Packages changed: aaa_base (84.87+git20190109.b66cf03 -> 84.87+git20190404.8684de3) bash bash-completion btrfsprogs cri-o (1.13.3 -> 1.14.0) cri-tools (1.13.0 -> 1.14.0) e2fsprogs (1.44.5 -> 1.45.0) glibc gpgme (1.12.0 -> 1.13.0) iptables kernel-default-base (5.0.3 -> 5.0.6) kernel-source (5.0.5 -> 5.0.6) kubernetes (1.13.4 -> 1.14.0) libcontainers-common (20190219 -> 20190401) libsolv (0.7.3 -> 0.7.4) libyajl libzypp (17.11.3 -> 17.11.4) podman (1.1.2 -> 1.2.0) python-rpm-macros (20190315.d3034bf -> 20190402.c88be49) update-alternatives wicked (0.6.53 -> 0.6.54) xen (4.12.0_07 -> 4.12.0_08) === Details === ==== aaa_base ==== Version update (84.87+git20190109.b66cf03 -> 84.87+git20190404.8684de3) - Update to version 84.87+git20190404.8684de3: * Add two Scheme/LISP based shells to /etc/shells * /etc/profile does not work in AppArmor-confined containers (bsc#1096191) - Update to version 84.87+git20190307.00d332a: * update logic for JRE_HOME env variable (bsc#1128246) ==== bash ==== - Add temporary fix from upstream for boo#1128936 - Add patch assignment-preceding-builtin.patch from upstream mailing list. Note that this break backward behaviour with bash-4.4 but implies that POSIX mode is more correct - Replace the temporary patch with official bash50-003 ==== bash-completion ==== - Removed bts completions (upcoming devscript package contains a more recent one). ==== btrfsprogs ==== Subpackages: btrfsprogs-udev-rules libbtrfs0 - Use correct path for dracut-fsck-help.txt in module-setup.sh (bsc#1122539) * Remove module-setup.sh * Add module-setup.sh.in ==== cri-o ==== Version update (1.13.3 -> 1.14.0) Subpackages: cri-o-kubeadm-criconfig - Introduce new runtime dependency conntrack-tools: the conntrack package is required to avoid failures in network connection cleanup. - Update cri-o to v1.14.0 * Fix possible out of bounds access during log parsing - Update default configuration file: crio.network.plugin_dir is now a list instead of being a string ==== cri-tools ==== Version update (1.13.0 -> 1.14.0) - Update cri-tools to v1.14.0: * CRI CLI (crictl) * Adds imagefsinfo subcommand for CRI ImageFSInfo() method. * Adds support to filter containers by image. * Fixes a bug when removing multiple containers. * Reduces the default connection timeout value. * Fixes the exit code for crictl exec. * Updated the instructions fro godep. * Adds support of -q for crictl info. * Adds support of zsh completion. * Upgrades kubernetes version to 1.14. * CRI validation testing (critest) * Adds a benchmark testcase for measuring the time of creating pod and a container. * Changes streaming tests to omit newlines on echo * Adds support of critest for Windows container runtime. * Updates test environment to xenial and fixes docker installation. * Updates Go version to 1.12. ==== e2fsprogs ==== Version update (1.44.5 -> 1.45.0) Subpackages: libcom_err2 libext2fs2 - configure-Fix-autoheader-failure.patch: Fix autoheader failure - Update to 1.45.0 * Add support to force check at the next fsck run to tune2fs * Add e2scrub script to run e2fsck on LVM backed filesystem * Mke2fs will attempt to use ZERO_RANGE before PUNCH_HOLE so that we don't lose allocated blocks in preallocated files * Initial support for setting character set encoding * Add support for setting inode checksum to debugfs * Add support for specifying superblock location to e2image * Fix e4defrag to handle situation when files are created while it is running * Fix e2fsck to handle dirs > 2 GiB when largedir feature is enabled * Fix mke2fs huge file creation * Fix libext2fs to be more robust against invalid group descriptors * Fix mke2fs and debugfs to correctly copy files > 2 GiB * Fix memory leaks in debugfs, mke2fs, and e2freefrag ==== glibc ==== Subpackages: glibc-locale glibc-locale-base - japanese-era-name-may-2019.patch: ja_JP locale: Add entry for the new Japanese era (BZ #22964) - Replace glibc_post_upgrade with lua script ==== gpgme ==== Version update (1.12.0 -> 1.13.0) - gpgme 1.13.0: * Support GPGME_AUDITLOG_DIAG for gpgsm * New context flag "trust-model". * Aligned the gpgrt-config code with our other libaries * Auto-check for all installed Python versions * Fixed generating card key in the C++ bindings * Fixed a segv due to bad parameters in genkey * Fixed crash if the plaintext is ignored in a CMS verify * Fixed test suite problems related to dtags * Fixed bunch of python bugs * Several fixes to the Common Lisp bindings * Fixed minor bugs in gpgme-json * Require trace level 8 to dump all I/O data * The compiler must now support variadic macros - drop gpgme-key-expirity.patch, included upstream ==== iptables ==== Subpackages: libiptc0 libxtables12 xtables-plugins - Add iptables-1.8.2-dont_read_garbage.patch that fixes a situation where 'iptables -L' reads garbage from the struct as the kernel never filled it in the bugged case. This can lead to issues like mapping a few TiB of memory [bsc#1106751]. ==== kernel-default-base ==== Version update (5.0.3 -> 5.0.6) - Add dw_mmc-bluefield driver (bsc#1118752) - Add back bpfilter, got lost during split (boo#1106751) ==== kernel-source ==== Version update (5.0.5 -> 5.0.6) Subpackages: kernel-debug kernel-default - Linux 5.0.6 (bnc#1012628). - mt76x02u: use usb_bulk_msg to upload firmware (bnc#1012628). - bpf: do not restore dst_reg when cur_state is freed (bnc#1012628). - KVM: x86: update %rip after emulating IO (bnc#1012628). - KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (bnc#1012628). - KVM: Reject device ioctls from processes other than the VM's creator (bnc#1012628). - x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y (bnc#1012628). - cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n (bnc#1012628). - watchdog: Respect watchdog cpumask on CPU hotplug (bnc#1012628). - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bnc#1012628). - powerpc/64: Fix memcmp reading past the end of src/dest (bnc#1012628). - powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes (bnc#1012628). - objtool: Query pkg-config for libelf location (bnc#1012628). - perf intel-pt: Fix TSC slip (bnc#1012628). - perf pmu: Fix parser error for uncore event alias (bnc#1012628). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (bnc#1012628). - mm/page_isolation.c: fix a wrong flag in set_migratetype_isolate() (bnc#1012628). - mm/memory_hotplug.c: fix notification in offline error path (bnc#1012628). - mm/debug.c: fix __dump_page when mapping->host is not set (bnc#1012628). - mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified (bnc#1012628). - iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging (bnc#1012628). - mm: add support for kmem caches in DMA32 zone (bnc#1012628). - mm/hotplug: fix offline undo_isolate_page_range() (bnc#1012628). - usb: typec: Fix unchecked return value (bnc#1012628). - usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps (bnc#1012628). - usb: cdc-acm: fix race during wakeup blocking TX traffic (bnc#1012628). - xhci: Don't let USB3 ports stuck in polling state prevent suspend (bnc#1012628). - usb: xhci: dbc: Don't free all memory with spinlock held (bnc#1012628). - xhci: Fix port resume done detection for SS ports with LPM enabled (bnc#1012628). - usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk (bnc#1012628). - mm/memory.c: fix modifying of page protection by insert_pfn() (bnc#1012628). - usb: common: Consider only available nodes for dr_mode (bnc#1012628). - USB: gadget: f_hid: fix deadlock in f_hidg_write() (bnc#1012628). - usb: mtu3: fix EXTCON dependency (bnc#1012628). - phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs (bnc#1012628). - gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input (bnc#1012628). - gpio: exar: add a check for the return value of ida_simple_get fails (bnc#1012628). - drm/i915/icl: Fix the TRANS_DDI_FUNC_CTL2 bitfield macro (bnc#1012628). - drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check (bnc#1012628). - drm/i915: Mark AML 0x87CA as ULX (bnc#1012628). - drm/vkms: fix use-after-free when drm_gem_handle_create() fails (bnc#1012628). - drm/vgem: fix use-after-free when drm_gem_handle_create() fails (bnc#1012628). - cpufreq: scpi: Fix use after free (bnc#1012628). - cpufreq: intel_pstate: Also use CPPC nominal_perf for base_frequency (bnc#1012628). - blk-mq: fix sbitmap ws_active for shared tags (bnc#1012628). - drivers/block/zram/zram_drv.c: fix idle/writeback string compare (bnc#1012628). - fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (bnc#1012628). - Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc (bnc#1012628). - ACPI / CPPC: Fix guaranteed performance handling (bnc#1012628). - USB: serial: option: add Olicard 600 (bnc#1012628). - USB: serial: option: add support for Quectel EM12 (bnc#1012628). - USB: serial: option: set driver_info for SIM5218 and compatibles (bnc#1012628). - USB: serial: mos7720: fix mos_parport refcount imbalance on error path (bnc#1012628). - USB: serial: ftdi_sio: add additional NovaTech products (bnc#1012628). - USB: serial: cp210x: add new device id (bnc#1012628). - serial: sh-sci: Fix setting SCSCR_TIE while transferring data (bnc#1012628). - serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference (bnc#1012628). - serial: max310x: Fix to avoid potential NULL pointer dereference (bnc#1012628). - staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir() (bnc#1012628). - staging: erofs: fix error handling when failed to read compresssed data (bnc#1012628). - staging: erofs: fix to handle error path of erofs_vmap() (bnc#1012628). - staging: vt6655: Fix interrupt race condition on device start up (bnc#1012628). - staging: vt6655: Remove vif check from vnt_interrupt (bnc#1012628). - staging: speakup_soft: Fix alternate speech with other synths (bnc#1012628). - staging: olpc_dcon_xo_1: add missing 'const' qualifier (bnc#1012628). - staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest (bnc#1012628). - tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup (bnc#1012628). - tty: atmel_serial: fix a potential NULL pointer dereference (bnc#1012628). - tty: mxs-auart: fix a potential NULL pointer dereference (bnc#1012628). - tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped (bnc#1012628). - tty/serial: atmel: Add is_half_duplex helper (bnc#1012628). - drm/rockchip: vop: reset scale mode when win is disabled (bnc#1012628). - scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices (bnc#1012628). - scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (bnc#1012628). - scsi: sd: Quiesce warning if device does not report optimal I/O size (bnc#1012628). - scsi: sd: Fix a race between closing an sd device and sd I/O (bnc#1012628). - ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock (bnc#1012628). - fs/open.c: allow opening only regular files during execve() (bnc#1012628). - kbuild: modversions: Fix relative CRC byte order interpretation (bnc#1012628). - ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops (bnc#1012628). - ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256 (bnc#1012628). - ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bnc#1012628). - ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bnc#1012628). - ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bnc#1012628). - ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bnc#1012628). - ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bnc#1012628). - ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB (bnc#1012628). - ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO (bnc#1012628). - ALSA: hda/realtek: merge alc_fixup_headset_jack to alc295_fixup_chromebook (bnc#1012628). - ALSA: hda/realtek - Fixed Headset Mic JD not stable (bnc#1012628). - ALSA: pcm: Don't suspend stream in unrecoverable PCM state (bnc#1012628). - ALSA: pcm: Fix possible OOB access in PCM oss plugins (bnc#1012628). - ALSA: seq: oss: Fix Spectre v1 vulnerability (bnc#1012628). - ALSA: rawmidi: Fix potential Spectre v1 vulnerability (bnc#1012628). - net: dsa: qca8k: remove leftover phy accessors (bnc#1012628). - NFSv4.1 don't free interrupted slot on open (bnc#1012628). - NFS: fix mount/umount race in nlmclnt (bnc#1012628). - NFS: Fix nfs4_lock_state refcounting in nfs4_alloc_{lock,unlock}data() (bnc#1012628). - vfio: ccw: only free cp on final interrupt (bnc#1012628). - powerpc: bpf: Fix generation of load/store DW instructions (bnc#1012628). - ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time (bnc#1012628). - tracing: initialize variable in create_dyn_event() (bnc#1012628). - locks: wake any locks blocked on request before deadlock check (bnc#1012628). - Btrfs: fix assertion failure on fsync with NO_HOLES enabled (bnc#1012628). - btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size (bnc#1012628). - btrfs: Fix bound checking in qgroup_trace_new_subtree_blocks (bnc#1012628). - btrfs: raid56: properly unmap parity page in finish_parity_scrub() (bnc#1012628). - btrfs: don't report readahead errors and don't update statistics (bnc#1012628). - btrfs: remove WARN_ON in log_dir_items (bnc#1012628). - Btrfs: fix incorrect file size after shrinking truncate and fsync (bnc#1012628). - powerpc/fsl: Fix the flush of branch predictor (bnc#1012628). - tun: add a missing rcu_read_unlock() in error path (bnc#1012628). - ila: Fix rhashtable walker list corruption (bnc#1012628). - r8169: fix cable re-plugging issue (bnc#1012628). - net: phy: don't clear BMCR in genphy_soft_reset (bnc#1012628). - net: mii: Fix PAUSE cap advertisement from linkmode_adv_to_lcl_adv_t() helper (bnc#1012628). - net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode (bnc#1012628). - thunderx: eliminate extra calls to put_page() for pages held for recycling (bnc#1012628). - thunderx: enable page recycling for non-XDP case (bnc#1012628). - vxlan: Don't call gro_cells_destroy() before device is unregistered (bnc#1012628). - vrf: prevent adding upper devices (bnc#1012628). - tun: properly test for IFF_UP (bnc#1012628). - tipc: fix cancellation of topology subscriptions (bnc#1012628). - tipc: change to check tipc_own_id to return in tipc_net_stop (bnc#1012628). - tipc: allow service ranges to be connect()'ed on RDM/DGRAM (bnc#1012628). - tcp: do not use ipv6 header for ipv4 flow (bnc#1012628). - sctp: use memdup_user instead of vmemdup_user (bnc#1012628). - sctp: get sctphdr by offset in sctp_compute_cksum (bnc#1012628). - rhashtable: Still do rehash when we get EEXIST (bnc#1012628). - packets: Always register packet sk in the same order (bnc#1012628). - net: usb: aqc111: Extend HWID table by QNAP device (bnc#1012628). - net-sysfs: call dev_hold if kobject_init_and_add success (bnc#1012628). - net: stmmac: fix memory corruption with large MTUs (bnc#1012628). - net: rose: fix a possible stack overflow (bnc#1012628). - net: phy: meson-gxl: fix interrupt support (bnc#1012628). - net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec (bnc#1012628). - net: datagram: fix unbounded loop in __skb_try_recv_datagram() (bnc#1012628). - net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 (bnc#1012628). - mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S (bnc#1012628). - mac8390: Fix mmio access size probe (bnc#1012628). - ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL (bnc#1012628). - gtp: change NET_UDP_TUNNEL dependency to select (bnc#1012628). - genetlink: Fix a memory leak on error path (bnc#1012628). - dccp: do not use ipv6 header for ipv4 flow (bnc#1012628). - netfilter: nf_tables: fix set double-free in abort path (bnc#1012628). - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (bnc#1012628). - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (bnc#1012628). - commit dff56e4 - efifb: Omit memory map check on legacy boot (bsc#1127339). - commit 0b95959 - Revert "drm/i915/fbdev: Actually configure untiled displays" (bsc#1129027, bsc#1131048). - commit 591a6df - config: arm64: enable CPPC support - commit 1a52e49 ==== kubernetes ==== Version update (1.13.4 -> 1.14.0) Subpackages: kubernetes-client kubernetes-common kubernetes-kubeadm kubernetes-kubelet - Update to version 1.14.0: * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md * kubeadm now auto detects which CRI runtimes are available * bump required minimum go version to 1.12.1 (strings package compatibility) * Restore machine readability to the print-join-command output - Remove obsolete patch kubeadm-Support-Kernel-5.0-gh74355.patch - Remove obsolete patch make-e2e_node-run-over-distro-bins.patch ==== libcontainers-common ==== Version update (20190219 -> 20190401) - Update to libpod v1.2.0 * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid * Move pkg/util default storage functions from libpod to containers/storage - Update to image v1.5 * Minor behind the scene bugfixes, no user facing changes - Update to storage v1.12.1 * Move pkg/util default storage functions from libpod to containers/storage * containers/storage no longer depends on containers/image - Version 20190401 ==== libsolv ==== Version update (0.7.3 -> 0.7.4) - repo_add_rpmdb: do not copy bad solvables from the old solv file - fix cleandeps updates not updating all packages - experimental DISTTYPE_CONDA and REL_CONDA support - bump version to 0.7.4 ==== libyajl ==== - Install pkgconfig into libdir instead of datadir with libyajl-pkgconfig.patch - Use autosetup and cmake_build macro - Rename macro soname to sover ==== libzypp ==== Version update (17.11.3 -> 17.11.4) - Enhance scanning /sys for modaliases (bsc#1130161) - version 17.11.4 (9) - Prevent SEGV if the application sets an empty TextLocale (bsc#1127026) - Fix build with CMake >= 3.14.0: Starting with CMake 3.14, EXCLUDE_FROM_ALL now spreads from directories to targets. 'make -C someSubdir' when 'someSubdir' uses the 'EXCLUDE_FROM_ALL' keyword does nothing. (gh/libzypp#libzypp#165) ==== podman ==== Version update (1.1.2 -> 1.2.0) Subpackages: podman-cni-config - Update to podman 1.2.0 * Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect * The podman events command was added to show a stream of significant events * The podman ps command now supports a --watch flag that will refresh its output on a given interval * The podman image tree command was added to show a tree representation of an image's layers * The podman logs command can now display logs for multiple containers at the same time * The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option * The podman images command can now filter images by reference * The podman system df command was added to show disk usage by Podman * The --add-host option can now be used by containers sharing a network namespace * The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself * Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid * The podman runlabel command now supports the --replace option to replace containers using the name requested * Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command * The podman play kube command now supports the HostPath and VolumeMounts YAML fields * Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create * The podman version command now supports the {{ json . }} template (which outputs JSON) * Podman can now forward ports using the SCTP protocol - Update conmon to cri-o 1.14.0 - Stop building for i586 (not supported by upstream, does not build) ==== python-rpm-macros ==== Version update (20190315.d3034bf -> 20190402.c88be49) - Update to version 20190402.c88be49: * Add missing $ expansion on the pytest call ==== update-alternatives ==== - Remove useless uses of rpm.expand - Fix use of file:close ==== wicked ==== Version update (0.6.53 -> 0.6.54) Subpackages: libwicked-0-6 wicked-service - version 0.6.54 - switch to use systemd notify and prevent event backlog at start by calling udevadm settle before starting wickedd (bsc#1118206) - dhcp6: don't discard confirm reply without status (bsc#1127340) - ethtool: set lro legacy flag and not txvlan (bsc#1123555) - init memory before use in ioctl - fsm: fix find pending worker loop segfault (boo#1106809) ==== xen ==== Version update (4.12.0_07 -> 4.12.0_08) - Update to Xen 4.12.0 FCS release (fate#325107, fate#323901) xen-4.12.0-testing-src.tar.bz2 * HVM/PVH and PV only Hypervisor: The Xen 4.12 release separates the HVM/PVH and PV code paths in Xen and provides KCONFIG options to build a PV only or HVM/PVH only hypervisor. * QEMU Deprivilege (DM_RESTRICT): In Xen 4.12, this feature has been vastly improved. * Argo - Hypervisor-Mediated data eXchange: Argo is a new inter- domain communication mechanism. * Improvements to Virtual Machine Introspection: The VMI subsystem which allows detection of 0-day vulnerabilities has seen many functional and performance improvements. * Credit 2 Scheduler: The Credit2 scheduler is now the Xen Project default scheduler. * PVH Support: Grub2 boot support has been added to Xen and Grub2. * PVH Dom0: PVH Dom0 support has now been upgraded from experimental to tech preview. * The Xen 4.12 upgrade also includes improved IOMMU mapping code, which is designed to significantly improve the startup times of AMD EPYC based systems. * The upgrade also features Automatic Dom0 Sizing which allows the setting of Dom0 memory size as a percentage of host memory (e.g. 10%) or with an offset (e.g. 1G+10%).