- SUSEConnect
-
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- cloud-init
-
- Update cloud-init-write-routes.patch (bsc#1180176)
+ Follow up to previous changes. Fix order of operations
error to make gateway comparison between subnet configuration and
route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
- Python 3.4 compatibility in setup.py
- Disable some test for mock version compatibility
- Add wget as a requirement (bsc#1178029)
+ wget is used in the CloudStack data source
- Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151)
+ Properly set the password for the default user in all circumstances
- Patch the full package version into the cloud-init version file
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Fix missing default route when dual stack network setup is used. Once
a default route was configured for Ipv6 or IPv4 the default route
configuration for the othre protocol was skipped.
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Avoid exception if no gateway information is present and warning
is triggered for existing routing.
- Update to version 20.2 (bsc#1174443, bsc#1174444)
+ Remove patches included upstream:
- 0001-Make-tests-work-with-Python-3.8-139.patch
- cloud-init-ostack-metadat-dencode.patch
- cloud-init-use-different-random-src.diff
- cloud-init-long-pass.patch
- cloud-init-mix-static-dhcp.patch
+ Remove patches build switched to Python 3 for all distributions
(jsc#PM-2335)
- cloud-init-python2-sigpipe.patch
- cloud-init-template-py2.patch
+ Add
- cloud-init-after-kvp.diff
- cloud-init-recognize-hpc.patch
+ doc/format: reference make-mime.py instead of an inline script (#334)
+ Add docs about creating parent folders (#330) [Adrian Wilkins]
+ DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470)
+ schema: ignore spurious pylint error (#332)
+ schema: add json schema for write_files module (#152)
+ BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder]
+ nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder]
+ cloudinit: drop dependencies on unittest2 and contextlib2 (#322)
+ distros: handle a potential mirror filtering error case (#328)
+ log: remove unnecessary import fallback logic (#327)
+ .travis.yml: don't run integration test on ubuntu/* branches (#321)
+ More unit test documentation (#314)
+ conftest: introduce disable_subp_usage autouse fixture (#304)
+ YAML align indent sizes for docs readability (#323) [Tak Nishigori]
+ network_state: add missing space to log message (#325)
+ tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910)
+ test_mounts: expand happy path test for both happy paths (#319)
+ cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836)
+ swap file "/size"/ being used before checked if str (#315) [Eduardo Otubo]
+ HACKING.rst: add pytest version gotchas section (#311)
+ docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers]
+ readme: OpenBSD is now supported (#309) [Gonéri Le Bouder]
+ net: ignore 'renderer' key in netplan config (#306) (LP: #1870421)
+ Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370)
+ openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder]
+ tools/.github-cla-signers: add beezly as CLA signer (#301)
+ util: remove unnecessary lru_cache import fallback (#299)
+ HACKING.rst: reorganise/update CLA signature info (#297)
+ distros: drop leading/trailing hyphens from mirror URL labels (#296)
+ HACKING.rst: add note about variable annotations (#295)
+ CiTestCase: stop using and remove sys_exit helper (#283)
+ distros: replace invalid characters in mirror URLs with hyphens (#291)
(LP: #1868232)
+ rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy]
+ Fix cloud-init ignoring some misdeclared mimetypes in user-data.
[Kurt Garloff]
+ net: ubuntu focal prioritize netplan over eni even if both present
(#267) (LP: #1867029)
+ cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292)
+ net/cmdline: replace type comments with annotations (#294)
+ HACKING.rst: add Type Annotations design section (#293)
+ net: introduce is_ip_address function (#288)
+ CiTestCase: remove now-unneeded parse_and_read helper method (#286)
+ .travis.yml: allow 30 minutes of inactivity in cloud tests (#287)
+ sources/tests/test_init: drop use of deprecated inspect.getargspec (#285)
+ setup.py: drop NIH check_output implementation (#282)
+ Identify SAP Converged Cloud as OpenStack [Silvio Knizek]
+ add Openbsd support (#147) [Gonéri Le Bouder]
+ HACKING.rst: add examples of the two test class types (#278)
+ VMWware: support to update guest info gc status if enabled (#261)
[xiaofengw-vmware]
+ Add lp-to-git mapping for kgarloff (#279)
+ set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder]
+ HACKING.rst: add Unit Testing design section (#277)
+ util: read_cc_from_cmdline handle urlencoded yaml content (#275)
+ distros/tests/test_init: add tests for _get_package_mirror_info (#272)
+ HACKING.rst: add links to new Code Review Process doc (#276)
+ freebsd: ensure package update works (#273) [Gonéri Le Bouder]
+ doc: introduce Code Review Process documentation (#160)
+ tools: use python3 (#274)
+ cc_disk_setup: fix RuntimeError (#270) (LP: #1868327)
+ cc_apt_configure/util: combine search_for_mirror implementations (#271)
+ bsd: boottime does not depend on the libc soname (#269)
[Gonéri Le Bouder]
+ test_oracle,DataSourceOracle: sort imports (#266)
+ DataSourceOracle: update .network_config docstring (#257)
+ cloudinit/tests: remove unneeded with_logs configuration (#263)
+ .travis.yml: drop stale comment (#255)
+ .gitignore: add more common directories (#258)
+ ec2: render network on all NICs and add secondary IPs as static (#114)
(LP: #1866930)
+ ec2 json validation: fix the reference to the 'merged_cfg' key (#256)
[Paride Legovini]
+ releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini]
+ cloudinit: remove six from packaging/tooling (#253)
+ util/netbsd: drop six usage (#252)
+ workflows: introduce stale pull request workflow (#125)
+ cc_resolv_conf: introduce tests and stabilise output across Python
versions (#251)
+ fix minor issue with resolv_conf template (#144) [andreaf74]
+ doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder]
+ Add Netbsd support (#62) [Gonéri Le Bouder]
+ tox.ini: avoid substition syntax that causes a traceback on xenial (#245)
+ Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby]
+ Introduce and use of a list of GitHub usernames that have signed CLA
(#244)
+ workflows/cla.yml: use correct username for CLA check (#243)
+ tox.ini: use xenial version of jsonpatch in CI (#242)
+ workflows: CLA validation altered to fail status on pull_request (#164)
+ tox.ini: bump pyflakes version to 2.1.1 (#239)
+ cloudinit: move to pytest for running tests (#211)
+ instance-data: add cloud-init merged_cfg and sys_info keys to json
(#214) (LP: #1865969)
+ ec2: Do not fallback to IMDSv1 on EC2 (#216)
+ instance-data: write redacted cfg to instance-data.json (#233)
(LP: #1865947)
+ net: support network-config:disabled on the kernel commandline (#232)
(LP: #1862702)
+ ec2: only redact token request headers in logs, avoid altering request
(#230) (LP: #1865882)
+ docs: typo fixed: dta → data [Alexey Vazhnov]
+ Fixes typo on Amazon Web Services (#217) [Nick Wales]
+ Fix docs for OpenStack DMI Asset Tag (#228)
[Mark T. Voelker] (LP: #1669875)
+ Add physical network type: cascading to openstack helpers (#200)
[sab-systems]
+ tests: add focal integration tests for ubuntu (#225)
- From 20.1 (first vesrion after 19.4)
+ ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
(LP: #1863943)
+ utils: use SystemRandom when generating random password. (#204)
[Dimitri John Ledkov]
+ docs: mount_default_files is a list of 6 items, not 7 (#212)
+ azurecloud: fix issues with instances not starting (#205) (LP: #1861921)
+ unittest: fix stderr leak in cc_set_password random unittest
output. (#208)
+ cc_disk_setup: add swap filesystem force flag (#207)
+ import sysvinit patches from freebsd-ports tree (#161) [Igor Galić]
+ docs: fix typo (#195) [Edwin Kofler]
+ sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
[Robert Schweikert] (LP: #1800854)
+ cloudinit: replace "/from six import X"/ imports (except in util.py) (#183)
+ run-container: use 'test -n' instead of 'test ! -z' (#202)
[Paride Legovini]
+ net/cmdline: correctly handle static ip= config (#201)
[Dimitri John Ledkov] (LP: #1861412)
+ Replace mock library with unittest.mock (#186)
+ HACKING.rst: update CLA link (#199)
+ Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
[Louis Bouchard]
+ cloudinit/cmd/devel/net_convert.py: add missing space (#191)
+ tools/run-container: drop support for python2 (#192) [Paride Legovini]
+ Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
+ Make the RPM build use Python 3 (#190) [Paride Legovini]
+ cc_set_password: increase random pwlength from 9 to 20 (#189)
(LP: #1860795)
+ .travis.yml: use correct Python version for xenial tests (#185)
+ cloudinit: remove ImportError handling for mock imports (#182)
+ Do not use fallocate in swap file creation on xfs. (#70)
[Eduardo Otubo] (LP: #1781781)
+ .readthedocs.yaml: install cloud-init when building docs (#181)
(LP: #1860450)
+ Introduce an RTD config file, and pin the Sphinx version to the RTD
default (#180)
+ Drop most of the remaining use of six (#179)
+ Start removing dependency on six (#178)
+ Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
+ docs: add proposed SRU testing procedure (#167)
+ util: rename get_architecture to get_dpkg_architecture (#173)
+ Ensure util.get_architecture() runs only once (#172)
+ Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann]
+ freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder]
+ ssh_auth_key_fingerprints_disable test: fix capitalization (#165)
[Paride Legovini]
+ util: move uptime's else branch into its own boottime function (#53)
[Igor Galić] (LP: #1853160)
+ workflows: add contributor license agreement checker (#155)
+ net: fix rendering of 'static6' in network config (#77) (LP: #1850988)
+ Make tests work with Python 3.8 (#139) [Conrad Hoffmann]
+ fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74]
+ freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder]
+ doc: make apt_update example consistent (#154)
+ doc: add modules page toc with links (#153) (LP: #1852456)
+ Add support for the amazon variant in cloud.cfg.tmpl (#119)
[Frederick Lefebvre]
+ ci: remove Python 2.7 from CI runs (#137)
+ modules: drop cc_snap_config config module (#134)
+ migrate-lp-user-to-github: ensure Launchpad repo exists (#136)
+ docs: add initial troubleshooting to FAQ (#104) [Joshua Powers]
+ doc: update cc_set_hostname frequency and descrip (#109)
[Joshua Powers] (LP: #1827021)
+ freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder]
+ cc_snappy: remove deprecated module (#127)
+ HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130)
+ freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder]
+ cloud-init: fix capitalisation of SSH (#126)
+ doc: update cc_ssh clarify host and auth keys
[Joshua Powers] (LP: #1827021)
+ ci: emit names of tests run in Travis (#120)
- Disable testing to aid elimination of unittest2 in Factory
- cups
-
- cups-1.7.5-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-1.7.5-CVE-2019-8842.patc fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- curl
-
- Update curl-CVE-2020-8284.patch [bsc#1179398, CVE-2020-8284]
- Apply "/curl-CVE-2020-8284.patch"/ to enable --ftp-skip-pasv-ip by
default. This change fixes a security issue where a malicious FTP
server was able to use the `PASV` response to trick curl into
connecting back to a given IP address and port, and this way
potentially make curl extract information about services that are
otherwise private and not disclosed, doing port scanning and
service banner extractions. If curl operated on a URL provided by
a user (which by all means is an unwise setup), a user was able
to exploit that and pass in a URL to a malicious FTP server
instance without needing any server breach to perform the attack.
[CVE-2020-8284, bsc#1179398]
- Security fix: [bsc#1179399, CVE-2020-8285]
* FTP wildcard stack overflow: The wc_statemach() internal
function has been rewritten to use an ordinary loop instead of
the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
* An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then.
- Add curl-CVE-2020-8231.patch
- cyrus-sasl
-
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
has an out-of-bounds write leading to unauthenticated remote
denial-of-service in OpenLDAP via a malformed LDAP packet
o apply upstream patch
- 0001-Fix-587.patch
- kdump
-
- kdump-fix-multipath-user_friendly_names.patch: Update references
(bsc#1111207, LTC#171953, bsc#1125218, LTC#175465, bsc#1153601).
- kdump-remove-console-hvc0-from-commandline.patch: remove
console=hvc0 from commandline (bsc#1173914).
- kdump-set-serial-console-from-Xen-cmdline.patch: set serial
console from Xen cmdline (bsc#1173914).
- kdump-Remove-noefi-and-acpi_rsdp-for-EFI-firmware.patch: Remove
noefi and acpi_rsdp for EFI firmware (bsc#1123940, bsc#1170336).
- kdump-Add-skip_balance-option-to-BTRFS-mounts.patch: Add
skip_balance option to BTRFS mounts (bsc#1108255).
- kdump-do-not-add-rd.neednet.patch: Do not add 'rd.neednet=1' to
dracut command line (bsc#1177196).
- kernel-default
-
- futex: Fix incorrect should_fail_futex() handling (bsc#969755).
- futex: Avoid freeing an active timer (bsc#969755).
- commit cce36b8
- futex: Handle faults correctly for PI futexes (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Simplify fixup_pi_state_owner() (bsc#969755 bsc#1181349
CVE-2021-3347).
- futex: Use pi_state_update_owner() in put_pi_state() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Provide and use pi_state_update_owner() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Replace pointless printk in fixup_owner() (bsc#969755
bsc#1181349 CVE-2021-3347).
- futex: Ensure the correct return value from futex_lock_pi()
(bsc#969755 bsc#1181349 CVE-2021-3347).
- futex: Don't enable IRQs unconditionally in put_pi_state()
(bsc#969755).
- futex: Handle transient "/ownerless"/ rtmutex state correctly
(bsc#969755).
- locking/futex: Allow low-level atomic operations to return
- EAGAIN (bsc#969755).
- futex: Handle early deadlock return correctly (bsc#969755).
- futex: Fix OWNER_DEAD fixup (bsc#969755).
- futex: Avoid violating the 10th rule of futex (bsc#969755).
- futex: Fix more put_pi_state() vs. exit_pi_state_list() races
(bsc#969755).
- futex: Fix pi_state->owner serialization (bsc#969755).
- futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock() (bsc#969755).
- futex: Fix small (and harmless looking) inconsistencies
(bsc#969755).
- futex: Drop hb->lock before enqueueing on the rtmutex
(bsc#969755).
- futex: Futex_unlock_pi() determinism (bsc#969755).
- futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
(bsc#969755).
- futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
(bsc#969755).
- futex,rt_mutex: Introduce rt_mutex_init_waiter() (bsc#969755).
- futex: Pull rt_mutex_futex_unlock() out from under hb->lock
(bsc#969755).
- futex: Rework inconsistent rt_mutex/futex_q state (bsc#969755).
- futex: Change locking rules (bsc#969755).
- futex,rt_mutex: Provide futex specific rt_mutex API
(bsc#969755).
- commit 3ea3e69
- cifs: do not revalidate mountpoint dentries (bsc#1177440).
- cifs: ignore revalidate failures in case of process gets
signaled (bsc#1177440).
- commit 92b5fe6
- Use r3 instead of r13 for l1d fallback flush in do_uaccess_fush
(bsc#1181096 ltc#190883).
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch.
Touching r13 in do_uaccess_flush causes bad memory access in kernel and
either kernel or running userspace proccess crash. do_uaccess_fush is a
function so it can use volatile GPRs such as r3 freely. Use it to load
the PACA_AUX pointer instead of r13.
- commit b0522ed
- netfilter: ctnetlink: add a range check for l3/l4 protonum
(CVE-2020-25211 bsc#1176395).
- commit e22722d
- Update
patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Update
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
(CVE-2020-27675 XSA-331 bsc#1177410).
- Update
patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 0258ab9
- mm/userfaultfd: do not access vma->vm_mm after calling
handle_userfault() (bsc#1179204).
- commit 7318dbe
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
CVE-2020-27835).
- IB/hfi1: Move structure definitions from user_exp_rcv.c to
user_exp_rcv.h (bsc#1179878).
- IB/hfi1: Fix the bail out code in pin_vector_pages() function
(bsc#1179878).
- IB/hfi1: Clean up pin_vector_pages() function (bsc#1179878).
- IB/hfi1: Clean up hfi1_user_exp_rcv_setup function
(bsc#1179878).
- IB/hfi1: Use filedata rather than filepointer (bsc#1179878).
- IB/hfi1: Name function prototype parameters (bsc#1179878).
- commit 96dfbdb
- scsi: iscsi: Fix a potential deadlock in the timeout handler
(bsc#1178272).
- commit 0435a8c
- Refresh patches.suse/powerpc-Implement-user_access_begin-and-friends.patch.
Drop unused definition.
- commit 6652b07
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch (bsc#1180815).
Fixup the PACA_AUX handling in entry an uaccess flush.
- commit 3b153a1
- xen: support having only one event pending per watch
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 8958f53
- xen: revert Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit bbbf26c
- xen: revert Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 91d64f5
- xen: revert Support will_handle watch callback (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 9715572
- xen: revert Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 047dcd1
- xen: revert Disallow pending watch messages (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 3296374
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(bsc#1179509 XSA-350 CVE-2020-29569).
- commit acb25f4
- xenbus/xenbus_backend: Disallow pending watch messages
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit dd5910a
- xen/xenbus: Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 8136b44
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 4582297
- xen/xenbus: Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit d272247
- xen/xenbus: Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0d1044d
- fix regression in "/epoll: Keep a reference on files added to
the check list"/ (bsc#1180031, git-fixes).
- do_epoll_ctl(): clean the failure exits up a bit
(bsc#1180031,CVE-2020-0466).
- epoll: Keep a reference on files added to the check list
(bsc#1180031).
- commit f620437
- Move upstreamed vgacon patch into sorted section
- commit 39c8e9f
- audit: fix error handling in audit_data_to_entry()
(CVE-2020-0444 bsc#1180027).
- commit 20e9b9f
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158 bsc#1180559).
- commit 6e082c0
- Refresh patches.suse/powerpc-rtas-fix-typo-of-ibm-open-errinjct-in-rtas-f.patch
Refresh to upstream version.
- commit bc91473
- tracing: Fix race in trace_open and buffer resize call
(CVE-2020-27825 bsc#1179960).
- commit e2d61a2
- ring-buffer: speed up buffer resets by avoiding synchronize_rcu
for each CPU (CVE-2020-27825 bsc#1179960).
- commit 26416a1
- ring-buffer: Make resize disable per cpu buffer instead of
total buffer (CVE-2020-27825 bsc#1179960).
- commit 324f602
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
(CVE-2020-27068 bsc#1180086).
- commit 4f3308e
- HID: Fix slab-out-of-bounds read in hid_field_extract
(bsc#1180052).
- commit 4d89452
- HID: core: Sanitize event code and type when mapping input
(CVE-2020-0465 bsc#1180029).
- commit 396f396
- tty: Fix ->session locking (bsc#1179745 CVE-2020-29660).
- tty: Fix ->pgrp locking in tiocspgrp() (bsc#1179745
CVE-2020-29661).
- commit 1cc3fb3
- powerpc/rtas: fix typo of ibm,open-errinjct in rtas filter
(CVE-2020-27777 bsc#1179107 bsc#1179887 ltc#190092).
- commit d1f9480
- media: xirlink_cit: add missing descriptor sanity checks
(bsc#1168952 CVE-2020-11668).
- commit 3e66aa1
- Update
patches.fixes/sched-fair-Don-t-free-p-numa_faults-with-concurrent-.patch
(bsc#1144920, bsc#1179663, CVE-2019-20934).
- commit d9fcab2
- powerpc: Stop exporting __clear_user which is now inlined
(CVE-2020-4788 bsc#1177666).
- commit 8ac43e7
- ALSA: rawmidi: Change resized buffers atomically (CVE-2018-10902
bsc#1105322).
- commit 2190948
- kABI workaround for snd_rawmidi buffer_ref field addition
(CVE-2020-27786 bsc#1179601).
- commit 5bed91c
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
(CVE-2020-27786 bsc#1179601).
- commit 1c1d0c3
- cifs: fix potential use-after-free in cifs_echo_request()
(bsc#1139944).
- commit 3f7fb1a
- powerpc/64s: flush L1D after user accesses (CVE-2020-4788
bsc#1177666).
- Refresh patches.suse/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch.
- Refresh patches.arch/kvm-x86-mmu-Apply-global-mitigations-knob-to-ITLB_MULTIHIT.patch.
- Refresh patches.kabi/kABI-powerpc-avoid-including-pgtable.h-in-kup.h.patch.
- powerpc/uaccess: Evaluate macro arguments once, before user
access is allowed (CVE-2020-4788 bsc#1177666).
- powerpc: Fix __clear_user() with KUAP enabled (CVE-2020-4788
bsc#1177666).
- powerpc: Implement user_access_begin and friends (CVE-2020-4788
bsc#1177666).
- powerpc: Add a framework for user access tracking (CVE-2020-4788
bsc#1177666).
- powerpc/64s: flush L1D on kernel entry (CVE-2020-4788
bsc#1177666).
- Refresh patches.suse/0009-x86-speculation-taa-Add-documentation-for-TSX-Async-.patch.
- Refresh patches.arch/kvm-x86-mmu-Apply-global-mitigations-knob-to-ITLB_MULTIHIT.patch.
- Refresh patches.suse/powerpc-rfi-flush-Move-RFI-flush-fields-out-of-the-p.patch.
- powerpc/64s: move some exception handlers out of line
(CVE-2020-4788 bsc#1177666).
- powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
(CVE-2020-4788 bsc#1177666).
- commit 5decbce
- block: Fix use-after-free in blkdev_get() (bsc#1173834
bsc#1179141 CVE-2020-15436).
- commit 14ac1a6
- kABI: powerpc: Add back __clear_user (CVE-2020-4788
bsc#1177666).
- commit 5d98532
- kABI: powerpc: avoid including pgtable.h in kup.h (CVE-2020-4788
bsc#1177666).
- commit 3c556af
- serial: 8250: fix null-ptr-deref in serial8250_start_tx()
(CVE-2020-15437 bsc#1179140).
- commit 3fe67b6
- powerpc/rtas: Restrict RTAS requests from userspace
(CVE-2020-27777 bsc#1179107).
- Update config files.
- commit 0dba49d
- vt: Disable KD_FONT_OP_COPY (CVE-2020-28974 bsc#1178589).
- commit c6f98d1
- Fonts: Replace discarded const qualifier (CVE-2020-28915
bsc#1178886).
- fbcon: Fix global-out-of-bounds read in fbcon_get_font()
(CVE-2020-28915 bsc#1178886).
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
(CVE-2020-28915 bsc#1178886).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into
linux/font.h (CVE-2020-28915 bsc#1178886).
- commit 0af4cee
- video: hyperv_fb: include vmalloc.h (bsc#1175306).
Refresh patches.suse/suse-hv-VERSION_WIN10_V5.patch.
no code changes
- commit 4e8b360
- Refresh
patches.arch/0002-x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch.
- commit b65cf87
- Input: sunkbd - avoid use-after-free in teardown paths
(CVE-2020-25669 bsc#1178182).
- commit d1ac9b9
- mm/hugetlb: fix a race between hugetlb sysctl handlers
(bsc#1176485, CVE-2020-25285).
- commit 17cb8e9
- libnl3
-
- Add libnl3-fix-ipv6-privacy-extension.patch: fix ipv6 privacy
extension of NetworkManager not working by backporting these 3
commits (bsc#1025043):
42c41336000e ("/add support for IFA_FLAGS nl attribute"/)
dcc0baac020e ("/addr: add address flag IFA_F_MANAGETEMPADDR"/)
b203c89d862a ("/addr: add address flag IFA_F_NOPREFIXROUTE"/)
- libxml2
-
- Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- libyajl
-
- fix popd syntax, new bash doesn't like it anymore
- libzypp
-
- RepoManager: Carefully tidy up the caches. Remove non-directory
entries. (bsc#1178966)
- version 16.21.4 (0)
- ZYPP_MEDIA_CURL_DEBUG logs full Authorization: header (bsc#1174215)
The Authorization: header may include base64 encoded credentials
which could be restored from the log file. The credentials are
now stripped from the log.
- version 16.21.3 (0)
- logrotate
-
- Fix false alarm when using su and compress (bsc#1179189)
Applies commit 15a768b340d1010e22955ace518425cdb13bba5f
* Added patch logrotate-3.11.0-false-alarm-for-su-compress.patch
- makedumpfile
-
- makedumpfile-x86_64-xen-vtop.patch: Update references
(bsc#1014136, bsc#1068694, bsc#1162279).
- makedumpfile-vaddr_to_paddr_x86_64-Xen-fix.patch: Fix
vaddr_to_paddr_x86_64 under Xen (bsc#1116830).
- makedumpfile-x86_64-xen-vtop.patch: Remove a hunk that breaks
Xen dumps (bsc#1116830).
- openldap2-client
-
- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues
where openldap would crash due to malformed inputs.
* patch: 0207-ITS-9383-remove-assert-in-certificateListValidate.patch
* patch: 0208-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
- openssh
-
- Add openssh-CVE-2020-14145-information-leak.patch
(CVE-2020-14145, bsc#1173513). This partially mitigates a
potential information leak during host key exchange that could
be exploited by a man-in-the-middle attacker.
- pam-modules
-
- The fail delay is fixed and annoying. The relevant code sections
from factory are backported here. There is not patch as the
file with the offending code resides in the top level directory.
[unix2_chkpw.c, bsc#1070595]
- python
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-base
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-jsonschema
-
- Update in SLE-12 (fate#326950, bsc#1122668, jsc#PM-1447)
- Convert to single-spec (fate#324191, bsc#1065275)
- Run fdupes to hardlink duplicate files
+ Add fdupes to BuildRequires
+ Add %fdupes %{buildroot}/%{_prefix} to %install
- Add condition around the python2 code to make sure we can build
in python3 only enviroment
- Source url must be https.
- Fix source url.
- Update to 2.6.0
* Improved performance on CPython by adding caching around ref resolution
(#203)
- Implement single-spec version
- Adjust dependencies for Python 2.6 based SLE 11
- update to version 2.5.1:
(no changelog available)
- update to version 2.5.0:
* Improved performance on CPython by adding caching around ref
resolution (#203)
- specfile:
* add python-vcversioner
- drop test requirements and %check section, which is broken
- Fix update-alternatives usage
- python-pyserial
-
- Setup single spec build (jsc#PM-2335)
- python-urllib3
-
- Add CVE-2020-26116-CRLF-injection.patch which raises ValueError
if method contains control characters and thus prevents CRLF
injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,
gh#urllib3/urllib3#1800).
- sudo
-
- Fix Heap-based buffer overflow in Sudo [bsc#1181090,CVE-2021-3156]
* sudo-CVE-2021-3156.patch
- Possible Dir Existence Test due to Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
* sudo-CVE-2021-23239.patch
- Possible Symlink Attack in SELinux Context in `sudoedit` [bsc#1180685,
CVE-2021-23240]
* sudo-CVE-2021-23240.patch
- User Could Enable Debug Settings not Intended for it [bsc#1180687]
* sudo-fix-bsc-1180687.patch
- timezone
-
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- xen
-
- bsc#1179496 - VUL-0: CVE-2020-29480: xen: xenstore: watch
notifications lacking permission checks (XSA-115)
xsa115-1.patch
xsa115-2.patch
xsa115-3.patch
xsa115-4.patch
xsa115-5.patch
xsa115-6.patch
xsa115-7.patch
xsa115-8.patch
xsa115-9.patch
xsa115-10.patch
- bsc#1179498 - VUL-0: CVE-2020-29481: xen: xenstore: new domains
inheriting existing node permissions (XSA-322)
xsa322.patch
- bsc#1179501 - VUL-0: CVE-2020-29484: xen: xenstore: guests can
crash xenstored via watchs (XSA-324)
xsa324.patch
- bsc#1179502 - VUL-0: CVE-2020-29483: xen: xenstore: guests can
disturb domain cleanup (XSA-325)
xsa325.patch
- bsc#1179506 - VUL-0: CVE-2020-29566: xen: undue recursion in x86
HVM context switch code (XSA-348)
xsa348.patch
- bsc#1179514 - VUL-0: CVE-2020-29570: xen: FIFO event channels
control block related ordering (XSA-358)
xsa358.patch
- bsc#1179516 - VUL-0: CVE-2020-29571: xen: FIFO event channels
control structure ordering (XSA-359)
xsa359.patch
- Upstream bug fixes (bsc#1027519)
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5faa974f-evtchn-rework-per-channel-lock.patch
5fbcdf2e-evtchn-FIFO-access-last.patch
5fc4ee23-evtchn-FIFO-queue-locking.patch
- bsc#1176782 - L3: xl dump-core shows missing nr_pages during
core. If maxmem and current are the same the issue doesn't happen
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
- bsc#1179477 - VUL-0: CVE-2020-29130: xen: out-of-bounds access
while processing ARP packets
CVE-2020-29130-qemut-out-of-bounds-access-while-processing-ARP-packets.patch
- zypper
-
- Fix typo in list-patches help (bsc#1178925)
- version 1.13.58