- SUSEConnect
-
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- bind
-
- Updated named.root (aka /var/lib/named/root.hint) to the newest
version available at ftp://FTP.INTERNIC.NET/domain/named.cache
[named.root, bsc#1181372]
- Each subpackage which has the sonum in its name now Provides:
its basename:
libbind9, libdns, libirs, libisccc, libisccfg, liblwres
and Obsoletes: any previous version, so when thas package is
upgraded, the old version can be easily removed.
[bind.spec]
- cloud-init
-
- Update cloud-init-write-routes.patch (bsc#1180176)
+ Follow up to previous changes. Fix order of operations
error to make gateway comparison between subnet configuration and
route configuration valuable rather than self-comparing.
- Add cloud-init-sle12-compat.patch (jsc#PM-2335)
- Python 3.4 compatibility in setup.py
- Disable some test for mock version compatibility
- Add wget as a requirement (bsc#1178029)
+ wget is used in the CloudStack data source
- Add cloud-init-azure-def-usr-pass.patch (bsc#1179150, bsc#1179151)
+ Properly set the password for the default user in all circumstances
- Patch the full package version into the cloud-init version file
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Fix missing default route when dual stack network setup is used. Once
a default route was configured for Ipv6 or IPv4 the default route
configuration for the othre protocol was skipped.
- Update cloud-init-write-routes.patch (bsc#1177526)
+ Avoid exception if no gateway information is present and warning
is triggered for existing routing.
- Update to version 20.2 (bsc#1174443, bsc#1174444)
+ Remove patches included upstream:
- 0001-Make-tests-work-with-Python-3.8-139.patch
- cloud-init-ostack-metadat-dencode.patch
- cloud-init-use-different-random-src.diff
- cloud-init-long-pass.patch
- cloud-init-mix-static-dhcp.patch
+ Remove patches build switched to Python 3 for all distributions
(jsc#PM-2335)
- cloud-init-python2-sigpipe.patch
- cloud-init-template-py2.patch
+ Add
- cloud-init-after-kvp.diff
- cloud-init-recognize-hpc.patch
+ doc/format: reference make-mime.py instead of an inline script (#334)
+ Add docs about creating parent folders (#330) [Adrian Wilkins]
+ DataSourceNoCloud/OVF: drop claim to support FTP (#333) (LP: #1875470)
+ schema: ignore spurious pylint error (#332)
+ schema: add json schema for write_files module (#152)
+ BSD: find_devs_with_ refactoring (#298) [Gonéri Le Bouder]
+ nocloud: drop work around for Linux 2.6 (#324) [Gonéri Le Bouder]
+ cloudinit: drop dependencies on unittest2 and contextlib2 (#322)
+ distros: handle a potential mirror filtering error case (#328)
+ log: remove unnecessary import fallback logic (#327)
+ .travis.yml: don't run integration test on ubuntu/* branches (#321)
+ More unit test documentation (#314)
+ conftest: introduce disable_subp_usage autouse fixture (#304)
+ YAML align indent sizes for docs readability (#323) [Tak Nishigori]
+ network_state: add missing space to log message (#325)
+ tests: add missing mocks for get_interfaces_by_mac (#326) (LP: #1873910)
+ test_mounts: expand happy path test for both happy paths (#319)
+ cc_mounts: fix incorrect format specifiers (#316) (LP: #1872836)
+ swap file "/size"/ being used before checked if str (#315) [Eduardo Otubo]
+ HACKING.rst: add pytest version gotchas section (#311)
+ docs: Add steps to re-run cloud-id and cloud-init (#313) [Joshua Powers]
+ readme: OpenBSD is now supported (#309) [Gonéri Le Bouder]
+ net: ignore 'renderer' key in netplan config (#306) (LP: #1870421)
+ Add support for NFS/EFS mounts (#300) [Andrew Beresford] (LP: #1870370)
+ openbsd: set_passwd should not unlock user (#289) [Gonéri Le Bouder]
+ tools/.github-cla-signers: add beezly as CLA signer (#301)
+ util: remove unnecessary lru_cache import fallback (#299)
+ HACKING.rst: reorganise/update CLA signature info (#297)
+ distros: drop leading/trailing hyphens from mirror URL labels (#296)
+ HACKING.rst: add note about variable annotations (#295)
+ CiTestCase: stop using and remove sys_exit helper (#283)
+ distros: replace invalid characters in mirror URLs with hyphens (#291)
(LP: #1868232)
+ rbxcloud: gracefully handle arping errors (#262) [Adam Dobrawy]
+ Fix cloud-init ignoring some misdeclared mimetypes in user-data.
[Kurt Garloff]
+ net: ubuntu focal prioritize netplan over eni even if both present
(#267) (LP: #1867029)
+ cloudinit: refactor util.is_ipv4 to net.is_ipv4_address (#292)
+ net/cmdline: replace type comments with annotations (#294)
+ HACKING.rst: add Type Annotations design section (#293)
+ net: introduce is_ip_address function (#288)
+ CiTestCase: remove now-unneeded parse_and_read helper method (#286)
+ .travis.yml: allow 30 minutes of inactivity in cloud tests (#287)
+ sources/tests/test_init: drop use of deprecated inspect.getargspec (#285)
+ setup.py: drop NIH check_output implementation (#282)
+ Identify SAP Converged Cloud as OpenStack [Silvio Knizek]
+ add Openbsd support (#147) [Gonéri Le Bouder]
+ HACKING.rst: add examples of the two test class types (#278)
+ VMWware: support to update guest info gc status if enabled (#261)
[xiaofengw-vmware]
+ Add lp-to-git mapping for kgarloff (#279)
+ set_passwords: avoid chpasswd on BSD (#268) [Gonéri Le Bouder]
+ HACKING.rst: add Unit Testing design section (#277)
+ util: read_cc_from_cmdline handle urlencoded yaml content (#275)
+ distros/tests/test_init: add tests for _get_package_mirror_info (#272)
+ HACKING.rst: add links to new Code Review Process doc (#276)
+ freebsd: ensure package update works (#273) [Gonéri Le Bouder]
+ doc: introduce Code Review Process documentation (#160)
+ tools: use python3 (#274)
+ cc_disk_setup: fix RuntimeError (#270) (LP: #1868327)
+ cc_apt_configure/util: combine search_for_mirror implementations (#271)
+ bsd: boottime does not depend on the libc soname (#269)
[Gonéri Le Bouder]
+ test_oracle,DataSourceOracle: sort imports (#266)
+ DataSourceOracle: update .network_config docstring (#257)
+ cloudinit/tests: remove unneeded with_logs configuration (#263)
+ .travis.yml: drop stale comment (#255)
+ .gitignore: add more common directories (#258)
+ ec2: render network on all NICs and add secondary IPs as static (#114)
(LP: #1866930)
+ ec2 json validation: fix the reference to the 'merged_cfg' key (#256)
[Paride Legovini]
+ releases.yaml: quote the Ubuntu version numbers (#254) [Paride Legovini]
+ cloudinit: remove six from packaging/tooling (#253)
+ util/netbsd: drop six usage (#252)
+ workflows: introduce stale pull request workflow (#125)
+ cc_resolv_conf: introduce tests and stabilise output across Python
versions (#251)
+ fix minor issue with resolv_conf template (#144) [andreaf74]
+ doc: CloudInit also support NetBSD (#250) [Gonéri Le Bouder]
+ Add Netbsd support (#62) [Gonéri Le Bouder]
+ tox.ini: avoid substition syntax that causes a traceback on xenial (#245)
+ Add pub_key_ed25519 to cc_phone_home (#237) [Daniel Hensby]
+ Introduce and use of a list of GitHub usernames that have signed CLA
(#244)
+ workflows/cla.yml: use correct username for CLA check (#243)
+ tox.ini: use xenial version of jsonpatch in CI (#242)
+ workflows: CLA validation altered to fail status on pull_request (#164)
+ tox.ini: bump pyflakes version to 2.1.1 (#239)
+ cloudinit: move to pytest for running tests (#211)
+ instance-data: add cloud-init merged_cfg and sys_info keys to json
(#214) (LP: #1865969)
+ ec2: Do not fallback to IMDSv1 on EC2 (#216)
+ instance-data: write redacted cfg to instance-data.json (#233)
(LP: #1865947)
+ net: support network-config:disabled on the kernel commandline (#232)
(LP: #1862702)
+ ec2: only redact token request headers in logs, avoid altering request
(#230) (LP: #1865882)
+ docs: typo fixed: dta → data [Alexey Vazhnov]
+ Fixes typo on Amazon Web Services (#217) [Nick Wales]
+ Fix docs for OpenStack DMI Asset Tag (#228)
[Mark T. Voelker] (LP: #1669875)
+ Add physical network type: cascading to openstack helpers (#200)
[sab-systems]
+ tests: add focal integration tests for ubuntu (#225)
- From 20.1 (first vesrion after 19.4)
+ ec2: Do not log IMDSv2 token values, instead use REDACTED (#219)
(LP: #1863943)
+ utils: use SystemRandom when generating random password. (#204)
[Dimitri John Ledkov]
+ docs: mount_default_files is a list of 6 items, not 7 (#212)
+ azurecloud: fix issues with instances not starting (#205) (LP: #1861921)
+ unittest: fix stderr leak in cc_set_password random unittest
output. (#208)
+ cc_disk_setup: add swap filesystem force flag (#207)
+ import sysvinit patches from freebsd-ports tree (#161) [Igor Galić]
+ docs: fix typo (#195) [Edwin Kofler]
+ sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
[Robert Schweikert] (LP: #1800854)
+ cloudinit: replace "/from six import X"/ imports (except in util.py) (#183)
+ run-container: use 'test -n' instead of 'test ! -z' (#202)
[Paride Legovini]
+ net/cmdline: correctly handle static ip= config (#201)
[Dimitri John Ledkov] (LP: #1861412)
+ Replace mock library with unittest.mock (#186)
+ HACKING.rst: update CLA link (#199)
+ Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
[Louis Bouchard]
+ cloudinit/cmd/devel/net_convert.py: add missing space (#191)
+ tools/run-container: drop support for python2 (#192) [Paride Legovini]
+ Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
+ Make the RPM build use Python 3 (#190) [Paride Legovini]
+ cc_set_password: increase random pwlength from 9 to 20 (#189)
(LP: #1860795)
+ .travis.yml: use correct Python version for xenial tests (#185)
+ cloudinit: remove ImportError handling for mock imports (#182)
+ Do not use fallocate in swap file creation on xfs. (#70)
[Eduardo Otubo] (LP: #1781781)
+ .readthedocs.yaml: install cloud-init when building docs (#181)
(LP: #1860450)
+ Introduce an RTD config file, and pin the Sphinx version to the RTD
default (#180)
+ Drop most of the remaining use of six (#179)
+ Start removing dependency on six (#178)
+ Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
+ docs: add proposed SRU testing procedure (#167)
+ util: rename get_architecture to get_dpkg_architecture (#173)
+ Ensure util.get_architecture() runs only once (#172)
+ Only use gpart if it is the BSD gpart (#131) [Conrad Hoffmann]
+ freebsd: remove superflu exception mapping (#166) [Gonéri Le Bouder]
+ ssh_auth_key_fingerprints_disable test: fix capitalization (#165)
[Paride Legovini]
+ util: move uptime's else branch into its own boottime function (#53)
[Igor Galić] (LP: #1853160)
+ workflows: add contributor license agreement checker (#155)
+ net: fix rendering of 'static6' in network config (#77) (LP: #1850988)
+ Make tests work with Python 3.8 (#139) [Conrad Hoffmann]
+ fixed minor bug with mkswap in cc_disk_setup.py (#143) [andreaf74]
+ freebsd: fix create_group() cmd (#146) [Gonéri Le Bouder]
+ doc: make apt_update example consistent (#154)
+ doc: add modules page toc with links (#153) (LP: #1852456)
+ Add support for the amazon variant in cloud.cfg.tmpl (#119)
[Frederick Lefebvre]
+ ci: remove Python 2.7 from CI runs (#137)
+ modules: drop cc_snap_config config module (#134)
+ migrate-lp-user-to-github: ensure Launchpad repo exists (#136)
+ docs: add initial troubleshooting to FAQ (#104) [Joshua Powers]
+ doc: update cc_set_hostname frequency and descrip (#109)
[Joshua Powers] (LP: #1827021)
+ freebsd: introduce the freebsd renderer (#61) [Gonéri Le Bouder]
+ cc_snappy: remove deprecated module (#127)
+ HACKING.rst: clarify that everyone needs to do the LP->GH dance (#130)
+ freebsd: cloudinit service requires devd (#132) [Gonéri Le Bouder]
+ cloud-init: fix capitalisation of SSH (#126)
+ doc: update cc_ssh clarify host and auth keys
[Joshua Powers] (LP: #1827021)
+ ci: emit names of tests run in Travis (#120)
- Disable testing to aid elimination of unittest2 in Factory
- cups
-
- cups-1.7.5-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-1.7.5-CVE-2019-8842.patc fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- cyrus-sasl
-
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
has an out-of-bounds write leading to unauthenticated remote
denial-of-service in OpenLDAP via a malformed LDAP packet
o apply upstream patch
- 0001-Fix-587.patch
- kernel-default
-
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit ce80dfa
- nbd: freeze the queue while we're adding connections
(bsc#1181504 CVE-2021-3348).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- commit 447797a
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001,
jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001,
jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where
available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE
(bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit
(bsc#1181001, jsc#ECO-3191).
- x86/apic: Fix x2apic enablement without interrupt remapping
(bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001,
jsc#ECO-3191).
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is
not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported
address widths (bsc#1181001, jsc#ECO-3191).
- commit 6482368
- Move futex fixes into the sorted section (bsc#1181349 CVE-2021-3347)
- commit c34c9df
- Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit afd051d
- Refresh patches.suse/4.4.136-002-powerpc-64s-Clear-PCR-on-boot.patch
Also clear PCR on POWER9 and in dt_cpu_ftrs.
- commit c79d65a
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- commit 0ba69a9
- futex: Handle faults correctly for PI futexes (bsc#1181349
bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state()
(bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
(bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi()
(bsc#1181349 bsc#1149032).
- futex: Don't enable IRQs unconditionally in put_pi_state()
(bsc#1149032).
- locking/futex: Allow low-level atomic operations to return
- EAGAIN (bsc#1149032).
- commit 058c695
- blk-mq: improve heavily contended tag case (bsc#1178198).
- Refresh
patches.suse/sbitmap-fix-race-in-wait-batch-accounting.patch.
- commit ad2cec8
- netfilter: ctnetlink: add a range check for l3/l4 protonum
(CVE-2020-25211 bsc#1176395).
- commit 92230c0
- SUNRPC: cache: ignore timestamp written to 'flush' file
(bsc#1178036).
- commit 257292e
- Update
patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
(CVE-2020-27673 XSA-332 bsc#1177411).
- Update
patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Update
patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
(CVE-2020-27675 XSA-331 bsc#1177410).
- Update
patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
(CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 77fc141
- Refresh
patches.suse/IB-hfi1-Ensure-correct-mm-is-used-at-all-times.patch.
Fixed backport (removed one line too much, d'oh).
- commit 6dc4356
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
CVE-2020-27835).
- commit 39a2b87
- xen: support having only one event pending per watch
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit d884e81
- xen: revert Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 2a4a8da
- xen: revert Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6baf8b8
- xen: revert Support will_handle watch callback (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 3918801
- xen: revert Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit 9d30f4d
- xen: revert Disallow pending watch messages (bsc#1179508
XSA-349 CVE-2020-29568).
- commit d039881
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
(bsc#1179509 XSA-350 CVE-2020-29569).
- commit 1aab73c
- xenbus/xenbus_backend: Disallow pending watch messages
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0cdf358
- xen/xenbus: Count pending messages for each watch (bsc#1179508
XSA-349 CVE-2020-29568).
- commit a14bb56
- xen/xenbus/xen_bus_type: Support will_handle watch callback
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 33a4600
- xen/xenbus: Add 'will_handle' callback support in
xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 5ef1497
- xen/xenbus: Allow watches discard events before queueing
(bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6f7a44e
- Drop the previous drm/nouveau fix that turned out to be superfluous (CVE-2020-25639 bsc#1176846)
- commit 001c6e5
- Move upstreamed vgacon patch into sorted section
- commit 73d2a02
- drm: bail out of nouveau_channel_new if channel init fails
(CVE-2020-25639 bsc#1176846).
- commit 55debf7
- target: fix XCOPY NAA identifier lookup (CVE-2020-28374,
bsc#1178372).
- commit 2765e76
- mwifiex: Fix possible buffer overflows in
mwifiex_cmd_802_11_ad_hoc_start (CVE-2020-36158 bsc#1180559).
- commit a833298
- s390/dasd: fix hanging device offline processing (bsc#1144912).
- commit ce166b0
- md/cluster: fix deadlock when node is doing resync job
(bsc#1163727).
- md/cluster: block reshape with remote resync job (bsc#1163727).
- md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).
- md/bitmap: md_bitmap_get_counter returns wrong blocks
(bsc#1163727).
- md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks
(bsc#1163727).
- md-cluster: Fix potential error pointer dereference in
resize_bitmaps() (bsc#1163727).
- md-cluster: fix rmmod issue when md_cluster convert bitmap to
none (bsc#1163727).
- md-cluster: fix safemode_delay value when converting to
clustered bitmap (bsc#1163727).
- md-cluster: fix wild pointer of unlock_all_bitmaps()
(bsc#1163727).
- commit ff367e3
- Move upstreamed bt fixes into sorted section
- commit adeed42
- Refresh patches.suse/powerpc-rtas-fix-typo-of-ibm-open-errinjct-in-rtas-f.patch
Refresh to upstream version.
- commit 76e9945
- tracing: Fix race in trace_open and buffer resize call
(CVE-2020-27825 bsc#1179960).
- commit 8b99744
- ring-buffer: speed up buffer resets by avoiding synchronize_rcu
for each CPU (CVE-2020-27825 bsc#1179960).
- commit 0d53945
- ring-buffer: Make resize disable per cpu buffer instead of
total buffer (CVE-2020-27825 bsc#1179960).
- commit 39cee5c
- fix regression in "/epoll: Keep a reference on files added to the check list"/ (bsc#1180031, git-fixes).
- commit d9c444f
- do_epoll_ctl(): clean the failure exits up a bit
(bsc#1180031,CVE-2020-0466).
- epoll: Keep a reference on files added to the check list
(bsc#1180031).
- commit e792e5d
- cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
(CVE-2020-27068 bsc#1180086).
- commit 886ad61
- HID: Fix slab-out-of-bounds read in hid_field_extract
(bsc#1180052).
- commit 5b124d9
- HID: core: Sanitize event code and type when mapping input
(CVE-2020-0465 bsc#1180029).
- commit ebf9f0e
- audit: fix error handling in audit_data_to_entry()
(CVE-2020-0444 bsc#1180027).
- commit f2e7691
- x86/traps: Simplify pagefault tracing logic (bsc#1179895).
- Refresh
patches.suse/10-x86-xen-get-rid-of-paravirt-op-adjust_exception_frame.patch.
- commit f51414e
- x86/tracing: Introduce a static key for exception tracing
(bsc#1179895).
- commit ae1ab84
- tty: Fix ->session locking (bsc#1179745 CVE-2020-29660).
- tty: Fix ->pgrp locking in tiocspgrp() (bsc#1179745
CVE-2020-29661).
- commit a59c61c
- powerpc/rtas: fix typo of ibm,open-errinjct in rtas filter
(CVE-2020-27777 bsc#1179107 bsc#1179887 ltc#190092).
- commit 153fdda
- xfrm: Fix memleak on xfrm state destroy (bsc#1158775).
- commit d801d2b
- net/x25: prevent a couple of overflows (bsc#1178590).
- commit 3f48ad3
- media: xirlink_cit: add missing descriptor sanity checks
(bsc#1168952 CVE-2020-11668).
- commit e978e80
- Update
patches.suse/sched-fair-Don-t-free-p-numa_faults-with-concurrent-.patch
(bsc#1144920, bsc#1179663, CVE-2019-20934).
- commit fad2215
- debugfs_lookup(): switch to lookup_one_len_unlocked() (bsc#1171979).
- Refresh patches.suse/new-helper-lookup_positive_unlocked.patch.
- commit 2aee88e
- kABI workaround for snd_rawmidi buffer_ref field addition
(CVE-2020-27786 bsc#1179601).
- commit 0e8d69d
- ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
(CVE-2020-27786 bsc#1179601).
- commit 3c00a93
- Delete patches.suse/fs-select.c-batch-user-writes-in-do_sys_poll.patch.
(CVE-2020-4788 bsc#1179419).
Patch causes DLM regression. Drop for now.
- commit a422074
- Add missing RESTORE_CTR (CVE-2020-4788 bsc#1177666).
- Refresh patches.suse/powerpc-64s-Convert-slb_miss_common-to-use-RFI_TO_US.patch.
- Refresh patches.suse/powerpc-64s-Set-assembler-machine-type-to-POWER4.patch.
patches.suse/powerpc-64s-SLB-miss-already-has-CTR-saved-for-reloc.patch
adds RESTORE_CTR to the SLB miss handler so
patches.suse/powerpc-64s-Convert-slb_miss_common-to-use-RFI_TO_US.patch
must now copy it in the other fork of the exit code as well.
- commit a382dc2
- romfs: fix uninitialized memory leak in romfs_dev_read()
(CVE-2020-29371 bsc#1179429).
- commit c4cfc72
- block: Fix use-after-free in blkdev_get() (bsc#1173834
bsc#1179141 CVE-2020-15436).
- commit 0475fee
- kABI: powerpc: Add back __clear_user (CVE-2020-4788
bsc#1177666).
- commit 9ab0140
- kABI: powerpc: avoid including pgtable.h in kup.h (CVE-2020-4788
bsc#1177666).
- commit 81cd22b
- Refresh patches.suse/nfs-mark-nfsiod-cpu-intensive.patch.
- commit 4ba6c62
- make 'user_access_begin()' do 'access_ok()' (CVE-2020-4788 bsc#1177666).
- Delete patches.suse/drm-i915-CVE-2018-20669-access-check.patch.
- commit ffc3685
- NFS: mark nfsiod as CPU_INTENSIVE (bsc#1177304).
- commit 53e1580
- serial: 8250: fix null-ptr-deref in serial8250_start_tx()
(CVE-2020-15437 bsc#1179140).
- commit 76da61e
- powerpc/64s: SLB miss already has CTR saved for relocatable kernel
(CVE-2020-4788 bsc#1177666).
- Refresh patches.suse/powerpc-64s-Set-assembler-machine-type-to-POWER4.patch.
- commit 741f364
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (CVE-2020-4788 bsc#1177666).
- Refresh patches.suse/powerpc-64-Call-setup_barrier_nospec-from-setup_arch.patch
- Refresh patches.suse/powerpc-pmem-Update-ppc64-to-use-the-new-barrier-ins.patch.
- Update config files.
- commit b0085a7
- powerpc/rtas: Restrict RTAS requests from userspace
(CVE-2020-27777 bsc#1179107).
- Update config files.
- commit 3ed445b
- vt: Disable KD_FONT_OP_COPY (CVE-2020-28974 bsc#1178589).
- commit d9af9e6
- powerpc/64s: flush L1D after user accesses (CVE-2020-4788
bsc#1177666).
- Refresh patches.kabi/kABI-powerpc-avoid-including-pgtable.h-in-kup.h.patch.
- powerpc/uaccess: Evaluate macro arguments once, before user
access is allowed (CVE-2020-4788 bsc#1177666).
- powerpc: Fix __clear_user() with KUAP enabled (CVE-2020-4788
bsc#1177666).
- powerpc: Implement user_access_begin and friends (CVE-2020-4788
bsc#1177666).
- powerpc: Add a framework for user access tracking (CVE-2020-4788
bsc#1177666).
- powerpc/64s: flush L1D on kernel entry (CVE-2020-4788
bsc#1177666).
- powerpc/64s: move some exception handlers out of line
(CVE-2020-4788 bsc#1177666).
- powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
(CVE-2020-4788 bsc#1177666).
- powerpc/64s: Rename slb_miss_realmode() to slb_miss_common()
(CVE-2020-4788 bsc#1177666).
- powerpc/64s: Use BRANCH_TO_COMMON() for slb_miss_realmode
(CVE-2020-4788 bsc#1177666).
- commit f7d6c42
- fs/select.c: batch user writes in do_sys_poll (CVE-2020-4788
bsc#1177666).
- commit 011abbd
- Fonts: Replace discarded const qualifier (CVE-2020-28915
bsc#1178886).
- fbcon: Fix global-out-of-bounds read in fbcon_get_font()
(CVE-2020-28915 bsc#1178886).
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
(CVE-2020-28915 bsc#1178886).
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into
linux/font.h (CVE-2020-28915 bsc#1178886).
- commit 8016c83
- Input: sunkbd - avoid use-after-free in teardown paths
(CVE-2020-25669 bsc#1178182).
- commit e6736dd
- Refresh
patches.suse/0002-x86-speculation-Enable-Spectre-v1-swapgs-mitigations.patch.
- commit aa8cb4c
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot
(bsc#1176962 ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of
__attribute__() (bsc#1176962 ltc#188304).
- commit 1fef06b
- libnl3
-
- Add libnl3-fix-ipv6-privacy-extension.patch: fix ipv6 privacy
extension of NetworkManager not working by backporting these 3
commits (bsc#1025043):
42c41336000e ("/add support for IFA_FLAGS nl attribute"/)
dcc0baac020e ("/addr: add address flag IFA_F_MANAGETEMPADDR"/)
b203c89d862a ("/addr: add address flag IFA_F_NOPREFIXROUTE"/)
- libxml2
-
- Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- libyajl
-
- fix popd syntax, new bash doesn't like it anymore
- libzypp
-
- RepoManager: Carefully tidy up the caches. Remove non-directory
entries. (bsc#1178966)
- version 16.21.4 (0)
- ZYPP_MEDIA_CURL_DEBUG logs full Authorization: header (bsc#1174215)
The Authorization: header may include base64 encoded credentials
which could be restored from the log file. The credentials are
now stripped from the log.
- version 16.21.3 (0)
- logrotate
-
- Fix false alarm when using su and compress (bsc#1179189)
Applies commit 15a768b340d1010e22955ace518425cdb13bba5f
* Added patch logrotate-3.11.0-false-alarm-for-su-compress.patch
- lvm2
-
- pvmove destination LV always has KRahead=0 (bsc#1179326)
+ bug-1179326_pvmove-correcting-read_ahead-setting.patch
- in %postun, disable restart blk-availability.service & lvm2-monitor.service
- openldap2-client
-
- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues
where openldap would crash due to malformed inputs.
* patch: 0207-ITS-9383-remove-assert-in-certificateListValidate.patch
* patch: 0208-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
- openssh
-
- Add openssh-bsc1148566-scp-handle-quotes-while-checking-filenames-from-serv.patch,
openssh-bsc1148566-scp-show-filename-match-patterns-in-verbose-mode.patch
(bsc#1148566). Fixes a class of false alarms due to filename
validation. Patches by Josef Cejka <jcejka@suse.com>.
- Add openssh-bsc1161684-authorizedkeyscommand-deadlock.patch
(bsc#1161684), which fixes a deadlock when AuthorizedKeysCommand
or AuthorizedPrincipalsCommand produce a lot of output and a
key is matched early.
- Add openssh-CVE-2020-14145-information-leak.patch
(CVE-2020-14145, bsc#1173513). This partially mitigates a
potential information leak during host key exchange that could
be exploited by a man-in-the-middle attacker.
- openssl-1_0_0
-
- Add declaration of BN_secure_new() needed by other packages
* add openssl-1.0.2p-declare-BN_secure_new.patch
* [bsc#1180777]
- Add FIPS key check necessary for certification.
* modified openssl-DH.patch
* [bsc#1180959]
* Fix EDIPARTYNAME NULL pointer dereference
(CVE-2020-1971, bsc#1179491)
- pam-modules
-
- The fail delay is fixed and annoying. The relevant code sections
from factory are backported here. There is not patch as the
file with the offending code resides in the top level directory.
[unix2_chkpw.c, bsc#1070595]
- parted
-
- skip probing _part devices (bsc#1137259)
+ parted-bsc1137259-fix-_part-error.patch
- python
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-base
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python-jsonschema
-
- Update in SLE-12 (fate#326950, bsc#1122668, jsc#PM-1447)
- Convert to single-spec (fate#324191, bsc#1065275)
- Run fdupes to hardlink duplicate files
+ Add fdupes to BuildRequires
+ Add %fdupes %{buildroot}/%{_prefix} to %install
- Add condition around the python2 code to make sure we can build
in python3 only enviroment
- Source url must be https.
- Fix source url.
- Update to 2.6.0
* Improved performance on CPython by adding caching around ref resolution
(#203)
- Implement single-spec version
- Adjust dependencies for Python 2.6 based SLE 11
- update to version 2.5.1:
(no changelog available)
- update to version 2.5.0:
* Improved performance on CPython by adding caching around ref
resolution (#203)
- specfile:
* add python-vcversioner
- drop test requirements and %check section, which is broken
- Fix update-alternatives usage
- python-pyserial
-
- Setup single spec build (jsc#PM-2335)
- python-urllib3
-
- Add CVE-2020-26116-CRLF-injection.patch which raises ValueError
if method contains control characters and thus prevents CRLF
injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,
gh#urllib3/urllib3#1800).
- salt
-
- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Adjusted python2-cherrypy naming in salt-api. (#40)
- Added:
* revert-add-patch-support-for-allow-vendor-change-opt.patch
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Added:
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
- Add pkg.services_need_restart
- Bigvm backports:
virt consoles, CPU tuning and topology, and memory tuning.
- Fix for file.check_perms to work with numeric uid/gid
- Added:
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* add-pkg.services_need_restart-302.patch
* opensuse-3000-bigvm-backports-300.patch
- Change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110)
- sudo
-
- Fix Heap-based buffer overflow in Sudo [bsc#1181090,CVE-2021-3156]
* sudo-CVE-2021-3156.patch
- Possible Dir Existence Test due to Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
* sudo-CVE-2021-23239.patch
- Possible Symlink Attack in SELinux Context in `sudoedit` [bsc#1180685,
CVE-2021-23240]
* sudo-CVE-2021-23240.patch
- User Could Enable Debug Settings not Intended for it [bsc#1180687]
* sudo-fix-bsc-1180687.patch
- timezone
-
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- xen
-
- bsc#1176782 - L3: xl dump-core shows missing nr_pages during
core. If maxmem and current are the same the issue doesn't happen
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
- bsc#1179496 - VUL-0: CVE-2020-29480: xen: xenstore: watch
notifications lacking permission checks (XSA-115)
xsa115-1.patch
xsa115-2.patch
xsa115-3.patch
xsa115-4.patch
xsa115-5.patch
xsa115-6.patch
xsa115-7.patch
xsa115-8.patch
xsa115-9.patch
xsa115-10.patch
- bsc#1179498 - VUL-0: CVE-2020-29481: xen: xenstore: new domains
inheriting existing node permissions (XSA-322)
xsa322.patch
- bsc#1179501 - VUL-0: CVE-2020-29484: xen: xenstore: guests can
crash xenstored via watchs (XSA-324)
xsa324.patch
- bsc#1179502 - VUL-0: CVE-2020-29483: xen: xenstore: guests can
disturb domain cleanup (XSA-325)
xsa325.patch
- bsc#1179506 - VUL-0: CVE-2020-29566: xen: undue recursion in x86
HVM context switch code (XSA-348)
xsa348.patch
- bsc#1179514 - VUL-0: CVE-2020-29570: xen: FIFO event channels
control block related ordering (XSA-358)
xsa358.patch
- bsc#1179516 - VUL-0: CVE-2020-29571: xen: FIFO event channels
control structure ordering (XSA-359)
xsa359.patch
- Upstream bug fixes (bsc#1027519)
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5faa974f-evtchn-rework-per-channel-lock.patch
5fbcdf2e-evtchn-FIFO-access-last.patch
5fc4ee23-evtchn-FIFO-queue-locking.patch
- bsc#1179477 - VUL-0: CVE-2020-29130: xen: out-of-bounds access
while processing ARP packets
CVE-2020-29130-qemut-out-of-bounds-access-while-processing-ARP-packets.patch
- zypper
-
- Fix typo in list-patches help (bsc#1178925)
- version 1.13.58