Packages changed: ca-certificates-mozilla (2.30 -> 2.34) gcc9 (9.1.1+r273734 -> 9.1.1+r274111) krb5 kubernetes open-iscsi patterns-base patterns-microos python-pytz (2019.1 -> 2019.2) sysconfig (0.85.2 -> 0.85.3) system-users yast2 (4.2.17 -> 4.2.18) === Details === ==== ca-certificates-mozilla ==== Version update (2.30 -> 2.34) - update to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) - Removed CAs: - Certinomis - Root CA - includes added root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ==== gcc9 ==== Version update (9.1.1+r273734 -> 9.1.1+r274111) Subpackages: libgcc_s1 libstdc++6 - Enable cross compilers on riscv64 - Update to gcc-9-branch head (r274111). * GCC 9.2 RC1. - Remove bogus fixed include bits/statx.h from glibc 2.30. [gcc#91085] - Update to gcc-9-branch head (r273795): * Includes fix for LTO linker plugin heap overflow. (bsc#1142649, CVE-2019-14250) - Add systemtap-headers BuildRequires. [bsc#1142654] ==== krb5 ==== - Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947); (bsc#1144047); ==== kubernetes ==== Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Relax kubeadm requirements. Kubeadm accepts working with a previous version of kubelet and this is important for performing upgrades. See https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-15/ - Previous update to version 1.15.2 fixed: * bsc#1144507: CVE-2019-11249 (incomplete fixes for CVE-2019-1002101 and CVE-2019-11246) * bsc#1142423: CVE-2019-11247: kubernetes: mistaken allowing access to cluster resources ==== open-iscsi ==== Subpackages: iscsiuio libopeniscsiusr0_2_0 - Disable LTO (Link Time Optimization) on aarch64 since it seems to fail -- iscsiadm core dumps almost immediately (bsc#1143192), updating the SPEC file. ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-minimal_base - use journal by default (boo#1143144) - Add openSUSE Welcome to be included in the x11_enhanced pattern. - Drop google-roboto-fonts recommends: nothing really depends on it and roboto is not used as default font in any openSUSE setup (boo#1144135). ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - MicroOS base: remove update-checker, the only on openSUSE usefull functionality (orphaned packages) does not work due a zypper bug. - Add zypper-needs-restarting to MicroOS base pattern ==== python-pytz ==== Version update (2019.1 -> 2019.2) - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups ==== sysconfig ==== Version update (0.85.2 -> 0.85.3) Subpackages: sysconfig-netconfig - version 0.85.3 - boo#1123699: Use systemd's tmpfile mechanism to create the symlink infrastructure for resolv.conf and yp.conf early during boot. ==== system-users ==== Subpackages: system-group-hardware system-group-wheel system-user-bin system-user-daemon system-user-nobody - Remove s390 groups again. The s390-tools maintainer wants to add groups in s390-tools manually. - Add system-user-tftp subpackage with tftp user and group and /srv/tftpboot as home directory [bsc#1143454]. ==== yast2 ==== Version update (4.2.17 -> 4.2.18) - Remove the obsolete XVersion API (bsc#1144627). - Detect missing textdomain during testing (bsc#1130822) - 4.2.18