Hello community, here is the log from the commit of package cilium for openSUSE:Factory checked in at 2020-01-13 22:15:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cilium (Old) and /work/SRC/openSUSE:Factory/.cilium.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cilium" Mon Jan 13 22:15:20 2020 rev:21 rq:758994 version:1.6.5 Changes: -------- --- /work/SRC/openSUSE:Factory/cilium/cilium.changes 2019-10-23 15:48:25.998537845 +0200 +++ /work/SRC/openSUSE:Factory/.cilium.new.6675/cilium.changes 2020-01-13 22:15:44.674357376 +0100 @@ -1,0 +2,32 @@ +Mon Dec 23 13:20:38 UTC 2019 - MichaĆ Rostecki <[email protected]> + +- Update to version 1.6.5: + * Important Bug Fixes + - Envoy is updated to release 1.12.2, including important + security fixes (CVE-2019-18801, CVE-1019-18802, + CVE-1019-18838) + * Bug fixes + - Fix disabling health-checks in chaining mode + - Delete endpoint xxx_next directories during restore + - Fix typo in io.cilium/shared-service annotation + - Fix issue where services would not be updated when comparing + two services + - Fix bugtool support for aead encryption algorithm + * Misc + - Add github actions to cilium + - Fix AKS installation guide + - Disable masquerading in all chaining documentation guides + - Update golang to 1.12.14 + - Add delay between reconnect attempts to containerd + - Decrease log level for "service not found" message + * CI + - Use force flag in Cilium install apply command + - Move missed kubectl apply calls to Apply calls + - Add nil check for init container terminated state + +------------------------------------------------------------------- +Thu Oct 17 15:47:04 UTC 2019 - Richard Brown <[email protected]> + +- Remove obsolete Groups tag (fate#326485) + +------------------------------------------------------------------- @@ -50,0 +83,1549 @@ + +------------------------------------------------------------------- +Fri Oct 11 14:57:44 UTC 2019 - [email protected] + +- Update to version 1.6.3: + * Prepare for v1.6.3 release + * envoy: Update image for Envoy CVEs 2019-10-08 + * Fix IP leak on main if + * policy: remove checking of CIDR-based fields from `IsLabelBased` checks + * daemon: Populate source and destination ports for DNS records + * kvstore/etcd: always reload keypair + * bpf: Fix sockops compile on newer LLVM + * Revert "add PR #82410 patch from kubernetes/kubernetes" + * vendor: update to k8s 1.16.1 + * k8s/endpointsynchronizer: Do not delete CEP on empty k8s resource names + * monitor: Fix reporting the monitor status + * docs: update k8s supported versions + * policy: Fix up selectorcache locking issue + * bpf: fix cilium_host unroutable check + * Do not add policies/states for subnets + * Use output-mark to use table 200 post-encryption and set different MTU for main/200 tables + * Update netlink library (support for output-mark) + * vendor: Bump golang.org/sys/unix library revision + * sysctl: Add function to write any param value + * sysctl: Get rid of GOOS targets + * sysctl: Add package for managing kernel parameters + * Change kind of daemonset in microk8s-prepull.yml to apps/v1 + * docs: Simplify microk8s instructions + * health: Configure sysctl when IPv6 is disabled + * dockerfile.runtime: always run update when building dependencies + * go: bump golang to 1.12.10 + * Prepare for release v1.6.2 + * test: Add a standalone test for validating static pod labels + * daemon: Start controller when pod labels resolution fails + * iptables: fix cilium_forward chain rules to support openshift + * docs/azure: wait for azure-vnet.json to be created + * docs: add akz and az to list of spelling words + * Dockerfile: Use latest iproute2 image + * endpoint: Update proxy policies when applying policy map changes out-of-band + * test: Add L3-dependent L7 test with toFQDN + * plugins/cilium-cni: add support for AKS + * docs: fix proper nodeinit.enabled flag + * docs: fix aks guide + * docs: Do not pin cilium image vsn in kubeproxy-free guide + * cilium: encryption, replace Router() IP with CiliumInternal + * FQDN: Wait on policy map update when adding new IPs + * policy: Expose map-update WaitGroup in FQDN update callchains + * endpoint: Expose Endpoint.ApplyPolicyMapChanges + * dev VM: update to k8s 1.16.0 + * test: test against k8s 1.16.0 + * Gopkg.* bump to k8s 1.16.0 + * charts/managed-etcd: bump cilium-etcd-operator to v2.0.7 + * test: bump k8s testing versions to 1.13.11, 1.14.7 and 1.15.4 + * endpoint: start a controller to retry regeneration + * endpoint: use endpoint ID for error message + * daemon: do not delete directories created by tests if tests fail + * daemon: move directory setup into `SetUpTest` + * daemon: check error from `d.init()` + * bpf: Don't delete conntrack entries on policy deny + * use common custom dialer to connect to etcd + * pkg/k8s: create custom dialer function + * docs: Update kubeproxy-free guide + * loader: remove hash from compileQueue if build fails + * Do not ping during preflight checks + * Refactor probing to reuse client + * daemon: fix container runtime disabled state log + * add PR #82410 patch from kubernetes/kubernetes + * test: disable non-working k8s upstream test + * dev VM: update k8s to v1.16.0-rc.2 + * test: test against k8s 1.16 by default + * Makefile: avoid go modules when running k8s code generation + * Makefile: simplify k8s code generation target + * update to k8s 1.16.0.rc.2 + * Revert "Revert "Remove componentstatus from rbac"" + * CI: increase timeouts by 30m to avoid k8s-1.10 test timeouts + * Prepare for v1.6.1 + * cilium: make all ct timeouts configurable + * bpf: add separate ct_service lifetime for tcp/non-tcp + * bpf: remove unused args from slave selection code + * bpf: usr prandom as slave selection in lb + * operator: Pass identity allocation mode through correctly + * doc: minor additional tweaks to kube-proxy free gsg + * docs: fix typo and update kube-proxy free gsg + * test: fix k8s upstream test + * Dockerfile: Use latest Envoy image + * Revert "pkg/k8s: add merge method to merge 2 set of endpoints together" + * Revert "pkg/k8s: test endpoints and service received by events channel" + * Revert "pkg/k8s: add k8s external IPs support" + * Revert "test: add integration tests for k8s services with external IPs" + * Revert "test: wait for k8s external service in [kube|core]-dns" + * Docs: minor spelling corrections (Fixes #9127) + * Fix connectivity test example probes + * docs: Improve sysdump collection guide + * test: Ensure managed etcd test tears down etcd + * deps: update etcd to v3.4.0 + * etcd: use ca-file field from etcd option if available + * daemon: Improve logging for auto-enabling host-lb + * bump manifests apiVersion to apps/v1 + * bpf: fix routing of cilium_host router ip and health in v6 tunnel mode + * bpf: fix asymmetric routing and cilium_host connectivity in v6 tunnel mode + * k8s: replace NodePort frontend cilium_host IP with router addr + * ipam: fix v6 address corruption in cilium status dump + * ipam: do not assign v4 addresses for status.IPV6 + * bump k8s support to 1.15.3 + * tofqdns: Allow "_" in DNS names to support service discovery schemes + * cilium: fix restore v6 router ip to not break pod connectivity on restart + * clustermesh: Improve troubleshooting ability + * test: Remove workaround to MASQ traffic from k8s2 + * docs: Update source branch in kube-proxy-free guide + * cilium: encryption, add host networking routes for encrypt-node + * cilium: encryption, delete encrypt-node routes if node is deleted + * cilium: add interface to neighborLog + * cilium: encryption, if encryptNode is disable release routes + * cilium: encryption, log MapUpdateContext failures + * cilium: encryption, throw hard error if map create fails + * cilium: pull ConfigureResourceLimits earlier in bootstrapping + * cilium: silence harmless CILIUM_TRANSIENT_FORWARD warning on startup + * docs: clarify nodeport and host-reachable services and 5.0.y kernel situation + * CI: K8sPolicyTest tests local DNS only + * CI: decouple HTTP and DNS testing in K8sPolicyTest + * test: Wait for at least one Istio POD to get ready + * istio: Update to 1.2.5 + * docs: Avoid mentioning deprecated option + * cni: Fix disabling of routing in chaining mode + * bpf: Skip ingress proxy ip rule with endpoint routes + * health: Fix endpoint routes mode + * health: Prefer contacting health EP over IPv4 + * test: Add disabled test for tunnel+endpointRoutes + * test: Fix endpoint routes mode test + * eni: update ENI limits mappings + * daemon: Specify exact kernel version in host-lb fatal log msg + * daemon: Lower kernel requirement for TCP host-lb + * doc: Add Azure CNI to CNI chaining section + * datapath: probe socket match support, plumb to Envoy configuration + * envoy: Update to the latest API + * policy/api: Add test case for EntityAll + * policy/api: remove Entity matching functions + * policy/api: Add tests for reserved:unmanaged match + * k8s: Use api.WildcardEndpointSelector instead of an endpoint label reserved:all + * labels: Make Matches private + * AKS getting started guide + * cilium: assert monitor agent is allowed to expose socket + * cilium: only start daemon's monitoring agent after base datapath setup + * test: Return the error in CmdRes.GetErr() + * k8s: Add initcontainer to wait for nodeinit to complete + * nodeinit: Change network mode from bridge to transparent on Azure + * test: Remove old Cilium versions + * workloads: Fix disabled status reflection in API + * Revert "Remove componentstatus from rbac" + * daemon: signal endpoint restore fail when waiting for global identities times out + * docs: Update direct routing policy limitation + * install/kubernetes: do not add clustermesh documentation by default + * docs: Add kube-proxy free getting started guide + * policy: Allow DNS policy on ports other than 53 + * test: Use global.tag in helm command line + * helm: Allow to specify k8s api-server host and port via env vars + * docs: Document how to specify Flannel bridge name + * iptables: Add explicit ACCEPT rules for host proxy traffic + * operator: Fix passing kvstore options via arguments + * helm: Add global.kubeConfigPath + * cilium: update IsEtcdCluster to return true if etcd.operator="true" kv option is set + * iptables: Allow xt_socket match rules to fail + * iptables: Refactor proxy socket redirect rule + * cilium: encryption, if IPv6 is not supported do not throw debug warning ++++ 1385 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/cilium/cilium.changes ++++ and /work/SRC/openSUSE:Factory/.cilium.new.6675/cilium.changes Old: ---- cilium-1.6.3.obscpio New: ---- cilium-1.6.5.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cilium.spec ++++++ --- /var/tmp/diff_new_pack.m1lOk5/_old 2020-01-13 22:15:49.318359530 +0100 +++ /var/tmp/diff_new_pack.m1lOk5/_new 2020-01-13 22:15:49.326359534 +0100 @@ -35,11 +35,10 @@ %endif Name: cilium -Version: 1.6.3 +Version: 1.6.5 Release: 0 Summary: Linux Native, HTTP Aware Networking and Security for Containers License: Apache-2.0 AND GPL-2.0-or-later -Group: System/Management URL: https://github.com/cilium/cilium Source0: %{name}-%{version}.tar.xz Source1: %{name}-rpmlintrc @@ -98,7 +97,6 @@ %package cni Summary: CNI plugin for Cilium -Group: System/Management Requires: cilium Requires: cni Requires: cni-plugins @@ -113,7 +111,6 @@ %package docker Summary: Docker libnetwork plugin for Cilium -Group: System/Management Requires: cilium Requires: docker @@ -127,7 +124,6 @@ %package init Summary: Script for the Cilium init container -Group: System/Management %description init Cilium is a software for providing, and transparently securing, network @@ -141,7 +137,6 @@ %package operator Summary: Kubernetes operator for Cilium -Group: System/Management %description operator @@ -155,7 +150,6 @@ %package -n %{lname} Summary: Shared library for Cilium -Group: System/Libraries %description -n %{lname} Cilium is a software for providing, and transparently securing, network @@ -168,7 +162,6 @@ %package devel Summary: Development files for Cilium -Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} %description devel @@ -182,7 +175,6 @@ %package k8s-yaml Summary: Kubernetes yaml file to run Cilium containers -Group: System/Management BuildArch: noarch %description k8s-yaml ++++++ _service ++++++ --- /var/tmp/diff_new_pack.m1lOk5/_old 2020-01-13 22:15:49.378359558 +0100 +++ /var/tmp/diff_new_pack.m1lOk5/_new 2020-01-13 22:15:49.378359558 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v1.6.3</param> + <param name="revision">refs/tags/v1.6.5</param> <param name="filename">cilium</param> <param name="changesgenerate">disable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.m1lOk5/_old 2020-01-13 22:15:49.414359575 +0100 +++ /var/tmp/diff_new_pack.m1lOk5/_new 2020-01-13 22:15:49.418359577 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/cilium/cilium</param> - <param name="changesrevision">9ba05044cd52d3ad38a15dcc55cc91ce79638f83</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">e6233255ff3b9f30acdc445784413f9964612cb9</param></service></servicedata> \ No newline at end of file ++++++ cilium-1.6.3.obscpio -> cilium-1.6.5.obscpio ++++++ /work/SRC/openSUSE:Factory/cilium/cilium-1.6.3.obscpio /work/SRC/openSUSE:Factory/.cilium.new.6675/cilium-1.6.5.obscpio differ: char 49, line 1 ++++++ cilium.obsinfo ++++++ --- /var/tmp/diff_new_pack.m1lOk5/_old 2020-01-13 22:15:49.526359627 +0100 +++ /var/tmp/diff_new_pack.m1lOk5/_new 2020-01-13 22:15:49.526359627 +0100 @@ -1,5 +1,5 @@ name: cilium -version: 1.6.3 -mtime: 1570550559 -commit: e6233255ff3b9f30acdc445784413f9964612cb9 +version: 1.6.5 +mtime: 1576510138 +commit: 88642ed7049e1037283c550db8103a58bcf2e574
