Packages changed: cni (0.7.0 -> 0.7.1) curl (7.65.1 -> 7.65.3) kernel-source (5.2.1 -> 5.2.2) podman (1.4.2 -> 1.4.4) systemd === Details === ==== cni ==== Version update (0.7.0 -> 0.7.1) - Update to version 0.7.1: * Library changes: + invoke : ensure custom envs of CNIArgs are prepended to process envs + add GetNetworkListCachedResult to CNI interface + delegate : allow delegation funcs override CNI_COMMAND env automatically in heritance * Documentation & Convention changes: + Update cnitool documentation for spec v0.4.0 + Add cni-route-override to CNI plugin list * Build and test changes: + Release: bump go to v1.12 ==== curl ==== Version update (7.65.1 -> 7.65.3) Subpackages: libcurl4 - Update to 7.65.3 * progress: make the progress meter appear again - Update to 7.65.2 * Bugfixes: - CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH - CMake: Fix finding Brotli on case-sensitive file systems - CURLOPT_RANGE.3: Caution against using it for HTTP PUT - CURLOPT_SEEKDATA.3: fix variable name - bindlocal: detect and avoid IP version mismatches in bind() - build: fix Codacy warnings - c-ares: honor port numbers in CURLOPT_DNS_SERVERS - config-os400: add getpeername and getsockname defines - configure: --disable-progress-meter - configure: fix --disable-code-coverage - configure: more --disable switches to toggle off individual features - configure: remove CURL_DISABLE_TLS_SRP - conn_maxage: move the check to prune_dead_connections() - curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds - docs: Explain behavior change in --tlsv1. options since 7.54 - docs: Fix links to OpenSSL docs - docs: fix string suggesting HTTP/2 is not the default - headers: Remove no longer exported functions - http2: call done_sending on end of upload - http2: don't call stream-close on already closed streams - http2: remove CURL_DISABLE_TYPECHECK define - http: allow overriding timecond with custom header - http: clarify header buffer size calculation - krb5: fix compiler warning - lib: Use UTF-8 encoding in comments - libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS - multi: enable multiplexing by default (again) - multi: fix the transfer hashes in the socket hash entries - multi: make sure 'data' can present in several sockhash entries - netrc: Return the correct error code when out of memory - nss: don't set unused parameter - nss: inspect returnvalue of token check - nss: only cache valid CRL entries - openssl: define HAVE_SSL_GET_SHUTDOWN based on version number - openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined - openssl: fix pubkey/signature algorithm detection in certinfo - os400: make vsetopt() non-static as Curl_vsetopt() for os400 support - quote.d: asterisk prefix works for SFTP as well - runtests: keep logfiles around by default - runtests: report single test time + total duration - test1165: verify that CURL_DISABLE_ symbols are in sync - test1521: adapt to SLISTPOINT - test1523: test CURLOPT_LOW_SPEED_LIMIT - test153: fix content-length to avoid occasional hang - test188/189: fix Content-Length - tests: have runtests figure out disabled features - tests: support non-localhost HOSTIP for dict/smb servers - tests: update fixed IP for hostip/clientip split - tool_cb_prg: Fix integer overflow in progress bar - typecheck: CURLOPT_CONNECT_TO takes an slist too - typecheck: add 3 missing strings and a callback data pointer - unit1654: cleanup on memory failure - unpause: trigger a timeout for event-based transfers - url: Fix CURLOPT_MAXAGE_CONN time comparison - Rebased patch curl-use_OPENSSL_config.patch - Disable new added failing test1165 ==== kernel-source ==== Version update (5.2.1 -> 5.2.2) Subpackages: kernel-debug kernel-default - Revert "netfilter: conntrack: remove helper hook again" (http://lkml.kernel.org/r/20190718092128.zbw4qappq6jsb4ja@breakpoint.cc). - commit 8e9a006 - Linux 5.2.2 (bnc#1012628). - x86/entry/32: Fix ENDPROC of common_spurious (bnc#1012628). - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO (bnc#1012628). - crypto: talitos - fix hash on SEC1 (bnc#1012628). - crypto: talitos - move struct talitos_edesc into talitos.h (bnc#1012628). - s390/qdio: don't touch the dsci in tiqdio_add_input_queues() (bnc#1012628). - s390/qdio: (re-)initialize tiqdio list entries (bnc#1012628). - s390: fix stfle zero padding (bnc#1012628). - s390/ipl: Fix detection of has_secure attribute (bnc#1012628). - ARC: hide unused function unw_hdr_alloc (bnc#1012628). - x86/irq: Seperate unused system vectors from spurious entry again (bnc#1012628). - x86/irq: Handle spurious interrupt after shutdown gracefully (bnc#1012628). - x86/ioapic: Implement irq_get_irqchip_state() callback (bnc#1012628). - genirq: Add optional hardware synchronization for shutdown (bnc#1012628). - genirq: Fix misleading synchronize_irq() documentation (bnc#1012628). - genirq: Delay deactivation in free_irq() (bnc#1012628). - firmware: improve LSM/IMA security behaviour (bnc#1012628). - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT (bnc#1012628). - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header (bnc#1012628). - Input: synaptics - enable SMBUS on T480 thinkpad trackpad (bnc#1012628). - e1000e: start network tx queue only when link is up (bnc#1012628). - Revert "e1000e: fix cyclic resets at link up with active tx" (bnc#1012628). - commit 93f0a54 ==== podman ==== Version update (1.4.2 -> 1.4.4) Subpackages: podman-cni-config - Update libpod.conf to use correct infra_command - Update libpod.conf to use better versioned pause container - Update libpod.conf to use official kubic pause container - Update libpod.conf to match latest features set: detach_keys, lock_type, runtime_supports_json - Add podman-remote varlink client - Update podman to v1.4.4 * Features - Podman now has greatly improved support for containers using multiple OCI runtimes. Containers now remember if they were created with a different runtime using --runtime and will always use that runtime - The cached and delegated options for volume mounts are now allowed for Docker compatability (#3340) - The podman diff command now supports the --latest flag * Bugfixes - Fixed a bug where rootless Podman would attempt to use the entire root configuration if no rootless configuration was present for the user, breaking rootless Podman for new installations - Fixed a bug where rootless Podman's pause process would block SIGTERM, preventing graceful system shutdown and hanging until the system's init send SIGKILL - Fixed a bug where running Podman as root with sudo -E would not work after running rootless Podman at least once - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag were being ignored - Fixed a bug where images with no layers could not properly be displayed and removed by Podman - Fixed a bug where locks were not properly freed on failure to create a container or pod - Fixed a bug where podman cp on a single file would create a directory at the target and place the file in it (#3384) - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a hexadecimal address instead of a container's mounts - Fixed a bug where rootless Podman would not add an entry to container's /etc/hosts files for their own hostname (#3405) - Fixed a bug where podman ps --sync would segfault (#3411) - Fixed a bug where podman generate kube would produce an invalid ports configuration (#3408) * Misc - Updated containers/storage to v1.12.13 - Podman now performs much better on systems with heavy I/O load - The --cgroup-manager flag to podman now shows the correct default setting in help if the default was overridden by libpod.conf - For backwards compatability, setting --log-driver=json-file in podman run is now supported as an alias for --log-driver=k8s-file. This is considered deprecated, and json-file will be moved to a new implementation in the future ([#3363](https://github.com/containers/libpo\ d/issues/3363)) - Podman's default libpod.conf file now allows the crun OCI runtime to be used if it is installed ==== systemd ==== Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev - Import commit 0f9271c1336c5c9055e75389732a44745d796851 (changes from v242-stable) 07f0549ffe network: do not send ipv6 token to kernel 9d34e79ae8 systemd-mount: don't check for non-normalized WHAT for network FS 5af677680c core: set fs.file-max sysctl to LONG_MAX rather than ULONG_MAX (bsc#1142099) 29dda7597a random-util: eat up bad RDRAND values seen on AMD CPUs eb6c17c178 util-lib: fix a typo in rdrand 829c20dc8e random-util: rename "err" to "success" 5442366fbf man: rework the description of Aliases and .wants/.requires directories ae71c6f634 docs: typo in arg name replace-irreversible -> replace-irreversibly 09774a5fcb meson: make nologin path build time configurable 69ffeeb0b1 man: add note about systemctl stop return value 4cf14b5513 shared/conf-parser: say "key name" not "lvalue", add dot 4481ca7f86 shared/conf-parser: emit a nicer warning for something like "======" 46f3db894b shared/conf-parser: be nice and ignore lines without "=" 7d928995f7 nspawn: fix memleak in argument parsing 7727e6c0ae resolve: fix memleak 7f32a81976 journal: properly read unaligned le64 integers fa419099e5 activate: move array allocation to heap 815a9fef2a systemctl: print non-elapsing timers as "n/a" not "(null)" a4fc3c88f1 factory: include pam_keyinit.so in PAM factory configuration a453d63315 factory: add comment to PAM file, explaining that the defaults are not useful d9a5a70a59 factory: tighten PAM configuration 5e2d3bf80b test: make sure colors don't confuse our test 5fe3be1334 wait-online: change log level c49b6959d5 systemctl: emit warning when we get an invalid process entry from pid1 and continue 3c9f43eb03 systemctl: do not suggest passing --all if the user passed --state= 5964d1474e man: offline-updates: make dependence on system-update.target explicit a04dd26e03 alloc-util: drop _alloc_ decorator from memdup_suffix0() 7c46a694ca man: add example for setting multiple properties at once 1d72789271 man: CPUShares= is so 2015 45da304673 man: document that WakeSystem= requires privs bed58a06e4 man: document that "systemd-analyze blame/critical-chain" is not useful to track down job latency c5461f31b3 man: be more explicit that Type=oneshot services are not "active" after starting 455ee07abe man: document that the supplementary groups list is initialized from User='s database entry 5f0cb2616a alloc-util: drop _alloc_(2, 3) decorator from memdup_suffix0_multiply() 7bc336794d generator: downgrade Requires= ? Wants= of fsck from /usr mount unit 66465c4381 systemctl: allow "cat" on units with bad settings ca937b49da pid1: fix serialization/deserialization of commmands with spaces 4bb3113023 growfs: call crypt_set_debug_level() correctly, skip if not needed 0db716771e cryptsetup: enable libcryptsetup debug logging if we want it c8b9b3956f cryptsetup: set libcryptsetup global log callback too 679b3f6b7f basic/log: fix SYSTEMD_LOG_* parsing error messages 8d6b5158aa units: add SystemCallErrorNumber=EPERM to systemd-portabled.service 6681fcd445 network: fix the initial value of the counter for brvlan 853ec5f458 man: Add some notes about variable $prefix for StateDirectory= e6d23358e9 sd-netlink: fix inverted log message 6feb862407 blockdev: filter out invalid block devices early 9f7c0dbc75 blockdev-util: propagate actual error 3f5355bcb9 man: document tmpfiles.d/ user/group resolvability needs c15b92cd98 man: fix wrong udev property name 9768a900d6 meson: drop duplicated source 15194f22ed cryptsetup-generator: fix luks-* entry parsing from crypttab c2475390b4 core: skip whitespace after "|" and "!" in the condition parser fdc754aeb7 shared/condition: fix printing of ConditionNull= 572385e135 test: add testcase for issue #12883 9aa1edddb0 conf-parser: fix continuation handling 8fbc72f45f networkd: fix link_up() (#12505) - State directory of systemd-timesync might become inaccessible after upgrading to v240+ (bsc#1137341) This happens for users who had previously used systemd-timesync with DynamicUser=true, ie the ones who upgraded from a systemd version between v235 and v239 to systemd v240 and later (v240 was the version where DynamicUser was switched back to OFF).