- apparmor
-
- Fix deny exec of rpc_witness; (bsc#1225811).
* add apparmor-rpcd-witness.patch
- Add some misc fixes for samba-4.21.x denies; (bsc#1259441).
* add samba-misc-rpcd-spoolss.patch
- bind
-
- Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805, bind-9.18-CVE-2026-1519.patch]
- cloud-init
-
- Fix dependency replace -serial with -pyserial
- Drop unneeded test dependency on httpretty, fixed long ago
* https://github.com/canonical/cloud-init/pull/1720
- Update to version 25.1.3 (bsc#1245401,bsc#1245403)
+ Forward port
- cloud-init-no-openstack-guess.patch
+ docs: provide example3 for PAM and ssh_pwauth behavior (#27)
+ fix: Make hotplug socket writable only by root (#25) (CVE-2024-11584)
+ fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607)
(CVE-2024-6174)
From 25.1.2
+ fix: ensure MAAS datasource retries on failure (#6167)
- Update to version 25.1.1 (bsc#1239715,jsc#PED-8680,bsc#1228414)
+ Removed included upstream
- pep-594-drop-pipes.patch
- cloud-init-fix-python313.patch
- cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch
- cloud-init-direxist.patch
- cloud-init-wait-for-net.patch
- cloud-init-usr-sudoers.patch
- cloud-init-no-nmcfg-needed.patch
- cloud-init-keep-flake.patch
- cloud-init-lint-fixes.patch
- cloud-init-pckg-reboot.patch
- cloud-init-ds-deterministic.patch
- cloud-init-write-routes.patch
- cloud-init-skip-empty-conf.patch
+ Forward port
- cloud-init-no-tempnet-oci.patch
- cloud-init-no-openstack-guess.patch
- cloud-init-lint-set-interpreter.patch
+ Add
- cloud-init-ssh-usrmerge.patch (bsc#1237764)
- cloud-init-lint-set-interpreter.patch
- cloud-init-lint-fix.patch
- cloud-init-no-single-process.patch
- cloud-init-needs-action.patch
+ Drop hidesensitivedata in 16 & greater
+ test: pytestify cc_chef tests, add migration test
+ chef: migrate files in old config directories for backups and cache
+ fix: correct the path for Chef's backups (#5994)
+ fix(Azure): don't reraise FileNotFoundError during ephemeral setup (#6113)
+ fix(azure): handle unexpected exceptions during obtain_lease() (#6092)
[Ksenija Stanojevic]
+ Allow to set mac_address for VLAN subinterface (#6081)
[jumpojoy] (GH: 5364)
+ fix: Remove erroneous EC2 reference from 503 warning (#6077)
+ fix: NM reload and bring up individual network conns (#6073) [Ani Sinha]
+ fix: stop warning on dual-stack request failure (#6044)
+ fix: install_method: pip cannot find ansible-pull command path (#6021)
[Hasan Aliyev] (GH: 5720)
+ fix: Fix DataSourceAliYun exception_cb signature (#6068) (GH: 6066)
+ fix: Update OauthUrlHelper to use readurl exception_cb signature
(GH: 6065)
+ test: add OauthUrlHelper tests
+ test: Remove CiTestCase from test_url_helper.py
+ test: pytestify test_url_helper.py
+ fix: track more removed modules (#6043)
- From 25.1
+ ci: fix post-merge packaging CI (#6038)
+ feat(azure): Fix imds-based ssh_pwauth (#6002) [Ksenija Stanojevic]
+ ci: check for sorted patches (#6036)
+ feat: aliyun datasource support crawl metadata at once (#5942)
[jinkangkang]
+ docs: document /usr merge breaking change (#6032)
+ test: Add integration test for /var mounts (#6033)
+ test: Ensure pre-24.2 custom modules work (#6034)
+ doc: Update references to older keys (#6022) [Pedro Ribeiro]
+ fix: untyped-defs in tests/unittests/{config, net, sources} (#6023)
[Romain]
+ fix: don't reference PR in post-merged CI (#6019)
+ chore: explicitly skip broken ansible integration tests (#5996) [a-dubs]
+ tests(oracle): fix test_install_missing_deps apt race condition (#5996)
[a-dubs]
+ test(oracle): fix test_ubuntu_drivers_installed (#5996) [a-dubs]
+ test(oracle): fix test_frequency_override integration test (#5996)
[a-dubs]
+ chore: add type hint to IntegrationCloud's cloud_instance field (#5996)
[a-dubs]
+ test(oracle): fix modules/test_lxd.py::test_storage_lvm on noble (#5996)
[a-dubs]
+ commit 9e591fff266be9d4c83f74ec02a717b74993304d [a-dubs]
+ net/sysconfig: do not remove all existing settings of
/etc/sysconfig/network (#5991) [Ani Sinha] (GH: 5990)
+ fix: remove wrong return when checking if network necessary (#6013)
+ fix: typing for rsyslog, ubuntu_pro, power_state_change (#5985)
[MostafaTarek124eru]
+ fix: Retry on OpenStack HTTP status codes (#5943) [weiyang] (GH: 5687)
+ fix: Ensure fqdn is treated as string in get_hostname_fqdn (#5993)
[MKhatibzadeh] (GH: 5989)
+ feat(vmware): Convert imc network config to v2 (#5937) [PengpengSun]
+ ci: add upstream post-merge test
+ ci: check if upstream commit causes ubuntu patch conflicts
+ ci: organize cla tests together
+ test: eliminate obsolete cases, add non-error case
+ chore: remove redundant manual schema validation
+ doc: clarify subiquity docs
+ chore: cleanup `len' usage (#5956) [Shreenidhi Shedi]
+ Fix: GCE _get_data crashes if DHCP lease fails (#5998) [Bryan Fraschetti]
+ Fixes GH-5997
+ fix: correct the path for Chef's cache (#5994)
[MostafaTarek124eru] (GH: 5090)
+ fix: Run ansible with run_user instead of root for distro install_method
(#5986) [Amirhossein Shaerpour] (GH: 4092)
+ fix: retry AWS hotplug for async IMDS (#5995) (GH: 5373)
+ feat(integration_tests): add optional INSTANCE_TYPE setting (#5988)
[Alec Warren]
+ feat(integration-tests): set boto3 and botocore to INFO to prevent
log spamming [a-dubs]
+ ci: add 'tox -e integration-tests-fast' command [a-dubs]
+ chore: Add feature flag for manual network waiting (#5977)
+ Release 24.4.1
+ fix: Use /usr/lib/ rather than /lib in packaging code (#5970)
+ Use log_with_downgradable_level for user password warnings (#5927)
[Ani Sinha]
+ doc: change to hyphenated keys (#5909) (GH: 5555)
+ fix: Wait for udev on openstack (#5947) [Robert Schweikert] (GH: 4125)
+ test: disambiguate resource cleanup from test failure (#5926)
+ fix: use program name of netcat as installed by upstream, "nc" (#5933)
(#5933) [Andreas K. Hüttel]
+ ci: bump canonical/setup-lxd to version v0.1.2 (#5948)
+ feat(cc_chef): Allow change of Chef configuration file (#5925)
[Sean Smith]
+ docs: fix typo in generated file in LXD tutorial (#5941) [Pavel Shpak]
+ feat: Identify Samsung Cloud Platform as OpenStack (#5924) [us0310306]
+ fix: don't deadlock when starting network service with systemctl (#5935)
+ feat: Custom keys for apt archives (#5828) [Bryan Fraschetti] (GH: 5473)
+ test: improve test initialization error path (#5920)
+ chore: improve logging when lxd detection fails (#5919)
+ fix: Add "manual" to allowed subnet types (#5875)
[Math Marchand] (GH: 5769)
+ fix: remove bad ssh_svcname setting for Gentoo/OpenRC (#5918)
[Andreas K. Hüttel]
+ feat(gentoo): Add compatibility for Gentoo with systemd (#5918)
[Andreas K. Hüttel]
+ fix(ovf): no warning should be log when rpctool found no value (#5915)
[PengpengSun] (GH: 5914)
+ Move DS VMware to be in front of DS OVF (#5912) [PengpengSun] (GH: 4030)
+ ci: Add proper 'Breaks: ' to integration testing simple deb (#5923)
+ chore: Add akhuettel to CLA signers file (#5917) [Andreas K. Hüttel]
+ chore: eliminate calls at import time (#5889) (GH: 5344)
+ test: Add pyserial to test-requirements.txt (#5907)
+ test: Allow unknown size in growpart test (#5876)
+ doc: Update tutorials [Sally]
+ fix: bump azure key size to 3072 (#5841)
24.4.1
+ fix: Ensure _should_wait_via_user_data() handles all user data types (#5976)
+ fix: Don't log error in wait_for_url (#5972)
+ feat(url_helper): Retry on 503 error (#5938)
+ fix: Don't break modules that use get_meta_doc() (#5953)
+ refactor: Pass deprecation log args as tuple (#5953)
+ fix: uninstall custom signal handlers before shutdown (#5913)
24.4
+ test: Ensure unit ordering in ftp tests includes downstream units (#5892)
+ test: re-decrement expected webhook events (#5894)
+ test: allow relative path in apt-get test (#5891)
+ Fix metric setting of nmconnection for rhel (#5878) [Amy Chen]
+ chore: remove unused code(#5887)
+ feat(ephemeral): replace old has_url_connectivity() with new
_check_connectivity_to_imds() [a-dubs]
+ feat(oracle): add true single stack ipv6 support [a-dubs]
+ feat(ephemeral): refactor ephemeralIP and add ipv6 connectivity check
[a-dubs]
+ test: Decrement expected webhook events (#5888)
+ chore: remove `--docs` option from `cloud-init schema` (#5857) (GH: 5756)
+ test: pytestify "tests/unittests/config/test_cc_timezone.py" (#5885)
[Mahesh Ghumare]
+ ci: bump integration tests to use plucky
+ test: add grub_dpkg to inactive modules
+ test: move default behavior tests into their own module
+ test(apt): add plucky version for hello pkg (#5883)
+ Docs: improved mermaid diagram for better visibility. Add "MaheshG11"
as contributor (#5874) [Mahesh Ghumare] (GH: 5837)
+ fix(ntp): Fix RockyLinux OS support (#5864) [Sid Shukla]
+ chore(jsonschema): migrate from deprecated Validator.iter_errors (#5856)
+ chore: remove deprecation warning getting jsonschema's version (#5856)
+ chore: use filter arg for tar.extractall (#5856)
+ chore: remove __init__ from pytest test class (#5856)
+ chore: do not test element's truth value directly (#5856)
+ chore: migrate from deprecated datetime.datetime.utcfromtimestamp (#5856)
+ chore: migrate from deprecated datetime.datetime.utcnow() (#5856)
+ chore: set recursive=False for ensure_dir if parent path is "/" (#5816)
[sxt1001]
+ ci: fix broken daily dependencies (#5867)
+ ci: fix packaging tests (#5865)
+ feat(vultr): add override for network interface detection (#5847)
[Andrew Davis]
+ feat(networkd): Support RequiredForOnline option (#5852) [Dan McGregor]
+ Prevent NM from handling DNS when network interfaces have DNS config
(#5846) [Ani Sinha]
+ fix(smartos): Add `addrconf` IPv6 support (#5831)
[blackhelicoptersdotnet]
+ freebsd: adjust to match the new pyyaml package name (#5844)
[Gonéri Le Bouder]
+ fix: disable grub-dpkg by default (#5840)
+ fix(openbsd): Enable sysv init scripts in OpenBSD build script (#5790)
[Hyacinthe Cartiaux] (LP: 4036, #1992853)
+ test: Fix duplicate judgment conditions in password generation (#5835)
[sxt1001]
+ chore: don't render non-templated unit files (#5830)
+ chore: simplify and standardize cloud-final.service (#5830)
+ chore: simplify Conflicts=shutdown.target (#5830)
+ chore: remove redundant Before=NetworkManager.service (#5830)
+ chore: remove unnecessary systemd settings (#5830)
+ chore: eliminate redundant ordering dependencies (#5819)
+ fix: fix ordering cycle for distros with default deps (#5819) (GH: 5755)
+ test: unbreak pytest-xdist (#5829)
+ feat: Conditionally remove networkd online dependency on Ubuntu (#5772)
+ feat: Ensure random passwords contain multiple character types (#5815)
[sxt1001] (GH: 5814)
+ docs: split example page into example library (#5645) [Sally]
+ doc: clarify workarounds required for single process changes (#5817)
+ chore: add 3.13 to PR CI runs, 3.14 to scheduled (#5825)
+ fix: Render v2 bridges correctly on network-manager with set-name
(#5740) (GH: 5717)
+ test: add no_thinpool unit test (#5802)
+ chore: split lxd init config into separate function (#5802)
+ test: pytestify test_cc_lxd.py (#5802)
+ fix: Correctly handle missing thinpool in cc_lxd (#5802)
+ fix: Render bridges correctly for v2 on sysconfig with set-name (#5674)
(GH: 5574)
+ tests(minimal): rsyslog not in minimal images expect warning (#5811)
+ tests(lxd): avoid failure on multiple calls to --show-log (#5811)
+ chore: update netplan import semantics and related tests (#5805)
(GH: 5804)
+ lint: fix untyped-defs on /tests/unittest/cmd (#5800) [iru]
+ test: actually use devel release and verify_clean_boot enhancements
(#5801)
+ feat(locale): locales install on minimal images when cfg requests (#5799)
+ feat(byobu): support byobu install on minimal images when cfg requests
(#5799)
+ chore: Use devel release and no sbuild in integration CI (#5798)
+ test: Update integration tests from netplan backport (#5796)
+ test: add get_syslog_or_console for minimal images without syslog (#5793)
+ chore: Remove resize_root_tmp from cloud.cfg.tmpl (#5795) (GH: 5786)
+ docs: Fix field name from `contents` to `content` (#5787) [Igor Akkerman]
+ chore: bump pycloudlib to required version (#5792)
+ fix: avoid deprecation logs for calling cli stages (#5770) (GH: 5726)
+ tests: bump pycloudlib deps to include gce bug fix for id str (#5783)
+ fix(test): convert use p.gce.instance.id instead of instance_id (#5783)
+ fix(network-manager): bond properties and network schema (#5768)
[Denis Kadyshev]
+ Fix metric setting for ifcfg network connections for rhel (#5777)
[Ani Sinha] (GH: 5776)
+ fix(akamai): handle non-string user data in base64 decoding (#5751)
[Jesse Alter]
+ fix(ci): do not auto stale issues (#5775)
+ Make pytest more verbose for easier debugging (#5778) [Ani Sinha]
+ ci: fix tox.ini pytest cmd to use cloudinit dir for coverage reporting
(#5774) [Alec Warren]
+ tests: add OS_IMAGE_TYPE setting to allow for minimal tests (#5682)
+ test(hotplug): Simplify test_multi_nic_hotplug (#5763)
+ test(hotplug): increase nc timeout (#5763)
+ test: pytestify test_main.py (#5758)
+ test(ec2-dual-stack): fix int-test (#5762)
+ test: make verify_clean_boot really respect return code (#5761)
+ test: bump timeout in test_order (#5759)
+ docs: Properly document the cc_ubuntu_autoinstall module (#5757)
+ docs: fix WSL tutorial (#5752) (GH: 5746)
+ test: make verify_clean_boot respect return code by environment (#5754)
+ feat(integration_test): add CLOUD_INIT_PKG setting (#5739)
+ fix(ci): fix packaging check merge operation (#5750)
+ doc: do not document user.meta-data key (#5745)
+ test: avoid undocumented lxd key (#5748)
+ test: Refactor test_cc_set_hostname.py and test_cc_ntp.py (#5727)
+ chore: update docs URLs to cloud-init.io (#5741)
+ test: fix timer logging change expected logs (#5734)
+ fix: type annotations for several modules (#5733)
+ chore: add timer to io and string manipulation code
+ feat: add log package and performance module
+ remove newline injected for cloud-init status --wait (#5700)
[Andrew Nelson] (GH: 5863)
+ test: webhook require_deprecation msg on 24.3 (#5731)
+ test: fix test_nocloud message typo introduced by 313390f8 (#5731)
+ test: Fix test_log_message_on_missing_version_file (#5730)
+ tests: assert info level warnings instead of require_deprecation
+ tests: fix test to ignore_warnings not require Used fallback ds
+ chore: clean up pytest warnings (#5721)
+ tests(pro): bump pycloudlib add noble release to pro tests (#5719)
+ fix(hotplugd.socket): remove basic.target as dependency (#5722)
(LP: #2081124)
+ ci: fix integration test positional argument (#5718)
+ Create datasource for CloudCIX (#1351) [BrianKelleher]
+ ci: colorize output (#5716)
+ fix(schema): Allow for locale: false in schema add tests (#5647)
+ ci: fix packaging patch check (#5713)
+ chore: clean up old pickle workaround (#5714)
+ fix: force sftp cleanup when done with instance (#5698)
+ test(hotplug): reenable vpc test in focal (#5492)
+ chore: fix typing of userdata_raw (#5710)
+ fix(NetworkManager): Fix network activator (#5620)
+ fix: lxd do not check for thinpool kernel module (#5709)
+ docs: fix typo in docstring (#5708)
+ Scaleway: Force on-link: true for static networks (#5654)
[Louis Bouchard] (LP: 5523, #2073869)
+ fix: Invalid "seedfrom" in NoCloud system configuration (#5701)
+ tests: pytestify test_nocloud.py (#5701)
+ test: make verify_clean_boot respect return code by series (#5695)
+ fix: use cross-distro netcat name (#5696)
+ ci: fix labeler (#5697)
+ chore(actions): add packaging label for any branches modifying debian/*
+ (#5693)
+ test: add verify_clean_boot() calls alongside verify_clean_log() (#5671)
+ test: add deprecation support to verify_clean_boot (#5671)
+ doc: remove misleading warning (#5681)
+ chore: Prefer other methods over $INSTANCE_ID (#5661)
+ ci: fix packaging test when no patches (#5680)
+ chore: fix tip-ruff and update to latest version (#5676)
+ chore: make ansible test serial (#5677)
+ feat(ec2): Bump url_max_timeout to 240s from 120s. (#5565)
[Robert Nickel]
+ chore: fix typo in requirements.txt (#5637)
+ feat: make pyserial an optional dependency (#5637)
+ chore: bump ci dependency versions (#5660)
+ chore: drop broken optimization (#5666)
24.3.1
+ test: add test coverage for iproute2 commands (#5651)
+ fix(netops): fix ip addr flush command (#5651) (GH: 5648)
24.3
+ docs: Clarify v2 set-name behavior (#5639)
+ fix: properly handle blank lines in fstab (#5643)
+ fix: cc_user_groups incorrectly assumes "useradd" never locks password
field (#5355) [dermotbradley]
+ tests: assert cloud-init user-data cert is the only root cert (#5641)
+ feat: add automation for ubuntu/* branches asserting quilt patches apply
(#5622)
+ fix(sources/wsl): no error with empty .cloud-init dir (SC-1862) (#5633)
+ feat(azure): add PPS support for azure-proxy-agent (#5601)
[Ksenija Stanojevic]
+ fix(tests): use instance.clean/restart instead of clean --reboot (#5636)
+ test: fix cmd/test_schema int test (#5629)
+ test: fix test_honor_cloud_dir int test (#5627)
+ docs: alphabetize dsname lookup table. update comment to create the csv
(#5624)
+ docs: new datasources should update reference/ds_dsname_map (#5624)
+ test: fix ca_certs int test (#5626)
+ chore: update schema docs to use RST bold for config key names (#5562)
+ fix(doc): italics around deprecation prefix, description bolds key names
(#5562)
+ feat(doc): add env vars to debug config module doc builds (#5562)
+ fix(doc): doc of nested objects under JSON schema items.oneOf (#5562)
+ fix(doc): object type check if patternProperties or properties (#5562)
+ doc(schema): schema descriptions should end with trailing stop (#5562)
+ fix(wsl): Properly assemble multipart data (#5538) [Carlos Nihelton]
+ feat: collect-logs improvements (#5619)
+ tests: fix test_ca_certs.py for gcp (#5621)
+ fix(nm): Ensure bond property name formatting matches schema definition
(#5383) [Curt Moore]
+ Update behavior of base bond interface with NetworkManager (#5385)
[Curt Moore]
+ ci: Drop Python 3.6 and 3.7 (#5607)
+ chore(black): Bump version (#5607)
+ chore(mypy): Fix failures on newer versions of mypy (#5607)
+ chore(tox.ini): Simplify configuration, fix minor bugs (#5607)
+ chore(mypy): Lint log module (#5607)
+ fix(systemd): Correct location of installed drop-in files(#5615)
[Noah Meyerhans]
+ fix(btrfs): Version parsing (#5618)
+ docs: Remove unnecessary section, add feature flag page (#5617)
+ docs: Drop Python 3.6 and 3.7 support (#5617)
+ chore: explain other use of oauth (#5616)
+ chore(actions): add doc label for any doc related subdir file matches
(#5602)
+ doc: Add misc links, improve wording (#5595)
+ doc(boot): Make first boot a dedicated page (#5595)
+ doc: Describe all stages in a single process (#5595)
+ chore: Deprecate old commands in help output (#5595)
+ chore: add comment explaining the NetworkManager may-fail setting
(#5598) [Ani Sinha]
+ Revert "fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr
(#5471)" (#5596) [PengpengSun]
+ fix: read_optional_seed to set network-config when present (#5593)
+ feat(snap): avoid refresh on package_upgrade: true and refresh.hold
(#5426)
+ fix: Fix tests which have outdated strings (#5585)
+ fix: Fix ftp failures (#5585)
+ doc: improve integration testing configuration instructions (#5556)
[Alec Warren]
+ azure: check azure-proxy-agent status (#5138) [Ksenija Stanojevic]
+ refactor: refactor and fix mypy in DataSourceIBMCloud.py (#5509)
[Alec Warren]
+ fix: Update default LXD meta-data with user meta-data (#5584)
+ chore: Fix log message in url_helper.py (#5583)
+ fix: nocloud no fail when network-config absent (#5580)
+ feat: Single process optimization (#5489)
+ chore: Add helper, refactor utilities into separate module (#5573)
+ refactor: update handle function of cc_mounts (#5498)
+ fix: Integration tests (#5576)
+ fix(NoCloudNet): Add network-config support (#5566)
+ feat: Eliminate redundant configuration reads (#5536)
+ fix(actions): correct typo in cloudinit/config/schemas/ match (#5570)
+ fix: add host template for AOSC (#5557) [Yuanhang Sun]
+ chore(debian): Remove vestigial postinst and preinst code (#5569)
+ fix(actions): doc labeler needs all clause instead of default any (#5568)
+ docs: Overhaul user data formats documentation (#5551)
+ chore: Deprecate ENI as an input configuration format (#5561)
+ doc: improve drop-in custom modules (#5548)
+ doc(NoCloud): Categorize the different configuration types (#5521)
+ doc(autoinstall): Remove incorrect statements, be more direct (#5545)
+ chore: remove unneeded doc-lint tox env config (#5547)
+ fix(doc-spelling): config spelling_word_list_filename (#5547)
+ doc(modules): add section to wrap modules' doc (#5550)
+ doc: Update docs on boothooks (#5546)
+ fix: doc auto label to consider schema json changes as doc PRs (#5543)
+ feat(schema): add chef_license schema enum (#5543)
+ doc: add diagram with boot stages (#5539)
+ docs: improve qemu command line (#5540) [Christian Ehrhardt]
+ fix: auto label doc PRs (#5542)
+ fix(wsl): Put back the "path" argument to wsl_path in ds-identify
+ (#5537) [Carlos Nihelton]
+ test: fix test_kernel_command_line_match (#5529)
+ test: fix no ds cache tests (#5529)
+ fix(azurelinux): Change default usr_lib_exec path (#5526) [Minghe Ren]
+ feat: Support URI sources in `write_files` module (#5505)
[Lucas Ritzdorf]
+ add openeuler to distros in cc_spacewalk.py (#5530) [sxt1001]
+ feat(wsl): Special handling Landscape client config tags (#5460)
[Carlos Nihelton]
+ chore: Deprecate partially supported system config (#5515)
+ chore: Improve detection logging for user clarity (#5515)
+ fix(ds-identify): Detect nocloud when seedfrom url exists (#5515)
+ refactor: logs.py add typing and small misc refactors (#5414)
+ refactor: logs.py pathlib changes (#5414)
+ refactor: replace verbosity with log levels in logs.py (#5414)
+ feat: Add trace-level logger (#5414)
+ chore(formatting): fix squashed commit test formatting (#5524)
+ fix: Clean cache if no datasource fallback (#5499)
+ Support setting mirrorlist in yum repository config (#5522) [Ani Sinha]
+ doc(OFV): Document how to configure cloud-init (#5519)
+ fix: Update DNS behavior for NetworkManager interfaces (#5496)
[Curt Moore]
+ Fix configuration of DNS servers via OpenStack (#5384) [Curt Moore]
+ test: Unconditionally skip test_multi_nic_hotplug_vpc (#5503)
+ tests: revert expectation of exit 2 from cloud-init init --local (#5504)
+ fix(test): Fix ip printer for non-lxd (#5488)
+ feat(systemd): convert warning level message to deprecation (#5209)
+ test: allow verify_clean_boot to ignore all or specific tracebacks
(#5209)
+ test: Don't fail tests which call cloud-init as a command (#5209)
+ feat(systemd): Warn user of unexpected run mode (#5209)
+ fix: add schema rules for 'baseurl' and 'metalink' in yum repo config
(#5501) [Ani Sinha]
+ Set MTU for bond parent interface (#5495) [Curt Moore]
+ refactor: util.mounts to handle errors (#5490)
+ refactor: util.get_proc_env to work with strs (#5490)
+ typing: fix check_untyped_defs in cloudinit.util (#5490)
+ test: Add missing assert to test_status.py (#5494)
+ test: Ensure mkcert executable in ftp tests (#5493)
+ test: pytestify and cleanup test_cc_mounts.py (#5459)
+ fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr (#5471)
[PengpengSun]
+ fix(openbsd): fix mtu on newline in hostname files (#5412) [Tobias Urdin]
+ feat(aosc): Add 'AOSC OS' support (#5310) [Yuanhang Sun]
24.2
+ test: Fix no default user in test_status.py (#5478)
+ fix: correct deprecated_version=22.2 for users.sudo
+ test: Add jsonschema guard in test_cc_ubuntu_pro.py (#5479)
+ fix(test): Fix pycloudlib types in integration tests (#5350)
+ fix(test): Fix ip printing for non-lxd instances (#5350)
+ chore(mypy): Drop unused missing import exclusions (#5350)
+ type: Add stub types for network v1/v2 config (#5350)
+ chore: Auto-format network jsonschema in ci (#5350)
+ fix(tox): Update tox.ini (#5350)
+ chore(typing): Remove type ignores and casts (#5350)
+ refactor(typing): Remove unused code paths (#5350)
+ fix(typing): Add / update type annotations (#5350)
+ fix(typing): Remove type annotation for unused variable (#5350)
+ fix(typing): Remove invalid type annotations (#5350)
+ ci(mypy): Set default follow_imports value (#5350)
+ test: Update integration tests to pass on focal (#5476)
+ tests: update ubuntu_pro test to account for info-level deprecations
(#5475)
+ tests: update nocloud deprecation test for boundary version (#5474)
+ fix(rh_subscription): add string type to org (#5453)
+ tests: integration tests aware of features.DEPRECATION_INFO_BOUNDARY
+ tests: update keyserver PPA key fur curtin-dev (#5472)
+ test: Fix deprecation test failures (#5466)
+ chore: fix schema.py formatting (#5465)
+ fix: dont double-log deprecated INFOs (#5465)
+ fix(test): Mock version boundary (#5464)
+ fix(schema): Don't report changed keys as deprecated (#5464)
+ test: fix unit test openstack vlan mac_address (#5367)
+ fix: Ensure properties for bonded interfaces are properly translated
(#5367) [Curt Moore]
+ fix(schema): permit deprecated hyphenated keys under users key (#5456)
+ fix: Do not add the vlan_mac_address field into the VLAN object (#5365)
[Curt Moore]
+ doc(refactor): Convert module docs to new system (#5427) [Sally]
+ test: Add unit tests for features.DEPRECATION_INFO_BOUNDARY (#5411)
+ feat: Add deprecation boundary support to schema validator (#5411)
+ feat: Add deprecation boundary to logger (#5411)
+ fix: Gracefully handle missing files (#5397) [Curt Moore]
+ test(openstack): Test bond mac address (#5369)
+ fix(openstack): Fix bond mac_address (#5369) [Curt Moore]
+ test: Add ds-identify integration test coverage (#5394)
+ chore(cmdline): Update comments (#5458)
+ fix: Add get_connection_with_tls_context() for requests 2.32.2+ (#5435)
[eaglegai]
+ fix(net): klibc ipconfig PROTO compatibility (#5437)
[Alexsander de Souza] (LP: #2065787)
+ Support metalink in yum repository config (#5444) [Ani Sinha]
+ tests: hard-code curtin-dev ppa instead of canonical-kernel-team (#5450)
+ ci: PR update checklist GH- anchors to align w/ later template (#5449)
+ test: update validate error message in test_networking (#5436)
+ ci: Add PR checklist (#5446)
+ chore: fix W0105 in t/u/s/h/test_netlink.py (#5409)
+ chore(pyproject.toml): migrate to booleans (#5409)
+ typing: add check_untyped_defs (#5409)
+ fix(openstack): Append interface / scope_id for IPv6 link-local metadata
address (#5419) [Christian Rohmann]
+ test: Update validation error in test_cli.py test (#5430)
+ test: Update schema validation error in integration test (#5429)
+ test: bump pycloudlib to get azure oracular images (#5428)
+ fix(azure): fix discrepancy for monotonic() vs time() (#5420)
[Chris Patterson]
+ fix(pytest): Fix broken pytest gdb flag (#5415)
+ fix: Use monotonic time (#5423)
+ docs: Remove mention of resolv.conf (#5424)
+ perf(netplan): Improve network v1 -> network v2 performance (#5391)
+ perf(set_passwords): Run module in Network stage (#5395)
+ fix(test): Remove temporary directory side effect (#5416)
+ Improve schema validator warning messages (#5404) [Ani Sinha]
+ feat(sysconfig): Add DNS from interface config to resolv.conf (#5401)
[Ani Sinha]
+ typing: add no_implicit_optional lint (#5408)
+ doc: update examples to reflect alternative ways to provide `sudo`
option (#5418) [Ani Sinha]
+ fix(jsonschema): Add missing sudo definition (#5418)
+ chore(doc): migrate cc modules i through r to templates (#5313)
+ chore(doc): migrate grub_dpkg to tmpl add changed/deprecation (#5313)
+ chore(json): migrate cc_apt_configure and json schema indents (#5313)
+ chore(doc): migrate ca_certs/chef to template, flatten schema (#5313)
+ chore(doc): migrate cc_byobu to templates (#5313)
+ chore(doc): migrate cc_bootcmd to templates (#5313)
+ fix(apt): Enable calling apt update multiple times (#5230)
+ chore(VMware): Modify section of instance-id in the customization config
(#5356) [PengpengSun]
+ fix(treewide): Remove dead code (#5332) [Shreenidhi Shedi]
+ doc: network-config v2 ethernets are of type object (#5381) [Malte Poll]
+ Release 24.1.7 (#5375)
+ fix(azure): url_helper: specify User-Agent when using headers_cb with
readurl() (#5298) [Ksenija Stanojevic]
+ fix: Stop attempting to resize ZFS in cc_growpart on Linux (#5370)
+ doc: update docs adding YAML 1.1 spec and jinja template references
+ fix(final_message): do not warn on datasourcenone when single ds
+ fix(growpart): correct growpart log message to include value of mode
+ feat(hotplug): disable hotplugd.socket (#5058)
+ feat(hotlug): trigger hotplug after cloud-init.service (#5058)
+ test: add function to push and enable systemd units (#5058)
+ test(util): fix wait_until_cloud_init exit code 2 (#5058)
+ test(hotplug): fix race getting ipv6 (#5271)
+ docs: Adjust CSS to increase font weight across the docs (#5363) [Sally]
+ fix(ec2): Correctly identify netplan renderer (#5361)
+ tests: fix expect logging from growpart on devent with partition (#5360)
+ test: Add v2 test coverage to test_net.py (#5247)
+ refactor: Simplify collect_logs() in logs.py (#5268)
+ fix: Ensure no subp from logs.py import (#5268)
+ tests: fix integration tests for ubuntu pro 32.3 release (#5351)
+ tests: add oracular's hello package for pkg upgrade test (#5354)
+ growpart: Fix behaviour for ZFS datasets (#5169) [Mina Galić]
+ device_part_info: do not recurse if we did not match anything (#5169)
[Mina Galić]
+ feat(alpine): add support for Busybox adduser/addgroup (#5176)
[dermotbradley]
+ ci: Move lint tip and py3-dev jobs to daily (#5347)
+ fix(netplan): treat netplan warnings on stderr as debug for cloud-init
(#5348)
+ feat(disk_setup): Add support for nvme devices (#5263)
+ fix(log): Do not warn when doing requested operation (#5263)
+ Support sudoers in the "/usr/usr merge" location (#5161)
[Robert Schweikert]
+ doc(nocloud): Document network-config file (#5204)
+ fix(netplan): Fix predictable interface rename issue (#5339)
+ cleanup: Don't execute code on import (#5295)
+ fix(net): Make duplicate route add succeed. (#5343)
+ fix(freebsd): correct configuration of IPv6 routes (#5291) [Théo Bertin]
+ fix(azure): disable use-dns for secondary nics (#5314)
+ chore: fix lint failure (#5320)
+ Update pylint version to support python 3.12 (#5338) [Ani Sinha]
+ fix(tests): use regex to avoid focal whitespace in jinja debug test
(#5335)
+ chore: Add docstrings and types to Version class (#5262)
+ ci(mypy): add type-jinja2 stubs (#5337)
+ tests(alpine): github trust lxc mounted source dir cloud-init-ro (#5329)
+ test: Add oracular release to integration tests (#5328)
+ Release 24.1.6 (#5326)
+ test: Fix failing test_ec2.py test (#5324)
+ fix: Check renderer for netplan-specific code (#5321)
+ docs: Removal of top-level --file breaking change (#5308)
+ fix: typo correction of delaycompress (#5317)
+ docs: Renderers/Activators have downstream overrides (#5322)
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix(lxd): Properly handle unicode from LXD socket (#5309)
+ docs: Prefer "artifact" over "artefact" (#5311) [Arthur Le Maitre]
+ chore(doc): migrate cc_byobu to templates
+ chore(doc): migrate cc_bootcmd to templates
+ chore(doc): migrate apt_pipelining and apk_configure to templates
+ tests: in_place mount module-docs into lxd vm/container
+ feat(docs): generate rtd module schema from rtd/module-docs
+ feat: Set RH ssh key permissions when no 'ssh_keys' group (#5296)
[Ani Sinha]
+ test: Avoid circular import in Azure tests (#5280)
+ test: Fix test_failing_userdata_modules_exit_codes (#5279)
+ chore: Remove CPY check from ruff (#5281)
+ chore: Clean up docstrings
+ chore(ruff): Bump to version 0.4.3
+ feat(systemd): Improve AlmaLinux OS and CloudLinux OS support (#5265)
[Elkhan Mammadli]
+ feat(ca_certs): Add AlmaLinux OS and CloudLinux OS support (#5264)
[Elkhan Mammadli]
+ docs: cc_apt_pipelining docstring typo fix (#5273) [Alex Ratner]
+ feat(azure): add request identifier to IMDS requests (#5218)
[Ksenija Stanojevic]
+ test: Fix TestFTP integration test (#5237) [d1r3ct0r]
+ feat(ifconfig): prepare for CIDR output (#5272) [Mina Galić]
+ fix: stop manually dropping dhcp6 key in integration test (#5267)
[Alec Warren]
+ test: Remove some CiTestCase tests (#5256)
+ fix: Warn when signal is handled (#5186)
+ fix(snapd): ubuntu do not snap refresh when snap absent (LP: #2064300)
+ feat(landscape-client): handle already registered client (#4784)
[Fabian Lichtenegger-Lukas]
+ doc: Show how to debug external services blocking cloud-init (#5255)
+ fix(pdb): Enable running cloud-init under pdb (#5217)
+ chore: Update systemd description (#5250)
+ fix(time): Harden cloud-init to system clock changes
+ fix: Update analyze timestamp uptime
+ fix(schema): no network validation on netplan systems without API
+ fix(mount): Don't run cloud-init.service if cloud-init disabled (#5226)
+ fix(ntp): Fix AlmaLinux OS and CloudLinux OS support (#5235)
[Elkhan Mammadli]
+ tests: force version of cloud-init from PPA regardless of version (#5251)
+ ci: Print isort diff (#5242)
+ test: Fix integration test dependencies (#5248)
+ fix(ec2): Fix broken uuid match with other-endianness (#5236)
+ fix(schema): allow networkv2 schema without top-level key (#5239)
[Cat Red]
+ fix(cmd): Do not hardcode reboot command (#5208)
+ test: Run Alpine tests without network (#5220)
+ docs: Add base config reference from explanation (#5241)
+ docs: Remove preview from WSL tutorial (#5225)
+ chore: Remove broken maas code (#5219)
+ feat(WSL): Add support for Ubuntu Pro configs (#5116) [Ash]
+ chore: sync ChangeLog and version.py from 24.1.x (#5228)
+ bug(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
+ ci: Skip package build on tox runs (#5210)
+ chore: Fix test skip message
+ test(ec2): adopt pycloudlib public ip creation while launching instances
+ test(ec2): add ipv6 testing for multi-nic instances
+ test(ec2): adopt pycloudlib enable_ipv6 while launching instances
+ feat: tool to print diff between netplan and networkv2 schema (#5200)
[Cat Red]
+ test: mock internet access in test_upgrade (#5212)
+ ci: Add timezone for alpine unit tests (#5216)
+ fix: Ensure dump timestamps parsed as UTC (#5214)
+ docs: Add WSL tutorial (#5206)
+ feature(schema): add networkv2 schema (#4892) [Cat Red]
+ Add alpine unittests to ci (#5121)
+ test: Fix invalid openstack datasource name (#4905)
+ test: Fix MAAS test and mark xfail (#4905)
+ chore(ds-identify): Update shellcheck ignores (#4905)
+ fix(ds-identify): Prevent various false positives and false negatives
(#4905)
+ Use grep for faster parsing of cloud config in ds-identify (#4905)
[Scott Moser] (LP: #2030729)
+ tests: validate netplan API YAML instead of strict content (#5195)
+ chore(templates): update ubuntu universe wording (#5199)
+ Deprecate the users ssh-authorized-keys property (#5162)
[Anders Björklund]
+ doc(nocloud): Describe ftp and ftp over tls implementation (#5193)
+ feat(net): provide network config to netplan.State for render (#4981)
+ docs: Add breaking datasource identification changes (#5171)
+ fix(openbsd): Update build-on-openbsd python dependencies (#5172)
[Hyacinthe Cartiaux]
+ fix: Add subnet ipv4/ipv6 to network schema (#5191)
+ docs: Add deprecated system_info to schema (#5168)
+ docs: Add DataSourceNone documentation (#5165)
+ test: Skip test if console log is None (#5188)
+ fix(dhcp): Enable interactively running cloud-init init --local (#5166)
+ test: Update message for netplan apply dbus issue
+ test: install software-properties-common if absent during PPA setup
+ test: bump pycloudlib to use latest version
+ test: Update version of hello package installed on noble
+ test: universally ignore netplan apply dbus issue (#5178)
+ chore: Remove obsolete nose workaround
+ feat: Add support for FTP and FTP over TLS (#4834)
+ feat(opennebula): Add support for posix shell
+ test: Make analyze tests not depend on GNU date
+ test: Eliminate bash dependency from subp tests
+ docs: Add breaking changes section to reference docs (#5147) [Cat Red]
+ util: add log_level kwarg for logexc() (#5125) [Chris Patterson]
+ refactor: Make device info part of distro definition (#5067)
+ refactor: Distro-specific growpart code (#5067)
+ test(ec2): fix mocking with responses==0.9.0 (focal) (#5163)
+ chore(safeyaml): Remove unicode helper for Python2 (#5142)
+ Revert "test: fix upgrade dhcp6 on ec2 (#5131)" (#5148)
+ refactor(net): Reuse netops code
+ refactor(iproute2): Make expressions multi-line for legibility
+ feat(freebsd): support freebsd find part by gptid and ufsid (#5122)
[jinkangkang]
+ feat: Determining route metric based on NIC name (#5070) [qidong.ld]
+ test: Enable profiling in integration tests (#5130)
+ dhcp: support configuring static routes for dhclient's unknown-121
option (#5146) [Chris Patterson]
+ feat(azure): parse ProvisionGuestProxyAgent as bool (#5126)
[Ksenija Stanojevic]
+ fix(url_helper): fix TCP connection leak on readurl() retries (#5144)
[Chris Patterson]
+ test: pytest-ify t/u/sources/test_ec2.py
+ Revert "ec2: Do not enable dhcp6 on EC2 (#5104)" (#5145) [Major Hayden]
+ fix: Logging sensitive data
+ test: Mock ds-identify systemd path (#5119)
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ test: fix upgrade dhcp6 on ec2 (#5131)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
(#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ ci: fix linkcheck.yml invalid yaml (#5123)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ ec2: Do not enable dhcp6 on EC2 (#5104) [Major Hayden]
+ fix: Fall back to cached local ds if no valid ds found (#4997)
[PengpengSun]
+ ci: Make linkcheck a scheduled job (#5118)
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ Release 24.1.3
+ chore: Handle all level 1 TiCS security violations (#5103)
+ fix: Always use single datasource if specified (#5098)
+ fix(tests): Leaked mocks (#5097)
+ fix(rhel)!: Fix network boot order in upstream cloud-init
+ fix(rhel): Fix network ordering in sysconfig
+ feat: Use NetworkManager renderer by default in RHEL family
+ fix: Allow caret at the end of apt package (#5099)
+ test: Add missing mocks to prevent bleed through (#5082)
[Robert Schweikert]
+ fix: Ensure network config in DataSourceOracle can be unpickled (#5073)
+ docs: set the home directory using homedir, not home (#5101)
[Olivier Gayot] (LP: #2047796)
+ fix(cacerts): Correct configuration customizations for Photon (#5077)
[Christopher McCann]
+ fix(test): Mock systemd fs path for non-systemd distros
+ fix(tests): Leaked subp.which mock
+ fix(networkd): add GatewayOnLink flag when necessary (#4996) [王煎饼]
+ Release 24.1.2
+ test: fix `disable_sysfs_net` mock (#5065)
+ refactor: don't import subp function directly (#5065)
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
+ ds-identify: Improve ds-identify testing flexibility (#5047)
+ fix(ansible): Add verify_commit and inventory to ansible.pull schema
(#5032) [Fionn Fitzmaurice]
+ doc: Explain breaking change in status code (#5049)
+ gpg: Handle temp directory containing files (#5063)
+ distro(freebsd): add_user: respect homedir (#5061) [Mina Galić]
+ doc: Install required dependencies (#5054)
+ networkd: Always respect accept-ra if set (#4928) [Phil Sphicas]
+ chore: ignore all cloud-init_*.tar.gz in .gitignore (#5059)
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ feat: Add new distro 'azurelinux' for Microsoft Azure Linux. (#4931)
[Dan Streetman]
+ fix(gpg): Make gpg resilient to host configuration changes (#5026)
+ Sync 24.1.1 changelog and version
+ DS VMware: Fix ipv6 addr converter from netinfo to netifaces (#5029)
[PengpengSun]
+ packages/debian: remove dependency on isc-dhcp-client (#5041)
[Chris Patterson]
+ test: Allow fake_filesystem to work with TemporaryDirectory (#5035)
+ tests: Don't wait for GCE instance teardown (#5037)
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle
(#5021) (LP: #2056439)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix(atomic_helper.py): ensure presence of parent directories (#4938)
[Shreenidhi Shedi]
+ fix: Add "broadcast" to network v1 schema (#5034) (LP: #2056460)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022) [Chris Patterson]
+ fix: Make wait_for_url respect explicit arguments
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues
(#5025) (LP: #2056194)
+ chore(cmd-modules): fix exit code when --mode init (#5017)
+ feat: pylint: enable W0201 - attribute-defined-outside-init
+ refactor: Ensure no attributes defined outside __init__
+ chore: disable attribute-defined-outside-init check in tests
+ refactor: Use _unpickle rather than hasattr() in sources
+ chore: remove unused vendordata "_pure" variables
+ chore(cmd-modules): deprecate --mode init (#5005)
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: log correct disabled path in ds-identify (#5016)
+ tests: ec2 dont spend > 1 second retrying 19 times when 3 times will do
+ tests: openstack mock expected ipv6 IMDS
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
(LP: #2055077)
+ feat(run-container): Run from arbitrary commitish (#5015)
+ tests: Fix wsl test (#5008)
+ feat(ds-identify): Don't run unnecessary systemd-detect-virt (#4633)
+ chore(ephemeral): add debug log when bringing up ephemeral network
(#5010) [Alec Warren]
+ release: sync changelog and version (#5011)
+ Cleanup test_net.py (#4840)
+ refactor: remove dependency on netifaces (#4634) [Cat Red]
+ feat: make lxc binary configurable (#5000)
+ docs: update 404 page for new doc site and bug link
+ test(aws): local network connectivity on multi-nics (#4982)
+ test: Make integration test output more useful (#4984)
From 24.1.7
+ fix(ec2): Correctly identify netplan renderer (#5361)
From 24.1.6
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix: Check renderer for netplan-specific code (#5321)
+ test: Fix failing test_ec2.py test (#5324)
From 24.1.5
+ fix(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
From 24.1.4
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
+ (#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
From 24.1.3
+ fix: Always use single datasource if specified (#5098)
+ fix: Allow caret at the end of apt package (#5099)
From 24.1.2
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
From 24.1.1
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle (#5021)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix: Add "broadcast" to network v1 schema (#5034)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022)
+ fix: Make wait_for_url respect explicit arguments
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues (#5025)
+ tests: Fix wsl test (#5008)
From 24.1
+ fix: Don't warn on vendor directory (#4986)
+ apt: kill spawned keyboxd after gpg cmd interaction
+ tests: upgrade tests should only validate current boot log
+ net/dhcp: fix maybe_perform_dhcp_discovery check for interface=None
[Chris Patterson]
+ doc(network-v2): fix section nesting levels
+ fix(tests): don't check for clean log on minimal image (#4965) [Cat Red]
+ fix(cc_resize): Don't warn if zpool command not found (#4969)
(LP: #2055219)
+ feat(subp): Make invalid command warning more user-friendly (#4972)
+ docs: Remove statement about device path matching (#4966)
+ test: Fix xfail to check the dhcp client name (#4971)
+ tests: avoid console prompts when removing gpg on Noble
+ test: fix test_get_status_systemd_failure
+ fix: Remove hardcoded /var/lib/cloud hotplug path (#4940)
+ refactor: Refactor status.py (#4864)
+ test: Use correct lxd network-config keys (#4950)
+ test: limit temp dhcp6 changes to < NOBLE (#4942)
+ test: allow downgrades when install debs (#4941)
+ tests: on noble, expect default /etc/apt/sources.list
+ tests: lxd_vm early boot status test ordered After=systemd-remount-fs
(#4936)
+ tests: pro integration tests supply ubuntu_advantage until pro v32
(#4935)
+ feat(hotplug): add cmd to enable hotplug (#4821)
+ test: fix test_combined_cloud_config_json (#4925)
+ test: xfail udhcpc on azure (#4924)
+ feat: Implement the WSL datasource (#4786) [Carlos Nihelton]
+ refactor(openrc): Improve the OpenRC files (#4916) [dermotbradley]
+ tests: use apt install instead of dpkg -i to install pkg deps
+ tests: inactive module rename ubuntu_advantage to ubuntu_pro
+ test: fix tmpdir in test_cc_apk_configure (#4914)
+ test: fix jsonschema version checking in pro test (#4915)
+ feat(dhcp): Make dhcpcd the default dhcp client (#4912)
+ feat(Alpine) cc_growpart.py: fix handling of /dev/mapper devices (#4876)
[dermotbradley]
+ test: Retry longer in test_status.py integration test (#4910)
+ test: fix kernel override test (#4913)
+ chore: Rename sysvinit/gentoo directory to sysvinit/openrc (#4906)
[dermotbradley]
+ doc: update ubuntu_advantage references to pro
+ chore: rename cc_ubuntu_advantage to cc_ubuntu_pro (SC-1555)
+ feat(ubuntu pro): deprecate ubuntu_pro key in favor of ubuntu_advantage
+ feat(schema): support ubuntu_pro key and deprecate ubuntu_advantage
+ test: fix verify_clean_log (#4903)
+ test: limit test_no_hotplug_triggered_by_docker to stable releases
+ tests: generalize warning Open vSwitch warning from netplan apply (#4894)
+ fix(hotplug): remove literal quotes in args
+ feat(apt): skip known /etc/apt/sources.list content
+ feat(apt): use APT deb822 source format by default
+ test(ubuntu-pro): change livepatch to esm-infra
+ doc(ec2): fix metadata urls (#4880)
+ fix: unpin jsonschema and update tests (#4882)
+ distro: add eject FreeBSD code path (#4838) [Mina Galić]
+ feat(ec2): add hotplug as a default network update event (#4799)
+ feat(ec2): support instances with repeated device-number (#4799)
+ feat(cc_install_hotplug): trigger hook on known ec2 drivers (#4799)
+ feat(ec2): support multi NIC/IP setups (#4799)
+ feat(hotplug): hook-hotplug is now POSIX shell add OpenRC init script
[dermotbradley]
+ test: harden test_dhcp.py::test_noble_and_newer_force_client
+ test: fix test_combined_cloud_config_json (#4868)
+ feat(apport): Disable hook when disabled (#4874)
+ chore: Add pyright ignore comments (#4874)
+ bug(apport): Fix invalid typing (#4874)
+ refactor: Move general apport hook to main branch (#4874)
+ feat(bootspeed)!: cloud-config.service drop After=snapd.seeded
+ chore: update CI package build to oldest supported Ubuntu release focal
(#4871)
+ test: fix test_cli.test_valid_userdata
+ feat: handle error when log file is empty (#4859) [Hasan]
+ test: fix test_ec2_ipv6
+ fix: Address TIOBE abstract interpretation issues (#4866)
+ feat(dhcp): Make udhcpc use same client id (#4830)
+ feat(dhcp): Support InfiniBand with dhcpcd (#4830)
+ feat(azure): Add ProvisionGuestProxyAgent OVF setting (#4860)
[Ksenija Stanojevic]
+ test: Bring back dhcp6 integration test changes (#4855)
+ tests: add status --wait blocking test from early boot
+ tests: fix retry decorator to return the func value
+ docs: add create_hostname_file to all hostname user-data examples
(#4727) [Cat Red]
+ fix: Fix typos (#4850) [Viktor Szépe]
+ feat(dhcpcd): Read dhcp option 245 for azure wireserver (#4835)
+ tests(dhcp): Add udhcpc client to test matrix (#4839)
+ fix: Add types to network v1 schema (#4841)
+ docs(vmware): fixed indentation on example userdata yaml (#4854)
[Alec Warren]
+ tests: Remove invalid keyword from method call
+ fix: Handle systemctl when dbus not ready (#4842) (LP: #2046483)
+ fix(schema cli): avoid netplan validation on net-config version 1
+ tests: reduce expected reports due to dropped rightscale module
+ tests(net-config): add awareness of netplan on stable Ubuntu
[Gilbert Gilb's]
+ feat: fall back to cdrom_id eject if eject is not available (#4769)
[Cat Red]
+ fix(packages/bddeb): restrict debhelper-compat to 12 in focal (#4831)
+ tests: Add kernel commandline test (#4833)
+ fix: Ensure NetworkManager renderer works without gateway (#4829)
+ test: Correct log parsing in schema test (#4832)
+ refactor: Remove cc_rightscale_userdata (#4813)
+ refactor: Replace load_file with load_binary_file to simplify typing
(#4823)
+ refactor: Add load_text_file function to simplify typing (#4823)
+ refactor: Change variable name for consistent typing (#4823)
+ feat(dhcp): Add support for dhcpcd (#4746)
+ refactor: Remove unused networking code (#4810)
+ test: Add more DNS net tests
+ BREAKING CHANGE: Stop adding network v2 DNS to global DNS
+ doc: update DataSource.default_update_events doc (#4815)
+ chore: do not modify instance attribute (#4815)
+ test: fix mocking leaks (#4815)
+ Revert "ci: Pin pytest<8.0.0. (#4816)" (#4815)
+ test: Update tests for passlib (#4818)
+ fix(net-schema): no warn when skipping schema check on non-netplan
+ feat(SUSE): reboot marker file is written as /run/reboot-needed (#4788)
[Robert Schweikert]
+ test: Cleanup unwanted logger setup calls (#4817)
+ refactor(cloudinit.util): Modernize error handling, add better warnings
(#4812)
+ ci: Pin pytest<8.0.0. (#4816)
+ fix(tests): fixing KeyError on integrations tests (#4811) [Cat Red]
+ tests: integration for network schema on netplan systems (#4767)
+ feat(schema): use netplan API to validate network-config (#4767)
+ chore: define CLOUDINIT_NETPLAN_FILE static var (#4767)
+ fix: cli schema config-file option report network-config type (#4767)
+ refactor(azure): replace BrokenAzureDataSource with reportable errors
(#4807) [Chris Patterson]
+ Fix Alpine and Mariner /etc/hosts templates (#4780) [dermotbradley]
+ tests: revert #4792 as noble images no longer return 2 (#4809) [Cat Red]
+ tests: use client fixture instead of class_client in cleantest (#4806)
+ tests: enable ds-idenitfy xfail test LXD-kvm-not-MAAS-1 (#4808)
+ fix(tests): failing integration tests due to missing ua token (#4802)
[Cat Red]
+ Revert "Use grep for faster parsing of cloud config in ds-identify
(#4327)"
+ tests: Demonstrate ds-identify yaml parsing broken
+ tests: add exit 2 on noble from cloud-init status (#4792)
+ fix: linkcheck for ci to ignore scaleway anchor URL (#4793)
+ feat: Update cacerts to support VMware Photon (#4763)
[Christopher McCann]
+ fix: netplan rendering integrations tests (#4795) [Cat Red]
+ azure: remove cloud-init.log reporting via KVP (#4715) [Chris Patterson]
+ feat(Alpine): Modify ds-identify for Alpine support and add OpenRC
init.d script (#4785) [dermotbradley]
+ doc: Add DatasourceScaleway documentation (#4773) [Louis Bouchard]
+ fix: packaged logrotate file lacks suffix on ubuntu (#4790)
+ feat(logrotate): config flexibility more backups (#4790)
+ fix(clean): stop warning when running clean command (#4761) [d1r3ct0r]
+ feat: network schema v1 strict on nic name length 15 (#4774)
+ logrotate config (#4721) [Fabian Lichtenegger-Lukas]
+ test: Enable coverage in integration tests (#4682)
+ test: Move unit test helpers to global test helpers (#4682)
+ test: Remove snapshot option from install_new_cloud_init (#4682)
+ docs: fix cloud-init single param docs (#4682)
+ Alpine: fix location of dhclient leases file (#4782) [dermotbradley]
+ test(jsonschema): Pin jsonschema version (#4781)
+ refactor(IscDhclient): discover DHCP leases at distro-provided location
(#4683) [Phsm Qwerty]
+ feat: datasource check for WSL (#4730) [Carlos Nihelton]
+ test: Update hostname integration tests (#4744)
+ test: Add mantic and noble releases to integration tests (#4744)
+ refactor: Ensure internal DNS state same for v1 and v2 (#4756)
+ feat: Add v2 route mtu rendering to NetworkManager (#4748)
+ tests: stable ubuntu releases will not exit 2 on warnings (#4757)
+ doc(ds-identify): Describe ds-identify irrespective of distro (#4742)
+ fix: relax NetworkManager renderer rules (#4745)
+ fix: fix growpart race (#4618)
+ feat: apply global DNS to interfaces in network-manager (#4723)
[Florian Apolloner]
+ feat(apt): remove /etc/apt/sources.list when deb22 preferred (#4740)
+ chore: refactor schema data as enums and namedtuples (#4585)
+ feat(schema): improve CLI message on unprocessed data files (#4585)
+ fix(config): relocate /run to /var/run on BSD (canonical#4677)
[Mina Galić]
+ fix(ds-identify): relocate /run on *BSD (#4677) [Mina Galić]
+ fix(sysvinit): make code a bit more consistent (#4677) [Mina Galić]
+ doc: Document how cloud-init is, not how it was (#4737)
+ tests: add expected exit 2 on noble from cloud-init status (#4738)
+ test(linkcheck): ignore github md and rst link headers (#4734)
+ test: Update webhook test due to removed cc_migrator module (#4726)
+ fix(ds-identify): Return code 2 is a valid result, use cached value
+ fix(cloudstack): Use parsed lease file for virtual router in cloudstack
+ fix(dhcp): Guard against FileNotFoundError and NameError exceptions
+ fix(apt_configure): disable sources.list if rendering deb822 (#4699)
(LP: #2045086)
+ docs: Add link to contributing to docs (#4725) [Cat Red]
+ chore: remove commented code (#4722)
+ chore: Add log message when create_hostname_file key is false (#4724)
[Cat Red]
+ fix: Correct v2 NetworkManager route rendering (#4637)
+ azure/imds: log http failures as warnings instead of info (#4714)
[Chris Patterson]
+ fix(setup): Relocate libexec on OpenBSD (#4708) [Mina Galić]
+ feat(jinja): better jinja feedback and error catching (#4629)
[Alec Warren]
+ test: Fix silent swallowing of unexpected subp error (#4702)
+ fix: Move cloud-final.service after time-sync.target (#4610)
[Dave Jones] (LP: #1951639)
+ feat(log): Make logger name more useful for __init__.py
+ chore: Remove cc_migrator module (#4690)
+ fix(tests): make cmd/devel/tests work on non-GNU [Mina Galić]
+ chore: Remove cmdline from spelling list (#4670)
+ doc: Document boot status meaning (#4670)
+ doc: Set expectations for new datasources (#4670)
+ ci: Show linkcheck broken links in job output (#4670)
+ dmi: Add support for OpenBSD (#4654) [Mina Galić]
+ ds-identify: fake dmidecode support on OpenBSD (#4654) [Mina Galić]
+ ds-identify: add OpenBSD support in uname (#4654) [Mina Galić]
+ refactor: Ensure '_cfg' in Init class is dict (#4674)
+ refactor: Make event scope required in stages.py (#4674)
+ refactor: Remove unused argument (#4674)
+ chore: Move from lintian to a sphinx spelling plugin (#3639)
+ fix(doc): Fix spelling errors found by sphinxcontrib-spelling (#3639)
+ ci: Add Python 3.13 (#4567)
+ Add AlexSv04047 to CLA signers file (#4671) [AlexSv04047]
+ fix(openbsd): services & build tool (#4660) [CodeBleu]
+ tests/unittests: add a new unit test for network manager net activator
(#4672) [Ani Sinha]
+ Implement DataSourceCloudStack.get_hostname() (#4433) [Phsm Qwerty]
+ net/nm: check for presence of ifcfg files when nm connection files
are absent (#4645) [Ani Sinha]
+ doc: Overhaul debugging documentation (#4578)
+ doc: Move dangerous commands to dev docs (#4578)
+ doc: Relocate file location docs (#4578)
+ doc: Remove the debugging page (#4578)
+ fix(util): Fix boottime to work on OpenBSD (#4667) [Mina Galić]
+ net: allow dhcp6 configuration from generate_fallback_configuration()
[Ani Sinha]
+ net/network_manager: do not set "may-fail" to False for both ipv4 and
ipv6 dhcp [Ani Sinha]
+ feat(subp): Measure subprocess command time (#4606)
+ fix(python3.13): Fix import error for passlib on Python 3.13 (#4669)
+ style(brpm/bddeb): add black and ruff for packages build scripts (#4666)
+ copr: remove TODO.rst from spec file
+ fix(packages/brpm): correct syntax error and typo
+ style(ruff): fix tip target
+ config: Module documentation updates (#4599)
+ refactor(subp): Remove redundant parameter 'env' (#4555)
+ refactor(subp): Remove unused parameter 'target' (#4555)
+ refactor: Remove 'target' boilerplate from cc_apt_configure (#4555)
+ refactor(subp): Re-add return type to subp() (#4555)
+ refactor(subp): Add type information to args (#4555)
+ refactor(subp): Use subprocess.DEVNULL (#4555)
+ refactor(subp): Remove parameter 'combine_capture' (#4555)
+ refactor(subp): Remove unused parameter 'status_cb' (#4555)
+ fix(cli): fix parsing of argparse subcommands (#4559)
[Calvin Mwadime] (LP: #2040325)
+ chore!: drop support for dsa ssh hostkeys in docs and schema (#4456)
+ chore!: do not generate ssh dsa host keys (#4456) [shixuantong]
From 23.4.4
+ fix(nocloud): smbios datasource definition
+ tests: Check that smbios seed works
+ fix(source): fix argument boundaries when parsing cmdline (#4825)
From 23.4.3
+ fix: Handle systemctl when dbus not ready (#4842)
(LP: #2046483)
From 23.4.2
+ fix: Handle invalid user configuration gracefully (#4797)
(LP: #2051147)
From 23.4.1
+ fix: Handle systemctl commands when dbus not ready (#4681)
From 23.4
+ tests: datasourcenone use client.restart to block until done (#4635)
+ tests: increase number of retries across reboot to 90 (#4651)
+ fix: Add schema for merge types (#4648)
+ feat: Allow aliyun ds to fetch data in init-local (#4590) [qidong.ld]
+ azure: report failure to eject as error instead of debug (#4643)
[Chris Patterson]
+ bug(schema): write network-config if instance dir present (#4635)
+ test: fix schema fuzzing test (#4639)
+ Update build-on-openbsd dependencies (#4644) [CodeBleu]
+ fix(test): Fix expected log for ipv6-only ephemeral network (#4641)
+ refactor: Remove metaclass from network_state.py (#4638)
+ schema: non-root fallback to default paths on perm errors (# 4631)
+ fix: Don't loosen the permissions of the log file (#4628)
+ Revert "logging: keep current file mode of log file if its stricter
than the new mode (#4250)"
+ ephemeral: Handle link up failure for both ipv4 and ipv6 (#4547)
+ fix(main): Don't call logging too early (#4595)
+ fix: Remove Ubuntu-specific kernel naming convention assertion (#4617)
+ fix(log): Do not implement handleError with a self parameter (#4617)
+ fix(log): Don't try to reuse stderr logger (#4617)
+ feat: Standardize logging output to stderr (#4617)
+ chore: Sever unmaintained TODO.rst (#4625)
+ test: Skip failing tests
+ distros: Add suse
+ test: Add default hello package version (#4614)
+ fix(net): Improve DHCPv4 SUSE code, add test
+ net: Fix DHCPv4 not enabled on SUSE in some cases [bin456789]
+ fix(schema): Warn if missing dependency (#4616)
+ fix(cli): main source cloud_config for schema validation (#4562)
+ feat(schema): annotation path for invalid top-level keys (#4562)
+ feat(schema): top-level additionalProperties: false (#4562)
+ test: ensure top-level properties tests will pass (#4562)
+ fix(schema): Add missing schema definitions (#4562)
+ test: Fix snap tests (#4562)
+ azure: Check for stale pps data from IMDS (#4596) [Ksenija Stanojevic]
+ test: Undo dhcp6 integration test changes (#4612)
+ azure: update diagnostic from warning level to debug [Chris Patterson]
+ azure/imds: remove limit for connection errors if route present (#4604)
+ [Chris Patterson]
+ [enhancement]: Add shellcheck to CI (#4488) [Aviral Singh]
+ chore: add conventional commits template (#4593)
+ Revert "net: allow dhcp6 configuration from
generate_fallback_configuration()" (#4607)
+ azure: workaround to disable reporting IMDS failures on Azure Stack
[Chris Patterson]
+ cc_apt_pipelining: Update docs, deprecate options (#4571)
+ test: add gh workflows on push to main, update status badges (#4597)
+ util: Remove function abs_join() (#4587)
+ url_helper: Remove unused function retry_on_url_exc() (#4587)
+ cc_resizefs: Add bcachefs resize support (#4594)
+ integration_tests: Support non-Ubuntu distros (#4586)
+ fix(cmdline): fix cmdline parsing with MAC containing cc:
+ azure/errors: include http code in reason for IMDS failure
[Chris Patterson]
+ tests: cloud-init schema --system does not return exit code 2
+ github: allow pull request to specify desired rebase and merge
+ tests: fix integration test expectations of exit 2 on schema warning
+ tests: fix schema test expected cli output Valid schema <type>
+ fix(schema cli): check raw userdata when processed cloud-config empty
+ azure: report failure to host if ephemeral DHCP secondary NIC (#4558)
[Chris Patterson]
+ man: Document cloud-init error codes (#4500)
+ Add support for cloud-init "degraded" state (#4500)
+ status.json: Don't override detail key with error condition (#4500)
+ status: Remove duplicated data (#4500)
+ refactor: Rename exported_errors in status.json (#4500)
+ test: Remove stale status.json value (#4500)
+ tools/render-template: Make yaml loading opt-in, fix setup.py (#4564)
+ Add summit digest/trip report to docs (#4561) [Sally]
+ doc: Fix incorrect statement about `cloud-init analyze`
+ azure/imds: ensure new errors are logged immediately when retrying
(#4468) [Chris Patterson]
+ Clarify boothook docs (#4543)
+ boothook: allow stdout/stderr to emit to cloud-init-output.log
+ summit-notes: add 2023 notes for reference in mailinglist/discourse
+ fix: added mock to stop leaking journalctl that slows down unit test
(#4556) [Alec Warren]
+ tests: maas test for DataSourceMAASLocal get_data
+ maas tests: avoid using CiTest case and prefer pytest.tmpdir fixture
+ MAAS: Add datasource to init-local timeframe
+ Ensure all tests passed and/or are skipped
+ Support QEMU in integration tests
+ fix(read-dependencies): handle version specifiers containing [~!]
+ test: unpin pytest
+ schema: network-config optional network key. route uses oneOf (#4482)
+ schema: add cloud_init_deepest_matches for best error message (#4482)
+ network: warn invalid cfg add /run/cloud-init/network-config (#4482)
+ schema: add network-config support to schema subcommand (#4482)
+ Update version number and merge ChangeLog from 23.3.3 into main (#4553)
+ azure: check for primary interface when performing DHCP (#4465)
[Chris Patterson]
+ Fix hypothesis failure
+ subp: add a log when skipping a file for execution for lack of exe
permission (#4506) [Ani Sinha]
+ azure/imds: refactor max_connection_errors definition (#4467)
[Chris Patterson]
+ chore: fix PR template rendering (#4526)
+ fix(cc_apt_configure): avoid unneeded call to apt-install (#4519)
+ comment difference between sysconfig and NetworkManager renderer (#4517)
[Ani Sinha]
+ Set Debian's default locale to be c.UTF-8 (#4503) (LP: #2038945)
+ Convert test_debian.py to pytest (#4503)
+ doc: fix cloudstack link
+ doc: fix development/contributing.html references
+ doc: hide duplicated links
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen
(#4281)" (#4511) (LP: #2039453)
+ Fix the missing mcopy argument [Vladimir Pouzanov]
+ tests: Add logging fix (#4499)
+ Update upgrade test to account for dhcp6
+ Remove logging of PPID path (#4502)
+ Make Python 3.12 CI test non-experimental (#4498)
+ ds-identify: exit 2 on disabled state from marker or cmdline (#4399)
+ cloud-init-generator: Various performance optimizations (#4399)
+ systemd: Standardize cloud-init systemd enablement (#4399)
+ benchmark: benchmark cloud-init-generator independent of ds-identify
(#4399)
+ tests/integration_tests: add cloud-init disablement coverage (#4399)
+ doc: Describe disabling cloud-init using an environment variable (#4399)
+ fix: cloud-init status --wait broken with KERNEL_CMDLINE (#4399)
+ azure/imds: retry on 429 errors for reprovisiondata (#4470)
[Chris Patterson]
+ cmd: Don't write json status files for non-boot stages (#4478)
+ ds-identify: Allow disable service and override environment (#4485)
[Mina Galić]
+ Update DataSourceNWCS.py (#4496) [shell-skrimp]
+ Add r00ta to CLA signers file
+ Fix override of systemd_locale_conf in rhel [Jacopo Rota]
+ ci(linkcheck): minor fixes (#4495)
+ integration test fix for deb822 URI format (#4492)
+ test: use a mantic-compatible tz in t/i/m/test_combined.py (#4494)
+ ua: shift CLI command from ua to pro for all interactions
+ pro: avoid double-dash when enabling inviddual services on CLI
+ net: allow dhcp6 configuration from generate_fallback_configuration()
(#4474) [Ani Sinha]
+ tests: apt re.search to match alternative ordering of installed pkgs
+ apt: doc apt_pkg performance improvement over subp apt-config dump
+ Tidy up contributing docs (#4469) [Sally]
+ [enhancement]: Automatically linkcheck in CI (#4479) [Aviral Singh]
+ Revert allowing pro service warnings (#4483)
+ Export warning logs to status.json (#4455)
+ Fix regression in package installation (#4466)
+ schema: cloud-init schema in early boot or in dev environ (#4448)
+ schema: annotation of nested dicts lists in schema marks (#4448)
+ feat(apport): collect ubuntu-pro logs if ubuntu-advantage.log present
(#4443)
+ apt_configure: add deb822 support for default sources file (#4437)
+ net: remove the word "on instance boot" from cloud-init generated config
(#4457) [Ani Sinha]
+ style: Make cloudinit.log functions use snake case (#4449)
+ Don't recommend using cloud-init as a library (#4459)
+ vmware: Fall back to vmtoolsd if vmware-rpctool errs (#4444)
[Andrew Kutz]
+ azure: add option to enable/disable secondary ip config (#4432)
+ [Ksenija Stanojevic]
+ Allow installing snaps via package_update_upgrade_install module (#4202)
+ docs: Add cloud-init overview/introduction (#4440) [Sally]
+ apt: install software-properties-common when absent but needed (#4441)
+ sources/Azure: Ignore system volume information folder while scanning
for files in the ntfs resource disk (#4446) [Anh Vo]
+ refactor: Remove unnecessary __main__.py file
+ style: Drop vi format comments
+ cloudinit.log: Use more appropriate exception (#4435)
+ cloudinit.log: Don't configure NullHandler (#4435)
+ commit 6bbbfbbb030831c72b5aa2bba9cb8492f19d56f4
+ cloudinit.log: Remove unnecessary module function and variables (#4435)
+ cloudinit.log: Remove unused getLogger wrapper (#4435)
+ cloudinit.log: Standardize use of cloudinit's logging module (#4435)
+ Remove unnecessary logging wrapper in Cloud class (#4435)
+ integration test: allow pro service warnings (#4447)
+ integration tests: fix mount indentation (#4445)
+ sources/Azure: fix for conflicting reports to platform (#4434)
[Chris Patterson]
+ docs: link the cloud-config validation service (#4442)
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
+ Install gnupg if gpg not found (#4431)
+ Add "phsm" as contributor (#4429) [Phsm Qwerty]
+ cc_ubuntu_advantage: do not rely on uaclient.messages module (#4397)
[Grant Orndorff]
+ tools/ds-identify: match Azure datasource's ds_detect() behavior (#4430)
[Chris Patterson]
+ Refactor test_apt_source_v1.py to use pytest (#4427)
+ sources: do not override datasource detection if None is in list (#4426)
[Chris Patterson]
+ feat: check for create_hostname_file key before writing /etc/hostname
(SC-1588) (#4330) [Cat Red]
+ Pytestify apt config test modules (#4424)
+ upstream gentoo patch (#4422)
+ Work around no instance ip (#4419)
+ Fix typing issues in subp module (#4401)
+ net: fix ipv6_dhcpv6_stateful/stateless/slaac configuration for rhel
(#4395) [Ani Sinha]
+ Release 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: fix mount indentation (#4405)
+ Use grep for faster parsing of cloud config in ds-identify (#4327)
[Scott Moser] (LP: #2030729)
+ doc: fix instructions on how to disable cloud-init from kernel command
line (#4406) [Ani Sinha]
+ doc/vmware: Update contents relevant to disable_vmware_customization
[PengpengSun]
+ Bring back flake8 for python 3.6 (#4394)
+ integration tests: Fix cgroup parsing (#4402)
+ summary: Update template parameter descriptions in docs [MJ Moshiri]
+ Log PPID for better debugging (#4398)
+ integration tests: don't clean when KEEP_* flags true (#4400)
+ clean: add a new option to clean generated config files [Ani Sinha]
+ pep-594: drop deprecated pipes module import
From 23.3.3
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
From 23.3.2
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen"
(#4281) (#4511) (LP: #2039453)
From 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: Fix cgroup parsing (#4402)
- Add cloud-init-direxist.patch (bsc#1236720)
+ Make sure the directory exists, if not create it, before writing in that
location.
- Support python 3.13 (bsc#1233649):
+ pep-594-drop-pipes.patch, gh#canonical/cloud-init#4392
+ cloud-init-fix-python313.patch, gh#canonical/cloud-init#4669
+ cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch gh#canonical/cloud-init#5052
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- curl
-
- Security fixes:
* CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631)
* CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632)
* CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635)
* CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636)
* CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638)
* sws: prevent "connection monitor" to say disconnect twice (bsc#1259362)
* Add patches:
- curl-CVE-2026-4873.patch
- curl-CVE-2026-5545.patch
- curl-CVE-2026-6253.patch
- curl-CVE-2026-6276.patch
- curl-CVE-2026-6429.patch
- curl-CVE-2026-1965-disable-ntlm-fix.patch
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- glibc
-
- resolv-count-resource-records.patch: resolv: Count records correctly
(CVE-2026-4437, bsc#1260078, BZ #34014)
- resolv-check-hostname.patch: resolv: Check hostname for validity
(CVE-2026-4438, bsc#1260082, BZ #34015)
- nss-missing-checks.patch: nss: Missing checks in __nss_configure_lookup,
__nss_database_get (bsc#1258319, BZ #28940)
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix: [bsc#1256389] (gpg.fail/filename)
* GnuPG Accepts Path Separators and Path Traversals in Literal Data "Filename" Field
* Add gnupg-accepts-path-separators-literal-data.patch
- grub2
-
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* 0001-ieee1275-Use-net-config-for-boot-location-instead-of.patch
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* grub2-btrfs-01-add-ability-to-boot-from-subvolumes.patch
* grub2-btrfs-09-get-default-subvolume.patch
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- Fix error "grub-core/script/lexer.c:352:out of memory" after PowerPC CAS
Reboot (bsc#1254299)
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
- iproute2
-
- add CVE fix (CVE-2024-58251 bsc#1254324)
* ss-escape-characters-in-command-name.patch
- jq
-
- Add patch CVE-2025-9403.patch (CVE-2025-9403, bsc#1248600)
- kernel-default
-
- kabi assert ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- kabi ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- commit a41488d
- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit 64e874a
- x86/CPU/AMD: Prevent improper isolation of shared resources
in Zen2's op cache (bsc#1264013 CVE-2025-54518).
- commit f788381
- io-wq: check that the predecessor is hashed in
io_wq_remove_pending() (git-fixes).
- commit fcb4942
- net: skbuff: propagate shared-frag marker through pskb_copy()
(CVE-2026-46300 bsc#1265209).
- commit 7c5b30e
- disable unsupported CONFIG_AFS_FS and CONFIG_AF_RXRPC
- commit 52e00eb
- supported.conf: drop rxrpc and afs_fs (bsc#1264450)
- commit 8bd3950
- xfrm: esp: avoid in-place decrypt on shared skb frags
(bsc#1264449).
- commit 871ac04
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 00dc708
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit 3756951
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit ce64565
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit 99d9260
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit 1c6e33a
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit d921544
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit 984f87d
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit 7619339
- netfilter: bpf: defer hook memory release until rcu readers
are done (CVE-2026-23412 bsc#1261412).
- commit 1299d5b
- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23381 bsc#1260471).
- commit 21aa5bd
- clsact: Fix use-after-free in init/destroy rollback asymmetry
(CVE-2026-23413 bsc#1261498).
- commit eaf3b22
- icmp: fix NULL pointer dereference in icmp_tag_validation()
(CVE-2026-23398 bsc#1260730).
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23293 bsc#1260486).
- commit 05f5f64
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
(CVE-2026-23274 bsc#1260005).
- commit b61cf0b
- netfilter: nf_tables: always walk all pending catchall elements
(CVE-2026-23278 bsc#1259998).
- commit bde2f22
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 4898783
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- commit dd3433a
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- commit 546f802
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit aa72668
- xen/privcmd: unregister xenstore notifier on module exit
(git-fixes).
- commit 0c94fec
- xen/privcmd: restrict usage in unprivileged domU (bsc#1259707
CVE-2026-31788).
- commit 0c51260
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (CVE-2026-23317 bsc#1260562).
- commit 62d1ba3
- Delete
patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch.
See bsc#1257506.
The git-fix being removed had issues and needs to be redesigned.
In the mean time, reverting this addresses the problem.
See:
> https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47
- commit 14d63c6
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit f09c977
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit b964f1d
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
(CVE-2026-23231 bsc#1259188).
- netfilter: nf_tables: register hooks last when adding new
chain/flowtable (CVE-2026-23231 bsc#1259188).
- commit fd540e6
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit dff8745
- Use unified maintainers' email address
- commit 3c803fb
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fix).
- commit 4b21ba9
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424).
- commit f8a95c7
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating
an MMIO SPTE (bsc#1259461).
- commit 042631f
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit 9f31a2e
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186,
bsc#1258832).
- commit 4fde182
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: boundary check before installing cq callbacks (git-fixes CVE-2024-38542 bsc#1226591).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- commit 8690084
- s390/ctcm: Fix double-kfree (CVE-2025-40253 bsc#1255084).
- commit a33e581
- Update config files (bsc#1254306).
- commit 3c7bab7
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- commit 165c4b3
- KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (bsc#1253122).
- Refresh
patches.suse/KVM-x86-mmu-Move-private-vs.-shared-check-above-slot.patch.
- commit 1f79320
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit bd83957
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() helper which is required.
- commit 926e136
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit ccf2d31
- Add bugnumber to existing mana change (bsc#1251971).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- commit 425b20d
- Update
patches.suse/btrfs-do-not-strictly-require-dirty-metadata-thresho.patch
(stable-fixes CVE-2026-23157 bsc#1258376).
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-handler.patch
(bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_combined.patch
(bsc#1257952 CVE-2026-23202 bsc#1258338).
- commit 9f4fee7
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e90ec28
- bpf/selftests: test_select_reuseport_kern: Remove unused header
(bsc#1257603).
- commit 3124f7b
- smb: client: short-circuit in open_cached_dir_by_dentry()
if !dentry (git-fixes).
- commit 82d6911
- smb: client: ensure open_cached_dir_by_dentry() only returns
valid cfid (git-fixes).
- commit d1feafe
- smb: client: split cached_fid bitfields to avoid shared-byte
RMW races (bsc#1250748,bsc#1257154).
- commit e7ce4ba
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository
- commit 0d24c51
- smb: improve directory cache reuse for readdir operations
(bsc#1252712).
- commit 20c0243
- smb: client: remove unused fid_lock (git-fixes).
- commit ed3cf07
- smb: client: update cfid->last_access_time in
open_cached_dir_by_dentry() (git-fixes).
- commit 1962196
- cifs: add new field to track the last access time of cfid
(git-fixes).
- commit 7328aa8
- smb: change return type of cached_dir_lease_break() to bool
(git-fixes).
- commit da8604d
- ipv6: Fix use-after-free in inet6_addr_del() (CVE-2026-23010
bsc#1257332).
- commit 0f213a3
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 16880ae
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit b3a8e60
- Update
patches.suse/ALSA-hda-Fix-missing-pointer-check-in-hda_component_.patch
(git-fixes CVE-2025-40097 bsc#1252900).
- Update
patches.suse/ASoC-stm32-sai-fix-OF-node-leak-on-probe.patch
(git-fixes CVE-2025-71081 bsc#1256609).
- Update
patches.suse/KEYS-trusted-Fix-a-memory-leak-in-tpm2_load_cmd.patch
(git-fixes CVE-2025-71147 bsc#1257158).
- Update
patches.suse/btrfs-fix-adding-block-group-to-a-reclaim-list-and-t.patch
(git-fixes CVE-2024-42103 bsc#1228490).
- Update
patches.suse/btrfs-fix-invalid-inode-pointer-dereferences-during-.patch
(git-fixes CVE-2025-38243 bsc#1246184).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53714
bsc#1254465).
- Update
patches.suse/drm-ttm-Avoid-NULL-pointer-deref-for-evicted-BOs.patch
(git-fixes CVE-2025-71083 bsc#1256610).
- Update
patches.suse/ftrace-Also-allocate-and-copy-hash-for-reading-of-filter-f.patch
(bsc#1250032 CVE-2025-39813 CVE-2025-39689 bsc#1249307).
- Update
patches.suse/hwmon-w83791d-Convert-macros-to-functions-to-avoid-T.patch
(git-fixes CVE-2025-71111 bsc#1256728).
- Update
patches.suse/ipmi-Rework-user-message-limit-handling.patch
(git-fixes CVE-2025-40202 bsc#1253451).
- Update
patches.suse/media-adv7842-Avoid-possible-out-of-bounds-array-acc.patch
(git-fixes CVE-2025-71136 bsc#1256759).
- Update
patches.suse/media-dvb-usb-dtv5100-fix-out-of-bounds-in-dtv5100_i.patch
(git-fixes CVE-2025-68819 bsc#1256664).
- Update
patches.suse/media-vidtv-initialize-local-pointers-upon-transfer-.patch
(git-fixes CVE-2025-68808 bsc#1256682).
- Update
patches.suse/perf-x86-intel-Fix-crash-in-icl_update_topdown_event.patch
(git-fixes CVE-2025-38322 bsc#1246447).
- Update
patches.suse/platform-chrome-cros_ec_ishtp-Fix-UAF-after-unbindin.patch
(git-fixes CVE-2025-68804 bsc#1256617).
- Update
patches.suse/powerpc-64s-slb-Fix-SLB-multihit-issue-during-SLB-preload.patch
(bac#1236022 ltc#211187 CVE-2025-71078 bsc#1256616).
- Update
patches.suse/smb-client-fix-warning-when-reconnecting-channel.patch
(git-fixes CVE-2025-38379 bsc#1247030).
- Update
patches.suse/tcp_bpf-Call-sk_msg_free-when-tcp_bpf_send_verdict-f.patch
(bsc#1250705 CVE-2025-39913).
- Update
patches.suse/trace-fgraph-Fix-the-warning-caused-by-missing-unregister-.patch
(bsc#1248211 CVE-2025-38539 CVE-2025-39829 bsc#1250082).
- Update
patches.suse/usb-dwc3-fix-fault-at-system-suspend-if-device-was-a.patch
(git-fixes CVE-2024-53070 bsc#1233563).
- Update
patches.suse/usb-typec-ucsi-glink-fix-off-by-one-in-connector_sta.patch
(git-fixes CVE-2024-53149 bsc#1234842).
- Update
patches.suse/usb-xhci-Fix-invalid-pointer-dereference-in-Etron-wo.patch
(git-fixes CVE-2025-37813 bsc#1242909).
- Update
patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return.patch
(bsc#1256528 CVE-2025-22047 bsc#1241437).
- commit fbc3d71
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- commit bcf0129
- btrfs: do not strictly require dirty metadata threshold for
metadata writepages (stable-fixes).
- commit b83c55a
- scripts: obsapi: Support URL trailing / in oscrc
- commit 596ed59
- scripts: uploader: Handle missing upstream in is_pr_open
- commit e7d7408
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit d911768
- shrink_slab_memcg: clear_bits of skipped shrinkers
(bsc#1256564).
- commit 1a156a1
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 35a165f
- scripts: uploader: Fix no change condition for _maintainership.json
- commit 792d98c
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- commit b6299d5
- scripts: uploader: Only reset branch when there is no open PR
Resetting the branch closes any PR which is disruptive.
With project repositories that get a lot of changes this would reset too
often if reset was enabled causing unmergeable PRs.
Yet it is necessary to reset to be able to get up-to-date state for a
new PR.
With this branch reset can be enabled for maintainership update.
- commit 60e8156
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- remove an Intel CPU model change which is already part of the base kernel
- remove a bpf CVE change which is already part of the base kernel
- commit 6def8a1
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit e28ac6a
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 74dac8b
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- net/handshake: duplicate handshake cancellations leak socket
(CVE-2025-68775 bsc#1256665).
- commit 5f03ae0
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit 83400eb
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 400a381
- scsi: sg: Do not sleep in atomic context (CVE-2025-40259
bsc#1254845).
- commit 386a47a
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- commit eb0fac0
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit 238038b
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit fdc5baf
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 87d4295
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- gcc15
-
- Add gcc14-bsc1257463.patch to fix bogus expression simplification
[bsc#1257463]
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- openldap2
-
- jsc#PED-15735 - expose ldap_log.h in -devel
* 0246-Include-ldap_log.h-in-devel.patch
- retcon .changes to satisfy source validator
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- nfs-utils
-
- Fix access checks when mounting subdirectories in NFSv3
(CVE-2025-12801 bsc#1259204)
- add Fix-access-checks-when-mounting-subdirectories-in-NFSv3.patch
- add NFS-export-symlink-vulnerability-fix.patch
- add configure-check-for-rpc_gss_seccreate.patch
- add mountd-Minor-refactor-of-get_rootfh.patch
- add mountd-Separate-lookup-of-the-exported-directory-and-the-m.patch
- add support-Add-a-mini-library-to-extract-and-apply-RPC-creden.patch
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505)
- nghttp2
-
- added patches
https://github.com/nghttp2/nghttp2/commit/61caf66f1b002105e5603fba030de57d445330a8
* nghttp2-TZ-fix-test-failure.patch
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- openssl-3
-
- Enable MD2 in legacy provider (jsc#PED-15724)
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* NULL pointer dereference when processing an OCSP response
(bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch openssl-CVE-2026-28388-tests.patch
openssl-CVE-2026-28389.patch openssl-CVE-2026-31789.patch
openssl-CVE-2026-31790.patch openssl-CVE-2026-31790-tests.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and crashes (bsc#1260755)
* libpng16-CVE-2026-33636.patch
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- python3
-
- Add CVE-2026-6019-Morsel-js_output.patch protects against HTML
injection by Base64-encoding cookie values embedded in JS
(bsc#1262654, CVE-2026-6019, gh#python/cpython#90309).
- Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects
CR/LF in HTTP tunnel request headers (bsc#1261969,
CVE-2026-1502, gh#python/cpython#146211).
- Add CVE-2026-4786-webbrowser-open-action.patch, which fixes
webbrowser %action substitution bypass of dash-prefix check
(bsc#1262319, CVE-2026-4786, gh#python/cpython#148169).
- Add CVE-2026-6100-use-after-free-decompression.patch preventing
dangling pointer which can end in the use-after-free error
(CVE-2026-6100, bsc#1262098, gh#python/cpython#148395).
- Fix calling of sphinx build with non-standard Python
interpreter (including new patch sphinx-set-PYTHON.patch).
- Add CVE-2026-3446-base64-padding.patch preventing ignoring
excess Base64 data after the first padded quad (bsc#1261970,
CVE-2026-3446, gh#python/cpython#145264).
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- Security fixes:
* CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() (bsc#1258049)
* CVE-2026-0965: Possible Denial of Service when parsing unexpected
configuration files (bsc#1258045)
* CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054)
* CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
* CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
* Add patches:
- libssh-CVE-2026-0964-scp-Reject-invalid-paths-received-thro.patch
- libssh-CVE-2026-0965-config-Do-not-attempt-to-read-non-regu.patch
- libssh-CVE-2026-0966-misc-Avoid-heap-buffer-underflow-in-ss.patch
- libssh-CVE-2026-0966-tests-Test-coverage-for-ssh_get_hexa.patch
- libssh-CVE-2026-0966-doc-Update-guided-tour-to-use-SHA256-f.patch
- libssh-CVE-2026-0967-match-Avoid-recursive-matching-ReDoS.patch
- libssh-CVE-2026-0968-sftp-Sanitize-input-handling-in-sftp_p.patch
- systemd
-
- Import commit c89ea566d98c8e3fb29a5b8edd4576b135b4bc92
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 626ffc7844795870235d15c6daab695f2d53a11e
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 75eab961ea843dc161707d4af0789b018d499676
- 8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 5caaa71f4a7b00e6a6ceb396d08486af73687d45
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no
files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the
services. It can be safely removed once the update is complete.
- Import commit 00ba3646e6cb3ce40bb3de3e92f93ebec0adce6d
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449)
- tpm2-0-tss
-
- add Requires to libtss2-fapi to pull in the tss user (bsc#1258720).
Otherwise, when installing libtss2-fapi on its own, errors from
systemd-tmpfiles can appear.
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- makedumpfile
-
- makedumpfile-Fix-data-race-in-multi-threading-mode.patch: Fix a
data race in multi-threading mode (--num-threads=N)
(bsc#1245569, bsc#1256455).
- openssh
-
- Added openssh-cve-2026-35385-scp-setuid-modes.patch (bsc#1261427),
ensuring setuid bits default to being masked out by scp.
- Added openssh-cve-2026-35414-mishandled-ca-commas.patch
(bsc#1261430), fixing mishandling of comma characters in CA in
certain situations.
- python-MarkupSafe
-
- update to 2.1.3:
* Implement ``format_map``, ``casefold``, ``removeprefix``,
and ``removesuffix`` methods.
* Fix static typing for basic ``str`` methods on ``Markup``.
* Use ``Self`` for annotating return types. :pr:`379`
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 2.1.2:
* Fix ``striptags`` not stripping tags containing newlines.
- Patch PKG-INFO to avoid pip failing on Python 3.6 with
`ERROR: Package 'MarkupSafe' requires a different Python:
3.6.15 not in '>=3.7'`.
- Require python 3.6. There is no need to require a newer version and
this way it builds on openSUSE Leap >= 15.3
- specfile:
* update copyright year
* require python >= 3.7
- update to version 2.1.1:
* Avoid ambiguous regex matches in "striptags". :pr:`293`
- changes from version 2.1.0:
* Drop support for Python 3.6. :pr:`262`
* Remove "soft_unicode", which was previously deprecated. Use
"soft_str" instead. :pr:`261`
* Raise error on missing single placeholder during string
interpolation. :issue:`225`
* Disable speedups module for GraalPython. :issue:`277`
- skip building for Python 2.x
- Update to v2.0.1
* Mark top-level names as exported so type checking understands
imports in user projects.
* Fix some types that weren’t available in Python 3.6.0.
- Update to v2.0.0
* Drop Python 2.7, 3.4, and 3.5 support.
* Markup.unescape uses html.unescape() to support HTML5 character
references. #117
* Add type annotations for static typing tools. #149
- allow tests to be disabled (still on by default)
- Update to 1.1.1:
* Fix segfault when __html__ method raises an exception when
using the C speedups. The exception is now propagated
correctly. (#109)
- Update to v1.1.0
- Drop support for Python 2.6 and 3.3.
- Build wheels for Linux, Mac, and Windows, allowing systems without
a compiler to take advantage of the C extension speedups
- Use newer CPython API on Python 3, resulting in a 1.5x speedup
- ``escape`` wraps ``__html__`` result in ``Markup``, consistent with
documented behavior
- Switch to using pytest in %check as setup.py test no longer works
- Use more precise URL https://github.com/pallets/markupsafe
- Add docs/ to %doc, including the changelog
- Remove AUTHORS from %doc, removed upstream in 6247e015
- Use %license instead of %doc [bsc#1082318]
- python-PyJWT
-
- Add CVE-2026-32597_crit-header.patch to reject the crit
(Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
CVE-2026-32597).
- Update to version 2.8.0
* Update python version test matrix by @auvipy in #895
* Add ``strict_aud`` as an option to ``jwt.decode`` by @woodruffw in #902
* Export PyJWKClientConnectionError class by @daviddavis in #887
* Allows passing of ssl.SSLContext to PyJWKClient by @juur in #891
- Skip test_get_jwt_set_sslcontext_default test in testsuite
- update to version 2.7.0
* Add classifier for Python 3.11 by @eseifert in #818
* Add Algorithm.compute_hash_digest and use it to implement at_hash validation example by @sirosen in #775
* fix: use datetime.datetime.timestamp function to have a milliseconds by @daillouf in #821
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #825
* Custom header configuration in jwk client by @thundercat1 in #823
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #828
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #833
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #835
* Add PyJWT._{de,en}code_payload hooks by @akx in #829
* Add sort_headers parameter to api_jwt.encode by @evroon in #832
* Make mypy configuration stricter and improve typing by @akx in #830
* Bump actions/stale from 6 to 7 by @dependabot in #840
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #838
* Add more types by @Viicos in #843
* Differentiate between two errors by @irdkwmnsb in #809
* Fix _validate_iat validation by @Viicos in #847
* Improve error messages when cryptography isn't installed by @Viicos in #846
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #852
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #855
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #859
* Make Algorithm an abstract base class by @Viicos in #845
* docs: correct mistake in the changelog about verify param by @gbillig in #866
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #868
* Bump actions/stale from 7 to 8 by @dependabot in #872
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #874
* Add a timeout for PyJWKClient requests by @daviddavis in #875
* Add client connection error exception by @daviddavis in #876
* Add complete types to take all allowed keys into account by @Viicos in #873
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #878
* Build and upload PyPI package by @jpadilla in #884
* Fix for issue #862 - ignore invalid keys in a jwks. by @timw6n in #863
* Add as_dict option to Algorithm.to_jwk by @fluxth in #881
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- Clean up SPEC file.
- Update to 2.6.0
Changed
* bump up cryptography >= 3.4.0 by @jpadilla in #807
* Remove types-cryptography from crypto extra by @lautat in #805
Fixed
* Invalidate token on the exact second the token expires #797
* fix: version 2.5.0 heading typo by @c0state in #803
Added
* Adding validation for issued_at when iat > (now + leeway) as ImmatureSignatureError by @sriharan16 in #794
- Update to 2.5.0
* Bump actions/checkout from 2 to 3 by @dependabot in #758
* Bump codecov/codecov-action from 1 to 3 by @dependabot in #757
* Bump actions/setup-python from 2 to 3 by @dependabot in #756
* adding support for compressed payloads by @danieltmiles in #753
* Revert "adding support for compressed payloads" by @auvipy in #761
* Add to_jwk static method to ECAlgorithm by @leonsmith in #732
* Remove redundant wheel dep from pyproject.toml by @mgorny in #765
* Adjust expected exceptions in option merging tests for PyPy3 by @mgorny in #763
* Do not fail when an unusable key occurs by @DaGuich in #762
* Fixes for pyright on strict mode by @brandon-leapyear in #747
* Bump actions/setup-python from 3 to 4 by @dependabot in #769
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #770
* docs: fix simple typo, iinstance -> isinstance by @timgates42 in #774
* Expose get_algorithm_by_name as new method by @sirosen in #773
* Remove support for python3.6 by @sirosen in #777
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #778
* Emit a deprecation warning for unsupported kwargs by @sirosen in #776
* Fix typo: priot -> prior by @jdufresne in #780
* Fix for headers disorder issue by @kadabusha in #721
* Update audience typing by @JulianMaurin in #782
* Improve PyJWKSet error accuracy by @JulianMaurin in #786
* Add type hints to jwt/help.py and add missing types dependency by @kkirsche in #784
* Add cacheing functionality for JWK set by @wuhaoyujerry in #781
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #788
* Mypy as pre-commit check + api_jws typing by @JulianMaurin in #787
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #791
* Bump version to 2.5.0 by @jpadilla in #801
- python-attrs
-
- remove outdated constructs, we no longer support < 3.8
- python-blinker
-
- Remove no-stdpy-pyc.patch
- Call directly to the sphinx module with the specific python
interpreter to avoid the usage of default python, bsc#1213698.
- Add no-stdpy-pyc.patch which makes Sphinx not to generate
* .pyc files for the Python interpreter it uses for generating
documentation.
- Update to 1.6.2:
* Type annotations are not evaluated at runtime. typing-extensions
is not a runtime dependency. :pr:`94`
- 1.6.1:
* Ensure that py.typed is present in the distributions (to enable
other projects to use blinker's typing).
* Require typing-extensions > 4.2 to ensure it includes ParamSpec.
:issue:`90`
- 1.6:
* Add a muted context manager to temporarily turn off a signal.
:pr:`84`
* Allow int senders (alongside existing string senders). :pr:`83`
* Add a send_async method to the Signal to allow signals to send to
coroutine receivers. :pr:`76`
* Update and modernise the project structure to match that used by
the pallets projects. :pr:`77`
* Add an intial set of type hints for the project.
- move documentation into the main package for SLE15
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- Fix documentation generation.
- specfile:
* update copyright year
* remove patch python-blinker-remove-nose.patch; included upstream
* docs and license changed to .rst
* build docs using Sphinx
- update to version 1.5:
* Support Python >= 3.7 and PyPy. Python 2, Python < 3.7, and Jython
may continue to work, but the next release will make incompatible
changes.
- use pytest instead of deprecated nose
- added patches
https://github.com/jek/blinker/pull/60
+ python-blinker-remove-nose.patch
- Fix fdupes call
- Trim bias from description.
- Remove superfluous devel dependency for noarch package
- python-cffi
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- add 8a3c2c816d789639b49d3ae867213393ed7abdff.patch to resolve
testsuite failures with Python 3.11
- python-configobj
-
- Add remove_six.patch (gh#DiffSK/configobj#239) removing the
need for six.
- python-iniconfig
-
- Don't catchall filelist
- Clean dependencies
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 2.0.0:
* Drop Python 3.6
* Add Python 3.11 support
* type hints added
- use gh tarball for tests
- Add python-py as test dependency
- BuildRequire itself when building test flavour.
- python-jsonpointer
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 2.3:
* Support setting - for arrays
* Add join and / operator
* Fix invalid escape sequences
- update to 2.2:
* Add method and add classmethod tag
* Add test for get_parts
- Use libalternatives instead of update-alternatives.
- update to 2.1:
* py 3.7-3.9 support
* Avoid converting readme to rST for PyPI upload
* Fix typos in messages
* Use SVG versions of status icons in README.md
- Use noun phrase in descriptions.
- Update to 2.0:
* Fix typos in messages
* Accept pointer as argument in commandline utility
- Run tests
- Remove superfluous devel dependency for noarch package
- python-jsonschema
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- Create subpackages for [format] and [format-nongpl] extras
* required by the tests for python-jupyter-server
- Test in _multibuild in order to check that the rpm requirements
are set correctly
- update to 4.17.3:
* No nice changelog provided upstream
Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.17.2...v4.17.3
- update to 4.17.2:
* No nice changelog provided upstream
Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.17.1...v4.17.2
- update to 4.17.1:
* No nice changelog provided upstream
Full Changelog: https://github.com/python-jsonschema/jsonschema/compare/v4.17.0...v4.17.1
- update to 4.17.0:
* The check_schema method on jsonschema.protocols.Validator instances now enables format validation by default when run. This can catch some additional invalid schemas (e.g. containing invalid regular expressions) where the issue is indeed uncovered by validating against the metaschema with format validation enabled as an assertion.
* The jsonschema CLI (along with jsonschema.cli the module) are now deprecated. Use check-jsonschema instead, which can be installed via pip install check-jsonschema and found here.
* Make ErrorTree have a more grammatically correct repr.
- Clean up specfile
* remove obsolete setuptools BuildRequirements
* remove old distro python <= 3.6 directives
* update outdated description
- change dependency from hatch_fancy_pypi_readme to hatch-fancy-pypi-readme
- update to 4.16.0:
* Improve the base URI behavior when resolving a $ref to a resolution URI
which is different from the resolved schema's declared $id.
* Accessing jsonschema.draftN_format_checker is deprecated. Instead, if you
want access to the format checker itself, it is exposed as
jsonschema.validators.DraftNValidator.FORMAT_CHECKER on any
jsonschema.protocols.Validator.
- update to 4.15.0:
* Enable dedicated API documentation page(s) by @Julian in #989
- update to 4.14.0:
* FormatChecker.cls_checks is deprecated. Use FormatChecker.checks on
an instance of FormatChecker instead.
* unevaluatedItems has been fixed for draft 2019. It's nonetheless
discouraged to use draft 2019 for any schemas, new or old.
* Fix a number of minor annotation issues in protocols.Validator
- update to 4.13.0:
* Add support for creating validator classes whose metaschema uses a different
dialect than its schemas. In other words, they may use draft2020-12 to define
which schemas are valid, but the schemas themselves use draft7 (or a custom
dialect, etc.) to define which instances are valid. Doing this is likely
not something most users, even metaschema authors, may need, but occasionally
will be useful for advanced use cases.
- update to 4.12.1:
* Use rST markers in README by @hynek in #987
- update to 4.12.0:
- Warn at runtime when subclassing validator classes. Doing so was not
intended to be public API, though it seems some downstream libraries
do so. A future version will make this an error, as it is brittle and
better served by composing validator objects instead. Feel free to reach
out if there are any cases where changing existing code seems difficult
and I can try to provide guidance.
- update to 4.11.0:
- jsonschema deserves a fancy readme by @hynek in #983
- add new dependency hatch_fancy_pypi_readme
- update to 4.10.3:
- jsonschema.validators.validator_for now properly uses the explicitly
provided default validator even if the $schema URI is not found.
- update to 4.10.2:
- Fix a second place where subclasses may have added attrs attributes (#982).
- update to 4.10.1:
- Fix Validator.evolve (and APIs like iter_errors which call it) for cases
where the validator class has been subclassed. Doing so wasn't intended to be
public API, but given it didn't warn or raise an error it's of course
understandable. The next release however will make it warn (and a future one
will make it error). If you need help migrating usage of inheriting from a
validator class feel free to open a discussion and I'll try to give some
guidance (#982).
- accept SR#1005905 to convert this to using Twisted instead of
pytest
- update to 4.10.0:
Add support for referencing schemas with $ref across different versions
of the specification than the referrer's
- update to 4.9.1:
Update some documentation examples to use newer validator releases in their
sample code.
- update to 4.9.0:
- Fix relative $ref resolution when the base URI is a URN or other scheme (#544).
- pkgutil.resolve_name is now used to retrieve validators
provided on the command line. This function is only available on
3.9+, so 3.7 and 3.8 (which are still supported) now rely on the
pkgutil_resolve_name <https://pypi.org/project/pkgutil_resolve_name/>_
backport package. Note however that the CLI itself is due
to be deprecated shortly in favor of check-jsonschema
<https://github.com/python-jsonschema/check-jsonschema>_.
- update to 4.8.0:
* ``best_match`` no longer traverses into ``anyOf`` and ``oneOf`` when all of
the errors within them seem equally applicable. This should lead to clearer
error messages in some cases where no branches were matched.
- update to 4.7.2:
* Fix best_match's type matching when it's an array.
- update to 4.7.1:
* Minor case correction for PyPI links
- update to 4.7.0:
* Enhance best match to prefer errors from matching types. by @Julian in #972
- update to 4.6.2:
* docs: Fix a few typos by @timgates42 in #969
- update to 4.6.1:
* Type annotate format checker methods by @sirosen in #958
* Fix fuzzer to include instrumentation by @DavidKorczynski in #965
* [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #967
- update to 4.6.0:
* Add package_url for changelog by @fhightower in #950
* Only validate unevaluated properties/items on applicable types by @EpicWink in #949
* Add v4.5.1 to changelog by @sirosen in #956
* Modernize the packaging setup via PEP 621 and Hatch. by @Julian in #957
- update to 4.5.1:
* Revert changes to ``$dynamicRef`` which caused a performance regression
in v4.5.0
* Validator classes for each version now maintain references to the correct
corresponding format checker (#905)
* Development has moved to a `GitHub organization
<https://github.com/python-jsonschema/>`_.
No functional behavior changes are expected from the change.
- Update to 4.4.0
* Add mypy support (#892)
* Add support for Python 3.11
- Release 4.3.3
* Properly report deprecation warnings at the right stack level
(#899)
- Release 4.3.2
* Additional performance improvements for resolving refs (#896)
- Release 4.3.1
* Resolving refs has had performance improvements (#893)
- Release 4.3.0
* Fix undesired fallback to brute force container uniqueness
check on certain input types (#893)
* Implement a PEP544 Protocol for validator classes (#890)
- Release 4.2.1
* Pin importlib.resources from below (#877)
- Release 4.2.0
* Use importlib.resources to load schemas (#873)
* Ensure all elements of arrays are verified for uniqueness by
uniqueItems (#866)
- Release 4.1.2
* Fix dependentSchemas to properly consider non-object instances
to be valid (#850)
- Release 4.1.1
* Fix prefixItems not indicating which item was invalid within
the instance path (#862)
- Release 4.1.0
* Add Python 3.10 to the list of supported Python versions
- Release 4.0.1
* Fix the declaration of minimum supported Python version (#846)
- Release 4.0.0
* Partial support for Draft 2020-12 (as well as 2019-09). Thanks
to Thomas Schmidt and Harald Nezbeda.
* False and 0 are now properly considered non-equal even
recursively within a container (#686). As part of this change,
uniqueItems validation may be slower in some cases. Please feel
free to report any significant performance regressions, though
in some cases they may be difficult to address given the
specification requirement.
* The CLI has been improved, and in particular now supports a
- -output option (with plain (default) or pretty arguments) to
control the output format. Future work may add additional
machine-parsable output formats.
* Code surrounding DEFAULT_TYPES and the legacy mechanism for
specifying types to validators have been removed, as per the
deprecation policy. Validators should use the TypeChecker
object to customize the set of Python types corresponding to
JSON Schema types.
* Validation errors now have a json_path attribute, describing
their location in JSON path format
* Support for the IP address and domain name formats has been
improved
* Support for Python 2 and 3.6 has been dropped, with
python_requires properly set.
* multipleOf could overflow when given sufficiently large
numbers. Now, when an overflow occurs, jsonschema will fall
back to using fraction division (#746).
* jsonschema.__version__, jsonschema.validators.validators,
jsonschema.validators.meta_schemas and
jsonschema.RefResolver.in_scope have been deprecated, as has
passing a second-argument schema to Validator.iter_errors and
Validator.is_valid.
- Drop webcolors.patch
- Use libalternatives instead of update-alternatives.
- %check: use %pytest rpm macro
- Disable python2 build as indirect build dependencies to
python2-cffi are not resolvable anymore
- python-oauthlib
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to version 3.2.2:
* OAuth2.0 Provider: * CVE-2022-36087
- Also remove the conditional definition of python_module.
- specfile:
* update requirements
- update to version 3.2.1:
* OAuth2.0 Provider: * #803: Metadata endpoint support of non-HTTPS
* CVE-2022-36087, bugzilla # 1203333
* OAuth1.0: * #818: Allow IPv6 being parsed by signature
* General: * Improved and fixed documentation warnings. * Cosmetic
changes based on isort
- specfile:
* update copyright year
- update to version 3.2.0:
* OAuth2.0 Client: * #795: Add Device Authorization Flow for Web
Application * #786: Add PKCE support for Client * #783: Fallback
to none in case of wrong expires_at format.
* OAuth2.0 Provider: * #790: Add support for CORS to metadata
endpoint. * #791: Add support for CORS to token endpoint. * #787:
Remove comma after Bearer in WWW-Authenticate
* OAuth2.0 Provider - OIDC:
+ #755: Call save_token in Hybrid code flow
+ #751: OIDC add support of refreshing ID Tokens with
refresh_id_token
+ #751: The RefreshTokenGrant modifiers now take the same
arguments as the AuthorizationCodeGrant modifiers (token,
token_handler, request).
* General:
+ Added Python 3.9, 3.10, 3.11
+ Improve Travis & Coverage
- update to 3.1.1:
* #753: Fix acceptance of valid IPv6 addresses in URI validation
* #730: Base OAuth2 Client now has a consistent way of managing the `scope`: it consistently
relies on the `scope` provided in the constructor if any, except if overridden temporarily
in a method call. Note that in particular providing a non-None `scope` in
`prepare_authorization_request` or `prepare_refresh_token` does not override anymore
`self.scope` forever, it is just used temporarily.
* #726: MobileApplicationClient.prepare_request_uri and MobileApplicationClient.parse_request_uri_response,
ServiceApplicationClient.prepare_request_body,
and WebApplicationClient.prepare_request_uri now correctly use the default `scope` provided in
constructor.
* #725: LegacyApplicationClient.prepare_request_body now correctly uses the default `scope` provided in constructor
* #711: client_credentials grant: fix log message
* #746: OpenID Connect Hybrid - fix nonce not passed to add_id_token
* #756: Different prompt values are now handled according to spec (e.g. prompt=none)
* #759: OpenID Connect - fix Authorization: Basic parsing
* #716: improved skeleton validator for public vs private client
* #720: replace mock library with standard unittest.mock
* #727: build isort integration
* #734: python2 code removal
* #735, #750: add python3.8 support
* #749: bump minimum versions of pyjwt and cryptography
- drop o_switch_to_unitest_mock.patch (upstream)
- %check: use %pyunittest rpm macro
- Fix patch numbering
- Add patch to switch from external mock to unittest.mock
+ o_switch_to_unitest_mock.patch
- Update to 3.1.0:
* OAuth2.0 Provider - Features * #660: OIDC add support of nonce, c_hash, at_hash fields
* #677: OIDC add UserInfo endpoint - New RequestValidator.get_userinfo_claims method
* #666: Disabling query parameters for POST requests
- specfile:
* be more specific in %files section
- update to version 3.0.2:
* #650: Fixed space encoding in base string URI used in the
signature base string.
* #652: Fixed OIDC /token response which wrongly returned
"&state=None"
* #654: Doc: The value state must not be stored by the AS, only
returned in /authorize response.
* #656: Fixed OIDC "nonce" checks: raise errors when it's mandatory
- Update to version 3.0.1
* Fixed regression introduced in 3.0.0
+ Fixed Revocation & Introspection Endpoints when using Client
Authentication with HTTP Basic Auth.
- from 3.0.0
* General fixes:
+ Add support of python3.7
+ $ and ' are allowed to be unencoded in query strings
+ Request attributes are no longer overriden by HTTP Headers
+ Removed unnecessary code for handling python2.6
+ Several minors updates to setup.py and tox
+ Set pytest as the default unittest framework
* OAuth2.0 Provider - outstanding Features
+ OpenID Connect Core support
+ RFC7662 Introspect support
+ RFC8414 OAuth2.0 Authorization Server Metadata support
+ RFC7636 PKCE support
* OAuth2.0 Provider - API/Breaking Changes
+ Add "request" to confirm_redirect_uri
+ confirm_redirect_uri/get_default_redirect_uri has a bit changed
+ invalid_client is now a FatalError
+ Changed errors status code from 401 to 400:
- invalid_grant:
- invalid_scope:
- access_denied/unauthorized_client/consent_required/login_required
- 401 must have WWW-Authenticate HTTP Header set.
* OAuth2.0 Provider - Bugfixes
+ empty scopes no longer raise exceptions for implicit and authorization_code
* OAuth2.0 Client - Bugfixes / Changes:
+ expires_in in Implicit flow is now an integer
+ expires is no longer overriding expires_in
+ parse_request_uri_response is now required
+ Unknown error=xxx raised by OAuth2 providers was not understood
+ OAuth2's `prepare_token_request` supports sending an empty string for `client_id`
+ OAuth2's `WebApplicationClient.prepare_request_body` was refactored to better
support sending or omitting the `client_id` via a new `include_client_id` kwarg.
By default this is included. The method will also emit a DeprecationWarning if
a `client_id` parameter is submitted; the already configured `self.client_id`
is the preferred option.
* OAuth1.0 Client:
+ Support for HMAC-SHA256
- Removed remove_unittest2.patch made redundant by v3.0.1
- Set minumum version of python-PyJWT >= 1.0.0
- Remove superfluous devel dependency for noarch package
Remove dependency on unittest2
Add remove_unittest2.patch to facilitate that
- specfile:
* fix fdupes call for single-spec
- update to version 2.1.0:
* Fixed some copy and paste typos (#535)
* Use secrets module in Python 3.6 and later (#533)
* Add request argument to confirm_redirect_uri (#504)
* Avoid populating spurious token credentials (#542)
* Make populate attributes API public (#546)
- specfile:
* ran spec-cleaner
- specfile:
* update copyright year
* updated url
- update to version 2.0.7:
* Moved oauthlib into new organization on GitHub.
* Include license file in the generated wheel package. (#494)
* When deploying a release to PyPI, include the wheel
distribution. (#496)
* Check access token in self.token dict. (#500)
* Added bottle-oauthlib to docs. (#509)
* Update repository location in Travis. (#514)
* Updated docs for organization change. (#515)
* Replace G+ with Gitter. (#517)
* Update requirements. (#518)
* Add shields for Python versions, license and RTD. (#520)
* Fix ReadTheDocs build (#521).
* Fixed "make" command to test upstream with local oauthlib. (#522)
* Replace IRC notification with Gitter Hook. (#523)
* Added Github Releases deploy provider. (#523)
- python-passlib
-
- Add patch no-pkg_resources.patch:
* Stop using pkg_resources.
- Switch to pyproject macros.
- add sle15_python_module_pythons
- The disaster of falling tests (see previous record in this
changelog for URL) just continues with test_02_handler_wrapper.
- Skip failing tests and ask upstream for investigation
(https://foss.heptapod.net/python-libs/passlib/-/issues/135).
- python-pyrsistent
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to 0.19.3:
* Fix #264, add wheels and official support for Python 3.11.
* Fix #263, pmap regression in 0.19.1. Element access sometimes unreliable
after insert.
* Fix #159 (through PR #243). Pmap keys/values/items now behave more like the
corresponding Python 3 methods on dicts. Previously they returned a
materialized PVector holding the items, now they return
views instead.
* Fix #244, type for argument to PVector.delete missing.
* Fix #249, rename perf test directory to avoid tripping up automatic
discovery in more recent setuptools versions
* Fix #247, performance bug when setting elements in maps and adding elements
to sets
* Fix #248, build pure Python wheels. This is used by some installers.
* Fix #254, #258, support manylinux_2014_aarch64 wheels.
- update to 0.18.1:
* Add universal wheels for MacOS, thanks @ntamas for this!
* Add support for Python 3.10, thanks @hugovk for this!
* Fix #236 compilation errors under Python 3.10.
* Drop official support for Python 3.6 since it's EOL since 2021-12-23.
* Fix #238, failing doc tests on Python 3.11, thanks @musicinmybrain for this!
- update to 0.18.0:
* Fix #209 Update freeze recurse into pyrsistent data structures and thaw to
recurse into lists and dicts
* Fix #226, stop using deprecated exception.message.
* Fix #211, add union operator to persistent maps.
* Fix #194, declare build dependencies through pyproject.toml.
* Officially drop Python 3.5 support.
* Fix #223, release wheels for all major platforms.
* Fix #221, KeyError obscured by TypeError if key is a tuple.
* Fix LICENSE file name spelling.
* Fix #216, add abstractmethod decorator for CheckedType and ABCMeta for
_CheckedTypeMeta.
* Fix #228, rename example classes in tests to avoid name clashes with pytest.
- Remove remnant requirements of six and numpy: These are neither
used anywhere in the package code, nor in the tests.
- update to 0.17.3:
* Fix #208, release v0.17.3 with proper meta data requiring Python >= 3.5.
* Add "python_requires >= 2.7" to setup.py in preparation for Python 2.7 incompatible updates
* Same as 0.17.1 released with more recent version of setuptools to get proper meta data for in place.
* Restrict package to Python >= 3.5 to not break unpinned Python 2 dependencies. Thanks @vphilippon
* Remove Python 2 support code. This includes dropping some compatibility code and the dependency on
six. Thanks @djailla for this.
* Fix #200, python 3 exception chaining. This is a minor backwards incompatibility, hence stepping
to 0.17.0. Thanks @cool-RR for this!
- update to 0.16.0:
* No major updates but Python 2 support no longer guaranteed.
* Fix #192, 'ignore_extra' for 'pvector_field'. Thanks @ss18 for this!
* Fix #191, include LICENCE in distribution. Thanks @johnthagen for this!
* Fix #190, minor MyPy errors. Thanks @Qhesz for this!
- update to 0.15.7:
* Fix #186, type errors with more recent versions of MyPy. Thanks @qhesz for this!
* Build and test on ARM during CI. Thanks @ossdev07 for this!
* Set absolute imports for python2 compatibility. Thanks @michalvi for this!
* Fix #182 moduleinit name clash.
* Fix #179 Fixed 'ignore_extra' factory parameter for pvector. Thanks @ss18 for this!
- Update to 0.15.4:
* support new pytest
* Fix #174, fix a GC traversal bug in pvector evolver C extension.
- Use pytest4 for testing as pytest 5.x series do not work; bug
was reported upstream
- Update to 0.15.3:
* Fix #172, catch all exceptions during extension build to reduce chance of corner cases that prevents installation.
* Fix #171, in PVector equality comparison don's assume that other object has a length, check before calling len.
* Fix #168, write warning about failing build of C extension directly to stderr to avoid that pip silences it.
* Fix #155, update PMapEvolver type stub to better reflect implementation.
- Update to 0.15.2
* Fix #166, Propagate 'ignore_extra' param in hierarchy. Thanks
@ss18 for this!
* Fix #167, thaw typing. Thanks @nattofriends for this!
* Fix #154, not possible to insert empty pmap as leaf node with
transform.
* Python 3.4 is no longer officially supported since it is EOL
since 2019-03-18.
* Fix #157, major improvements to type hints. Thanks @je-l for
working on this and @nattofriend for reviewing the PR!
- Update to 0.14.11:
* Fix #152 Don't use __builtin_popcount, this hopefully fixes #147 Error in pvectorc.cp37-win_amd64.pyd file, as well.
Thanks @benrg for this!
* Fix #151 Fix compatibility for hypothesis 4. Thanks @felixonmars for this!
* Fix #148, only require pytest-runner if running tests. Thanks @ccorbacho for this!
* Fix #144, Compile pvectormodule.c on windows. Thanks @ganwell for this!
* Fix #142, Improve type stubs. Thanks @arxanas for this!
* Fix #102, add PEP 561 type annotation stubs for most pyrsistent types. Thanks @nattofriends for this!
* Fix #135, Type classes for Python 3 type annotations of pyrsistent types. Thanks @nattofriends for this!
* Fix #128, Allow PClass and PRecord to ignore input parameters to constructor that are not part of the spec
instead of blowing up with a type error. Thanks @agberk for this!
* Fix #137, deprecation warnings in Python 3.7. Thanks @thombashi for this!
* Fix #129, building via setuptools and setup.py. Thanks @galuszkak for this!
- python-pyserial
-
- Switch documentation to be within the main package.
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- update to version 3.5:
New Features:
[#411] Add a backend for Silicon Labs CP2110/4 HID-to-UART bridge. (depends on hid module)
Improvements:
[#315] Use absolute import everywhere
[#354] Make ListPortInfo hashable
[#372] threaded: "write" returns byte count
[#400] Add bytesize and stopbits argument parser to tcp_serial_redirect
[#408] loop: add out_waiting
[#495] list_ports_linux: Correct "interface" property on Linux hosts
[#500] Remove Python 3.2 and 3.3 from test
[#261, #285, #296, #320, #333, #342, #356, #358, #389, #397, #510] doc updates
miniterm: add CTRL+T Q as alternative to exit
miniterm: suspend function key changed to CTRL-T Z
add command line tool entries pyserial-miniterm (replaces miniterm.py) and pyserial-ports (runs serial.tools.list_ports).
python -m serial opens miniterm (use w/o args and it will print port list too) [experimental]
Bugfixes:
[#371] Don't open port if self.port is not set while entering context manager
[#437, #502] refactor: raise new instances for PortNotOpenError and SerialTimeoutException
[#261, #263] list_ports: set default name attribute
[#286] fix: compare only of the same type in list_ports_common.ListPortInfo
rfc2217/close(): fix race-condition
[#305] return b'' when connection closes on rfc2217 connection
[#386] rfc2217/close(): fix race condition
Fixed flush_input_buffer() for situations where the remote end has closed the socket.
[#441] reset_input_buffer() can hang on sockets
examples: port_publisher python 3 fixes
[#324] miniterm: Fix miniterm constructor exit_character and menu_character
[#326] miniterm: use exclusive access for native serial ports by default
[#497] miniterm: fix double use of CTRL-T + s use z for suspend instead
[#443, #444] examples: refactor wx example, use Bind to avoid deprecated warnings, IsChecked, unichr
[#265] posix: fix PosixPollSerial with timeout=None and add cancel support
[#290] option for low latency mode on linux
[#335] Add support to xr-usb-serial ports
[#494] posix: Don't catch the SerialException we just raised
[#519] posix: Fix custom baud rate to not temporarily set 38400 baud rates on linux
[#509 #518] list_ports: use hardcoded path to library on osx
[#542] list_ports_osx: kIOMasterPortDefault no longer exported on Big Sur
[#545, #545] list_ports_osx: getting USB info on BigSur/AppleSilicon
- Remove unnecessary Windows and OSX modules from runtime package
- Remove Mono and Java CLI modules from runtime package
- Activate test suite
- Fix fdupes, hashbangs and executable bits
- Remove non-break-space in python-pyserial.changes with normal space
- Remove superfluous devel dependency for noarch package
- python-urllib3
-
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
- Add CVE-2026-21441.patch to fix excessive resource consumption
during decompression of data in HTTP redirect responses
(bsc#1256331, CVE-2026-21441)
- sed
-
- Add CVE-2026-5958.patch
* Fix CVE-2026-5958 (bsc#1262144):
A TOCTOU race can allow to read attacker-controlled content and write
it to an unintended file
- sudo
-
- CVE-2026-35535: potential privilege escalation when running
the mailer (bsc#1261420)
* fix-CVE-2026-35535.patch
- suse-build-key
-
- import all keys if they are not yet in the RPM db.
- Added post quantum cryptographic keys for SLES 15 and SLES 16.
- build-pqc-15.pem
- build-pqc-16.pem
- suse-module-tools
-
- Update to version 15.6.14:
* 80-hotplug-cpu-mem.rules: remount tmpfs on "online" uevents
(bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- syslogd
-
- Drop last sysvinit Requirement/Provide (PED-13698)
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1.1683-avoid-null-dereference.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf BuildRequires and drop the autoconf call in %build.
* Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1259248 - VUL-0: CVE-2026-23555: xen: Xenstored DoS by
unprivileged domain (XSA-481)
xsa481.patch