- aaa_base
-
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
allow ICMP ping
- added patches
+ git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
current version which includes a rename of patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
the 8 bit escape sequence which interfere with UTF-8 multi byte
characters as well as support the vi mode of readline library.
This is done with the patches
* git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
* git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
before the changed patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
rename it to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
and also add the patches
* git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
* git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- apache2
-
- modified patches
% apache2-CVE-2022-23943.patch (refreshed)
- security update
- added patches
fix CVE-2022-23943 [bsc#1197098], heap out-of-bounds write in mod_sed
+ apache2-CVE-2022-23943.patch
fix CVE-2022-22720 [bsc#1197095], HTTP request smuggling due to incorrect error handling
+ apache2-CVE-2022-22720.patch
fix CVE-2022-22719 [bsc#1197091], use of uninitialized value of in r:parsebody in mod_lua
+ apache2-CVE-2022-22719.patch
fix CVE-2022-22721 [bsc#1197096], possible buffer overflow with very large or unlimited LimitXMLRequestBody
+ apache2-CVE-2022-22721.patch
- security update
- augeas
-
- support new chrony 4.1 options (jsc#SLE-17334)
augeas-new_options_for_chrony.patch
- autofs
-
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
Fix problem with quote handling
(bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
Fix locking problem that causes deadlock when sss used.
(bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
- avahi
-
- Downgrade python3-Twisted to a Recommends. It is not available
on SLED or PackageHub, and it is only needed by avahi-bookmarks
(bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
- bind
-
- When using forwarders, bogus NS records supplied by, or via, those
forwarders may be cached and used by named if it needs to recurse
for any reason, causing it to obtain and pass on potentially
incorrect answers.
[CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- binutils
-
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- c3p0
-
- update to version c3p0 0.9.5.5 and
mchange-commons-java 0.2.19
* Address CVE-2018-20433
* Address CVE-2019-5427 - XML-config parsing related attacks
(bsc#1133198)
* Properly implement the JDBC 4.1 abort method
Removed:
* fix-CVE-2018-20433.patch included upstream
- build with log4j mapper
- Change:
* c3p0-embed-mchange-common.patch
- Enhanced for RHEL8
- cifs-utils
-
- CVE-2022-27239: mount.cifs: fix length check for ip option
parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
* add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- cloud-init
-
- Update to version 21.4 (bsc#1192343, jsc#PM-3181)
+ Also include VMWare functionality for (jsc#PM-3175)
+ Remove patches included upstream:
- cloud-init-purge-cache-py-ver-change.patch
- cloud-init-update-test-characters-in-substitution-unit-test.patch
+ Forward port:
- cloud-init-write-routes.patch
- cloud-init-no-tempnet-oci.patch
+ Add cloud-init-vmware-test.patch
- Test is system dependend, not properly mocked
+ Azure: fallback nic needs to be reevaluated during reprovisioning
(#1094) [Anh Vo]
+ azure: pps imds (#1093) [Anh Vo]
+ testing: Remove calls to 'install_new_cloud_init' (#1092)
+ Add LXD datasource (#1040)
+ Fix unhandled apt_configure case. (#1065) [Brett Holman]
+ Allow libexec for hotplug (#1088)
+ Add necessary mocks to test_ovf unit tests (#1087)
+ Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336)
+ distros: Remove a completed "/TODO"/ comment (#1086)
+ cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)
[dermotbradley]
+ Add "/install hotplug"/ module (SC-476) (#1069) (LP: #1946003)
+ hosts.alpine.tmpl: rearrange the order of short and long hostnames
(#1084) [dermotbradley]
+ Add max version to docutils
+ cloudinit/dmi.py: Change warning to debug to prevent console display
(#1082) [dermotbradley]
+ remove unnecessary EOF string in
disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele
Giuseppe Esposito]
+ Add module 'write-files-deferred' executed in stage 'final' (#916)
[Lucendio]
+ Bump pycloudlib to fix CI (#1080)
+ Remove pin in dependencies for jsonschema (#1078)
+ Add "/Google"/ as possible system-product-name (#1077) [vteratipally]
+ Update Debian security suite for bullseye (#1076) [Johann Queuniet]
+ Leave the details of service management to the distro (#1074)
[Andy Fiddaman]
+ Fix typos in setup.py (#1059) [Christian Clauss]
+ Update Azure _unpickle (SC-500) (#1067) (LP: #1946644)
+ cc_ssh.py: fix private key group owner and permissions (#1070)
[Emanuele Giuseppe Esposito]
+ VMware: read network-config from ISO (#1066) [Thomas Weißschuh]
+ testing: mock sleep in gce unit tests (#1072)
+ CloudStack: fix data-server DNS resolution (#1004)
[Olivier Lemasle] (LP: #1942232)
+ Fix unit test broken by pyyaml upgrade (#1071)
+ testing: add get_cloud function (SC-461) (#1038)
+ Inhibit sshd-keygen@.service if cloud-init is active (#1028)
[Ryan Harper]
+ VMWARE: search the deployPkg plugin in multiarch dir (#1061)
[xiaofengw-vmware] (LP: #1944946)
+ Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493)
+ Use specified tmp location for growpart (#1046) [jshen28]
+ .gitignore: ignore tags file for ctags users (#1057) [Brett Holman]
+ Allow comments in runcmd and report failed commands correctly (#1049)
[Brett Holman] (LP: #1853146)
+ tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050)
[Paride Legovini]
+ Allow disabling of network activation (SC-307) (#1048) (LP: #1938299)
+ renderer: convert relative imports to absolute (#1052) [Paride Legovini]
+ Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045)
[Vlastimil Holer]
+ integration-requirements: bump the pycloudlib commit (#1047)
[Paride Legovini]
+ Allow Vultr to set MTU and use as-is configs (#1037) [eb3095]
+ pin jsonschema in requirements.txt (#1043)
+ testing: remove cloud_tests (#1020)
+ Add andgein as contributor (#1042) [Andrew Gein]
+ Make wording for module frequency consistent (#1039) [Nicolas Bock]
+ Use ascii code for growpart (#1036) [jshen28]
+ Add jshen28 as contributor (#1035) [jshen28]
+ Skip test_cache_purged_on_version_change on Azure (#1033)
+ Remove invalid ssh_import_id from examples (#1031)
+ Cleanup Vultr support (#987) [eb3095]
+ docs: update cc_disk_setup for fs to raw disk (#1017)
+ HACKING.rst: change contact info to James Falcon (#1030)
+ tox: bump the pinned flake8 and pylint version (#1029)
[Paride Legovini] (LP: #1944414)
+ Add retries to DataSourceGCE.py when connecting to GCE (#1005)
[vteratipally]
+ Set Azure to apply networking config every BOOT (#1023)
+ Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603)
+ docs: fix typo and include sudo for report bugs commands (#1022)
[Renan Rodrigo] (LP: #1940236)
+ VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun]
+ Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798)
+ Integration test upgrades for the 21.3-1 SRU (#1001)
+ Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans]
+ Improve ug_util.py (#1013) [Shreenidhi Shedi]
+ Support openEuler OS (#1012) [zhuzaifangxuele]
+ ssh_utils.py: ignore when sshd_config options are not key/value pairs
(#1007) [Emanuele Giuseppe Esposito]
+ Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006)
+ cc_update_etc_hosts: Use the distribution-defined path for the hosts
file (#983) [Andy Fiddaman]
+ Add CloudLinux OS support (#1003) [Alexandr Kravchenko]
+ puppet config: add the start_agent option (#1002) [Andrew Bogott]
+ Fix `make style-check` errors (#1000) [Shreenidhi Shedi]
+ Make cloud-id copyright year (#991) [Andrii Podanenko]
+ Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi]
+ Update ds-identify to pass shellcheck (#979) [Andrew Kutz]
+ Azure: Retry dhcp on timeouts when polling reprovisiondata (#998)
[aswinrajamannar]
+ testing: Fix ssh keys integration test (#992)
- From 21.3
+ Azure: During primary nic detection, check interface status continuously
before rebinding again (#990) [aswinrajamannar]
+ Fix home permissions modified by ssh module (SC-338) (#984)
(LP: #1940233)
+ Add integration test for sensitive jinja substitution (#986)
+ Ignore hotplug socket when collecting logs (#985) (LP: #1940235)
+ testing: Add missing mocks to test_vmware.py (#982)
+ add Zadara Edge Cloud Platform to the supported clouds list (#963)
[sarahwzadara]
+ testing: skip upgrade tests on LXD VMs (#980)
+ Only invoke hotplug socket when functionality is enabled (#952)
+ Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz]
+ cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi]
+ Replace broken httpretty tests with mock (SC-324) (#973)
+ Azure: Check if interface is up after sleep when trying to bring it up
(#972) [aswinrajamannar]
+ Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi]
+ Azure: Logging the detected interfaces (#968) [Moustafa Moustafa]
+ Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz]
+ Azure: Limit polling network metadata on connection errors (#961)
[aswinrajamannar]
+ Update inconsistent indentation (#962) [Andrew Kutz]
+ cc_puppet: support AIO installations and more (#960) [Gabriel Nagy]
+ Add Puppet contributors to CLA signers (#964) [Noah Fontes]
+ Datasource for VMware (#953) [Andrew Kutz]
+ photon: refactor hostname handling and add networkd activator (#958)
[sshedi]
+ Stop copying ssh system keys and check folder permissions (#956)
[Emanuele Giuseppe Esposito]
+ testing: port remaining cloud tests to integration testing framework
(SC-191) (#955)
+ generate contents for ovf-env.xml when provisioning via IMDS (#959)
[Anh Vo]
+ Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski]
+ Implementing device_aliases as described in docs (#945)
[Mal Graty] (LP: #1867532)
+ testing: fix test_ssh_import_id.py (#954)
+ Add ability to manage fallback network config on PhotonOS (#941) [sshedi]
+ Add VZLinux support (#951) [eb3095]
+ VMware: add network-config support in ovf-env.xml (#947) [PengpengSun]
+ Update pylint to v2.9.3 and fix the new issues it spots (#946)
[Paride Legovini]
+ Azure: mount default provisioning iso before try device listing (#870)
[Anh Vo]
+ Document known hotplug limitations (#950)
+ Initial hotplug support (#936)
+ Fix MIME policy failure on python version upgrade (#934)
+ run-container: fixup the centos repos baseurls when using http_proxy
(#944) [Paride Legovini]
+ tools: add support for building rpms on rocky linux (#940)
+ ssh-util: allow cloudinit to merge all ssh keys into a custom user
file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito]
(LP: #1911680)
+ VMware: new "/allow_raw_data"/ switch (#939) [xiaofengw-vmware]
+ bump pycloudlib version (#935)
+ add renanrodrigo as a contributor (#938) [Renan Rodrigo]
+ testing: simplify test_upgrade.py (#932)
+ freebsd/net_v1 format: read MTU from root (#930) [Gonéri Le Bouder]
+ Add new network activators to bring up interfaces (#919)
+ Detect a Python version change and clear the cache (#857)
[Robert Schweikert]
+ cloud_tests: fix the Impish release name (#931) [Paride Legovini]
+ Removed distro specific network code from Photon (#929) [sshedi]
+ Add support for VMware PhotonOS (#909) [sshedi]
+ cloud_tests: add impish release definition (#927) [Paride Legovini]
+ docs: fix stale links rename master branch to main (#926)
+ Fix DNS in NetworkState (SC-133) (#923)
+ tests: Add 'adhoc' mark for integration tests (#925)
+ Fix the spelling of "/DigitalOcean"/ (#924) [Mark Mercado]
+ Small Doc Update for ReportEventStack and Test (#920) [Mike Russell]
+ Replace deprecated collections.Iterable with abc replacement (#922)
(LP: #1932048)
+ testing: OCI availability domain is now required (SC-59) (#910)
+ add DragonFlyBSD support (#904) [Gonéri Le Bouder]
+ Use instance-data-sensitive.json in jinja templates (SC-117) (#917)
(LP: #1931392)
+ doc: Update NoCloud docs stating required files (#918) (LP: #1931577)
+ build-on-netbsd: don't pin a specific py3 version (#913)
[Gonéri Le Bouder]
+ Create the log file with 640 permissions (#858) [Robert Schweikert]
+ Allow braces to appear in dhclient output (#911) [eb3095]
+ Docs: Replace all freenode references with libera (#912)
+ openbsd/net: flush the route table on net restart (#908)
[Gonéri Le Bouder]
+ Add Rocky Linux support to cloud-init (#906) [Louis Abel]
+ Add "/esposem"/ as contributor (#907) [Emanuele Giuseppe Esposito]
+ Add integration test for #868 (#901)
+ Added support for importing keys via primary/security mirror clauses
(#882) [Paul Goins] (LP: #1925395)
+ [examples] config-user-groups expire in the future (#902)
[Geert Stappers]
+ BSD: static network, set the mtu (#894) [Gonéri Le Bouder]
+ Add integration test for lp-1920939 (#891)
+ Fix unit tests breaking from new httpretty version (#903)
+ Allow user control over update events (#834)
+ Update test characters in substitution unit test (#893)
+ cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886)
[dermotbradley]
+ Add AlmaLinux OS support (#872) [Andrew Lukoshko]
- systemctl location (bsc#1193531)
- Add cloud-init-sysctl-not-in-bin.patch
- The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
+ Still need to consider the "/network"/ configuration option
- cloud-regionsrv-client
-
- Update to version 10.0.3 (bsc#1198389)
- Descend into the extension tree even if top level module is recommended
- Cache license state for AHB support to detect type switch
- Properly clean suse.com credentials when switching from SCC to update
infrastructure
- New log message to indicate base product registration success
- Update to version 10.0.2
+ Fix name of logfile in error message
+ Fix variable scoping to properly detect registration error
+ Cleanup any artifacts on registration failure
+ Fix latent bug with /etc/hosts population
+ Do not throw error when attemting to unregister a system that is not
registered
+ Skip extension registration if the extension is recommended by the
baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
+ Provide status feedback on registration, success or failure
+ Log warning message if data provider is configured but no data
can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
+ The repo enablement timer cannot depend on guestregister.service
- Update -addon-azure to 1.0.2 (bsc#1196305)
+ The is-registered() function expects a string of the update server FQDN.
The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
+ Lower case the region hint to reduce issues with Azure region name
case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
+ Refactor removes check_registration() function in utils implementation
+ Only start the registration service for PAYG images
- addon-azure sub-package to version 1.0.1
- cobbler
-
- Fix issues with installation module logging and validation (bsc#1195918)
- Added:
* v3-1-2-log-pollution-3.patch
- Move configuration files ownership to apache (bsc#1195906)
- Make configuration files only readable by root (bsc#1193671, CVE-2021-45083)
- Remove hardcoded test credentials (bsc#1193673)
- Prevent log pollution (bsc#1193675)
- Missing sanity check on MongoDB configuration file (bsc#1193676)
- Incomplete template sanatization (bsc#1193678, CVE-2021-45082)
- Added:
* v3-1-2-incomplete-template-sanatization.patch
* v3-1-2-log-pollution-1.patch
* v3-1-2-log-pollution-2.patch
* v3-1-2-mongodb-sanatiy-check.patch
* v3-1-2-remove-testing-auth.patch
- Modified (updated fuzz):
* fix-for-old-str.join-usage.diff
* remove-redundant-json-suffix.diff
* v3-1-2-arbitrary-file-read-write-plus-RCE.patch
- containerd
-
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- coreutils
-
- coreutils-df-fuse-portal-dummy.patch:
df: Add "/fuse.portal"/ as a dummy file system (used in flatpak
implementations). (bsc#1189152)
- crash
-
- Fix module loading (bsc#1190743 ltc#194414).
+ crash-mod-fix-module-object-file-lookup.patch
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- cyrus-sasl-saslauthd
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- docker
-
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- dracut
-
- Update to version 049.1+suse.228.g07676562:
* fix(network): consistent use of "/$gw"/ for gateway (bsc#1192685)
* fix(install): handle builtin modules (bsc#1194716)
- e2fsprogs
-
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
for libreadline.so.7 for Leap 15.3 (bsc#1196939)
- expat
-
- Security fixes:
* (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
* Added expat-CVE-2022-22827.patch
- fence-agents
-
- (bsc#1196350) fence_gce updates pull from Clusterlabs repo
- Apply proposed upstream patch
0001-fence_gce-Add-timeouts-and-failure-options-458.patch
- filesystem
-
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- gcc11
-
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Add gcc11-D-dependence-fix.patch to fix memory corruption when
creating dependences with the D language frontend.
- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap
on aarch64 which is unresolvable.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
- glibc
-
- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
(CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
(CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- gnutls
-
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- grub2
-
- Fix grub-install error when efi system partition is created as mdadm software
raid1 device (bsc#1179981) (bsc#1195204)
* 0001-install-fix-software-raid1-on-esp.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
* 80_suse_btrfs_snapshot
- Add support for simplefb (boo#1193532).
* grub2-simplefb.patch
- hibernate5
-
- Fix potential SQL injection CVE-2020-25638 (bsc#1193832)
- Added:
* 0001-HHH-14225-CVE-2020-25638-Potential-for-SQL-injection.patch
- hwdata
-
- Update to version 0.357 (bsc#1196332):
+ Updated pci, usb and vendor ids.
- Update to version 0.356:
+ Updated pci, usb and vendor ids.
- java-11-openjdk
-
- Update to upstream tag jdk-11.0.14.1+1
* Changes:
+ JDK-8280786: Build failure on Solaris after 8262392
+ JDK-8218546: Unable to connect to https://google.com using
java.net.HttpClient
+ JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
- Update to upstream tag jdk-11.0.14+9 (January 2022 CPU)
* New features
+ JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
* Security fixes
+ JDK-8217375: jarsigner breaks old signature with long lines
in manifest
+ JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if
zip has dir named "/."/ inside
+ JDK-8264934, CVE-2022-21248, bnc#1194926: Enhance cross VM serialization
+ JDK-8268488: More valuable DerValues
+ JDK-8268494: Better inlining of inlined interfaces
+ JDK-8268512: More content for ContentInfo
+ JDK-8268795: Enhance digests of Jar files
+ JDK-8268801: Improve PKCS attribute handling
+ JDK-8268813, CVE-2022-21283, bnc#1194937: Better String matching
+ JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ JDK-8269944: Better HTTP transport redux
+ JDK-8270386, CVE-2022-21291, bsc#1194925: Better verification
of scan methods
+ JDK-8270392, CVE-2022-21293, bsc#1194935: Improve String
constructions
+ JDK-8270416, CVE-2022-21294, bsc#1194934: Enhance construction
of Identity maps
+ JDK-8270492, CVE-2022-21282, bsc#1194933: Better resolution of
URIs
+ JDK-8270498, CVE-2022-21296, bsc#1194932: Improve SAX Parser
configuration management
+ JDK-8270646, CVE-2022-21299, bsc#1194931: Improved scanning of
XML entities
+ JDK-8270952, CVE-2022-21277, bsc#1194930: Improve TIFF file
handling
+ JDK-8271962: Better TrueType font loading
+ JDK-8271968: Better canonical naming
+ JDK-8271987: Manifest improved manifest entries
+ JDK-8272014, CVE-2022-21305, bsc#1194939: Better array
indexing
+ JDK-8272026, CVE-2022-21340, bsc#1194940: Verify Jar
Verification
+ JDK-8272236, CVE-2022-21341, bsc#1194941: Improve serial forms
for transport
+ JDK-8272272: Enhance jcmd communication
+ JDK-8272462: Enhance image handling
+ JDK-8273290: Enhance sound handling
+ JDK-8273756, CVE-2022-21360, bsc#1194929: Enhance BMP image
support
+ JDK-8273838, CVE-2022-21365, bsc#1194928: Enhanced BMP
processing
+ JDK-8274096, CVE-2022-21366, bsc#1194927: Improve decoding of
image files
+ JDK-8279541: Improve HarfBuzz
* Other changes
+ JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/
/ChoiceKeyEventReaction.html fails
+ JDK-7105119: [TEST_BUG] [macosx] In test
UIDefaults.toString() must be called with the invokeLater()
+ JDK-7151826: [TEST_BUG] [macosx] The test
javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
+ JDK-7179006: [macosx] Print-to-file doesn't work: printing to
the default printer instead
+ JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/
/bug4726194.java fails on MacOSX
+ JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong
number of thread end events
+ JDK-8039261: [TEST_BUG]: There is not a minimal security
level in Java Preferences and the TestApplet.html is blocked.
+ JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/
/AltTabCrashTest.java fails with exception
+ JDK-8075909: [TEST_BUG] The regression-swing case failed as
it does not have the 'Open' button when select 'subdir' folder
with NimbusLAF
+ JDK-8078219: Verify lack of @test tag in files in java/net
test directory
+ JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails
with "/RuntimeException: Process terminated prematurely"/
+ JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/
/ThreadMXBeanStateTest.java timed out intermittently
+ JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails
intermittently
+ JDK-8131745: java/lang/management/ThreadMXBean/
/AllThreadIds.java still fails intermittently
+ JDK-8136517: [macosx] Test java/awt/Focus/8073453/
/AWTFocusTransitionTest.java fails on MacOSX
+ JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/
/4251579/bug4251579.java failure due to timing
+ JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/
/Test6541987.java fails
+ JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/
/bug4760494.java leaves key pressed
+ JDK-8159904: [TEST_BUG] Failure on solaris of
java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
+ JDK-8163086: java/awt/Window/TranslucentJAppletTest/
/TranslucentJAppletTest.java fails
+ JDK-8165828: [TEST_BUG] The reg case: javax/swing/plaf/metal/
/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look
and Feel
+ JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not
fired! on Windows
+ JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException:
Default button is not pressed
+ JDK-8169959: javax/swing/JTable/6263446/bug6263446.java:
Table should be editing
+ JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/
/7156657/bug7156657.java fails on OS X
+ JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails
on Windows
+ JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java
fails intermittently
+ JDK-8179880: Refactor javax/security shell tests to plain
java tests
+ JDK-8180568: Refactor javax/crypto shell tests to plain java
tests
+ JDK-8180569: Refactor sun/security/krb5/ shell tests to plain
java tests
+ JDK-8180571: Refactor sun/security/pkcs11 shell tests to
plain java tests and fix failures
+ JDK-8180573: Refactor sun/security/tools shell tests to plain
java tests
+ JDK-8187649: ArrayIndexOutOfBoundsException in
java.util.JapaneseImperialCalendar
+ JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes)
leads to a negative initial size for ByteArrayOutputStream
+ JDK-8195703: BasicJDWPConnectionTest.java: 'App exited
unexpectedly with 2'
+ JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java
fails
+ JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java
fails
+ JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/
/NoEventsTest.java fails on Windows
+ JDK-8197811: Test java/awt/Choice/PopupPosTest/
/PopupPosTest.java fails on Windows
+ JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java
fails on mac
+ JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java
fails on mac
+ JDK-8198619: java/awt/Focus/FocusTraversalPolicy/
/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java
fails on mac
+ JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/
/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java
fails on mac
+ JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/
/SubMenuShowTest/SubMenuShowTest.html fails on mac
+ JDK-8199138: Add RISC-V support to Zero
+ JDK-8199529: javax/swing/text/Utilities/8142966/
/SwingFontMetricsTest.java fails on windows
+ JDK-8201224: Make string buffer size dynamic in
mlvmJvmtiUtils.c
+ JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/
/FollowReferences/followref003/TestDescription.java fails with
"/Location mismatch"/ errors
+ JDK-8204161: [TESTBUG] auto failed with the "/Applet thread
threw exception: java.lang.UnsupportedOperationException"/
exception
+ JDK-8206085: Refactor
langtools/tools/javac/versions/Versions.java
+ JDK-8207936: TestZipFile failed with java.lang.AssertionError
exception
+ JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
+ JDK-8209611: use C++ compiler for hotspot tests
+ JDK-8210182: Remove macros for C compilation from vmTestBase
but non jvmti
+ JDK-8210198: Clean up JNI_ENV_ARG for
vmTestbase/jvmti/Get[A-F] tests
+ JDK-8210205: build fails on AIX in hotspot cpp tests (for
example getstacktr001.cpp)
+ JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/
/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION
on windows-x86
+ JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java
back to tier1
+ JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[A-N] tests
+ JDK-8210392: assert(Compile::current()->live_nodes() <
Compile::current()->max_node_limit()) failed: Live Node limit
exceeded limit
+ JDK-8210395: Add doc to SecurityTools.java
+ JDK-8210429: Clean up JNI_ENV_ARG for
vmTestbase/jvmti/Get[G-Z] tests
+ JDK-8210481: Remove #ifdef cplusplus from vmTestbase
+ JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[N-R] tests
+ JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti[R-U] tests
+ JDK-8210689: Remove the multi-line old C style for string
literals
+ JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros
for vmTestbase/jvmti/unit tests
+ JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
+ JDK-8210920: Native C++ tests are not using CXXFLAGS
+ JDK-8210984: [TESTBUG] hs203t003 fails with "/# ERROR:
hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti,
thread)"/
+ JDK-8211036: Remove the NSK_STUB macros from vmTestbase for
non jvmti
+ JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[G-I]*
+ JDK-8211148: var in implicit lambdas shouldn't be accepted
for source < 11
+ JDK-8211171: move JarUtils to top-level testlibrary
+ JDK-8211227: Inconsistent TLS protocol version in debug output
+ JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[A-G]*
+ JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
+ JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/[I-S]*
+ JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/scenarios/[A-E]
+ JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase
for jvmti/scenarios/[E-M]
+ JDK-8211905: Remove multiple casts for EM06 file
+ JDK-8211999: Window positioning bugs due to overlapping
GraphicsDevice bounds (Windows/HiDPI)
+ JDK-8212082: Remove the NSK_CPP_STUB macros for remaining
vmTestbase/jvmti/[sS]*
+ JDK-8212083: Handle remaining gc/lock native code and fix two
strings
+ JDK-8212148: Remove remaining NSK_CPP_STUBs
+ JDK-8213110: Remove the use of applets in automatic tests
+ JDK-8213189: Make restricted headers in HTTP Client
configurable and remove Date by default
+ JDK-8213263: fix legal headers in test/langtools
+ JDK-8213296: Fix legal headers in test/jdk/java/net
+ JDK-8213301: Fix legal headers in jdk logging tests
+ JDK-8213305: Fix legal headers in test/java/math
+ JDK-8213306: Fix legal headers in test/java/nio
+ JDK-8213328: Update test copyrights in test/java/util/zip and
test/jdk/tools
+ JDK-8213330: Fix legal headers in i18n tests
+ JDK-8213707: [TEST] vmTestbase/nsk/stress/except/
/except011.java failed due to wrong class name
+ JDK-8214469: [macos] PIT: java/awt/Choice/
/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
+ JDK-8215410: Regression test for JDK-8214994
+ JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
+ JDK-8215624: Add parallel heap iteration for jmap u2013histo
+ JDK-8215889: assert(!_unloading) failed: This oop is not
available to unloading class loader data with ZGC
+ JDK-8216318: The usage of Disposer in the java.awt.Robot can
be deleted
+ JDK-8216417: cleanup of IPv6 scope-id handling
+ JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java
failed with UnsupportedOperation exception
+ JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
+ JDK-8217633: Configurable extensions with system properties
+ JDK-8217882: java/net/httpclient/MaxStreams.java failed once
+ JDK-8217903: java/net/httpclient/Response204.java fails with
404
+ JDK-8218483: Crash in
"/assert(_daemon_threads_count->get_value() > daemon_count)
failed: thread count mismatch 5 : 5"/
+ JDK-8219986: Change to Xcode 10.1 for building on Macosx at
Oracle
+ JDK-8220575: Correctly format test URI's that contain a
retrieved IPv6 address
+ JDK-8221259: New tests for java.net.Socket to exercise long
standing behavior
+ JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails
on MacOS + Solaris
+ JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/
/FocusTraversal.java fails on ubuntu
+ JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/
/IconifyTest.java fails on ubuntu18.04
+ JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed())
failed: Must invalidate if TypeFuncs differ
+ JDK-8223137: Rename predicate 'do_unroll_only()' to
'is_unroll_only()'.
+ JDK-8223138: Small clean-up in loop-tree support.
+ JDK-8223139: Rename mandatory policy-do routines.
+ JDK-8223140: Clean-up in 'ok_to_convert()'
+ JDK-8223141: Change (count) suffix _ct into _cnt.
+ JDK-8223400: Replace some enums with static const members in
hotspot/runtime
+ JDK-8223658: Performance regression of XML.validation in
13-b19
+ JDK-8223923: C2: Missing interference with mismatched unsafe
accesses
+ JDK-8224829: AsyncSSLSocketClose.java has timing issue
+ JDK-8225083: Remove Google certificate that is expiring in
December 2021
+ JDK-8226514: Replace wildcard address with loopback or local
host in tests - part 17
+ JDK-8226943: compile error in libfollowref003.cpp with XCode
10.2 on macosx
+ JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed
due to "/SSLException: An established connection was aborted by
the software in your host machine"/
+ JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java
fails on Windows7
+ JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently
positions text
+ JDK-8230019: [REDO] compiler/types/correctness/* tests fail
with "/assert(recv == __null || recv->is_klass()) failed: wrong
type"/
+ JDK-8230067: Add optional automatic retry when running jtreg
tests
+ JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests
may fail on some platforms
+ JDK-8231501: VM crash in
MethodData::clean_extra_data(CleanExtraDataClosure*):
fatal error: unexpected tag 99
+ JDK-8233403: Improve verbosity of some httpclient tests
+ JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
+ JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on
MacOS
+ JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on
MacOS
+ JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
+ JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
+ JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on
macos
+ JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is
failing on macos
+ JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails
on macos
+ JDK-8233562: [TESTBUG] Swing StyledEditorKit test
bug4506788.java fails on MacOS
+ JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
+ JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on
MacoS
+ JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
+ JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java
fails on macos
+ JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is
failing on macos
+ JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails
on macos
+ JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java
fails on macos
+ JDK-8233637: [TESTBUG] Swing
ActionListenerCalledTwiceTest.java fails on macos
+ JDK-8233638: [TESTBUG] Swing test
ScreenMenuBarInputTwice.java fails on macos
+ JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails
on macos
+ JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails
on macos
+ JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on
macos
+ JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is
failing on macos
+ JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is
failing on macos
+ JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture
Recognition in all the platforms
+ JDK-8234823: java/net/Socket/Timeouts.java testcase
testTimedConnect2() fails on Windows 10
+ JDK-8235784: java/lang/invoke/VarHandles/
/VarHandleTestByteArrayAsInt.java fails due to timeout with
fastdebug bits
+ JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java
fails with -Xcomp -XX:TieredStopAtLevel=1
+ JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60),
cond_wait
+ JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT,
when using proxy tunnel
+ JDK-8237354: Add option to jcmd to write a gzipped heap dump
+ JDK-8237589: Fix copyright header formatting
+ JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java
should not specify TLS version
+ JDK-8239334: Tab Size does not work correctly in JTextArea
with setLineWrap on
+ JDK-8239422: [TESTBUG]
compiler/c1/TestPrintIRDuringConstruction.java failed when C1
is disabled
+ JDK-8239827: The test OpenByUNCPathNameTest.java should be
changed to be manual
+ JDK-8240256: Better resource cleaning for SunPKCS11 Provider
+ JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test
Server
+ JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/
/bug8020708.java fails in mach5 ubuntu system
+ JDK-8242793: Incorrect copyright header in
ContinuousCallSiteTargetChange.java
+ JDK-8243543: jtreg test security/infra/java/security/cert/
/CertPathValidator/certification/BuypassCA.java fails
+ JDK-8244292: Headful clients failing with
- -illegal-access=deny
+ JDK-8245147: Refactor and improve utility of
test/langtools/tools/javac/versions/Versions.java
+ JDK-8245165: Update bug id for
javax/swing/text/StyledEditorKit/4506788/bug4506788.java in
ProblemList
+ JDK-8245665: Test WeakAlg.java should only make sure no
warning for weak signature algorithms by keytool on root CA
+ JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails
after 8241072 (multi-homed systems)
+ JDK-8246807: Incorrect copyright header in
TimeZoneDatePermissionCheck.sh
+ JDK-8247403: JShell: No custom input (e.g. from GUI) possible
with JavaShellToolBuilder
+ JDK-8247510: typo in IllegalHandshakeMessage
+ JDK-8248187: [TESTBUG] javax/swing/plaf/basic/
/BasicGraphicsUtils/8132119/bug8132119.java fails with String
is not properly drawn
+ JDK-8248341: ProblemList java/lang/management/ThreadMXBean/
/ThreadMXBeanStateTest.java
+ JDK-8248500: AArch64: Remove the r18 dependency on Windows
AArch64
+ JDK-8248899: security/infra/java/security/cert/
/CertPathValidator/certification/QuoVadisCA.java fails,
Certificate has been revoked
+ JDK-8249195: Change to Xcode 11.3.1 for building on Macos at
Oracle
+ JDK-8250521: Configure initial RTO to use minimal retry for
loopback connections on Windows
+ JDK-8250810: Push missing parts of JDK-8248817
+ JDK-8250839: Improve test template SSLEngineTemplate with
SSLContextTemplate
+ JDK-8250863: Build error with GCC 10 in NetworkInterface.c
and k_standard.c
+ JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/
/gf08t001/TestDriver.java fails
+ JDK-8251155: HostIdentifier fails to canonicalize hostnames
starting with digits
+ JDK-8251377: [macos11] JTabbedPane selected tab text is
barely legible
+ JDK-8251570: JDK-8215624 causes assert(worker_id <
_n_workers) failed: Invalid worker_id
+ JDK-8251930: AArch64: Native types mismatch in hotspot
+ JDK-8252049: Native memory leak in ciMethodData ctor
+ JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x
friendly
+ JDK-8252114: Windows-AArch64: Enable and test ZGC and
ShenandoahGC
+ JDK-8253015: Aarch64: Move linux code out from generic CPU
feature detection
+ JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java
fail on big screens
+ JDK-8253497: Core Libs Terminology Refresh
+ JDK-8253682: The AppletInitialFocusTest1.java is unstable
+ JDK-8253763: ParallelObjectIterator should have virtual
destructor
+ JDK-8253866: Security Libs Terminology Refresh
+ JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in
"/try throwing in GET_BODY"/
+ JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java
intermittently failing with TestServer: start exception:
java.io.IOException: Invalid preface
+ JDK-8255264: Support for identifying the full range of IPv4
localhost addresses on Windows
+ JDK-8255716: AArch64: Regression: JVM crashes if manually
offline a core
+ JDK-8255722: Create a new test for rotated blit
+ JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
+ JDK-8256066: Tests use deprecated TestNG API that is no
longer available in new versions
+ JDK-8256152: tests fail because of ambiguous method resolution
+ JDK-8256182: Update qemu-debootstrap cross-compilation recipe
+ JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/
/FullscreenWindowProps.java failed
+ JDK-8256202: Some tweaks for jarsigner tests
PosixPermissionsTest and SymLinkTest
+ JDK-8256372: [macos] Unexpected symbol was displayed on
JTextField with Monospaced font
+ JDK-8256956: RegisterImpl::max_slots_per_register is
incorrect on AMD64
+ JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with
InvalidPathException on windows
+ JDK-8258855: Two tests sun/security/krb5/auto/
/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java
failed on OL8.3
+ JDK-8259237: Demo selection changes with left/right arrow
key. No need to press space for selection.
+ JDK-8260571: Add PrintMetaspaceStatistics to print metaspace
statistics upon VM exit
+ JDK-8260690: JConsole User Guide Link from the Help menu is
not accessible by keyboard
+ JDK-8261036: Reduce classes loaded by CleanerFactory
initialization
+ JDK-8261071: AArch64: Refactor interpreter native wrappers
+ JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch
implementation
+ JDK-8261236: C2: ClhsdbJstackXcompStress test fails when
StressGCM is enabled
+ JDK-8261297: NMT: Final report should use scale 1
+ JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java
fails because Reserved memory size is too big
+ JDK-8261916: gtest/GTestWrapper.java
vmErrorTest.unimplemented1_vm_assert failed
+ JDK-8262438: sun/security/ssl/SSLLogger/
/LoggingFormatConsistency.java failed with "/SocketException:
Socket is closed"/
+ JDK-8262731: [macOS] Exception from "/Printable.print"/ is
swallowed during "/PrinterJob.print"/
+ JDK-8262844: (fs) FileStore.supportsFileAttributeView might
return false negative in case of ext3
+ JDK-8263059: security/infra/java/security/cert/
/CertPathValidator/certification/ComodoCA.java fails due to
revoked cert
+ JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
+ JDK-8263303: C2 compilation fails with assert(found_sfpt)
failed: no node in loop that's not input to safepoint
+ JDK-8263362: Avoid division by 0 in
java/awt/font/TextJustifier.java justify
+ JDK-8263773: Reenable German localization for builds at Oracle
+ JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java
failed with "/java.lang.RuntimeException: Wrong method"/
+ JDK-8264526: javax/swing/text/html/parser/Parser/8078268/
/bug8078268.java timeout
+ JDK-8264824: java/net/Inet6Address/B6206527.java doesn't
close ServerSocket properly
+ JDK-8265019: Update tests for additional TestNG test
permissions
+ JDK-8265173: [test] divert spurious log output away from
stream under test in ProcessBuilder Basic test
+ JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
+ JDK-8266182: Automate manual steps listed in the test
jdk/sun/security/pkcs12/ParamsTest.java
+ JDK-8266579: Update test/jdk/java/lang/ProcessHandle/
/PermissionTest.java & test/jdk/java/sql/testng/util/
/TestPolicy.java
+ JDK-8266949: Check possibility to disable OperationTimedOut
on Unix
+ JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg
tests on many-core machines
+ JDK-8267256: Extend minimal retry for loopback connections on
Windows to PlainSocketImpl
+ JDK-8267304: Bump global JTReg memory limit to 768m
+ JDK-8267652: c2 loop unrolling by 8 results in reading memory
past array
+ JDK-8268019: C2: assert(no_dead_loop) failed: dead loop
detected
+ JDK-8268093: Manual Testcase: "/sun/security/krb5/config/
/native/TestDynamicStore.java"/ Fails with NPE
+ JDK-8268555: Update HttpClient tests that use ITestContext to
jtreg 6+1
+ JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can
be in outer loop or out of both loops only
+ JDK-8269034: AccessControlException for SunPKCS11 daemon
threads
+ JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to
accessClassAndFindClass
+ JDK-8269574: C2: Avoid redundant uncommon traps in
GraphKit::builtin_throw() for JVMTI exception events
+ JDK-8269656: The test test/langtools/tools/javac/versions/
/Versions.java has duplicate test cycles
+ JDK-8269768: JFR Terminology Refresh
+ JDK-8269951: [macos] Focus not painted in JButton when
setBorderPainted(false) is invoked
+ JDK-8269984: [macos] JTabbedPane title looks like disabled
+ JDK-8269993: [Test]: java/net/httpclient/
/DigestEchoClientSSL.java contains redundant @run tags
+ JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to
run in all LaFs, including Aqua on macOS
+ JDK-8270216: [macOS] Update named used for Java run loop mode
+ JDK-8270280: security/infra/java/security/cert/
/CertPathValidator/certification/LetsEncryptCA.java OCSP
response error
+ JDK-8270290: NTLM authentication fails if HEAD request is used
+ JDK-8270317: Large Allocation in CipherSuite
+ JDK-8270344: Session resumption errors
+ JDK-8270517: Add Zero support for LoongArch
+ JDK-8270533: AArch64: size_fits_all_mem_uses should return
false if its output is a CAS
+ JDK-8270886: Crash in
PhaseIdealLoop::verify_strip_mined_scheduling
+ JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with
"/lists don't have the same size expected"/
+ JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
+ JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck)
|| outcnt() == 2 assert failure with Test7179138_1.java
+ JDK-8271459: C2: Missing NegativeArraySizeException when
creating StringBuilder with negative capacity
+ JDK-8271490: [ppc] [s390]: Crash in
JavaThread::pd_get_top_frame_for_profiling
+ JDK-8271560: sun/security/ssl/DHKeyExchange/
/LegacyDHEKeyExchange.java still fails due to "/An established
connection was aborted by the software in your host machine"/
+ JDK-8271567: AArch64: AES Galois CounterMode (GCM)
interleaved implementation using vector instructions
+ JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
+ JDK-8272181: Windows-AArch64:Backport fix of `Backtracing
broken on PAC enabled systems`
+ JDK-8272316: Wrong Boot JDK help message in 11
+ JDK-8272318: Improve performance of HeapDumpAllTest
+ JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/
/PageDialogMarginTest.java catches all exceptions
+ JDK-8272570: C2: crash in PhaseCFG::global_code_motion
+ JDK-8272574: C2: assert(false) failed: Bad graph detected in
build_loop_late
+ JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh
fails after JDK-8266182
+ JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/
/security/cert/CertPathValidator/certification/BuypassCA.java
no longer needs ocspEnabled
+ JDK-8272720: Fix the implementation of loop unrolling
heuristic with LoopPercentProfileLimit
+ JDK-8272783: Epsilon: Refactor tests to improve performance
+ JDK-8272806: [macOS] "/Apple AWT Internal Exception"/ when
input method is changed
+ JDK-8272828: Add correct licenses to jszip.md
+ JDK-8272836: Limit run time for java/lang/invoke/LFCaching
tests
+ JDK-8272850: Drop zapping values in the Zap* option
descriptions
+ JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
+ JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test
groups
+ JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java
fails by timeout
+ JDK-8273026: Slow LoginContext.login() on multi threading
application
+ JDK-8273229: Update OS detection code to recognize Windows
Server 2022
+ JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on
Windows 32bit
+ JDK-8273308: PatternMatchTest.java fails on CI
+ JDK-8273314: Add tier4 test groups
+ JDK-8273342: Null pointer dereference in
classFileParser.cpp:2817
+ JDK-8273358: macOS Monterey does not have the font Times
needed by Serif
+ JDK-8273373: Zero: Cannot invoke JVM in primordial threads on
Zero
+ JDK-8273498: compiler/c2/Test7179138_1.java timed out
+ JDK-8273541: Cleaner Thread creates with normal priority
instead of MAX_PRIORITY - 2
+ JDK-8273547: [11u] [JVMCI] Partial module-info.java backport
of JDK-8223332
+ JDK-8273606: Zero: SPARC64 build fails with si_band type
mismatch
+ JDK-8273646: Add openssl from path variable also in to
Default System Openssl Path in OpensslArtifactFetcher
+ JDK-8273671: Backport of 8260616 misses one JNF header
inclusion removal
+ JDK-8273790: Potential cyclic dependencies between Gregorian
and CalendarSystem
+ JDK-8273795: Zero SPARC64 debug builds fail due to missing
interpreter fields
+ JDK-8273826: Correct Manifest file name and NPE checks
+ JDK-8273894: ConcurrentModificationException raised every
time ReferralsCache drops referral
+ JDK-8273924: ArrayIndexOutOfBoundsException thrown in
java.util.JapaneseImperialCalendar.add()
+ JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file
path contains '+' character
+ JDK-8273968: JCK javax_xml tests fail in CI
+ JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
+ JDK-8274083: Update testing docs to mention tiered testing
+ JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork
is deprecated
+ JDK-8274326: [macos] Ensure initialisation of sun/lwawt/
/macosx/CAccessibility in JavaComponentAccessibility.m
+ JDK-8274329: Fix non-portable HotSpot code in
MethodMatcher::parse_method_pattern
+ JDK-8274381: missing CAccessibility definitions in JNI code
+ JDK-8274407: (tz) Update Timezone Data to 2021c
+ JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+ JDK-8274522: java/lang/management/ManagementFactory/
/MXBeanException.java test fails with Shenandoah
+ JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with
NoSuchElementException after JDK-8271287
+ JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently
fails on weak memory model platform
+ JDK-8274779: HttpURLConnection: HttpClient and HttpsClient
incorrectly check request method when set to POST
+ JDK-8274840: Update OS detection code to recognize Windows 11
+ JDK-8274860: gcc 10.2.1 produces an uninitialized warning in
sharedRuntimeTrig.cpp
+ JDK-8275051: Shenandoah: Correct ordering of requested gc
cause and gc request flag
+ JDK-8275131: Exceptions after a touchpad gesture on macOS
+ JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
+ JDK-8275766: (tz) Update Timezone Data to 2021e
+ JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ JDK-8276066: Reset LoopPercentProfileLimit for x86 due to
suboptimal performance
+ JDK-8276139: TestJpsHostName.java not reliable, better to
expand HostIdentifierCreate.java test
+ JDK-8276157: C2: Compiler stack overflow during escape
analysis on Linux x86_32
+ JDK-8276201: Shenandoah: Race results degenerated GC to enter
wrong entry point
+ JDK-8276536: Update TimeZoneNames files to follow the changes
made by JDK-8275766
+ JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
+ JDK-8276774: Cookie stored in CookieHandler not sent if user
headers contain cookie
+ JDK-8276854: Windows GHA builds fail due to broken Cygwin
+ JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify
output array sizes
+ JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString()
throws NPE
+ JDK-8277529: SIGSEGV in C2 CompilerThread
Node::rematerialize() compiling Packet::readUnsignedTrint
+ JDK-8277815: Fix mistakes in legal header backports
- Removed patch:
* riscv64-zero.patch
+ integrated upstream
- Modified patch:
* fips.patch
+ rediff to changed context
- kernel-default
-
- drm: drm_file struct kABI compatibility workaround
(bsc#1197914).
- commit dd24982
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
(bsc#1197914).
- drm: add a locked version of drm_is_current_master
(bsc#1197914).
- commit 82a498a
- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
- commit 8d52c36
- Reinstate some of "/swiotlb: rework "/fix info leak with
DMA_FROM_DEVICE"/"/ (CVE-2022-0854 bsc#1196823).
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
bsc#1196823).
- commit ff554b5
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016 bsc#1197227).
- commit 7111961
- Delete
patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
This was the original work-in-progress patch for CVE-2022-0435 /
bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
("/tipc: improve size validations for received domain records"/) was added as
patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
this patch was left in place. As it adds the check a bit later than
upstream fix, it did not cause a conflict so nobody noticed the duplicity.
- commit ef08708
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit 2237578
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28390 bsc#1198031).
- commit d6e6523
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit db7647d
- net: sched: fix use-after-free in tc_new_tfilter()
(CVE-2022-1055 bsc#1197702).
- commit 4c7dc78
- Add CVE tags to
patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
(bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit f3cb08f
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- commit 73583c9
- esp: Fix possible buffer overflow in ESP transformation
(bsc#1197131 CVE-2022-0886 CVE-2022-27666).
- commit 39a5891
- cifs: use the correct max-length for dentry_path_raw()
(bsc1196196).
- commit 10cddb2
- quota: check block number when reading the block in quota file
(bsc#1197366 CVE-2021-45868).
- commit a7d4915
- netfilter: conntrack: don't refresh sctp entries in closed state
(bsc#1197389).
- commit c3afd15
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 12628f8
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit aee063f
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- commit 1580ab2
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- commit 1cdc779
- sr9700: sanity check for packet length (bsc#1196836
CVE-2022-26966).
- commit edaafdd
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- aio: fix use-after-free due to missing POLLFREE handling
(CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
(CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- usb: host: xen-hcd: add missing unlock in error path
(git-fixes).
- commit daa9ea7
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
(bnc#1195403).
- commit fffe0fc
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit fd10ace
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 8c8ae13
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 4f3bbf5
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- gve: Recording rx queue before sending to napi (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer queue index check
(jsc#SLE-23652).
- gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
- gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
- gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(jsc#SLE-23652).
- gve: remove memory barrier around seqno (jsc#SLE-23652).
- gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
- gve: Move the irq db indexes out of the ntfy block struct
(jsc#SLE-23652).
- gve: Correct order of processing device options (jsc#SLE-23652).
- gve: fix for null pointer dereference (jsc#SLE-23652).
- gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
- gve: Add a jumbo-frame device option (jsc#SLE-23652).
- gve: Implement packet continuation for RX (jsc#SLE-23652).
- gve: Add RX context (jsc#SLE-23652).
- gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
- commit e1a9cfc
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- USB: gadget: validate interface OS descriptor requests
(CVE-2022-25258 bsc#1196095).
- commit 4c69367
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 6aa037a
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 7be7563
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit 96dda76
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed
(bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state
(bsc#1192483).
- commit 4fab2c0
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1195516 CVE-2022-0516).
- commit d46602b
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit be8e591
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 413d689
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: target: iscsi: Fix cmd abort fabric stop race
(bsc#1195286).
- commit 79c1016
- Update kabi files.
- update from February 2022 maintenance update submission (commit 49453fa0b26b)
- commit 10d28a1
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 5e4e31e
- series.conf: sort
Fix patch ordering in sorted section.
- commit f4bbbbf
- fix patches metadata
- fix Patch-mainline, mark partial backport, add a note to commit message
- patches.suse/net-xdp-Introduce-xdp_init_buff-utility-routine.patch
- patches.suse/net-xdp-Introduce-xdp_prepare_buff-utility-routine.patch
- commit c8555c7
- Update kabi files.
- update from out of order January 2022 maintenance update (commit 712a8e6dffc3)
- commit d4e500b
- update
- commit 8000467
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit 98c27cb
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- Delete
patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch.
which caused a regression (bsc#1194048).
- fix patches.kabi/revert-xfrm-xfrm_state_mtu-should-return-at-least-1280.patch
fixes the resulting KABI change
- Replace with an alternative fix for bsc#1185377
- commit ccdfbb9
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- SLE15-SP2 went to LTSS, hand over to L3
- commit 1e60178
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit b93c2a4
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- commit 92fcdfb
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- commit bf95985
- net/packet: rx_owner_map depends on pg_vec (bsc#1195184
CVE-2021-22600).
- commit ef975a8
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit a954734
- Update
patches.suse/usb-gadget-configfs-Fix-use-after-free-issue-with-ud.patch
(bsc#1193861 CVE-2021-39648).
updated references for a CVE that became known after the fix
had been applied for other reasons
- commit 2372cca
- net: mana: Add RX fencing (bsc#1193506).
- commit 86ca026
- net: mana: Add XDP support (bsc#1193506).
- commit 8a8d94e
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- commit 2ce60c3
- net, xdp: Introduce xdp_prepare_buff utility routine
(bsc#1193506).
- commit f1f2607
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- commit d81f88a
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- commit 472ff50
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- commit ac668ff
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- commit 38bf9aa
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 34a8919
- net: allow retransmitting a TCP packet if original is still
in queue (bsc#1188605 bsc#1187428).
- commit 07dea3c
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
This reverts commit 3aa0c01fad38360cc9cd840d49bdfdc565e2e718.
With the backport of the upstream fix for bsc#1183405 race, this workaround
is no longer needed.
- commit e063337
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
lockless qdisc (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset()
(bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times
(bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- commit abc4d94
- libarchive
-
- Fix CVE-2021-36976 use-after-free in copy_string
(CVE-2021-36976, bsc#1188572)
* fix-CVE-2021-36976.patch
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
CVE-2017-5601, bsc#1022528, bsc#1189528
- libsolv
-
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
[bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
- libtirpc
-
- fix memory leak in client protocol version 2 code (bsc#1193805)
- update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libzypp
-
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
- Public header files on older distros must use c++11
(bsc#1194597)
- Fix exception handling when reading or writing credentials
(bsc#1194898)
- version 17.29.3 (22)
- Fix Legacy include (bsc#1194597)
- version 17.29.2 (22)
- Fix broken install path for parser compat headers (fixes #372,
bsc#1194597)
- RepoManager: remember exec errors in exception history
(bsc#1193007)
- version 17.29.1 (22)
- Use the default zypp.conf settings if no zypp.conf exists
(bsc#1193488)
- Fix wrong encoding of iso: URL components (bsc#954813)
- Handle armv8l as armv7hl compatible userland.
- Introduce zypp-curl a sublibrary for CURL related code.
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set.
- Save all signatures associated with a public key in its
PublicKeyData.
- version 17.29.0 (22)
- log4j12
-
- Remove the chainsaw sub-package (bsc#1194844, CVE-2022-23307)
- Remove src/main/java/org/apache/log4j/jdbc/JDBCAppender.java from
the build to mitigate bsc#1194843, CVE-2022-23305
- Remove src/main/java/org/apache/log4j/net/JMSSink.java from the
build to mitigate bsc#1194842, CVE-2022-23302
- Obsolete chainsaw < 2.1 by the log4j12 package
- Added patch:
* log4j12-missingmodules.patch
+ do not package org.apache.log4j.chainsaw classes
+ package org.apache.log4j.pattern classes that will be needed
by apache-log4j-extras which is a dependency of chainsaw 2.x
- Fix 'chainsaw' package: [bsc#1193184 - Chainsaw does not start]
* Add missing dependency to log4j12 for 'chainsaw' package.
- Put GUI tools into separate packages
- lvm2
-
- udev: create symlinks and watch even in suspended state (bsc#1195231)
+ bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
- mgr-libmod
-
- version 4.1.10-1
* require python macros for building
- mgr-osad
-
- version 4.1.6-1
* require python macros for building
- mozilla-nss
-
- Mozilla NSS 3.68.3 (bsc#1197903)
This release improves the stability of NSS when used in a multi-threaded
environment. In particular, it fixes memory safety violations that
can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
We presume that with enough effort these memory safety violations are exploitable.
* Remove token member from NSSSlot struct (bmo#1756271).
* Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
(bmo#1755555).
* Check return value of PK11Slot_GetNSSToken (bmo#1370866).
- net-snmp
-
- Decouple snmp-mibs from net-snmp version to allow major version
upgrade (bsc#1196955).
- nfs-utils
-
- Add 0023-cache.c-removed-a-couple-warning.patch
Fix compilation with new glibc (SLE15-SP4)
(bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
Ensure "/sloppy"/ is added correctly for newer kernels. Particularly
required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
(boo#1197297)
- Add 0020-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- openldap2
-
- bsc#1191157 - Correct version specification in ppolicy to allow
submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
* 0239-ITS-9422-Update-for-TLS-v1.3.patch
* 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
* 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their
related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- openssh
-
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
connections update their dbus environment (bsc#1179465).
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
(bsc#1190975, CVE-2021-41617), backported from upstream by
Ali Abdallah.
- openssl-1_1
-
- Security Fix: [bsc#1196877, CVE-2022-0778]
* Infinite loop in BN_mod_sqrt() reachable when parsing certificates
* Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
* PAC pointer authentication signs the return address against the
value of the stack pointer, to prevent stack overrun exploits
from corrupting the control flow. The Poly1305 armv8 code got
this wrong, resulting in crashes on PAC capable hardware.
* Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
* Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
- pam
-
- Between allocating the variable "/ai"/ and free'ing them, there are
two "/return NO"/ were we don't free this variable. This patch
inserts freaddrinfo() calls before the "/return NO;"/s.
[bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
The variable is needed by systemd and others.
[bsc#1196093, macros.pam]
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- postgresql
-
- Fix the pg_server_requires macro on older rpm versions (SLE-12).
- Avoid a dependency on awk in postgresql-script.
- Move the dependency of llvmjit-devel on clang and llvm to the
implementation packages where we can depend on the correct
versions.
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
- add postgresql-llvmjit-devel subpackage:
This package will pull in clang and llvm if the distro has a
recent enough version, otherwise it will just pull
postgresql-server-devel.
- add postgresql macros to the postgresql-server-devel package
those cover all the variables from pg_config and some macros
to remove repitition from the spec files
- Bump version to 14.
- Bump default to 14 on Factory and future SPs.
- procps
-
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
- protobuf
-
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
bsc#1195258
* Add protobuf-CVE-2021-22570.patch
- psmisc
-
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- py26-compat-msgpack-python
-
- Adapted to build on OBS for Enterprise Linux.
- py27-compat-salt
-
- Fix inspector module export function (bsc#1097531)
- Fix possible traceback on ip6_interface grain (bsc#1193565)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
* state.apply-don-t-check-for-cached-pillar-errors.patch
* fix-inspector-module-export-function-bsc-1097531-479.patch
* fix-possible-traceback-on-ip6_interface-grain-bsc-11.patch
* vendor-stateresult.patch
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Fix the regression with invalid syntax in test_parse_cpe_name_v23.
- Added:
* refactor-and-improvements-for-transactional-updates-.patch
* fix-the-regression-with-invalid-syntax-in-test_parse.patch
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
- Remove wrong _parse_cpe_name from grains.core
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Added:
* fix-file.find-tracebacks-with-non-utf8-file-names-bs.patch
* remove-wrong-_parse_cpe_name-from-grains.core-454.patch
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Added Python2 build possibility for RHEL8
- Added:
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
* 3000.3-do-not-consider-skipped-targets-as-failed-for.patch
* fix-traceback.-_exc-calls-431.patch
- Fix the regression of docker_container state module (bsc#1191285)
- python
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- python-base
-
- Update bundled pip wheel to the latest SLE version patched
against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
(bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
(bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
has been moved there. rpm-build pulls rpm-build-python
automatically in when building anything against python3-base, but
this implies that the initial build of python3-base does not
trigger the automatic installation.
- python-jsonschema
-
- Add patch to fix build with new webcolors:
* webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
* Added a format_nongpl setuptools extra, which installs only format
dependencies that are non-GPL (#619).
- specfile:
* be more explicit in %files section
* require python-importlib-metadata
- update to version 3.1.1:
* Temporarily revert the switch to js-regex until #611 and #612 are
resolved.
- changes from version 3.1.0:
* Regular expressions throughout schemas now respect the ECMA 262
dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
* Fixed a bug where 0 and False were considered equal by
const and enum
- from v3.0.1
* Fixed a bug where extending validators did not preserve their
notion of which validator property contains $id information.
- from v3.0.0
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions
(and overrides)
* Falling back to isodate for the date-time format checker is
no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions (and overrides)
* Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
- python-libxml2-python
-
- Security fix: [bsc#1196490, CVE-2022-23308]
* Use-after-free of ID and IDREF attributes.
- Add libxml2-CVE-2022-23308.patch
- python-lxml
-
- With the new update to 4.7.1, the old Bugzilla entries are also
fixed:
- bsc#1118088 (related to CVE-2018-19787)
- bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
Features added
- Chunked Unicode string parsing via parser.feed() now encodes the input
data to the native UTF-8 encoding directly, instead of going through
Py_UNICODE / wchar_t encoding first, which previously required duplicate
recoding in most cases.
Bugs fixed
- The standard namespace prefixes were mishandled during "/C14N2"/
serialisation
on Python 3.
See
https://mail.python.org/archives/list/lxml@python.org/thread/
6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
- lxml.objectify previously accepted non-XML numbers with underscores
(like "/1_000"/) as integers or float values in Python 3.6 and later.
It now adheres to the number format of the XML spec again.
- LP#1939031: Static wheels of lxml now contain the header files of zlib
and libiconv (in addition to the already provided headers of
libxml2/libxslt/libexslt).
Other changes
- Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
- Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
Bugs fixed
- A vulnerability (GHSL-2021-1038) in the HTML cleaner
- allowed sneaking script content through SVG images
- (bnc#1193752, CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
- sneaking script content through CSS imports and other crafted
- constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
Features added
- GH#317: A new property system_url was added to DTD entities.
- Patch by Thirdegree.
- GH#314: The STATIC_* variables in setup.py can now be passed
- via env vars.
- Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
Bugs fixed
- A vulnerability (CVE-2021-28957) was discovered in the HTML
- Cleaner by Kevin Chung, which allowed JavaScript to pass through.
- The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
Bugs fixed
- A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
Cleaner
- by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
- now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
Bugs fixed
- A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
- which allowed JavaScript to pass through. The cleaner now removes
- more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
Features added
- GH#310: lxml.html.InputGetter supports __len__() to count the number
- of input fields. Patch by Aidan Woolley.
- lxml.html.InputGetter has a new .items() method to ease processing
- all input fields.
- lxml.html.InputGetter.keys() now returns the field names in document
- order.
- GH-309: The API documentation is now generated using sphinx-apidoc.
- Patch by Chris Mayo.
Bugs fixed
- LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
- when a default namespace was defined.
- TreeBuilder.close() raised AssertionError in some error cases where
- it should have raised XMLSyntaxError. It now raises a combined
- exception to keep up backwards compatibility, while switching to
- XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
Bugs fixed
- Cleaner() now validates that only known configuration options
- can be set.
- LP#1882606: Cleaner.clean_html() discarded comments and PIs
- regardless of the corresponding configuration option, if
- remove_unknown_tags was set.
- LP#1880251: Instead of globally overwriting the document loader
- in libxml2, lxml now sets it per parser run, which improves the
- interoperability with other users of libxml2 such as libxmlsec.
- LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
- The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
- were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
- in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
Bugs fixed
- LP#1570388: Fix failures when serialising documents larger than
- 2GB in some cases.
- LP#1865141, GH#298: QName values were not accepted by the
- el.iter() method. Patch by xmo-odoo.
- LP#1863413, GH#297: The build failed to detect libraries on Linux
- that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
Features added
- A new function indent() was added to insert tail whitespace for
- pretty-printing an XML tree.
Bugs fixed
- LP#1857794: Tail text of nodes that get removed from a document
using item deletion disappeared silently instead of sticking with
the node that was removed.
Other changes
- MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
explicitly to override it.
- Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
- LP#1840234: The package version number is now available as
lxml.__version__.
- Update 4.4.3 (2020-01-28)
Bugs fixed
- LP#1844674: itertext() was missing tail text of comments and PIs
since 4.4.0.
- release-notes-sles
-
- 15.2.20220202 (tracked in bsc#933411)
- Added kernel parameter change (bsc#1195107)
- Added note about deprecating XFS V4 (jsc#SLE-22662)
- Added note about ODBC driver location (jsc#SLE-13242)
- Added note about unixODBC drivers in production (jsc#SLE-20554)
- Added note about GNOME and vncserver (bsc#1186415)
- release-notes-susemanager
-
- Update to 4.1.14.1
* CVEs fixed
CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941
* Bugs mentioned
bsc#1197417
- Update to 4.1.14
* Bugs mentioned
bsc#1097531, bsc#1133198, bsc#1190781, bsc#1191360, bsc#1192510,
bsc#1192566, bsc#1192822, bsc#1193565, bsc#1194044, bsc#1194363,
bsc#1195043,bsc#1195282
- Update to 4.1.13.1
* Note about Prometheus 2.32.1
- Update to 4.1.13
* Forward clients registration information to SCC
* Bugs mentioned
bsc#1173103, bsc#1173143, bsc#1184617, bsc#1187708,
bsc#1188505, bsc#1188900, bsc#1190114, bsc#1190446,
bsc#1191192, bsc#1191222, bsc#1191285, bsc#1191313,
bsc#1191340, bsc#1191377, bsc#1191412, bsc#1191442,
bsc#1191656, bsc#1191702, bsc#1191899, bsc#1192487,
bsc#1192514, bsc#1192736, bsc#1193008, bsc#1193585,
bsc#1193612, bsc#1193694, bsc#1193832
- rsyslog
-
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
- salt
-
- Fix regression preventing bootstrapping new clients caused by
redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
* clear-network-interface-cache-when-grains-are-reques.patch
* remove-duplicated-method-definitions-in-salt.netapi-.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
* add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
* fix-state.orchestrate_single-to-not-pass-pillar-none.patch
- Renamed:
* patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
* Sign authentication replies to prevent MiTM (CVE-2022-22935)
* Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
* Prevent job and fileserver replays (CVE-2022-22936)
* Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Added:
* patch_for_cve_bsc1197417.patch
- Fix inspector module export function (bsc#1097531)
- Add all ssh kwargs to sanitize_kwargs method
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Added:
* fix-inspector-module-export-function-bsc-1097531-480.patch
* vendor-stateresult.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
* refactor-and-improvements-for-transactional-updates-.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
- samba
-
- CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bsc#1194859); (bso#14914).
- spacecmd
-
- version 4.1.17-1
* Fix interactive mode for "/system_applyerrata"/ and "/errata_apply"/ (bsc#1194363)
- version 4.1.16-1
* require python macros for building
- spacewalk-admin
-
- version 4.1.11-1
* add service to update configfile and introduce a backup scc user
- spacewalk-backend
-
- version 4.1.30-1
* Add headers to update proxy auth token in listChannels (bsc#1193585)
* require python macros for building
* Fix the IS_SUSE variable in spacewalk-debug
* exchange zypp-plugin dependency to use the python3 version (bsc#1192514)
* Minor spec update.
* Added RHN config parameter httpd_config_dir.
- spacewalk-certs-tools
-
- version 4.1.20-1
* Make bootstrap script to use bash when called with a different
interpreter (bsc#1191656)
- spacewalk-client-tools
-
- version 4.1.11-1
* require python macros for building
- spacewalk-java
-
- version 4.1.44-1
* allow SCC to display the last check-in time for registered systems
* Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
* Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)
* fix ClassCastException during action processing (bsc#1195043)
* Fix disappearing metadata key files after channel change (bsc#1192822)
* Pass only selected servers to taskomatic for cancelation (bsc#1194044)
- version 4.1.43-1
* Fix stack overflow when building a CLM project from modular sources (bsc#1194990)
- version 4.1.42-1
* Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487)
* fix XML syntax in cobbler snippets (bsc#1193694)
* Fix stripping module metadata when cloning channels in CLM (bsc#1193008)
* Fix system information forwarding to SCC (bsc#1188900)
* forward registration data to SUSE Customer Center
* Run Prometheus JMX exporter as Java agent (bsc#1184617)
* Fix calling wrong XMLRPC bootstrap method (bsc#1192736)
* Fix package update action with shared channels (bsc#1191313)
* fix issue with empty action chains getting deleted too early (bsc#1191377)
* switch to best repo auth item for contentsources (bsc#1191442)
* Set product name and version in the User-Agent header when connecting to SCC
* update last boot time of SSH Minions after bootstrapping (bsc#1191899)
* Mark SSH minion actions when they're picked up (bsc#1188505)
* Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702)
* mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222)
- Readable error when "/mgr-sync add channel"/ is called with a non-existing label (bsc#1173143)
- spacewalk-reports
-
- version 4.1.5-1
* Fixes query for system-history report to prevent more than one
row returned by a subquery with rhnxccdftestresult.identifier
(bsc#1191192)
- spacewalk-setup
-
- version 4.1.10-1
* Increase "/max_event_size"/ value for the Salt master (bsc#1191340)
* Leave Cobbler bootloader directory at the default (bsc#1187708)
* Don't delete cobbler.conf contents.
* Fixed FileNotFoundError on cobbler setup.
* cobbler20-setup was removed
* spacewalk-setup-cobbler was reimplemented in Python
* Config files for Cobbler don't get edited in place anymore, thus the original
ones are saved with a "/.backup"/ suffix
- spacewalk-utils
-
- version 4.1.19-1
* require python macros for building
- spacewalk-web
-
- version 4.1.32-1
* Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
- version 4.1.31-1
* Update Web UI version to 4.1.13
- sudo
-
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- suse-build-key
-
- No longer install 1024bit keys by default. (bsc#1197293)
- SLE11 key moved to documentation
- old PTF (pre March 2022) moved to documentation only
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
- suseRegisterInfo
-
- version 4.1.4-1
* require python macros for building
- susemanager
-
- version 4.1.33-1
* set default for registration batch size
- version 4.1.32-1
* add additional default config values for forwarding registrations to SCC
- susemanager-doc-indexes
-
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client
Configuration Guide
- In the Client Configuration Guide, explain how you find channel
names to register older SUSE Linux Enterprise clients.
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
Configuration Guide
- In the Troubleshooting section of the Client Configuration Guide,
SUSE Linux Enterprise Server 11 clients also require previous SSL
versions installed on the server
- susemanager-docs_en
-
- Added a warning about the origin of the salt-minion package in the
Register on the Command Line (Salt) section of the Client
Configuration Guide
- In the Client Configuration Guide, explain how you find channel
names to register older SUSE Linux Enterprise clients.
- Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client
Configuration Guide
- In the Troubleshooting section of the Client Configuration Guide,
SUSE Linux Enterprise Server 11 clients also require previous SSL
versions installed on the server
- susemanager-schema
-
- version 4.1.25-1
* Continue with index migration when the expected indexes do not exist
(bsc#1192566)
- version 4.1.24-1
* Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612)
* DB schema to support forwarding data to SCC
- susemanager-sls
-
- version 4.1.34-1
* Improve `pkgset` beacon with using `salt.cache`
to notify about the changes made while the minion was stopped
* Align the code of pkgset beacon to prevent warnings (bsc#1194464)
- version 4.1.33-1
* Fix errors on calling sed -E ... by force_restart_minion
with action chains
* Postgres exporter package was renamed
* fix deprecation warnings
* enforce correct minion configuration similar to bootstrapping
(bsc#1192510)
- version 4.1.32-1
* Run Prometheus JMX exporter as Java agent (bsc#1184617)
* Fix problem installing/removing packages using action chains
in transactional systems
* Don't create skeleton /srv/salt/top.sls
* Add missing compressed_hash value from Kiwi inspect (bsc#1191702)
- systemd
-
- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
- Import commit c46bcb2df93c802f43e240ceb96eaf28027808a8
28e379cc21 systemctl: exit with 1 if no unit files found (bsc#1193841)
* 60-io-scheduler.rules: add rules for virtual devices
(boo#1193759)
* 60-io-scheduler.rules: enforce "/none"/ for loop devices
(boo#1193759)
- systemd-presets-common-SUSE
-
- enable vgauthd service for VMWare by default (bsc#1195251)
- systemd-rpm-macros
-
- Bump version to 11
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275 bsc#1196406)
Until SLE15-SP3:QU2, /usr/lib/modprobe.d path was not supported by kmod and
since SLE15-SP4 /etc/modprobe.d/README has references to /lib/modprobe.d...
- Bump version to 10
- %sysusers_create_inline was wrongly marked as deprecated
- %sysusers_create can be useful in certain cases and won't go away until we'll
move to file triggers. So don't mark it as deprecated too
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- timezone
-
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
- tomcat
-
- Security hardening. Deprecate getResources() and always return null. (bsc#1198136)
- Added patch: tomcat-9.0-hardening_getResources.patch
- Remove log4j (bsc#1196137)
- Fixed CVEs:
* CVE-2022-23181: Make calculation of session storage location more robust (bsc#1195255)
- Added patches:
* tomcat-9.0-CVE-2022-23181.patch
- Fix NPE in JNDIRealm, when userRoleAttribute is not set (bsc#1193569)
- Added patch:
* tomcat-9.0-NPE-JNDIRealm.patch
- update-alternatives
-
- break bash <-> update-alternatives cycle by coolo's rewrite
of %post in lua [bsc#1195654]
- util-linux
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- util-linux-systemd
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- uyuni-common-libs
-
- version 4.1.10-1
* Read modularity data from DISTTAG tag as fallback (bsc#1192487)
* require python macros for building
- vim
-
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
[+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
[+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
- xen
-
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
624ebcef-VT-d-dont-needlessly-look-up-DID.patch
624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
between dirty vram tracking and paging log dirty hypercalls
(XSA-397)
xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
cleanup (XSA-399)
xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
map (AMD-Vi) handling issues (XSA-400)
xsa400-00.patch
xsa400-01.patch
xsa400-02.patch
xsa400-03.patch
xsa400-04.patch
xsa400-05.patch
xsa400-06.patch
xsa400-07.patch
xsa400-08.patch
xsa400-09.patch
xsa400-10.patch
xsa400-11.patch
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
xen: BHB speculation issues (XSA-398)
xsa398-1.patch
xsa398-2.patch
xsa398-3.patch
xsa398-4.patch
xsa398-5.patch
xsa398-6.patch
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output (see also bsc#1194267)
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
- bsc#1191510 - [UEFI]15sp4 uefi fv guest on 12sp5 host unable to
bootup with sriov pci device plugin
5e15e174-libxl-dont-needlessly-report-highmem-in-use.patch
- Upstream bug fixes (bsc#1027519)
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
- Drop xsa patches in favor of upstream versions
xsa385.patch
xsa388-1.patch
xsa388-2.patch
xsa389.patch
- xerces-j2
-
- Fix infinite loop within Apache XercesJ xml parser (bsc#1195108,
CVE-2022-23437)
* Added patch xerces-j2-CVE-2022-23437.patch
- xstream
-
- Upgrade to 1.4.19
* Security fixes
+ This maintenance release addresses the security vulnerability
CVE-2021-43859, bsc#1195458, when unmarshalling highly
recursive collections or maps causing a Denial of Service.
* API changes
+ Added c.t.x.XStream.COLLECTION_UPDATE_LIMIT and
c.t.x.XStream.COLLECTION_UPDATE_SECONDS.
+ Added c.t.x.XStream.setCollectionUpdateLimit(int).
+ Added c.t.x.core.SecurityUtils.
+ Added c.t.x.security.AbstractSecurityException and
c.t.x.security.InputManipulationException.
+ c.t.x.security.InputManipulationException derives now from
c.t.x.security.AbstractSecurityException.
- xz
-
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
(ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
* bsc1198062.patch
- yaml-cpp
-
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
yaml-cpp which cause DOS by stack consumption
(CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- yast2-add-on
-
- Restore the repo unexpanded URL to get it properly saved in
the /etc/zypp/repos.d file (bsc#972046, bsc#1194851).
- 4.2.19
- zlib
-
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch
- zsh
-
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
could be exploited through e.g. VCS_Info to execute arbitrary shell
commands (CVE-2021-45444 bsc#1196435)
- zypper
-
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52
- Singletrans: handle fatal and non-fatal script errors properly.
- Add SingleTransReportReceiver.
- Immediately write out additional rpm output.
- BuildRequires: libzypp-devel >= 17.29.0.
Need SingleTransReport and immediate rpm script output reports.
- version 1.14.51