Packages changed: ceph (14.2.1.463+g99339b576a -> 14.2.1.468+g994fd9e0cc) cri-o ding-libs e2fsprogs (1.45.1 -> 1.45.2) elfutils file (5.36 -> 5.37) gettext-runtime iptables (1.8.2 -> 1.8.3) kexec-tools libidn2 (2.1.1 -> 2.2.0) libnftnl (1.1.2 -> 1.1.3) libselinux libssh metallb numactl podman (1.3.1 -> 1.4.0) salt shadow sqlite3 (3.27.2 -> 3.28.0) tar (1.31 -> 1.32) thin-provisioning-tools (0.7.6 -> 0.8.3) xz === Details === ==== ceph ==== Version update (14.2.1.463+g99339b576a -> 14.2.1.468+g994fd9e0cc) Subpackages: ceph-common libcephfs2 librados2 libradosstriper1 librbd1 librgw2 python3-ceph-argparse python3-cephfs python3-rados python3-rbd python3-rgw - Update to 14.2.1-468-g994fd9e0cc: + spec: * install grafana dashboards world readable (bsc#1136110) * put "without python2" conditionals around python3-* provides/obsoletes (align with upstream) - Update to 14.2.1-467-g9e10776aa2: + mon/Monitor: allow probe if MMonProbe::mon_release == 0 (bsc#1132396) + spec: make python3-rgw replace python-rgw on upgrade ==== cri-o ==== Subpackages: cri-o-kubeadm-criconfig - Add apparmor-parser as dependency ==== ding-libs ==== Subpackages: libbasicobjects0 libcollection4 libdhash1 libini_config5 libpath_utils1 libref_array1 - Update to 0.6.1: * No upstream changelog - Update URL * Remove the git link info as it 404 atm - Add patches from upstream to fix ini behaviour: * INI-Fix-detection-of-error-messages.patch * INI-Silence-ini_augment-match-failures.patch * TEST-validators_ut_check-Fix-fail-with-new-glibc.patch ==== e2fsprogs ==== Version update (1.45.1 -> 1.45.2) Subpackages: libcom_err2 libext2fs2 - Package e2scrub unit files and separate scrubbing bits into a separate subpackage e2fsprogs-scrub - Update to 1.45.2 * Fixed e2scrub_all issues running from cron * When mke2fs asks to proceed, fall back on English Y/y * Fix spurious complaint of blocks beyond i_size * Fixed 'make install' failure when the cron.d dir doesn't exist ==== elfutils ==== Subpackages: libasm1 libdw1 libebl-plugins libelf1 - Update License tag to GPL-3.0-or-later, as requested by legal review. - Add fix-bsc-1110929.diff [bsc#1110929] ==== file ==== Version update (5.36 -> 5.37) Subpackages: file-magic libmagic1 - Update to file version 5.37 * Make sure that continuation separators are printed with -k within softmagic * Change SIGPIPE saving and restoring during compression to use sigaction(2) instead of signal(3) and cache it. (Denys Vlasenko) * Cache stat(2) calls more to reduce number of calls (Denys Vlasenko) * PR/77: Handle --mime-type and -k correctly. * Switch decompression code to use vfork() because tools like rpmdiff and rpmbuild call libmagic with large process footprints (Denys Vlasenko) * PR/75: --enable-zlib, did not work. * Improve regex efficiency (Michael Schroeder) by: 1. Prefixing regex searches with regular search for keywords where possible 2. Using memmem(3) where available - Modify the patches * file-5.12-zip.dif * file-5.16-ocloexec.patch * file-5.17-option.dif * file-5.19-biorad.dif * file-5.19-zip2.0.dif * file-5.22-elf.dif * file-5.24-nitpick.dif * file-5.28-btrfs-image.dif * file-secure_getenv.patch - Modify and rename patch file-5.36.dif which becomes file-5.37.dif ==== gettext-runtime ==== - reproducible.patch: generate timestamp in .pot files from SOURCE_DATE_EPOCH for reproducible builds ==== iptables ==== Version update (1.8.2 -> 1.8.3) Subpackages: libxtables12 xtables-plugins - Update to new upstream release 1.8.3 * ebtables: Fix rule listing with counters * ebtables-nft: Support user-defined chain policies - Remove 0001-include-extend-the-headers-conflict-workaround-to-in.patch 0001-include-fix-build-with-kernel-headers-before-4.2.patch (upstreamed) - Add 0001-include-fix-build-with-kernel-headers-before-4.2.patch, 0001-include-extend-the-headers-conflict-workaround-to-in.patch to fix build with older linux-glibc-devel. [boo#1132821] ==== kexec-tools ==== - Use %license instead of %doc [bsc#1082318] ==== libidn2 ==== Version update (2.1.1 -> 2.2.0) - Update to version 2.2.0: * Perform A-Label roundtrip for lookup functions by default * Stricter check of input to punycode decoder * Fix punycode decoding with no ASCII chars but given delimiter * Fix 'idn2 --no-tr64' (was a no-op) * Allow _ as a basic code point in domain labels * Fail building documentation if 'ronn' isn't installed * git tag changed to reflect https://semver.org/ ==== libnftnl ==== Version update (1.1.2 -> 1.1.3) - Update to new upstream release 1.1.3 * expr: osf: add version option support * udata: add NFTNL_UDATA_* definitions * chain: support per chain rules listing ==== libselinux ==== Subpackages: libselinux1 selinux-tools - In selinux-ready * Removed check for selinux-policy package as we don't ship one (bsc#1136845) * Add check that restorecond is installed and enabled ==== libssh ==== - Fix the typo in Obsoletes for -devel-doc subpackage - Actually remove the description for -devel-doc subpackage ==== metallb ==== - Use official image from registry.opensuse.org - Use our golang macros as far as possible - metallb.yaml: use images from opensuse registry ==== numactl ==== - For obs regression checker, this version includes following SLE fixes: - enable build for aarch64 (fate#319973) (bsc#976199) factory has an extra patch to disable ARM 32 bit archs which looks a bit misleading as %arm macro only covers 32 bit ARM. - Bug 955334 - numactl/libnuma: add patch for Dynamic Reconfiguration bsc#955334 ==== podman ==== Version update (1.3.1 -> 1.4.0) Subpackages: podman-cni-config - Update podman to v1.4.0: - The podman checkpoint and podman restore commands can now be used to migrate containers between Podman installations on different systems - The podman cp command now supports a pause flag to pause containers while copying into them - The remote client now supports a configuration file for pre-configuring connections to remote Podman installations - Fixed CVE-2019-10152 - The podman cp command improperly dereferenced symlinks in host context - Fixed a bug where podman commit could improperly set environment variables that contained = characters - Fixed a bug where rootless Podman would sometimes fail to start containers with forwarded ports - Fixed a bug where podman version on the remote client could segfault - Fixed a bug where podman container runlabel would use /proc/self/exe instead of the path of the Podman command when printing the command being executed - Fixed a bug where filtering images by label did not work - Fixed a bug where specifying a bing mount or tmpfs mount over an image volume would cause a container to be unable to start - Fixed a bug where podman generate kube did not work with containers with named volumes - Fixed a bug where rootless Podman would receive permission denied errors accessing conmon.pid - Fixed a bug where podman cp with a folder specified as target would replace the folder, as opposed to copying into it - Fixed a bug where rootless Podman commands could double-unlock a lock, causing a crash - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/ mounts, causing errors when using the Kata containers runtime - Fixed a bug where podman exec would fail on older kernels - The podman commit command is now usable with the Podman remote client - The --signature-policy flag (used with several image-related commands) has been deprecated - The podman unshare command now defines two environment variables in the spawned shell: CONTAINERS_RUNROOT and CONTAINERS_GRAPHROOT, pointing to temporary and permanent storage for rootless containers - Updated vendored containers/storage and containers/image libraries with numerous bugfixes - Updated vendored Buildah to v1.8.3 - Podman now requires Conmon v0.2.0 - The podman cp command is now aliased as podman container cp - Rootless Podman will now default init_path using root Podman's configuration files (/etc/containers/libpod.conf and /usr/share/containers/libpod.conf) if not overridden in the rootless configuration - Add fuse-overlayfs dependency to support overlay based rootless image manipulations - Update podman to v1.3.2: - Fixed a bug where podman would fail to run if a volume was mounted over an image volume ==== salt ==== Subpackages: python3-salt salt-master salt-minion - Fix return status when installing or updating RPM packages with "ppc64le" arch (bsc#1133647) - Added: * add-ppc64le-as-a-valid-rpm-package-architecture.patch - Add new "salt-standalone-formulas-configuration" package - Added: * add-standalone-configuration-file-for-enabling-packa.patch ==== shadow ==== - Make building more verbose - Use spec-cleaner - don't specify MOTD_FILE in login.defs but fall back to built in defaults of login (boo#1133929) ==== sqlite3 ==== Version update (3.27.2 -> 3.28.0) - Upgrade to 3.28.0: * CVE-2019-9936, bsc#1130326: running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read. * CVE-2019-9937, bsc#1130325: interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference. * Enhanced window functions * Enhanced VACUUM INTO so that it works for read-only databases. * New query optimizations. * Added the sqlite3_value_frombind() API for determining if the argument to an SQL function is from a bound parameter. * Security and compatibilities enhancements to fts3_tokenizer(). * Improved robustness against corrupt database files. ==== tar ==== Version update (1.31 -> 1.32) - update to version 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - remove tar-1.31-tests_dirrem.patch and tar-1.31-racy_compress_tests.patch that are no longer needed (applied usptream) ==== thin-provisioning-tools ==== Version update (0.7.6 -> 0.8.3) - Update to version 0.8.3: * Mostly internal changes ==== xz ==== Subpackages: liblzma5 - add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]