Packages changed: bcache-tools chrony cilium (1.7.6 -> 1.8.5) container-selinux (2.145.0 -> 2.150.0) gcc10 (10.2.1+git583 -> 10.2.1+git872) glibc haproxy ima-evm-utils (1.3.1 -> 1.3.2) installation-images-MicroOS (16.25 -> 16.26) kernel-firmware (20201005 -> 20201023) libxml2 microos-tools (2.6 -> 2.7) nfs-utils openpgm pciutils perl (5.30.3 -> 5.32.0) python-cryptography (3.0 -> 3.2.1) selinux-policy (20201016 -> 20201029) systemd-default-settings (0.2 -> 0.4) timezone (2020a -> 2020d) transactional-update (2.28 -> 2.28.2) xen (4.14.0_08 -> 4.14.0_10) zypp-plugin === Details === ==== bcache-tools ==== - Remove dependence of smartcols bcache-tools.spec, bcache-tools code doesn't need it now. (jsc#SLE-9807) - Remove 1001-udev-do-not-rely-on-DRIVER-variable.patch because we have 0013-bcache-tools-Export-CACHED_UUID-and-CACHED_LABEL.patch to provide static UUIDs. (jsc#SLE-9807) - bcache-tools: add man page bcache-status.8 (jsc#SLE-9807) 0017-bcache-tools-add-man-page-bcache-status.8.patch - bcache-tools: add bcache-status (jsc#SLE-9807) 0016-bcache-tools-add-bcache-status.patch - bcache-tools: make: permit only one cache device to be specified (jsc#SLE-9807) 0015-bcache-tools-make-permit-only-one-cache-device-to-be.patch - bcache-tools: Remove the dependency on libsmartcols (jsc#SLE-9807) 0014-bcache-tools-Remove-the-dependency-on-libsmartcols.patch - bcache-tools: Export CACHED_UUID and CACHED_LABEL (jsc#SLE-9807) 0013-bcache-tools-Export-CACHED_UUID-and-CACHED_LABEL.patch - bcache-tools: Fix potential coredump issues (jsc#SLE-9807) 0012-bcache-tools-Fix-potential-coredump-issues.patch - bcache-tools: add print_cache_set_supported_feature_sets() in lib.c (jsc#SLE-9807) 0011-bcache-tools-add-print_cache_set_supported_feature_s.patch - bcache-tools: add large_bucket incompat feature (jsc#SLE-9807) 0010-bcache-tools-add-large_bucket-incompat-feature.patch - bcache-tools: upgrade super block versions for feature sets (jsc#SLE-9807) 0009-bcache-tools-upgrade-super-block-versions-for-featur.patch - bcache-tools: define separated super block for in-memory and on-disk format (jsc#SLE-9807) 0008-bcache-tools-define-separated-super-block-for-in-mem.patch - bcache-tools: add to_cache_sb() and to_cache_sb_disk() (jsc#SLE-9807) 0007-bcache-tools-add-to_cache_sb-and-to_cache_sb_disk.patch - bcache-tools: list.h: only define offsetof() when it is undefined (jsc#SLE-9807) 0006-bcache-tools-list.h-only-define-offsetof-when-it-is-.patch - bcache-tools: bitwise.h: more swap bitwise for different CPU endians (jsc#SLE-9807) 0005-bcache-tools-bitwise.h-more-swap-bitwise-for-differe.patch - bcache-tools: add struct cache_sb_disk into bcache.h (jsc#SLE-9807) 0004-bcache-tools-add-struct-cache_sb_disk-into-bcache.h.patch - bcache-tools: convert writeback to writethrough mode for zoned backing device (jsc#SLE-9807) 0003-bcache-tools-convert-writeback-to-writethrough-mode-.patch - bcache-tools: add is_zoned_device() (jsc#SLE-9807) 0002-bcache-tools-add-is_zoned_device.patch - bcache-tools: set zoned size aligned data_offset on backing device for zoned devive (jsc#SLE-9807) 0001-bcache-tools-set-zoned-size-aligned-data_offset-on-b.patch ==== chrony ==== Subpackages: chrony-pool-openSUSE - By default we don't write log files but log to journald, so only recommend logrotate. ==== cilium ==== Version update (1.7.6 -> 1.8.5) - Update to 1.8.5 * Release notes: https://github.com/cilium/cilium/releases/tag/v1.8.5 - Remove patches which were included upstream: * 0001-option-mark-keep-bpf-templates-as-deprecated.patch * 0002-make-remove-the-need-for-go-bindata.patch * 0003-bpf-don-t-use-fixed-size-integer-types-from-stdint.h.patch * 0005-bpf-re-add-a-proper-types.h-mapper.patch * 0006-build-Avoid-using-git-if-not-in-a-git-repo.patch * 0007-option-rename-PolicyMapMaxEntries-to-PolicyMapEntrie.patch * 0008-helm-allow-to-configure-bpf-nat-global-max-using-Hel.patch * 0009-option-reduce-default-number-for-TCP-CT-and-NAT-tabl.patch * 0010-daemon-add-option-to-dynamically-size-BPF-maps-based.patch - Remove downstream patch which is not needed anymore (now it's enough to just modify the Helm chart with sed to set out images): * 0004-helm-Allow-variables-for-compatibility-with-openSUSE.patch - Add upstream patch for installing the operator binary: * 0001-operator-make-Add-install-target.patch ==== container-selinux ==== Version update (2.145.0 -> 2.150.0) - Update to version 2.150.0 - Add additional allow rules for kvm based containers using virtiofsd. ==== gcc10 ==== Version update (10.2.1+git583 -> 10.2.1+git872) Subpackages: libgcc_s1 libgomp1 libstdc++6 - Update to gcc-10 branch head (a78cd759754c92cecbf235ac9b), git872. - Build complete set of multilibs for arm-none target [bsc#1106014] * Fixes inadvertant mixture of ARM and Thumb instructions in linker output ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - Use --enable-cet on x86_64 to instrument glibc for indirect branch tracking and shadow stack use. Enable indirect branch tracking and shadow stack in the dynamic loader. [jsc#PM-2110] [bsc#1175154] ==== haproxy ==== - apparmor profile fixes: - include abstractions that give access to the openssl config, ssl certs and ssl keys - include local configs only with "if exists" so they do not have to exist. - move local files to %ghost ==== ima-evm-utils ==== Version update (1.3.1 -> 1.3.2) Subpackages: evmctl libimaevm2 - Update to version 1.3.2 * Bugfixes: importing keys * NEW: Docker based travis distro testing * Travis bugfixes, code cleanup, software version update, and script removal * Initial travis testing - Remove 0001-help-Add-missing-new-line-for-ignore-violations.patch (patch from this release) - Add make check + dependencies (getfattr => attr, xxd => vim) ==== installation-images-MicroOS ==== Version update (16.25 -> 16.26) - merge gh#openSUSE/installation-images#435 - don't forget .lib*.hmac files (bsc#1178208) - 16.26 ==== kernel-firmware ==== Version update (20201005 -> 20201023) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20201023 (git commit dae4b4cd0841): * cypress: add Cypress firmware and clm_blob files * rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E * ath10k: add SDIO firmware for QCA9377 WiFi * ice: update package file to 1.3.16.0 * mediatek: separate venc service thread * QCA : Updated firmware file for WCN3991 * iwlwifi: update and add new FWs from core56-54 release * iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares * i915: Add DG1 DMC v2.02 * qcom : updated venus firmware files for v5.4 - Add _constraints to fix the build error (bsc#1178242) ==== libxml2 ==== Subpackages: libxml2-2 libxml2-tools - Make python subpackage ready for multiple python3 flavors gh#openSUSE/python-rpm-macros#66 ==== microos-tools ==== Version update (2.6 -> 2.7) - Update to version 2.7 - Add workaround if /.autorelabel is used, don't ignore it - Rename tmp.conf to microos-tmp.conf on SUSE MicroOS - Fix building on SUSE MicroOS ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Update to version 2.5.2 - fixed a couple memory leaks and other bug fixes, - a lot of clean up - Refresh nfs-utils-1.0.7-bind-syntax.patch - Use %autosetup -p1 ==== openpgm ==== - Always pretend we do not have ftime(3), function is deprecated and absent from next glibc release. ==== pciutils ==== - Add decode support for RCECs - added patches https://github.com/pciutils/pciutils/commit/e12bd01eea67ca8cf539263124843ba281eb6ecc + pciutils-add-decode-support-for-RCECs.patch ==== perl ==== Version update (5.30.3 -> 5.32.0) Subpackages: perl-base - update to perl-5.32.0 * new experimental infix "isa" operator * support of unicode 13.0 * chained comparisons capability - updated patches: * perl-HiRes.t-timeout.diff * posix-sigaction.patch * perl-fix2020.patch * perl-reproducible2.patch * perl_skip_flaky_tests_powerpc.patch ==== python-cryptography ==== Version update (3.0 -> 3.2.1) - update to 3.2.1: Disable blinding on RSA public keys to address an error with some versions of OpenSSL. - update to 3.2: * CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability. * Support for OpenSSL 1.0.2 has been removed. * Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder. - update to 3.1.1: * wheels compiled with OpenSSL 1.1.1h. - update to 3.1: * **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5. * Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of ``cryptography`` will drop support for it. * Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release. * ``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided. * Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` . * Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`. ==== selinux-policy ==== Version update (20201016 -> 20201029) Subpackages: selinux-policy-targeted - wicked.fc: add libexec directories - Update to version 20201029 - update container policy ==== systemd-default-settings ==== Version update (0.2 -> 0.4) Subpackages: systemd-default-settings-branding-SLE systemd-default-settings-branding-openSUSE - rpm file lists are now generated from the spec file. - Make sure the release number between the main and the branding packages match - Import 0.3 d299248 List drop-in directories in SUSE.list exclusively e4651a7 Disable memory accounting by default for all distros (jsc#PM-2229 jsc#PM-2230) ==== timezone ==== Version update (2020a -> 2020d) - Add fat.patch to generate "fat" timezone files (was default before 2020b). - Adjust timezone-java.spec.in to avoid build failures when running pre_checkin.sh - timezone update 2020d * Palestine ends DST earlier than predicted, on 2020-10-24. - timezone update 2020c * Fiji starts DST later than usual, on 2020-12-20. - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. - Rebased timezone-2018f-bsc1112310.patch ==== transactional-update ==== Version update (2.28 -> 2.28.2) Subpackages: transactional-update-zypp-config - Version 2.28.2 - SELinux: Exclude security.selinux attribute from rsyncing (again) - Version 2.28.1 - SELinux: Fixed changing the wrong grub configuration file - SELinux: Move /.autorelabel file to writeable location ==== xen ==== Version update (4.14.0_08 -> 4.14.0_10) - Upstream bug fixes (bsc#1027519) 5f479d9e-x86-begin-to-support-MSR_ARCH_CAPS.patch 5f4cf06e-x86-Dom0-expose-MSR_ARCH_CAPS.patch 5f4cf96a-x86-PV-fix-SEGBASE_GS_USER_SEL.patch 5f560c42-x86-PV-rewrite-segment-ctxt-switch.patch 5f5b6b7a-hypfs-fix-custom-param-writes.patch 5f607915-x86-HVM-more-consistent-IO-completion.patch 5f6cfb5b-x86-PV-dont-GP-for-SYSENTER-with-NT-set.patch 5f6cfb5b-x86-PV-dont-clobber-NT-on-return-to-guest.patch 5f71a21e-x86-S3-fix-shadow-stack-resume.patch 5f76ca65-evtchn-Flask-prealloc-for-send.patch 5f76caaf-evtchn-FIFO-use-stable-fields.patch 5f897c25-x86-traps-fix-read_registers-for-DF.patch 5f897c7b-x86-smpboot-restrict-memguard_guard_stack.patch - Renamed patches 5f560c42-x86-PV-64bit-segbase-consistency.patch Replaces 5f5b6951-x86-PV-64bit-segbase-consistency.patch 5f6a002d-x86-PV-handle-MSR_MISC_ENABLE-correctly.patch Replaces 5f6a05a0-pv-Handle-the-Intel-specific-MSR_MISC_ENABLE-correctly.patch 5f6a0049-memory-dont-skip-RCU-unlock-in-acquire_resource.patch Replaces 5f6a05b7-xen-memory-Dont-skip-the-RCU-unlock-path-in-acquire_resource.patch 5f6a0067-x86-vPT-fix-race-when-migrating-timers.patch Replaces 5f6a05dd-vpt-fix-race-when-migrating-timers-between-vCPUs.patch 5f6a008e-x86-MSI-drop-read_msi_msg.patch Replaces 5f6a05fa-msi-get-rid-of-read_msi_msg.patch 5f6a00aa-x86-MSI-X-restrict-reading-of-PBA-bases.patch Replaces 5f6a061a-MSI-X-restrict-reading-of-table-PBA-bases-from-BARs.patch 5f6a00c4-evtchn-relax-port_is_valid.patch Replaces 5f6a062c-evtchn-relax-port_is_valid.patch 5f6a00df-x86-PV-avoid-double-exception-injection.patch Replaces 5f6a065c-pv-Avoid-double-exception-injection.patch 5f6a00f4-evtchn-add-missing-barriers.patch Replaces 5f6a0674-xen-evtchn-Add-missing-barriers-when-accessing-allocating-an-event-channel.patch 5f6a0111-evtchn-x86-enforce-correct-upper-limit.patch Replaces 5f6a068e-evtchn-x86-enforce-correct-upper-limit-for-32-bit-guests.patch 5f6a013f-evtchn_reset-shouldnt-succeed-with.patch Replaces 5f6a06be-evtchn-evtchn_reset-shouldnt-succeed-with-still-open-ports.patch 5f6a0160-evtchn-IRQ-safe-per-channel-lock.patch Replaces 5f6a06e0-evtchn-convert-per-channel-lock-to-be-IRQ-safe.patch 5f6a0178-evtchn-address-races-with-evtchn_reset.patch Replaces 5f6a06f2-evtchn-address-races-with-evtchn_reset.patch 5f6a01a4-evtchn-preempt-in-evtchn_destroy.patch Replaces 5f6a071f-evtchn-arrange-for-preemption-in-evtchn_destroy.patch 5f6a01c6-evtchn-preempt-in-evtchn_reset.patch Replaces 5f6a0754-evtchn-arrange-for-preemption-in-evtchn_reset.patch - bsc#1177409 - VUL-0: xen: x86 PV guest INVLPG-like flushes may leave stale TLB entries (XSA-286) xsa286-1.patch xsa286-2.patch xsa286-3.patch xsa286-4.patch xsa286-5.patch xsa286-6.patch - bsc#1177412 - VUL-0: xen: Race condition in Xen mapping code (XSA-345) 5f8ed5d3-x86-mm-map_pages_to_xen-single-exit-path.patch 5f8ed5eb-x86-mm-modify_xen_mappings-one-exit-path.patch 5f8ed603-x86-mm-prevent-races-in-mapping-updates.patch - bsc#1177413 - VUL-0: xen: undue deferral of IOMMU TLB flushes (XSA-346) 5f8ed635-IOMMU-suppress-iommu_dont_flush_iotlb-when.patch 5f8ed64c-IOMMU-hold-page-ref-until-TLB-flush.patch - bsc#1177414 - VUL-0: xen: unsafe AMD IOMMU page table updates (XSA-347) 5f8ed682-AMD-IOMMU-convert-amd_iommu_pte.patch 5f8ed69c-AMD-IOMMU-update-live-PTEs-atomically.patch 5f8ed6b0-AMD-IOMMU-suitably-order-DTE-mods.patch - Update libxc.sr.superpage.patch set errno in x86_hvm_alloc_4k (bsc#1177112) ==== zypp-plugin ==== - singlespec in Tumbleweed must support multiple python3 flavors in the future gh#openSUSE/python-rpm-macros#66