Packages changed: aaa_base (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1) bash dmidecode filesystem gzip haproxy (2.0.3+git14.0ff395c1 -> 2.0.5+git0.d905f49a) ldb (1.5.4 -> 1.5.5) libdb-4_8 libgcrypt (1.8.4 -> 1.8.5) libsodium python-cheroot shadow snapper yomi-formula (0.0.1+git.1565868437.c6afdff -> 0.0.1+git.1566569312.4133e8e) zstd (1.4.2 -> 1.4.3) === Details === ==== aaa_base ==== Version update (84.87+git20190718.ce933cb -> 84.87+git20190822.82a17f1) - Update to version 84.87+git20190822.82a17f1: * add sysctl.d/51-network.conf to tighten network security a bit see also (boo#1146866) (jira#SLE-9132) ==== bash ==== - Add official patch bash50-008 When HISTSIZE is set to 0, history expansion can leave the history length set to an incorrect value, leading to subsequent attempts to access invalid memory. - Add official patch bash50-009 The history file reading code doesn't close the file descriptor open to the history file when it encounters a zero-length file. ==== dmidecode ==== 2 recommended fixes from upstream: - dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch: Only scan /dev/mem for entry point on x86 (fixes reboot on ARM64). - dmidecode-fix-formatting-of-tpm-table-output.patch: Fix formatting of TPM table output (missing newlines). ==== filesystem ==== - Move /etc.cron.* directories to cron package - Add /usr/etc ==== gzip ==== - refresh gzip-1.10-ibm_dfltcc_support.patch to fix three data corruption issues [bsc#1145276] [jsc#SLE-5818] [jsc#SLE-8914] ==== haproxy ==== Version update (2.0.3+git14.0ff395c1 -> 2.0.5+git0.d905f49a) - enable prometheus exporter - enable verbose make output - Update to version 2.0.5+git0.d905f49a: * [RELEASE] Released version 2.0.5 * BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe. * MINOR: fd: make sure to mark the thread as not stuck in fd_update_events() * BUG/MINOR: stats: Wait the body before processing POST requests * BUG/MEDIUM: lua: Fix test on the direction to set the channel exp timeout * BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not connected. * BUG/MINOR: Fix prometheus '# TYPE' and '# HELP' headers * BUG/MINOR: lua: fix setting netfilter mark * BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the conn_stream. * BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading TCP=>H1+HTX. * BUG/MINOR: buffers/threads: always clear a buffer's head before releasing it * MINOR: ssl: ssl_fc_has_early should work for BoringSSL * BUG/MINOR: ssl: fix 0-RTT for BoringSSL * BUG/MEDIUM: stick-table: Wrong stick-table backends parsing. * [RELEASE] Released version 2.0.4 * BUG/MEDIUM: checks: make sure to close nicely when we're the last to speak * BUG/MINOR: mux-h2: always reset rcvd_s when switching to a new frame * BUG/MINOR: mux-h2: always send stream window update before connection's * BUG/MEDIUM: mux-h2: do not recheck a frame type after a state transition * BUG/MINOR: mux-h2: do not send REFUSED_STREAM on aborted uploads * BUG/MINOR: mux-h2: use CANCEL, not STREAM_CLOSED in h2c_frt_handle_data() * BUG/MINOR: mux-h2: don't refrain from sending an RST_STREAM after another one * BUG/MEDIUM: fd: Always reset the polled_mask bits in fd_dodelete(). * BUG/MEDIUM: proxy: Make sure to destroy the stream on upgrade from TCP to H2 * BUG/MEDIUM: mux-h2: split the stream's and connection's window sizes * BUG/MEDIUM: mux-h2: unbreak receipt of large DATA frames * BUG/MINOR: stream-int: also update analysers timeouts on activity * BUG/MAJOR: http/sample: use a static buffer for raw -> htx conversion * BUG/MEDIUM: lb-chash: Ensure the tree integrity when server weight is increased * MINOR: wdt: also consider that waiting in the thread dumper is normal * BUG/MINOR: debug: fix a small race in the thread dumping code ==== ldb ==== Version update (1.5.4 -> 1.5.5) - Update to 1.5.5 + LDAP_REFERRAL_SCHEME_OPAQUE was added to ldb_module.h; (bso#12478); + Skip @ records early in a search full scan; (bso#13893); ==== libdb-4_8 ==== - Add opd deadlock patch as found and documented by Red Hat. (bsc#1148244) * 0001-OPD-deadlock-RH-BZ-1349779.patch - Remove the getpatches as it does not work at all, oracle removed the pages - Use spec-cleaner - Fix stripped debuginfo to make sure we can debug with libdb ==== libgcrypt ==== Version update (1.8.4 -> 1.8.5) - libgcrypt 1.8.5: * CVE-2019-13627: mitigation against an ECDSA timing attack (boo#1148987) * Improve ECDSA unblinding * Provide a pkg-config file ==== libsodium ==== - Revert previous change about cpuid as previous change rejected in https://build.opensuse.org/request/show/724809 - Disable LTO as bypass boo#1148184 - Add libsodium_configure_cpuid_chg.patch and call autoconf to regenerate configure script with proper CPUID checking. Required at least for PowerPC and ARM now that LTO enabled. ==== python-cheroot ==== - Add cheroot_fix_so_peercred_ppc.patch to solve python 2.7 tests failures for PowerPC, boo#1147151 - Drop dependency on backports.functools_lru_cache for the python3 subpackage This fixes bsc#1149124 ==== shadow ==== - bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature - Update pamd.tar.bz2 with pam configuration files accordingly - encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS - shadow-login_defs-suse.patch: remove encryption NIS entry ==== snapper ==== Subpackages: libsnapper4 - reusing existing subvolumes on mksubvolume run (bsc#1138725, bsc#1126900, gh#openSUSE/snapper#236) ==== yomi-formula ==== Version update (0.0.1+git.1565868437.c6afdff -> 0.0.1+git.1566569312.4133e8e) - Lower the priority of /usr/share/yomi/pillar - Update to version 0.0.1+git.1566569312.4133e8e: * storage.wipe: state to wipe all devices - Update to version 0.0.1+git.1566565353.86af2cb: * devices.hwinfo: parse the hwinfo report - Update to version 0.0.1+git.1565683297.a242917: * pillar: make grub2_console persent in config - Update to version 0.0.1+git.1565626987.fdda5d6: * grub2_mkconfig: do not use gfxterm when in console mode * docs: update links to Factory * pillar: use better default pattern - Update to version 0.0.1+git.1565607953.281fdae: * bootloader: provides a default value to kernel - Update to version 0.0.1+git.1565597137.7fbd398: * devices.hwinfo provide a basic report module * devices.wipe: remove GRUB signature * bootloader: check for the second stage * reboot: replace kexec config option with reboot - Update to version 0.0.1+git.1565191883.64eabeb: * devices.wipe: clean disk information * pillar: add to MicroOS the new subvols * pillar: fix services for MicroOS * partitioned: ignore flags that contains type= * partitioned: wipefs the new partition - Update to version 0.0.1+git.1565017592.7207cea: * documentation: add a note about the pillar top.sls - Update to version 0.0.1+git.1564577012.3d7decf: * _default_target: fix systemctl call * documentation: add top.sls creation - Change Requires to Requires(pre) for Salt packages, to guarantee ordering of installation and the presence of the 'salt' group. - Require salt-master for non SLE/Leap 15.1 nor Tumbleweed - Remove the top.sls provided as an example from Yomi - Update to version 0.0.1+git.1564144697.5bce6e9: * pillar: add user certificate as example - Update to version 0.0.1+git.1564140669.8074699: * chroot: freeze and unfreeze packages * salt-minion: fix unless condition * users: support cerfificates * pillar: parametrize the device type * pillar: remove extra user * pillar: set US as default keryboard layout * pillar: add a Kubic pillar * Split documentation about Kubic * Document boot parameters master and minion_id * _default_target: add config option to set target * README: fix references to installer.sls - Update to version 0.0.1+git.1560951712.33b7ae5: * control_plane: use the first interface IP * Fix macros.log call * use-case-as-a-kubic-worker: fix monitor path - Update to version 0.0.1+git.1560947494.0b6189a: * network: fix dhcp config path - Update to version 0.0.1+git.1560946703.1c4d880: * Add use-case-deploying-kubic-from-scratch document - Update to version 0.0.1+git.1560859479.b7d8fe1: * network: configure network to accept hostanames * Document --adv-addr in kubicctl - Update to version 0.0.1+git.1560775166.35e3299: * network: use the same ifcfg config file from YaST * Add advanced configuration section * Add use-case-as-a-kubic-worker documentation - Update to version 0.0.1+git.1560526707.be4ae81: * top: use generic glob - Update to version 0.0.1+git.1560504884.48ef883: * yomi: move all the states to a new ns - Move to /usr/share/salt-formulas - Add example configuration files - Update to version 0.0.1+git.1560256453.82ef153: * mark: mark successful installations * firstboot: add systemd-firstboot support * network: configure all interfaces * fstab: use the not_change attribute * Support salt-minion installation * Unify YAML boolean syntax * network: replace network detection algorithm * README: document services section * services: use systemctl to find service status * microos: enable crio and kubelet services * services: add enabled / disabled states * microos: add Kubic patterns * devices: deduce the net name in order * network: add basic network configuration * software: support minimal installation * MicroOS: add extra bootloader data * MicroOS: add RO option for root subvolume * MicroOS: fix size typo * software: support pattern detection * fstab: support non-default options * post_install: use the btrfs.properties state * MicroOS: Add new patterns in software section * bootloader: Call grub2-set-default * bootloader: Run grub2_mkconfig after configuration change * bootloader: Add kernel and disable_os_prober features * software: do not jump into inner states * post_install: do not jump into inner states * Rename states to use underscore * device.umount: fix variable name * MicroOS: use patterns instead of packages * MicroOS: Add a pillar to deploy MicroOS * LVM: Refactor LVM definition * pillar: parametrize all the pillars * devices.filter: rename to filter_ and create an alias - Update to version 0.0.1+git.1553705260.c137d0e: * partmod: move partition logic to the module * Extract unit parser from partitioned * partition: introduce `id` attribute * partitioned: move partitioned.devices to devices.filter * partition: simplify fs_type look out * partitioned: rename aligment to initial_gap * README.md: Remove extra dot * README.md: Comment about UEFI and secure boot. * README.md: Add some notes about monitor. * README.md: Add installation instructions. - Add initial version of Salt Yomi formula ==== zstd ==== Version update (1.4.2 -> 1.4.3) - Update to version 1.4.3 * bug: Fix Dictionary Compression Ratio Regression (#1709) * bug: Fix Buffer Overflow in v0.3 Decompression (#1722) * build: Add support for IAR C/C++ Compiler for Arm (#1705) * misc: Add NULL pointer check in util.c (#1706)