Packages changed: btrfsprogs (5.1 -> 5.2.1) gnutls (3.6.7 -> 3.6.9) kubernetes (1.15.0 -> 1.15.2) libaio (0.3.109 -> 0.3.112) libcontainers-common (20190401 -> 20190802) libtasn1 (4.13 -> 4.14) libyaml libzypp (17.12.0 -> 17.14.0) patterns-containers python-PyYAML (5.1.1 -> 5.1.2) python-pyparsing (2.4.0 -> 2.4.2) rakkess (0.4.0 -> 0.4.1) slirp4netns (0.3.0 -> 0.3.2) thin-provisioning-tools xen (4.12.0_12 -> 4.12.0_16) zypper (1.14.28 -> 1.14.29) === Details === ==== btrfsprogs ==== Version update (5.1 -> 5.2.1) Subpackages: btrfsprogs-udev-rules libbtrfs0 - update to 5.2.1 * scrub status: fix ETA calculation after resume * check: fix crash when using -Q * restore: fix symlink owner restoration * mkfs: fix regression with mixed block groups * core: fix commit to process all delayed refs * other: * minor cleanups * test updates - update to 5.2 * subvol show: print qgroup information when available * scrub: * status: show ETA, revamp the whole output * fix reading/writing of last position on resume/cancel, potentially skipping part of the filesystem on next resume * dump-tree: add new option --noscan to use only devices given on the commandline * all-in-one binary (busybox style) with mkfs.btrfs, btrfs-image, btrfs-convert, btrfstune * image: fix hang when there are more than 32 cpus online and compression is requested * convert: fix some false ENOSPC errors when --rootdir is used * build: fix gcc9 warnings * core changes * command handling cleanups * dead code removal * cmds-* files moved to cmds/ * other shared userspace files moved to common/ * utils.c split into more files * preparatory work for more output formats * libbtrfsutil: fix unaligned access * other * new and updated tests * fix tests so CI passes again * sb-mod can modify more superblock items ==== gnutls ==== Version update (3.6.7 -> 3.6.9) - gnutls 3.6.9: * add support for copying digest or MAC contexts * Mark the crypto implementation override APIs as deprecated * Add support for AES-GMAC, as a separate to GCM, MAC algorithm * Add support for Generalname registeredID * The priority configuration was enhanced to allow more elaborate system-wide configuration of the library - includes changes from 3.6.8: * Add support for AES-XTS cipher * Fix calculation of Streebog digests * During Diffie-Hellman operations in TLS, verify that the peer's public key is on the right subgroup (y^q=1 mod p), when q is available (under TLS 1.3 and under earlier versions when RFC7919 parameters are used). * Apply STD3 ASCII rules in gnutls_idna_map() to prevent hostname/domain crafting via IDNA conversion * certtool: allow the digital signature key usage flag in CA certificates * gnutls-cli/serv: add the --keymatexport and --keymatexportsize options. These allow testing the RFC5705 using these tools - drop patches to re-enable tests: * disable-psk-file-test.patch * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch ==== kubernetes ==== Version update (1.15.0 -> 1.15.2) Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet - Add opensuse-version-checks.patch to use kubic.opensuse.org to control container control plane downloads - Update to version 1.15.2: * refactors to kubernetes cp command * refactors to kubernetes CP command * apiextensions: 404 if request scope does not match crd scope * apiextensions: add scope tests * Add/Update CHANGELOG-1.15.md for v1.15.1. * Kubernetes version v1.15.2-beta.0 openapi-spec file updates - Update to version 1.15.1: * apiaggregation available controller should only hit required endpoint * kubeadm: run MemberAdd/Remove for etcd clients with exp-backoff retry * skip test if the server does not serve extensions/v1beta1 since this is deprecated * use apps/v1 instead apps/v1beta1 since that is deprecated - issue 79533 * fix: change timeout value in csi plugin * edit google dns hostname * Test kubectl with x-kubernetes-preserve-unknown-fields * There are various reasons that the HPA will decide not the change the current scale. Two important ones are when missing metrics might change the direction of scaling, and when the recommended scale is within tolerance of the current scale. * Fix closing of dirs in doSafeMakeDir * Fix publishing x-kubernetes-preserve-unknown-fields working with kubectl * Fix AWS DHCP option set domain names causing garbled InternalDNS or Hostname addresses on Node * kubeadm: fix bug for --cri-socket flag processing logic * fix kubelet can not delete orphaned pod directory when the kubelet's root directory symbolically links to another device's directory * Add HEAD fixtures * Add v1.14.0 fixtures * Add missing API groups to compatibility test * Move KubeletPodResources to the Beta section * Default resourceGroup should be used when value of annotation azure-load-balancer-resource-group is empty string * kubelet: retry pod sandbox creation when containers were never created * fix flexvol stuck issue due to corrupted mnt point * crd-handler: level-trigger storage recreation and fix a race * fix KubeletConfiguration apiVersion * kubeadm: improve kubeadm command output * Ignore cgroup pid support if related feature gates are disabled * fix: Use correct function to remove etcd member * Add/Update CHANGELOG-1.15.md for v1.15.0. * Kubernetes version v1.15.1-beta.0 openapi-spec file updates - Change VolumePluginDir to writable location so containers could install their drivers there - kubeadm-opensuse-registry.patch: change on openSUSE the default registry for the control-plane containers to registry.opensuse.org/kubic - kubelet.tmp.conf: split kubelet part out of kubernetes.tmp.conf to fix file conflict problems during upgrade and avoid creation of unneeded system users. - Add --volume-plugin-dir so dir would be exposed through api ==== libaio ==== Version update (0.3.109 -> 0.3.112) - Update to 0.3.112: * Various patches for architectures/etc - Update url - Update install - Enable tests - Remove mostly merged patches or differently fixed issues: * libaio-aarch64-support.diff * libaio-generic-arch.diff * libaio-optflags.diff * 00_arches.patch * 00_arches_sh.patch * 01_link_libgcc.patch * 02_libdevdir.patch * 03_man_errors.patch * riscv-support.patch ==== libcontainers-common ==== Version update (20190401 -> 20190802) - Update to image v3.0.0 - Add "Env" to ImageInspectInfo - Add API function TryUpdatingCache - Add ability to install man pages - Add user registry auth to kernel keyring - Fix policy.json.md -> containers-policy.json.5.md references - Fix typo in docs/containers-registries.conf.5.md - Remove pkg/sysregistries - Touch up transport man page - Try harder in storageImageDestination.TryReusingBlob - Use the same HTTP client for contacting the bearer token server and the registry - ci: change GOCACHE to a writeable path - config.go: improve debug message - config.go: log where credentials come from - docker client: error if registry is blocked - docker: allow deleting OCI images - docker: delete: support all MIME types - ostree: default is no OStree support - ostree: improve error message - progress bar: use spinners for unknown blob sizes - use 'containers_image_ostree' as build tag - use keyring when authfile empty - Update to storage v1.12.16 - Add cirrus vendor check - Add storage options to IgnoreChownErrors - Add support for UID as well as UserName in /etc/subuid files. - Add support for ignoreChownErrors to vfs - Add support for installing man pages - Fix cross-compilation - Keep track of the UIDs and GIDs used in applied layers - Move lockfiles to their own package - Remove merged directory when it is unmounted - Switch to go modules - Switch to golangci-lint - Update generated files - Use same variable name on both commands - cirrus: ubuntu: try removing cryptsetup-initramfs - compression: add support for the zstd algorithm - getLockfile(): use the absolute path - loadMounts(): reset counts before merging just-loaded data - lockfile: don't bother releasing a lock when closing a file - locking test updates - locking: take read locks on read-only stores - make local-cross more reliable for CI - overlay: cache the results of supported/using-metacopy/use-naive-diff feature tests - overlay: fix small piece of repeated work - utils: fix check for missing conf file - zstd: use github.com/klauspost/compress directly ==== libtasn1 ==== Version update (4.13 -> 4.14) Subpackages: libtasn1-6 - libtasn1 4.14: * New #defines for version checking * other developer visible changes - drop libtasn1-object-id-recursion.patch, incorporating the upstream fix for boo#1105435 CVE-2018-1000654 ==== libyaml ==== - Remove patch * Patch libyaml-revert-emitter-changes.patch is not needed anymore ==== libzypp ==== Version update (17.12.0 -> 17.14.0) - PublicKey::algoName: supply key algorithm and length - version 17.14.0 (12) - MediaCurl: Fix leaking filedescriptors (bsc#1116995) - commit: Run file conflict check on dry-run (best with download-only) (bsc#1140039) - commit: do not remove orphan products if the .prod file is owned by a package (bsc#1139795) - version 17.13.0 (12) ==== patterns-containers ==== Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm patterns-containers-kubernetes_utilities patterns-containers-kubic_admin patterns-containers-kubic_worker - Add yomi salt states to Kubic admin node - Add kubic loadbalancer pattern ==== python-PyYAML ==== Version update (5.1.1 -> 5.1.2) - update to 5.1.2 * Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+ ==== python-pyparsing ==== Version update (2.4.0 -> 2.4.2) - update to 2.4.2: - Updated the shorthand notation that has been added for repetition expressions: expr[min, max], with '...' valid as a min or max value - The defaults on all the `__diag__` switches have been set to False, to avoid getting alarming warnings. To use these diagnostics, set them to True after importing pyparsing. - Fixed bug introduced by the use of __getitem__ for repetition, overlooking Python's legacy implementation of iteration by sequentially calling __getitem__ with increasing numbers until getting an IndexError. Found during investigation of problem reported by murlock, merci! - Changed [...] to emit ZeroOrMore instead of OneOrMore. - Removed code that treats ParserElements like iterables. - Change all __diag__ switches to False. - update to 2.4.1.1: - API change adding support for `expr[...]` - the original code in 2.4.1 incorrectly implemented this as OneOrMore. Code using this feature under this relase should explicitly use `expr[0, ...]` for ZeroOrMore and `expr[1, ...]` for OneOrMore. In 2.4.2 you will be able to write `expr[...]` equivalent to `ZeroOrMore(expr)`. - Bug if composing And, Or, MatchFirst, or Each expressions using an expression. This only affects code which uses explicit expression construction using the And, Or, etc. classes instead of using overloaded operators '+', '^', and so on. If constructing an And using a single expression, you may get an error that "cannot multiply ParserElement by 0 or (0, 0)" or a Python `IndexError`. - Some newly-added `__diag__` switches are enabled by default, which may give rise to noisy user warnings for existing parsers. - update to 2.4.1: - A new shorthand notation has been added for repetition expressions: expr[min, max], with '...' valid as a min - '...' can also be used as short hand for SkipTo when used in adding parse expressions to compose an And expression. - '...' can also be used as a "skip forward in case of error" expression - Improved exception messages to show what was actually found, not just what was expected. - Added diagnostic switches to help detect and warn about common parser construction mistakes, or enable additional parse debugging. Switches are attached to the pyparsing.__diag__ namespace object - Added ParseResults.from_dict classmethod, to simplify creation of a ParseResults with results names using a dict, which may be nested. This makes it easy to add a sub-level of named items to the parsed tokens in a parse action. - Added asKeyword argument (default=False) to oneOf, to force keyword-style matching on the generated expressions. - ParserElement.runTests now accepts an optional 'file' argument to redirect test output to a file-like object (such as a StringIO, or opened file). Default is to write to sys.stdout. - conditionAsParseAction is a helper method for constructing a parse action method from a predicate function that simply returns a boolean result. Useful for those places where a predicate cannot be added using addCondition, but must be converted to a parse action (such as in infixNotation). May be used as a decorator if default message and exception types can be used. See ParserElement.addCondition for more details about the expected signature and behavior for predicate condition methods. - While investigating issue #93, I found that Or and addCondition could interact to select an alternative that is not the longest match. This is because Or first checks all alternatives for matches without running attached parse actions or conditions, orders by longest match, and then rechecks for matches with conditions and parse actions. Some expressions, when checking with conditions, may end up matching on a shorter token list than originally matched, but would be selected because of its original priority. This matching code has been expanded to do more extensive searching for matches when a second-pass check matches a smaller list than in the first pass. - Fixed issue #87, a regression in indented block. Reported by Renz Bagaporo, who submitted a very nice repro example, which makes the bug-fixing process a lot easier, thanks! - Fixed MemoryError issue #85 and #91 with str generation for Forwards. Thanks decalage2 and Harmon758 for your patience. - Modified setParseAction to accept None as an argument, indicating that all previously-defined parse actions for the expression should be cleared. - Modified pyparsing_common.real and sci_real to parse reals without leading integer digits before the decimal point, consistent with Python real number formats. Original PR #98 submitted by ansobolev. - Modified runTests to call postParse function before dumping out the parsed results - allows for postParse to add further results, such as indications of additional validation success/failure. - Updated statemachine example: refactored state transitions to use overridden classmethods; added Mixin class to simplify definition of application classes that "own" the state object and delegate to it to model state-specific properties and behavior. - Added example nested_markup.py, showing a simple wiki markup with nested markup directives, and illustrating the use of '...' for skipping over input to match the next expression. (This example uses syntax that is not valid under Python 2.) - Rewrote delta_time.py example (renamed from deltaTime.py) to fix some omitted formats and upgrade to latest pyparsing idioms, beginning with writing an actual BNF. - With the help and encouragement from several contributors, including Mat?j Cepl and Cengiz Kaygusuz, I've started cleaning up the internal coding styles in core pyparsing, bringing it up to modern coding practices from pyparsing's early development days dating back to 2003. Whitespace has been largely standardized along PEP8 guidelines, removing extra spaces around parentheses, and adding them around arithmetic operators and after colons and commas. I was going to hold off on doing this work until after 2.4.1, but after cleaning up a few trial classes, the difference was so significant that I continued on to the rest of the core code base. This should facilitate future work and submitted PRs, allowing them to focus on substantive code changes, and not get sidetracked by whitespace issues. ==== rakkess ==== Version update (0.4.0 -> 0.4.1) - Update to version 0.4.1 - Update kubernetes dependencies to 1.15 - Allow arbitrary verbs in the resource subcommand #32 - Remove golang-packaging, does more harm than helps (e.g. bsc#1132101) ==== slirp4netns ==== Version update (0.3.0 -> 0.3.2) - Update to 0.3.2 * Fix heap overflow in `ip_reass` on big packet input - Update to 0.3.1 * Fix use-after-free ==== thin-provisioning-tools ==== - Fix name clash with raise() from signal.h, add ft-lib_bcache-rename-raise-raise_.patch ==== xen ==== Version update (4.12.0_12 -> 4.12.0_16) - Update xen-dom0-modules.service (bsc#1137251) Map backend module names from pvops and xenlinux kernels to a module alias. This avoids errors from modprobe about unknown modules. Ignore a few xenlinux modules that lack aliases. - Gcc9 warnings seem to be cleared up with upstream fixes. Drop gcc9-ignore-warnings.patch - bsc#1138563 - L3: xenpvnetboot improperly ported to Python 3 fix-xenpvnetboot.patch - Move /etc/modprobe.d/xen_loop.conf to /lib/modprobe.d/xen_loop.conf - Remove /etc/xen/xenapiusers and /etc/pam.d/xen-api - Remove all upstream provided files in /etc/xen They are not required at runtime. The host admin is now responsible if he really needs anything in this subdirectory. - In our effort to make /etc fully admin controlled, move /etc/xen/scripts to libexec/xen/scripts with xen-tools.etc_pollution.patch - Move /etc/bash_completion.d/xl.sh to %{_datadir}/bash-completion/completions - bsc#1138294 - VUL-0: XSA-295: Unlimited Arm Atomics Operations 5d03a0c4-1-Arm-add-an-isb-before-reading-CNTPCT_EL0.patch 5d03a0c4-2-gnttab-rework-prototype-of-set_status.patch 5d03a0c4-3-Arm64-rewrite-bitops-in-C.patch 5d03a0c4-4-Arm32-rewrite-bitops-in-C.patch 5d03a0c4-5-Arm-bitops-consolidate-prototypes.patch 5d03a0c4-6-Arm64-cmpxchg-simplify.patch 5d03a0c4-7-Arm32-cmpxchg-simplify.patch 5d03a0c4-8-Arm-bitops-helpers-with-timeout.patch 5d03a0c4-9-Arm-cmpxchg-helper-with-timeout.patch 5d03a0c4-A-Arm-turn-on-SILO-mode-by-default.patch 5d03a0c4-B-bitops-guest-helpers.patch 5d03a0c4-C-cmpxchg-guest-helpers.patch 5d03a0c4-D-use-guest-atomics-helpers.patch 5d03a0c4-E-Arm-add-perf-counters-in-guest-atomic-helpers.patch 5d03a0c4-F-Arm-protect-gnttab_clear_flag.patch - Upstream bug fixes (bsc#1027519) 5c87b6c8-drop-arch_evtchn_inject.patch 5c87b6e8-avoid-atomic-rmw-accesses-in-map_vcpu_info.patch 5cd921fb-trace-fix-build-with-gcc9.patch 5cd9224b-AMD-IOMMU-disable-upon-init-fail.patch 5cd922c5-x86-MTRR-recalc-p2mt-when-iocaps.patch 5cd9230f-VMX-correctly-get-GS_SHADOW-for-current.patch 5cd926d0-bitmap_fill-zero-sized.patch 5cd92724-drivers-video-drop-constraints.patch 5cd93a69-x86-spec-ctrl-reposition-XPTI-parsing.patch (Replaces xsa297-0a.patch) 5cd93a69-x86-MSR_INTEL_CORE_THREAD_COUNT.patch (Replaces xsa297-0b.patch) 5cd93a69-x86-boot-detect-Intel-SMT-correctly.patch (Replaces xsa297-0c.patch) 5cdad090-x86-spec-ctrl-misc-non-functional-cleanup.patch (Replaces xsa297-0d.patch) 5cdad090-x86-spec-ctrl-CPUID-MSR-definitions-for-MDS.patch (Replaces xsa297-1.patch) 5cdad090-x86-spec-ctrl-infrastructure-for-VERW-flush.patch (Replaces xsa297-2.patch) 5cdad090-x86-spec-ctrl-opts-to-control-VERW-flush.patch (Replaces xsa297-3.patch) 5cd981ff-x86-IRQ-tracing-avoid-UB-or-worse.patch 5cdeb9fd-sched-fix-csched2_deinit_pdata.patch 5ce7a92f-x86-IO-APIC-fix-build-with-gcc9.patch 5cf0f6a4-x86-vhpet-resume-avoid-small-diff.patch 5cf16e51-x86-spec-ctrl-Knights-retpoline-safe.patch - Fix some outdated information in the readme README.SUSE ==== zypper ==== Version update (1.14.28 -> 1.14.29) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - BuildRequires: libzypp-devel >= 17.14.0 - version 1.14.29