Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
Please do not reply to this email to report issues, rather file a bug
. For more information on filing bugs please
curl (7.76.0 -> 7.76.1)
less (563 -> 581)
librdkafka (1.5.3 -> 1.6.1)
os-prober (1.77 -> 1.78)
python-importlib-metadata (3.7.0 -> 3.7.2)
shim-leap (15+git47 -> 15.4)
vhba-kmp (20200106_k5.11.16_1 -> 20210418_k5.11.16_1)
=== Details ===
==== alsa-utils ====
- Suppress automatic update of alsa-info.sh (bsc#1185280):
==== apache-commons-logging ====
- Added patch
+ ignore failing tests for arm6
==== b43-fwcutter ====
- Fixed SPEC file: Replace broken URL with current upstream
==== cifs-utils ====
- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
* add 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
container; (bsc#1183239); CVE-2021-20208.
* add 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch
==== crash ====
- Fix bt command with SEV-ES (bsc#1185209)
==== curl ====
Version update (7.76.0 -> 7.76.1)
- update to 7.76.1:
- ngtcp2: Use ALPN h3-29 for now
- TODO: remove 18.22 --fail-with-body
==== intel-vaapi-driver ====
- replaced tarball with official release tarball so it matches
the updated official sha1sum checksum file
- fixed wrong source lines in specfile
- fixed sha1sum checksum file
==== less ====
Version update (563 -> 581)
- less 581:
* Change ESC-u command to toggle, not disable, highlighting per
* Add ESC-U command
* Add ctrl-W search modifier for wrapping search
* F command can be interrupted by ^X
* Support OSC 8 hyperlinks when -R is in effect
* g command with no number will ignore -j and put first line at
top of screen
* Multiple + or -p command line options are handled better
* Add the --incsearch option
* Add the --line-num-width option
* Add the --status-col-width option
* Add the --use-color and --color options
* Display -w highlight even if highlighted line is empty
* If search result is in a long line, scroll to ensure it is
* Editing the same file under different names now creates only
one entry in the file list.
* Make visual bell more visible on some terminals
* Ring end-of-file bell no more than once per second
* Build can use either Python or Perl for Makefile.aut operations
* Fix crash when using the @ search modifier.
* Fix crash in the 's' command due to duplicate free
- drop less-429-save_line_position.patch which was never accepted
upstream due to solving one problem and creating others
==== librdkafka ====
Version update (1.5.3 -> 1.6.1)
- update to 1.6.1:
* Fatal idempotent producer errors are now also fatal to the transactional
producer. This is a necessary step to maintain data integrity prior to
librdkafka supporting KIP-360. Applications should check any transactional
API errors for the is_fatal flag and decommission the transactional producer
if the flag is set.
* The consumer error raised by `auto.offset.reset=error` now has error-code
set to `ERR__AUTO_OFFSET_RESET` to allow an application to differentiate
between auto offset resets and other consumer errors.
* Admin API and transactional `send_offsets_to_transaction()` coordinator
requests, such as TxnOffsetCommitRequest, could in rare cases be sent
multiple times which could cause a crash.
* `ssl.ca.location=probe` is now enabled by default on Mac OSX since the
librdkafka-bundled OpenSSL might not have the same default CA search paths
as the system or brew installed OpenSSL. Probing scans all known locations.
* Fatal idempotent producer errors are now also fatal to the transactional
* The transactional producer could crash if the transaction failed while
`send_offsets_to_transaction()` was called.
* Group coordinator requests for transactional
`send_offsets_to_transaction()` calls would leak memory if the
underlying request was attempted to be sent after the transaction had
* When gradually producing to multiple partitions (resulting in multiple
underlying AddPartitionsToTxnRequests) sub-sequent partitions could get
stuck in pending state under certain conditions. These pending partitions
would not send queued messages to the broker and eventually trigger
message timeouts, failing the current transaction. This is now fixed.
* Committing an empty transaction (no messages were produced and no
offsets were sent) would previously raise a fatal error due to invalid state
on the transaction coordinator. We now allow empty/no-op transactions to
* The consumer will now retry indefinitely (or until the assignment is changed)
to retrieve committed offsets. This fixes the issue where only two retries
were attempted when outstanding transactions were blocking OffsetFetch
requests with `ERR_UNSTABLE_OFFSET_COMMIT`. #3265
* [KIP-429 Incremental
consumer group partition assignor (KIP-54) (by @mhowlett).
* [KIP-480 Sticky producer
achieves higher throughput and lower latency through sticky selection
of random partition (by @abbycriswell).
* AdminAPI: Add support for `DeleteRecords()`, `DeleteGroups()` and
`DeleteConsumerGroupOffsets()` (by @gridaphobe)
* [KIP-447 Producer scalability for exactly once
allows a single transactional producer to be used for multiple input
partitions. Requires Apache Kafka 2.5 or later.
* Transactional producer fixes and improvements, see **Transactional Producer fixes**
* The [librdkafka.redist](https://www.nuget.org/packages/librdkafka.redist/)
NuGet package now supports Linux ARM64/Aarch64.
* Sticky producer partitioning (`sticky.partitioning.linger.ms`) is
enabled by default (10 milliseconds) which affects the distribution of
randomly partitioned messages, where previously these messages would be
evenly distributed over the available partitions they are now partitioned
to a single partition for the duration of the sticky time
(10 milliseconds by default) before a new random sticky partition
* The new KIP-447 transactional producer scalability guarantees are only
supported on Apache Kafka 2.5 or later, on earlier releases you will
need to use one producer per input partition for EOS. This limitation
is not enforced by the producer or broker.
* Error handling for the transactional producer has been improved, see
the **Transactional Producer fixes** below for more information.
* KIP-107, KIP-204: AdminAPI: Added `DeleteRecords()` (by @gridaphobe).
* KIP-229: AdminAPI: Added `DeleteGroups()` (by @gridaphobe).
* KIP-496: AdminAPI: Added `DeleteConsumerGroupOffsets()`.
* KIP-464: AdminAPI: Added support for broker-side default partition count
and replication factor for `CreateTopics()`.
* Windows: Added `ssl.ca.certificate.stores` to specify a list of
Windows Certificate Stores to read CA certificates from, e.g.,
`CA,Root`. `Root` remains the default store.
* Use reentrant `rand_r()` on supporting platforms which decreases lock
* Added `assignor` debug context for troubleshooting consumer partition
* Updated to OpenSSL v1.1.1i when building dependencies.
* Update bundled lz4 (used when `./configure --disable-lz4-ext`) to v1.9.3
which has vast performance improvements.
* Added `rd_kafka_conf_get_default_topic_conf()` to retrieve the
default topic configuration object from a global configuration object.
* Added `conf` debugging context to `debug` - shows set configuration
properties on client and topic instantiation. Sensitive properties
* Added `rd_kafka_queue_yield()` to cancel a blocking queue call.
* Will now log a warning when multiple ClusterIds are seen, which is an
indication that the client might be erroneously configured to connect to
multiple clusters which is not supported.
* Added `rd_kafka_seek_partitions()` to seek multiple partitions to
per-partition specific offsets.
* Fix a use-after-free crash when certain coordinator requests were retried.
* The C++ `oauthbearer_set_token()` function would call `free()` on
a `new`-created pointer, possibly leading to crashes or heap corruption (#3194)
* The consumer assignment and consumer group implementations have been
decoupled, simplified and made more strict and robust. This will sort out
a number of edge cases for the consumer where the behaviour was previously
* Partition fetch state was not set to STOPPED if OffsetCommit failed.
* The session timeout is now enforced locally also when the coordinator
connection is down, which was not previously the case.
* Transaction commit or abort failures on the broker, such as when the
producer was fenced by a newer instance, were not propagated to the
application resulting in failed commits seeming successful.
This was a critical race condition for applications that had a delay after
producing messages (or sendings offsets) before committing or
aborting the transaction. This issue has now been fixed and test coverage
* The transactional producer API would return `RD_KAFKA_RESP_ERR__STATE`
when API calls were attempted after the transaction had failed, we now
try to return the error that caused the transaction to fail in the first
place, such as `RD_KAFKA_RESP_ERR__FENCED` when the producer has
been fenced, or `RD_KAFKA_RESP_ERR__TIMED_OUT` when the transaction
has timed out.
* Transactional producer retry count for transactional control protocol
requests has been increased from 3 to infinite, retriable errors
are now automatically retried by the producer until success or the
transaction timeout is exceeded. This fixes the case where
`rd_kafka_send_offsets_to_transaction()` would fail the current
transaction into an abortable state when `CONCURRENT_TRANSACTIONS` was
returned by the broker (which is a transient error) and the 3 retries
* Calling `rd_kafka_topic_new()` with a topic config object with
`message.timeout.ms` set could sometimes adjust the global `linger.ms`
property (if not explicitly configured) which was not desired, this is now
fixed and the auto adjustment is only done based on the
`default_topic_conf` at producer creation.
* `rd_kafka_flush()` could previously return `RD_KAFKA_RESP_ERR__TIMED_OUT`
just as the timeout was reached if the messages had been flushed but
there were now no more messages. This has been fixed.
==== os-prober ====
Version update (1.77 -> 1.78)
- update to 1.78:
* Remove Christian Perrier from Uploaders, with many thanks for all
his contributions over the years! (Closes: #927552)
* Probe microsoft OS on arm64.
==== python-cryptography ====
- Remove unnecessary %ifpython3 construct
==== python-importlib-metadata ====
Version update (3.7.0 -> 3.7.2)
- update to 3.7.2:
* Cleaned up cruft in entry_points docstring.
* Internal refactoring to facilitate ``entry_points() -> dict``
==== shim-leap ====
Version update (15+git47 -> 15.4)
- Update to shim to 15.4-lp18.104.22.168 from openSUSE Leap 15.2 for
SBAT support (bsc#1182057)
+ Version: 15.4, "Wed Apr 21 05:46:19 UTC 2021"
+ Include the fixes for bsc#1177789, CVE-2019-14584, bsc#1177315,
bsc#1175509, bsc#1173411, bsc#1177404, bsc#1174512, bsc#1184454
- Add README to note why we need shim-leap for Tumbleweed
==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common
- Move sssctl command from sssd to sssd-tools package; (bsc#1184289);
- Add missing /var/lib/sss/pubconf/krb5.include.d directory (bsc#1184285).
- Make cifs-idmap plugin (cifs_idmap_sss.so) use update-alternatives
mechanism to be able to switch between cifs-utils and sssd;
==== usbmuxd ====
- Add usbmuxd-add-socket-option.patch: allow socket to be
specified via the command line. Backported from upstream.
- Add usbmuxd-add-pid-option.patch: allow the pid file to be
specified via the command line. Taken from upstream.
- Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for
the socket and pid file (bsc#1185186).
==== vhba-kmp ====
Version update (20200106_k5.11.16_1 -> 20210418_k5.11.16_1)
- Update to release 20210418
* vhba: Change how command matching and tagging is performed.
* vhba: Use dynamic debugging for everything.
* vhba: Handle command queue locking ourselves.