Packages changed: c-ares conntrack-tools haproxy (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) irqbalance nfs-utils patterns-base util-linux util-linux-systemd === Details === ==== c-ares ==== - new upstream website - drop multibuild - tests do not require static library anymore - spec file cleanup - drop sources that were re-added to upstream distibution (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake) - 5c995d5.patch: augment input validation on hostnames to allow _ as part of DNS response (bsc#1190225) ==== conntrack-tools ==== - Added hardening to systemd service(s). Modified: * conntrackd.service ==== haproxy ==== Version update (2.4.3+git0.4dd5a5a6c -> 2.4.4+git0.acb1d0bea) - Update to version 2.4.4+git0.acb1d0bea: CVE-2021-40346 (boo#1189877) * [RELEASE] Released version 2.4.4 * Revert "BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive" * BUG/MAJOR: htx: fix missing header name length check in htx_add_header/trailer * CLEANUP: htx: remove comments about "must be < 256 MB" * BUG/MINOR: config: reject configs using HTTP with bufsize >= 256 MB * DOC: configuration: remove wrong tcp-request examples in tcp-response * BUG/MINOR: vars: fix set-var/unset-var exclusivity in the keyword parser * CLEANUP: Add missing include guard to signal.h * BUG/MINOR: tools: Fix loop condition in dump_text() * BUG/MINOR threads: Use get_(local|gm)time instead of (local|gm)time * BUG/MINOR: ebtree: remove dependency on incorrect macro for bits per long * MINOR: time: add report_idle() to report process-wide idle time * BUG/MINOR: time: fix idle time computation for long sleeps * BUG/MINOR: lua: use strlcpy2() not strncpy() to copy sample keywords * MINOR: compiler: implement an ONLY_ONCE() macro * BUG/MINOR: base64: base64urldec() ignores padding in output size check * BUG/MEDIUM: base64: check output boundaries within base64{dec,urldec} * BUG/MINOR: stick-table: fix the sc-set-gpt* parser when using expressions * MINOR: hlua: take the global Lua lock inside a global function * REGTESTS: abortonclose: after retries, 503 is expected, not close * REGTESTS: http_upgrade: fix incorrect expectation on TCP->H1->H2 * BUG/MEDIUM: h2: match absolute-path not path-absolute for :path ==== irqbalance ==== - Update to version 1.8.0.18.git+2435e8d: * fix unsigned integer subtraction sign overflow * fix opendir fails in check_platform_device * irqbalance: Check validity of numa_node * configure.ac: use pkg-config to find numa * Disable the communication socket when UI is disabled * Fix comma typo in ui.c * drop NoNewPrivs from irqbalance service * remove no existing irq in banned_irqs * Fix compile issue with none AARCH64 builds - Fixes integrated mainline: * bsc#1119461 * bsc#1138190 * bsc#1154905 * bsc#1178477 bsc#1183405 (removed patches due to mainline integration): procinterrupts-check-xen-dyn-event-more-flexible.patch * bsc#1182254 bsc#1156315 (removed patches due to mainline integration): fix-ambiguous-parsing-of-node-entries-in-sys.patch * bsc#1183157 also-fetch-node-info-for-non-PCI-devices.patch ==== nfs-utils ==== Subpackages: libnfsidmap1 nfs-client - Add 0001-gssd-fix-crash-in-debug-message.patch Fix crash when rpc-gssd run with -v. (boo#1190144) ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-bootloader patterns-base-minimal_base - Fix typo in the icon name for the fips pattern (bsc#1189550) ==== util-linux ==== Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1 - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. ==== util-linux-systemd ==== - Remove the raw utility altogether, as it is not even built any more with glibc >=2.34. - login.pamd: use pam_motd to unify motd handling [bsc#1185897]. Else motd snippets of e.g. cockpit will not be shown.