Packages changed: audit (2.8.4 -> 2.8.5) audit-secondary (2.8.4 -> 2.8.5) bcache-tools (1.0.8+suse5 -> 1.1) cloud-init (19.2 -> 19.4) cri-o ethtool (5.3 -> 5.4) fillup fuse-overlayfs (0.7.3 -> 0.7.5) ipset (7.4 -> 7.5) libx86emu (2.4 -> 2.6) nghttp2 (1.39.2 -> 1.40.0) python-rpm-macros (20191104.08e6493 -> 20200117.8e39013) python-six (1.13.0 -> 1.14.0) runc sqlite3 (3.29.0 -> 3.30.1) === Details === ==== audit ==== Version update (2.8.4 -> 2.8.5) Subpackages: libaudit1 libauparse0 - Update to version 2.6.5: * Fix segfault on shutdown * Fix hang on startup (#1587995) * Add sleep to script to dump state so file is ready when needed * Add auparse_normalizer support for SOFTWARE_UPDATE event * Mark netlabel events as simple events so that get processed quicker * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) * Add 30-ospp-v42.rules to meet new Common Criteria requirements * Update lookup tables for the 4.18 kernel * In aureport, fix segfault in file report * Add auparse_normalizer support for labeled networking events * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) * Event aging is off by a second * In ausearch/auparse, correct event ordering to process oldest first * auparse_reset was not clearing everything it should * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events * In ausearch/report, lightly parse selinux portion of USER_AVC events * In ausearch/report, limit record size when malformed * In auditd, fix extract_type function for network originating events * In auditd, calculate right size and location for network originating events * Treat all network originating events as VER2 so dispatcher doesn't format it * In audisp-remote do an initial connection attempt (#1625156) * In auditd, allow expression of space left as a percentage (#1650670) * On PPC64LE systems, only allow 64 bit rules (#1462178) * Make some parts of auditd state report optional based on config * Fix ausearch when checkpointing a single file (Burn Alting) * Fix scripting in 31-privileged.rules wrt filecap (#1662516) * In ausearch, do not checkpt if stdin is input source * In libev, remove __cold__ attribute for functions to allow proper hardening * Add tests to configure.ac for openldap support * Make systemd support files use /run rather than /var/run (Christian Hesse) * Fix minor memory leak in auditd kerberos credentials code * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test * In ausearch/report fix --end to use midnight time instead of now (#1671338) - Remote zos building is now a configurable option. It should be disabled in audit (and left enabled in audit-secondary). ==== audit-secondary ==== Version update (2.8.4 -> 2.8.5) Subpackages: audit python3-audit - Update to version 2.6.5: * Fix segfault on shutdown * Fix hang on startup (#1587995) * Add sleep to script to dump state so file is ready when needed * Add auparse_normalizer support for SOFTWARE_UPDATE event * Mark netlabel events as simple events so that get processed quicker * When audispd is reconfiguring, only SIGHUP plugins with valid pid (#1614833) * Add 30-ospp-v42.rules to meet new Common Criteria requirements * Update lookup tables for the 4.18 kernel * In aureport, fix segfault in file report * Add auparse_normalizer support for labeled networking events * Fix memory leak in audisp-remote plugin when using krb5 transport. (#1622194) * Event aging is off by a second * In ausearch/auparse, correct event ordering to process oldest first * auparse_reset was not clearing everything it should * Add support for AUDIT_MAC_CALIPSO_ADD, AUDIT_MAC_CALIPSO_DEL events * In ausearch/report, lightly parse selinux portion of USER_AVC events * In ausearch/report, limit record size when malformed * In auditd, fix extract_type function for network originating events * In auditd, calculate right size and location for network originating events * Treat all network originating events as VER2 so dispatcher doesn't format it * In audisp-remote do an initial connection attempt (#1625156) * In auditd, allow expression of space left as a percentage (#1650670) * On PPC64LE systems, only allow 64 bit rules (#1462178) * Make some parts of auditd state report optional based on config * Fix ausearch when checkpointing a single file (Burn Alting) * Fix scripting in 31-privileged.rules wrt filecap (#1662516) * In ausearch, do not checkpt if stdin is input source * In libev, remove __cold__ attribute for functions to allow proper hardening * Add tests to configure.ac for openldap support * Make systemd support files use /run rather than /var/run (Christian Hesse) * Fix minor memory leak in auditd kerberos credentials code * Fix auditd regression where keep_logs is limited by rotate_logs 2 file test * In ausearch/report fix --end to use midnight time instead of now (#1671338) - Fix build errors when using gcc-10 no-common default (bsc#1160384) New patch: audit-fno-common.patch - Refresh audit-allow-manual-stop.patch ==== bcache-tools ==== Version update (1.0.8+suse5 -> 1.1) - Update to tag 1.1 * add blkdiscard for cache dev * add 'label' field * allow users to set label for device ==== cloud-init ==== Version update (19.2 -> 19.4) - Add cloud-init-no-tempnet-oci.patch (bsc#1161132, bsc#1161133) + Do not attempt to configure an ephemeral network on OCI. We boot off iSCSI and the network is up. Just read the data. - Add patch to build properly with python 3.8: * 0001-Make-tests-work-with-Python-3.8-139.patch - Update to version 19.4 + Remove patches included upstream: - cloud-init-after-wicked.patch - cloud-init-noresolv-merge-no-dns-data.diff - cloud-init-renderer-detect.patch - cloud-init-trigger-udev.patch + Removed patches merged with cloud-init-mix-static-dhcp.patch - cloud-init-proper-ipv6-setting.patch - cloud-init-static-net.patch + Added cloud-init-mix-static-dhcp.patch (bsc#1157894) + Forward port cloud-init-sysconf-path.patch + doc: specify _ over - in cloud config modules + [Joshua Powers] (LP: #1293254) + tools: Detect python to use via env in migrate-lp-user-to-github + [Adam Dobrawy] + Partially revert "fix unlocking method on FreeBSD" (#116) + tests: mock uid when running as root (#113) + [Joshua Powers] (LP: #1856096) + cloudinit/netinfo: remove unused getgateway (#111) + docs: clear up apt config sections (#107) [Joshua Powers] (LP: #1832823) + doc: add kernel command line option to user data (#105) + [Joshua Powers] (LP: #1846524) + config/cloud.cfg.d: update README [Joshua Powers] (LP: #1855006) + azure: avoid re-running cloud-init when instance-id is byte-swapped + (#84) [AOhassan] + fix unlocking method on FreeBSD [Igor Gali?] (LP: #1854594) + debian: add reference to the manpages [Joshua Powers] + ds_identify: if /sys is not available use dmidecode (#42) + [Igor Gali?] (LP: #1852442) + docs: add cloud-id manpage [Joshua Powers] + docs: add cloud-init-per manpage [Joshua Powers] + docs: add cloud-init manpage [Joshua Powers] + docs: add additional details to per-instance/once [Joshua Powers] + Update doc-requirements.txt [Joshua Powers] + doc-requirements: add missing dep [Joshua Powers] + dhcp: Support RedHat dhcp rfc3442 lease format for option 121 (#76) + [Eric Lafontaine] (LP: #1850642) + network_state: handle empty v1 config (#45) (LP: #1852496) + docs: Add document on how to report bugs [Joshua Powers] + Add an Amazon distro in the redhat OS family [Frederick Lefebvre] + removed a couple of "the"s [gaughen] + docs: fix line length and remove highlighting [Joshua Powers] + docs: Add security.md to readthedocs [Joshua Powers] + Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo] + Revert "travis: only run CI on pull requests" + doc: update links on README.md [Joshua Powers] + doc: Updates to wording of README.md [Joshua Powers] + Add security.md [Joshua Powers] + setup.py: Amazon Linux sets libexec to /usr/libexec (#52) + [Frederick Lefebvre] + Fix linting failure in test_url_helper (#83) [Eric Lafontaine] + url_helper: read_file_or_url should pass headers param into readurl + (#66) (LP: #1854084) + dmidecode: log result *after* stripping n [Igor Gali?] + cloud_tests: add azure platform support to integration tests + [ahosmanmsft] + set_passwords: support for FreeBSD (#46) [Igor Gali?] + tools: migrate-lp-user-to-github removes repo_dir if created (#35) + Correct jumbled documentation for cc_set_hostname module (#64) + [do3meli] (LP: #1853543) + FreeBSD: fix for get_linux_distro() and lru_cache (#59) + [Igor Gali?] (LP: #1815030) + ec2: Add support for AWS IMDS v2 (session-oriented) (#55) + tests: Fix cloudsigma tests when no dmidecode data is present. (#57) + [Scott Moser] + net: IPv6, accept_ra, slaac, stateless (#51) + [Harald] (LP: #1806014, #1808647) + docs: Update the configdrive datasource links (#44) + [Joshua Powers] (LP: #1852461) + distro: correctly set usr_lib_exec path for FreeBSD distro (#40) + [Igor Gali?] (LP: #1852491) + azure: support secondary ipv6 addresses (#33) + Fix metadata check when local-hostname is null (#32) + [Mark Goddard] (LP: #1852100) + switch default FreeBSD salt minion pkg from py27 to py36 + [Dominic Schlegel] + travis: only run CI on pull requests + add data-server dns entry as new metadata server detection [Joshua Hügli] + pycodestyle: remove unused local variable + reporting: Using a uuid to enforce uniqueness on the KVP keys. [momousta] + docs: touchups in rtd intro and README.md + doc: update launchpad git refs to github + github: drop pull-request template to prepare for migration + tools: add migrate-lp-user-to-github script to link LP to github + github: new basic project readme - From 19.3 + azure: support matching dhcp route-metrics for dual-stack ipv4 ipv6 + (LP: #1850308) + configdrive: fix subplatform config-drive for /config-drive source + [David Kindred] (LP: #1849731) + DataSourceSmartOS: reconfigure network on each boot + [Mike Gerdts] (LP: #1765801) + Add config for ssh-key import and consuming user-data [Pavel Zakharov] + net: fix subnet_is_ipv6() for stateless|stateful + [Harald Jensås] (LP: #1848690) + OVF: disable custom script execution by default [Xiaofeng Wang] + cc_puppet: Implement csr_attributes.yaml support [Matthias Baur] + cloud-init.service: on centos/fedora/redhat wait on NetworkManager.service + (LP: #1843334) + azure: Do not lock user on instance id change [Sam Eiderman] (LP: #1849677) + net/netplan: use ipv6-mtu key for specifying ipv6 mtu values + Fix usages of yaml, and move yaml_dump to safeyaml.dumps. (LP: #1849640) + exoscale: Increase url_max_wait to 120s. [Chris Glass] + net/sysconfig: fix available check on SUSE distros + [Robert Schweikert] (LP: #1849378) + docs: Fix incorrect Azure IMDS IP address [Joshua Powers] (LP: #1849508) + introduce .travis.yml + net: enable infiniband support in eni and sysconfig renderers + [Darren Birkett] (LP: #1847114) + guestcust_util: handle special characters in config file [Xiaofeng Wang] + fix some more typos in comments [Dominic Schlegel] + replace any deprecated log.warn with log.warning + [Dominic Schlegel] (LP: #1508442) + net: handle openstack dhcpv6-stateless configuration + [Harald Jensås] (LP: #1847517) + Add .venv/ to .gitignore [Dominic Schlegel] + Small typo fixes in code comments. [Dominic Schlegel] + cloud_test/lxd: Retry container delete a few times + Add Support for e24cloud to Ec2 datasource. (LP: #1696476) + Add RbxCloud datasource [Adam Dobrawy] + get_interfaces: don't exclude bridge and bond members (LP: #1846535) + Add support for Arch Linux in render-cloudcfg [Conrad Hoffmann] + util: json.dumps on python 2.7 will handle UnicodeDecodeError on binary + (LP: #1801364) + debian/ubuntu: add missing word to netplan/ENI header (LP: #1845669) + ovf: do not generate random instance-id for IMC customization path + sysconfig: only write resolv.conf if network_state has DNS values + (LP: #1843634) + sysconfig: use distro variant to check if available (LP: #1843584) + systemd/cloud-init.service.tmpl: start after wicked.service + [Robert Schweikert] + docs: fix zstack documentation lints + analyze/show: remove trailing space in output + Add missing space in warning: "not avalid seed" [Brian Candler] + pylintrc: add 'enter_context' to generated-members list + Add datasource for ZStack platform. [Shixin Ruan] (LP: #1841181) + docs: organize TOC and update summary of project [Joshua Powers] + tools: make clean now cleans the dev directory, not the system + docs: create cli specific page [Joshua Powers] + docs: added output examples to analyze.rst [Joshua Powers] + docs: doc8 fixes for instancedata page [Joshua Powers] + docs: clean up formatting, organize boot page [Joshua Powers] + net: add is_master check for filtering device list (LP: #1844191) + docs: more complete list of availability [Joshua Powers] + docs: start FAQ page [Joshua Powers] + docs: cleanup output & order of datasource page [Joshua Powers] + Brightbox: restrict detection to require full domain match .brightbox.com + VMWware: add option into VMTools config to enable/disable custom script. + [Xiaofeng Wang] + net,Oracle: Add support for netfailover detection + atomic_helper: add DEBUG logging to write_file (LP: #1843276) + doc: document doc, create makefile and tox target [Joshua Powers] + .gitignore: ignore files produced by package builds + docs: fix whitespace, spelling, and line length [Joshua Powers] + docs: remove unnecessary file in doc directory [Joshua Powers] + Oracle: Render secondary vnic IP and MTU values only + exoscale: fix sysconfig cloud_config_modules overrides (LP: #1841454) + net/cmdline: refactor to allow multiple initramfs network config sources + ubuntu-drivers: call db_x_loadtemplatefile to accept NVIDIA EULA + (LP: #1840080) + Add missing #cloud-config comment on first example in documentation. + [Florian Müller] + ubuntu-drivers: emit latelink=true debconf to accept nvidia eula + (LP: #1840080) + DataSourceOracle: prefer DS network config over initramfs + format.rst: add text/jinja2 to list of content types (+ cleanups) + Add GitHub pull request template to point people at hacking doc + cloudinit/distros/parsers/sys_conf: add docstring to SysConf + pyflakes: remove unused variable [Joshua Powers] + Azure: Record boot timestamps, system information, and diagnostic events + [Anh Vo] + DataSourceOracle: configure secondary NICs on Virtual Machines + distros: fix confusing variable names + azure/net: generate_fallback_nic emits network v2 config instead of v1 + Add support for publishing host keys to GCE guest attributes [Rick Wright] + New data source for the Exoscale.com cloud platform [Chris Glass] + doc: remove intersphinx extension + cc_set_passwords: rewrite documentation (LP: #1838794) + net/cmdline: split interfaces_by_mac and init network config determination + stages: allow data sources to override network config source order + cloud_tests: updates and fixes + Fix bug rendering MTU on bond or vlan when input was netplan. (LP: #1836949) + net: update net sequence, include wait on netdevs, opensuse netrules path (LP: #1817368) ==== cri-o ==== Subpackages: cri-o-kubeadm-criconfig - Fix invalid apparmor profile (bsc#1161179) ==== ethtool ==== Version update (5.3 -> 5.4) - Update to new upstream release 5.4 * support Energy Detect Power Down * Solarflare SFF-8079/8472 eeprom interpretation fixes * fix compiler warnings with new gcc - drop "-Wno-unused-parameter" from CFLAGS, these warnings should be gone now ==== fillup ==== - fillup-fno-common.patch: fix compilation on Tumbleweed (boo#1160871) ==== fuse-overlayfs ==== Version update (0.7.3 -> 0.7.5) - Update to v0.7.5 - do not expose internal xattrs through listxattr and getxattr - Update to v0.7.4 - fix fallocate for deleted files. - ignore O_DIRECT. It causes issues with libfuse not using an aligned buffer, causing write(2) to fail with EINVAL. - on copyup, do not copy the opaque xattr. - fix a wrong lookup for whiteout files, that could happen on a double unlink. ==== ipset ==== Version update (7.4 -> 7.5) Subpackages: libipset13 - Update to release 7.5 * netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present. * netfilter: xt_set: Do not restrict --map-set to the mangle table. ==== libx86emu ==== Version update (2.4 -> 2.6) - merge gh#wfeldt/libx86emu#17 - Introduce LDFLAGS variable in Makefiles - test: Link with the development version of the library - test: Sort tests by name - Add Travis CI configuration file and a badge in the README - Travis CI integration - 2.6 - merge gh#wfeldt/libx86emu#22 - decode: Prepare for SSE support - ops2: Add SSE instructions - ops2: Add packed SSE ops - Minimal SSE support - merge gh#wfeldt/libx86emu#21 - prim_ops: Fix compiler warning - merge gh#wfeldt/libx86emu#24 - ops2: Add cpuid support using a new handler - ops2: Introduce a callback function for MSR access - Push cpuid msr callback - merge gh#wfeldt/libx86emu#26 - add '--32' option to demo program to start in 32-bit mode - 2.5 ==== nghttp2 ==== Version update (1.39.2 -> 1.40.0) - Update to version 1.40.0 * lib: Add nghttp2_check_authority as public API * lib: Fix the bug that stream is closed with wrong error code * lib: Faster huffman encoding and decoding * build: Avoid filename collision of static and dynamic lib * build: Add new flag ENABLE_STATIC_CRT for Windows * build: cmake: Support building nghttpx with systemd * third-party: Update neverbleed to fix memory leak * nghttpx: Fix bug that mruby is incorrectly shared between backends * nghttpx: Reconnect h1 backend if it lost connection before sending headers * nghttpx: Returns 408 if backend timed out before sending headers * nghttpx: Fix request stal ==== python-rpm-macros ==== Version update (20191104.08e6493 -> 20200117.8e39013) - Add python-rpm-generators to express setuptools dependency for generator - Update to version 20200117.8e39013: * Add macros related to the Python dist metadata dependency generator ==== python-six ==== Version update (1.13.0 -> 1.14.0) - update to 1.14.0 * Add `six.assertNotRegex` * `six.moves._dummy_thread` now points to the `_thread` module on Python 3.9+. Python 3.7 and later requires threading and deprecated the `_dummy_thread` module * Remove support for Python 2.6 and Python 3.2 * `six.wraps` now ignores missing attributes ==== runc ==== - Update CVE-2019-19921 patch to match upstream PR. * CVE-2019-19921.patch ==== sqlite3 ==== Version update (3.29.0 -> 3.30.1) - Fix regression found when running python-Django/Djano1 testsuite: + 7833feecfe-Prevent-SQLite-from-bad-NULL-assumption.patch + 548082dfab-Improvements-to-the-LEFT-JOIN.patch + 8a39167bd2-Further-improvements-to-LEFT-JOIN.patch - Fix check for existing dirs, triggers when running the testsuite on BTRFS or XFS: + fix_dir_exists_on_btrfs.patch - Fix truncation/bad rounding of timestamps in SQLite strftime function, exposed when running testsuite on i586: + sqlite3-avoid-truncation-error.patch - sqlite 3.30.1: * fix a segfault for nested queries that use the FILTER clause ib aggregate functions (introduced in 3.30.0) - update to 3.30.0: * Add support for the FILTER clause on aggregate functions * Add support for the NULLS FIRST and NULLS LAST syntax in ORDER BY clauses * The index_info and index_xinfo pragmas are enhanced to provide information about the on-disk representation of WITHOUT ROWID tables * Add the sqlite3_drop_modules() interface, allowing applications to disable automatically loaded virtual tables that they do not need * Improvements to the .recover dot-command in the CLI so that it recovers more content from corrupt database files * Enhance the RBU extension to support indexes on expressions * Change the schema parser so that it will error out if any of the type, name, and tbl_name columns of the sqlite_master table have been corrupted and the database connection is not in writable_schema mode. * The PRAGMA function_list, PRAGMA module_list, and PRAGMA pragma_list commands are now enabled in all builds by default * Add the SQLITE_DBCONFIG_ENABLE_VIEW option for sqlite3_db_config(). * Added the TCL Interface config method in order to be able to disable SQLITE_DBCONFIG_ENABLE_VIEW as well as control other sqlite3_db_config() options from TCL. * Added the SQLITE_DIRECTONLY flag for application-defined SQL functions to prevent those functions from being used inside triggers and views - drop sqlite3-CVE-2019-16168.patch, upstream