Packages changed: PackageKit apparmor ceph (16.1.0.1217+g8e1da7347e -> 16.2.0.91+g24bd0c4acf) cloud-init cni-plugins (0.9.0 -> 0.9.1) conmon (2.0.26 -> 2.0.27) container-selinux (2.158.0 -> 2.160.1) containers-systemd (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691) cri-o (1.19.1 -> 1.21.0) cri-tools (1.20.0 -> 1.21.0) curl (7.75.0 -> 7.76.1) dbus-1 dnf (4.6.1 -> 4.7.0) dracut (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d) etcd expat (2.2.10 -> 2.3.0) file (5.39 -> 5.40) filesystem findutils fuse3 (3.10.2 -> 3.10.3) gdk-pixbuf (2.42.2 -> 2.42.6) glib-networking (2.66.0 -> 2.68.0) glib2 (2.66.7 -> 2.68.1) glibc gmp gobject-introspection (1.66.1 -> 1.68.0) grub2 gsettings-desktop-schemas (3.38.0 -> 40.0) hwinfo (21.72 -> 21.73) installation-images-MicroOS (16.56 -> 17.0) irqbalance (1.7.0+git20210222.9db8d5c -> 1.8.0) k9s (0.24.2 -> 0.24.7) kdump kernel-firmware (20210315 -> 20210419) kexec-tools (2.0.20 -> 2.0.21) krb5 kubectl-who-can (0.0+git20190606.c185aaa -> 0.3.0) kubernetes (1.20.2 -> 1.21.0) kubernetes1.20 (1.20.2 -> 1.20.6) kubic-control ldb (2.2.1 -> 2.3.0) less (563 -> 581) libapparmor libassuan (2.5.4 -> 2.5.5) libcap libcontainers-common libdnf (0.60.0 -> 0.62.0) libeconf (0.3.8+git20200710.5126fff -> 0.4.0+git20210413.fdb8025) libfido2 (1.6.0 -> 1.7.0) libgcrypt (1.9.2 -> 1.9.3) libhugetlbfs libjpeg-turbo libksba (1.5.0 -> 1.5.1) libpeas (1.28.0 -> 1.30.0) librepo (1.13.0 -> 1.14.0) libselinux libsolv (0.7.17 -> 0.7.19) libxcrypt (4.4.18 -> 4.4.19) libzypp (17.25.8 -> 17.25.9) lua54 (5.4.2 -> 5.4.3) lvm2 lvm2-device-mapper makedumpfile (1.6.7 -> 1.6.8) microdnf (3.7.1 -> 3.8.0) mozilla-nss (3.62 -> 3.63.1) multipath-tools (0.8.5+29+suse.5dabcd2 -> 0.8.5+30+suse.633836e) ncurses (6.2.20210313 -> 6.2.20210424) openSUSE-build-key openssl (1.1.1j -> 1.1.1k) openssl-1_1 (1.1.1j -> 1.1.1k) pam patterns-microos pcre2 perl-Bootloader (0.933 -> 0.934) pkgconf podman (3.0.1 -> 3.1.2) python-M2Crypto python-MarkupSafe python-cryptography python-gobject (3.38.0 -> 3.40.1) python-importlib-metadata (3.7.0 -> 3.7.2) python-jsonpatch (1.28 -> 1.31) python-rpm (4.16.0 -> 4.16.1.3) raspberrypi-firmware-config raspberrypi-firmware-dt rbac-lookup (0.6.3 -> 0.6.4) rook (1.5.7+git4.gae949004e -> 1.5.10+git4.g309ad2f64) rpcbind rpm (4.16.0 -> 4.16.1.3) rpm-config-SUSE (0.g64 -> 0.g76) runc salt selinux-policy (20210309 -> 20210419) sg3_utils (1.45~815+5.6aa67ed -> 1.46) shadow shim (15+git47 -> 15.4) snapper (0.8.16 -> 0.9.0) sqlite3 (3.35.2 -> 3.35.5) sssd sudo (1.9.5p2 -> 1.9.6p1) suse-module-tools (15.3.5 -> 15.4.1) systemd (246.11 -> 246.13) systemd-presets-common-SUSE talloc (2.3.1 -> 2.3.2) tiff (4.2.0 -> 4.3.0) toolbox (2.1+git20210311.15cb3ad -> 2.1+git20210329.d14ac82) u-boot-rpiarm64 (2021.01 -> 2021.04) vim (8.2.2607 -> 8.2.2800) wpa_supplicant yast2 (4.3.60 -> 4.4.2) zchunk (1.1.5 -> 1.1.9) === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-dnf libpackagekit-glib2-18 - Add PackageKit-cancel-transaction-if-daemon-disappears.patch: Fix hangs in packagekit-glib2 client if daemon crashes (gh#hughsie/PackageKit#464). ==== apparmor ==== Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils python3-apparmor - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file ==== ceph ==== Version update (16.1.0.1217+g8e1da7347e -> 16.2.0.91+g24bd0c4acf) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - _constraints: raise s390x disk constraint to 42G after seeing a build fail with "write error: No space left on device" - Update to 16.2.0-91-g24bd0c4acf: + rebase on top of upstream pacific SHA1 4cbaf866034715d053e6259dcd5bd8e4e1d1e1ed - Update to 16.2.0-31-g5922b2b9c1: + rebase on top of upstream v16.2.0 (first stable release in Pacific series) see https://ceph.io/releases/v16-2-0-pacific-released/ ==== cloud-init ==== - Add cloud-init-bonding-opts.patch (bsc#1184085) + Write proper bonding option configuration for SLE/openSUSE - Fix application and inclusion of use_arroba_to_include_sudoers_directory-bsc_1181283.patchfix (bsc#1181283) ==== cni-plugins ==== Version update (0.9.0 -> 0.9.1) - Update to version 0.9.1: * ipam/dhcp: Add broadcast flag * add flannel to support dual stack ip * bandwidth: fix panic in tests * host-device: Add support for DPDK device * [main/vlan] Fix error handling for delegate IPAM plugin * dhcp: default dhcp clien timeout is 10s * vlan: fix error message text by removing ptp references * dhcp: daemon dhcp client timeout is configurable * dhcp: timeout value is set in DHCP daemon * remove unused function * deps: go mod tidy coreos/go-iptables * deps: bump coreos/go-iptables ==== conmon ==== Version update (2.0.26 -> 2.0.27) - Update to version 2.0.27: * bump to v2.0.27 * Add CRI-O integration test GitHub action * exec: don't fail on EBADFD * close_fds: fix close of external fds * Add arm64 static build binary * bump to v2.0.27-dev ==== container-selinux ==== Version update (2.158.0 -> 2.160.1) - Fix container runtime binary labels (bsc#1185030). You need to relable at least /usr/sbin if you're affected ==== containers-systemd ==== Version update (0.0+git20210318.fea98a6 -> 0.0+git20210407.9384691) - Update to version 0.0+git20210407.9384691: * Add service for wsdd ==== cri-o ==== Version update (1.19.1 -> 1.21.0) Subpackages: cri-o-kubeadm-criconfig - Update to version 1.21.0: * bump to v1.21.0 * config: drop registries field as it is no longer supported * Revert "test: drop unneeded sed statement" * WIP: add debug print * test: drop unneeded sed statement * config: fix template insecure_registries field * config: drop commented config lines * build(deps): bump google.golang.org/grpc from 1.36.1 to 1.37.0 * Bump OpenShift CI cri-tools version and fix build path * build(deps): bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 * Bump cri-tools to v1.21.0 * Update Kubernetes to v1.21.0 * Add container out of memory metrics * [CLI] "crio config" only prints the fields that are differet than the default. * Set short name mode to permissive * docs-validation: update to handle workloads * Fix unnecessary conversion lint report * add tests for workloads * integrate with server * config: update workloads structure * Clarify release cadence and version skew * Add correct start time to initial log output * Add support for workload settings * refactor handling of allowed_annotations * Do not push main binary into cachix cache * resourcestore: introduce ResourceCleaner * Use internal logging when context available * build(deps): bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 * server: remove dead code * sandbox: use defined CRI type for NamespaceOption * config: remove dead code * oci: remove dead code * lib: remove dead code * build(deps): bump github.com/containers/podman/v3 * build(deps): bump k8s.io/client-go from 0.20.1 to 0.20.5 * update pause image to 3.5 for non-root * build(deps): bump github.com/soheilhy/cmux from 0.1.4 to 0.1.5 * build(deps): bump google.golang.org/grpc from 1.34.0 to 1.36.1 * build(deps): bump github.com/containers/buildah from 1.19.8 to 1.20.0 * build(deps): bump github.com/prometheus/client_golang * build(deps): bump github.com/godbus/dbus/v5 from 5.0.3 to 5.0.4 * build(deps): bump k8s.io/cri-api from 0.20.1 to 0.20.5 * build(deps): bump github.com/containers/podman/v3 * build(deps): bump k8s.io/kubernetes from 1.13.0 to 1.20.5 * crio-wipe: only clear storage if CleanShutdownFile is supported * Add static bundle node e2e tests to GitHub actions * Reload the main config file when reloading configs * crio wipe: only completely wipe storage after a reboot * Bump static binary dependency versions * Add dependabot config file * runtimeVM: Fix shimv2 binary name construction * config,runtimeVM: Improve runtime_path validation * oci_test: Add basic coverage to "RuntimeType()" * oci_test: Add basic coverage to "privileged_without_host_devices" * oci_test: Leave invalidRuntime on its own line * tweak scope dependencies * Do not return `` placeholders for images any more * Fix invalid libcontainer GetExecUser call * Update dependencies * config: Don't fail if the non default runtime doesn't pass validation * Remove check for CI env variable for release-notes and dependencies * cgmgr: add CreateSandboxCgroup method * inspect: send container PID for dropped infra sandbox * oci: specify sbox id when creating spoofed container * Run GitHub actions on release branches * Update bats to v1.3.0 (#4661) * use happy-eyeballs for port-forwarding * fix mock issues * fix lint issues * install: drop support matrix and update instructions * do not store context in runtime vm * Fix lint GitHub action * pkg/container: take process args * Use and publish version marker for CRI-O * Add GitHub API pages support to `get` script * add libbtrfs-dev to unit tests * Revert "server: use IsAlive() more" * Fix GitHub actions cache key * Bug 1881694: Add pull source as info level log * test: use latest conmon * runtime_vm: Create the global fifo inside the runtime root path * stats: fix log spam * Support CRI seccomp security profiles * oci: add unit tests for stop timeouts * oci: don't update stop timeout if it's earlier than old one * oci: update timeout even if we're ignoring kill * oci: don't wait too long on a long stop * oci: check process is still around with kill * Add integration test for started/finished container time * fix: Don't set `image-endpoint` in crictl config * feat: Add CLI option to set registries.conf.d path * Add allowed io.containers.trace-syscall annotation to static bundle * Make `get` script independent from `make` * test: correct the env variable for dropping the infra container * Add metric to grab latency of individual cri calls * Fix `get` script commit SHA retrieval * Add arm64 static build to GitHub actions * Fix GitHub actions workflow syntax * Updates yq commnands for yq v4 * gh-actions: also run on release branches * pkg/sandbox: add InitInfraContainer endpoint * test: reconfigure how runtimes are passed in * test: add runtime() function * sandbox/container: drop context * test: drop workaround for crun * pkg/sandbox: cleanup unused funcs/files * fix doc log_level adding trace option * Fix oci container update config * Update e2e-aws logic for 4.8 * nsmgr: take Initalize method * Switch to go 1.16 for GitHub actions and remove scripts/build-test-image * config: remove and create the correct dir * Update nix pin with `make nixpkgs` * server: mount cgroup with rslave * crio wipe: ensure a clean shutdown * Move integration tests to GitHub actions * Run release-notes GitHub action after dependencies * Bumps github.com/containers/ocicrypt from 1.0.3 to 1.1.0. * config/node: refactor checking for CollectMode * Fix GitHub actions checkout permissions * change binary version to 1.21.0-dev * Set conmon scope KillSignal to SIGPIPE * Move repo modification jobs to GitHub actions * bump protobuf to 1.3.2 * Log container stop timeout * ResourceStore: add close method * Allow seccomp hook tracing for separate containers * ResourceStore: extend tests to test WatcherForResource * ResourceStore: update tests to all run * ResourceStore: update docs for WatcherForResource * ResourceStore: don't segfault * server: support setting raw unified cgroupv2 settings * vendor: update runtime-specs * cgroup: implement fix for swap memcg on cgroup v2 * server: leave swap mem limit unset if not supported * test: skip ServiceAccountIssuerDiscovery test * hostport manager clean up host ports * allows stream timeout to be set from config * config: pre-create pinns directories * Bump containers image to v5.10.1 * Move unit tests to GitHub actions * Move go1.14 and 386 builds to GitHub actions * set kubelet node IP * Fix validate-completions GitHub action * Add integration test for pprof over unix socket * Add a flag for enabling profile over unix socket * Lookup echo command for unit tests * Move static build to GitHub actions * pinns: Fixup 'pwarn' output to match 'pwarnf' output * pinns: Don't put errno in the exit message for argument checks * nsmgr: use host option * nsmgr: Use config struct for NewPodNamespaces * pinns: support pinning host ns * Remove implicit GitHub action `name` fields * Move docs and completions validation to GitHub actions * Bump golangci-lint to v1.35.2 * Make config tests work rootless * Make rootless namespace unit test execution work * config: fix template to show infra_ctr_cpus option * Do not log file path on ioutil.ReadFile * fixes version_test.go * Close the stdin/tty on server start to avoid shortname prompts * docs: fix http link * docs: update kubeadm tutorial * Fix `make lint` * Return runtime API version based on protocol * Update compatibility matrix to mention v1.20 * add method comment * restore irqbalance config only on system restart * add blurb in doc and more informative name for unit tests * add is-enabled check for irqbalance service * fix unit tests * add unit tests * fix bash/zsh completions * fix the docs validation * handle irqbalance service * runtime_vm: set finished time when containers stop * nsmgr: fix/add calls to GetNamespace * managed namespaces: move to dedicated package * Provide integration test for infra-ctr-cpuset feature * Set CPUs for the infra containers during the creation * Add shell completion for infra-containers-cpu flag * Add new infra-containers-cpus to the CLI and config file * refine `registries` deprecation message * Circle CI: install test/registries.conf * crio.8.md: runroot defaults to /run/containers/storage * support short-name aliases * pull: do check for blocked registries * config: deprecate registries * Rollback gocapability vendor bump * vendor: bump containers/storage to v1.24.4 * Update nix pin with `make nixpkgs` * contrib/test/int: add Kata Containers runtime support * contrib/test/int: enforce linking in parallel build process * contrib/test/int: build parallel from sources in CentOS * contrib/test/int: allow to skip user namespace testing * contrib/test/int: allow to configure test timeout * Capitalize Kubernetes * modify the error url of podctl * Add Digital Science to adopters * crio.service: Request to be run before kubelet.service * pinns: make binary not always static * server: use IsAlive() more * Support CRI v1 and v1alpha2 at the same time * drop support for ManageNSLifecycle * test/timeout.bats: increase timeout to fix flakes * release-notes: fix flags * test/timeout.bats: fix comments * int/resourcestore: fix comment about Put * test/image.bats: simplify some loops * test/helpers.bats: simplify cleanup_* * contrib/test/int: rm node-e2e test * contrib/test/int: fix iptables rule * critest: add unix:// prefix * critest.yml: don't skip test on RHEL * test: add timeout.bats * bump network creation timeout to 5 minutes * resourcecache: add watcher idiom * server: use ResourceCache instead of dropping progress * Add unit tests for ResourceCache * Introduce ResourceCache * moves shmsize to a handler allowed annotation * image pull: close progress chan * test/ctr.bats: fix a "ctr execsync" flake * Fix the functions' name in completions * make: drop link to crio.service * test: rm "run ctr with image with Config.Volumes" * test: add no-pull-on-run=true * test/devices.bats: fix "additional device permissions" case * test/devices.bats: rm unneeded run * test/devices.bats: skip earlier * Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/bandwidth/main.go#L113 - Drop config-fix-tz.patch as upstream dependency was patched - Update to version 1.20.2: * bump to latest c/storage 1.24 branch * Remove check for CI env variable for release-notes and dependencies * fix lint * test: pin cri-tools to 1.20 * bump to v1.20.2 * Run GitHub actions on release branches * Pin gocapability to v0.0.0-20180916011248-d98352740cb2 * [PATCH 9/9] add method comment * [PATCH 8/9] restore irqbalance config only on system restart - Add vendor.tar.gz to avoid dependency downloads - Add config-fix-tz.patch to fix crio validation error while building ==== cri-tools ==== Version update (1.20.0 -> 1.21.0) - Update to version 1.21.0: * Bump README versions to v1.21.0 * Update dependencies * Add dependabot config file * Simplify test image build process for user images * Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools * Fix UID/GID and username values for test images * Bump gcb-docker-gcloud image to v20210331-c732583 * Fix CRI-O master installation in GitHub actions ==== curl ==== Version update (7.75.0 -> 7.76.1) Subpackages: libcurl4 - update to 7.76.1: - ngtcp2: Use ALPN h3-29 for now - TODO: remove 18.22 --fail-with-body - Update to 7.76.0 * Security fixes: - [bsc#1183933, CVE-2021-22876]: strip credentials from the auto-referer header field - [bsc#1183934, CVE-2021-22890]: add 'isproxy' argument to Curl_ssl_get/addsessionid() * Changes: - cookies: Support multiple -b parameters - curl: add --fail-with-body - doh: add options to disable ssl verification - http: add support to read and store the referrer header - sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl - vtls: initial implementation of rustls backend * Bugfixes: - CVE-2021-22876: strip credentials from the auto-referer header field - CVE-2021-22890: add 'isproxy' argument to Curl_ssl_get/addsessionid() - c-hyper: support automatic content-encoding - configure: only add OpenSSL paths if they are defined - configure: provide Largefile feature for curl-config - curl: set CURLOPT_NEW_FILE_PERMS if requested - doh: Fix sharing user's resolve list with DOH handles - doh: Inherit CURLOPT_STDERR from user's easy handle - dynbuf: bump the max HTTP request to 1MB - ftp: add 'list_only' to the transfer state struct - ftp: add 'prefer_ascii' to the transfer state struct - ftp: allow SIZE to fail when doing (resumed) upload - ftp: avoid SIZE when asking for a TYPE A file - ftp: fix memory leak in ftp_done - ftp: never set data->set.ftp_append outside setopt - gnutls: assume nettle crypto support - http2: don't set KEEP_SEND when there's no more data to be sent - http2: fail if connection terminated without END_STREAM - http: do not add a referrer header with empty value - http: strip default port from URL sent to proxy - http: use credentials from transfer, not connection - lib: remove 'conn->data' completely - multi: close the connection when h2=>h1 downgrading - multi: do once-per-transfer inits in before_perform in DID state - multi: rename the multi transfer states - multi: update pending list when removing handle - ngtcp2: adapt to the new recv_datagram callback - ngtcp2: clarify calculation precedence - ngtcp2: sync with recent API updates - openssl: adapt to v3's new const for a few API calls - openssl: ensure to check SSL_CTX_set_alpn_protos return values - openssl: remove get_ssl_version_txt in favor of SSL_get_version - parse_proxy: fix a memory leak in the OOM path - url: fix memory leak if OOM in the HSTS handling - url: fix possible use-after-free in default protocol - urldata: don't touch data->set.httpversion at run-time - urldata: merge "struct DynamicStatic" into "struct UrlState" - urldata: remove the 'rtspversion' field - urldata: remove the _ORIG suffix from string names - wolfssl: don't store a NULL sessionid ==== dbus-1 ==== Subpackages: libdbus-1-3 - avoid listing cmake directory - owned by cmake package ==== dnf ==== Version update (4.6.1 -> 4.7.0) - Update to version 4.7.0 + Improve repo config path ordering to fix a comps merging issue (rh#1928181) + Keep reason when package is removed (rh#1921063) + Improve mechanism for application of security filters (rh#1918475) + [doc] Add description for new API + [API] Add new method for reset of security filters + [doc] Improve documentation for Hotfix repositories + [doc] fix: "makecache" command downloads only enabled repositories + Use libdnf.utils.checksum_{check,value} + [doc] Add info that maximum parallel downloads is 20 + Increase loglevel in case of invalid config options + [doc] installonly_limit documentation follows behavior + Prevent traceback (catch ValueError) if pkg is from cmdline + Add documentation for config option sslverifystatus (rh#1814383) + Check for specific key string when verifing signatures (rh#1915990) + Use rpmkeys binary to verify package signature (rh#1915990) + Bugs fixed (rh#1916783) + Preserve file mode during log rotation (rh#1910084) ==== dracut ==== Version update (053+suse.90.gb89b6347 -> 053+suse.93.g039ac07d) Subpackages: dracut-ima - Update to version 053+suse.93.g039ac07d: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs - Update to version 053+suse.91.g4a0bdda1: * fix(kernel-modules): optionally add /usr/lib/modules.d to initramfs (bsc#1180822) ==== etcd ==== - update etcd.service: avoid args from commandline and environment as it leads to start failure (bsc#1183703) ==== expat ==== Version update (2.2.10 -> 2.3.0) - Do not BuildRequire cmake: expat is part of the distro bootstrap cycle and any additional dependency makes the ring larger. In this case here, cmake was even only used to own a directory. - update to 2.3.0: * When calling XML_ParseBuffer without a prior successful call to XML_GetBuffer as a user, no longer trigger undefined behavior (by adding an integer to a NULL pointer) but rather return XML_STATUS_ERROR and set the error code to (new) code XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) of Clang 11 (but not Clang 9). * xmlwf: Exit status 2 was used for both: - malformed input files (documented) and - invalid command-line arguments (undocumented). case of invalid command-line arguments now has its own exit status 4, resolving the ambiguity. * Other changes ==== file ==== Version update (5.39 -> 5.40) Subpackages: file-magic libmagic1 - Add patch file-5.40-ascii.patch * fix regressions on dection of smaller ASCII files (boo#1184899) - Add upstream comitts as patches * file-5.40-9b0459af.patch put attributes inside the xz magic. (boo#1184888, boo#1184891) * file-5.40-749e1ecf.patch If the file is less than 3 bytes, use the file length to determine type * file-5.40-f0601504.patch Fix regression after unsigned/signed printing changes * file-5.40-f7705dca.patch fix previous (cast >>) * file-5.40-3096f87f.patch Correct return values to exptexted * file-5.40-4c5fe1ad.patch Add missing parens - Port patch * file-5.28-btrfs-image.dif due patch file-5.40-f0601504.patch - Add upstream commits as patches * file-5.40-1c677c04.patch Don't count each byte encounter as 1, count the total number of bytes found (Anatol Belski). This makes it behave like 5.39 * file-5.40-6b34436a.patch remove "u" from the pattern (Joerg Jenderek) * file-5.40-9e2becec.patch Encoding bug fix - Fix offsets of patches * file-5.17-option.dif * file-5.19-biorad.dif * file-5.19-printf.dif * file-5.19-zip2.0.dif * file-5.22-elf.dif * file-5.23-endian.patch * file-5.28-btrfs-image.dif * file-5.38-allow-readlinkat.dif * file-secure_getenv.patch - update to 5.40: * Add limit to the number of bytes to scan for encoding * Fix /T (trim flag) for regex * Trim trailing separator. * Convert system read errors from corrupt ELF files into human readable error messages * Exclude surrogate pairs from utf-8 detection - drop upstreamed patches: * file-5.16-ocloexec.patch * file-5.39-alternate_format.dif ==== filesystem ==== - also fix /var/lib/empty to be readonly - make bindir/ _lib and _libdir readonly (mode 0555) to avoid runpath-to-writeable-directory warning ==== findutils ==== - Use new Group Release Keyring ==== fuse3 ==== Version update (3.10.2 -> 3.10.3) - Update to release 3.10.3 * Fix returning d_ino and d_type from readdir(3) in non-plus mode ==== gdk-pixbuf ==== Version update (2.42.2 -> 2.42.6) Subpackages: gdk-pixbuf-query-loaders libgdk_pixbuf-2_0-0 - Update to stable 2.42.6 + Yield gtk_doc option value in subprojects + Always initialise locale on thumbnailer startup + Add fallback subproject for libjpeg + Use type:array for the builtin_loaders option + Default to using builtin png and jpeg loaders - Disable building of docs: creates a cycle with python: + Drop python3-gi-docgen BuildRequires. + Pass gtk_doc=false to meson - Update to version 2.42.4: + Make enum type registration thread safe. + Do not install skipped test files. + Fix GIF initialization. + Always run GIF loader tests. + Fix leaks discovered via ASan. + Expose GdkPixbufLoader API via introspection. + Fix revert-to-previous first frame behaviour for GIF files. + Link to libintl if needed. + Improve support for using gdk-pixbuf as a subproject. + Fix build with GModule disabled. + Use gi-docgen to generate the API reference from introspection data. - Replace gtk-doc BuildRequires with python3-gi-docgen: follow upstreams port. - As a workaround to https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/177, delete the installed gi-docgen program files. ==== glib-networking ==== Version update (2.66.0 -> 2.68.0) - Update to version 2.68.0: + Fix double free in GnuTLS client certificate request code. - Update to version 2.68.rc: + Improve heuristic for returning G_TLS_ERROR_CERTIFICATE_REQUIRED. + Fix check for certain handshake failure conditions. - Update to version 2.68.alpha: + Download and validate missing intermediate certificates (requires GnuTLS 3.7). + OpenSSL backend now uses system crypto policy. + Remove use of g_assert in testsuite. + Restore support for old versions of OpenSSL. + Implement TLS channel bindings API. + Implement PKCS#11 API. + Update testsuite for Fedora 33 crypto policy. + Fix NULL dereference in g_tls_connection_base_read_message. + Fix a couple code issues found by Coverity. ==== glib2 ==== Version update (2.66.7 -> 2.68.1) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.68.1: + Fix a crash in `GKeyFile` when parsing a file which contains translations using a `GKeyFile` instance which has loaded another file previously. + Pin GIO DLL in memory on Windows. + Updated translations. - Update to version 2.68.0: + Bugs fixed: - build: Drop gconstructor_as_data_h usage from glib-compile-schemas. - glib.supp: Generalize some suppressions. - gbytesicon: Fix error in g_bytes_icon_new() documentation. - glocalfileoutputstream: Tidy up error handling. - tests: Fix copy/paste error in queue test. - Update to version 2.67.6: + Fix a security issue when using `g_file_replace()` with `G_FILE_CREATE_REPLACE_DESTINATION`. + Disallow operations on the empty path with `g_file_new_from_path()`. + Various fixes for GLib when building with clang-cl on Windows. + Updated translations. - Update to version 2.67.5: + Fix more issues with `glib_typeof` macro from 2.67.3?2.67.4. + Fix regression with some FD mappings passed to `g_subprocess_launcher_spawnv()` caused by changes for #2097 in GLib 2.67.4. + Fix detection of `str[n]casecmp()` when building with `clang-cl`. + Use zlib from subproject if configured with `wrap_mode=forcefallback`. + Updated translations. - Update to version 2.67.4: + Add a `g_string_replace()` function. + Add `G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` flag to simplify the common case for writing a D-Bus authentication observer, allowing most uses of `GDBusAuthObserver` to be dropped. + Add a new `g_spawn_with_pipes_and_fds()` variant which supports renumbering FDs. + Add new g_memdup2() API to replace g_memdup(), which is vulnerable to a silent integer truncation and heap overflow problem if not used carefully. + Fix various regressions caused by rushed security fixes in 2.66.6. + Fix a silent integer truncation when calling g_byte_array_new_take() for byte arrays bigger than G_MAXUINT. + Fix `g_utf8_strdown()` to fix some issues in Turkish. + Updated translations. ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Enable support for static PIE (bsc#1184646) - select-modify-timeout.patch: linux: always update select timeout (bsc#1184339, BZ #27706) - Don't remove -f[asynchronous-]unwind-tables during configure run, no longer needed ==== gmp ==== - Compute FIPS hmac for libgmp.so.10 [bsc#1184555] - do not break SLE 12 build when applying spec-cleaner ==== gobject-introspection ==== Version update (1.66.1 -> 1.68.0) Subpackages: girepository-1_0 libgirepository-1_0-1 - Update to version 1.68.0: + Update GLib annotations. + docs: cleanup. + Fix syntax errors in gir-1.2.rnc. - Update to version 1.67.1: + Requires Python 3.6+. + Update GLib annotations. + Fix compatibility with Python 3.10. + Fix build with GIR data disabled. + Add test object for signal marshallers. ==== grub2 ==== Subpackages: grub2-arm64-efi grub2-snapper-plugin - Fix obsolete syslog in systemd unit file and updating to use journal as StandardOutput (bsc#1185149) * grub2-once.service - Fix build error on armv6/armv7 (bsc#1184712) * 0001-emu-fix-executable-stack-marking.patch - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch ==== gsettings-desktop-schemas ==== Version update (3.38.0 -> 40.0) - Update to version 40.0: + Updated translations. - Update to version 40.rc: + Updated translations. - Update to version 40.beta: + Use pgUp/Down shortcuts for horizontal workspace switching. + Add super-based workspace navigation shortcuts. + Remove ?gnome-fallback? as a valid session name. + Fix summary of `two-finger-scroll-enabled` key. + Updated translations. - Update to version 40.alpha: + Add scroll button locking to trackballs. + Move mouse drag-threshold/double-click settings here. + Move antialiasing/hinting/rgba-order settings here. + Updated translations. ==== hwinfo ==== Version update (21.72 -> 21.73) - merge gh#openSUSE/hwinfo#95 - don't rely on select() updating its timeout arg (bsc#1184339) - 21.73 ==== installation-images-MicroOS ==== Version update (16.56 -> 17.0) - merge gh#openSUSE/installation-images#498 - rescue: make sure /var/run is a link to /run - rescue: link modules and firmware from correct location - 17.0 - merge gh#openSUSE/installation-images#504 - no more libstoragemgmt-netapp-plugin - 16.74 - merge gh#openSUSE/installation-images#503 - make usrmerge case depend on /lib link in filesystem package - 16.73 - merge gh#openSUSE/installation-images#502 - extend 'exists' operator to test for a specfic type - merge gh#openSUSE/installation-images#500 - fix NVMf autoconnect udev rule (bsc#1184908) - 16.72 - merge gh#openSUSE/installation-images#490 - re-enable SecureBoot on AARCH64 on SLE Micro enable building the SLE Micro flavor based on OBS macro - 16.71 - merge gh#openSUSE/installation-images#497 - add udev rules for NVMf autoconnect in the installation system (bsc#1184908) - 16.70 - merge gh#openSUSE/installation-images#496 - add even more USB Type-C modules (bsc#1185010) - 16.69 - merge gh#openSUSE/installation-images#492 - allow loading of unsupported modules (bsc#1184413, bsc#1183140) - 16.68 - merge gh#openSUSE/installation-images#491 - build with kernel-default-optional on Leap (bsc#1184413) - 16.67 - merge gh#openSUSE/installation-images#487 - gefrickel: don't skip non-existing - 16.66 - merge gh#openSUSE/installation-images#484 - add USB Type-C modules (bsc#1184867) - 16.65 - merge gh#openSUSE/installation-images#481 - enable multipathd in rescue system (bsc#1184686) - merge gh#openSUSE/installation-images#480 - build with kernel-default-extra on Leap (bsc#1184413, bsc#1183140) - 16.64 - merge gh#openSUSE/installation-images#478 - Fix grub branding for %{arm} - 16.63 - merge gh#openSUSE/installation-images#473 - adjust NVME config initialisation (bsc#1183230) - 16.62 - merge gh#openSUSE/installation-images#470 - Fix firmware dir for usrmerge (boo#1029961) - remote_log_setup: support loghost with port - 16.61 - merge gh#openSUSE/installation-images#450 - Add support for riscv64 - 16.60 - merge gh#openSUSE/installation-images#475 - remove bind-libs BuildRequires - 16.59 - merge gh#openSUSE/installation-images#474 - remove changelog file - update git2log script to latest version - clean up VERSION - remove .gitignore - 16.58 - merge gh#openSUSE/installation-images#472 - handle update-alternative symlinks automatically - remove update-alternative hacks - 16.57 ==== irqbalance ==== Version update (1.7.0+git20210222.9db8d5c -> 1.8.0) - Add _service file pointing to github sources A _service - Update to version 1.8.0: * Add return value check of opendir in do_one_cpu * Hotplug may occur again during sleep, so wait until there is no hotplug ==== k9s ==== Version update (0.24.2 -> 0.24.7) - Update to version 0.24.7: * cleaning up * bump rev * maintenance #1067 #1061 #1060 * rev up * merge prs + dep updates * ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062) * bugs #1063 #1061 #1059 #177 * Add release tag (#1058) * fix #1056 #1024 * fix po feature col + lockouts? - Update to version 0.24.6: * rev up * merge prs + dep updates * ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062) * bugs #1063 #1061 #1059 #177 * Add release tag (#1058) * fix #1056 #1024 * fix po feature col + lockouts? * fix #1024 * update deps and image - Rename Makefile.diff to Makefile.patch ==== kdump ==== - kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to dracut command line (bsc#1182309). ==== kernel-firmware ==== Version update (20210315 -> 20210419) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network - Update to version 20210419 (git commit 940b7f42d45d): * cxgb4: Update firmware to revision 1.25.4.0 * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2438 * brcm: Link CM4's WiFi firmware with DMI machine name. * linux-firmware: Update firmware file for Intel Bluetooth AX201 * amdgpu: update navi14 smc firmware * amdgpu: update navi10 SMC firmware * QCA: Update Bluetooth firmware for QCA6174 * WHENCE: link to similar config file for rtl8821a support * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.14.A.6 * amdgpu: add arcturus firmware * rtl_bt: Add rtl8723bs_config-OBDA0623.bin symlink * brcm: Add nvram for the Chuwi Hi8 (CWI509) tablet * brcm: Add nvram for the Predia Basic tablet * qcom: sm8250: update remoteproc firmware * qcom: update a650 firmware files * rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x59A_76A3 * amdgpu: update sienna cichlid firmware for 20.50 * amdgpu: update vega20 firmware for 20.50 * amdgpu: update picasso firmware for 20.50 * amdgpu: update navi14 firmware for 20.50 * amdgpu: update vega12 firmware for 20.50 * amdgpu: update navi12 firmware for 20.50 * amdgpu: update vega10 firmware for 20.50 * amdgpu: update renoir firmware for 20.50 * amdgpu: update navi10 firmware for 20.50 * amdgpu: update raven2 firmware for 20.50 * amdgpu: update raven firmware for 20.50 * amdgpu: add initial support for navy flounder - Update aliases ==== kexec-tools ==== Version update (2.0.20 -> 2.0.21) - kexec-tools-remove-duplicate-ramdisk-definition.patch: Remove duplicate definition of ramdisk (fix ppc build). - Bump version to 2.0.21 - Drop patches from upstream git: * kexec-tools-add-variant-helper-functions.patch * kexec-tools-arm64-kexec-allocate-memory-space-avoiding-reserved-regions.patch * kexec-tools-arm64-kdump-deal-with-resource-entries-in-proc-iomem.patch * kexec-tools-build-multiboot2-for-i386.patch * kexec-tools-fix-kexec_file_load-error-handling.patch * kexec-tools-reset-getopt-before-falling-back-to-legacy.patch * kexec-tools-s390-Reset-kernel-command-line-on-syscal.patch * kexec-tools-Remove-duplicated-variable-declarations.patch - Hardening: Link as PIE (bsc#1185020). ==== krb5 ==== - Use /run instead of /var/run for daemon PID files; (bsc#1185163); - do not own %sbindir, it comes from filesystem package ==== kubectl-who-can ==== Version update (0.0+git20190606.c185aaa -> 0.3.0) - Update to version 0.3.0: * chore: Bump up Go to v1.15 (#82) * feat: Add JSON export functionality (#81) * chore: Switch to main branch (#80) * feat: Add -o wide flag to print the ROLE column (#79) * chore: Add krew-release-bot for publishing plugin releases (#78) * refactor: Use KIND to run integration tests (#77) * chore: Bump up Go from 1.12 to 1.14 (#76) * chore: Remove Travis CI config (#75) * chore: Migrate from Travis CI to GitHub Actions (#74) * chore: Replace google/glog with kubernetes/klog (#71) ==== kubernetes ==== Version update (1.20.2 -> 1.21.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Remove BuildRequires for Go, bump kubernetes to 1.21.0 and 1.20.5 - add BuildRequires for go >= 1.15.5, to align with kubernetes1.20 package ==== kubernetes1.20 ==== Version update (1.20.2 -> 1.20.6) - Update to version 1.20.6: * azure: fix node public IP not able to fetch issues from IMDS * Fix test now that empty struct are tracked in mangaed fields * make generated_files * Update bazel and dependencies. * Update to use cliflag.NamedFlagSets * Address comments. * Update NodeIPAM wrapper * Delete build file based on latest changes. * Update extension mechanism and related sample. * Address review comments * Address review comments * Modify integration test to fill CCM test gap * Update test * Move initialize cloud provider with client builder reference inside controller start func * Separate example func and add README.md * Separate func * Add demonstration of wiring nodeIPAMController config object * Remove cloud provider name as input parameter. * Fix flag passing in CCM. * Use apply to create objects in TestApplyStatus * Stop skipping APIService in apply test * Stop clearing OpenAPIConfig for kube-aggregator * Declare TCP default for service port protocol * Add ability to skip OpenAPI handler installation * do not tag user created public IPs * apf: fix test flake * update gogo/protobuf to v1.3.2 * Fixed describe ingress causing SEGFAULT * Update sigs.k8s.io/structured-merge-diff to v4.0.3 * Stop probing a pod during graceful shutdown * apf: handle error from PollImmediateUntil * staging/publishing: Set default go version to go1.15.10 * webhook config manager: HasSynced returns true when the manager is synced with existing webhookconfig objects at startup * update metadata-concealment to 1.6 for removing legacy checking * slice mirroring controller mirror annotations * additional subnet configuration for AWS ELB * Revert "Automated cherry pick of #97417: fix azure file secret not found issue" * Use the correct volum handle format for GCE regional PD. * Increasing maximum number of ports allowed in EndpointSlice * Support > 5 ports in L4 ILB. * build: Update to k/repo-infra@v0.1.5 (supports go1.15.10) * Use go-runner:v2.3.1-go1.15.10-buster.0 image (built on go1.15.10) * Update to go1.15.10 * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.5 * fix a bug where only service with less than 100 ports can have GCE load balancer * bazel * deepcopy statefulsets * full deepcopy on munged pod spec * remove pod toleration toleration seconds mutation * add markers for inspected validation mutation hits * move secret mutation from validation to prepareforupdate * remove unnecessary mutations in validation * tweak validation to avoid mutation * For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP * Moving docker options to daemon.json * e2e fix: loosen configmap to 10 in resource quota * api-server add --lease-max-object-count * apiserver add metric etcd_lease_object_counts * apiserver add --lease-reuse-duration-seconds to config lease reuse duration * Bump Cluster Autoscaler to v1.20.0 - Rebase opensuse-version-checks.patch - Update to version 1.20.5: * Updating EndpointSliceMirroring controller to wait for cache to be updated * Updating EndpointSlice controller to wait for cache to be updated * Add tests for populated volumes * Fix comment on getPodVolumeSubpathListFromDisk * Fix tests to test for new behavior * Add warnings after cleanup back * Automatically remove orphaned pod's dangling volumes * Count pod overhead as an entity's resource usage * Ensure only one LoadBalancer rule is created when HA mode is enabled * Fix issue in checking domain socket for plugin watcher * Use Lstat in plugin watcher to avoid Windows problem * Skip visiting empty secret and configmap names * Number of sockets is assumed to be same as NUMA nodes * disables APF if the aggregated apiserver cannot locate the core kube-apiserver * Fix repeatedly aquire the inhibit lock * Sync node status during kubelet node shutdown * remove executable permission bits * Upgrading vendored dependencies * Upgrading cAdvisor to 0.38.8 * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.4 * build/OWNERS: Add Dan and Sascha as reviewers * OWNERS(CHANGELOG): Move reviewers/approvers to CHANGELOG/ dir * Bump konnectivity-client to v0.0.15 in release-1.20 * Storage e2e: Remove pd csi driver installation in GKE * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.3 * kube-cross: update image to use v1.15.8-legacy-1 * [go1.15] build: Update to k/repo-infra@v0.1.4 (supports go1.15.8) * Use go-runner:buster-v2.3.1 image (built on go1.15.8) * staging/publishing: Set default go version to go1.15.8 * Update to go1.15.8 * Fix dbus shutdown events not continuing if they are not valid * Revert "make hostPort match test linuxonly" * Revert "conformance changes" * kube-proxy: clear conntrack entries after rules are in place * Use -LiteralPath instead of -Path * Escape the special character in vsphere windows path * Include unit test * Adjust defer to correctly call * do not remove volume dir when saveVolumeData fails * kubeadm: drop explicit constant override in version test * kubeadm: get k8s CI version markers from k8s infra bucket * dockershim hostport respect IPFamily * dockershim hostport manager use HostIP * Balance nodes in scheduling e2e * e2e: Pod should avoid nodes that have avoidPod annotation: clean remaining pods * Cherry pick of #98254:Fix the kube-scheduler binary's description of the --config parameter is inaccurate * fix kube-scheduler cannot send event because the Note field is too large * Fix nil pointer dereference in disruption controller * Update region_pd e2e test to support PV have GA topology * Recover CSI volumes from dangling attachments * IsVolumeAttachedToNode() renamed to GetAttachState(), and returns 3 states instead of combining "uncertain" and "detached" into "false" * Fixes Attach Detach Controller reconciler race reading ActualStateOfWorld and operation pending states; fixes reconciler_test mock detach to account for multiple attaches on a node * Fix translation of Cinder storage classess to CSI * OWNERS(CHANGELOG): Add release-engineering-reviewers as reviewers * OWNERS(CHANGELOG): Add release-engineering-reviewers as approvers * Resolve IP addresses of host-only in filtered dialer * Deflake ingress updates * make podTopologyHints protected by lock * ignore cgroup driver check in windows node upgrade * OWNERS(sig-release): Add CHANGELOG aliases * OWNERS(build-image): Add Release Managers as reviewers * OWNERS(releng): Sync Release Managers * OWNERS(sig-release): Remove SIG Release approvers alias * aggregate errors when putting vmss * fix azure file migration issue * kubelet: Fix mirrorPodTerminationMap leak * kubelet: Delete static pods gracefully * kubeadm: change the default image repository for CI images from gcr.io/kubernetes-ci-images to gcr.io/k8s-staging-ci-images * kubelet logs print 'kubelet nodes sync' frequently * reduce buckets for etcd_request_duration_seconds * Merge pull request #96876 from howieyuen/no-execute-taint-missing * cleanup subnet in frontend ip configs * conformance changes * make hostPort match test linuxonly * Clean up namespaced children of missing virtual parents with incorrectly cluster-scoped nodes * Add unit test for child scope mismatch with missing parent * vendor: update cAdvisor to v0.38.7 * Use volumeHandle as PV name when translating EBS inline volume * Update CHANGELOG/CHANGELOG-1.20.md for v1.20.2 * kubectl-convert import known versions * Revert "Merge pull request #92817 from kmala/kubelet" * WIP: node sync at least once * fixes nil panic for nil delegated auth options * Lower the frequency of volume plugin deprecation warning * handle webhook authenticator and authorizer error * fix the panic when kubelet registers if a node object already exists with no Status.Capacity or Status.Allocatable * Avoid checking the entire backend service URL for FR equality. * Use non privileged ports ==== kubic-control ==== Subpackages: kubic-haproxycfg kubicctl kubicd - kubicd: require kubernetes-kubeadm - pin to go 1.14, the certificate handling changes in 1.15 are incompatible (issues/30) ==== ldb ==== Version update (2.2.1 -> 2.3.0) - Update to ldb 2.3.0 ==== less ==== Version update (563 -> 581) - less 581: * Change ESC-u command to toggle, not disable, highlighting per man page * Add ESC-U command * Add ctrl-W search modifier for wrapping search * F command can be interrupted by ^X * Support OSC 8 hyperlinks when -R is in effect * g command with no number will ignore -j and put first line at top of screen * Multiple + or -p command line options are handled better * Add the --incsearch option * Add the --line-num-width option * Add the --status-col-width option * Add the --use-color and --color options * Display -w highlight even if highlighted line is empty * If search result is in a long line, scroll to ensure it is visible * Editing the same file under different names now creates only one entry in the file list. * Make visual bell more visible on some terminals * Ring end-of-file bell no more than once per second * Build can use either Python or Perl for Makefile.aut operations * Fix crash when using the @ search modifier. * Fix crash in the 's' command due to duplicate free - drop less-429-save_line_position.patch which was never accepted upstream due to solving one problem and creating others ==== libapparmor ==== - add crypto-policies-mr720.diff to allow reading crypto policies in abstractions/ssl_certs (boo#1183597) - replace %{?systemd_requires} with %{?systemd_ordering} to avoid dragging in systemd into containers just because apparmor-parser ships a *.service file ==== libassuan ==== Version update (2.5.4 -> 2.5.5) - update to 2.5.5: * Fix a crash in the logging code * Upgrade autoconf ==== libcap ==== - Add explicit dependency on libcap2 with version to libcap-progs (bsc#1184690) ==== libcontainers-common ==== - Force overlay as default storage driver if system is not btrfs (gh#containers/buildah#3153) - Update common to 0.36.0 - Update podman to 3.1.1 - Update storage to 1.29.0 - Update image to 5.11.0 - Update common to 0.35.3 - Update podman to 3.1.0 - Update storage to 1.28.1 - Update image to 5.10.5 ==== libdnf ==== Version update (0.60.0 -> 0.62.0) Subpackages: libdnf-repo-config-zypp libdnf2 - Add patch to fix crash when loading DVD repositories + Patch: 0001-Fix-a-crash-when-repoId-not-found-in-loaded-conf-gke.patch - Update to 0.62.0 + Change order of TransactionItemReason (rh#1921063) + Add two new comperators for security filters (rh#1918475) + Apply security filters for candidates with lower priority + Fix: Goal - translation of messages in global maps + Enhance description of modular solvables + Improve performance for module query + Change mechanism of modular errata applicability (rh#1804234) + dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags + Fix a couple of memory leaks + Fix: Setting of librepo handle in newHandle function + Remove failsafe data when module is not enabled (rh#1847035) + Expose librepo's checksum functions via SWIG + Fix: Mising check of "hy_split_nevra()" return code + Do not allow 1 as installonly_limit value (rh#1926261) + Fix check whether the subkey can be used for signing + Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, boo#1183779) + Add a config option sslverifystatus, defaults to false (rh#1814383) + [context] Add API for distro-sync ==== libeconf ==== Version update (0.3.8+git20200710.5126fff -> 0.4.0+git20210413.fdb8025) - Removed doxygen from build requires. - Update to version 0.4.0+git20210413.fdb8025: * Installing man pages via meson. (#147) - Update to version 0.4.0+git20210412.1513a26: * Added econftool cat option (#146) * new API call: econf_readDirsHistory (showing ALL locations) * new API call: econf_getPath (absolute path of the configuration file) - Update to version 0.4.0+git20210408.6d33e5e: * Man pages libeconf.3 and econftool.8. * Handling multiline strings. * Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... * Econftool, an command line interface for handling configuration files. * Generating HTML API documentation with doxygen. * Improving error handling and semantic file check. * Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. ==== libfido2 ==== Version update (1.6.0 -> 1.7.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open?s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream * Added fix-cmake-linking.patch to fix linking ==== libgcrypt ==== Version update (1.9.2 -> 1.9.3) - libgcrypt 1.9.3: * Bug fixes: - Fix build problems on i386 using gcc-4.7. - Fix checksum calculation in OCB decryption for AES on s390. - Fix a regression in gcry_mpi_ec_add related to certain usages of curve 25519. - Fix a symbol not found problem on Apple M1. - Fix for Apple iOS getentropy peculiarity. - Make keygrip computation work for compressed points. * Performance: - Add x86_64 VAES/AVX2 accelerated implementation of Camellia. - Add x86_64 VAES/AVX2 accelerated implementation of AES. - Add VPMSUMD acceleration for GCM mode on PPC. * Internal changes. - Harden MPI conditional code against EM leakage. - Harden Elgamal by introducing exponent blinding. ==== libhugetlbfs ==== - Hardening: Link as PIE (bsc#1184123). ==== libjpeg-turbo ==== - version update to 2.1.0 lot of changes, see * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.90 * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.1.0 ==== libksba ==== Version update (1.5.0 -> 1.5.1) - libksba 1.5.1: * Support Brainpool curves specified by ECDomainParameters ==== libpeas ==== Version update (1.28.0 -> 1.30.0) - Update to version 1.30.0: + Build system improvements. + Improvements when running on Windows. + Updated translations. ==== librepo ==== Version update (1.13.0 -> 1.14.0) - Update to 1.14.0 + Fix LRO_PRESERVETIME behavior + Support multiple checksums in xattr (rh#1931904) + Return "calculated" checksum if requested w/caching + Fix lr_yum_download_url in case lr_handle is NULL ==== libselinux ==== Subpackages: libselinux1 selinux-tools - Remove Recommends for selinux-autorelabel. It's better to have this in the policy package itself (bsc#1181837) ==== libsolv ==== Version update (0.7.17 -> 0.7.19) - fix rare segfault in resolve_jobrules() that could happen if new rules are learnt - fix a couple of memory leaks in error cases - fix error handling in solv_xfopen_fd() - bump version to 0.7.19 - fixed regex code on win32 - fixed memory leak in choice rule generation - repo_add_conda: add flag to skip v2 packages - bump version to 0.7.18 ==== libxcrypt ==== Version update (4.4.18 -> 4.4.19) - Update to 4.4.19 * Improve fallback implementation of explicit_bzero. * Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver. These were added in GNU libc 2.29, 2.32, and 2.33 respectively * Do not build xcrypt.h if we?re not going to install it. * Do not apply --enable-obsolete-api-enosys mode to fcrypt. * Compilation fix for NetBSD. NetBSD?s declares encrypt and setkey to return int, contrary to POSIX (which says they return void). Rename those declarations out of the way with macros. * Compilation fixes for building with GCC 11. Basically fixes for explicit type-casting. * Force update of existing symlinks during installation ==== libzypp ==== Version update (17.25.8 -> 17.25.9) - Add missing includes for GCC 11 (bsc#1181874) - Fix unsafe usage of static in media verifier. - Solver: Avoid segfault if no system is loaded (bsc#1183628) - MediaVerifier: Relax media set verification in case of a single not-volatile medium (bsc#1180851) - Do no cleanup in custom cache dirs (bsc#1182936) - ZConfig: let pubkeyCachePath follow repoCachePath. - version 17.25.9 (22) ==== lua54 ==== Version update (5.4.2 -> 5.4.3) - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 1,2,3 for build and tests respectively. - Update to version 5.4.3: * Fixes bugs found in Lua 5.4.2 - Removed upstream-bugs.patch: new release (no bugs found yet) - Removed upstream-bugs-test.patch: new release (no bugs found yet) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - Honor lvm.conf event_activation=0 on "pvscan --cache -aay" (bsc#1185190) + bug-1185190_01-pvscan-support-disabled-event_activation.patch + bug-1185190_02-config-improve-description-for-event_activation.patch - LVM cannot be disabled on boot (bsc#1184687) + bug-1184687_Add-nolvm-for-kernel-cmdline.patch - Update patch for avoiding apply warning message + bug-1012973_simplify-special-case-for-md-in-69-dm-lvm-metadata.patch - Add metadata-based autoactivation property for VG and LV (bsc#1178680) + bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch ==== makedumpfile ==== Version update (1.6.7 -> 1.6.8) - Update patch metadata. - Fix guessing of va_bits (bsc#1183977) * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch - Support kernel 5.11: * makedumpfile-use-uts_namespace.name-offset-VMCOREINFO.patch: make use of 'uts_namespace.name' offset in VMCOREINFO. - Update upstream project location (URL and Source). - Update to version 1.6.8: * Support newer kernels up to v5.9 * arm64: Add support for ARMv8.2-LPA (52-bit PA support) * Retrieve MAX_PHYSMEM_BITS from vmcoreinfo * sadump, kaslr: fix failure of calculating kaslr_offset * Introduce --check-params option * cope with not-present mem section - Drop upstreamed patches: * makedumpfile-Fix-cd_header-offset-overflow-with-large-pfn.patch * makedumpfile-arm64-Align-PMD_SECTION_MASK-with-PHYS_MASK.patch * makedumpfile-sadump-Fix-failure-of-reading.patch - Allow to read kernel log from the lockless ringbuffer (bsc#1183965): * makedumpfile-printk-add-support-for-lockless-ringbuffer.patch * makedumpfile-printk-use-committed-finalized-state-value.patch ==== microdnf ==== Version update (3.7.1 -> 3.8.0) - Update to 3.8.0 + Add "makecache" command + Add "distro-sync" command ==== mozilla-nss ==== Version update (3.62 -> 3.63.1) - update to NSS 3.63.1 * no upstream release notes for 3.63.1 (yet) Fixed in 3.63 * bmo#1697380 - Make a clang-format run on top of helpful contributions. * bmo#1683520 - ECCKiila P384, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual scalar multiplication. * bmo#1683520 - ECCKiila P521, change syntax of nested structs initialization to prevent build isses with GCC 4.8. * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual scalar multiplication. * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683. * bmo#1694214 - tstclnt can't enable middlebox compat mode. * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting profiles. * bmo#1685880 - Minor fix to prevent unused variable on early return. * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv with nss build. * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch of root CA changes, CA list version 2.48. * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's 'Chambers of Commerce' and 'Global Chambersign' roots. * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER. * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS. * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS. * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs from NSS. * bmo#1687822 - Turn off Websites trust bit for the ?Staat der Nederlanden Root CA - G3? root cert in NSS. * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce Root - 2008' and 'Global Chambersign Root - 2008?. * bmo#1694291 - Tracing fixes for ECH. - required for Firefox 88 ==== multipath-tools ==== Version update (0.8.5+29+suse.5dabcd2 -> 0.8.5+30+suse.633836e) Subpackages: kpartx libmpath0 - Update to version 0.8.5+30+suse.633836e: * multipathd: give up "add missing path" after multiple failures (bsc#1183963) ==== ncurses ==== Version update (6.2.20210313 -> 6.2.20210424) Subpackages: libncurses6 ncurses-utils terminfo-base - Add ncurses patch 20210424 + avoid using broken system macros for snprintf which interfere with _nc_SLIMIT's conditionally adding a parameter when the string-hacks configure option is enabled. + add a "all::" rule before the new "check" rule in test/Makefile.in - Add ncurses patch 20210418 + improve CF_LINK_FUNCS by ensuring that the source-file is closed before linking to the target. + add "check" rules for headers in c++, progs and test-directories. + build-fix for termsort module when configured with termcap (reports by Rajeev V Pillai, Rudi Heitbaum). - Add ncurses patch 20210417 + extend --disable-pkg-ldflags option to also control whether $LDFLAGS from the build is provided in -config and .pc files (Debian #986764). + fix some cppcheck warnings, mostly style, in ncurses and c++ libraries and progs directory. + fix off-by-one limit for tput's processing command-line arguments (patch by Hadrien Lacour). - Do not strip examples - Install available manual pages of examples as well - Add ncurses patch 20210403 + fix some cppcheck warnings, mostly style, in ncurses library and progs directory. + improve description of BSD-style padding in curs_termcap.3x + improved CF_C11_NORETURN macro, from byacc changes. + fix "--enable-leak" in CF_DISABLE_LEAKS to allow turning leak-checking off later in a set of options. + relax modification-time comparison in CF_LINK_FUNCS to allow it to accept link() function with NFS filesystems which change the mtime on the link target, e.g., several BSD systems. + call delay_output_sp to handle BSD-style padding when tputs_sp is called, whether directly or internally, to ensure that the SCREEN pointer is passed correctly (reports by Henric Jungheim, Juraj Lutter). - Correct offsets of patch ncurses-6.2.dif - Disable pcre support for now (boo#1183960, boo#1184083) - Add ncurses patch 20210327 + build-fixes for Solaris10 /bin/sh + fix some cppcheck warnings, mostly style, in ncurses test-programs, form and menu libraries. - Add ncurses patch 20210323 + add configure option --enable-stdnoreturn, making the _Noreturn keyword optional to ease transition (prompted by report by Rajeev V Pillai). - Enhence cursescheck script - Disable _Noreturn usage as it breaks build of e.g. dialog - Add ncurses patch 20210320 + improve parameter-checking in tput by forcing it to analyze any extended string capability, e.g., as used in the Cs and Ms capabilities of the tmux description (report by Brad Town, cf: 20200531). + remove an incorrect free in the fallback (non-checking) version of _nc_free_and_exit (report by Miroslav Lichvar). + correct use-ordering in some xterm-direct flavors -TD + add hterm, hterm-256color (Mike Frysinger) + if the build-time compiler accepts c11's _Noreturn keyword, use that rather than gcc's attribute. + change configure-check for gcc's noreturn attribute to assume it is a prefix rather than suffix, matching c11's _Noreturn convention. + add "lint" rule to c++/Makefile, e.g., with cppcheck. - Port patch ncurses-6.2.dif by correcting offsets ==== openSUSE-build-key ==== - fixed s390x key install (bsc#1185245) ==== openssl ==== Version update (1.1.1j -> 1.1.1k) - Update to 1.1.1k release ==== openssl-1_1 ==== Version update (1.1.1j -> 1.1.1k) Subpackages: libopenssl1_1 - Update to 1.1.1k * Fixed a problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. ([CVE-2021-3450]) [bsc#1183851] * Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. ([CVE-2021-3449]) [bsc#1183852] ==== pam ==== Subpackages: pam_unix - If "LOCAL" is configured in access.conf, and a login attempt from a remote host is made, pam_access tries to resolve "LOCAL" as a hostname and logs a failure. Checking explicitly for "LOCAL" and rejecting access in this case resolves this issue. [bsc#1184358, bsc1184358-prevent-LOCAL-from-being-resolved.patch] - pam_limits: "unlimited" is not a legitimate value for "nofile" (see setrlimit(2)). So, when "nofile" is set to one of the "unlimited" values, it is set to the contents of "/proc/sys/fs/nr_open" instead. Also changed the manpage of pam_limits to express this. [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch] ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Suggest libdnf-repo-config-zypp explicitly - Fix dependency on systemd-icon-branding-openSUSE - Use only kernel-firmware-all instead of kernel-firmware to avoid duplicate firmware on the DVD - spice-vdagent is available on all archs - hyper-v and open-vm-tools are available on AArch64 as well - A fresh install does not have xdg-open & friends. Fix by adding xdg-utils - while there, fix the comment, as they're common tools, but not necessarily useful only "during initial setup" - Add packages to the desktop commons pattern: systemd-icons-branding-openSUSE (to list the MicroOS logo on the Gnome Settings About page) - Add packages to the DVD: - instead of adding firmware-all, add specific firmware packages for common hardware (or at least, for hardware for which we have bugs open, see bsc#1184767 and bsc#1184403) - Add some packages in the DVD: - Spice guest driver so graphics works properly out of the box, when installing in VMs (mostly for desktops) - firmwares so that (wireless mostly, bot also wired) networking works in the installer and on the installed system ==== pcre2 ==== - Remove regcomp, regexec etc. from libpcre2-posix. (Add pcre2-symbol-clash.patch) ==== perl-Bootloader ==== Version update (0.933 -> 0.934) - merge gh#openSUSE/perl-bootloader#134 - install with --removable if efivars are not writable (bsc#1182749, bsc#1174111, bsc#1184160) - fix whitespace - 0.934 ==== pkgconf ==== Subpackages: libpkgconf3 pkgconf-m4 pkgconf-pkg-config - do not own directories provided by filesystem - small cleanups inspired by spec-cleaner ==== podman ==== Version update (3.0.1 -> 3.1.2) Subpackages: podman-cni-config - Update to version 3.1.2: * Bump to v3.1.2 * Update release notes for v3.1.2 * Ensure mount destination is clean, no trailing slash * Fixes podman-remote save to directories does not work * [CI:DOCS] Add missing dash to verbose option * [CI:DOCS] Fix Markdown table layout bugs * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md * rmi: don't break when the image is missing a manifest * Bump containers/image to v5.11.1 * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1 * Fix lint * Bump to v3.1.2-dev - Split podman-remote into a subpackage - Add missing scriptlets for systemd units - Escape macros in comments - Drop some obsolete workarounds, including %{go_nostrip} - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume "U" option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors - Create docker subpackage to allow replacing docker with corresponding aliases to podman. ==== python-M2Crypto ==== - Add no-need-parameterized.patch ... we don't need run-time requirement of parameterized package (bsc#1185150). ==== python-MarkupSafe ==== - allow tests to be disabled (still on by default) ==== python-cryptography ==== - Remove unnecessary %ifpython3 construct ==== python-gobject ==== Version update (3.38.0 -> 3.40.1) - Update to version 3.40.1: + Fix tests with glib 2.68. + Fix a regression with marshalling partial() objects. - Update to version 3.40.0: + GTK 4 compatibility fixes. + Python 3.9 and 3.10 compatibility fixes. + New minimal dependency requirements. - Up glib2, gobject-introspection, and cairo required versions. ==== python-importlib-metadata ==== Version update (3.7.0 -> 3.7.2) - update to 3.7.2: * Cleaned up cruft in entry_points docstring. * Internal refactoring to facilitate ``entry_points() -> dict`` deprecation. ==== python-jsonpatch ==== Version update (1.28 -> 1.31) - update to 1.31: * Add support for preserving Unicode charaters * remove pypy build ==== python-rpm ==== Version update (4.16.0 -> 4.16.1.3) - update to rpm-4.16.1.3 ==== raspberrypi-firmware-config ==== - Use smbios overlay to get minimal SMBIOS information through dmidecode (bsc#1183079) ==== raspberrypi-firmware-dt ==== - Add overlay for smbios information (bsc#1183079) * smbios-overlay.dts ==== rbac-lookup ==== Version update (0.6.3 -> 0.6.4) - Update to version 0.6.4: * Update documentation from template (#176) * Managed by Terraform * Add documentation site (#175) * Bump google.golang.org/api from 0.40.0 to 0.41.0 (#172) * Bump google.golang.org/api from 0.39.0 to 0.40.0 (#164) * Bump k8s.io/client-go from 0.20.2 to 0.20.4 (#168) * Bump google.golang.org/api from 0.38.0 to 0.39.0 (#163) * Bump google.golang.org/api from 0.37.0 to 0.38.0 (#162) * Update GoReleaser to version 0.155, add Linux/arm and Windows builds (#161) * Bump google.golang.org/api from 0.36.0 to 0.37.0 (#160) ==== rook ==== Version update (1.5.7+git4.gae949004e -> 1.5.10+git4.g309ad2f64) - Update to v1.5.10 * Ceph * Update Ceph-CSI to v3.2.1 (#7506) * Use latest Ceph API for setting dashboard and rgw credentials (#7641) * Redact secret info from reconcile diffs in debug logs (#7630) * Continue to get available devices if failed to get a device info (#7608) * Include RGW pods in list for rescheduling from failed node (#7537) * Enforce pg_auto_scaler on rgw pools (#7513) * Prevent voluntary mon drain while another mon is failing over (#7442) * Avoid restarting all encrypted OSDs on cluster growth (#7489) * Set secret type on external cluster script (#7473) * Fix init container "expand-encrypted-bluefs" for encrypted OSDs (#7466) * Fail pool creation if the sub failure domain is the same as the failure domain (#7284) * Set default backend for vault and remove temp key for encrypted OSDs (#7454) ==== rpcbind ==== - Specify the appropriate set of local nss modules (boo#1177461) ==== rpm ==== Version update (4.16.0 -> 4.16.1.3) Subpackages: librpmbuild9 - Use --dwz-single-file-mode for packages that use baselibs.conf mechanism. - Add add-dwz-single-file-mode-option.patch patch. - change dump_posttrans mechanism to imply --noposttrans so that libzypp can be compatible with older rpm versions changed patch: posttrans.diff - auto-config-update-aarch64-ppc64le.diff: Use timestamp in file instead of searching for arch name, which cannot handle all cases - update to rpm-4.16.1.3 * security fixes for CVE-2021-3421, CVE-2021-20271, CVE-2021-20266 * fix bdb_ro failing to open database with missing secondary indexes * dropped: finddebuginfo-check-res-file.patch * dropped: empty_dbbackend.diff - require the exact version of librpmbuild in the rpm-build package [bnc#1180965] - reformat dwarf5.diff - add dump_posttrans and --runposttrans options to make it possible for libzypp to implement file triggers new patch: posttrans.diff ==== rpm-config-SUSE ==== Version update (0.g64 -> 0.g76) - Update to version 0.g76: * Prepare usrmerge (boo#1029961) * scripts/find-provides.ksyms: Handle XZ compressed kernel (boo#1179251). * find-requires.ksyms: use "if kernel" conditional for modules-load.d * find-requires.ksyms: actually generate modules-load.d dependencies * find-requires.ksyms: Silence the awk warning * find-provides.ksyms: Fix kernel version test * find-provides.ksyms: Fix ksym-provides test ==== runc ==== - Backport patch to fix build on SLE-12 ppc64le. + 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Added: * improvements-on-ansiblegate-module-354.patch - Regression fix of salt-ssh on processing some targets - Added: * regression-fix-of-salt-ssh-on-processing-targets-353.patch - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Added: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch - Update target fix for salt-ssh to process targets list (bsc#1179831) - Added: * update-target-fix-for-salt-ssh-to-process-targets-li.patch - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Added: * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * notify-beacon-for-debian-ubuntu-systems-347.patch - Allow vendor change option with zypper - Added: * allow-vendor-change-option-with-zypper-313.patch ==== selinux-policy ==== Version update (20210309 -> 20210419) Subpackages: selinux-policy-targeted - Added Recommends for selinux-autorelabel (bsc#1181837) - Prevent libreoffice fonts from changing types on every relabel (bsc#1185265). Added fix_libraries.patch - Transition unconfined users to ldconfig type (bsc#1183121). Extended fix_unconfineduser.patch - Update to version 20210419 - Refreshed: * fix_dbus.patch * fix_hadoop.patch * fix_init.patch * fix_unprivuser.patch ==== sg3_utils ==== Version update (1.45~815+5.6aa67ed -> 1.46) - Update to version 1.46: * sg_rep_pip: new utility: report provisioning initialization pattern command * sg_turs: estimated time-to-ready [spc6r03] - add --delay=MS option * sg_requests: substantial cleanup * sg_vpd: add Format presets and Concurrent positioning ranges - add hot-pluggable field in standard Inquiry [spc6r05] - fix vendor struct opts_t alignment * sg_inq: add hot-pluggable field in standard Inquiry * sg_dd: --verify : separate category for miscompare errors - --verify : oflag=coe continue on miscompares, counts them - add cdl= operand for command duration limit indexes - add oflag=nocreat and conv=nocreat : OFILE must exist - add iflag=00, ff, random flags - setup conditional auto rule for getrandom() - add command timeout after comma in time= operand * sg_get_elem_status: add ralwd bit sbc4r20a * sg_write_x: add dld bits to write(32) [sbc4r19a] * sg_rep_zones: print invalid write pointer LBA as -1 rather than 16 "f"s * sg_opcodes: improve handling of RWCDLP field * sg_ses: use fan speed factor field for calculation [ses4r04] - add --all (-a) option, same action as --join * sg_compare_and_write: add examples section to its manpage * sg_modes: document '-s' option (same as '-6') * sg_sanitize + sg_format: when --verbose given once report probable success; without --verbose 'no news is good news' * sg_zone: add Remove element and modify zones command * sg_raw: increase maximum data-in and data-out buffer size from 64 KB to 1 MB - fix --cmdfile= handling - add --nvm option to send commands from the NVM command set - add --cmdset option to bypass cdb heuristic - add --scan= first_opcode,last_opcode * sg_pt_freebsd: allow device names without leading /dev/ thus fix for regression introduced in rev 731 (ver: 1.43) * sg_pt_solaris+sg_pt_osf1: fix problem with clear_scsi_pt_obj() which needs to remember is_nvme and dev_fd values * sg_lib: add ZBC (2020) feature set entries * sg_lib: restore elements and rebuild command added * sg_lib,sg_pt: add partial_clear_scsi_pt_obj(), get_scsi_pt_cdb_len() and get_scsi_pt_cdb_buf() - add do_nvm_pt() for the NVM (sub-)command set - tweak transport error handling in Linux * sg_lib: Linux NVMe SNTL: add read, write and verify; synchronize cache and write same translations - add dummy start stop unit and test unit ready commands - wire cache mpage's WCE to nvme 'volatile write cache' - fix crash in sg_f2hex_arr() when fname not found * sg_lib: reprint cdb with illegal request sense key - asc/ascq match asc-num.txt @t10 20200708 [spc6r02] * gcc-10: suppress warnings * autoconf: upgrade version 2.69 to 2.70 * remove space from end of source lines for git-svn * testing/sg_mrq_testing: new, for blocking mrq usage * testing/sgs_dd: add evfd flags and eventfd processing * testing: remove master-slave terminology for sgv4 * examples: add nvme_read_ctl.hex and nvme_write_ctl.hex ==== shadow ==== - Do not require libeconf-devel on products without /usr/etc. - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite. - Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc - Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321) - Remove /usr/etc/skel support in useradd.local script ==== shim ==== Version update (15+git47 -> 15.4) - Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid the error message during linux system boot (bsc#1184454) - Add remove_build_id.patch to prevent the build id being added to the binary. That can cause issues with the signature - Update to 15.4 (bsc#1182057) + Rename the SBAT variable and fix the self-check of SBAT + sbat: add more dprint() + arm/aa64: Swizzle some sections to make old sbsign happier + arm/aa64 targets: put .rel* and .dyn* in .rodata - Drop upstreamed patch: + shim-bsc1182057-sbat-variable-enhancement.patch - Add shim-bsc1182057-sbat-variable-enhancement.patch to change the SBAT variable name and enhance the handling of SBAT (bsc#1182057) - Update to 15.3 for SBAT support (bsc#1182057) + Drop gnu-efi from BuildRequires since upstream pull it into the tar ball. - Generate vender-specific SBAT metadata + Add dos2unix to BuildRequires since Makefile requires it for vendor SBAT - Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt - Refresh patches + shim-arch-independent-names.patch + shim-change-debug-file-path.patch + shim-bsc1177315-verify-eku-codesign.patch - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch - Drop upstreamed fixes + shim-correct-license-in-headers.patch + shim-always-mirror-mok-variables.patch + shim-bsc1175509-more-tpm-fixes.patch + shim-bsc1173411-only-check-efi-var-on-sb.patch + shim-fix-verify-eku.patch + gcc9-fix-warnings.patch + shim-fix-gnu-efi-3.0.11.patch + shim-bsc1177404-fix-a-use-of-strlen.patch + shim-do-not-write-string-literals.patch + shim-VLogError-Avoid-Null-pointer-dereferences.patch + shim-bsc1092000-fallback-menu.patch + shim-bsc1175509-tpm2-fixes.patch + shim-bsc1174512-correct-license-in-headers.patch + shim-bsc1182776-fix-crash-at-exit.patch - Drop shim-opensuse-cert-prompt.patch + All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore. ==== snapper ==== Version update (0.8.16 -> 0.9.0) Subpackages: libsnapper5 - fix build on 32 bit musl systems (gh#openSUSE/snapper#644) - improved error handling (see gh#openSUSE/snapper#626) - version 0.9.0 - move org.opensuse.Snapper.conf from /etc to /usr (bsc#1183398 and gh#openSUSE/snapper#492) - run boot.service iff root config exists (gh#openSUSE/snapper#630) - avoid redundant quota rescans for same btrfs (see gh#openSUSE/snapper#507) - allow absolute sizes for SPACE_LIMIT and FREE_LIMIT (gh#openSUSE/snapper#507) ==== sqlite3 ==== Version update (3.35.2 -> 3.35.5) - SQLite3 3.35.5: * Fix defects in the new ALTER TABLE DROP COLUMN feature that could corrupt the database file * Fix an obscure query optimizer problem that might cause an incorrect query result - Fix build on SLE-12 - use https urls - SQLite 3.35.4: * Fix a defect in the query planner optimization * Fix a defect in the new RETURNING syntax * Fix the new RETURNING feature so that it raises an error if one of the terms in the RETURNING clause references a unknown table, instead of silently ignoring that error * Fix an assertion associated with aggregate function processing that was incorrectly triggered by the push-down optimization - SQLite 3.35.3: * Enhance the OP_OpenDup opcode of the bytecode engine so that it works even if the cursor being duplicated itself came from OP_OpenDup * When materializing correlated common table expressions, do so separately for each use case, as that is required for correctness. This fixes a problem that was introduced by the MATERIALIZED hint enhancement. * Fix a problem in the filename normalizer of the unix VFS * Fix the "box" output mode in the CLI so that it works with statements that returns one or more rows of zero columns (such as PRAGMA incremental_vacuum) * Improvements to error messages generated by faulty common table expressions * Fix some incorrect assert() statements * Fix to the SELECT statement syntax diagram so that the FROM clause syntax is shown correctly * Fix the EBCDIC character classifier so that it understands newlines as whitespace * Improvements the xBestIndex method in the implementation of the (unsupported) wholenumber virtual table extension so that it does a better job of convincing the query planner to avoid trying to materialize a table with an infinite number of rows ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap - Move sssctl command from sssd to sssd-tools package; (bsc#1184289); - Add missing /var/lib/sss/pubconf/krb5.include.d directory (bsc#1184285). - Make cifs-idmap plugin (cifs_idmap_sss.so) use update-alternatives mechanism to be able to switch between cifs-utils and sssd; (bsc#1182682). ==== sudo ==== Version update (1.9.5p2 -> 1.9.6p1) - update to 1.9.6p1 * Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments. * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. * Fixed a regression introduced in sudo 1.9.4 where the - -disable-root-mailer configure option had no effect. * Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time. * Plugged some memory leaks identified by oss-fuzz and ASAN. * Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand. * Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents). * The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON. * Fixed typos that prevented "make uninstall" from working. * Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present. * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new - -enable-fuzzer configure option can be combined with the - -enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via "make fuzz" or as part of "make check" (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc). * Fixed the --enable-static-sudoers configure option. * Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of "max_groups" in sudo.conf. * Added an "admin_flag" sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. * The "max_groups" setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed. * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" sudoers command options. A path "~/foo" was expanded to "/home/userfoo" instead of "/home/user/foo". This also affects the runchroot and runcwd Defaults settings. * Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. * Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct. * The default for the "group_source" setting in sudo.conf is now "dynamic" on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. * Fixed a potential use-after-free in the PAM conversation function. * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h. ==== suse-module-tools ==== Version update (15.3.5 -> 15.4.1) - Update to version 15.4.1: * dm-crypt requires essiv in SLE15 SP3 (boo#1183063 bsc#1184134 ltc#192244). - Update to version 15.4.0: * Enable f2fs (bsc#1184415) ==== systemd ==== Version update (246.11 -> 246.13) Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit 14581e01203df7aa63c7c8383a12e6ebe258476f (merge of v246.13) 423b1e759c Revert "resolved: gracefully handle with packets with too large RR count" (bsc#1183745) 4723778738 meson.build: make xinitrcdir configurable (bsc#1183408) [...] For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/9753d1c17545a5d46530696cb14254f5f12024f1...14581e01203df7aa63c7c8383a12e6ebe258476f - Drop 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch as it's part of v246.13. - Make use of the new build option to ship xinitrc in /usr/etc/X11/xinit/xinitrc.d (bsc#1183408) - Add 0001-Revert-resolved-gracefully-handle-with-packets-with-.patch Temporary workaround for bsc#1183745 (upstream issue 18917) until an actual fix is found. - Default to the "unified" cgroup hierarchy. At this point, most users of cgroup (such as docker, libvirt, kubernetes) should be ready for this change. It's still possible to switch back to the old "hybrid" hierarchy by passing "systemd.unified_cgroup_hierarchy=0" option to the kernel command line. ==== systemd-presets-common-SUSE ==== - Enable hcn-init.service for HNV on POWER (bsc#1184136 ltc#192155). ==== talloc ==== Version update (2.3.1 -> 2.3.2) - Update to 2.3.2 ==== tiff ==== Version update (4.2.0 -> 4.3.0) - version update to 4.3.0 * Build and usage of the library and its utilities requires a C99 capable compiler. * New optional codec for the LERC (Limited Error Raster Compression) compression scheme. To have it available, configure libtiff against the SDK available at https://github.com/esri/lerc * Removal of unused, or now useless due to C99 availability, functions in port/ * tiffcmp: fix comparaison with pixels that are fractional number of bytes * tiff2ps: exit the loop in case of error * tiff2pdf: check that tiff_datasize fits in a signed tsize_t ==== toolbox ==== Version update (2.1+git20210311.15cb3ad -> 2.1+git20210329.d14ac82) - Update to version 2.1+git20210329.d14ac82: * Fix localtime and mount sys, e.g., for tracing * Fix 'toolbox list' returning an error code even if working ==== u-boot-rpiarm64 ==== Version update (2021.01 -> 2021.04) Subpackages: u-boot-rpiarm64-doc Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0014-fs-btrfs-fix-the-false-alert-of-dec.patch - boo#1183717 Fix SMBIOS table entries (bsc#1183079) Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches added: 0013-configs-rpi-Enable-SMBIOS-sysinfo-d.patch - Add u-boot-zturnv5 flavour instead of u-boot-zturn. I've failed to find anybody who has v4 zturn board. - mx53loco now uses u-boot-dtb.imx instead of u-boot.imx - Update to 2021.04 - Patch queue updated from https://github.com/openSUSE/u-boot.git tumbleweed-2021.04 * Patches dropped: 0006-boo-1123170-Remove-ubifs-support-fr.patch 0007-boo-1144161-Remove-nand-mtd-spi-dfu.patch 0008-Kconfig-add-btrfs-to-distro-boot.patch 0009-configs-Re-sync-with-CONFIG_DISTRO_.patch 0010-configs-am335x_evm-disable-BTRFS.patch 0011-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch 0012-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch 0013-sunxi-Enable-SPI-support-on-Orange-.patch 0014-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch 0015-rpi-Add-identifier-for-the-new-RPi4.patch 0016-rpi-Add-identifier-for-the-new-CM4.patch 0017-pci-pcie-brcmstb-Fix-inbound-window.patch 0018-dm-Introduce-xxx_get_dma_range.patch 0019-dm-test-Add-test-case-for-dev_get_d.patch 0020-dm-Introduce-DMA-constraints-into-t.patch 0021-dm-test-Add-test-case-for-dev-dma_o.patch 0022-dm-Introduce-dev_phys_to_bus-dev_bu.patch 0023-dm-test-Add-test-case-for-dev_phys_.patch 0024-xhci-translate-virtual-addresses-in.patch 0025-mmc-Introduce-mmc_phys_to_bus-mmc_b.patch 0026-configs-rpi4-Enable-DM_DMA-across-a.patch 0027-video-arm-rpi-Add-brcm-bcm2711-hdmi.patch 0028-usb-xhci-pci-Add-DM_FLAG_OS_PREPARE.patch 0029-pci-brcmstb-Cleanup-controller-stat.patch 0030-fs-btrfs-Select-SHA256-in-Kconfig.patch 0031-efi_loader-Avoid-emitting-efi_var_b.patch 0032-configs-BPI-R2-Disable-EFI-Grub-wor.patch 0033-configs-RPi2-Disable-EFI-Grub-worka.patch 0034-smbios-Fix-table-whit-no-string-is-.patch * Patches added: 0006-Kconfig-add-btrfs-to-distro-boot.patch 0007-configs-Re-sync-with-CONFIG_DISTRO_.patch 0008-sunxi-dts-OrangePi-Zero-Add-SPI-ali.patch 0009-sunxi-dts-OrangePi-Zero-Enable-SPI-.patch 0010-sunxi-Enable-SPI-support-on-Orange-.patch 0011-Disable-CONFIG_CMD_BTRFS-in-xilinx_.patch 0012-smbios-Fix-table-when-no-string-is-.patch ==== vim ==== Version update (8.2.2607 -> 8.2.2800) Subpackages: vim-data-common vim-small - Updated to version 8.2.2800, fixes the following problems * Vim9: message about compiling is wrong when using try/catch. * Confusing error message with white space before comma in the arguments of a function declaration. * Function test fails. * Special key names don't work if 'isident' is cleared. * Vim9: wrong error message for referring to legacy script variable. * Coverity complains about not restoring character. * Prompt for s///c in Ex mode can be wrong. * Detecting Lua version is not reliable. * Vim9: cannot use legacy script-local var from :def function. * Vim9: function reference found with prefix, not without. * Vim9: for loop over string is a bit slow. * Status line not updated when local 'statusline' option set. * Extending a list with itself can give wrong result. * Vim9: a lambda accepts too many arguments at the script level. * Vim9: lambda with varargs doesn't work. * Vim9: Partial call does not check right arguments. * Vim9: when compiling a function fails it is cleared. * Vim9: function state stuck when compiling with ":silent!". * Vim9: no way to explicitly ignore an argument. * Vim9: missing part of the argument change. * Check for duplicate arguments does not work. * Vim9: not always an error for too many function arguments. * Vim9: memory leak when calling :def function fails. * Vim9: test for error can be a bit flaky. * Vim9: error for using underscore in nested function. * Coverity warns for using NULL pointer. * Vim9: cannot ignore an item in assignment unpack. * :sleep! does not always hide the cursor. * Vim9: no error for using a number in a condition. * Vim9: blob index and slice not implemented yet. * Vim9: blob tests for legacy and Vim9 script are separate. * Vim9: wrong line number for autoload function with wrong name. * Vim9: for loop infers type of loop variable. * Vim9: no error for changing a for loop variable. * Using "syn include" does not work properly. * Vim9: function line truncated when compiling. * Vim9: cannot use type in for loop unpack at script level. * Memory leak when default function argument is allocated. * Vim9: not all blob operations work. * Test failure. * Compiler warning for unused argument. * Vim9: memory leak with blob range error. * Modula-3 config files are not recognized. * Vim9: type of loop variable is not used. * Vim9: assignment not recognized if declaration was skipped. * Problems when restoring 'runtimepath' from a session file. * PSL filetype not recognized. * Vim9: cannot import an existing name even when using "as". * Vim9: wrong line number used for some commands. * :mksession uses current value of 'splitbelow' and 'splitright' even though "options" is not in 'sessionoptions'. (Maxim Kim) * Vim9: blob operations not tested in all ways. * Problem restoring 'packpath' in session. * Memory access error in remove() for blob. * Vim9: for loop over blob doesn't work. * Add() silently skips when adding to null list or blob. * Vim9: blob operations not fully tested. * Duplicate code for setting byte in blob, blob test may fail. * Vim9: cannot use \=expr in :substitute. * Vim9: cannot redirect to local variable. * Vim9: memory leak when using :s with expression. * Raku is now the only name what once was called perl6. * Vim9: using \=expr in :substitute does not handle jumps. * filetype test fails * Vim9: memory leak when using \=expr in :substitute. * Vim9: :disas shows instructions for default args but no text. * Linux users don't know how to get ncurses. * Coverity warns for not using return value. * Vim9: redir to variable does not accept an index. * Search highlight disappears in the Visual area. * Vim9: redir to variable with append does not accept an index. * Vim9: type casts don't fully work at the script level. * After a timer displays text a hit-enter prompt is given. - Updated to version 8.2.2725, fixes the following problems * strcharpart() cannot include composing characters. * Character input not fully tested. * Test disabled on MS-Windows even though it should work. * Mouse click test fails when using remote connection. * Conditions for startup tests are not exactly right. * col('.') may get outdated column value. * New test throws exception. * Vim9: function is deleted while executing. * Test is sourcing the wrong file. * Vim9: if 'cpo' is changed in Vim9 script it may be restored. * Vim9: script variable in a block scope not found by a nested function. * Vim9: cannot use a normal list name to store function refs. * Vim9: no test for return type of lambda. * Vim9: Using #{ for a dictionary gives strange errors. * typval2type() cannot handle recursive structures. * GTK: error when starting up and -geometry is given. (Dominique Pellé) * Some tests fail when run as root. * Atom files not recognized. * Rss files not recognized. * GTK3: error when starting up and -geometry is given. (Dominique Pellé) * No need to check for BSD after checking for not root. * Vim9: #{ can still be used at the script level. * Vim9: error for #{{ is not desired. * Hard to see where a test gets stuck. * Commands from winrestcmd() do not always work properly. (Leonid V. Fedorenchik) * Not all command line arguments are tested. * Multi-byte 'fillchars' for folding do not show properly. * 'tagfunc' does not indicate using a pattern. * Vim9: cannot define an inline function. * Memory leak when compiling inline function. * prop_remove() causes a redraw even when nothing changed. * Cannot write a message to the terminal from the GUI. * Build failure when fsync() is not available. * screenstring() returns non-existing composing characters. * Display test fails because of lacking redraw. * Vim9: no clear error for wrong inline function. * Various code not covered by tests. * prop_clear() causes a screen update even when nothing changed. * Using inline function is not properly tested. * Vim9: error for not using string doesn't mention argument. * Terminal test sometimes hangs. * Terminal resize test sometimes hangs. * Vim9: some wincmd arguments cause a white space error. * Vim9: command modifiers not handled in nested function. * Vim9: restoring command modifiers happens after jump. * Vim9: can use command modifier without an effect. * Build failure. * Vim9: getting a character from a string can be slow. * The -w command line argument doesn't work. * Some command line arguments and regexp errors not tested. * Vim9: error message for declaring variable in for loop. * :for cannot loop over a string. * Eval test fails because for loop on string works. * Vim9: no error for declaration with trailing text. * Leaking memory when looping over a string. * There is no way to avoid some escape sequences. * Vim9: leaking memory when inline function has an error. * Vim9: not enough function arguments checked for string. * Test failures. * Vim9: not enough function arguments checked for string. * prop_find() cannot find item matching both id and type. * Vim9: omitting "call" for "confirm()" does not give an error. * Command line completion does not work after "vim9". * Vim9: error for append(0, text). * Error for line number in legacy script. * Vim9: cannot use :lockvar and :unlockvar in compiled script. * Vim9: script-local funcref can have lower case name. * Directory change in a terminal window shell is not followed. * Missing error message. * Vim9: cannot use only some of the default arguments. * Test for 'autoshelldir' does not reset the option. * Winbar drawn over status line for non-current window with winbar if frame is zero height. (Leonid V. Fedorenchik) * Vim9: problem defining a script variable from legacy function. * Vim9: test fails for redeclaring script variable. * Vim9: cannot find Name.Func from "import * as Name". (Alexander Goussas) * Build failure without the +eval feature. * Not enough folding code is tested. * Custom statusline not drawn correctly with WinBar. * Status line is not updated when going to cmdline mode. * Vim9: cannot use "const" for global variable in :def function. * Vim9: crash when using s: for script variable. * Tiny build fails. * PowerShell files are not recognized. * Autoconf may mess up compiler flags. * Vim9: locked script variable can be changed. * Vim9: locked script variable can be changed. * When 'matchpairs' is empty every character beeps. (Marco Hinz) * Cursor position reset with nested autocommands. * Lua test fails with Lua 5.4.3 and later. * Function list test fails. * Lua test fails on MS-Windows. * Lua test fails. * Nested autocmd test fails sometimes. * Order of removing FORTIFY_SOURCE is wrong. * Compiler completion test fails when more scripts are added. * Vim9: memory leak when failing on locked variable. * Adding a lot of completions can be a bit slow. * Vim9: misleading reported line number for wrong type. * Vim9: wrong line number reported for boolean operator. * Adding a lot of completions can still be a bit slow. * Test sometimes fails waiting for shell in terminal. * The GTK GUI has a gap next to the scrollbar. * Vim9: not all tests cover script and :def function. * "gj" in a closed fold does not move out of the fold. (Marco Hinz) * Memory leak when adding to a blob fails. * Folding code not sufficiently tested. * Filetype pattern ending in star is too far up. * Vim9: tests fail without the channel feature. (Dominique Pellé) * The equivalent class regexp is missing some characters. * GTK menu items don't show a tooltip. * Vim9: no explicit test for using a global function without the g: prefix. * Vim9: appending to dict item doesn't work in a :def function. * GTK menu tooltip moves the cursor. * Vim9: cannot have a linebreak inside a lambda. * Vim9: crash when using LHS with double index. * Assignment test fails. * Vim9: concatenating to list in dict not tested. * Vim9: message about compiling is wrong when using try/catch. ==== wpa_supplicant ==== - Add CVE-2021-30004.patch -- forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348) ==== yast2 ==== Version update (4.3.60 -> 4.4.2) - Add to yast2 mixin Yast2::SecretAttributes for hiding sensitive information (bsc#1141017) - 4.4.2 - The location given to the Y2Issue::Issue constructor can be a string or a location object. - Add a mechanism to report issues to the user (related to bsc#1181295). - 4.4.1 - Updated manual page ("man yast2") (bsc#1184681) - 4.4.0 - Add a default value for file_path argument in ::new and ::load methods of CFA::LoginDefs class. ==== zchunk ==== Version update (1.1.5 -> 1.1.9) - Update to version 1.1.9 * Handle zstd 1.4.7+ * Update documentation * unzck: require a *.zck extension * General bug fixes - Dropped upstream merged d2eae512bee09a4047cfe586de12f644d73b0736.patch - Add fix-test-argp.patch: Fix argp detection