Packages changed: cloud-init cryptsetup (2.3.1 -> 2.3.3) gptfdisk (1.0.4 -> 1.0.5) haproxy (2.1.4+git0.3cfc2f1d9 -> 2.1.5+git0.36e14bd31) haveged (1.9.4 -> 1.9.8) irqbalance (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) kmod (26 -> 27) libsolv (0.7.13 -> 0.7.14) libzypp (17.23.4 -> 17.23.5) lvm2 lvm2-device-mapper open-vm-tools === Details === ==== cloud-init ==== - bsc#1170154: rsyslog warning, '~' is deprecated + replace deprecated syntax '& ~' by '& stop' for more information please see https://www.rsyslog.com/rsyslog-error-2307/ ==== cryptsetup ==== Version update (2.3.1 -> 2.3.3) Subpackages: libcryptsetup12 - Update to 2.3.3: * Fix BitLocker compatible device access that uses native 4kB sectors * Support large IV count (--iv-large-sectors) cryptsetup option for plain device mapping * Fix a memory leak in BitLocker compatible handling * Allow EBOIV (Initialization Vector algorithm) use * LUKS2: Require both keyslot cipher and key size option, do not fail silently - includes changes from 2.3.2: * Add option to dump content of LUKS2 unbound keyslot * Add support for discards (TRIM) for standalone dm-integrity devices (Kernel 5.7) via --allow-discards, not for LUKS2 * Fix cryptsetup-reencrypt to work on devices that do not allow direct-io device access. * Fix a crash in the BitLocker-compatible code error path * Fix Veracrypt compatible support for longer (>64 bytes) passphrases ==== gptfdisk ==== Version update (1.0.4 -> 1.0.5) - Update to 1.0.5 * Changed number of columns in type code output ("sgdisk -L" and equivalents in gdisk and cgdisk) from 3 to 2, since some descriptions are long enough that they are ambiguous with three columns. * You can now put the 0xEE partition last in a hybrid MBR using sgdisk. (Previously, this was possible with gdisk but not with sgdisk.) See the sgdisk man page for details. * Added numerous type codes for Container Linux, Veracrypt, and Freedesktop.org's Discoverable Partitions Specification * Partition type name searches are now case-insensitive. * It is now possible to quit out of partition type name searches by typing "q". * When changing a partition type code, the default is now the current type code, not a platform-specific type code. ==== haproxy ==== Version update (2.1.4+git0.3cfc2f1d9 -> 2.1.5+git0.36e14bd31) - Update to version 2.1.5+git0.36e14bd31: * [RELEASE] Released version 2.1.5 * BUG/MINOR: nameservers: fix error handling in parsing of resolv.conf * BUG/MINOR: lua: Add missing string length for lua sticktable lookup * BUG/MEDIUM: logs: fix trailing zeros on log message. * REGTESTS: checks: Fix tls_health_checks when IPv6 addresses are used * BUG/MINOR: logs: prevent double line returns in some events. * DOC: SPOE is no longer experimental * DOC/MINOR: halog: Add long help info for ic flag * DOC: retry-on can only be used with mode http * BUG/MINOR: server: Fix server_finalize_init() to avoid unused variable * BUG/MINOR: checks: Respect check-ssl param when a port or an addr is specified * BUG/MEDIUM: ring: write-lock the ring while attaching/detaching * BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for any reason * BUG/MINOR: cache: Don't needlessly test "cache" keyword in parse_cache_flt() * BUG/MEDIUM: stream: Only allow L7 retries when using HTTP. * BUG/MEDIUM: streams: Remove SF_ADDR_SET if we're retrying due to L7 retry. * BUILD: select: only declare existing local labels to appease clang * BUG/MINOR: soft-stop: always wake up waiting threads on stopping * BUG/MINOR: pollers: remove uneeded free in global init * BUG/MINOR: pools: use %u not %d to report pool stats in "show pools" * BUG/MINOR: cfgparse: Abort parsing the current line if an invalid \x sequence is encountered * BUG/MEDIUM: http_ana: make the detection of NTLM variants safer * BUG/MINOR: http-ana: fix NTLM response parsing again * BUG/MINOR: config: Make use_backend and use-server post-parsing less obscur * BUG/MEDIUM: lua: Fix dumping of stick table entries for STD_T_DICT * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_UPDATE_{MIN,MAX}() * BUG/MINOR: threads: fix multiple use of argument inside HA_ATOMIC_CAS() * BUG/MINOR: sample: Set the correct type when a binary is converted to a string * CLEANUP: connections: align function declaration * BUG/MEDIUM: ssl: fix the id length check within smp_fetch_ssl_fc_session_id() * BUG/MEDIUM: h1: Don't compare host and authority if only h1 headers are parsed * BUG/MEDIUM: connections: force connections cleanup on server changes * BUG/MEDIUM: mux-fcgi: Fix wrong test on FCGI_CF_KEEP_CONN in fcgi_detach() * BUG/MEDIUM: mux_fcgi: Free the FCGI connection at the end of fcgi_release() * BUG/MINOR: checks: Remove a warning about http health checks * BUG/MINOR: checks: Compute the right HTTP request length for HTTP health checks * BUG/MINOR: checks/server: use_ssl member must be signed * Revert "BUG/MINOR: connection: make sure to correctly tag local PROXY connections" * Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY connections" * REGTEST: http-rules: Require PCRE or PCRE2 option to run map_redirect script * REGTEST: ssl: test the client certificate authentication * BUILD: Makefile: add linux-musl to TARGET * BUILD: tools: rely on __ELF__ not USE_DL to enable use of dladdr() * BUILD: tools: unbreak resolve_sym_name() on non-GNU platforms * MINOR: debug: dump the whole trace if we can't spot the starting point * MINOR: debug: use our own backtrace function on clang+x86_64 * MINOR: debug: improve backtrace() on aarch64 and possibly other systems * MINOR: debug: report the number of entries in the backtrace * MINOR: wdt: do not depend on USE_THREAD * BUILD: Makefile: include librt before libpthread * MINOR: debug: call backtrace() once upon startup * MEDIUM: debug: add support for dumping backtraces of stuck threads * MINOR: cli: make "show fd" rely on resolve_sym_name() * MINOR: debug: use resolve_sym_name() to dump task handlers * MINOR: tools: add resolve_sym_name() to resolve function pointers * MINOR: tools: add new function dump_addr_and_bytes() * MINOR: haproxy: export run_poll_loop * MINOR: stream: report the list of active filters on stream crashes * BUG/MEDIUM: shctx: bound the number of loops that can happen around the lock * BUG/MEDIUM: shctx: really check the lock's value while waiting * BUG/MINOR: debug: properly use long long instead of long for the thread ID * MINOR: threads: export the POSIX thread ID in panic dumps * BUG/MEDIUM: listener: mark the thread as not stuck inside the loop * BUG/MEDIUM: sample: make the CPU and latency sample fetches check for a stream * BUG/MEDIUM: http: the "unique-id" sample fetch could crash without a steeam * BUG/MEDIUM: http: the "http_first_req" sample fetch could crash without a steeam * BUG/MEDIUM: capture: capture.{req,res}.* crash without a stream * BUG/MEDIUM: capture: capture-req/capture-res converters crash without a stream * BUG/MINOR: mux-fcgi: Be sure to have a connection as session's origin to use it * BUG/MINOR: obj_type: Handle stream object in obj_base_ptr() function * BUG/MINOR: checks: chained expect will not properly wait for enough data * BUG/MEDIUM: server/checks: Init server check during config validity check * BUG/MINOR: checks: Respect the no-check-ssl option * MINOR: checks: Add a way to send custom headers and payload during http chekcs * BUG/MINOR: check: Update server address and port to execute an external check * MINOR: contrib: make the peers wireshark dissector a plugin * MEDIUM: memory: make pool_gc() run under thread isolation * DOC: option logasap does not depend on mode * BUG/MINOR: http: make url_decode() optionally convert '+' to SP * BUG/MINOR: tools: fix the i386 version of the div64_32 function * BUG/MEDIUM: http-ana: Handle NTLM messages correctly. * BUG/MINOR: ssl: default settings for ssl server options are not used * DOC: Improve documentation on http-request set-src * MINOR: version: Show uname output in display_version() * DOC: hashing: update link to hashing functions * BUG/MINOR: peers: Incomplete peers sections should be validated. * BUG/MINOR: connection: always send address-less LOCAL PROXY connections * BUG/MINOR: ssl: memleak of the struct cert_key_and_chain * BUG/MINOR: ssl/cli: memory leak in 'set ssl cert' * MINOR: ssl: improve the errors when a crt can't be open * BUG/MINOR: protocol_buffer: Wrong maximum shifting. ==== haveged ==== Version update (1.9.4 -> 1.9.8) Subpackages: libhavege1 - Update to version 1.9.8: * Fix for Unresolved symbol error_exit in libhavege #20 by pld-gitsync [Jirka Hladky] * order after systemd-tmpfiles-setup-dev.service (origin/pr/21) [Christian Hesse] * use systemd security features [Christian Hesse] * do not run in container [Christian Hesse] * do not use carriage return in line break [Christian Hesse] * Fixed invalid UTF-8 codes in ChangeLog [Jirka Hladky] - Changes for version 1.9.5: * Added test for /dev/random symlink [Jirka Hladky] * Update to automake 1.16 [Jirka Hladky] * Fix segv at start [Andrew] * Fixed built issue on Cygwin [jbaker6953] * Fix segfault on arm machines (origin/pr/7) [Natanael Copa] * init.d/Makefile.am - add missing dependency [Jackie Huang] * service.redhat - update PIDFile [Pierre-Jean Texier] * Fix type mismatch in get_poolsize [Andreas Schwab] * Fixup upstream changelog [Nicolas Braud-Santoni] * Remove support for CPUID on ia64 (origin/pr/19) [Jeremy Bobbio] * Output some progress during CUSUM and RANDOM EXCURSION test [Sven Hartge] * Diagnostics capture mode now works correctly [Ethan Rahn] - Drop upstream patches: * f2193587.patch * get-poolsize.patch ==== irqbalance ==== Version update (1.6.0+git20190711.f7fdebb -> 1.6.0+git20200317.0348a3b) - Update to latest git HEAD version 0348a3b. There has been no version update for quite some time, but some restructuring and fixes we want to have included. D install-man-pages.patch ==== kmod ==== Version update (26 -> 27) Subpackages: kmod-compat libkmod2 - Update to release 27 * Link to libcrypto rather than requiring openssl. * Use PKCS#7 instead of CMS for parsing module signature to be compatible with LibreSSL and OpenSSL < 1.1.0. * Teach modinfo to parse modules.builtin.modinfo. When using Linux kernel >= v5.2~rc1, it is possible to get module information from this new file. ==== libsolv ==== Version update (0.7.13 -> 0.7.14) - Support blacklisted packages in solver_findproblemrule() [bnc#1172135] - Support rules with multiple negative literals in choice rule generation - bump version to 0.7.14 ==== libzypp ==== Version update (17.23.4 -> 17.23.5) - Enable zchunk on SLE-15-SP2. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - version 17.23.5 (22) ==== lvm2 ==== Subpackages: liblvm2cmd2_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== lvm2-device-mapper ==== Subpackages: device-mapper libdevmapper-event1_03 libdevmapper1_03 - removing LVM cache with cache volume does not remove the cache volume (bsc#1171907) + bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch ==== open-vm-tools ==== Subpackages: libvmtools0 - While updating to 11.1.0 (build 16036546) (boo#1171764) hold off on producing the open-vm-tools-sdmp (boo#1171765 Service Discover plugin) until it has gone through the ECO process. Once approved, will resubmit to include the plugin.