Packages changed: gsettings-desktop-schemas installation-images-MicroOS (16.2 -> 16.3) libcontainers-common libjcat (0.1.2+3 -> 0.1.3) microos-tools (2.1 -> 2.2) podman (1.9.3 -> 2.0.4) ppp (2.4.7 -> 2.4.8) python-jsonpatch (1.25 -> 1.26) python-urllib3 (1.25.9 -> 1.25.10) setools systemd webkit2gtk3 (2.28.3 -> 2.28.4) xen (4.13.1_04 -> 4.14.0_02) === Details === ==== gsettings-desktop-schemas ==== - Call %meson_build in %build section, not %meson_install. ==== installation-images-MicroOS ==== Version update (16.2 -> 16.3) - merge gh#openSUSE/installation-images#398 - Update the environment variable reference (doc/configoptions.md) - Removed obsolete bin/mk_boot - Remove unused liveeval option - 16.3 ==== libcontainers-common ==== - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) ==== libjcat ==== Version update (0.1.2+3 -> 0.1.3) - Update to version 0.1.3: * Export the JcatBlobKind and JcatBlobMethod on the result * trivial: source the version header when including <jcat.h> ==== microos-tools ==== Version update (2.1 -> 2.2) - Update to version 2.2 - tmpfs support got moved to systemd ==== podman ==== Version update (1.9.3 -> 2.0.4) Subpackages: podman-cni-config - Update to v2.0.4 * Fixed a bug where the output of podman image search did not populate the Description field as it was mistakenly assigned to the ID field. * Fixed a bug where podman build - and podman build on an HTTP target would fail. * Fixed a bug where rootless Podman would improperly chown the copied-up contents of anonymous volumes (#7130). * Fixed a bug where Podman would sometimes HTML-escape special characters in its CLI output. * Fixed a bug where the podman start --attach --interactive command would print the container ID of the container attached to when exiting (#7068). * Fixed a bug where podman run --ipc=host --pid=host would only set --pid=host and not --ipc=host (#7100). * Fixed a bug where the --publish argument to podman run, podman create and podman pod create would not allow binding the same container port to more than one host port (#7062). * Fixed a bug where incorrect arguments to podman images --format could cause Podman to segfault. * Fixed a bug where podman rmi --force on an image ID with more than one name and at least one container using the image would not completely remove containers using the image (#7153). * Fixed a bug where memory usage in bytes and memory use percentage were swapped in the output of podman stats - -format=json. * Fixed a bug where the libpod and compat events endpoints would fail if no filters were specified (#7078). * Fixed a bug where the CgroupVersion field in responses from the compat Info endpoint was prefixed by "v" (instead of just being "1" or "2", as is documented). - Remove obsolete libpod.conf from Package sources - libpod got renamed to podman on GitHub. Point _service file to the new name. - Remove obsolete old Requires on libcontainers-image and -storage all of that is inside libcontainers-common - Require a new enough libcontainers-common version to have the default containers.conf installed. - Remove deprecated libpod.conf and create an update notice pointing to containers.conf for user that made changes to libpod.conf - Suggest katacontainers instead of recommending it. It's not enabled by default, so it's just bloat - Update to v2.0.3 * Fix handling of entrypoint * log API: add context to allow for cancelling * fix API: Create container with an invalid configuration * Remove all instances of named return "err" from Libpod * Fix: Correct connection counters for hijacked connections * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics * Remove hijacked connections from active connections list * version/info: format: allow more json variants * Correctly print STDOUT on non-terminal remote exec * Fix container and pod create commands for remote create * Mask out /sys/dev to prevent information leak from the host * Ensure sig-proxy default is propagated in start * Add SystemdMode to inspect for containers * When determining systemd mode, use full command * Fix lint * Populate remaining unused fields in `pod inspect` * Include infra container information in `pod inspect` * play-kube: add suport for "IfNotPresent" pull type * docs: user namespace can't be shared in pods * Fix "Error: unrecognized protocol \"TCP\" in port mapping" * Error on rootless mac and ip addresses * Fix & add notes regarding problematic language in codebase * abi: set default umask and rlimits * Used reference package with errors for parsing tag * fix: system df error when an image has no name * Fix Generate API title/description * Add noop function disable-content-trust * fix play kube doesn't override dockerfile ENTRYPOINT * Support default profile for apparmor * Bump github.com/containers/common to v0.14.6 * events endpoint: backwards compat to old type * events endpoint: fix panic and race condition * Switch references from libpod.conf to containers.conf * podman.service: set type to simple * podman.service: set doc to podman-system-service * podman.service: use default registries.conf * podman.service: use default killmode * podman.service: remove stop timeout * systemd: symlink user->system * vendor golang.org/x/text@v0.3.3 * Fix a bug where --pids-limit was parsed incorrectly * search: allow wildcards * [CI:DOCS]Do not copy policy.json into gating image * Fix systemd pid 1 test * Cirrus: Rotate keys post repo. rename - The libpod.conf(5) man page got removed and all references are now pointing towards containers.conf(5), which will be part of the libcontainers-common package. - Update to podman v2.0.2 * fix race condition in `libpod.GetEvents(...)` * Fix bug where `podman mount` didn't error as rootless * remove podman system connection * Fix imports to ensure v2 is used with libpod * Update release notes for v2.0.2 * specgen: fix order for setting rlimits * Ensure umask is set appropriately for 'system service' * generate systemd: improve pod-flags filter * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil * Fixes --remote flag issues * Pids-limit should only be set if the user set it * Set console mode for windows * Allow empty host port in --publish flag * Add a note on the APIs supported by `system service` * fix: Don't override entrypoint if it's `nil` * Set TMPDIR to /var/tmp by default if not set * test: add tests for --user and volumes * container: move volume chown after spec generation * libpod: volume copyup honors namespace mappings * Fix `system service` panic from early hangup in events * stop podman service in e2e tests * Print errors from individual containers in pods * auto-update: clarify systemd-unit requirements * podman ps truncate the command * move go module to v2 * Vendor containers/common v0.14.4 * Bump to imagebuilder v1.1.6 on v2 branch * Account for non-default port number in image name - Changes since v2.0.1 * Update release notes with further v2.0.1 changes * Fix inspect to display multiple label: changes * Set syslog for exit commands on log-level=debug * Friendly amendment for pr 6751 * podman run/create: support all transports * systemd generate: allow manual restart of container units in pods * Revert sending --remote flag to containers * Print port mappings in `ps` for ctrs sharing network * vendor github.com/containers/common@v0.14.3 * Update release notes for v2.0.1 * utils: drop default mapping when running uid!=0 * Set stop signal to 15 when not explicitly set * podman untag: error if tag doesn't exist * Reformat inspect network settings * APIv2: Return `StatusCreated` from volume creation * APIv2:fix: Remove `/json` from compat network EPs * Fix ssh-agent support * libpod: specify mappings to the storage * APIv2:doc: Fix swagger doc to refer to volumes * Add podman network to bash command completions * Fix typo in manpage for `podman auto update`. * Add JSON output field for ps * V2 podman system connection * image load: no args required * Re-add PODMAN_USERNS environment variable * Fix conflicts between privileged and other flags * Bump required go version to 1.13 * Add explicit command to alpine container in test case. * Use POLL_DURATION for timer * Stop following logs using timers * "pod" was being truncated to "po" in the names of the generated systemd unit files. * rootless_linux: improve error message * Fix podman build handling of --http-proxy flag * correct the absolute path of `rm` executable * Makefile: allow customizable GO_BUILD * Cirrus: Change DEST_BRANCH to v2.0 - Update to podman v2.0.0 * The `podman generate systemd` command now supports the `--new` flag when used with pods, allowing portable services for pods to be created. * The `podman play kube` command now supports running Kubernetes Deployment YAML. * The `podman exec` command now supports the `--detach` flag to run commands in the container in the background. * The `-p` flag to `podman run` and `podman create` now supports forwarding ports to IPv6 addresses. * The `podman run`, `podman create` and `podman pod create` command now support a `--replace` flag to remove and replace any existing container (or, for `pod create`, pod) with the same name * The `--restart-policy` flag to `podman run` and `podman create` now supports the `unless-stopped` restart policy. * The `--log-driver` flag to `podman run` and `podman create` now supports the `none` driver, which does not log the container's output. * The `--mount` flag to `podman run` and `podman create` now accepts `readonly` option as an alias to `ro`. * The `podman generate systemd` command now supports the `--container-prefix`, `--pod-prefix`, and `--separator` arguments to control the name of generated unit files. * The `podman network ls` command now supports the `--filter` flag to filter results. * The `podman auto-update` command now supports specifying an authfile to use when pulling new images on a per-container basis using the `io.containers.autoupdate.authfile` label. * Fixed a bug where the `podman exec` command would log to journald when run in containers loggined to journald ([#6555](https://github.com/containers/libpod/issues/6555)). * Fixed a bug where the `podman auto-update` command would not preserve the OS and architecture of the original image when pulling a replacement ([#6613](https://github.com/containers/libpod/issues/6613)). * Fixed a bug where the `podman cp` command could create an extra `merged` directory when copying into an existing directory ([#6596](https://github.com/containers/libpod/issues/6596)). * Fixed a bug where the `podman pod stats` command would crash on pods run with `--network=host` ([#5652](https://github.com/containers/libpod/issues/5652)). * Fixed a bug where containers logs written to journald did not include the name of the container. * Fixed a bug where the `podman network inspect` and `podman network rm` commands did not properly handle non-default CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)). * Fixed a bug where Podman did not properly remove containers when using the Kata containers OCI runtime. * Fixed a bug where `podman inspect` would sometimes incorrectly report the network mode of containers started with `--net=none`. * Podman is now better able to deal with cases where `conmon` is killed before the container it is monitoring. - Requires go 1.13 now ==== ppp ==== Version update (2.4.7 -> 2.4.8) - New version 2.4.8. * New pppd options have been added: * ifname, to set the name for the PPP interface device * defaultroute-metric, to set the metric for the default route * defaultroute6, to add an IPv6 default route (with nodefaultroute6 to prevent adding an IPv6 default route). * up_sdnotify, to have pppd notify systemd when the link is up. * The rp-pppoe plugin has new options: * host-uniq, to set the Host-Uniq value to send * pppoe-padi-timeout, to set the timeout for discovery packets * pppoe-padi-attempts, to set the number of discovery attempts. * Added the CLASS attribute in radius packets. * Fixed warnings and issues found by static analysis. - Obsoleted patches: * ppp-2.4.3-pppoatm.diff * ppp-2.4.4-strncatfix.patch * ppp-2.4.6-ifname.diff * ppp-2.4.7-DES-openssl.patch * ppp-2.4.7.tar.gz.asc * ppp-send-padt.patch - Patches that got renamed, because they needed rediffing: * ppp-2.4.1-higher-speeds.diff -> ppp-higher-speeds.patch * ppp-2.4.1-higher-speeds.diff -> ppp-higher-speeds.patch * ppp-2.4.2-__P.diff -> ppp-__P.patch * ppp-2.4.2-cifdefroute.diff -> ppp-cifdefroute.patch * ppp-2.4.2-pie.patch -> ppp-pie.patch * ppp-2.4.2-smpppd.diff -> ppp-smpppd.patch * ppp-2.4.3-filter.diff -> ppp-filter.patch * ppp-2.4.3-fork-fix.diff -> ppp-fork-fix.patch * ppp-2.4.4-var_run_resolv_conf.patch -> ppp-var_run_resolv_conf.patch * ppp-2.4.6-lib64.patch -> ppp-lib64.patch * ppp-2.4.6-make.diff -> ppp-make.patch * ppp-2.4.6-misc.diff -> ppp-misc.patch * ppp-2.4.7-fix-bashisms.patch -> ppp-fix-bashisms.patch - bsc#1172916: Fix an outdated comment for lcp-echo-interval. ==== python-jsonpatch ==== Version update (1.25 -> 1.26) - update to 1.26: * bugfixes (reject invalid json patches) ==== python-urllib3 ==== Version update (1.25.9 -> 1.25.10) - update to 1.25.10: * Added support for ``SSLKEYLOGFILE`` environment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull #1867) * Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull #1905) * Collapse chunked request bodies data and framing into one call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) * Don't insert ``None`` into ``ConnectionPool`` if the pool was empty when requesting a connection (Pull #1866) * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) ==== setools ==== - python3-setools needs python3-networkx ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Restore default upstream tmp.mount (/tmp as tmpfs) behaviour (boo#1173461) ==== webkit2gtk3 ==== Version update (2.28.3 -> 2.28.4) Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 webkit2gtk-4_0-injected-bundles - Update to version 2.28.4 (boo#1174662): + Fix several crashes and rendering issues. + Security fixes: CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925. ==== xen ==== Version update (4.13.1_04 -> 4.14.0_02) - Correct license name * GPL-3.0+ is now GPL-3.0-or-later - Upstream bug fixes (bsc#1027519) 5f1a9916-x86-S3-put-data-sregs-into-known-state.patch 5f21b9fd-x86-cpuid-APIC-bit-clearing.patch - Update to Xen 4.14.0 FCS release xen-4.14.0-testing-src.tar.bz2 * Linux stubdomains (contributed by QUBES OS) * Control-flow Enforcement Technology (CET) Shadow Stack support (contributed by Citrix) * Lightweight VM fork for fuzzing / introspection. (contributed by Intel) * Livepatch: buildid and hotpatch stack requirements * CONFIG_PV32 * Hypervisor FS support * Running Xen as a Hyper-V Guest * Domain ID randomization, persistence across save / restore * Golang binding autogeneration * KDD support for Windows 7, 8.x and 10 - Dropped patches contained in new tarball 5eb51be6-cpupool-fix-removing-cpu-from-pool.patch 5eb51caa-sched-vcpu-pause-flags-atomic.patch 5ec2a760-x86-determine-MXCSR-mask-always.patch 5ec50b05-x86-idle-rework-C6-EOI-workaround.patch 5ec7dcaa-x86-dont-enter-C6-with-in-service-intr.patch 5ec7dcf6-x86-dont-enter-C3-C6-with-errata.patch 5ec82237-x86-extend-ISR-C6-workaround-to-Haswell.patch 5ece1b91-x86-clear-RDRAND-CPUID-bit-on-AMD-fam-15-16.patch 5ece8ac4-x86-load_system_tables-NMI-MC-safe.patch 5ed69804-x86-ucode-fix-start-end-update.patch 5eda60cb-SVM-split-recalc-NPT-fault-handling.patch 5edf6ad8-ioreq-pending-emulation-server-destruction-race.patch 5edfbbea-x86-spec-ctrl-CPUID-MSR-defs-for-SRBDS.patch 5edfbbea-x86-spec-ctrl-mitigate-SRBDS.patch 5ee24d0e-x86-spec-ctrl-document-SRBDS-workaround.patch xsa317.patch xsa319.patch xsa321-1.patch xsa321-2.patch xsa321-3.patch xsa321-4.patch xsa321-5.patch xsa321-6.patch xsa321-7.patch xsa328-1.patch xsa328-2.patch - bsc#1172356 - Not able to hot-plug NIC via virt-manager, asks to attach on next reboot while it should be live attached ignore-ip-command-script-errors.patch - Enhance libxc.migrate_tracking.patch After transfer of domU memory, the target host has to assemble the backend devices. Track the time prior xc_domain_unpause.