Packages changed: cilium (1.6.5 -> 1.7.0) ipset (7.5 -> 7.6) libzypp (17.22.1 -> 17.23.0) mozilla-nss patterns-containers python-ecdsa (0.13.3 -> 0.15) python-requests (2.22.0 -> 2.23.0) rakkess (0.4.3 -> 0.4.4) sysconfig (0.85.3 -> 0.85.4) transactional-update (2.20.1 -> 2.20.2) wicked (0.6.61 -> 0.6.62) xfsprogs (5.0.0 -> 5.4.0) yomi-formula (0.0.1+git.1579090265.ecae64c -> 0.0.1+git.1582036279.1c70638) zypper (1.14.33 -> 1.14.34) === Details === ==== cilium ==== Version update (1.6.5 -> 1.7.0) - Use %requires_eq for cilium-proxy. - Add cilium-proxy as a runtime dependency. - Build with correct cilium-proxy version string. - Add upstream patches which fix running Cilium on aarch64 and remove dependency on glibc: * 0001-option-mark-keep-bpf-templates-as-deprecated.patch * 0002-make-remove-the-need-for-go-bindata.patch * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch - Add downstream patch which makes helm charts compatible with openSUSE images: * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch - Update to version 1.7.0: * Major changes - Add direct server return (DSR) for NodePort BPF - Add support for k8s 1.17 - Add support for k8s endpoint slice - Add support for L7 visibility via pod annotations - Clusterwide K8s Cilium Network Policies - Envoy TLS support with header imposition * Bugfixes - Add better mechanism to detect if k8s caches are synced against k8s - api: Add missing annotations to generate DeepCopy for new status fields - bpf: Fix proxy redirection for egress programs - bpf: Remove POLICY_MAP from bpf_netdev and bpf_overlay - cilium: use %v for dumping frontend struct on error - Correct clustermesh identity sync kvstore backend usage (to actually use the remote) - daemon: Upgrade spf13/viper - eni: Check instance existence before resolving deficit - Filter out bpftool probes emitting dmesg messages - Fix cilium daemonset deletion on AKS - Fix concurrent access of a variable used for metrics - Fix issue (#10092) which incorrectly configured route MTU with encryption and tunnel enabled. - Fix memory corruption on clusters with IPv6 and NodePort enabled - Fix node-port default route detection in case there multiple default entries with same ifindex. - Fix regression to avoid freeing alive IPs - Fix regular service lookup in node-port range in case of host-reachable services. - Fix Unlock handling for kvstore locks - Fix vishvananda/netlink library's VethPeerIndex() stack corruption with 4.20+ kernels. - fqdn: Support setting tofqdns-min-ttl to 0 - health: add ipv6 health check status to cilium health status output - HostToContainer propagation for /sys/fs/bpf - ipam: Protect release from releasing alive IP - ipcache: Add probe to check for dump capability to support delete - ipsec: fix connectivity after node reboots - k8s: Fix Service.DeepEquals for ExternalIP - kubernetes: Disable LocalNodeRoute while chaining - node: Provide context in log when restoring router addresses - operator: only enable kvstore watcher if kvstore is enabled - pkg/bpf: Protect each uintptr with runtime.KeepAlive - pkg/endpoint: access endpoint state safely across go routines - pkg/ip: fix cilium status output for big CIDR ranges - policy: Don't open localhost when allowing L7 traffic - policy: Expose L3 selectors within endpoint JSON - Remove quick-install.yaml file, ship only helm chart instead. ==== ipset ==== Version update (7.5 -> 7.6) Subpackages: libipset13 - Update to release 7.6 * Add checking system_power_efficient_wq in the source tree. ==== libzypp ==== Version update (17.22.1 -> 17.23.0) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - version 17.23.0 (22) ==== mozilla-nss ==== - Package also the cmac.h needed by blapi.h - Disable LTO on %arm as LTO fails on neon errors ==== patterns-containers ==== Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm patterns-containers-kubernetes_utilities patterns-containers-kubic_admin patterns-containers-kubic_loadbalancer patterns-containers-kubic_worker - Prevent building of kubic-specific patterns in SLE/Leap ==== python-ecdsa ==== Version update (0.13.3 -> 0.15) - update to 0.15 - fix fdupes usage * extra long changelog - see NEWS file ==== python-requests ==== Version update (2.22.0 -> 2.23.0) - update to 2.23.0 - dropped merged_pr_5049.patch - refreshed requests-no-hardcoded-version.patch * Remove defunct reference to prefetch in Session __attrs__ * Requests no longer outputs password in basic auth usage warning ==== rakkess ==== Version update (0.4.3 -> 0.4.4) - Fix building on %arm architectures - Update to version 0.4.4 - Upstream release script fixes ==== sysconfig ==== Version update (0.85.3 -> 0.85.4) Subpackages: sysconfig-netconfig - version 0.85.4 - Add Upstream First openSUSE Build Service Policy to the spec - Mark /etc/yp.conf as %config(noreplace): this is the same as the file shipped by ypbind has as mode. In sysconfig we create a symlink, in ypbind, the file is actually only owned for reference. Having the same modes allows for the bots to do their work properly (boo#1159566). ==== transactional-update ==== Version update (2.20.1 -> 2.20.2) Subpackages: transactional-update-zypp-config - Update to version 2.20.2 - Use full names for zypper options [bsc#1164543] - Ignore /var/lib/rpm in shadowed file output - Optimize create-dirs-from-rpmdb ==== wicked ==== Version update (0.6.61 -> 0.6.62) Subpackages: wicked-service - version 0.6.62 - dhcp4: discard lease on client-id mismatch (CVE-2020-7217,bsc#1160906) - dhcp4: free lease on response without message type (CVE-2020-7216,bsc#1160905) - dhcp6: don't add free'd IA to ia_pd_list on T1>T2 (CVE-2019-18903,bsc#1160904) - dhcp6: fix use-after-free on option parsing failure (CVE-2019-18902,bsc#1160903) - utils: don't reject NULL var array names/keys breaking wicked duid dump - routes: schema fix to avoid not applying rto_min incl. new time format (bsc#1160939) - systemd: order start wicked after network-pre.target and openvswitch.service start - packaging: use pkgconfig(libsystemd) instead of systemd-devel - misc bug fixes by Malte Kraus including undefined behaviour, memory access alignment - corrections, use-after-free, missed initialization and format errors ==== xfsprogs ==== Version update (5.0.0 -> 5.4.0) - split xfs scrubbing scripts and service files into a separate optional package, in order to avoid having python as a dependency in the main xfsprogs rpm (bsc#1157438). - update to v5.4.0: * xfsprogs: Release v5.4.0 * xfsprogs: Release v5.4.0-rc1 * mkfs: tidy up discard notifications * mkfs: Break block discard into chunks of 2 GB * xfs_admin: enable online label getting and setting * xfs_admin: support external log devices * xfsprogs: add missing line feeds in libxfs/rdwr.c * xfsprogs: remove stray libxfs whitespace * xfsprogs: Release v5.4.0-rc0 * xfs: change the seconds fields in xfs_bulkstat to signed * xfs: move local to extent inode logging into bmap helper * xfs: remove broken error handling on failed attr sf to leaf change * xfs: log the inode on directory sf to block format change * xfs: remove unused flags arg from xfs_get_aghdr_buf() * xfs: log proper length of superblock * xfs: revert 1baa2800e62d ("xfs: remove the unused XFS_ALLOC_USERDATA flag") * xfs: convert inode to extent format after extent merge due to shift * xfs: define a flags field for the AG geometry ioctl structure * xfs: add a xfs_valid_startblock helper * xfs: remove the unused XFS_ALLOC_USERDATA flag * xfs: allocate xattr buffer on demand * xfs: consolidate attribute value copying * xfs: move remote attr retrieval into xfs_attr3_leaf_getvalue * xfs: remove unnecessary indenting from xfs_attr3_leaf_getvalue * xfs: make attr lookup returns consistent * xfs: reverse search directory freespace indexes * xfs: speed up directory bestfree block scanning * xfs: factor free block index lookup from xfs_dir2_node_addname_int() * xfs: factor data block addition from xfs_dir2_node_addname_int() * xfs: move xfs_dir2_addname() * xfs: remove all *_ITER_CONTINUE values * xfs: remove all *_ITER_ABORT values * xfs: reinitialize rm_flags when unpacking an offset into an rmap irec * xfs: remove unnecessary int returns from deferred bmap functions * xfs: remove unnecessary int returns from deferred refcount functions * xfs: remove unnecessary int returns from deferred rmap functions * xfs: remove unnecessary parameter from xfs_iext_inc_seq * xfs: fix sign handling problem in xfs_bmbt_diff_two_keys * xfs: don't return _QUERY_ABORT from xfs_rmap_has_other_keys * xfs: fix maxicount division by zero error * xfs: remove excess function parameter description in 'xfs_btree_sblock_v5hdr_verify' * xfs: add kmem allocation trace points * fs: xfs: Remove KM_NOSLEEP and KM_SLEEP. - update to v.5.3.0 * mkfs.xfs: use libfx to write out AGs versus open coding * mkfs.xfs: fix incorrect error message during AG init * xfs_repair: better info when metadata updates fail * xfs_growfs: allow mounted device node as argument * xfs_spaceman: always report sick metadata * xfs_io: add a bulkstat command * xfs_io: encrypt command enhancements * xfs_io: copy_file_range fixes * man: document several new ioctls * xfs_scrub: copious rewriting * libfrog: header moves, refactoring, updates * libxfs: fix buffer refcounting - update to v5.2.0 - libxfs: cosmetic changes to trans.c to match kernel (Eric Sandeen) - libxfs changes merged from kernel 5.2 - mkfs: enable reflink by default (Darrick Wong) - mkfs: fix stripe unit handling (Allison Collins) - mkfs: remove useless log options in usage() (Yang Xu) - mkfs: validate start and end of aligned logs (Darrick Wong) - xfs_quota: fix built-in help for project setup (Eric Sandeen) - xfs_io: allow passing an open file to copy_range (Amir Goldstein) - xfs_info: limit findmnt to mounted xfs filesystems (Amir Goldstein) - man: break out several ioctl man pages (Darrick Wong) - man: Fix an inconsistency in the mkfs man page (Alvin Zheng) - xfs_scrub: fix background-mode sleep throttling (Darrick Wong) - libxfs: sync up xfs_trans_inode.c with the kernel (Eric Sandeen) - libfrog: fix bitmap return values (Darrick Wong) - libfrog: don't set negative errno in conversion f'ns (Darrick Wong) ==== yomi-formula ==== Version update (0.0.1+git.1579090265.ecae64c -> 0.0.1+git.1582036279.1c70638) - Update to version 0.0.1+git.1582036279.1c70638: * Revert "init: drop namespace for the check" - Update to version 0.0.1+git.1581958876.d324e18: * metadata: support "after" ordering - Adjust the ordering of the forms - Move out the user modules from the susemanager domain ==== zypper ==== Version update (1.14.33 -> 1.14.34) Subpackages: zypper-needs-restarting - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - version 1.14.34