Packages changed: kbd kubernetes1.17 (1.17.4 -> 1.17.5) openssl (1.1.1f -> 1.1.1g) openssl-1_1 (1.1.1f -> 1.1.1g) perl-Bootloader (0.926 -> 0.927) wpa_supplicant zlib === Details === ==== kbd ==== Subpackages: kbd-legacy - drop broken kbd command as well as guess_encoding (boo#1170067) - don't use subdirectory for legacy keymaps (boo#1166423) - use fdupes ==== kubernetes1.17 ==== Version update (1.17.4 -> 1.17.5) - Update to version 1.17.5: * Fix GCE ILB for large clusters * gce-addons: Make sure default/limit-range doesn't get overridden * Restore the ability to `kubectl apply --prune` without -n flag * Fix client watch reestablishment handling of client-side timeouts * Fix priorityClass typo, add numeric priority to static pods * Test dropped round-trip annotations in HPA conversion * Drop round-trip annotations in HPA conversion * Ensure Azure availability zone is always in lower cases * Clean up event messages for errors. * Fix permissions for endpointslice controller * Allow list-resources.sh to continue if a resource fails to list * Check that ImageInspect pointer is not nil * Fix bug about unintentional scale out during updating deployment. * kubeadm: increase timeouts in the etcd client * kubeadm: handle multiple members without names during concurrent join * build/dependencies: Remove bazel WORKSPACE go_version check * deps: Update to Golang 1.13.9 * build: Remove kube-cross image building * Fix the VMSS name and resource group name when updating VMSS for LoadBalancer backendPools. * Remove wait.Until for running Kubelet Bootstrap * Parallelize attach operations across different nodes for volumes that allow multi-attach * Add nil nodeinfo check in podFitsOnNode * fix: check disk status before disk azure disk * Update kube-openapi to release-1.17 * Update tag for structured-merge-diff to v2.0.1 * EndpointSlice and Endpoints should treat terminating pods the same * EndpointSliceTracker should track updated resource version * Ensuring EndpointSlices are not used for Windows kube-proxy implementations * Ensuring kube-proxy does not mutate shared EndpointSlices * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.4 * let image cache do sort on write instead of on read to avoid data * Removing kubectl get output e2e test * Fix VMSS cache content * Preserve target apiVersion when decoding into unstructured lists * Adding a temporary fix for kubectl get output e2e test * /readyz should start returning failure on shutdown initiation * test: don't use hardcoded pod count for memory limit test * Fixed in the GCE/PD in-tree volume logic to expose the max number of persistent-disks for each instance type correctly. * Honor status.podIP over status.podIPs, node.spec.podCIDR over node.spec.podCIDRs * fix: corrupted mount point in csi driver * fix: azure file mount timeout issue * fix behaviour of aws-load-balancer-security-groups annotation * fix: add remediation in azure disk attach/detach * Update to golang@1.13.8 * build: Enable kube-cross push/pull from K8s Infra GCR * build: Add justaugustus as reviewer * build: Add OWNERS on build-image/ * rename to sharedLimitWriter * address review feedback * Fix docker/journald logging conformance * fix get-kube authorization headers * Calling hcsshim instead of docker api to get stats for windows to greatly reduce latency * adding e2e test to ensure it takes less than 10 seconds to query kubelet stats for windows nodes * update golang.org/x/crypto * kube-proxy filter Load Balancer Status ingress * kube-proxy unit test FilterIncorrectIPVersion * add delays between goroutines for vm instance update * Updated test cos image to include runc-1.0.0-rc10 * Fix gce-cos-master-reboot test * Fix route conflicted operations when updating multiple routes together * fix: get azure disk lun timeout issue * Set up connection onClose prior to adding to connection map * fix: add azure disk migration support for CSINode * Add annotation annealing for migration for PVs and PVCs during syncVolume and syncClaim. This allows external-provisioners to pick up and delete volumes when they have been rolled up from previous kubernetes versions. * Update CHANGELOG/CHANGELOG-1.17.md for v1.17.3 * Limit number of instances in single update to GCE target pool * Add code to fix kubelet/metrics memory issue. * Remove Error log for nil StartTime * CHANGELOG: Move changelogs into a subdir to delegate releng approvals * Enable selinux tags in make targets * Fix pending_pods, schedule_attempts_total was not recorded * Fixing Potential Race Condition in EndpointSlice Controller. * Restore statefulset conversion that populates apiVersion/kind in volume templates * Use standard default storage media type in local-up-cluster * changelog: clarify 1.17 upgrade requirements * Fix back off when scheduling cycle is delayed * blank out value for unbounded client label * update gopkg.in/yaml.v2 to v2.2.8 * set nil cache entry based on old cache * Revert "It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc." * Fix issue with GCE scripts assuming Python2. * Add/Update CHANGELOG-1.17.md for v1.17.2. * [1.17] No-op whitespace fix to CHANGELOG-1.17 to trigger a new 1.17 build * Update to golang@1.13.6 * Fix the bug PIP's DNS is deleted if no DNS label service annotation is set. * kubenet: replace gateway with cni result * Add/Update CHANGELOG-1.17.md for v1.17.1. * Fixes unnecessary creation of default SG and trying to delete non-provisioned SG by k8s system when annotation [service.beta.kubernetes.io/aws-load-balancer-security-groups] is present * Ensure a provider ID is set on a node if expected * Bind metrics-server containers to linux nodes to avoid Windows scheduling on kubernetes cluster includes linux nodes and windows nodes * Drop version from static openapi json file * Update to golang@1.13.5 * Revert reflector changes from PR #83520 from 1.17 * Fix IPv6 addresses lost issue in pure ipv6 vsphere environment * Fix unit test to run in non-gce environments * fix: azure disk could not mounted on Standard_DC4s/DC2s instances * Use legacyscheme's types rather than testapi ones * Fix nil pointer dereference in the azure provider * Add unit test for extended ipv4 service IP range * Revert "remove ipallocator in favor of k/utils net package" * It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc. * Allocate map when out points to nil map * fix: azure data disk should use same key as os disk by default * Check FileInfo against nil during walk of container dir path * Add UID precondition to kubelet pod status patch updates * Add cache for VMSS. * Fix build break - Hyperkube image needs kubelet/kubectl * Include cloud/gcp in e2e.test * Do not swallow timeout in manageReplicas * Sync the status of static Pods * Increase Burst limit for discovery client * Update v1.17.0 CHANGELOG to match final draft * Fix LoadBalancer rule checking so that no unexpected LoadBalancer updates are made * Fix broken SELinux detection * Add/Update CHANGELOG-1.17.md for v1.17.0. * Kubernetes version v1.17.1-beta.0 openapi-spec file updates * Deflake kubectl custom printing test * Refactor parsing logic for service IP and ranges, add tests * Fix bug in apiserver service cluster cidr split * Switch addon resizer to 1.8.7 * Deflake pod readiness e2e * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.2. * Move hostdns.conf out of cni directory. * Fix iscsi refcounter in the case of no Block iscsi volumes * Ensure webhook backend requests are not artificially rate-limited * Retain objects for a limited lifetime in the mutation cache detector by default * Enable mutation detection * Make cluster auto scaler use leases * Bump Cluster Autoscaler version to 1.17.0 * fix: padded base64 encoded docker auth field * apiextensions: filter required nullable to workaround kubectl validation * update cadvisor dependency to v0.35.0 * Bumped the number of times a node tries to lookup itself * Wait for PV to be available before creating PVCs in volume binding test * increase pv controller resync period to try to deflake api update conflicts * Fix GKE upgrade test. * Use plugin name for filtering metrics * Provided a mechanism to re-register hidden metrics. * Deep copying EndpointSlices in reconciler before modifying them. * Set node cidr mask size ipv4/ipv6 config * Revert "kube-proxy: check KUBE-MARK-DROP" * Add/Update CHANGELOG-1.17.md for v1.17.0-rc.1. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.2. * Add/Update CHANGELOG-1.17.md for v1.17.0-beta.1. * Results of running update scripts: update-openapi-spec * Delete extraneous CHANGELOG-*.md files on branch. ==== openssl ==== Version update (1.1.1f -> 1.1.1g) - Update to 1.1.1g release ==== openssl-1_1 ==== Version update (1.1.1f -> 1.1.1g) Subpackages: libopenssl1_1 - Update to 1.1.1g * Fixed segmentation fault in SSL_check_chain (CVE-2020-1967, bsc#1169407) Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. * Added AES consttime code for no-asm configurations an optional constant time support for AES was added when building openssl for no-asm. - refresh patches: * openssl-1.1.1-fips.patch * openssl-1.1.1-fips-crng-test.patch ==== perl-Bootloader ==== Version update (0.926 -> 0.927) - merge gh#openSUSE/perl-bootloader#126 - always install EFI fallback boot for aarch64 (bsc#1167015) - 0.927 ==== wpa_supplicant ==== - Add CVE-2019-16275.patch -- AP mode PMF disconnection protection bypass (bsc#1150934) ==== zlib ==== - Update 410.patch to contain latest fixes from IBM bsc#1166260 * The build behaviour changed