Packages changed:
  alsa-utils
  apache-commons-logging
  b43-fwcutter
  cifs-utils
  crash
  curl (7.76.0 -> 7.76.1)
  intel-vaapi-driver
  less (563 -> 581)
  librdkafka (1.5.3 -> 1.6.1)
  os-prober (1.77 -> 1.78)
  python-cryptography
  python-importlib-metadata (3.7.0 -> 3.7.2)
  shim-leap (15+git47 -> 15.4)
  sssd
  usbmuxd
  vhba-kmp (20200106_k5.11.16_1 -> 20210418_k5.11.16_1)

=== Details ===

==== alsa-utils ====

- Suppress automatic update of alsa-info.sh (bsc#1185280):
  alsa-info-no-update-for-distro-script.patch

==== apache-commons-logging ====

- Added patch
  * no-tests.patch
    + ignore failing tests for arm6

==== b43-fwcutter ====

- Fixed SPEC file: Replace broken URL with current upstream

==== cifs-utils ====

- cifs.upcall: fix regression in kerberos mount; (bsc#1184815).
  * add 0001-cifs.upcall-fix-regression-in-kerberos-mount.patch
- CVE-2021-20208: cifs-utils: cifs.upcall kerberos auth leak in
  container; (bsc#1183239); CVE-2021-20208.
  * add 0001-cifs.upcall-try-to-use-container-ipc-uts-net-pid-mnt.patch

==== crash ====

- Fix bt command with SEV-ES (bsc#1185209)
  + crash-x86_64-VC-exception-stack-support.patch

==== curl ====
Version update (7.76.0 -> 7.76.1)
Subpackages: libcurl4

- update to 7.76.1:
  - ngtcp2: Use ALPN h3-29 for now
  - TODO: remove 18.22 --fail-with-body

==== intel-vaapi-driver ====

- replaced tarball with official release tarball so it matches
  the updated official sha1sum checksum file
- fixed wrong source lines in specfile
- fixed sha1sum checksum file

==== less ====
Version update (563 -> 581)

- less 581:
  * Change ESC-u command to toggle, not disable, highlighting per
    man page
  * Add ESC-U command
  * Add ctrl-W search modifier for wrapping search
  * F command can be interrupted by ^X
  * Support OSC 8 hyperlinks when -R is in effect
  * g command with no number will ignore -j and put first line at
    top of screen
  * Multiple + or -p command line options are handled better
  * Add the --incsearch option
  * Add the --line-num-width option
  * Add the --status-col-width option
  * Add the --use-color and --color options
  * Display -w highlight even if highlighted line is empty
  * If search result is in a long line, scroll to ensure it is
    visible
  * Editing the same file under different names now creates only
    one entry in the file list.
  * Make visual bell more visible on some terminals
  * Ring end-of-file bell no more than once per second
  * Build can use either Python or Perl for Makefile.aut operations
  * Fix crash when using the @ search modifier.
  * Fix crash in the 's' command due to duplicate free
- drop less-429-save_line_position.patch which was never accepted
  upstream due to solving one problem and creating others

==== librdkafka ====
Version update (1.5.3 -> 1.6.1)

- update to 1.6.1:
  * Fatal idempotent producer errors are now also fatal to the transactional
  producer. This is a necessary step to maintain data integrity prior to
  librdkafka supporting KIP-360. Applications should check any transactional
  API errors for the is_fatal flag and decommission the transactional producer
  if the flag is set.
  * The consumer error raised by `auto.offset.reset=error` now has error-code
  set to `ERR__AUTO_OFFSET_RESET` to allow an application to differentiate
  between auto offset resets and other consumer errors.
  * Admin API and transactional `send_offsets_to_transaction()` coordinator
  requests, such as TxnOffsetCommitRequest, could in rare cases be sent
  multiple times which could cause a crash.
  * `ssl.ca.location=probe` is now enabled by default on Mac OSX since the
  librdkafka-bundled OpenSSL might not have the same default CA search paths
  as the system or brew installed OpenSSL. Probing scans all known locations.
  * Fatal idempotent producer errors are now also fatal to the transactional
  producer.
  * The transactional producer could crash if the transaction failed while
  `send_offsets_to_transaction()` was called.
  * Group coordinator requests for transactional
  `send_offsets_to_transaction()` calls would leak memory if the
  underlying request was attempted to be sent after the transaction had
  failed.
  * When gradually producing to multiple partitions (resulting in multiple
  underlying AddPartitionsToTxnRequests) sub-sequent partitions could get
  stuck in pending state under certain conditions. These pending partitions
  would not send queued messages to the broker and eventually trigger
  message timeouts, failing the current transaction. This is now fixed.
  * Committing an empty transaction (no messages were produced and no
  offsets were sent) would previously raise a fatal error due to invalid state
  on the transaction coordinator. We now allow empty/no-op transactions to
  be committed.
  * The consumer will now retry indefinitely (or until the assignment is changed)
  to retrieve committed offsets. This fixes the issue where only two retries
  were attempted when outstanding transactions were blocking OffsetFetch
  requests with `ERR_UNSTABLE_OFFSET_COMMIT`. #3265
  * [KIP-429 Incremental rebalancing](https://cwiki.apache.org/confluence/display/KAFKA/KIP-429%3A+Kafka+Consumer+Incremental+Rebalance+Protocol) with sticky
  consumer group partition assignor (KIP-54) (by @mhowlett).
  * [KIP-480 Sticky producer partitioning](https://cwiki.apache.org/confluence/display/KAFKA/KIP-480%3A+Sticky+Partitioner) (`sticky.partitioning.linger.ms`) -
  achieves higher throughput and lower latency through sticky selection
  of random partition (by @abbycriswell).
  * AdminAPI: Add support for `DeleteRecords()`, `DeleteGroups()` and
  `DeleteConsumerGroupOffsets()` (by @gridaphobe)
  * [KIP-447 Producer scalability for exactly once semantics](https://cwiki.apache.org/confluence/display/KAFKA/KIP-447%3A+Producer+scalability+for+exactly+once+semantics) -
  allows a single transactional producer to be used for multiple input
  partitions. Requires Apache Kafka 2.5 or later.
  * Transactional producer fixes and improvements, see **Transactional Producer fixes** below.
  * The [librdkafka.redist](https://www.nuget.org/packages/librdkafka.redist/)
  NuGet package now supports Linux ARM64/Aarch64.
  * Sticky producer partitioning (`sticky.partitioning.linger.ms`) is
  enabled by default (10 milliseconds) which affects the distribution of
  randomly partitioned messages, where previously these messages would be
  evenly distributed over the available partitions they are now partitioned
  to a single partition for the duration of the sticky time
  (10 milliseconds by default) before a new random sticky partition
  is selected.
  * The new KIP-447 transactional producer scalability guarantees are only
  supported on Apache Kafka 2.5 or later, on earlier releases you will
  need to use one producer per input partition for EOS. This limitation
  is not enforced by the producer or broker.
  * Error handling for the transactional producer has been improved, see
  the **Transactional Producer fixes** below for more information.
  * KIP-107, KIP-204: AdminAPI: Added `DeleteRecords()` (by @gridaphobe).
  * KIP-229: AdminAPI: Added `DeleteGroups()` (by @gridaphobe).
  * KIP-496: AdminAPI: Added `DeleteConsumerGroupOffsets()`.
  * KIP-464: AdminAPI: Added support for broker-side default partition count
  and replication factor for `CreateTopics()`.
  * Windows: Added `ssl.ca.certificate.stores` to specify a list of
  Windows Certificate Stores to read CA certificates from, e.g.,
  `CA,Root`. `Root` remains the default store.
  * Use reentrant `rand_r()` on supporting platforms which decreases lock
  contention (@azat).
  * Added `assignor` debug context for troubleshooting consumer partition
  assignments.
  * Updated to OpenSSL v1.1.1i when building dependencies.
  * Update bundled lz4 (used when `./configure --disable-lz4-ext`) to v1.9.3
  which has vast performance improvements.
  * Added `rd_kafka_conf_get_default_topic_conf()` to retrieve the
  default topic configuration object from a global configuration object.
  * Added `conf` debugging context to `debug` - shows set configuration
  properties on client and topic instantiation. Sensitive properties
  are redacted.
  * Added `rd_kafka_queue_yield()` to cancel a blocking queue call.
  * Will now log a warning when multiple ClusterIds are seen, which is an
  indication that the client might be erroneously configured to connect to
  multiple clusters which is not supported.
  * Added `rd_kafka_seek_partitions()` to seek multiple partitions to
  per-partition specific offsets.
  * Fix a use-after-free crash when certain coordinator requests were retried.
  * The C++ `oauthbearer_set_token()` function would call `free()` on
  a `new`-created pointer, possibly leading to crashes or heap corruption (#3194)
  * The consumer assignment and consumer group implementations have been
  decoupled, simplified and made more strict and robust. This will sort out
  a number of edge cases for the consumer where the behaviour was previously
  undefined.
  * Partition fetch state was not set to STOPPED if OffsetCommit failed.
  * The session timeout is now enforced locally also when the coordinator
  connection is down, which was not previously the case.
  * Transaction commit or abort failures on the broker, such as when the
  producer was fenced by a newer instance, were not propagated to the
  application resulting in failed commits seeming successful.
  This was a critical race condition for applications that had a delay after
  producing messages (or sendings offsets) before committing or
  aborting the transaction. This issue has now been fixed and test coverage
  improved.
  * The transactional producer API would return `RD_KAFKA_RESP_ERR__STATE`
  when API calls were attempted after the transaction had failed, we now
  try to return the error that caused the transaction to fail in the first
  place, such as `RD_KAFKA_RESP_ERR__FENCED` when the producer has
  been fenced, or `RD_KAFKA_RESP_ERR__TIMED_OUT` when the transaction
  has timed out.
  * Transactional producer retry count for transactional control protocol
  requests has been increased from 3 to infinite, retriable errors
  are now automatically retried by the producer until success or the
  transaction timeout is exceeded. This fixes the case where
  `rd_kafka_send_offsets_to_transaction()` would fail the current
  transaction into an abortable state when `CONCURRENT_TRANSACTIONS` was
  returned by the broker (which is a transient error) and the 3 retries
  were exhausted.
  * Calling `rd_kafka_topic_new()` with a topic config object with
  `message.timeout.ms` set could sometimes adjust the global `linger.ms`
  property (if not explicitly configured) which was not desired, this is now
  fixed and the auto adjustment is only done based on the
  `default_topic_conf` at producer creation.
  * `rd_kafka_flush()` could previously return `RD_KAFKA_RESP_ERR__TIMED_OUT`
  just as the timeout was reached if the messages had been flushed but
  there were now no more messages. This has been fixed.

==== os-prober ====
Version update (1.77 -> 1.78)

- update to 1.78:
  * Remove Christian Perrier from Uploaders, with many thanks for all
    his contributions over the years! (Closes: #927552)
  * Probe microsoft OS on arm64.

==== python-cryptography ====

- Remove unnecessary %ifpython3 construct

==== python-importlib-metadata ====
Version update (3.7.0 -> 3.7.2)

- update to 3.7.2:
  * Cleaned up cruft in entry_points docstring.
  * Internal refactoring to facilitate ``entry_points() -> dict``
    deprecation.

==== shim-leap ====
Version update (15+git47 -> 15.4)

- Update to shim to 15.4-lp152.4.8.1 from openSUSE Leap 15.2 for
  SBAT support (bsc#1182057)
  + Version: 15.4, "Wed Apr 21 05:46:19 UTC 2021"
  + Include the fixes for bsc#1177789, CVE-2019-14584, bsc#1177315,
    bsc#1175509, bsc#1173411, bsc#1177404, bsc#1174512, bsc#1184454
- Add README to note why we need shim-leap for Tumbleweed

==== sssd ====
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-32bit sssd-krb5-common sssd-ldap

- Move sssctl command from sssd to sssd-tools package; (bsc#1184289);
- Add missing /var/lib/sss/pubconf/krb5.include.d directory (bsc#1184285).
- Make cifs-idmap plugin (cifs_idmap_sss.so) use update-alternatives
  mechanism to be able to switch between cifs-utils and sssd;
  (bsc#1182682).

==== usbmuxd ====

- Add usbmuxd-add-socket-option.patch: allow socket to be
  specified via the command line. Backported from upstream.
- Add usbmuxd-add-pid-option.patch: allow the pid file to be
  specified via the command line. Taken from upstream.
- Add usbmuxd-run-dir.patch: use /run, rather than /var/run, for
  the socket and pid file (bsc#1185186).

==== vhba-kmp ====
Version update (20200106_k5.11.16_1 -> 20210418_k5.11.16_1)

- Update to release 20210418
  * vhba: Change how command matching and tagging is performed.
  * vhba: Use dynamic debugging for everything.
  * vhba: Handle command queue locking ourselves.