Mailinglist Archive: opensuse-updates (175 mails)

< Previous Next >
openSUSE-RU-2020:0421-1: moderate: Recommended update for sysdig
openSUSE Recommended Update: Recommended update for sysdig
______________________________________________________________________________

Announcement ID: openSUSE-RU-2020:0421-1
Rating: moderate
References:
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________

An update that has 0 recommended fixes can now be installed.

Description:

This update brings sysdig to version 0.26.5:
- Update to version 0.26.5:
* Fixed segfault that happens at startup (#1475, #1528)
* Fixed memory leaks from certain thread/socket operations (#1491)
* Fixed handling of SEND_SIG_NOINFO in the eBPF driver (#1493)
* Fixed a regression in reading certain partial container events from
scap files (#1513)
* Updated use of Kubernetes APIs to support v1.16 (#1521)
* Fixed rare driver deadlock that could occur during a context switch
(#1522)
* Added more detail to probe loader error message (#1541)
- Update to version 0.26.4:
* Prevent double-definition of ASSERT macro
* Added fillers for chmod syscalls (#1472)
* Added support for reporting cpu usage per docker cpuset (#1473)
* Fixed build error on older Linux kernels (#1477)
* Fixed driver build for RHEL 7.7/4.13+ w/CONFIG_VIRT_CPU_ACCOUNTING_GEN
(#1471)
* Fixed cmake to look for pkg-config before building grpc (#1470)
* Fixed printing of strings (#1466)
* readv input parsing improvements (#1463)
* Suport Kubernetes liveness/readiness probes [#1320]
* Fix edge cases in handling clone() and prlimit() system calls [#1401,
#1465]
* Stability and performance fixes
- Drop no longer needed patches:
* sysdig-include.patch
* sysdig-linking.patch
- Update to version 0.26.1:
* Changes to build the kmod with 5.1 kernels [#1413]
* Explicitly disable psl to address build failures on MAC OS [#1417]
* Fix handling of container metadata in "infra" events [#1418]
- Changes for version 0.26.0:
* Perform docker metadata fetches asynchronously: When new containers
are discovered, fetch metadata about the container asynchronously,
which should significantly reduce the likelihood of dropped system
call events. [#1326] [#1378] [#1374] [#1381] [#1373] [#1382] [#1388]
[#1389] [#1384] [#1392] [#1396] [#1411]
* Add field to display time in ISO 8601 UTC [#1317] [#1360]
* Performance improvements of ring buffer processing [#1372]
* Support major/minor device numbers for fd events [#1315] #1383]
* Add the ability to prepend encoded log severity in the log message
[#1327]
* Raise the iov limit in eBPF [#1390]
* Changes to pull user event logging out into a separate component.
[#1375]
* Log a debug message when looking up an IP address of an incomplete
container [#1398]
* Support cri-o container metadata caching [#1399]
* Logging API with lazy parameter evaluation [#1394]
* Support BPM container type [#1319]
* Fix bug in fullcapture range check [#1386]
* Allow chisels to receive the full content of big buffers. [#1361]
* start the analyzer before forcing next for a scap file [#1366]
* Create a grpc_channel_registry for all channels [#1369]
* Modified the behavior of fullcapture port range [#1370]
* Check file before dereferencing [#1397]
* Fix build for older kernels (<3.9) [#1400]
* Added -fno-stack-protector to avoid clang errors [#1401]
* Addl loop prevention for traverse_parent_state [#1411]
* Add interfaces for async metrics collection [#1346]
* Use epel 7-11 (7-9 is no longer available) [#1362]
* Make some global variables related to fetching container state
thread-local [#1356]
* Allow downloading prebuilt modules without SSL verification [#1358]
* add test helper to container manager. [#1365]
* Cleanup old docker images after building a new ebpf-probe-builder
[#1367]
* valgrind clean for analyzer end to end test [#1387]
* flush flags change to new namespace, add code enabling easy use of
sinsp_threadinfo in std::set/map [#1395]
* add friend class for unit testing [#1406]
- Changes for version 0.25.0:
* Support Linux 5.0
* CRI container runtime support
* runtimeSpec.linux returned by containerd is an object, not an array
(#1343)
* Fix gRPC build with gcc 7 (#1322)
* CRI-O container support (#1310)
* Fix check for Docker pause containers [SMAGENT-1305] (#1306)
* Detect CRI pod sandbox containers (#1297)
* Container Runtime Interface support (#1277)
* Prebuilt probes
* Prebuild minikube kernel modules (#1294)
* Build probe modification to include Fedora-Atomic. [SMAGENT-1251]
(#1293)
* Fix for newer versions of LXC not being detected (#1345)
* [SMAGENT-1433] pull legacy GCC artifacts from local cache as debian no
longer supports (#1342)
* Use TBB_INCLUDE_DIR for consistency w/ falco agent (#1329)
* SMAGENT-1297: Rebuild gcc-plugins before building kernel module (#1305)
* Modified BPF probe builder (#1301)
* Call set*ent() before reading the user/group NSS database (#1341)
* Properly initialize default settings for tracers (#1339)
* Fix bpf ptrace filler (#1338)
* Fix potential memory leak in libelf (#1337)
* Fix case where fclose could be called twice. (#1330)
* Handle mmap failure gracefully (#1324)
* Add stream event details in csysdig output (#1335)
* SMAGENT-1400: Make sinsp_logger thread-safe (#1333)
* Never drop socket syscalls to ensure we have fdinfo for subsequent
binds. SMAGENT-1270 (#1312)
* Infer fd info for sendto system call [SMAGENT-1282] (#1304)
* Async framework base [SMAGENT-1247] (#1303)
* Handle events for unknown threads after scap start [SMAGENT-1082]
(#1296)
* Add ability to print filtercheck field names only (#1288)
- Add patches to fix build issues with shared components:
* sysdig-include.patch
* sysdig-linking.patch

- Update to version 0.24.2:
* Added the ability to specify a set of ports where data is captured
with bigger snaplen (20000) (#1256)
* Made fd resolution work for getsockopt (#1280)
* Check getsockopt event before accessing it (#1284)
* Fixed snprintf placeholder for size_t/{u,}int64_t (#1279)
* Disabled reading environment from /proc by default (#1272)
* Excluding suppressed processes during initial /proc scan (#1269)
* Fixed Windows build in CYGWIN environment (#1270)
* Changes to eliminate warnings with gcc 5.4 (#1271)
* Trigger build errors for extra compiler warnings (#1265)
* Handling thread table overflows (#1263)
* Deleted threadinfos that we failed to add to the thread table (#1260)
* Reduce CPU usage (#1261)
* Lua parser interfaces (#1254)
* Fixed a compile issue when trying to make the project using VS2017 on
Windows 10 (#1248)
* Added ifdef guards to socket options with (#1257),(#1258)
* Improved getsockopt()/setsockopt() support (#1188)
* Fix fd.net comparisons with in operator (#1252)
* Only check out sysdig for initial invocation (#1251)
* Build probe modules only with sysdig directory (#1244)
* Fixed spelling and copy/pased comment errors (#1250)
- Changes for version 0.24.1:
* Fix struct packing
- Changes for version 0.24.0:
* Switch to Apache 2.0 License: All userspace code moves from GPL to
Apache 2 license. Kernel module switches to dual-license MIT + GPLv2.
Enjoy! [#1233] [#1242]
* Complete IPv6 Support. Sysdig previously had partial IPv6 support, but
this release rounds out full support for ipv6 addresses in filter
fields, csysdig, etc. [#1204]
* loginuid support. Add user.loginuid & user.loginname to track login
users, which do not change despite sudo/su operations. [#1189] [#1214]
[#1218] [#1219] [#1227]
* Track connections by domain name: New fields fd.*ip.name allow
matching connection ips with resolved domain names. [#1213]
* Add endswith filter to support suffix matching on strings [#1209]
* Add minikube support to the kernel module probe loader script [#1205]
* Improve error string return handling at startup/when reading capture
files [#1215]
* Disable boot2docker kernel module builds for pre-built kernel modules
[#1232]
* eBPF Support Improvements/Fixes [#1235] [#1236] [#1237] [#1239]
* Improve/fix windows build [#1242]
* Don't drop setns events when in dropping mode [#1198]
* At startup, wait a bit for an existing sysdig-probe module to be
unloaded before loading a new one [#1201]
* Support extracting container metadata for containers spawned with just
an image id and not an image name [#1207]
* Properly extract image metadata when the image contains a host:port
component [#1206]
* Minor compilation bug fixes [#1212]
* Small packaging fixes [#1228] [#1229] [#1231]
* Fix an inconsistency when writing capture files containing unknown fds
[#1234]

- Update to version 0.23.1:
* Fix ia32 check on BPF for 4.14 and 4.15 kernels
* Adjust wrong events lengths when reading older captures [#1195]
* More flexible captures: the flexibility of the capture format/reading
process has been improved to allow backward and forward-compatibility
[#1163]
* Support logging elapsed time on tracers [#1186]
* Fixes on custom containers support [#1170]
* Avoid invalid free() calls around m_suppressed_pointers [#1184]
* Properly set the address list total length when reading a capture
[#1185]

- Update to version 0.22:
* eBPF support for sysdig: eBPF as the instrumentation backend in kernel
space (beta)
* Parsing an argument passed to sysdig-probe-loader as a custom URL for
the kernel module like -e SYSDIG_PROBE_URL=http://54.183.253.176:52354
[#1085]
* Several changes to expand the set of events that are skipped by falco,
and to centralize the logic for knowing which events to skip [#1105]
* Improved proc lookup in libsinsp [#1107] [#1110] [#1112]
* Improved performance [#1126] [#1120] [#1121] [#1137]
* In dropping mode, drop events that don't change system state [#1123]
* Introduce non-STL thread table API [#1142]
* Add the ability to ignore events by process name (comm). At the scap
level, ignoring is by tid. At the sinsp level, as threads are
added/removed from the thread table the comm is checked against a set
of comms and if found the tid is added to the scap-level ignore hash
table [#1139]
* The container_manager can now receive callbacks to call when a new
container is detected or an inactive one is removed [#1133]
* Add support for adding custom container types alongside Docker etc (on
sinsp level) [#1149]
* Parse and store three new container_info fields: repository, tag and
digest [#1127]
* Skip proc scan in sinsp_dumper w/ threads_from_sinsp=true [#1164]
* Allow k8s filterchecks with analyzer [#1160]
* When creating the sysdig docker image, add the ability to directly set
the sysdig version via the environment variable SYSDIG_VERSION [#1166]
- Drop upstreamed patch:
* sysdig_proto_ops_getname.patch

- Patch sysdig_proto_ops_getname.patch to fix build
- Seth Forshee : Update for proto_ops.getname() prototype changes in
Linux 4.17 (#1114)

- Update to version 0.21.0:
* Track Versioning in Capture Files: With this release, we will
increment the pcap major/minor version in capture files when a release
adds new event types, additional event fields, etc. that are
incompatible with earlier sysdig versions. [#1081] [#1084]
* Add s390x as a platform using Docker [#1029]
* When saving container information, also store certain mesos-related
environment information associated with the first process in the
container [#1021] [#1057]
* New filtercheck fd.connected returns whether or not a network
connection file descriptor is actually bound to a remote endpoint.
Think of udp sockets that only use sendto() vs udp sockets that use
connect() and then send(), or tcp sockets that have been created but
not connect()ed yet. [#1051]
* New filtercheck fd.name_changed is true when an event changes the
connection information for a connection fd. This can occur in some
cases such as udp connections where a connect() changes the connection
information for a fd.
* Make the thread table size configurable via
sinsp::set_max_thread_table_size() [#1056]
* Add support for new AWS Linux 2 AMI [#1058]
* Add process group id to execve events [#1044] [#1080]
* Expand the set of system calls returned by the driver when in dropping
mode [#1075]
* Handle AT_FDCWD arguments to linkat, openat, etc. and resolve the path
relative to the cwd [#1020]


Patch Instructions:

To install this openSUSE Recommended Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-421=1



Package List:

- openSUSE Leap 15.1 (x86_64):

sysdig-0.26.5-lp151.4.3.1
sysdig-debuginfo-0.26.5-lp151.4.3.1
sysdig-debugsource-0.26.5-lp151.4.3.1
sysdig-kmp-default-0.26.5_k4.12.14_lp151.28.44-lp151.4.3.1
sysdig-kmp-default-debuginfo-0.26.5_k4.12.14_lp151.28.44-lp151.4.3.1


References:



< Previous Next >
This Thread
  • No further messages