByResourceGroup interface * Fix doc for leader-elect-resource-lock flag ==== kubernetes1.19 ==== Version update (1.19.2 -> 1.19.3) Subpackages: kubernetes1.19-client kubernetes1.19-client-common kubernetes1.19-kubeadm kubernetes1.19-kubelet kubernetes1.19-kubelet-common - Update to version 1.19.3: * Azure: fix node removal race condition on VMSS deletion * Fix reporting network_programming_latency metrics in kube-proxy * make download-or-bust compatible with both sha512/sha1 * replace sha1 with sha512 * avoid potential secret leaking while reading .dockercfg * Mask Ceph RBD adminSecrets in logs when logLevel >= 4 * upgrade test for BoundServiceAccountTokenVolume * fix detach azure disk issue when vm not exist * vsphere: improve logging message on node cache refresh event * Fix UpdateSnapshot when Node is partially removed * kubeadm: make the CP join handling of kubeconfig similar to "init" * kubeadm: warn but do not error out on missing CA keys on CP join * Return the Kubernetes version which stopped serving deprecated APIs by default * fix: detach azure disk broken on Azure Stack * Ensuring EndpointSlices are recreated after Service recreation * Handle nil elements when sorting, instead of panicking * use more granular buckets for azure api calls * do not mutate endpoints in the apiserver * Remove HeadlessService label in endpoints controller before comparing * test: add unit-test for TranslateCSIPVToInTree. * fix azure file migration panic * kubeadm: relax the validation of kubeconfig server URLs * portforward: Fix UDP-only ports calculation * make kube::util::find-binary not dependent on bazel-out/ structure * output go_binary rule directly from go_binary_conditional_pure * hack/lib/util.sh: some bash cleanups * bazel: Replace --features with Starlark build settings flag * [go1.15] staging/publishing: Set default go version to go1.15.2 * [go1.15] build: Use go-runner:buster-v2.0.1 (built using go1.15.1) * [go1.15] Update to go1.15.2 * [go1.15] hack/tools: Update to k/repo-infra@v0.1.1 (supports go1.15.2) * [go1.15] build: Update to k/repo-infra@v0.1.1 (supports go1.15.2) * Update CHANGELOG/CHANGELOG-1.19.md for v1.19.2 * count of etcd object should be limited to the specified resource * Track pods with required anti-affinity * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null * Fix misusage of RLock in timeCache lru.Cache.Get() * support ipv6 in e2e policy tests * Allow 404 error on lb deletion in azure * fix: azure disk resize error if source does not exist * chore: add diskclient.Update interface * chore: add diskclient.ListByResourceGroup interface ==== ldb ==== - Remove old if suse_version != 1110 || arch != i386 construct: unlikely the current package ever builds for 1110 && 386. ==== libcontainers-common ==== - Simplify %setup statements. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1174336) - enable lvmlockd remote refresh using libdlmcontrol - update libdlm dependency relationship ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1174336) - enable lvmlockd remote refresh using libdlmcontrol - update libdlm dependency relationship ==== openldap2 ==== Version update (2.4.53 -> 2.4.54) - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) ==== openssh ==== - Work around %service_add_post disabling sshd on upgrade with package name change (bsc#1177039). - Fix fillup-template usage: + %post server needs to reference ssh (not sshd), which matches the sysconfig.ssh file name the package ships. + %post client does not need any fillup_ calls, as there is no client-relevant sysconfig file present. The naming of the sysconfig file (ssh instead of sshd) is unfortunate. - Use of DISABLE_RESTART_ON_UPDATE is deprecated. Replace it with %service_del_postun_without_restart - Move some Requires to the right subpackage. - Avoid ">&" bashism in %post. - Upgrade some old specfile constructs/macros and drop unnecessary %{?systemd_*}. - Trim descriptions and straighten out the grammar. - Split openssh package into openssh, openssh-common, openssh-server and openssh-clients. This allows for the ssh clients to be installed without the server component (bsc#1176434). ==== openssl-1_1 ==== Version update (1.1.1g -> 1.1.1h) - Escape rpm command %%expand when used in comment. - Update to 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - refresh openssl-fips_selftest_upstream_drbg.patch * DRBG internals got renamed back: reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter ==== permissions ==== Version update (1550_20200930 -> 1550_20201008) Subpackages: chkstat permissions-config - Update to version 20201008: * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164) * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ==== python38 ==== - Buildrequire timezone only for general flavor. It's used in this flavor for the test suite. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Buildrequire timezone only for general flavor. It's used in this flavor for the test suite. ==== qrencode ==== Version update (4.1.0 -> 4.1.1) - update to 4.1.1: * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Ensure virt.update stop_on_reboot is updated with its default value - Added: * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Added: * drop-wrong-mock-from-chroot-unit-test.patch - Support systemd versions with dot (bsc#1176294) - Fix for grains.test_core unit test - Fix file/directory user and group ownership containing UTF-8 characters (bsc#1176024) - Several changes to virtualization: - - Fix virt update when cpu and memory are changed - - Memory Tuning GSoC - - Properly fix memory setting regression in virt.update - - Expose libvirt on_reboot in virt states - Support transactional systems (MicroOS) - zypperpkg module ignores retcode 104 for search() (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk (bsc#1175987) - Added: * fix-grains.test_core-unit-test-277.patch * support-transactional-systems-microos-271.patch * backport-a-few-virt-prs-272.patch * xen-disk-fixes-264.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * bsc-1176024-fix-file-directory-user-and-group-owners.patch - Invalidate file list cache when cache file modified time is in the future (bsc#1176397) - Added: * invalidate-file-list-cache-when-cache-file-modified-.patch ==== shadow ==== - Add support for /usr/etc/skel to useradd.local script (boo#1173321) - shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Do not include %{release} in a few places where we explicitly mention package versions It's usually not a good idea especially when used with conflicts. - Rely on systemd-default-settings for overriding system default settings The new branding packages now ships the drop-ins to customize systemd either for an openSUSE or a SLE ditro. ==== talloc ==== - Fix build with RPM 4.16: bad %if condition: 01550 != 1110 || "x86_64" == x86_64 no bare word support, x86_64 needs to be quoted ==== transactional-update ==== Version update (2.26 -> 2.27) Subpackages: transactional-update-zypp-config - Version 2.27 - Add support for network systemd-resolvd network connections in t-u environment - Mount /var/lib/ca-certificates read-write to prevent SELinux error - Prevent calling transactional-update from within transactional-update ==== vim ==== Version update (8.2.1775 -> 8.2.1840) Subpackages: vim-data-common vim-small - Updated to version 8.2.1840, fixes the following problems - refreshed vim-7.3-filetype_changes.patch and vim-8.0.1568-defaults.patch * Filetype.vim may be loaded twice. * Vim9: some assignment tests in the wrong file. * Vim9: returning from a partial call clears outer context, causing a crash. * Some debian changelog files are not recognized. * Statusline not updated when splitting windows. * Writing to prompt buffer interferes with insert mode. * Vim9: cannot pass boolean to mapset(). * Try-catch test fails. * commits are not scanned for security problems * Compiler warning for strcp() out of bounds. (Christian Brabandt) * Various Normal mode commands not fully tested. * Crash with 'incsearch' and very long line. * Vim9: still allows :let for declarations. * Vim9: crash with invalid list constant. (Dhiraj Mishra) * Vim9: debugger test fails. * Configure does not recognize Racket 6.1+. * Not consistently giving the "is a directory" warning. * No falsy Coalescing operator. * Vim9: operators && and || have a confusing result. * Vim9: invalid memory access with weird function name. (Dhiraj Mishra) * Vim9: some parts of the code not tested. * Vim9: trinary operator condition is too permissive. * Some Normal mode commands not fully tested. * Vim9: memory leak if "if" condition is invalid. * Undo file not found when using ":args" or ":next". * Vim9: crash with unterminated dict. (Dhiraj Mishra) * A few failures are not tested. * resolve('/') returns an empty string. * Unix: terminal mode changed when using ":shell". * Can use :help in a terminal popup window. * No test coverage for ":spelldump!". * Mapping some keys with Ctrl does not work properly. * Some code in normal.c not covered by tests. * Mapping Ctrl-key does not work for '{', '}' and '|'. * Vim9: nested closure throws an internal error. * Vim9: can assign wrong type to script dict. (Christian J. Robinson) * Missing change to remove "static". * Vim9: memory leak when using function reference. * Vim9: another memory leak when using function reference. * Vim9: wrong instruction when reusing a local variable spot. * SE Linux: deprecation warning for security_context_t. * Vim9: Memory leak when using a closure. * Vim9: crash when error happens in timer callback. * Vim9: concatenating to a NULL list doesn't work. * List test doesn't fail. * "gN" does not select the matched string. * Vim9: variables at the script level escape their scope. * Vim9: accessing freed memory. * Vim9: cannot use a {} block at script level. * Filetype detection does not test enough file names. * Build failure without the +eval feature. * Warnings when executing Github actions. * File missing from distribution. * readdirex() error is displayed as a message. (Yegappan Lakshmanan) * When reading from stdin dup() is called twice. * PyEval_InitThreads() is deprecated in Python 3.9. * ":help ??" finds the "!!" tag. * Autocmd test fails on pacifist systems. * Using "gn" after "gN" does not work. * Vim9: cannot insert a comment line in an expression. * Vim9: memory leaks reported in assign test. * Vim9: error message is not clear about compilation error. ==== yast2 ==== Version update (4.3.29 -> 4.3.37) - Revert changes for hiding the heading of the dialog in text mode (the heading has no height if the title is empty). - bsc#1176808 - 4.3.37 - AutoYaST: SectionWithAttributes#new_from_hashes accepts an enumerable as first element (related to bsc#1177405). - 4.3.36 - AutoYaST: do not crash when sections like 'raid_options' are empty (bsc#1177405). - 4.3.35 - Revert the drop of SuSEFirewall2 as there are still some packages which need to be adapted (bsc#1177160) - 4.3.34 - Drop SuSEFirewall2 code completely (fate#323460) - 4.3.33 - Fix non-editable ComboBox handling (bsc#1136454). - 4.3.32 - Small improvements to CWM based widgets (related to bsc#1136454): - An editable ComboBox will refresh the list of items when a new one is given as its current value. - By default, a MenuButton widget listens to events from all its buttons. - 4.3.31 - Do not crash when trying to parse non-existing ("nil") add-on product control XML file (bsc#1176593) - 4.3.30 ==== yomi-formula ==== Version update (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130) - Update to version 0.0.1+git.1601999695.6141130: * README: add user provided config -- To unsubscribe, e-mail: opensuse-kubic+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kubic+owner@opensuse.org