Packages changed: cri-tools (1.20.0 -> 1.21.0) etcd grub2 hwinfo (21.72 -> 21.73) k9s (0.24.2 -> 0.24.7) kubectl-who-can (0.0+git20190606.c185aaa -> 0.3.0) ldb (2.2.1 -> 2.3.0) libcontainers-common libdnf (0.60.0 -> 0.62.0) libfido2 (1.6.0 -> 1.7.0) librepo (1.13.0 -> 1.14.0) lua54 (5.4.2 -> 5.4.3) makedumpfile microdnf (3.7.1 -> 3.8.0) podman (3.0.1 -> 3.1.1) rpcbind salt selinux-policy (20210309 -> 20210419) snapper (0.8.16 -> 0.9.0) sqlite3 (3.35.2 -> 3.35.5) sudo (1.9.5p2 -> 1.9.6p1) === Details === ==== cri-tools ==== Version update (1.20.0 -> 1.21.0) - Update to version 1.21.0: * Bump README versions to v1.21.0 * Update dependencies * Add dependabot config file * Simplify test image build process for user images * Move from gcr.io/cri-tools to gcr.io/k8s-staging-cri-tools * Fix UID/GID and username values for test images * Bump gcb-docker-gcloud image to v20210331-c732583 * Fix CRI-O master installation in GitHub actions ==== etcd ==== - update etcd.service: avoid args from commandline and environment as it leads to start failure (bsc#1183703) ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Fix build error on armv6/armv7 (bsc#1184712) * 0001-emu-fix-executable-stack-marking.patch - Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) * 0001-Workaround-volatile-efi-boot-variable.patch ==== hwinfo ==== Version update (21.72 -> 21.73) - merge gh#openSUSE/hwinfo#95 - don't rely on select() updating its timeout arg (bsc#1184339) - 21.73 ==== k9s ==== Version update (0.24.2 -> 0.24.7) - Update to version 0.24.7: * cleaning up * bump rev * maintenance #1067 #1061 #1060 * rev up * merge prs + dep updates * ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062) * bugs #1063 #1061 #1059 #177 * Add release tag (#1058) * fix #1056 #1024 * fix po feature col + lockouts? - Update to version 0.24.6: * rev up * merge prs + dep updates * ISSUE-957 - Add a simple pause button to stop auto-refresh on ConfigMap and Secrets (#1062) * bugs #1063 #1061 #1059 #177 * Add release tag (#1058) * fix #1056 #1024 * fix po feature col + lockouts? * fix #1024 * update deps and image - Rename Makefile.diff to Makefile.patch ==== kubectl-who-can ==== Version update (0.0+git20190606.c185aaa -> 0.3.0) - Update to version 0.3.0: * chore: Bump up Go to v1.15 (#82) * feat: Add JSON export functionality (#81) * chore: Switch to main branch (#80) * feat: Add -o wide flag to print the ROLE column (#79) * chore: Add krew-release-bot for publishing plugin releases (#78) * refactor: Use KIND to run integration tests (#77) * chore: Bump up Go from 1.12 to 1.14 (#76) * chore: Remove Travis CI config (#75) * chore: Migrate from Travis CI to GitHub Actions (#74) * chore: Replace google/glog with kubernetes/klog (#71) ==== ldb ==== Version update (2.2.1 -> 2.3.0) - Update to ldb 2.3.0 ==== libcontainers-common ==== - Force overlay as default storage driver if system is not btrfs (gh#containers/buildah#3153) - Update common to 0.36.0 - Update podman to 3.1.1 - Update storage to 1.29.0 - Update image to 5.11.0 ==== libdnf ==== Version update (0.60.0 -> 0.62.0) Subpackages: libdnf-repo-config-zypp libdnf2 - Add patch to fix crash when loading DVD repositories + Patch: 0001-Fix-a-crash-when-repoId-not-found-in-loaded-conf-gke.patch - Update to 0.62.0 + Change order of TransactionItemReason (rh#1921063) + Add two new comperators for security filters (rh#1918475) + Apply security filters for candidates with lower priority + Fix: Goal - translation of messages in global maps + Enhance description of modular solvables + Improve performance for module query + Change mechanism of modular errata applicability (rh#1804234) + dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags + Fix a couple of memory leaks + Fix: Setting of librepo handle in newHandle function + Remove failsafe data when module is not enabled (rh#1847035) + Expose librepo's checksum functions via SWIG + Fix: Mising check of "hy_split_nevra()" return code + Do not allow 1 as installonly_limit value (rh#1926261) + Fix check whether the subkey can be used for signing + Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, boo#1183779) + Add a config option sslverifystatus, defaults to false (rh#1814383) + [context] Add API for distro-sync ==== libfido2 ==== Version update (1.6.0 -> 1.7.0) Subpackages: libfido2-1 libfido2-udev - Update to version 1.7.0: * hid_win: detect devices with vendor or product IDs > 0x7fff * Support for FIDO 2.1 authenticator configuration. * Support for FIDO 2.1 UV token permissions. * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions. * New API calls * New fido_init flag to disable fido_dev_open?s U2F fallback * Experimental NFC support on Linux. - Enabled hidapi again, issues related to hidapi are fixed upstream * Added fix-cmake-linking.patch to fix linking ==== librepo ==== Version update (1.13.0 -> 1.14.0) - Update to 1.14.0 + Fix LRO_PRESERVETIME behavior + Support multiple checksums in xattr (rh#1931904) + Return "calculated" checksum if requested w/caching + Fix lr_yum_download_url in case lr_handle is NULL ==== lua54 ==== Version update (5.4.2 -> 5.4.3) - Add upstream-bugs.patch and upstream-bugs-test.patch to fix bugs 1,2,3 for build and tests respectively. - Update to version 5.4.3: * Fixes bugs found in Lua 5.4.2 - Removed upstream-bugs.patch: new release (no bugs found yet) - Removed upstream-bugs-test.patch: new release (no bugs found yet) ==== makedumpfile ==== - Update patch metadata. - Fix guessing of va_bits (bsc#1183977) * makedumpfile-1-3-Use-vmcoreinfo-note-in-proc-kcore-for-mem-.patch * makedumpfile-2-3-arm64-Make-use-of-NUMBER-VA_BITS-in-vmcore.patch * makedumpfile-3-3-arm64-support-flipped-VA-and-52-bit-kernel.patch ==== microdnf ==== Version update (3.7.1 -> 3.8.0) - Update to 3.8.0 + Add "makecache" command + Add "distro-sync" command ==== podman ==== Version update (3.0.1 -> 3.1.1) Subpackages: podman-cni-config - Update to version 3.1.1: * Bump to v3.1.1 * Update release notes for v3.1.1 * podman play kube apply correct log driver * Fix build with GO111MODULE=off * [CI:DOCS] Set all operation id to be compatibile * Move operationIds to swagger:operation line * swagger: add operationIds that match with docker * Fix missing podman-remote build options * [NO TESTS NEEDED] Shrink the size of podman-remote * Move socket activation check into init() and set global condition. * rootless: use is_fd_inherited * Recreate until container prune tests for bindings * System tests: special case for RHEL: require runc * Document --volume from podman-remote run/create client * Containers prune endpoint should use only prune filters * Trim white space from /top endpoint results * Fix unmount doc reference in image.rst * Fix handling of remove --log-rusage param * Makefile: introduce install.docker-full * Makefile: ensure install.docker creates BINDIR * Should send the OCI runtime path not just the name to buildah * Fixed podman-remote --network flag * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns * Fix typos --uidmapping and --gidmapping * Add default template functions * Don't relabel volumes if running in a privileged container * Allow users to override default storage opts with --storage-opt * Add transport and destination info to manifest doc * Verify existence of auth file if specified * Ensure that `--userns=keep-id` sets user in config * [CI:DOCS] Update swagger definition of inspect manifest * Volumes prune endpoint should use only prune filters * Adjust libpod API Container Wait documentation to the code * Add missing return * [CI:DOCS] Fix formatting of podman-build man page * cgroups: force 64 bits to ParseUint * Fix slashes in socket URLs * [CI:DOCS] Correct status code for /pods/create * cgroup: do not set cgroup parent when rootless and cgroupfs * Reflect current state of prune implementation in docs * Do not delete container twice * Test that we don't error out on advertised --log-level values * At trace log level, print error text using %+v instead of %v * pkg/errorhandling.JoinErrors: don't throw away context for lone errors * Recognize --log-level=trace * Fix message about runtime to show only the actual runtime * Fix handling of $NAME and $IMAGE in runlabel * Fix flake on failed podman-remote build : try 2 * Fix flake on failed podman-remote build * Update documentation of podman-run to reflect volume "U" option * Fixes invalid expression in save command * Fix possible panic in libpod/image/prune.go * Update all containers/ project vendors * Fix tests * Bump to v3.1.1-dev - Update to version 3.1.0: * Bump to v3.1.0 * Fix test failure * Update release notes for v3.1.0 final release * [NO TESTS NEEDED] Turn on podman-remote build --isolation * Fix long option format on docs.podman.io * Fix containers list/prune http api filter behaviour * [CI:DOCS] Add note to mappings for user/group userns in build * Validate passed in timezone from tz option * Generate Kubernetes PersistentVolumeClaims from named volumes * libpod/image: unit tests: use a `registries.conf` for aliases - Require systemd 241 or newer due to podman dependency go-systemd v22, otherwise build will fail with unknown C name errors ==== rpcbind ==== - Specify the appropriate set of local nss modules (boo#1177461) ==== salt ==== Subpackages: python3-salt salt-master salt-minion salt-standalone-formulas-configuration - Improvements on "ansiblegate" module: * New methods: ansible.targets / ansible.discover_playbooks * General bugfixes - Added: * improvements-on-ansiblegate-module-354.patch - Regression fix of salt-ssh on processing some targets - Added: * regression-fix-of-salt-ssh-on-processing-targets-353.patch - Add support for Alibaba Cloud Linux 2 (Aliyun Linux) - Added: * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch - Update target fix for salt-ssh to process targets list (bsc#1179831) - Added: * update-target-fix-for-salt-ssh-to-process-targets-li.patch - Add notify beacon for Debian/Ubuntu systems - Add core grains support for AlmaLinux and Alibaba Could Linux - Added: * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch * notify-beacon-for-debian-ubuntu-systems-347.patch - Allow vendor change option with zypper - Added: * allow-vendor-change-option-with-zypper-313.patch ==== selinux-policy ==== Version update (20210309 -> 20210419) Subpackages: selinux-policy-targeted - Update to version 20210419 - Refreshed: * fix_dbus.patch * fix_hadoop.patch * fix_init.patch * fix_unprivuser.patch ==== snapper ==== Version update (0.8.16 -> 0.9.0) Subpackages: libsnapper5 - fix build on 32 bit musl systems (gh#openSUSE/snapper#644) - improved error handling (see gh#openSUSE/snapper#626) - version 0.9.0 ==== sqlite3 ==== Version update (3.35.2 -> 3.35.5) - SQLite3 3.35.5: * Fix defects in the new ALTER TABLE DROP COLUMN feature that could corrupt the database file * Fix an obscure query optimizer problem that might cause an incorrect query result - Fix build on SLE-12 - use https urls - SQLite 3.35.4: * Fix a defect in the query planner optimization * Fix a defect in the new RETURNING syntax * Fix the new RETURNING feature so that it raises an error if one of the terms in the RETURNING clause references a unknown table, instead of silently ignoring that error * Fix an assertion associated with aggregate function processing that was incorrectly triggered by the push-down optimization - SQLite 3.35.3: * Enhance the OP_OpenDup opcode of the bytecode engine so that it works even if the cursor being duplicated itself came from OP_OpenDup * When materializing correlated common table expressions, do so separately for each use case, as that is required for correctness. This fixes a problem that was introduced by the MATERIALIZED hint enhancement. * Fix a problem in the filename normalizer of the unix VFS * Fix the "box" output mode in the CLI so that it works with statements that returns one or more rows of zero columns (such as PRAGMA incremental_vacuum) * Improvements to error messages generated by faulty common table expressions * Fix some incorrect assert() statements * Fix to the SELECT statement syntax diagram so that the FROM clause syntax is shown correctly * Fix the EBCDIC character classifier so that it understands newlines as whitespace * Improvements the xBestIndex method in the implementation of the (unsupported) wholenumber virtual table extension so that it does a better job of convincing the query planner to avoid trying to materialize a table with an infinite number of rows ==== sudo ==== Version update (1.9.5p2 -> 1.9.6p1) - update to 1.9.6p1 * Fixed a regression introduced in sudo 1.9.6 that resulted in an error message instead of a usage message when sudo is run with no arguments. * Fixed a sudo_sendlog compilation problem with the AIX xlC compiler. * Fixed a regression introduced in sudo 1.9.4 where the - -disable-root-mailer configure option had no effect. * Added a --disable-leaks configure option that avoids some memory leaks on exit that would otherwise occur. This is intended to be used with development tools that measure memory leaks. It is not safe to use in production at this time. * Plugged some memory leaks identified by oss-fuzz and ASAN. * Fixed the handling of sudoOptions for an LDAP sudoRole that contains multiple sudoCommands. Previously, some of the options would only be applied to the first sudoCommand. * Fixed a potential out of bounds read in the parsing of NOTBEFORE and NOTAFTER sudoers command options (and their LDAP equivalents). * The parser used for reading I/O log JSON files is now more resilient when processing invalid JSON. * Fixed typos that prevented "make uninstall" from working. * Fixed a regression introduced in sudo 1.9.4 where the last line in a sudoers file might not have a terminating NUL character added if no newline was present. * Integrated oss-fuzz and LLVM's libFuzzer with sudo. The new - -enable-fuzzer configure option can be combined with the - -enable-sanitizer option to build sudo with fuzzing support. Multiple fuzz targets are available for fuzzing different parts of sudo. Fuzzers are built and tested via "make fuzz" or as part of "make check" (even when sudo is not built with fuzzing support). Fuzzing support currently requires the LLVM clang compiler (not gcc). * Fixed the --enable-static-sudoers configure option. * Fixed a potential out of bounds read sudo when is run by a user with more groups than the value of "max_groups" in sudo.conf. * Added an "admin_flag" sudoers option to make the use of the ~/.sudo_as_admin_successful file configurable on systems where sudo is build with the --enable-admin-flag configure option. This mostly affects Ubuntu and its derivatives. * The "max_groups" setting in sudo.conf is now limited to 1024. This setting is obsolete and should no longer be needed. * Fixed a bug in the tilde expansion of "CHROOT=dir" and "CWD=dir" sudoers command options. A path "~/foo" was expanded to "/home/userfoo" instead of "/home/user/foo". This also affects the runchroot and runcwd Defaults settings. * Fixed a bug on systems without a native getdelim(3) function where very long lines could cause parsing of the sudoers file to end prematurely. * Fixed a potential integer overflow when converting the timestamp_timeout and passwd_timeout sudoers settings to a timespec struct. * The default for the "group_source" setting in sudo.conf is now "dynamic" on macOS. Recent versions of macOS do not reliably return all of a user's non-local groups via getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. * Fixed a potential use-after-free in the PAM conversation function. * Fixed potential redefinition of sys/stat.h macros in sudo_compat.h.