Packages changed: apparmor bc dmidecode (3.2 -> 3.3) dracut (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843) filesystem installation-images-MicroOS (16.23 -> 16.24) kernel-default-base kubernetes (1.19.2 -> 1.19.3) kubernetes1.18 (1.18.9 -> 1.18.10) kubernetes1.19 (1.19.2 -> 1.19.3) ldb libcontainers-common lvm2 lvm2-device-mapper openldap2 (2.4.53 -> 2.4.54) openssh openssl-1_1 (1.1.1g -> 1.1.1h) permissions (1550_20200930 -> 1550_20201008) python38 python38-core qrencode (4.1.0 -> 4.1.1) salt shadow systemd talloc transactional-update (2.26 -> 2.27) vim (8.2.1775 -> 8.2.1840) yast2 (4.3.29 -> 4.3.37) yomi-formula (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130) === Details === ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor - add CAP_CHECKPOINT_RESTORE to severity.db (MR 656, cap_checkpoint_restore.diff) - %service_del_postun_without_restart only works for Tumbleweed, keep using DISABLE_RESTART_ON_UPDATE for Leap 15.x ==== bc ==== - fix [bsc#1177579] -- wrong clamping of hexadecimal digits in dc - deleted patches - bc-1.06-dc_ibase.patch (upstreamed) ==== dmidecode ==== Version update (3.2 -> 3.3) - Update to upstream version 3.3: * [COMPATIBILITY] Document how the UUID fields are interpreted. * [PORTABILITY] Don't use memcpy on /dev/mem on arm64. * Add bios-revision, firmware-revision and system-sku-number to -s option. * Use the most appropriate unit for cache size. * Decode system slot base bus width and peers. * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch, dmidecode-add-logical-non-volatile-device.patch, dmidecode-allow-overriding-build-settings-from-env.patch, dmidecode-dont-choke-on-invalid-processor-voltage.patch, dmidecode-fix-formatting-of-tpm-table-output.patch, dmidecode-fix-redfish-hostname-print-length.patch, dmidecode-fix-system-slot-information-for-pcie-ssd.patch, dmidecode-fix-the-alignment-of-type-25-name.patch, dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch, and dmidecode-print-type-33-name-unconditionally.patch. ==== dracut ==== Version update (050+suse.227.g7a9b782d -> 050+suse.250.ge6b6e843) Subpackages: dracut-ima - Update to version 050+suse.250.ge6b6e843: * Revert "Revert "install: also install post weak dependencies of kernel modules"" * 98dracut-systemd: don't wait for root device if remote cryptsetup active * cryptroot-ask: unify /etc/crypttab and rd.luks.key * 90kernel-modules: arm: add drivers/hwmon for arm/arm64 * rootfs-block: only write root argument for block device * 90crypt: pull in remote-cryptsetup.target enablement * 00systemd: add missing cryptsetup-related targets * 95nvmf: Implement 'fc,auto' commandline syntax * 95nvmf: add nvmf-autoconnect script * 95nvmf: Fixup FC connections * 95nvmf: add documentation * 95nvmf: rework parameter handling * dracut-install: fix edge-case regression with weak modules * dracut-install: ignore bogus preload libs * dracut.spec: Use make macros * dracut.spec: remove fedora pre 30 quirks * 50drm: Check drm_encoder_init along drm_crtc_init * 50drm: Include drm platform drivers in hostonly * 50drm: fix ambiguous redirects * Include devfreq drivers in initrd * dracut.spec: include the 04watchdog-modules module - Update to version 050+suse.228.gd0d6792d: * 99memstrack: use /bin/bash ==== filesystem ==== - Add /usr/etc/X11 (boo#1173049) - Add /usr/etc/xdg (boo#1173316) - Add /usr/etc/profile.d (boo#1173310) ==== installation-images-MicroOS ==== Version update (16.23 -> 16.24) - merge gh#openSUSE/installation-images#430 - Refresh spec file. - Support 32bit ARM (boo#1177264). - 16.24 ==== kernel-default-base ==== - Create the list of crypto modules dynamically, supersedes hardcoded list of crc32 implementations (boo#1177577) ==== kubernetes ==== Version update (1.19.2 -> 1.19.3) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Bump kubernetes to 1.18.10 - Bump kubernetes to 1.19.3 ==== kubernetes1.18 ==== Version update (1.18.9 -> 1.18.10) - Update to version 1.18.10: * Fix reporting network_programming_latency metrics in kube-proxy * Azure: fix node removal race condition on VMSS deletion * make download-or-bust compatible with both sha512/sha1 * replace sha1 with sha512 * use more granular buckets for azure api calls * avoid potential secret leaking while reading .dockercfg * Mask Ceph RBD adminSecrets in logs when logLevel >= 4 * fix: azure disk resize error if source does not exist * fix detach azure disk issue when vm not exist * Fix UpdateSnapshot when Node is partially removed * kubeadm: make the CP join handling of kubeconfig similar to "init" * kubeadm: warn but do not error out on missing CA keys on CP join * fix: detach azure disk broken on Azure Stack * Handle nil elements when sorting, instead of panicking * do not mutate endpoints in the apiserver * Remove HeadlessService label in endpoints controller before comparing * Update CHANGELOG/CHANGELOG-1.18.md for v1.18.9 * count of etcd object should be limited to the specified resource * Track pods with required anti-affinity in scheduler NodeInfo and Snapshot. * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null * Update staging/src/k8s.io/legacy-cloud-providers/azure/azure_loadbalancer_test.go * Allow 404 error on lb deletion in azure * chore: add diskclient.Update interface * chore: add diskclient.ListByResourceGroup interface * Fix doc for leader-elect-resource-lock flag ==== kubernetes1.19 ==== Version update (1.19.2 -> 1.19.3) Subpackages: kubernetes1.19-client kubernetes1.19-client-common kubernetes1.19-kubeadm kubernetes1.19-kubelet kubernetes1.19-kubelet-common - Update to version 1.19.3: * Azure: fix node removal race condition on VMSS deletion * Fix reporting network_programming_latency metrics in kube-proxy * make download-or-bust compatible with both sha512/sha1 * replace sha1 with sha512 * avoid potential secret leaking while reading .dockercfg * Mask Ceph RBD adminSecrets in logs when logLevel >= 4 * upgrade test for BoundServiceAccountTokenVolume * fix detach azure disk issue when vm not exist * vsphere: improve logging message on node cache refresh event * Fix UpdateSnapshot when Node is partially removed * kubeadm: make the CP join handling of kubeconfig similar to "init" * kubeadm: warn but do not error out on missing CA keys on CP join * Return the Kubernetes version which stopped serving deprecated APIs by default * fix: detach azure disk broken on Azure Stack * Ensuring EndpointSlices are recreated after Service recreation * Handle nil elements when sorting, instead of panicking * use more granular buckets for azure api calls * do not mutate endpoints in the apiserver * Remove HeadlessService label in endpoints controller before comparing * test: add unit-test for TranslateCSIPVToInTree. * fix azure file migration panic * kubeadm: relax the validation of kubeconfig server URLs * portforward: Fix UDP-only ports calculation * make kube::util::find-binary not dependent on bazel-out/ structure * output go_binary rule directly from go_binary_conditional_pure * hack/lib/util.sh: some bash cleanups * bazel: Replace --features with Starlark build settings flag * [go1.15] staging/publishing: Set default go version to go1.15.2 * [go1.15] build: Use go-runner:buster-v2.0.1 (built using go1.15.1) * [go1.15] Update to go1.15.2 * [go1.15] hack/tools: Update to k/repo-infra@v0.1.1 (supports go1.15.2) * [go1.15] build: Update to k/repo-infra@v0.1.1 (supports go1.15.2) * Update CHANGELOG/CHANGELOG-1.19.md for v1.19.2 * count of etcd object should be limited to the specified resource * Track pods with required anti-affinity * Ensure getPrimaryInterfaceID not panic when network interfaces for Azure VMSS are null * Fix misusage of RLock in timeCache lru.Cache.Get() * support ipv6 in e2e policy tests * Allow 404 error on lb deletion in azure * fix: azure disk resize error if source does not exist * chore: add diskclient.Update interface * chore: add diskclient.ListByResourceGroup interface ==== ldb ==== - Remove old if suse_version != 1110 || arch != i386 construct: unlikely the current package ever builds for 1110 && 386. ==== libcontainers-common ==== - Simplify %setup statements. ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Update lvm2.spec file (bsc#1174336) - enable lvmlockd remote refresh using libdlmcontrol - update libdlm dependency relationship ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Update lvm2.spec file (bsc#1174336) - enable lvmlockd remote refresh using libdlmcontrol - update libdlm dependency relationship ==== openldap2 ==== Version update (2.4.53 -> 2.4.54) - updated to 2.4.54 OpenLDAP 2.4.54 Release (2020/10/12) Fixed slapd delta-syncrepl to ignore delete ops on deleted entry (ITS#9342) Fixed slapd delta-syncrepl to be fully serialized (ITS#9330) Fixed slapd delta-syncrepl MOD on zero-length context entry (ITS#9352) Fixed slapd sessionlog to use a TAVL tree (ITS#8486) Fixed slapd syncrepl to be fully serialized (ITS#8102) Fixed slapd syncrepl to call check_syncprov on fresh consumer (ITS#9345) Fixed slapd syncrepl to propagate errors from overlay_entry_get_ov (ITS#9355) Fixed slapd syncrepl to not create empty ADD ops (ITS#9359) Fixed slapd syncrepl replace usage on single valued attrs (ITS#9295) Fixed slapd-monitor fix monitor_back_register_database for empty suffix DB (ITS#9353) Fixed slapo-accesslog normalizer for reqStart (ITS#9358) Fixed slapo-accesslog to not generate new contextCSN on purge (ITS#9361) Fixed slapo-syncprov contextCSN generation with empty suffix (ITS#9015) ==== openssh ==== - Work around %service_add_post disabling sshd on upgrade with package name change (bsc#1177039). - Fix fillup-template usage: + %post server needs to reference ssh (not sshd), which matches the sysconfig.ssh file name the package ships. + %post client does not need any fillup_ calls, as there is no client-relevant sysconfig file present. The naming of the sysconfig file (ssh instead of sshd) is unfortunate. - Use of DISABLE_RESTART_ON_UPDATE is deprecated. Replace it with %service_del_postun_without_restart - Move some Requires to the right subpackage. - Avoid ">&" bashism in %post. - Upgrade some old specfile constructs/macros and drop unnecessary %{?systemd_*}. - Trim descriptions and straighten out the grammar. - Split openssh package into openssh, openssh-common, openssh-server and openssh-clients. This allows for the ssh clients to be installed without the server component (bsc#1176434). ==== openssl-1_1 ==== Version update (1.1.1g -> 1.1.1h) - Escape rpm command %%expand when used in comment. - Update to 1.1.1h * Disallow explicit curve parameters in verifications chains when X509_V_FLAG_X509_STRICT is used * Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS contexts - refresh openssl-fips_selftest_upstream_drbg.patch * DRBG internals got renamed back: reseed_gen_counter -> generate_counter reseed_prop_counter -> reseed_counter ==== permissions ==== Version update (1550_20200930 -> 1550_20201008) Subpackages: chkstat permissions-config - Update to version 20201008: * cleanup now useless /usr/lib entries after move to /usr/libexec (bsc#1171164) * drop (f)ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ==== python38 ==== - Buildrequire timezone only for general flavor. It's used in this flavor for the test suite. ==== python38-core ==== Subpackages: libpython3_8-1_0 python38-base - Buildrequire timezone only for general flavor. It's used in this flavor for the test suite. ==== qrencode ==== Version update (4.1.0 -> 4.1.1) - update to 4.1.1: * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Ensure virt.update stop_on_reboot is updated with its default value - Added: * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch - Do not break package building for systemd OSes - Drop wrong mock from chroot unit test - Added: * drop-wrong-mock-from-chroot-unit-test.patch - Support systemd versions with dot (bsc#1176294) - Fix for grains.test_core unit test - Fix file/directory user and group ownership containing UTF-8 characters (bsc#1176024) - Several changes to virtualization: - - Fix virt update when cpu and memory are changed - - Memory Tuning GSoC - - Properly fix memory setting regression in virt.update - - Expose libvirt on_reboot in virt states - Support transactional systems (MicroOS) - zypperpkg module ignores retcode 104 for search() (bsc#1159670) - Xen disk fixes. No longer generates volumes for Xen disks, but the corresponding file or block disk (bsc#1175987) - Added: * fix-grains.test_core-unit-test-277.patch * support-transactional-systems-microos-271.patch * backport-a-few-virt-prs-272.patch * xen-disk-fixes-264.patch * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch * bsc-1176024-fix-file-directory-user-and-group-owners.patch - Invalidate file list cache when cache file modified time is in the future (bsc#1176397) - Added: * invalidate-file-list-cache-when-cache-file-modified-.patch ==== shadow ==== - Add support for /usr/etc/skel to useradd.local script (boo#1173321) - shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Do not include %{release} in a few places where we explicitly mention package versions It's usually not a good idea especially when used with conflicts. - Rely on systemd-default-settings for overriding system default settings The new branding packages now ships the drop-ins to customize systemd either for an openSUSE or a SLE ditro. ==== talloc ==== - Fix build with RPM 4.16: bad %if condition: 01550 != 1110 || "x86_64" == x86_64 no bare word support, x86_64 needs to be quoted ==== transactional-update ==== Version update (2.26 -> 2.27) Subpackages: transactional-update-zypp-config - Version 2.27 - Add support for network systemd-resolvd network connections in t-u environment - Mount /var/lib/ca-certificates read-write to prevent SELinux error - Prevent calling transactional-update from within transactional-update ==== vim ==== Version update (8.2.1775 -> 8.2.1840) Subpackages: vim-data-common vim-small - Updated to version 8.2.1840, fixes the following problems - refreshed vim-7.3-filetype_changes.patch and vim-8.0.1568-defaults.patch * Filetype.vim may be loaded twice. * Vim9: some assignment tests in the wrong file. * Vim9: returning from a partial call clears outer context, causing a crash. * Some debian changelog files are not recognized. * Statusline not updated when splitting windows. * Writing to prompt buffer interferes with insert mode. * Vim9: cannot pass boolean to mapset(). * Try-catch test fails. * commits are not scanned for security problems * Compiler warning for strcp() out of bounds. (Christian Brabandt) * Various Normal mode commands not fully tested. * Crash with 'incsearch' and very long line. * Vim9: still allows :let for declarations. * Vim9: crash with invalid list constant. (Dhiraj Mishra) * Vim9: debugger test fails. * Configure does not recognize Racket 6.1+. * Not consistently giving the "is a directory" warning. * No falsy Coalescing operator. * Vim9: operators && and || have a confusing result. * Vim9: invalid memory access with weird function name. (Dhiraj Mishra) * Vim9: some parts of the code not tested. * Vim9: trinary operator condition is too permissive. * Some Normal mode commands not fully tested. * Vim9: memory leak if "if" condition is invalid. * Undo file not found when using ":args" or ":next". * Vim9: crash with unterminated dict. (Dhiraj Mishra) * A few failures are not tested. * resolve('/') returns an empty string. * Unix: terminal mode changed when using ":shell". * Can use :help in a terminal popup window. * No test coverage for ":spelldump!". * Mapping some keys with Ctrl does not work properly. * Some code in normal.c not covered by tests. * Mapping Ctrl-key does not work for '{', '}' and '|'. * Vim9: nested closure throws an internal error. * Vim9: can assign wrong type to script dict. (Christian J. Robinson) * Missing change to remove "static". * Vim9: memory leak when using function reference. * Vim9: another memory leak when using function reference. * Vim9: wrong instruction when reusing a local variable spot. * SE Linux: deprecation warning for security_context_t. * Vim9: Memory leak when using a closure. * Vim9: crash when error happens in timer callback. * Vim9: concatenating to a NULL list doesn't work. * List test doesn't fail. * "gN" does not select the matched string. * Vim9: variables at the script level escape their scope. * Vim9: accessing freed memory. * Vim9: cannot use a {} block at script level. * Filetype detection does not test enough file names. * Build failure without the +eval feature. * Warnings when executing Github actions. * File missing from distribution. * readdirex() error is displayed as a message. (Yegappan Lakshmanan) * When reading from stdin dup() is called twice. * PyEval_InitThreads() is deprecated in Python 3.9. * ":help ??" finds the "!!" tag. * Autocmd test fails on pacifist systems. * Using "gn" after "gN" does not work. * Vim9: cannot insert a comment line in an expression. * Vim9: memory leaks reported in assign test. * Vim9: error message is not clear about compilation error. ==== yast2 ==== Version update (4.3.29 -> 4.3.37) - Revert changes for hiding the heading of the dialog in text mode (the heading has no height if the title is empty). - bsc#1176808 - 4.3.37 - AutoYaST: SectionWithAttributes#new_from_hashes accepts an enumerable as first element (related to bsc#1177405). - 4.3.36 - AutoYaST: do not crash when sections like 'raid_options' are empty (bsc#1177405). - 4.3.35 - Revert the drop of SuSEFirewall2 as there are still some packages which need to be adapted (bsc#1177160) - 4.3.34 - Drop SuSEFirewall2 code completely (fate#323460) - 4.3.33 - Fix non-editable ComboBox handling (bsc#1136454). - 4.3.32 - Small improvements to CWM based widgets (related to bsc#1136454): - An editable ComboBox will refresh the list of items when a new one is given as its current value. - By default, a MenuButton widget listens to events from all its buttons. - 4.3.31 - Do not crash when trying to parse non-existing ("nil") add-on product control XML file (bsc#1176593) - 4.3.30 ==== yomi-formula ==== Version update (0.0.1+git.1598948600.9a9eab0 -> 0.0.1+git.1601999695.6141130) - Update to version 0.0.1+git.1601999695.6141130: * README: add user provided config