Packages changed:
NetworkManager (1.36.0 -> 1.36.2)
busybox-links
cockpit
container-selinux (2.171.0 -> 2.180.0)
cri-o (1.22.0 -> 1.23.2)
cri-tools (1.22.0 -> 1.23.0)
dbus-1
grep
grub2
kernel-source (5.16.14 -> 5.16.15)
kubernetes (1.23.0 -> 1.23.4)
kubernetes1.22 (1.22.4 -> 1.22.7)
kubernetes1.23 (1.23.0 -> 1.23.4)
libepoxy (1.5.9 -> 1.5.10)
libnvme (1.0~6 -> 1.0~7)
librsvg (2.52.7 -> 2.52.8)
libsigc++2 (2.10.7 -> 2.10.8)
nvme-cli (2.0~6 -> 2.0~7)
openSUSE-build-key
p11-kit (0.23.22 -> 0.24.1)
protobuf
toolbox
=== Details ===
==== NetworkManager ====
Version update (1.36.0 -> 1.36.2)
Subpackages: libnm0
- Do not requires dhcp-client, NM is using its internal client
by default for a long time now.
- Convert iproute2 and iputils requires to recommends, they
should not be hard requires.
- Update to version 1.36.2:
+ When the list of plugins is not specified via "main.plugins" in
NetworkManager.conf and no build-time default is set with
"--with-config-plugins-default" configure argument, now all
known plugins found in the plugin directory are loaded (and the
built-in "keyfile" plugin is preferred over others).
+ Preserve external ports during checkpoint rollback.
+ Fix removal of ovsdb entry when an OVS interface goes away.
+ Fix DNS configuration for WWAN connections.
==== busybox-links ====
Subpackages: busybox-coreutils busybox-gawk busybox-grep busybox-gzip busybox-sed busybox-xz
- replace copy from buildroot's gzip with a reimplementation
that is not GPLv3 (jsc#PM-3301)
==== cockpit ====
Subpackages: cockpit-bridge cockpit-packagekit cockpit-system
- re-add suse-microos-branding.patch from GitHub
- add hide-docs.patch (bsc#1197003)
- make package compatible with OBS version (bsc#1197224):
* move branding images to distribution-logos-SLE package
* re-add dependency on distribution-logos
* remove branding patch and assets (suse-microos-branding.patch,
suse-microos-branding.tar.gz); moved to GitHub fork
* remove local __python3 macro
* apply SLE specific patches only on SLE
- add hide-pcp.patch to hide references to PCP (Performance
Co-Pilot) and metric collection (bsc#1195943). The cockpit-pcp
package is not included in SLE Micro 5.2 base and these parts
require it.
- change self-signed cert group from cockpit-wsintance to
cockpit-ws on upgrade
- update to new LTS version from openSUSE:Factory
- port remove-pwscore.patch
* remove dependency on pwscore (bsc#1182924)
* remove password strenth indicator
- port branding changes as suse-microos "theme"
* remove suse_cockpit_assets.tar.gz
* add suse-microos-branding.tar.gz
* remove branding_tests.patch
* add suse-microos-branding.patch
- remove files not needed to build this version anymore
* webpack-warnings-are-not-errors.patch
* github_package.patch
* nodejs_output_helper.bash
- remove cockpit.permissions workaround (bsc#1169614)
==== container-selinux ====
Version update (2.171.0 -> 2.180.0)
- Update to version 2.180.0
* Allow container domains to read/write kvm_device_t
* Update kublet mappings to inlcude /usr/local/*
* Allow container domains to use container runtime tcp and udp sockets
* Alow containers to use unix_stream_sockets leaked from container runtimes
* Allow userdomains to execute conmon_exec_t and use it as an entrypoint
* Allow conmon_exec_t as an entrypoint
* Add container_use_devices boolean to allow containers to use any device
* Add explicit range transition for conmon
* Add missing dbus class declaration into container_runtime_run()
* Remove lockdown allow rules
* Remove k3s fcontexts
* Allow container domains to be used by user roles
- Changed source url to allow for download via source service
==== cri-o ====
Version update (1.22.0 -> 1.23.2)
Subpackages: cri-o-kubeadm-criconfig
- Update to version 1.23.2:
* config/sysctl: fail if there is a + in the value
* Revert "config/sysctl: fail if there is a + in the value"
* bump to version 1.23.2
* config/sysctl: fail if there is a + in the value
* config/sysctls: validate against invalid spaces
* server: stop deleting pod from idIndex if already gone
* [1.23] ci: use kubernetes 1.23, cri-tools 1.23
* contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
* hack/build-rpms.sh: fix yum-builddep failures
* image: use imageCache value for ImageStatus()
* oci: fix a leaked goroutine
* Reuse createContainerIO in CreateContainer
* Fix vm containers couldn't restore after CRI-O restart
* release-notes: add args for checksum fields
* Updated format
* Generate checksum files for artifacts
* bump to v1.23.1
* test: add test for skipped sysctls
* server: skip sysctls that would affect the host
* server: don't set memory swap when it's not enabled
* deep copy List{PodSandbox,Container} structs
* ci: use main branch for conmon
* server: fix race with kubelet
* Fix runtime panic on pod sandbox stats retrieval
* ci: use main version of runc
* openshift e2e: bump ci image
* server: fix a potential NULL-pointer dereference.
* pass the main mount point to fix crypto profiles binding
* test: update tests for allowed_devices
* config: add AllowedDevices option
* server: drop duplicate log message
* test: add test ensuring a stopped pod is restored
* sandbox stop: remove namespaces
* restore: handle removed namespaces
* Partially revert "restore: restore stop before managing namespace"
* restore: ensure containers are wiped on reboot
* use cmdrunner singleton
* conmonmgr: refactor for new CommandRunner
* cmdrunner: update mocks and add target to makefile
* config: prepend commands with taskset if InfraCtrCPUSet is configured
* cmdrunner: add tests for prepended commands
* cmdrunner: create singleton
* Use timeout for conmon cgroup move
* Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
* vendor: bump c/image to 5.17.0
* Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases
* unit test: fix relative log test
* unit tests: update pinns path in case it isn't found in PATH
* test: skip target tests for userns
* test: add test for target namespace
* add support for target PID namespaces
* test: give testunit sudo
* oci: add managed pidns to container object
* pkg/container: take container namespace configuration
* nsmgrtest: take some namespace related test code
* nsmgr: add function to pin existing namespace
* nsmgr: take (and rename) NamespacePathFromProc
* pkg/sandbox: take config initialization
* Bump Kubernetes to v1.23.0
* set user.max_user_namespaces in case it's not
* lint: bump cyclo complexity
* gh-actions/contrib: setup sub{g,u}id
* docs: add tutorial for setting up user namespaces
* oci: put conmon in infra ctr cpuset if it is in the pod cgroup
* test: add tests for user namespace annotations
* test: move workload creation function to helpers
* cni manager: catch server shutdown
* server: notify user when network isn't ready yet
* stop using hardcoded "pod" const
* oci: always reap conmon zombies
* clarify some error messages
* Drop intermediate CRI types
* Relabel containerenv files
* Add minimum_mappable_(u|g)id settings
* Fix runtime panic on stats server shutdown
* restore: restore stop before managing namespace
* server: add {,List}SandboxStats
* server: refactor sandbox list
* server: use stats server to get container stats
* container server: use stats server
* stats: add stats server
* config: add StatsCollectionPeriod field
* cgmgr: move most of stats handling to cgmgr
* oci: make changes in preparation for moving stats functionality:
* server: stub {List,}PodSandboxStats
* server/cri: add PodSandboxStats support
* vendor: bump cri-api
* server/cri: refactor to make stats processing unified
* pkg/config: use iota
* Add go 1.17+ go:build tags
* Remove redundant build tags
* Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic.
* build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
* config: merge runtime and workload allowed annotations
* Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/)
* build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
* Specify runtime table format in the error message
* build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
* server: fix segfault when using cgroupv2
* gh-actions: add sed for kube e2e
* release-notes: update to main
* build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
* build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
* Bug 2012838: fix override storage options from storage.conf
* oci: fix deadlock in container stop code
* build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
* oci: always close chControl
* oci: make some channels buffered
* build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
* build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
* build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
* Add annotation that makes /sys/fs/cgroup writable
* Add support for CNI plugins v1.0.1
* bump(deps-opentelemetry)
* pin go.opentelemetry grpc/otelgrpc v0.25.0
* opentelemetry: add gRPC tracing
* build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0
* build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0
* version: bump to 1.23.0
* build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1
* build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0
* test: drop swap disable playbook
* server: add support for CRI unified field
* server: implement swap support
* server/cri: add support for 1.22 features
* test: bump cri-tools version
* scripts: pin cri-tools version
* server: reduce needless copying for sb.NamespaceOptions
* oci: refactor internal structure to use CRI type
* oci: use server CRI metadata type for containers
* sandbox: refactor internal structure to use CRI type
* sandbox: save createdAt as a int64
* build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2
* build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17
* build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1
* Bump Kubernetes to v1.22.2
* sandbox: use server CRI metadata type
* docs: emphasize deprecation notice
* update documentation for workloads
* add allowed annotations to workloads
* Log HTTP response writer message instead an error
* oci: use c/common signal parsing function
* Skip volume relabel for super privileged containers
* oci: chown stdin pipe to user in the container
* test: fix selinux test failures
* build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
* Fix runtime handler docs
* build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1
* scripts: fix release branch forward script
* server: FilterDisallowedAnnotations of containers earlier
* server: conditionally relabel volumes given annotation
* build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0
* test: refactor allowed_annotation tests
* server: reduce args in addOCIBindMounts
* build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
* test: add label for openshift e2e in dockerfile
* build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7
* test: skip certificate check for downloading parallel
* Remove usge of deprecated apt-key in Ubuntu install
* Fix install.md links
* build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0
* use a more appropriate console with code block
* build(deps): bump k8s.io/api from 0.22.1 to 0.22.2
* build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2
* build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
* build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16
* build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2
* fix node e2e
* build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0
* bump crio commit used by node e2e installer
* server: mount cgroup if hostNetwork
* server: use container level host network setting
* server: don't recalculate hostnet
* Fix typo in install.md
* Remove one of the explanations for `bind_mount_prefix` because it is duplicated.
* node e2e: keep infra container
* add unit test for the `server/sandbox_remove`.
* test: fix journald test for new conmon
* fix shfmt
* update `install.md` for debian and ubuntu
* build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12
* build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2
* fix shfmt
* server: set spec when dropping infra
* Update 'master' branch links to 'main'
* bumps pause image to 3.6
* server: don't wait forever on conmon cgroup move fail
* build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0
* Remove bashism in sh script
* Do not log if Intel RDT is not supported
* build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
* Fix cluster.yaml for kubectl create
* call cmd.Wait() in all cases we call Start()
* oci: call wait on conmon if cgroup move fails
* build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0
* Fix `crio_image_pulls_layer_size_` metrics docs
* Adapt to klog incompatible changes
* build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0
* Add `--profile-cpu` and `--profile-mem` options
* build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1
* server: remove ineffective `updateLock`.
* Fix missing quantile in `latency_microseconds_total` metrics
* Update crio commit for node e2e
* build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
* Bump runc binary to 1.0.2
* Switch to go1.17 for CI
* fix debian 10 build doc
* test/testdata/sandbox_config.json: fix the dns_config
* adds updating instructions to install.md
==== cri-tools ====
Version update (1.22.0 -> 1.23.0)
- Update to version 1.23.0:
* Bump docs to v1.23.0
* Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
* Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
* Bump github.com/docker/docker
* Bump google.golang.org/grpc from 1.42.0 to 1.43.0
* 1.5.9
* Use same grpc max message size as Kubelet
* Add support for cri-dockerd
* Add support for specifying custom test container images.
* Fix cri-dockerd CI runs
* Fix Containerd main branch CI for Windows
* fix ci for dockershim-critest
* Update Windows images for ltsc2022
* images: use k8s-staging-test-infra/gcb-docker-gcloud
* Bump github.com/onsi/gomega from 1.16.0 to 1.17.0
* Refactor fish completion
* Rename bash and zsh completion functions
* Add zsh compinit tag
* Bump google.golang.org/grpc from 1.41.0 to 1.42.0
* Bump github.com/docker/docker
* Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
* Add release publishing workflow
* Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
* Add SHA512 sum for release files
* Bump github.com/docker/docker
* Bump google.golang.org/grpc from 1.40.0 to 1.41.0
* Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
* Bump k8s.io/api from 0.22.1 to 0.22.2
* Bump k8s.io/cri-api from 0.22.1 to 0.22.2
* Bump k8s.io/apimachinery from 0.22.1 to 0.22.2
* Bump k8s.io/client-go from 0.22.1 to 0.22.2
* Bump k8s.io/kubectl from 0.22.1 to 0.22.2
* Updates E2E test images registry
* Bump github.com/opencontainers/selinux from 1.8.4 to 1.8.5
* Switch to go1.17 for CI
* Bump github.com/opencontainers/runc from 1.0.1 to 1.0.2
* Added dropping/adding `ALL` capabilities case to critest
* Bump github.com/onsi/gomega from 1.15.0 to 1.16.0
* Bump k8s.io/cri-api from 0.22.0 to 0.22.1
* Bump k8s.io/client-go from 0.22.0 to 0.22.1
* Bump k8s.io/api from 0.22.0 to 0.22.1
* Bump k8s.io/apimachinery from 0.22.0 to 0.22.1
* Bump k8s.io/kubectl from 0.22.0 to 0.22.1
* Bump google.golang.org/grpc from 1.39.1 to 1.40.0
* Bump github.com/onsi/gomega from 1.14.0 to 1.15.0
* Bump github.com/opencontainers/selinux from 1.8.3 to 1.8.4
* Bump google.golang.org/grpc from 1.39.0 to 1.39.1
==== dbus-1 ====
Subpackages: libdbus-1-3
- Drop use of %{with libalternatives}, there's no such bcond defined
and in many other places it's not optional anyway (boo#1197258)
==== grep ====
- Make profiling deterministic (bsc#1040589)
==== grub2 ====
Subpackages: grub2-arm64-efi grub2-snapper-plugin
- Fix duplicated insmod part_gpt lines in grub.cfg (bsc#1197186)
* 0001-grub-probe-Deduplicate-probed-partmap-output.patch
- Fix GCC 12 build failure (bsc#1196546)
* 0001-mkimage-Fix-dangling-pointer-may-be-used-error.patch
* 0002-Fix-Werror-array-bounds-array-subscript-0-is-outside.patch
* 0003-reed_solomon-Fix-array-subscript-0-is-outside-array-.patch
- Revised
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* 0002-ieee1275-powerpc-enables-device-mapper-discovery.patch
==== kernel-source ====
Version update (5.16.14 -> 5.16.15)
- Linux 5.16.15 (bsc#1012628).
- arm64: dts: qcom: sm8350: Describe GCC dependency clocks
(bsc#1012628).
- arm64: dts: qcom: sm8350: Correct UFS symbol clocks
(bsc#1012628).
- HID: elo: Revert USB reference counting (bsc#1012628).
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
(bsc#1012628).
- ARM: boot: dts: bcm2711: Fix HVS register range (bsc#1012628).
- clk: qcom: gdsc: Add support to update GDSC transition delay
(bsc#1012628).
- clk: qcom: dispcc: Update the transition delay for MDSS GDSC
(bsc#1012628).
- soc: mediatek: mt8192-mmsys: Fix dither to dsi0 path's input
sel (bsc#1012628).
- HID: vivaldi: fix sysfs attributes leak (bsc#1012628).
- HID: nintendo: check the return value of alloc_workqueue()
(bsc#1012628).
- arm64: dts: armada-3720-turris-mox: Add missing ethernet0 alias
(bsc#1012628).
- tipc: fix kernel panic when enabling bearer (bsc#1012628).
- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET
command (bsc#1012628).
- vduse: Fix returning wrong type in vduse_domain_alloc_iova()
(bsc#1012628).
- net: phy: meson-gxl: fix interrupt handling in forced mode
(bsc#1012628).
- mISDN: Fix memory leak in dsp_pipeline_build() (bsc#1012628).
- vhost: fix hung thread due to erroneous iotlb entries
(bsc#1012628).
- virtio-blk: Don't use MAX_DISCARD_SEGMENTS if max_discard_seg
is zero (bsc#1012628).
- virtio-blk: Remove BUG_ON() in virtio_queue_rq() (bsc#1012628).
- vdpa: fix use-after-free on vp_vdpa_remove (bsc#1012628).
- isdn: hfcpci: check the return value of dma_set_mask() in
setup_hw() (bsc#1012628).
- net: qlogic: check the return value of dma_alloc_coherent()
in qed_vf_hw_prepare() (bsc#1012628).
- esp: Fix BEET mode inter address family tunneling on GSO
(bsc#1012628).
- net: gro: move skb_gro_receive_list to udp_offload.c
(bsc#1012628).
- qed: return status of qed_iov_get_link (bsc#1012628).
- smsc95xx: Ignore -ENODEV errors when device is unplugged
(bsc#1012628).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
(bsc#1012628).
- drm/i915/psr: Set "SF Partial Frame Enable" also on full update
(bsc#1012628).
- drm/sun4i: mixer: Fix P010 and P210 format numbers
(bsc#1012628).
- net: dsa: mt7530: fix incorrect test in
mt753x_phylink_validate() (bsc#1012628).
- ARM: dts: aspeed: Fix AST2600 quad spi group (bsc#1012628).
- iavf: Fix handling of vlan strip virtual channel messages
(bsc#1012628).
- i40e: stop disabling VFs due to PF error responses
(bsc#1012628).
- ice: stop disabling VFs due to PF error responses (bsc#1012628).
- ice: Fix error with handling of bonding MTU (bsc#1012628).
- ice: Don't use GFP_KERNEL in atomic context (bsc#1012628).
- ice: Fix curr_link_speed advertised speed (bsc#1012628).
- ethernet: Fix error handling in xemaclite_of_probe
(bsc#1012628).
- tipc: fix incorrect order of state message data sanity check
(bsc#1012628).
- net: ethernet: ti: cpts: Handle error for clk_enable
(bsc#1012628).
- net: ethernet: lpc_eth: Handle error for clk_enable
(bsc#1012628).
- net: marvell: prestera: Add missing of_node_put() in
prestera_switch_set_base_mac_addr (bsc#1012628).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
(bsc#1012628).
- net/mlx5: Fix size field in bufferx_reg struct (bsc#1012628).
- net/mlx5: Fix a race on command flush flow (bsc#1012628).
- net/mlx5e: Lag, Only handle events from highest priority
multipath entry (bsc#1012628).
- net/mlx5e: SHAMPO, reduce TIR indication (bsc#1012628).
- NFC: port100: fix use-after-free in port100_send_complete
(bsc#1012628).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell
(bsc#1012628).
- selftests: pmtu.sh: Kill nettest processes launched in subshell
(bsc#1012628).
- gpio: ts4900: Do not set DAT and OE together (bsc#1012628).
- mm: gup: make fault_in_safe_writeable() use fixup_user_fault()
(bsc#1012628).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
(bsc#1012628).
- net: phy: DP83822: clear MISR2 register to disable interrupts
(bsc#1012628).
- sctp: fix kernel-infoleak for SCTP sockets (bsc#1012628).
- net: arc_emac: Fix use after free in arc_mdio_probe()
(bsc#1012628).
- net: bcmgenet: Don't claim WOL when its not available
(bsc#1012628).
- net: phy: meson-gxl: improve link-up behavior (bsc#1012628).
- selftests/bpf: Add test for bpf_timer overwriting crash
(bsc#1012628).
- swiotlb: fix info leak with DMA_FROM_DEVICE (bsc#1012628).
- usb: dwc3: pci: add support for the Intel Raptor Lake-S
(bsc#1012628).
- pinctrl: tigerlake: Revert "Add Alder Lake-M ACPI ID"
(bsc#1012628).
- KVM: Fix lockdep false negative during host resume
(bsc#1012628).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
catchup mode (bsc#1012628).
- spi: rockchip: Fix error in getting num-cs property
(bsc#1012628).
- spi: rockchip: terminate dma transmission when slave abort
(bsc#1012628).
- drm/vc4: hdmi: Unregister codec device on unbind (bsc#1012628).
- of/fdt: move elfcorehdr reservation early for crash dump kernel
(bsc#1012628).
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
(bsc#1012628).
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
(bsc#1012628).
- net-sysfs: add check for netdevice being present to speed_show
(bsc#1012628).
- hwmon: (pmbus) Clear pmbus fault/warning bits after read
(bsc#1012628).
- nvme-tcp: send H2CData PDUs based on MAXH2CDATA (bsc#1012628).
- PCI: Mark all AMD Navi10 and Navi14 GPU ATS as broken
(bsc#1012628).
- gpio: Return EPROBE_DEFER if gc->to_irq is NULL (bsc#1012628).
- drm/amdgpu: bypass tiling flag check in virtual display case
(v2) (bsc#1012628).
- Revert "xen-netback: remove 'hotplug-status' once it has served
its purpose" (bsc#1012628).
- Revert "xen-netback: Check for hotplug-status existence before
watching" (bsc#1012628).
- ipv6: prevent a possible race condition with lifetimes
(bsc#1012628).
- tracing: Ensure trace buffer is at least 4096 bytes large
(bsc#1012628).
- tracing/osnoise: Make osnoise_main to sleep for microseconds
(bsc#1012628).
- tracing: Fix selftest config check for function graph start
up test (bsc#1012628).
- selftest/vm: fix map_fixed_noreplace test failure (bsc#1012628).
- selftests/memfd: clean up mapping in mfd_fail_write
(bsc#1012628).
- ARM: Spectre-BHB: provide empty stub for non-config
(bsc#1012628).
- fuse: fix fileattr op failure (bsc#1012628).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1012628).
- staging: rtl8723bs: Fix access-point mode deadlock
(bsc#1012628).
- staging: gdm724x: fix use after free in gdm_lte_rx()
(bsc#1012628).
- net: macb: Fix lost RX packet wakeup race in NAPI receive
(bsc#1012628).
- riscv: alternative only works on !XIP_KERNEL (bsc#1012628).
- mmc: meson: Fix usage of meson_mmc_post_req() (bsc#1012628).
- riscv: Fix auipc+jalr relocation range checks (bsc#1012628).
- tracing/osnoise: Force quiescent states while tracing
(bsc#1012628).
- tracing/osnoise: Do not unregister events twice (bsc#1012628).
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address
0x0 (bsc#1012628).
- arm64: Ensure execute-only permissions are not allowed without
EPAN (bsc#1012628).
- arm64: kasan: fix include error in MTE functions (bsc#1012628).
- swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
(bsc#1012628).
- virtio: unexport virtio_finalize_features (bsc#1012628).
- virtio: acknowledge all features before access (bsc#1012628).
- net/mlx5: Fix offloading with ESWITCH_IPV4_TTL_MODIFY_ENABLE
(bsc#1012628).
- ARM: fix Thumb2 regression with Spectre BHB (bsc#1012628).
- watch_queue: Fix filter limit check (bsc#1012628).
- watch_queue, pipe: Free watchqueue state after clearing pipe
ring (bsc#1012628).
- watch_queue: Fix to release page in ->release() (bsc#1012628).
- watch_queue: Fix to always request a pow-of-2 pipe ring size
(bsc#1012628).
- watch_queue: Fix the alloc bitmap size to reflect notes
allocated (bsc#1012628).
- watch_queue: Free the alloc bitmap when the watch_queue is
torn down (bsc#1012628).
- watch_queue: Fix lack of barrier/sync/lock between post and read
(bsc#1012628).
- watch_queue: Make comment about setting ->defunct more accurate
(bsc#1012628).
- x86/boot: Fix memremap of setup_indirect structures
(bsc#1012628).
- x86/boot: Add setup_indirect support in
early_memremap_is_setup_data() (bsc#1012628).
- x86/module: Fix the paravirt vs alternative order (bsc#1012628).
- x86/sgx: Free backing memory after faulting the enclave page
(bsc#1012628).
- x86/traps: Mark do_int3() NOKPROBE_SYMBOL (bsc#1012628).
- drm/panel: Select DRM_DP_HELPER for DRM_PANEL_EDP (bsc#1012628).
- perf parse: Fix event parser error for hybrid systems
(bsc#1012628).
- btrfs: make send work with concurrent block group relocation
(bsc#1012628).
- riscv: dts: k210: fix broken IRQs on hart1 (bsc#1012628).
- vhost: allow batching hint without size (bsc#1012628).
- commit 2bd8d63
- config: enable XFS_RT (bsc#1197190)
- commit d8f0e40
- esp: Fix possible buffer overflow in ESP transformation
(CVE-2022-0886 bsc#1197131).
- commit f5ed8a3
==== kubernetes ====
Version update (1.23.0 -> 1.23.4)
Subpackages: kubernetes-client kubernetes-kubeadm kubernetes-kubelet
- Bump kubernetes-* to 1.23.4, *-minus1 to 1.22.7
==== kubernetes1.22 ====
Version update (1.22.4 -> 1.22.7)
- Update to version 1.22.7:
* Update Go to 1.16.14
* add namespace in azurefile volumeid
* fix: azurefile volumeid conflict in csi migration
* Execute sync before taking the snapshot
* Mark device as uncertain if unmount device succeeds
* Set max results if its not set
* Update CHANGELOG/CHANGELOG-1.22.md for v1.22.6
* Update k/utils to v0.0.0-20211116205334-6203023598ed
* [go] update to Go 1.16.13
* Enabling kube-proxy metrics on windows kernel mode
* fix: ignore the case when comparing azure tags in service annotation
* fix: remove outdated ipv4 route when the corresponding node is deleted
* fix: delete non existing disk issue
* fix containers order after applying
* generated: ./hack/update-vendor.sh
* upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1
* fix: azuredisk parameter lowercase translation issue
* fix: do not delete the lb that does not exist
* removed unnecessary log line
* Fix header mutation race in timeout filter
* use node informer to check volumes attachment status before backoff
* When volume is not marked in-use, do not backoff
* kubeadm: remove the restriction that the ca.crt can only contain one certificate
* flake fix: remove the error handler for cronjob integration test
* vendor: bump cAdvisor to v0.39.3
* Fix the leak of vSphere client sessions
* fix nil pointer in create secret commands
* client-go: Clear the ResourceVersionMatch on paged list calls
* Update GCE manifest to use konnectivity 0.0.27
* Update to apiserver-network-proxy v0.0.27
* add gce loadbalancer no-op finalizer and existingFwdRule tests
* disable gce service handling if has rbs forwarding rule
* add ELBRbsFinalizer
* add gce elb rbs opt-in annotation
* Improving performance of EndpointSlice controller metrics cache
* fix the error when cleaning up jobs for cronjob
* Update CHANGELOG/CHANGELOG-1.22.md for v1.22.5
* Add test to confirm containers won't start
* Check for failed sandbox and failed workload containers
* mount-utils: Detect potential stale file handle
* [go1.16] Update to go1.16.12
* Skip creating HNS loadbalancer with empty endpoints
* dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
* kubeadm: avoid requiring a CA key during kubeconfig expiration checks
* kubeadm: print the CA of kubeconfig files in "check expiration"
* kubeadm: validate local etcd certficates during expiration checks
* kubelet: set failed phase during graceful shutdown
* [go1.16] Update to go1.16.11
* fix: ignore the case when updating tags
* Ensure deletion of pods in queues and cache
* kubelet: Rejected pods should be filtered from admission
* kube-scheduler: Increase the duration to expire an assumed pod
* Skip check for all topology labels when using system default spreading
* workqueue: fix leak in queue preventing objects from being GCed
* Fix workqueue memory leak
* Ignore 'wait: no child processes' error when calling mount/umount
* Reduce calls to docker from dockershim for stats
* Update CHANGELOG/CHANGELOG-1.22.md for v1.22.4
* Add warning about using unsupported CRON_TZ
* Fix flake caused by sampling signal counter too early.
* Ensure there is one running static pod with the same full name
* NodeConformance: Respect grace period when updating static pod
* Fix concurrent map writes error in kube-apiserver
* e2e: node: release-1.22: backport findKubeletServiceName
* node: e2e: add test for the checkpoint recovery
* devicemanager: checkpoint: support pre-1.20 data
* fix: remove VMSS and VMSS instances from SLB backend pool only when necessary
* fix: leave the probe path empty for TCP probes
* fix: skip instance not found when decoupling vmss from lb
==== kubernetes1.23 ====
Version update (1.23.0 -> 1.23.4)
Subpackages: kubernetes1.23-client kubernetes1.23-client-common kubernetes1.23-kubeadm kubernetes1.23-kubelet kubernetes1.23-kubelet-common
- Update to version 1.23.4:
* Update Go to 1.17.7
* Use serializable struct for x-kubernetes-validations in openapi
* Make JSON schema round tripping test more strict
* ignore CRI PodSandboxNetworkStatus for host network pods
* set secondary address on host-network pods
* Deeply copy JSONSchemaProps.XValidations.
* Ensure the execHostnameTest() compares hostnames
* Revert "Fix comparison between FQDN and hostname"
* service REST: Call Decorator(old) on update path
* add namespace in azurefile volumeid
* fix: azurefile volumeid conflict in csi migration
* Mark device as uncertain if unmount device succeeds
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.3
* kubelet: fix podstatus not containing pod full name
* Fix bug with node restriction blocking pvc.status.resizestatus change
* Fix regression pruning array fields with x-kubernetes-preserve-unknown-fields: true
* Set max results if its not set
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.2
* Update k/utils to v0.0.0-20211116205334-6203023598ed
* [go] update to Go 1.17.6
* fix: remove outdated ipv4 route when the corresponding node is deleted
* fix: delete non existing disk issue
* Revert "Automated cherry pick of #107554: Correct the feature gate string for RBD migration."
* fix containers order after applying
* generated: ./hack/update-vendor.sh
* upgrade sigs.k8s.io/structured-merge-diff/v4 to v4.2.1
* Execute sync before taking the snapshot
* Correct the feature gate string for RBD migration.
* fix: azuredisk parameter lowercase translation issue
* removed unnecessary log line
* kubectl: add integration test for result reporting
* cli: let kubectl handle error printing
* cli: avoid logging command line errors in more cases
* Fix header mutation race in timeout filter
* clear pod's .status.nominatedNodeName when necessary
* use node informer to check volumes attachment status before backoff
* When volume is not marked in-use, do not backoff
* kubeadm: remove the restriction that the ca.crt can only contain one certificate
* flake fix: remove the error handler for cronjob integration test
* Fix the leak of vSphere client sessions
* fix nil pointer in create secret commands
* Fix order of commands in the snapshot tests for persistent volumes
* client-go: Clear the ResourceVersionMatch on paged list calls
* Improving performance of EndpointSlice controller metrics cache
* fix the error when cleaning up jobs for cronjob
* Update CHANGELOG to add missing release notes.
* apf: ensure exempt request notes the classification
* Enabling kube-proxy metrics on windows kernel mode
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.1
* add gce loadbalancer no-op finalizer and existingFwdRule tests
* disable gce service handling if has rbs forwarding rule
* add ELBRbsFinalizer
* add gce elb rbs opt-in annotation
* cherry pick of knp 0.0.27
* Remove JSON logging performance regression
* Re-introduce removed kubectl --dry-run values.
* Point flowcontrol users at v1beta2
* [go1.17] Update to go1.17.5
* dependencies: Update golang.org/x/net to v0.0.0-20211209124913-491a49abca63
* mount-utils: Detect potential stale file handle
* Skip creating HNS loadbalancer with empty endpoints
* Add regression test for CPUManager distribute NUMA algorithm
* Add unit test for CPUManager distribute NUMA algorithm verifying fixes
* Fix accounting bug in CPUManager distribute NUMA policy
* Fix error handling in CPUManager distribute NUMA tests
* Add a sum() helper to the CPUManager cpuassignment logic
* Allow the map.Values() function in the CPUManager to take a set of keys
* Fix CPUManager algo to calculate min NUMA nodes needed for distribution
* Fix unit tests following bug fix in CPUManager for map functions (2/2)
* Fix unit tests following bug fix in CPUManager for map functions (1/2)
* Fix bug in CPUManager map.Keys() and map.Values() implementations
* Ensure we balance across *all* NUMA nodes in NUMA distribution algo
* Short-circuit CPUManager distribute NUMA algo for unusable cpuGroupSize
* Round the CPUManager mean and stddev calculations to the nearest 1000th
* updated deprecation messages from 1.23 to 1.24
* kubelet: set failed phase during graceful shutdown
* kubeadm: avoid requiring a CA key during kubeconfig expiration checks
* kubeadm: print the CA of kubeconfig files in "check expiration"
* kubeadm: validate local etcd certficates during expiration checks
* publishing-bot/doc: add component-helpers to the readme
* publishing-bot/rules: remove non existing component-helpers branch 1.19 from the rules
* Changelog: mention kube-scheduler bits deprication
* rbd: initialize ceph monitors slice with an empty value.
* Direct v2betaX users to migrate to HPA v2
* DelegateFSGroupToCSIDriver e2e: skip tests with chgrp
* Update CHANGELOG/CHANGELOG-1.23.md for v1.23.0
* [go1.17] Update to go1.17.4
==== libepoxy ====
Version update (1.5.9 -> 1.5.10)
- Update to version 1.5.10:
+ Fix for building with MSVC on non-English locale.
+ Fix build on Android.
+ Add the right include paths for EGL and X11 headers.
- Upstream tarball url changed, probably by mistake, so leave old
url in place, but disabled.
==== libnvme ====
Version update (1.0~6 -> 1.0~7)
- Update to version 1.0-rc7:
* linux: fixup log page offset in nvme_get_log_page()
* tree: Add support for default trsvcid for all controllers (bsc#1195858)
* tree: fixup coredump during nvme discover
==== librsvg ====
Version update (2.52.7 -> 2.52.8)
Subpackages: gdk-pixbuf-loader-rsvg librsvg-2-2
- Update to version 2.52.8:
+ Catch circular references when rendering patterns
(glgo#GNOME/librsvg#721).
==== libsigc++2 ====
Version update (2.10.7 -> 2.10.8)
- Update to version 2.10.8:
+ Build:
- Meson build: Perl is not required by new versions of
mm-common
- NMake Makefiles: Support building with VS2022
+ Documentation: Upgrade the manual from DocBook 4.1 to DocBook
5.0
==== nvme-cli ====
Version update (2.0~6 -> 2.0~7)
- Update to version 2.0-rc7:
* netapp-nvme: fix smdevices segfault in json output (bsc#1195937)
* fabrics: keep the backward compatibility
* nvme: Do not slash escape strings in JSON output (bsc#1195937)
* nvme: Print full device path
* nvme-print: Make JSON keys consistent with nvme-cli 1.x
* nvme-print: print generic device in list command
* fabrics: check for discovery controller instead of subsystem NQN (bsc#1197061)
* connect: Set errno to zero on nvmf_add_ctrl() success
* documenation updates
- Set path to systemctl via newly introduced config option
- Update 0100-harden_nvmf-connect@.service.patch due to upstream file rename
- Moved bash completion script to /usr/share/bash-completion/completions/nvme
==== openSUSE-build-key ====
- gpg-pubkey-307e3d54-5aaa90a5.asc: remove the RSA 1024bit SLE11 key
and try to remove it from installed systems via Obsoletes.
==== p11-kit ====
Version update (0.23.22 -> 0.24.1)
Subpackages: libp11-kit0 p11-kit-tools
- make sure p11-kit components have matching versions (boo#1196812)
- Update to version 0.24.1:
* rpc: Support protocol version negotiation.
* proxy: Support copying attribute array recursively.
* Link libp11-kit so that it cannot unload.
* Translation improvements.
* Build fixes.
- Update to version 0.24.0:
* Use inclusive language on certificate distrust. Note: This
changes the directory and attribute names to distrust certain
CAs to "blocklist".
* Fix issues spotted by coverity and ASan.
* Integrate gettext with tools more tightly.
* rpc: Forbid use of array of attributes.
* Build fixes.
- Change dirs from blacklist to blocklist ref upstream changes.
==== protobuf ====
- Change Requires: zlib-devel to pkgconfig(zlib) so as not to conflict with libz-ng-compat1.
==== toolbox ====
- adjusted the patch to the toolbox container in registry