SUSE-FU-2022:0750-1: moderate: Feature update for SUSE Manager Client Tools

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 8 17:21:25 UTC 2022


   SUSE Feature Update: Feature update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-FU-2022:0750-1
Rating:             moderate
References:         #1097531 #1181400 #1190462 #1190781 #1193357 
                    #1193565 #1193671 #1194363 #1195906 SLE-22863 
                    
Affected Products:
                    SUSE Manager Tools 12-BETA
______________________________________________________________________________

   An update that solves one vulnerability, contains one
   feature and has 8 fixes is now available.

Description:

   This feature update fixes the following issues:

   cobbler:

   - Move configuration files ownership to apache (bsc#1195906)
   - Make configuration files only readable by root (bsc#1193671,
     CVE-2021-45083)

   golang-github-prometheus-prometheus:

   - Upgrade to upstream version 2.32.1 (jsc#SLE-22863)
     + Bugfixes:
       * Scrape: Fix reporting metrics when sample limit is reached during
         the report. #9996
       * Scrape: Ensure that scrape interval and scrape timeout are always
         set. #10023
       * TSDB: Expose and fix bug in iterators' Seek() method. #10030
   - Upgrade to upstream version 2.32.0
     + Change:
       * remote-write: Change default max retry time from 100ms to 5 seconds.
         #9634
     + Features:
       * Agent: New mode of operation optimized for remote-write only
         scenarios, without local storage.
       * Promtool: Add promtool check service-discovery command. #8970
     + Enhancements:
       * Promtool: Improve test output. #8064
       * Promtool: Use kahan summation for better numerical stability.
       * Remote-write: Reuse memory for marshalling. #9412
       * Scrape: Add scrape_body_size_bytes scrape metric behind the
         --enable-feature=extra-scrape-metrics flag. #9569
       * TSDB: Add windows arm64 support. #9703
       * TSDB: Optimize query by skipping unneeded sorting in TSDB.
       * Templates: Support int and uint as datatypes for template
         formatting. #9680
       * UI: Prefer rate over rad, delta over deg, and count over cos in
         autocomplete. #9688
       * TSDB: Add more size checks when writing individual sections in the
         index. #9710
       * PromQL: Make deriv() return zero values for constant series.
       * TSDB: Fix panic when checkpoint directory is empty. #9687
       * TSDB: Fix panic, out of order chunks, and race warning during WAL
         replay. #9856
       * UI: Correctly render links for targets with IPv6 addresses that
         contain a Zone ID. #9853
       * Promtool: Fix checking of authorization.credentials_file and
         bearer_token_file fields. #9883
       * Uyuni SD: Fix null pointer exception during initialization.
       * TSDB: Fix queries after a failed snapshot replay. #9980
   - Upgrade to upstream version 2.31.1
     + Bugfix:
       * SD: Fix a panic when the experimental discovery manager receives
         targets during a reload. #9656
   - Upgrade to upstream version 2.31.0
       * UI: Remove standard PromQL editor in favour of the codemirror-based
         editor. #9452
       * PromQL: Add trigonometric functions and atan2 binary
         operator. #9239 #9248 #9515
       * Remote: Add support for exemplar in the remote write receiver
         endpoint. #9319 #9414
       * SD: Add PuppetDB service discovery. #8883
       * SD: Add Uyuni service discovery. #8190
       * Web: Add support for security-related HTTP headers. #9546
       * Azure SD: Add proxy_url, follow_redirects, tls_config. #9267
       * Backfill: Add --max-block-duration in promtool create-blocks-from
         rules. #9511
       * Config: Print human-readable sizes with unit instead of raw numbers.
         #9361
       * HTTP: Re-enable HTTP/2. #9398
       * Kubernetes SD: Warn user if number of endpoints exceeds limit. #9467
       * OAuth2: Add TLS configuration to token requests. #9550
       * PromQL: Several optimizations. #9365 #9360 #9362 #9552
       * PromQL: Make aggregations deterministic in instant queries.
       * Rules: Add the ability to limit number of alerts or series.
       * SD: Experimental discovery manager to avoid restarts upon reload.
       * UI: Debounce timerange setting changes. #9359
       * Backfill: Apply rule labels after query labels. #9421
       * Scrape: Resolve conflicts between multiple exported label prefixes.
         #9479 #9518
       * Scrape: Restart scrape loops when __scrape_interval__ is changed.
         #9551
       * TSDB: Fix memory leak in samples deletion. #9151
       * UI: Use consistent margin-bottom for all alert kinds. #9318
   - Upgrade to upstream version 2.30.3
       * TSDB: Fix panic on failed snapshot replay. #9438
       * TSDB: Don't fail snapshot replay with exemplar storage disabled when
         the snapshot contains exemplars. #9438
   - Upgrade to upstream version 2.30.2
       * TSDB: Don't error on overlapping m-mapped chunks during WAL replay.
         #9381
   - Upgrade to upstream version 2.30.1
       * Remote Write: Redact remote write URL when used for metric label.
         #9383
       * UI: Redact remote write URL and proxy URL passwords in the /config
         page. #9408
       * promtool rules backfill: Prevent creation of data before the start
         time. #9339
       * promtool rules backfill: Do not query after the end time.
       * Azure SD: Fix panic when no computername is set. #9387
   - Upgrade to upstream version 2.30.0
       * experimental TSDB: Snapshot in-memory chunks on shutdown for faster
         restarts. #7229
       * experimental Scrape: Configure scrape interval and scrape timeout
         via relabeling using __scrape_interval__ and __scrape_timeout__
         labels respectively. #8911
       * Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric.
         #9247 #9295
       * Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape
         timestamp tolerance when enabled via
         --scrape.adjust-timestamps. #9283
       * Remote Write: Improve throughput when sending exemplars.
       * TSDB: Optimise WAL loading by removing extra map and caching
         min-time #9160
       * promtool: Speed up checking for duplicate rules. #9262/#9306
       * Scrape: Reduce allocations when parsing the metrics. #9299
       * docker_sd: Support host network mode #9125
       * Exemplars: Fix panic when resizing exemplar storage from 0 to a
         non-zero size. #9286
       * TSDB: Correctly decrement prometheus_tsdb_head_active_appenders when
         the append has no samples. #9230
       * promtool rules backfill: Return 1 if backfill was unsuccessful. #9303
       * promtool rules backfill: Avoid creation of overlapping blocks. #9324
       * config: Fix a panic when reloading configuration with a null relabel
         action. #9224
   - Upgrade to upstream version 2.29.2
       * Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22.
         #9205
       * Fix data race in loading write-ahead-log (WAL). #9259
   - Upgrade to upstream version 2.29.1
       * TSDB: align atomically accessed int64 to prevent panic in 32-bit
         archs. #9192
   - Upgrade to upstream version 2.29.0
     + Changes:
       * Promote --storage.tsdb.allow-overlapping-blocks flag to stable. #9117
       * Promote --storage.tsdb.retention.size flag to stable. #9004
       * Add Kuma service discovery. #8844
       * Add present_over_time PromQL function. #9097
       * Allow configuring exemplar storage via file and make it reloadable.
         #8974
       * UI: Allow selecting time range with mouse drag. #8977
       * promtool: Add feature flags flag --enable-feature. #8958
       * promtool: Add file_sd file validation. #8950
       * Reduce blocking of outgoing remote write requests from series
         garbage collection. #9109
       * Improve write-ahead-log decoding performance. #9106
       * Improve append performance in TSDB by reducing mutexes usage.
       * Allow configuring max_samples_per_send for remote write metadata.
         #8959
       * Add __meta_gce_interface_ipv4_<name> meta label to GCE discovery.
         #8978
       * Add __meta_ec2_availability_zone_id meta label to EC2 discovery.
         #8896
       * Add __meta_azure_machine_computer_name meta label to Azure
         discovery. #9112
       * Add __meta_hetzner_hcloud_labelpresent_<labelname> meta label to
         Hetzner discovery. #9028
       * promtool: Add compaction efficiency to promtool tsdb analyze
         reports. #8940
       * promtool: Allow configuring max block duration for backfilling via
         --max-block-duration flag. #8919
       * UI: Add sorting and filtering to flags page. #8988
       * UI: Improve alerts page rendering performance. #9005
       * Log when total symbol size exceeds 2^32 bytes, causing compaction to
         fail, and skip compaction. #9104
       * Fix incorrect target_limit reloading of zero value. #9120
       * Fix head GC and pending readers race condition. #9081
       * Fix timestamp handling in OpenMetrics parser. #9008
       * Fix potential duplicate metrics in /federate endpoint when
         specifying multiple matchers. #8885
       * Fix server configuration and validation for authentication via
         client cert. #9123
       * Allow start and end again as label names in PromQL queries. They
         were disallowed since the introduction of @ timestamp feature. #9119
   - Upgrade to upstream version 2.28.1
       * HTTP SD: Allow charset specification in Content-Type header.
       * HTTP SD: Fix handling of disappeared target groups. #9019
       * Fix incorrect log-level handling after moving to go-kit/log.
   - Upgrade to upstream version 2.28.0
       * UI: Make the new experimental PromQL editor the default.
       * Linode SD: Add Linode service discovery. #8846
       * HTTP SD: Add generic HTTP-based service discovery. #8839
       * Kubernetes SD: Allow configuring API Server access via a kubeconfig
         file. #8811
       * UI: Add exemplar display support to the graphing interface.
       * Consul SD: Add namespace support for Consul Enterprise. #8900
       * Promtool: Allow silencing output when importing / backfilling data.
         #8917
       * Consul SD: Support reading tokens from file. #8926
       * Rules: Add a new .ExternalURL alert field templating variable,
         containing the external URL of the Prometheus server. #8878
       * Scrape: Add experimental body_size_limit scrape configuration
         setting to limit the allowed response body size for target scrapes.
         #8833 #8886
       * Kubernetes SD: Add ingress class name label for ingress discovery.
         #8916
       * UI: Show a startup screen with progress bar when the TSDB is not
         ready yet. #8662 #8908 #8909 #8946
       * SD: Add a target creation failure counter
         prometheus_target_sync_failed_total and improve target creation
         failure handling. #8786
       * TSDB: Improve validation of exemplar label set length. #8816
       * TSDB: Add a prometheus_tsdb_clean_start metric that indicates
         whether a TSDB lockfile from a previous run still existed upon
         startup. #8824
       * UI: In the experimental PromQL editor, fix autocompletion and
         parsing for special float values and improve series metadata
         fetching. #8856
       * TSDB: When merging chunks, split resulting chunks if they would
         contain more than the maximum of 120 samples. #8582
       * SD: Fix the computation of the prometheus_sd_discovered_targets
         metric when using multiple service discoveries. #8828
   - Added hardening to systemd service(s) (bsc#1181400). Modified:

   mgr-cfg:

   - Version 4.3.4-1
     * Fix installation problem for SLE15SP4 due missing python-selinux

   salt:

   - Fix inspector module export function (bsc#1097531)
   - Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
   - Fix possible traceback on ip6_interface grain (bsc#1193565)
   - Don't check for cached pillar errors on state.apply (bsc#1190781)
   - Simplify "transactional_update" module to not use SSH wrapper and allow
     more flexible execution
   - Add "--no-return-event" option to salt-call to prevent sending return
     event back to master.
   - Make "state.highstate" to acts on concurrent flag.

   spacecmd:

   - Version 4.3.7-1
     * Include group formulas configuration in spacecmd group_backup and
       spacecmd group_restore. This changes backup format to json, previously
       used plain text is still supported for reading (bsc#1190462)
     * Fix interactive mode for "system_applyerrata" and "errata_apply"
       (bsc#1194363)
   - Version 4.3.6-1
     * Update translation strings

   spacewalk-client-tools:

   - Version 4.3.6-1
     * Update translation strings


Patch Instructions:

   To install this SUSE Feature Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12-BETA:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-750=1



Package List:

   - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):

      golang-github-prometheus-prometheus-2.32.1-4.24.1
      python2-salt-3000-53.5.1
      python3-salt-3000-53.5.1
      salt-3000-53.5.1
      salt-doc-3000-53.5.1
      salt-minion-3000-53.5.1

   - SUSE Manager Tools 12-BETA (noarch):

      koan-2.6.6-52.12.1
      mgr-cfg-4.3.4-4.21.1
      mgr-cfg-actions-4.3.4-4.21.1
      mgr-cfg-client-4.3.4-4.21.1
      mgr-cfg-management-4.3.4-4.21.1
      python2-mgr-cfg-4.3.4-4.21.1
      python2-mgr-cfg-actions-4.3.4-4.21.1
      python2-mgr-cfg-client-4.3.4-4.21.1
      python2-mgr-cfg-management-4.3.4-4.21.1
      python2-spacewalk-check-4.3.6-55.39.1
      python2-spacewalk-client-setup-4.3.6-55.39.1
      python2-spacewalk-client-tools-4.3.6-55.39.1
      spacecmd-4.3.7-41.33.1
      spacewalk-check-4.3.6-55.39.1
      spacewalk-client-setup-4.3.6-55.39.1
      spacewalk-client-tools-4.3.6-55.39.1


References:

   https://www.suse.com/security/cve/CVE-2021-45083.html
   https://bugzilla.suse.com/1097531
   https://bugzilla.suse.com/1181400
   https://bugzilla.suse.com/1190462
   https://bugzilla.suse.com/1190781
   https://bugzilla.suse.com/1193357
   https://bugzilla.suse.com/1193565
   https://bugzilla.suse.com/1193671
   https://bugzilla.suse.com/1194363
   https://bugzilla.suse.com/1195906



More information about the sle-updates mailing list