Packages changed:
PackageKit
ca-certificates (2+git20210309.8214505 -> 2+git20210723.27a0476)
ceph (16.2.5.29+g97c2c82c2f5 -> 16.2.5.111+ga5b472dfcf8)
cri-o (1.21.0 -> 1.21.2)
hwinfo (21.75 -> 21.76)
keylime (6.1.0 -> 6.1.1)
libglvnd (1.3.2 -> 1.3.3)
python-SQLAlchemy (1.4.20 -> 1.4.22)
qemu
vim (8.2.3075 -> 8.2.3204)
=== Details ===
==== PackageKit ====
Subpackages: PackageKit-backend-dnf libpackagekit-glib2-18
- Add PackageKit-dnf-ignore-weak-deps.patch
Backport upstream patch (gh#Conan-Kudo/PackageKit/commit#ecd4a96,
gh#Conan-Kudo/PackageKit#488) for fixing: dnf backend not honoring
"install_weak_deps=False" (gh#dfaggioli/Packagekit#486). See also
https://bugzilla.redhat.com/show_bug.cgi?id=1955484
==== ca-certificates ====
Version update (2+git20210309.8214505 -> 2+git20210723.27a0476)
- Update to version 2+git20210723.27a0476:
* Don't trigger path unit on /usr/share
* Use flock to serialize calls (boo#1188500)
* Add --root <directory> option
- Update to version 2+git20210609.a4969d7:
* Restore /etc/ssl/ca-bundle.pem if it doesn't exist
* Get rid of ls
* Fix indent inconsistencies
* Create /var/lib/ca-certificates if needed
* Install hooks with correct number
* Remove legacy files
* Remove find from update-ca-certificates
==== ceph ====
Version update (16.2.5.29+g97c2c82c2f5 -> 16.2.5.111+ga5b472dfcf8)
Subpackages: ceph-common libcephfs2 librados2 librbd1 librgw2 python3-ceph-argparse python3-ceph-common python3-cephfs python3-rados python3-rbd python3-rgw
- Update to 16.2.5-111-ga5b472dfcf8:
+ (bsc#1188741) compression/snappy: use uint32_t to be compatible with 1.1.9
- Update to 16.2.5-110-gc5d9c915c46:
+ rebased on top of upstream commit SHA1 7feddc9819ca05586f230accd67b4e26a328e618
+ (bsc#1186348) mgr/zabbix: adapt zabbix_sender default path
==== cri-o ====
Version update (1.21.0 -> 1.21.2)
Subpackages: cri-o-kubeadm-criconfig
- Update to version 1.21.2:
* oci: be more precise about channels and routines
* oci: wait for runtime to write pidfile before starting timer
* oci: refactor fsnotify usage
* vendor: add notify package
* version: bump to v1.21.2
* server: use cnimgr to wait for cni plugin ready before creating a pod
* server: use cnimgr for runtime status
* config: add cnimgr
* Introduce cnimgr
* server: prevent segfault by not using a potentially nil sandbox
* network: pass pod UID to ocicni when performing network operations
* vendor: bump ocicni to 4ea5fb8752cfe
* Bump c/storage to v1.32.3
* oci: kill runtime process on exec if exec pid isn't written yet
* oci: don't pre-create pid file
* dbus: update retryondisconnect to handle eagain too
* simplify checking for dbus error
* utils: close dbus conn channel
* dbusmgr: protect against races in NewDbusConnManager
* cgmgr: reuse dbus connection
* cgmgr: create systemd manager constructor
* try again on EAGAIN from dbus
* test: fix cgroupfs workload tests
* Disable short name mode
* workloads: don't set conmon cpuset if systemd doesn't support AllowedCPUs
* test: add test for conmon in workloads
* workloads: setup on conmon cgroup
* Bump runc to get public RangeToBits function
* server: export InfraName and drop references to leaky
* storage: succeed in DeleteContainer if container is unknown
* bump to v1.21.1
* Fix CI
* oci: drop internal ExecSync structs
* oci: do not use conmon for exec sync
* bump c/storage to 1.31.1
* bump runc to 1.0.0-rc94
* Fix unit tests
* Add support to drop ALL and add back few capabilities
* server: call CNI del in separate routine in restore
* server: reduce log verbosity on restore
* reduce listen socket permissions to 0660
* test: adapt crio wipe tests to handle new behavior
* ignore storage.ErrNotAContainer
* move internal wipe to only wipe images
* server: properly remove sandbox network on failed restore
* runtimeVM: Use internal context to ensure goroutines are stopped
* Fix go.sum
* sandbox remove: unmount shm before removing infra container
* use more ContainerServer.StopContainer
* sandbox: fix race with cleanup
* server: don't unconditionally fail on sandbox cleanup
* server: group namespace cleanup with network stop
* resourcestore: run cleanup in parallel
* test: add test for delayed cleanup of network on restart
* InternalWipe: retry on failures
* server: get hooks after we've check if a sandbox is already stopped
* server: move newPodNetwork to a more logical place
* Add resource cleaner retry functionality
* test: add test for internal_wipe
* server: add support for internal_wipe
* crio wipe: add support for internal_wipe
* config: add InternalWipe
* server: breakup stop/remove all functions with internal helpers
* storage: remove RemovePodSandbox function
* server: reuse container removal code for infra
* Cleanup pod network on sandbox removal
* test: add test for absent_mount_sources_to_reject
* server: add support for absent_mount_sources_to_reject
* config: add absent_mount_sources_to_reject option
* server: use background context for network stop
* resource store: prevent segfault on cleanup step
* Pin gocapability to v0.0.0-20180916011248-d98352740cb2
* config: fix type of privileged_without_host_devices
* Fix podman name in README
* Fix RuntimeDefault seccomp behavior if disabled
* Add After=crio.service dependency to containers and conmon
* Use extra context for runtime VM
* workloads: move to more concrete type
* workloads: update how overrides are specified
* main: still rely on logrus (rather than using the internal log)
* container server: fix silly typo
* nsmgr: remove duplicate IsNSOrErr call
* nsmgr: fix some leaks with GetNamespace
* bump to containers/image 5.11.1
* Bug 1942608: do not list the image with error locating manifest
* runtimeVM: Calculate the WorkingSetBytes stats
* runtimeVM: Use containerd/cgroups for metrics
* runtimeVM: Move metricsToCtrStats() around
* runtimeVM: Vendor typeurl instead of maintain our own copy
==== hwinfo ====
Version update (21.75 -> 21.76)
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
==== keylime ====
Version update (6.1.0 -> 6.1.1)
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-registrar keylime-tpm_cert_store keylime-verifier python38-keylime
- Update to Keylime 6.1.1
+ keylime_tenant add crash with TypeError: Object of type 'bytes' is
not JSON serializable
+ Whenever Keylime agent starts and cannot contact the registrar, it
fails and quits without flushing create EK handles
+ keylime_tenant -c reglist now requires a "-t" parameter for no
reason
+ Duplicated API calls to verifier in webapp backend
+ Installer deletes tpm_cert_store files
+ agent_uuid set to dmidecode crashes Keylime
+ Copying of tpm_cert_store fails during installation
+ If the PCR belong to a measured boot list, it is not validated
+ keylime_tenant --c update fails with a race condition
- Drop patches already present in the new version
+ webapp-fix-tls-certs-paths.patch
+ check_pcrs-match-PCR-if-no-mb_refstate-is-provided.patch
+ tenant-do_cvdelete-wait-until-404.patch
==== libglvnd ====
Version update (1.3.2 -> 1.3.3)
- update to 1.3.3, fixes boo#1188640
==== python-SQLAlchemy ====
Version update (1.4.20 -> 1.4.22)
- update to version 1.4.22:
* orm
+ Fixed issue in new Table.table_valued() method where the
resulting TableValuedColumn construct would not respond
correctly to alias adaptation as is used throughout the ORM,
such as for eager loading, polymorphic loading, etc.
+ Fixed issue where usage of the Result.unique() method with an
ORM result that included column expressions with unhashable
types, such as JSON or ARRAY using non-tuples would silently
fall back to using the id() function, rather than raising an
error. This now raises an error when the Result.unique() method
is used in a 2.0 style ORM query. Additionally, hashability is
assumed to be True for result values of unknown type, such as
often happens when using SQL functions of unknown return type;
if values are truly not hashable then the hash() itself will
raise.
+ For legacy ORM queries, since the legacy Query object uniquifies
in all cases, the old rules remain in place, which is to use
id() for result values of unknown type as this legacy uniquing
is mostly for the purpose of uniquing ORM entities and not
column values.
+ Fixed an issue where clearing of mappers during things like test
suite teardowns could cause a ?dictionary changed size? warning
during garbage collection, due to iteration of a
weak-referencing dictionary. A list() has been applied to
prevent concurrent GC from affecting this operation.
+ Fixed critical caching issue where the ORM?s persistence feature
using INSERT..RETURNING would cache an incorrect query when
mixing the ?bulk save? and standard ?flush? forms of INSERT.
* engine
+ Added some guards against KeyError in the event system to
accommodate the case that the interpreter is shutting down at
the same time Engine.dispose() is being called, which would
cause stack trace warnings.
* sql
+ Fixed issue where use of the case.whens parameter passing a
dictionary positionally and not as a keyword argument would emit
a 2.0 deprecation warning, referring to the deprecation of
passing a list positionally. The dictionary format of ?whens?,
passed positionally, is still supported and was accidentally
marked as deprecated.
+ Fixed issue where type-specific bound parameter handlers would
not be called upon in the case of using the Insert.values()
method with the Python None value; in particular, this would be
noticed when using the JSON datatype as well as related
PostgreSQL specific types such as JSONB which would fail to
encode the Python None value into JSON null, however the issue
was generalized to any bound parameter handler in conjunction
with this specific method of Insert.
- changes from version 1.4.21:
* orm
+ Modified the approach used for history tracking of scalar object
relationships that are not many-to-one, i.e. one-to-one
relationships that would otherwise be one-to-many. When
replacing a one-to-one value, the ?old? value that would be
replaced is no longer loaded immediately, and is instead handled
during the flush process. This eliminates an historically
troublesome lazy load that otherwise often occurs when assigning
to a one-to-one attribute, and is particularly troublesome when
using ?lazy=?raise?? as well as asyncio use cases.
+ This change does cause a behavioral change within the
AttributeEvents.set() event, which is nonetheless currently
documented, which is that the event applied to such a one-to-one
attribute will no longer receive the ?old? parameter if it is
unloaded and the relationship.active_history flag is not set. As
is documented in AttributeEvents.set(), if the event handler
needs to receive the ?old? value when the event fires off, the
active_history flag must be established either with the event
listener or with the relationship. This is already the behavior
with other kinds of attributes such as many-to-one and column
value references.
+ The change additionally will defer updating a backref on the
?old? value in the less common case that the ?old? value is
locally present in the session, but isn?t loaded on the
relationship in question, until the next flush occurs. If this
causes an issue, again the normal relationship.active_history
flag can be set to True on the relationship.
+ Fixed regression caused in 1.4.19 due to #6503 and related
involving Query.with_entities() where the new structure used
would be inappropriately transferred to an enclosing Query when
making use of set operations such as Query.union(), causing the
JOIN instructions within to be applied to the outside query as
well.
+ Fixed regression which appeared in version 1.4.3 due to #6060
where rules that limit ORM adaptation of derived selectables
interfered with other ORM-adaptation based cases, in this case
when applying adaptations for a with_polymorphic() against a
mapping which uses a column_property() which in turn makes use
of a scalar select that includes a aliased() object of the
mapped table.
+ Fixed ORM regression where ad-hoc label names generated for
hybrid properties and potentially other similar types of
ORM-enabled expressions would usually be propagated outwards
through subqueries, allowing the name to be retained in the
final keys of the result set even when selecting from
subqueries. Additional state is now tracked in this case that
isn?t lost when a hybrid is selected out of a Core select /
subquery.
* sql
+ Added new method HasCTE.add_cte() to each of the select(),
insert(), update() and delete() constructs. This method will add
the given CTE as an ?independent? CTE of the statement, meaning
it renders in the WITH clause above the statement
unconditionally even if it is not otherwise referenced in the
primary statement. This is a popular use case on the PostgreSQL
database where a CTE is used for a DML statement that runs
against database rows independently of the primary statement.
+ Fixed issue in CTE constructs where a recursive CTE that
referred to a SELECT that has duplicate column names, which are
typically deduplicated using labeling logic in 1.4, would fail
to refer to the deduplicated label name correctly within the
WITH clause.
+ Fixed regression where the tablesample() construct would fail to
be executable when constructed given a floating-point sampling
value not embedded within a SQL function.
* postgresql
+ Fixed issue in Insert.on_conflict_do_nothing() and
Insert.on_conflict_do_update() where the name of a unique
constraint passed as the constraint parameter would not be
properly truncated for length if it were based on a naming
convention that generated a too-long name for the PostgreSQL max
identifier length of 63 characters, in the same way which occurs
within a CREATE TABLE statement.
+ Fixed issue where the PostgreSQL ENUM datatype as embedded in
the ARRAY datatype would fail to emit correctly in create/drop
when the schema_translate_map feature were also in
use. Additionally repairs a related issue where the same
schema_translate_map feature would not work for the ENUM
datatype in combination with a CAST, that?s also intrinsic to
how the ARRAY(ENUM) combination works on the PostgreSQL dialect.
+ Fixed issue in Insert.on_conflict_do_nothing() and
Insert.on_conflict_do_update() where the name of a unique
constraint passed as the constraint parameter would not be
properly quoted if it contained characters which required
quoting.
* mssql
+ Fixed regression where the special dotted-schema name handling
for the SQL Server dialect would not function correctly if the
dotted schema name were used within the schema_translate_map
feature.
==== qemu ====
- Disabled skiboot building for PowerPC due to the following issue:
https://github.com/open-power/skiboot/issues/265
- Fix possible mremap overflow in the pvrdma
(CVE-2021-3582, bsc#1187499)
hw-rdma-Fix-possible-mremap-overflow-in-.patch
- Ensure correct input on ring init
(CVE-2021-3607, bsc#1187539)
pvrdma-Ensure-correct-input-on-ring-init.patch
- Fix the ring init error flow
(CVE-2021-3608, bsc#1187538)
pvrdma-Fix-the-ring-init-error-flow-CVE-.patch
==== vim ====
Version update (8.2.3075 -> 8.2.3204)
Subpackages: vim-data-common vim-small
- Updated to version 8.2.3204, fixes the following problems
- enable test_recover on x86_64/i586/ppc64* - disable-unreliable-tests.patch
- disable faulty tests on arm and s390x arch - disable-unreliable-tests-arch.patch
* Xxd always reports an old version string. (Åsmund Ervik)
* Vim9: using try in catch block causes a hang.
* Vim9: an error in a catch block is not reported.
* Vim9: profile test fails.
* Powershell core not supported by default.
* Recover test fails on 32bit systems. (Ond?ej Súkup)
* Cannot catch errors in a channel command.
* A channel command "echoerr" does not show anything.
* Crash when passing null string to charclass().
* Vim9: builtin function argument types are not checked at compile time.
* JSONC files are not recognized.
* Vim9: breakpoint on "for" does not work.
* Gemtext files are not recognized.
* With 'virtualedit' set to "block" Visual highlight is wrong after using
"$". (Marco Trosi)
* Garbage collection has useless code.
* With concealing enabled and indirectly closing a fold the cursor may be
somewhere in a folded line.
* Vim9: default argument expression cannot use previous argument
* Vim9: builtin function test fails without the +channel feature.
* tablabel_tooltip test fails with Athena. (Dominique Pellé)
* Test_popup_atcursor_pos() fails without the conceal feature.
* With 'virtualedit' set to "block" block selection is wrong after using
"$". (Marco Trosi)
* Temp files remain after running tests.
* Crash when using "quit" at recovery prompt and autocommands are triggered.
* Popup window test is flaky on MS-Windows with GUI.
* Vim9: missing catch/finally not reported at script level.
* Vim9: no error when using type with unknown number of arguments.
* Missing function prototype for vim_round().
* Test for crash fix does not fail without the fix.
* Swap test may fail on some systems when jobs take longer to exit.
* Vim9: unspecified function type causes type error.
* Vim9: type of partial is wrong when it has arguments.
* Vim9: confusing line number reported for error.
* Vim9: error for arguments while type didn't specify arguments.
* Test for remote_foreground() fails. (Elimar Riesebieter)
* Check for $DISPLAY never fails.
* A pattern that matches the cursor position is bit complicated.
* Vim9: confusing error with extra whitespace before colon.
* With concealing enabled and indirectly closing a fold the cursor may be
somewhere in a folded line when it is not on the first line of
the fold.
* No error when for loop variable shadows script variable.
* Amiga-like systems: build error using stat().
* Coverity complains about free_wininfo() use.
* Vim9: crash when debugging a function with line continuation.
* Vim9: type not properly checked in for loop.
* Vim9: "any" type not handled correctly in for loop.
* Compiler warning for unused argument.
* Crypt with sodium test fails on MS-Windows.
* 'listchars' "exceeds" character appears in foldcolumn. Window separator
is missing. (Leonid V. Fedorenchik)
* With 'nowrap' cursor position is unexected in narrow window. (Leonid V.
Fedorenchik)
* Vim9: confusing error when using white space after option, before one of
"!&<".
* Vim9: no error for white space between option and "=9".
* Variables are set but not used.
* Vim9: for loop error reports wrong line number.
* Vim9: no error when adding number to list of string.
* Vim9: uninitialzed list does not get type checked.
* Vim9: imported uninitialized list does not get type checked.
* Vim9: import test fails.
* Compiler warns for size_t to colnr_T conversion. (Randall W. Morris)
* Vim9: memory leak when add() fails.
* Crash when using typename() on a function reference. (Naohiro Ono)
* Vim9: builtin function arguments not checked at compile time.
* No test for E187 and "No swap file".
* Vim9: no error when a line only has a variable name.
* Debugger test fails.
* Functions for string manipulation are spread out.
* No error when using :complete for :command without -nargs.
* Vim9: type check for has_key() argument is too strict.
* Vim9: A lambda may be compiled with the wrong context if it is called
from a profiled function.
* Vim9: no error when using an invalid value for a line number.
* Vim9: profile test fails without profile feature.
* Vim9: line number wrong for :execute argument.
* Vim9: profiling does not work with a nested function.
* Vim9: function arg type check does not handle base offset.
* Some plugins have a problem with the error check for using :command with
- complete but without -nargs.
* Vim9: argument types are not checked at compile time.
* Vim9: profiling fails if nested function is also profiled.
* Vim9: accessing "s:" results in an error.
* URLs with a dash in the scheme are not recognized.
* Vim9: some type checks for builtin functions fail.
* Some option related code not covered by tests.
* Vim9: term_getansicolors() test fails without +termguicolors.
* Crypt test may fail on MS-Windows.
* Strange error message when using islocked() with a number. (Yegappan
Lakshmanan)
* Cursor displayed in wrong position after deleting line.
* 'breakindent' does not work well for bulleted and numbered lists.
* Vim9: no error when reltime() has invalid arguments.
* Vim9: argument types are not checked at compile time.
* Location list window may open a wrong file.
* Vim9: in a || expression the error line number may be wrong.
* Vim9: nested autoload call error overruled by "Unknown error".
* Get E12 in a job callback when searching for tags. (Andy Stewart)
* Vim9: type error for constant of type any.
* Vim9: cannot handle nested inline function.
* Illegal memory access in test.
* Another illegal memory access in test.
* MzScheme test fails. (Christian Brabandt)
* Vim9: argument types are not checked at compile time.
* Vim9: "legacy undo" finds "undo" variable.
* Vim9: using illegal pointer with inline function inside a lambda.
* Vim9: no type error for comparing number with string.
* Vim9: can not use "for _ in expr" at script level.
* Vim9: the file name of an :import cannot be an expression.
* Vim9: cannot assign to an imported variable at script level.
* Vim9: memory leak when concatenating to an imported string.
* Vim9: builtin function test fails without channel feature.
* Vim9: crash when using removing items from a constant list. (Yegappan
Lakshmanan)
* Duplicate error numbers.
* Cannot add a digraph with a leading space. It is not easy to list
existing digraphs.
* Vim9: start of inline function found in comment line.
* Vim9: not all failures for import tested
* Vim9: popup timer callback is not compiled.
* Vim9: argument types are not checked at compile time.
* Vim9: error when using "try|".
* Error messages are spread out.
* Vim9: not enough code is tested.
* Build failure with small version (Tony Mechelynck).
* screenpos() is wrong when the last line is partially visible and 'display'
is "lastline".
* Vim9: argument types are not checked at compile time.
* Vim9: unclear error when passing too many arguments to lambda.
* Vim9: bool expression with numbers only fails at runtime.
* Error messages are spread out.
* Cannot use 'formatlistpat' for breakindent.
* Vim9: execution speed can be improved.
* Vim9: hard to guess where a type error is given.
* Crash in test.
* Vim9: tests are only executed for legacy script.
* Vim9: compiled string expression causes type error. (Yegappan Lakshmanan)
* Display garbled when 'cursorline' is set and lines wrap. (Gabriel Dupras)