Packages changed: aaa_base (84.87+git20191017.bf0a315 -> 84.87+git20191120.98f1524) ca-certificates-mozilla cri-o (1.16.0 -> 1.16.1) dracut (049+git114.058e566c -> 049+git115.c2d8d6fb) findutils glib2 (2.62.2 -> 2.62.3) growpart hyper-v kubernetes (1.16.2 -> 1.16.3) libtirpc (1.0.3 -> 1.1.4) lzo mozilla-nspr (4.22 -> 4.23) mozilla-nss (3.46.1 -> 3.47.1) pam-config patterns-containers pcre2 (10.33 -> 10.34) perl (5.28.1 -> 5.30.1) sed shared-mime-info xen (4.13.0_02 -> 4.13.0_03) === Details === ==== aaa_base ==== Version update (84.87+git20191017.bf0a315 -> 84.87+git20191120.98f1524) - Update to version 84.87+git20191120.98f1524: * merged PR 65 * dash fixes * handle /usr/etc/login.defs for wsl ==== ca-certificates-mozilla ==== - export correct p11kit trust attributes so Firefox detects built in certificates (boo#1154871). Courtesy of Fedora. ==== cri-o ==== Version update (1.16.0 -> 1.16.1) Subpackages: cri-o-kubeadm-criconfig - Update to v1.16.1: * Add manifest list support * Default to system.slice for conmon cgroup * Don't set PodIPs on host network pods - switch to libcontainers-common requires, as the other two are provided by it already (avant-garde#1056) - Revert cgroup_manager from systemd to cgroupsfs for SLE15 k8s default is cgroupfs and in can be modified at runtime by the `--kubelet-cgroups` flag. However this flag is deprecated and avoinding it is currently preferred over introducing it. In order to switch to systemd as the cgroups manager in SLE15 further analysis is required to find a suitable configuration strategy. ==== dracut ==== Version update (049+git114.058e566c -> 049+git115.c2d8d6fb) Subpackages: dracut-ima - Update to version 049+git115.c2d8d6fb: * suse: Remove incorrect usage of %_libexecdir (boo#1155785) ==== findutils ==== - Add disable-null-ptr-test.patch in order to fix boo#1157342. ==== glib2 ==== Version update (2.62.2 -> 2.62.3) Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0 - Update to version 2.62.3: + Use `poll()` in `g_spawn_sync()` rather than `select()`, which is subject to FD limits. + Fix undefined behaviour with `g_utf8_find_prev_char()`. + Bugs fixed: glgo#GNOME/GLib#954, glgo#GNOME/GLib#1318, glgo#GNOME/GLib#1897, glgo#GNOME/GLib#1903, glgo#GNOME/GLib#1916, glgo#GNOME/GLib#1917, glgo#GNOME/GLib!1174, glgo#GNOME/GLib!1184, glgo#GNOME/GLib!1194, glgo#GNOME/GLib!1203, glgo#GNOME/GLib!1207, glgo#GNOME/GLib!1215, glgo#GNOME/GLib!1219, glgo#GNOME/GLib!1222, glgo#GNOME/GLib!1228. ==== growpart ==== - Clean growpart.spec: * Drop obsolete tags * Use install instead of mkdir+cp+chmod * Fix build on SLE 12 SP4 - Replaced hardcoded systemd paths with macros in spec file - Reference entry for maintenance Tracker bug for the submission set to: bsc#1154357 - Deleted rootgrow source and sub-package build rootgrow is provided on github: https://github.com/SUSE-Enceladus/rootgrow and builds a standalone package now ==== hyper-v ==== - Update lsvmbus interpreter from python(1) to python3(1) again because only SLE12 lacked proper python3 support (bsc#1093910) - async name resolution in kvp_daemon (bsc#1100758) - kvp: eliminate 'may be used uninitialized' warning (89eb4d8d) - fix typos in toolchain (2d35c660) - fixed Python pep8/flake8 warnings for lsvmbus (5912e791) - Replace GPLv2 boilerplate/reference with SPDX (43aa3132) - Fix a warning of buffer overflow with gcc 8.0.1 (4fcba780) ==== kubernetes ==== Version update (1.16.2 -> 1.16.3) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Convert changes file to proper UTF-8 format: new version of RPM are getting strict in interpreting files. - Update to version 1.16.3: * kubeadm: fix skipped etcd upgrade on secondary cp nodes * Add testcases covering large valid patches * json unmarshal coded error at function applyJSPatch() * Stop Watching when there is encoding error * Remove HostPathV0 tests in preparation for removal in 1.17. This is so that upgrade tests dont fail when support for v0 drivers are removed in k8s 1.17 * add cache read type prefix for const * update getmetadata to use unsafe read * add allowunsafe read * Flush data cache during unmount device for GCE-PD in Windows * add a fallback for kube-scheduler when events.k8s.io is disabled * modify detach timeout to be csiTimeout * fix windows performance counter father information failed on Non-English environment * bump metrics server version o v0.3.6 * Bump metrics-server version to v0.3.5 * rename metric for apiserver request terminations and reword corresponding documentation * pluralize error metric name * Fix double counting issue for request metrics on timeout. * Do not bind block PV/PVCs when block feature gate is off * Return an error when zone info is not found. * Use --stamp flag in bazel builds * Update to use go1.12.12 * Update Cluster Autoscaler version to 1.16.2 * add tombstoones handle for pdb * Amend CHANGELOG-1.16.md for v1.16.2 * Fix proto.Merge of IntOrString type * Bump to etcd 3.3.17 and bbolt v1.3.3 * Add/Update CHANGELOG-1.16.md for v1.16.2. * Kubernetes version v1.16.3-beta.0 openapi-spec file updates * release: lib: revert docker_registry to constant k8s.gcr.io * Remove check causing informers to miss notifications * auth/cloud-platform is a superset of devstorage. * Remove e2e/common package usage in volumemode testsuite * Mark startupProbe test as NodeAlphaFeature and fix podClient instanciation ==== libtirpc ==== Version update (1.0.3 -> 1.1.4) Subpackages: libtirpc-netconfig libtirpc3 - Fix previous version: - actually delete 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch - use 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch - use 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch (renamed from 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch) - use 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch (renamed from 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch) - Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release) - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect upstream changes after 1.1.4 release - remove /etc/bindresvport.blacklist as it's still supported by glibc although it's not compiled with --enable-obsolete-rpc - Drop patches accepted in previous releases or not needed - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4) - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory) - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1) - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch (backport of 25d38d7, libtirpc-1-0-4-rc1) - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch (backport of 145272c, libtirpc-1-0-4-rc2) - Add fixes from upcomming release - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch ==== lzo ==== - Disable strict aliasing due to its violation (boo#1157271). ==== mozilla-nspr ==== Version update (4.22 -> 4.23) - update to version 4.23 * fixed a build failure that was introduced in 4.22 * correctness fix for Win64 socket polling * whitespace in C files was cleaned up and no longer uses tab characters for indenting ==== mozilla-nss ==== Version update (3.46.1 -> 3.47.1) Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs - update to NSS 3.47.1 * CVE-2019-11745 - EncryptUpdate should use maxout, not block size * Fix a crash that could be caused by client certificates during startup (bmo#1590495) * Fix compile-time warnings from uninitialized variables in a perl script (bmo#1589810) - update to NSS 3.47 * required by Firefox 71.0 Notable changes * Support AES HW acceleration on ARMv8 (bmo#1152625) * Allow per-socket run-time ordering of the cipher suites presented in ClientHello (bmo#1267894) * Add CMAC to FreeBL and PKCS #11 libraries (bmo#1570501) Bugfixes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.47_release_notes - requires NSPR 4.23 ==== pam-config ==== - Prevent systemd-user to call pam_mount when opening/closing a (PAM) session as it drops privileges in between and so when closing it may be unable to undo things set up during opening. [bsc#1153630, bsc1153630-prevent-systemd-pam_mount.patch] ==== patterns-containers ==== Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm patterns-containers-kubernetes_utilities patterns-containers-kubic_admin patterns-containers-kubic_loadbalancer patterns-containers-kubic_worker - Add k9s to kubernetes utilities pattern ==== pcre2 ==== Version update (10.33 -> 10.34) - Enable JIT on aarch64 - pcre2 10.34: * implement the documented maximum number of capturing subpatterns of 65535 * Improve the invalid utf32 support of the JIT compiler * Add support for matching in invalid UTF strings to the pcre2_match() * Give more error detail for invalid UTF-8 when detected in pcre2grep * support for invalid UTF-8 to pcre2grep. * Adjust the limit for "must have" code unit searching, in particular, * increase it substantially for non-anchored patterns. * Allow (*ACCEPT) to be quantified, because an ungreedy quantifier with a zero minimum is potentially useful. * Some changes to the way the minimum subject length is handled * Check for integer overflow when computing lookbehind lengths * Implement non-atomic positive lookaround assertions * Upgraded to Unicode 12.1.0 * Make pcre2test -C show if libreadline or libedit is supported * Various bug fixes and improvements ==== perl ==== Version update (5.28.1 -> 5.30.1) Subpackages: perl-base - update to perl-5.30.1 * unicode 12.1 is supported * turkic UTF-8 locales are now seamlessly supported * assigning non-zero to $[ is fatal * some formerly deprecated uses of an unescaped left brace "{" in regular expression patterns are now illegal * previously deprecated sysread()/syswrite() on :utf8 handles is now fatal * my() in false conditional prohibited * remove File::Glob::glob() * various performance enhancements - updated patches: * perl-5.22.0_wrong_rpm_provides.diff * perl-gdbm-test-no-mmap.diff * perl-fix2020.patch * perl-reproducible2.patch - dropped patches: * perl-revert-caretx.diff * perl-regexp-refoverflow.diff ==== sed ==== - Add disable-null-ptr-argument.patch in order to fix boo#1157218. ==== shared-mime-info ==== - Drop no longer required PreReq's, obsolete with switch to file trigger based pre/post scripts. ==== xen ==== Version update (4.13.0_02 -> 4.13.0_03) - Update to Xen 4.13.0 RC3 release xen-4.13.0-testing-src.tar.bz2 - Drop python38-build.patch