Packages changed: busybox-k8s-yaml ceph (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) dracut (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) kubernetes (1.18.8 -> 1.19.0) kubernetes1.18 kubic-control (0.10.1 -> 0.10.2) libzypp (17.24.1 -> 17.24.2) mozilla-nss (3.54 -> 3.55) open-vm-tools (11.1.0 -> 11.1.5) procps weave (2.6.5 -> 2.7.0) yast2 (4.3.19 -> 4.3.24) zypper (1.14.37 -> 1.14.38) === Details === ==== busybox-k8s-yaml ==== - Use pause command instead of sleep, else the container will always quit hard after 1 hour. ==== ceph ==== Version update (15.2.4.89+g583fe198f6 -> 16.0.0.4862+g8ac6038555) Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw - Update to 16.0.0-4862-g8ac6038555: + rebase on tip of upstream "master" branch, SHA1 46c912978aa6a0b0f67094a27933c7bea829e6c9 - checkin.sh: build only one frontend language (English) by default, to speed up tarball generation - Update to 15.2.4-822-g24d833526b + rebase on tip of upstream "octopus" branch, SHA1 0887d548597b9d2381de42c1cc8a5c01d264ae8b - Update to 15.2.4.557+g4ac763f0b3 + rebase on tip of upstream "octopus" branch, SHA1 96411838ef6fef9a5285ca4d5c0708e6a599632e - Update to 15.2.4-511-g40953bf9d6 + rebase on tip of upstream "octopus" branch, SHA1 f3b8bc0d11ca4f8167615007645759e905b1ada5 - Update to 15.2.4-465-g5e8d9ae6bd + rebase on tip of upstream "octopus" branch, SHA1 213e2c803b4f68c9f0b33119c64638a6813d2692 - Update to 15.2.4-381-g734ae877b4: + rebase on tip of upstream "octopus" branch, SHA1 d0da4070a19a55ebe9c55904d6da2ad38833aae0 - Update to 15.2.4-342-g6987dec446: + cmake: add empty RPATH to ceph-diff-sorted - Update to 15.2.4-337-g55cec95eaf: + rebase on tip of upstream "octopus" branch, SHA1 405556b2629d8274dea2e14ee017c70a7dfb24a1 + Monitoring: Use downstream container images ==== dracut ==== Version update (050+suse.67.g28be2f36 -> 050+suse.75.g266a76d9) Subpackages: dracut-ima - Update to version 050+suse.75.g266a76d9: * net-lib.sh: support infiniband network mac addresses (bsc#996146) * 95iscsi: use ip_params_for_remote_addr() (bsc#1167494) * 95nfs: use ip_params_for_remote_addr() (bsc#1167494) * dracut-functions: add ip_params_for_remote_addr() helper (bsc#1167494) - Update to version 050+suse.71.g390f4d72: * 01fips: modprobe failures during manual module loading is not fatal (bsc#1169997) * 91zipl: parse-zipl.sh: honor SYSTEMD_READY (bsc#1165828) * 95iscsi: fix ipv6 target discovery (bsc#1172807) * 35network-legacy: correct conditional for creating did-setup file (bsc#1172807) ==== kubernetes ==== Version update (1.18.8 -> 1.19.0) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Introduce -etcd, -etcdminus1, -coredns and -corednsminus1 subpackages. This is so etcd and coredns container images can be made for specific kubernetes versions. - Bump to kubernetes 1.19.0 - kubernetes-kubeadm now requires kubernetes%{baseversion}-kubelet and kubernetes%{baseversionminus1}-kubelet. This is to ensure both are installed on Kubic even though kubernetes{%baseversion}-kubeadm only hard requires either kubelet. ==== kubernetes1.18 ==== - Introduce kubernetes$FOO-client-common package to make -client truely parralel installable - Harmonise macro names, use baseversionminus1 across all k8s packages for previous version number - Remove old macro on maxcriversion, with the new relaxed constraints - Relax constraints on kubeadm ==== kubic-control ==== Version update (0.10.1 -> 0.10.2) Subpackages: kubic-haproxycfg kubicctl kubicd - Update to version 0.10.2 - Fix apiserver argument handling in multi-master mode - Minor bug fixes - kubicctl: align options ==== libzypp ==== Version update (17.24.1 -> 17.24.2) - VendorAttr: Const-correct API and let Target provide its settings (bsc#1174918) - Support buildnr with commit hash in purge-kernels (bsc#1175342) This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. - Improve Italian traslation of the "breaking dependencies" message (bsc#1173529) - Make sure reading from lsof does not block forever (bsc#1174240) - Just collect details for the signatures found (fixes #229) - version 17.24.2 (22) ==== mozilla-nss ==== Version update (3.54 -> 3.55) - update to NSS 3.55 Notable changes * P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1]. * PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633) * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752) Relevant Bugfixes * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila. * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature. * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding. * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length. * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix). * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix). * bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED. * bmo#1646594 - Fix AVX2 detection in makefile builds. * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate. * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo. * bmo#1647752 - Update DTLS 1.3 implementation to draft-38. * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI. * bmo#1649226 - Add Wycheproof ECDSA tests. * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES. * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover. * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension. ==== open-vm-tools ==== Version update (11.1.0 -> 11.1.5) Subpackages: libvmtools0 - Update to 11.1.5 (build 16724464) (boo#1175573) + This source release rolls up the SDMP fixes release post 11.1.0. + Fix serveral Coverity reported issues. + Address github issues: https://github.com/vmware/open-vm-tools/issues/451 https://github.com/vmware/open-vm-tools/issues/429 https://github.com/vmware/open-vm-tools/issues/428 - Drop unnecessary patch: - gcc10-warning.patch - sdmp-get-version.patch - sdmp-netstat-to-ss.patch - sdmp-warnings.patch ==== procps ==== Subpackages: libprocps8 - Enable pidof by default ==== weave ==== Version update (2.6.5 -> 2.7.0) - Update to version 2.7.0 - https://github.com/weaveworks/weave/releases/tag/v2.7.0 - obsoletes vendor.tar.xz ==== yast2 ==== Version update (4.3.19 -> 4.3.24) - Fixed accidentaly broken dependencies (related to bsc#1175317) - 4.3.24 - Yet another unit test architecture fix :-( (related to bsc#1175317) - 4.3.23 - Fix for the previous change: fixed unit test failure on non x86_64 archs (related to bsc#1175317) - 4.3.22 - Y2Packager::Resolvable.find(): improved error handling, added more unit tests (related to bsc#1175317) - 4.3.21 - Unify profile element paths (bsc#1175680). - 4.3.20 ==== zypper ==== Version update (1.14.37 -> 1.14.38) Subpackages: zypper-needs-restarting - Directly list subcommands in 'zypper help' (bsc#1165424) - man: enhance description of the global package cache (bsc#1175592) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks (bsc#1174561) - Fix help command for list-patches - man: Point out that plain rpm packages are not downloaded to the global package cache (bsc#1173273) - version 1.14.38