- 000release-packages:SUSE-MicroOS-release
-
n/a
- aaa_base
-
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to also fix the typo to set JAVA_BINDIR in the csh variant
of the alljava profile script (bsc#1221361)
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
make sure the script does not exit with 1 if a file
with content is found (bsc#1222547)
- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- ca-certificates
-
- Update to version 2+git20240416.98ae794 (bsc#1221184):
* Use flock to serialize calls (boo#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
- catatonit
-
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
- 99bb9048f.patch
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-netconfig
-
- Update to version 1.14
+ Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)
- Add version settings to Provides/Obsoletes
- coreutils
-
- coreutils-ls-avoid-triggering-automounts.patch
ls: avoid triggering automounts (bsc#1221632)
- curl
-
- regression fix [bsc#1219273]
https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325
- added patches
+ curl-CVE-2023-27534-tilde-back.patch
- Security fix: [bsc#1221667, CVE-2024-2398]
* curl: HTTP/2 push headers memory-leak
* Add curl-CVE-2024-2398.patch
- docker
-
- Add patch to fix bsc#1220339
* 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
- Allow to disable apparmor support (ALP supports only SELinux)
- glibc
-
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
for _start routine (bsc#1221940)
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
nscd: Stack-based buffer overflow in netgroup cache
(CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
nscd: Do not send missing not-found response in addgetnetgrentX
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
CVE-2024-33602, bsc#1223425, BZ #31680)
- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
- duplocale-global-locale.patch: duplocale: protect use of global locale
(bsc#1220441, BZ #23970)
- kernel-default
-
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
(git-fixes CVE-2022-48695 bsc#1223941).
- commit 033821b
- Update
patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
(git-fixes CVE-2022-48702 bsc#1223923).
- commit c521d4a
- Update
patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
(git-fixes CVE-2022-48672 bsc#1223931).
- commit e3fefd5
- cachefiles: fix memory leak in cachefiles_add_cache()
(bsc#1222976 CVE-2024-26840).
- commit aa1fa99
- btrfs: abort in rename_exchange if we fail to insert the second ref (CVE-2021-47113 bsc#1221543)
Refresh patches.suse/btrfs-prevent-rename2-from-exchanging-a-subvol-with-a-directory-from-different-parents.patch
- commit cc57e15
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
references (CVE-2024-26739 bsc#1222559, drop incorrect references).
- commit 8b3f599
- net/tls: Remove the context from the list in tls_device_down
(bsc#1221545).
- commit aca4b2e
- blacklist.conf: add 94ce3b64c62d
Blacklist commit 94ce3b64c62d ("net/tls: Use RCU API to access
tls_ctx->netdev"). This is a follow-up to c55dcdd435aa which addresses an
issue which is rather theoretical and the backport would be quite
intrusive.
- commit 64bbcaf
- tls: Fix context leak on tls_device_down (bsc#1221545).
- commit 23bab3f
- Update
patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
(bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- commit 5e5f9fe
- Update
patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
(git-fixes CVE-2022-48701 bsc#1223921).
- commit 5de225e
- Update
patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
(git-fixes CVE-2022-48693 bsc#1223963).
- commit 0e4cd62
- kabi: hide new member of struct tls_context (CVE-2021-47131
bsc#1221545).
- net/tls: Fix use-after-free after the TLS device goes down
and up (CVE-2021-47131 bsc#1221545).
- commit c19ff47
- Update
patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
(bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- commit 94a1c44
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
(CVE-2024-26852 bsc#1223057).
- commit f51e744
- openvswitch: fix stack OOB read while fragmenting IPv4 packets
(CVE-2021-46955 bsc#1220513).
- commit 37faff4
- packet: annotate data-races around ignore_outgoing
(CVE-2024-26862 bsc#1223111).
- commit 9b14c5d
- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
(CVE-2024-0639 bsc#1218917).
- commit c0f421c
- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
bsc#1223824).
- commit 1c01fe0
- ext4: fix bug in extents parsing when eh_entries == 0 and
eh_depth > 0 (bsc#1223475 CVE-2022-48631).
- commit 911e181
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit b804891
- Update
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
(bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 3bd7c2d
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit c5c2590
- Update
patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
(bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit 1221e0a
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1223513 CVE-2022-48651).
- commit 0325bf2
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (bsc#1223202 CVE-2024-26906).
- commit 4dcafb9
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (bsc#1223202 CVE-2024-26906).
- commit 4e61cac
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 8d2e301
- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit b1ed209
- Update
patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
(bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
(bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
(CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit edcb3fa
- Update
patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
(git-fixes CVE-2021-47207 bsc#1222790).
- Update
patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
(git-fixes CVE-2021-47194 bsc#1222829).
- Update
patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
(git-fixes CVE-2021-47184 bsc#1222666).
- Update
patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
(git-fixes CVE-2021-47201 bsc#1222792).
- Update
patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
(git-fixes CVE-2021-47212 bsc#1222709).
- Update
patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
(bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
(bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185 bsc#1222669).
- Update
patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
(git-fixes CVE-2021-47206 bsc#1222894).
- commit 8d3f18a
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 8d6a724
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
(git-fixes CVE-2021-47216 bsc#1222876).
- commit 1856476
- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
bsc#1221299).
- commit cceba2c
- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit d969104
- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
bsc#1222503).
- commit c431df1
- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (git-fixes CVE-2021-47202 bsc#1222878)
- commit 94c254a
- nvme-tcp: can't set sk_user_data without write_lock
(CVE-2021-47041 bsc#1220755).
- commit c3bc01a
- nvme-loop: fix memory leak in nvme_loop_create_ctrl()
(CVE-2021-47074 bsc#1220854).
- nvme-loop: don't put ctrl on nvme_init_ctrl error
(CVE-2021-47074 bsc#1220854).
- commit 8101361
- nvmet-tcp: fix incorrect locking in state_change sk callback
(CVE-2021-47041 bsc#1220755).
- commit ee0c72d
- RDMA/srpt: Support specifying the srpt_service_guid parameter (bsc#1222449 CVE-2024-26744)
- commit 12241af
- Refresh
patches.suse/bpf-sockmap-Prevent-lock-inversion-deadlock-in-map-d.patch.
- commit ea3cbb2
- Update patches.suse/bpf-Fix-integer-overflow-involving-bucket_size.patch
Fix CVE refence format.
- commit 86e8797
- Update
patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
(git-fixes CVE-2021-47189 bsc#1222706).
- commit ed3e4bc
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185).
- commit 972d0f6
- Update
patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
(bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit add99e0
- Update
patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
(git-fixes CVE-2021-47181 bsc#1222660).
- commit 87eb148
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
(bsc#1222619).
- commit 7db5139
- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
bsc#1222585).
- commit 0a4c958
- net/sched: act_mirred: don't override retval if we already
lost the skb (CVE-2024-26733 bsc#1222585).
- commit cc1339b
- ext4: fix double-free of blocks due to wrong extents moved_len
(bsc#1222422 CVE-2024-26704).
- commit d1a6e8f
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264).
- commit bc51f7b
- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
CVE-2023-52591).
- commit 24c2d2e
- Update
patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
(bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
(git-fixes CVE-2023-52575 bsc#1220871).
- commit 61a8300
- Update
patches.suse/Bluetooth-avoid-deadlock-between-hci_dev-lock-and-so.patch
(git-fixes CVE-2021-47038 bsc#1220753).
- Update
patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
(git-fixes CVE-2021-47097 bsc#1220982).
- Update
patches.suse/KEYS-trusted-Fix-TPM-reservation-for-seal-unseal.patch
(git-fixes CVE-2021-46922 bsc#1220475).
- Update
patches.suse/KEYS-trusted-Fix-memory-leak-on-object-td.patch
(git-fixes CVE-2021-47009 bsc#1220733).
- Update
patches.suse/RDMA-rtrs-clt-destroy-sysfs-after-removing-session-f.patch
(jsc#SLE-15176 CVE-2021-47026 bsc#1220685).
- Update
patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
(git-fixes CVE-2021-47101 bsc#1220987).
- Update
patches.suse/ath10k-Fix-a-use-after-free-in-ath10k_htc_send_bundl.patch
(git-fixes CVE-2021-47017 bsc#1220678).
- Update patches.suse/ch_ktls-Fix-kernel-panic.patch
(jsc#SLE-15131 CVE-2021-46911 bsc#1220400).
- Update
patches.suse/dmaengine-idxd-Fix-clobbering-of-SWERR-overflow-bit-.patch
(git-fixes CVE-2021-46920 bsc#1220426).
- Update
patches.suse/dmaengine-idxd-Fix-potential-null-dereference-on-poi.patch
(git-fixes CVE-2021-47003 bsc#1220677).
- Update
patches.suse/dmaengine-idxd-clear-MSIX-permission-entry-on-shutdo.patch
(git-fixes CVE-2021-46918 bsc#1220429).
- Update
patches.suse/dmaengine-idxd-fix-wq-cleanup-of-WQCFG-registers.patch
(git-fixes CVE-2021-46917 bsc#1220432).
- Update
patches.suse/dmaengine-idxd-fix-wq-size-store-permission-state.patch
(git-fixes CVE-2021-46919 bsc#1220414).
- Update
patches.suse/drm-amd-display-Fix-off-by-one-in-hdmi_14_process_tr.patch
(git-fixes CVE-2021-47046 bsc#1220758).
- Update patches.suse/drm-i915-Fix-crash-in-auto_retire.patch
(git-fixes CVE-2021-46976 bsc#1220621).
- Update
patches.suse/iommu-vt-d-remove-wo-permissions-on-second-level-paging-entries
(bsc#1187346 CVE-2021-47035 bsc#1220688).
- Update
patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
(git-fixes CVE-2021-47100 bsc#1220985).
- Update
patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
(git-fixes CVE-2021-47095 bsc#1220979).
- Update
patches.suse/ixgbe-fix-unbalanced-device-enable-disable-in-suspen.patch
(jsc#SLE-13706 CVE-2021-46914 bsc#1220465).
- Update patches.suse/net-dsa-mt7530-fix-VLAN-traffic-leaks.patch
(git-fixes CVE-2021-47160 bsc#1221974).
- Update
patches.suse/net-fec-fix-the-potential-memory-leak-in-fec_enet_in.patch
(git-fixes CVE-2021-47150 bsc#1221973).
- Update
patches.suse/net-lantiq-fix-memory-corruption-in-RX-ring.patch
(git-fixes CVE-2021-47137 bsc#1221932).
- Update
patches.suse/net-mlx5e-Fix-null-deref-accessing-lag-dev.patch
(jsc#SLE-15172 CVE-2021-47164 bsc#1221978).
- Update
patches.suse/net-mlx5e-Wrap-the-tx-reporter-dump-callback-to-extr.patch
(jsc#SLE-15172 CVE-2021-46931 bsc#1220486).
- Update
patches.suse/net-sched-act_ct-fix-wild-memory-access-when-clearin.patch
(bsc#1176447 CVE-2021-47014 bsc#1220630).
- Update
patches.suse/net-sched-fq_pie-fix-OOB-access-in-the-traffic-path.patch
(jsc#SLE-15172 CVE-2021-47175 bsc#1222003).
- Update
patches.suse/netfilter-nft_set_pipapo_avx2-Add-irq_fpu_usable-che.patch
(bsc#1176447 CVE-2021-47174 bsc#1221990).
- Update patches.suse/nvmet-fix-freeing-unallocated-p2pmem.patch
(git-fixes CVE-2021-47130 bsc#1221552).
- Update
patches.suse/nvmet-rdma-Fix-NULL-deref-when-SEND-is-completed-wit.patch
(git-fixes CVE-2021-46983 bsc#1220639).
- Update patches.suse/s390-dasd-add-missing-discipline-function
(bsc#1188130 ltc#193581 CVE-2021-47176 bsc331221996
bsc#1221996).
- Update
patches.suse/s390-zcrypt-fix-zcard-and-zqueue-hot-unplug-memleak
(git-fixes CVE-2021-46968 bsc#1220689).
- Update
patches.suse/sched-fair-Fix-shift-out-of-bounds-in-load_balance.patch
(git fixes (sched) CVE-2021-47044 bsc#1220759).
- Update
patches.suse/spi-Fix-use-after-free-with-devm_spi_alloc_.patch
(git-fixes CVE-2021-46959 bsc#1220734).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
(git-fixes CVE-2021-47087 bsc#1220954).
- Update
patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
(git-fixes CVE-2021-46933 bsc#1220487).
- Update
patches.suse/usb-typec-ucsi-Retrieve-all-the-PDOs-instead-of-just.patch
(git-fixes CVE-2021-46980 bsc#1220663).
- Update
patches.suse/virtiofs-fix-memory-leak-in-virtio_fs_probe.patch
(bsc#1185558 CVE-2021-46956 bsc#1220516).
- Update patches.suse/xprtrdma-Fix-cwnd-update-ordering.patch
(git-fixes CVE-2021-47001 bsc#1220670).
- commit d6fc0df
- Update
patches.suse/i2c-imx-fix-reference-leak-when-pm_runtime_get_sync-.patch
(git-fixes CVE-2020-36781 bsc#1220557).
- commit c903cb8
- Update
patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
(CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- Update
patches.suse/scsi-pm80xx-Avoid-leaking-tags-when-processing-OPC_INB_SET_CONTROLLER_CONFIG-command.patch
(bsc#1220883 CVE-2023-52500).
- commit 81ec1ab
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500).
- commit a52992b
- Fixup NULL ptr dereference due to mistake in backporting in
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch.
- commit f07130b
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- commit 299921b
- blacklist.conf: omit reverted sockmap deadlock fix
- commit 66facc4
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642 bsc#1221830).
- commit ca89796
- netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit c40a2c4
- README.BRANCH: Remove copy of branch name
- commit 27396e8
- README.BRANCH: Remove copy of branch name
- commit 757f48f
- Update
patches.suse/net-zero-initialize-tc-skb-extension-on-allocation.patch
(bsc#1176447 CVE-2021-47136 bsc#1221931).
- commit adea53b
- ipv6: init the accept_queue's spinlocks in inet6_create
(bsc#1221293 CVE-2024-26614).
- commit 0cf80b2
- tcp: make sure init the accept_queue's spinlocks once
(bsc#1221293 CVE-2024-26614).
- commit d27abbc
- userfaultfd: release page in error path to avoid BUG_ON
(CVE-2021-46988 bsc#1220706).
- commit 37b27a1
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
(CVE-2023-52607 bsc#1221061).
- commit 37ce65f
- perf/core: Fix unconditional security_locked_down() call
(bsc#1220697, CVE-2021-46971).
- commit b2c4fe7
- Update
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
(bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
- Update
patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
(bsc#1221044 CVE-2023-52591 CVE-2023-52590 bsc#1221088).
- Update
patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
(bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
(git-fixes CVE-2023-52477 bsc#1220790).
- commit 807fa36
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- commit 32e1ae4
- Update
patches.suse/0005-dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remov.patch
(git-fixes CVE-2021-46938 bsc#1220554).
- Update
patches.suse/0005-drm-bridge-panel-Cleanup-connector-on-bridge-detach.patch
(bsc#1152489 CVE-2021-47063 bsc#1220777).
- Update
patches.suse/0006-nbd-Fix-NULL-pointer-in-flush_workqueue.patch
(git-fixes CVE-2021-46981 bsc#1220611).
- Update
patches.suse/ARM-9064-1-hw_breakpoint-Do-not-directly-check-the-event-s-overflow_handler-hook.patch
(git-fixes CVE-2021-47006 bsc#1220751).
- Update
patches.suse/ARM-footbridge-fix-PCI-interrupt-mapping.patch
(git-fixes CVE-2021-46909 bsc#1220442).
- Update
patches.suse/HID-magicmouse-fix-NULL-deref-on-disconnect.patch
(git-fixes CVE-2021-47120 bsc#1221606).
- Update
patches.suse/KVM-Destroy-I-O-bus-devices-on-unregister-failure-_a.patch
(bsc#git-fixes CVE-2021-47061 bsc#1220745).
- Update
patches.suse/NFC-nci-fix-memory-leak-in-nci_allocate_device.patch
(git-fixes CVE-2021-47180 bsc#1221999).
- Update
patches.suse/NFS-Don-t-corrupt-the-value-of-pg_bytes_written-in-n.patch
(git-fixes CVE-2021-47166 bsc#1221998).
- Update
patches.suse/NFS-Fix-an-Oopsable-condition-in-__nfs_pageio_add_re.patch
(git-fixes CVE-2021-47167 bsc#1221991).
- Update
patches.suse/NFS-fix-an-incorrect-limit-in-filelayout_decode_layo.patch
(git-fixes CVE-2021-47168 bsc#1222002).
- Update
patches.suse/NFSv4-Fix-a-NULL-pointer-dereference-in-pnfs_mark_ma.patch
(git-fixes CVE-2021-47179 bsc#1222001).
- Update
patches.suse/USB-usbfs-Don-t-WARN-about-excessively-large-memory-.patch
(git-fixes CVE-2021-47170 bsc#1222004).
- Update
patches.suse/bnxt_en-Fix-RX-consumer-index-logic-in-the-error-pat.patch
(git-fixes CVE-2021-47015 bsc#1220794).
- Update
patches.suse/btrfs-fix-race-between-transaction-aborts-and-fsyncs.patch
(bsc#1186441 CVE-2021-46958 bsc#1220521).
- Update
patches.suse/ceph-fix-inode-leak-on-getattr-error-in-_fh_to_dentry.patch
(bsc#1186501 CVE-2021-47000 bsc#1220669).
- Update
patches.suse/cifs-Return-correct-error-code-from-smb2_get_enc_key.patch
(git-fixes CVE-2021-46960 bsc#1220528).
- Update
patches.suse/crypto-qat-ADF_STATUS_PF_RUNNING-should-be-set-after.patch
(git-fixes CVE-2021-47056 bsc#1220769).
- Update
patches.suse/cxgb4-avoid-accessing-registers-when-clearing-filter.patch
(git-fixes CVE-2021-47138 bsc#1221934).
- Update patches.suse/drm-amd-amdgpu-fix-refcount-leak.patch
(git-fixes CVE-2021-47144 bsc#1221989).
- Update patches.suse/drm-amdgpu-Fix-a-use-after-free.patch
(git-fixes CVE-2021-47142 bsc#1221952).
- Update
patches.suse/drm-meson-fix-shutdown-crash-when-component-not-prob.patch
(git-fixes CVE-2021-47165 bsc#1221965).
- Update
patches.suse/ethernet-enic-Fix-a-use-after-free-bug-in-enic_hard_.patch
(git-fixes CVE-2021-46998 bsc#1220625).
- Update
patches.suse/ext4-fix-bug-on-in-ext4_es_cache_extent-as-ext4_spli.patch
(bsc#1187408 CVE-2021-47117 bsc#1221575).
- Update
patches.suse/ext4-fix-memory-leak-in-ext4_fill_super.patch
(bsc#1187409 CVE-2021-47119 bsc#1221608).
- Update
patches.suse/gve-Add-NULL-pointer-checks-when-freeing-irqs.patch
(git-fixes CVE-2021-47141 bsc#1221949).
- Update
patches.suse/i2c-i801-Don-t-generate-an-interrupt-on-bus-reset.patch
(git-fixes CVE-2021-47153 bsc#1221969).
- Update
patches.suse/i40e-Fix-use-after-free-in-i40e_client_subtask.patch
(git-fixes CVE-2021-46991 bsc#1220575).
- Update
patches.suse/iio-adc-ad7124-Fix-potential-overflow-due-to-non-seq.patch
(git-fixes CVE-2021-47172 bsc#1221992).
- Update patches.suse/iommu-vt-d-fix-sysfs-leak-in-alloc_iommu
(bsc#1189218 CVE-2021-47177 bsc#1221997).
- Update
patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch
(bsc#1185988 bsc1220826 CVE-2021-47069 bsc#1220826).
- Update
patches.suse/kyber-fix-out-of-bounds-access-when-preempted.patch
(bsc#1187403 CVE-2021-46984 bsc#1220631).
- Update
patches.suse/locking-qrwlock-Fix-ordering-in-queued_write_lock_sl.patch
(bsc#1185041 CVE-2021-46921 bsc#1220468).
- Update
patches.suse/md-raid1-properly-indicate-failure-when-ending-a-fai.patch
(bsc#1185680 CVE-2021-46950 bsc#1220662).
- Update
patches.suse/media-staging-intel-ipu3-Fix-memory-leak-in-imu_fmt.patch
(git-fixes CVE-2021-46944 bsc#1220566).
- Update
patches.suse/media-staging-intel-ipu3-Fix-set_fmt-error-handling.patch
(git-fixes CVE-2021-46943 bsc#1220583).
- Update
patches.suse/misc-uss720-fix-memory-leak-in-uss720_probe.patch
(git-fixes CVE-2021-47173 bsc#1221993).
- Update
patches.suse/mmc-uniphier-sd-Fix-a-resource-leak-in-the-remove-fu.patch
(git-fixes CVE-2021-46962 bsc#1220532).
- Update
patches.suse/msft-hv-2305-Drivers-hv-vmbus-Use-after-free-in-__vmbus_open.patch
(git-fixes CVE-2021-47049 bsc#1220692).
- Update
patches.suse/msft-hv-2316-uio_hv_generic-Fix-a-memory-leak-in-error-handling-p.patch
(git-fixes CVE-2021-47071 bsc#1220846).
- Update
patches.suse/msft-hv-2317-uio_hv_generic-Fix-another-memory-leak-in-error-hand.patch
(git-fixes CVE-2021-47070 bsc#1220829).
- Update
patches.suse/mtd-require-write-permissions-for-locking-and-badblo.patch
(git-fixes CVE-2021-47055 bsc#1220768).
- Update
patches.suse/net-hns3-put-off-calling-register_netdev-until-clien.patch
(bsc#1154353 CVE-2021-47139 bsc#1221935).
- Update
patches.suse/net-nfc-fix-use-after-free-llcp_sock_bind-connect.patch
(CVE-2021-23134 bsc#1186060 CVE-2021-47068 bsc#1220739).
- Update
patches.suse/net-usb-fix-memory-leak-in-smsc75xx_bind.patch
(git-fixes CVE-2021-47171 bsc#1221994).
- Update
patches.suse/netfilter-nftables-avoid-overflows-in-nft_hash_bucke.patch
(CVE-2021-47013 bsc#1220641 CVE-2021-46992 bsc#1220638).
- Update patches.suse/ocfs2-fix-data-corruption-by-fallocate.patch
(bsc#1187412 CVE-2021-47114 bsc#1221548).
- Update
patches.suse/pid-take-a-reference-when-initializing-cad_pid.patch
(bsc#1152489 CVE-2021-47118 bsc#1221605).
- Update
patches.suse/platform-x86-dell-smbios-wmi-Fix-oops-on-rmmod-dell_.patch
(git-fixes CVE-2021-47073 bsc#1220850).
- Update
patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch
(bsc#1177666 git-fixes bsc#1186460 ltc#192531 CVE-2021-46990
bsc#1220743).
- Update
patches.suse/powerpc-64s-Fix-pte-update-for-kernel-memory-on-radi.patch
(bsc#1055117 git-fixes CVE-2021-47034 bsc#1220687).
- Update
patches.suse/regmap-set-debugfs_name-to-NULL-after-it-is-freed.patch
(git-fixes CVE-2021-47058 bsc#1220779).
- Update
patches.suse/rtw88-Fix-array-overrun-in-rtw_get_tx_power_params.patch
(git-fixes CVE-2021-47065 bsc#1220749).
- Update
patches.suse/scsi-lpfc-Fix-null-pointer-dereference-in-lpfc_prep_.patch
(bsc#1182574 CVE-2021-47045 bsc#1220640).
- Update
patches.suse/scsi-qedf-Add-pointer-checks-in-qedf_update_link_speed
(git-fixes CVE-2021-47077 bsc#1220861).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-in-qla2xxx_mqueuecommand.patch
(bsc#1185491 CVE-2021-46963 bsc#1220536).
- Update
patches.suse/serial-rp2-use-request_firmware-instead-of-request_f.patch
(git-fixes CVE-2021-47169 bsc#1222000).
- Update
patches.suse/soundwire-stream-fix-memory-leak-in-stream-config-er.patch
(git-fixes CVE-2021-47020 bsc#1220785).
- Update
patches.suse/spi-fsl-lpspi-Fix-PM-reference-leak-in-lpspi_prepare.patch
(git-fixes CVE-2021-47051 bsc#1220764).
- Update
patches.suse/spi-spi-fsl-dspi-Fix-a-resource-leak-in-an-error-han.patch
(git-fixes CVE-2021-47161 bsc#1221966).
- Update
patches.suse/tpm-efi-Use-local-variable-for-calculating-final-log.patch
(git-fixes CVE-2021-46951 bsc#1220615).
- Update
patches.suse/tracing-Restructure-trace_clock_global-to-never-block.patch
(git-fixes CVE-2021-46939 bsc#1220580).
- Update
patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
(bsc#1209635 CVE-2022-4744 CVE-2021-47082 bsc#1220969).
- Update
patches.suse/x86-kvm-Disable-kvmclock-on-all-CPUs-on-shutdown.patch
(bsc#1185308 CVE-2021-47110 bsc#1221532).
- Update
patches.suse/x86-kvm-Teardown-PV-features-on-boot-CPU-as-well.patch
(bsc#1185308 CVE-2021-47112 bsc#1221541).
- commit 563b877
- Update
patches.suse/i2c-img-scb-fix-reference-leak-when-pm_runtime_get_s.patch
(git-fixes CVE-2020-36783 bsc#1220561).
- Update
patches.suse/i2c-imx-lpi2c-fix-reference-leak-when-pm_runtime_get.patch
(git-fixes CVE-2020-36782 bsc#1220560).
- Update
patches.suse/i2c-sprd-fix-reference-leak-when-pm_runtime_get_sync.patch
(git-fixes CVE-2020-36780 bsc#1220556).
- commit 33b0d9d
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445 CVE-2023-52474)
- commit bdb2e0c
- Update patches.suse/s390-dasd-add-missing-discipline-function
(bsc#1188130 ltc#193581 CVE-2021-47176 bsc331221996).
- commit d918596
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
CVE-2023-7042).
- commit 22d99d7
- dmaengine: fix NULL pointer in channel unregistration function (bsc#1221276 CVE-2023-52492)
- commit b24663f
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(bsc#1219170 CVE-2024-22099).
- commit b8c2f38
- aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
(bsc#1218562 CVE-2023-6270).
- commit 0e87477
- fs: no need to check source (bsc#1221044 CVE-2023-52591).
- commit df2f811
- rename(): avoid a deadlock in the case of parents having no
common ancestor (bsc#1221044 CVE-2023-52591).
- commit faa6432
- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit d6f6371
- rename(): fix the locking of subdirectories (bsc#1221044
CVE-2023-52591).
- commit 063df0d
- f2fs: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 4dfa62d
- ext4: don't access the source subdirectory content on
same-directory rename (bsc#1221044 CVE-2023-52591).
- commit 80ff66b
- ext2: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 03d3930
- udf_rename(): only access the child content on cross-directory
rename (bsc#1221044 CVE-2023-52591).
- commit 4bff17c
- ocfs2: Avoid touching renamed directory if parent does not
change (bsc#1221044 CVE-2023-52591).
- commit 74fc5ec
- reiserfs: Avoid touching renamed directory if parent does not
change (git-fixes bsc#1221044 CVE-2023-52591).
Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit f392df9
- fs: don't assume arguments are non-NULL (bsc#1221044
CVE-2023-52591).
- commit a11eadd
- fs: Restrict lock_two_nondirectories() to non-directory inodes
(bsc#1221044 CVE-2023-52591).
- commit 6ad8632
- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 696c231
- fs: Lock moved directories (bsc#1221044 CVE-2023-52591).
- commit c14fbaa
- fs: Establish locking order for unrelated directories
(bsc#1221044 CVE-2023-52591).
- commit b424ded
- fs: introduce lock_rename_child() helper (bsc#1221044
CVE-2023-52591).
- commit 02e4cc0
- dm: rearrange core declarations for extended use from dm-zone.c
(bsc#1221113).
- Refresh
patches.kabi/kABI-dm-fix-deadlock-when-swapping-to-encrypted-device.patch.
- commit 741eac7
- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
CVE-2023-52476).
- commit c46d003
- dm rq: don't queue request to blk-mq during DM suspend
(bsc#1221113).
- commit b77fc22
- neighbour: allow NUD_NOARP entries to be forced GCed
(bsc#1221534 CVE-2021-47109).
- commit d36f6ec
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (bsc#1213456 CVE-2023-28746).
- commit 15a7f43
- Sort already upstream patches
- Refresh
patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
patches.suse/KVM-VMX-Move-VERW-closer-to-VMentry-for-MDS-mitigation.patch.
- Refresh
patches.suse/KVM-VMX-Use-BT-JNC-i.e.-EFLAGS.CF-to-select-VMRESUME-vs.-V.patch.
- Refresh
patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
patches.suse/x86-bugs-Add-asm-helpers-for-executing-VERW.patch.
- Refresh
patches.suse/x86-bugs-Use-ALTERNATIVE-instead-of-mds_user_clear-static-.patch.
- Refresh
patches.suse/x86-entry_32-Add-VERW-just-before-userspace-transition.patch.
- Refresh
patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch.
- Refresh
patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit 851bcbe
- perf/core: Fix unconditional security_locked_down() call
(bsc#1220697, CVE-2021-46971).
- commit 0b7f805
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1220754 CVE-2023-6531).
- commit a0d28a2
- usb: mtu3: fix list_head check warning (bsc#1220484
CVE-2021-46930).
- commit b548734
- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
Fix for kABI workaround.
- commit ff68767
- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
CVE-2023-52583).
- commit 5c7a950
- usb: hub: Guard against accesses to uninitialized BOS
descriptors (git-fixes).
Altered because 5.3 does not do SSP
- commit 6d423f3
- Update
patches.suse/scsi-qla2xxx-Fix-SRB-leak-on-switch-command-timeout.patch
added CVE reference to: (jsc#SLE-9714 jsc#SLE-10327 jsc#SLE-10334
bnc#1151927 5.3.17 cve-2021-46963).
- commit bac1eb3
- Update reference of bpf-Use-correct-permission-flag-for-mixed-signed-bou.patch
(bsc#1184942 bsc#1220425 CVE-2021-29155 CVE-2021-46908).
- commit 787c408
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit d61356a
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit 10972e5
- irqchip/gic-v3: Do not enable irqs when handling spurious interrups (bsc#1220529,CVE-2021-46961)
- commit 83fe0b1
- group-source-files.pl: Quote filenames (boo#1221077).
The kernel source now contains a file with a space in the name.
Add quotes in group-source-files.pl to avoid splitting the filename.
Also use -print0 / -0 when updating timestamps.
- commit a005e42
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit c4890bf
- mm: fix gup_pud_range (bsc#1220824).
- commit d0caaa5
- krb5
-
- Fix memory leaks, add patch 0012-Fix-two-unlikely-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
- less
-
- Fix CVE-2024-32487, mishandling of \n character in paths when
LESSOPEN is set leads to OS command execution
(CVE-2024-32487, bsc#1222849)
* CVE-2024-32487.patch
- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
metacharacters, bsc#1219901
* CVE-2022-48624.patch
- util-linux
-
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- c-ares
-
- CVE-2024-25629.patch: fix out of bounds read in ares__read_line()
(bsc#1220279, CVE-2024-25629)
- libfastjson
-
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
large JSON file (bsc#1171479)
add 0001-Fix-CVE-2020-12762.patch
- gcc13
-
- Add gcc13-pr111731.patch to fix unwinding for JIT code.
[bsc#1221239]
- Revert libgccjit dependency change. [boo#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Use %patch -P N instead of %patchN.
- Add gcc13-sanitizer-remove-crypt-interception.patch to remove
crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285
- Add gcc13-pr88345-min-func-alignment.diff to add support for
- fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250
* Includes fix for building TVM. [boo#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[boo#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than
in gcc13-devel. [boo#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs
are linked against libstdc++6.
- Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205
- Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109
* Includes fix for building mariadb on i686. [bsc#1217667]
* Remove pr111411.patch contained in the update.
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
- ncurses
-
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
* Backport from ncurses-6.4-20230615.patch
improve checks in convert_string() for corrupt terminfo entry
- nghttp2
-
- security update
- added patches
fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-1.patch
fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-2.patch
- openssl-1_1
-
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- python3
-
- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
gh#python/cpython!16557) fixes syslog making default "ident"
from sys.argv[0].
- libzypp
-
- Don't try to refresh volatile media as long as raw metadata are
present (bsc#1223094)
- version 17.32.5 (32)
- Fix creation of sibling cache dirs with too restrictive mode
(bsc#1222398)
Some install workflows in YAST may lead to too restrictive (0700)
raw cache directories in case of newly created repos. Later
commands running with user privileges may not be able to access
these repos.
- version 17.32.4 (32)
- Update RepoStatus fromCookieFile according to the files mtime
(bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)
- Fixup New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
Fixed the name of the keyword to "support_superseded" as it was
agreed on in jsc#OBS-301.
- version 17.32.2 (32)
- Add resolver option 'removeUnneeded' to file weak remove jobs
for unneeded packages (bsc#1175678)
- version 17.32.1 (32)
- Add resolver option 'removeOrphaned' for distupgrade
(bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)
- ProblemSolution::skipsPatchesOnly overload to handout the
patches.
- Remove https->http redirection exceptions for
download.opensuse.org.
- version 17.31.32 (22)
- openssh
-
- Add patches from upstream to change the default value of
UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
This makes ssh update the known_hosts stored keys with all
published versions by the server (after it's authenticated
with an existing key), which will allow to identify the
server with a different key if the existing key is considered
insecure at some point in the future (bsc#1222831).
* 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
* 0002-upstream-disable-UpdateHostkeys-by-default-if.patch
- Add patches openssh-7.7p1-seccomp_getuid.patch and
openssh-bsc1216474-s390-leave-fds-open.patch
(bsc#1216474, bsc#1218871)
- Fix hostbased ssh login failing occasionally with "signature
unverified: incorrect signature" by fixing a typo in patch
(bsc#1221123):
* openssh-7.8p1-role-mls.patch
- pam-config
-
- Fix pam_gnome_keyring module for AUTH.
[pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
- perl
-
- fix space calculation issues in pp_pack.c [bnc#1082216]
[CVE-2018-6913]
* new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
[CVE-2018-6798]
new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
new patch: perl-net-ftp-tls13.diff
- python-Jinja2
-
- Add CVE-2024-34064.patch upstream patch
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
Also fixes (CVE-2024-22195, bsc#1218722)
- python-idna
-
- Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, CVE-2024-3651)
- python-requests
-
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
- salt
-
- Make "man" a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* fix-salt-warnings-and-testuite-for-python-3.11-635.patch
* discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
* decode-oscap-byte-stream-to-string-bsc-1219001.patch
* fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
* improve-pip-target-override-condition-with-venv_pip_.patch
* make-importing-seco.range-thread-safe-bsc-1211649.patch
* fix-problematic-tests-and-allow-smooth-tests-executi.patch
* switch-oscap-encoding-to-utf-8-639.patch
- runc
-
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
+ 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
+ 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
+ 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- sed
-
- 0001-sed-set-correct-umask-on-temporary-files.patch
Fix for bsc#1221218
- supportutils
-
- Changes in version 3.1.30
+ Added -V key:value pair option (bsc#1222021, PED-8211)
+ Avoid getting duplicate kernel verifications in boot.text (pr#193)
+ Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
+ Includes container log timestamps (pr#197)
- Changes to version 3.1.29
+ Extended scaling for performance (bsc#1214713)
+ Fixed kdumptool output error (bsc#1218632)
+ Corrected podman ID errors (bsc#1218812)
+ Duplicate non root podman entries removed (bsc#1218814)
+ Corrected get_sles_ver for SLE Micro (bsc#1219241)
+ Check nvidida-persistenced state (bsc#1219639)
- systemd-default-settings
-
- Import 0.10
5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)
- Import 0.9
bb859bf user@.service: Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its
various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
"feature" has been abandoned.
- Import 0.8
f34372f User priority '26' for SLE-Micro
c8b6f0a Revert "Convert more drop-ins into early ones"
- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
6b8dde1 Convert more drop-ins into early ones
- systemd-presets-common-SUSE
-
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
(bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
Support both the old and new service to avoid complex version interdependency.
- util-linux-systemd
-
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- vim
-
- Updated to version 9.1 with patch level 0330, fixes the following problems
* Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330
- wicked
-
- client: fix ifreload to pull UP ports/links again when the config
of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
[+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
[- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
[- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
[- 0003-move-all-attribute-definitions-to-compiler-h.patch]
[- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
[- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- client: do not convert sec to msec twice (bsc#1222105)
[+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- addrconf: fix fallback-lease drop (bsc#1220996)
[+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
- extensions/nbft: use upstream `nvme nbft show` (bsc#1221358)
[+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
- hide secrets in debug log (bsc#1221194)
[+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
[+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
- yast2
-
- Reimplemented the hardcoded product mapping to support also the
migration from SLE_HPC to SLES SP6+ (with the HPC module)
(bsc#1220567)
- 4.3.70
- zypper
-
- Do not try to refresh repo metadata as non-root user
(bsc#1222086)
Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
list them.
- Don't print 'reboot required' message if download-only or
dry-run (fixes #529)
Instead point out that a reboot would be required if the option
was not used.
- Resepect zypper.conf option `showAlias` search commands
(bsc#1221963)
Repository::asUserString (or Repository::label) respects the
zypper.conf option, while name/alias return the property.
- version 1.14.71
- dup: New option --remove-orphaned to remove all orphaned
packages in dup (bsc#1221525)
- version 1.14.70
- info,summary: Support VendorSupportOption flag
VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires: libzypp-devel >= 17.32.0.
API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
The problem description() is one rule out possibly many in
completeProblemInfo() the solver has chosen to represent the
problem. So either description or completeProblemInfo should be
printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
first one (bsc#1218171)
- version 1.14.69