Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20210427 Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: alsa-utils apache-commons-logging b43-fwcutter cifs-utils crash curl (7.76.0 -> 7.76.1) intel-vaapi-driver less (563 -> 581) librdkafka (1.5.3 -> 1.6.1) os-prober (1.77 -> 1.78) python-cryptography python-importlib-metadata (3.7.0 -> 3.7.2) shim-leap (15+git47 -> 15.4) sssd usbmuxd vhba-kmp (20200106_k5.11.16_1 -> 20210418_k5.11.16_1) === Details === ==== alsa-utils ==== - Suppress automatic update of alsa-info.sh (bsc#1185280): alsa-info-no-update-for-distro-script.patch ==== apache-commons-logging ==== - Added patch * no-tests.patch + ignore failing tests for arm6 ==== b43-fwcutter ==== - Fixed SPEC file: Replace broken URL with current upstream ==== cifs-utils ==== - cifs.upcall: fix regression in kerberos mount; (bsc#1184815). * add 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch - CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in container; (bsc#1183239); CVE-2021-20208. * add 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch ==== crash ==== - Fix bt command with SEV-ES (bsc#1185209) + crash-x86_64-VC-exception-stack-support.patch ==== curl ==== Version update (7.76.0 -> 7.76.1) Subpackages: libcurl4 - update to 7.76.1: - ngtcp2: Use ALPN h3-29 for now - TODO: remove 18.22 --fail-with-body ==== intel-vaapi-driver ==== - replaced tarball with official release tarball so it matches the updated official sha1sum checksum file - fixed wrong source lines in specfile - fixed sha1sum checksum file ==== less ==== Version update (563 -> 581) - less 581: * Change ESC-u command to toggle, not disable, highlighting per man page * Add ESC-U command * Add ctrl-W search modifier for wrapping search * F command can be interrupted by ^X * Support OSC 8 hyperlinks when -R is in effect * g command with no number will ignore -j and put first line at top of screen * Multiple + or -p command line options are handled better * Add the --incsearch option * Add the --line-num-width option * Add the --status-col-width option * Add the --use-color and --color options * Display -w highlight even if highlighted line is empty * If search result is in a long line, scroll to ensure it is visible * Editing the same file under different names now creates only one entry in the file list. * Make visual bell more visible on some terminals * Ring end-of-file bell no more than once per second * Build can use either Python or Perl for Makefile.aut operations * Fix crash when using the @ search modifier. * Fix crash in the 's' command due to duplicate free - drop less-429-save_line_position.patch which was never accepted upstream due to solving one problem and creating others ==== librdkafka ==== Version update (1.5.3 -> 1.6.1) - update to 1.6.1: * Fatal idempotent producer errors are now also fatal to the transactional producer. This is a necessary step to maintain data integrity prior to librdkafka supporting KIP-360. Applications should check any transactional API errors for the is_fatal flag and decommission the transactional producer if the flag is set. * The consumer error raised by `auto.offset.reset=error` now has error-code set to `ERR__AUTO_OFFSET_RESET` to allow an application to differentiate between auto offset resets and other consumer errors. * Admin API and transactional `send_offsets_to_transaction()` coordinator requests, such as TxnOffsetCommitRequest, could in rare cases be sent multiple times which could cause a crash. * `ssl.ca.location=probe` is now enabled by default on Mac OSX since the librdkafka-bundled OpenSSL might not have the same default CA search paths as the system or brew installed OpenSSL. Probing scans all known locations. * Fatal idempotent producer errors are now also fatal to the transactional producer. * The transactional producer could crash if the transaction failed while `send_offsets_to_transaction()` was called. * Group coordinator requests for transactional `send_offsets_to_transaction()` calls would leak memory if the underlying request was attempted to be sent after the transaction had failed. * When gradually producing to multiple partitions (resulting in multiple underlying AddPartitionsToTxnRequests) sub-sequent partitions could get stuck in pending state under certain conditions. These pending partitions would not send queued messages to the broker and eventually trigger message timeouts, failing the current transaction. This is now fixed. * Committing an empty transaction (no messages were produced and no offsets were sent) would previously raise a fatal error due to invalid state on the transaction coordinator. We now allow empty/no-op transactions to be committed. * The consumer will now retry indefinitely (or until the assignment is changed) to retrieve committed offsets. This fixes the issue where only two retries were attempted when outstanding transactions were blocking OffsetFetch requests with `ERR_UNSTABLE_OFFSET_COMMIT`. #3265 * [KIP-429 Incremental rebalancing](https://cwiki.apache.org/confluence/display/KAFKA/KIP-429%3A+Kafka+Consumer+...) with sticky consumer group partition assignor (KIP-54) (by @mhowlett). * [KIP-480 Sticky producer partitioning](https://cwiki.apache.org/confluence/display/KAFKA/KIP-480%3A+Sticky+Partitio...) (`sticky.partitioning.linger.ms`) - achieves higher throughput and lower latency through sticky selection of random partition (by @abbycriswell). * AdminAPI: Add support for `DeleteRecords()`, `DeleteGroups()` and `DeleteConsumerGroupOffsets()` (by @gridaphobe) * [KIP-447 Producer scalability for exactly once semantics](https://cwiki.apache.org/confluence/display/KAFKA/KIP-447%3A+Producer+scalab...) - allows a single transactional producer to be used for multiple input partitions. Requires Apache Kafka 2.5 or later. * Transactional producer fixes and improvements, see **Transactional Producer fixes** below. * The [librdkafka.redist](https://www.nuget.org/packages/librdkafka.redist/) NuGet package now supports Linux ARM64/Aarch64. * Sticky producer partitioning (`sticky.partitioning.linger.ms`) is enabled by default (10 milliseconds) which affects the distribution of randomly partitioned messages, where previously these messages would be evenly distributed over the available partitions they are now partitioned to a single partition for the duration of the sticky time (10 milliseconds by default) before a new random sticky partition is selected. * The new KIP-447 transactional producer scalability guarantees are only supported on Apache Kafka 2.5 or later, on earlier releases you will need to use one producer per input partition for EOS. This limitation is not enforced by the producer or broker. * Error handling for the transactional producer has been improved, see the **Transactional Producer fixes** below for more information. * KIP-107, KIP-204: AdminAPI: Added `DeleteRecords()` (by @gridaphobe). * KIP-229: AdminAPI: Added `DeleteGroups()` (by @gridaphobe). * KIP-496: AdminAPI: Added `DeleteConsumerGroupOffsets()`. * KIP-464: AdminAPI: Added support for broker-side default partition count and replication factor for `CreateTopics()`. * Windows: Added `ssl.ca.certificate.stores` to specify a list of Windows Certificate Stores to read CA certificates from, e.g., `CA,Root`. `Root` remains the default store. * Use reentrant `rand_r()` on supporting platforms which decreases lock contention (@azat). * Added `assignor` debug context for troubleshooting consumer partition assignments. * Updated to OpenSSL v1.1.1i when building dependencies. * Update bundled lz4 (used when `./configure --disable-lz4-ext`) to v1.9.3 which has vast performance improvements. * Added `rd_kafka_conf_get_default_topic_conf()` to retrieve the default topic configuration object from a global configuration object. * Added `conf` debugging context to `debug` - shows set configuration properties on client and topic instantiation. Sensitive properties are redacted. * Added `rd_kafka_queue_yield()` to cancel a blocking queue call. * Will now log a warning when multiple ClusterIds are seen, which is an indication that the client might be erroneously configured to connect to multiple clusters which is not supported. * Added `rd_kafka_seek_partitions()` to seek multiple partitions to per-partition specific offsets. * Fix a use-after-free crash when certain coordinator requests were retried. * The C++ `oauthbearer_set_token()` function would call `free()` on a `new`-created pointer, possibly leading to crashes or heap corruption (#3194) * The consumer assignment and consumer group implementations have been decoupled, simplified and made more strict and robust. This will sort out a number of edge cases for the consumer where the behaviour was previously undefined. * Partition fetch state was not set to STOPPED if OffsetCommit failed. * The session timeout is now enforced locally also when the coordinator connection is down, which was not previously the case. * Transaction commit or abort failures on the broker, such as when the producer was fenced by a newer instance, were not propagated to the application resulting in failed commits seeming successful. This was a critical race condition for applications that had a delay after producing messages (or sendings offsets) before committing or aborting the transaction. This issue has now been fixed and test coverage improved. * The transactional producer API would return `RD_KAFKA_RESP_ERR__STATE` when API calls were attempted after the transaction had failed, we now try to return the error that caused the transaction to fail in the first place, such as `RD_KAFKA_RESP_ERR__FENCED` when the producer has been fenced, or `RD_KAFKA_RESP_ERR__TIMED_OUT` when the transaction has timed out. * Transactional producer retry count for transactional control protocol requests has been increased from 3 to infinite, retriable errors are now automatically retried by the producer until success or the transaction timeout is exceeded. This fixes the case where `rd_kafka_send_offsets_to_transaction()` would fail the current transaction into an abortable state when `CONCURRENT_TRANSACTIONS` was returned by the broker (which is a transient error) and the 3 retries were exhausted. * Calling `rd_kafka_topic_new()` with a topic config object with `message.timeout.ms` set could sometimes adjust the global `linger.ms` property (if not explicitly configured) which was not desired, this is now fixed and the auto adjustment is only done based on the `default_topic_conf` at producer creation. * `rd_kafka_flush()` could previously return `RD_KAFKA_RESP_ERR__TIMED_OUT` just as the timeout was reached if the messages had been flushed but there were now no more messages. This has been fixed. ==== os-prober ==== Version update (1.77 -> 1.78) - update to 1.78: * Remove Christian Perrier from Uploaders, with many thanks for all his contributions over the years! (Closes: #927552) * Probe microsoft OS on arm64. ==== python-cryptography ==== - Remove unnecessary %ifpython3 construct ==== python-importlib-metadata ==== Version update (3.7.0 -> 3.7.2) - update to 3.7.2: * Cleaned up cruft in entry_points docstring. * Internal refactoring to facilitate ``entry_points() -> dict`` deprecation. ==== shim-leap ==== Version update (15+git47 -> 15.4) - Update to shim to 15.4-lp152.4.8.1 from openSUSE Leap 15.2 for SBAT support (bsc#1182057) + Version: 15.4, "Wed Apr 21 05:46:19 UTC 2021" + Include the fixes for bsc#1177789, CVE-2019-14584, bsc#1177315, bsc#1175509, bsc#1173411, bsc#1177404, bsc#1174512, bsc#1184454 - Add README to note why we need shim-leap for Tumbleweed ==== sssd ==== Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap - Move sssctl command from sssd to sssd-tools package; (bsc#1184289); - Add missing /var/lib/sss/pubconf/krb5.include.d directory (bsc#1184285). - Make cifs-idmap plugin (cifs_idmap_sss.so) use update-alternatives mechanism to be able to switch between cifs-utils and sssd; (bsc#1182682). ==== usbmuxd ==== - Add usbmuxd-add-socket-option.patch: allow socket to be specified via the command line. Backported from upstream. - Add usbmuxd-add-pid-option.patch: allow the pid file to be specified via the command line. Taken from upstream. - Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for the socket and pid file (bsc#1185186). ==== vhba-kmp ==== Version update (20200106_k5.11.16_1 -> 20210418_k5.11.16_1) - Update to release 20210418 * vhba: Change how command matching and tagging is performed. * vhba: Use dynamic debugging for everything. * vhba: Handle command queue locking ourselves.