Packages changed: bash (5.0 -> 5.0.11) blog cri-o (1.15.1 -> 1.15.2) curl (7.65.3 -> 7.66.0) hello-kubic (1.0 -> 1.1) iptables iputils libaio mcstrans numactl patterns-base patterns-microos readline rook (1.0.0+git1899.g69255322 -> 1.1.0+git0.g2f9db0e1) === Details === ==== bash ==== Version update (5.0 -> 5.0.11) - Use new version scheme which now includes patch level as well - Add official patch bash50-010 * Change posix mode bahviour * Remove patch assignment-preceding-builtin.patch - Add official patch bash50-011 The conditional command did not perform appropriate quoted null character removal on its arguments, causing syntax errors and attempts to stat invalid pathnames. - Avoid pulling in bash-doc into every installation. Instead of recommeding it, supplement the documentation pattern. ==== blog ==== Subpackages: libblogger2 - Add blog-Remove-unused-header.patch: Fix build with new glibc (gh#bitstreamout/showconsole#3). ==== cri-o ==== Version update (1.15.1 -> 1.15.2) Subpackages: cri-o-kubeadm-criconfig - Update to v1.15.2: * Use HTTP2MatchHeaderFieldSendSettings for incoming gRPC connections * Fix 32 bit builds * crio-wipe: Fix int compare in lib.bash ==== curl ==== Version update (7.65.3 -> 7.66.0) Subpackages: libcurl4 - Update to 7.66.0 [bsc#1149496, CVE-2019-5482][bsc#1149495, CVE-2019-5481] * Changes: - CURLINFO_RETRY_AFTER: parse the Retry-After header value - HTTP3: initial (experimental still not working) support - curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool - curl: support parallel transfers with -Z - curl_multi_poll: a sister to curl_multi_wait() that waits more - sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID * Bugfixes: - CVE-2019-5481: FTP-KRB double-free - CVE-2019-5482: TFTP small blocksize heap buffer overflow - CMake: remove needless newlines at end of gss variables - CMake: use platform dependent name for dlopen() library - CURLINFO docs: mention that in redirects times are added - CURLOPT_ALTSVC.3: use a "" file name to not load from a file - CURLOPT_ALTSVC_CTRL.3: remove CURLALTSVC_ALTUSED - CURLOPT_HEADERFUNCTION.3: clarify - CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directly - CURLOPT_READFUNCTION.3: provide inline example - CURLOPT_SSL_VERIFYHOST: treat the value 1 as 2 - Curl_addr2string: take an addrlen argument too - Curl_fillreadbuffer: avoid double-free trailer buf on error - HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknown - alt-svc: add protocol version selection masking - alt-svc: fix removal of expired cache entry - alt-svc: make it use h3-22 with ngtcp2 as well - alt-svc: more liberal ALPN name parsing - alt-svc: send Alt-Used: in redirected requests - alt-svc: with quiche, use the quiche h3 alpn string - asyn-thread: create a socketpair to wait on - cleanup: move functions out of url.c and make them static - cleanup: remove the 'numsocks' argument used in many places - configure: avoid undefined check_for_ca_bundle - curl.h: add CURL_HTTP_VERSION_3 to the version enum - curl: cap the maximum allowed values for retry time arguments - curl: handle a libcurl build without netrc support - curl: make use of CURLINFO_RETRY_AFTER when retrying - curl: use CURLINFO_PROTOCOL to check for HTTP(s) - curl_global_init_mem.3: mention it was added in 7.12.0 - curl_version: bump string buffer size to 250 - curl_version_info.3: mentioned ALTSVC and HTTP3 - curl_version_info: offer quic (and h3) library info - curl_version_info: provide nghttp2 details - defines: avoid underscore-prefixed defines - docs/ALTSVC: remove what works and the experimental explanation - docs/EXPERIMENTAL: explain what it means and what's experimental now - docs/MANUAL.md: converted to markdown from plain text - docs/examples/curlx: fix errors - docs: s/curl_debug/curl_dbg_debug in comments and docs - easy: resize receive buffer on easy handle reset - examples: Avoid reserved names in hiperfifo examples - examples: add http3.c, altsvc.c and http3-present.c - http09: disable HTTP/0.9 by default in both tool and library - http2: when marked for closure and wanted to close == OK - http2_recv: trigger another read when the last data is returned - http: fix use of credentials from URL when using HTTP proxy - http_negotiate: improve handling of gss_init_sec_context() failures - md4: Use our own MD4 when no crypto libraries are available - multi: call detach_connection before Curl_disconnect - nss: use TLSv1.3 as default if supported - openssl: build warning free with boringssl - openssl: use SSL_CTX_set__proto_version() when available - plan9: add support for running on Plan 9 - progress: reset download/uploaded counter between transfers - readwrite_data: repair setting the TIMER_STARTTRANSFER stamp - scp: fix directory name length used in memcpy - smb: init *msg to NULL in smb_send_and_recv() - smtp: check for and bail out on too short EHLO response - source: remove names from source comments - spnego_sspi: add typecast to fix build warning - src/makefile: fix uncompressed hugehelp.c generation - ssh-libssh: do not specify O_APPEND when not in append mode - ssh: move code into vssh for SSH backends - sspi: fix memory leaks - tests: Replace outdated test case numbering documentation - tftp: return error when packet is too small for options - timediff: make it 64 bit (if possible) even with 32 bit time_t - travis: reduce number of torture tests in 'coverage' - url: make use of new HTTP version if alt-svc has one - urlapi: verify the IPv6 numerical address - urldata: avoid 'generic', use dedicated pointers - vauth: Use CURLE_AUTH_ERROR for auth function errors ==== hello-kubic ==== Version update (1.0 -> 1.1) - Update to version 1.1 - print additional architecture information ==== iptables ==== Subpackages: libip4tc2 libip6tc2 libxtables12 xtables-plugins - add missing Provides/Obsoletes for the renamed package iptables-backend-nft (was iptables-nft) ==== iputils ==== - Fix arping -w problem (https://github.com/iputils/iputils/issues/211) * added arping-fix-f-quit-on-first-reply-regression.patch (upstream commit 1df5350) ==== libaio ==== - Add _constraints for PowerPC to avoid OOM at build time ==== mcstrans ==== - Avoid use of ®/? signs in specfiles as per guidelines. ==== numactl ==== - numastat doesn't need perl anymore since 2012 ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-minimal_base - minimal_base: add libnss_usrfiles2, required to read /usr/etc ==== patterns-microos ==== Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap - Replace vim with nano (less dependency, default what others are using, including in documentation) ==== readline ==== - Avoid pulling in readline-doc into every installation. Instead of recommeding it, supplement the documentation pattern. ==== rook ==== Version update (1.0.0+git1899.g69255322 -> 1.1.0+git0.g2f9db0e1) - rook-k8s-yaml: Revert to buildrequire for ceph - Update tar creation script + build rook tag 'v1.1.0' from 'suse-release-1.1' branch - Update Rook to tag 'v1.1.0' + fix HighMonLeaderChanges alert + add leases rules to CSI rules + only schedule node drain canaries on nodes with OSDs + increase sidecar timeout from 60s to 150s + use combined (stdout+stderr) output from ceph-volume + set command property for the OSD prepare init container blkdevmapper + change OSD DOWN message to debug level + discovery daemon: ignore updates on nbd devices - Support upstream beta tags by replacing hyphens in release tag with tildes + RPMs sorts tildes before anything else to support vX.Y.0~beta.B coming before vX.Y.0 - Update tar creation script + fail on more types of script errors + exit properly on error + allow checking out tags + allow parsing tag versions with hyphens (e.g., v1.1.0-beta.1) + use revision (tag) 'v1.1.0-beta.1' from ('suse-release-1.1' branch) - Update Rook to tag 'v1.1.0-beta.1' + support external Ceph clusters + fix osdsPerDevice config + add portable failure-domain label to OSD deployments + add bucket provisioner + use deployment with leader election instead of stateful set for CSI drivers + fix alerting & recording rules + fix race in create ObjectUser + support mon migrations without rebuilds when using PVCs + allow CRUSH map to be based on PVCs for PVC-based OSDs + fix md and dev ordering for ceph-volume batch operations + improve upgrades when a mon is down + fix service account name for CSI RBD provisioner + add -pidlimit flag for CephFS and RBD plugins for CSI driver + add image pull secrets option to manifests + remove OSD pods marked out if pod is more than an hour old + add --db-devices flag to ceph-volume provisioning & fix MB size bug + implement GRPC metrics for cephcsi + clean up verbose Ceph logging + update upgrade documentation for v1.1 release + remove unused attacher service account + add dynamic expansion to FlexVolume driver + fix random OSD pod failures when using PVCs + fix osd prepare panic + lower minimum OSD memory to 2GB + add ability to enable mgr modules via CRD (notably the pg_autoscaler module) + fix topologyAware on PVC-based OSDs + add support for OpenShift machine disruption budgets