- libtasn1
-
- Security fix: [bsc#1236878, CVE-2024-12133]
* Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
* Add libtasn1-CVE-2024-12133.patch
- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.11-CVE-2024-11187.patch]
- python
-
- Modify CVE-2025-0938-sq-brackets-domain-names.patch: we don't
use bracketed_host variable any more (correction of the fix for
bsc#1236705, discovered during analysis for bsc#1223694).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- python-paramiko
-
- Add patch BZ-1199454-Fix-Deprecation-Warnings.patch from upstream pull
request https://github.com/paramiko/paramiko/pull/1379 to fix deprecation
warnings. NOTE: the .travis changes were excluded as the file doesn't
exist in the tarball as it was used by upstream CI only. bsc#1199454
- Add CVE-2022-24302-race-condition.patch:
* Fix a race condition between creation and chmod when writing private
keys. (bsc#1197279)
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- python3-base
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- release-notes-sles
-
- 12.5.20250211 (tracked in bsc#933411)
- Improveed wording (bsc#1233970)
- Fixed lifecycle information with proper version
- 12.5.20250129 (tracked in bsc#933411)
- Fixed lifecycle information (bsc#1236534)
- kernel-default
-
- mailbox: bcm2835: Fix timeout during suspend mode
(CVE-2024-49963 bsc#1232147).
- commit 75bdf4b
- x86/mce: Work around an erratum on fast string copy instructions (bsc#1238148 CVE-2022-49124).
- commit b1aab7b
- drm/msm/mdp5: Fix global state lock backoff (bsc#1238275)
- commit d68fed1
- sfc: fix use after free when disabling sriov (CVE-2022-49626
bsc#1238270).
- net: hns3: add vlan list lock to protect vlan list
(CVE-2022-49182 bsc#1238260).
- ibmvnic: fix race between xmit and reset (CVE-2022-49201
bsc#1238256).
- mlxsw: spectrum: Guard against invalid local ports
(CVE-2022-49134 bsc#1237982).
- net: hns3: remove useless mutex vport_cfg_mutex in the struct
hclge_dev (CVE-2022-49182 bsc#1238260).
- commit 41d3a51
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is (bsc#1238275 CVE-2022-49490)
- commit af254cd
- drm/amd/display: Fix memory leak (bsc#1238006 CVE-2022-49135)
- commit 74a7dda
- memstick/mspro_block: fix handling of read-only devices
(CVE-2022-49178 bsc#1238107).
- commit f4ff479
- bpf, sockmap: Fix repeated calls to sock_put() when msg has
more_data (bsc#1235485 CVE-2024-56633).
- commit 8b17f20
- tracing: Free buffers when a used dynamic event is removed
(bsc#1232163 CVE-2022-49006).
- blacklist.conf: Remove the commit from the list.
- commit dc40c84
- tracing: Only have rmmod clear buffers that its events were
active in (bsc#1232163).
- kABI: Preserve TRACE_EVENT_FL values (bsc#1232163).
- kABI: Add clear_trace to trace_array (bsc#1232163).
- commit 314b5be
- uprobes: fix kernel info leak via "[uprobes]" vma (bsc#1232104
CVE-2024-49975).
- commit c0c10d0
- btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753 bsc#1237875)
- commit 6c90c9e
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(CVE-2022-49080 bsc#1238033).
- commit 067e764
- IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes CVE-2022-49089 bsc#1238041)
- commit 6e0de51
- RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes CVE-2022-49076 bsc#1237738)
- commit 6e82988
- nfsd: restore callback functionality for NFSv4.0 (CVE-2024-53217 bsc#1234999)
- commit 805ad92
- netfilter: nf_tables: don't skip expired elements during walk
(CVE-2023-52924 bsc#1236821).
- commit 0526ace
- can: gs_usb: gs_usb_open/close(): fix memory leak
(CVE-2022-49661 bsc#1237788).
- can: mcba_usb: properly check endpoint type (CVE-2022-49151
bsc#1237778).
- commit 9830891
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (CVE-2022-49247 bsc#1237783).
- commit a93f4c4
- media: staging: media: zoran: move videodev alloc
(CVE-2021-47644 bsc#1237766).
- commit c96d641
- ubi: Fix race condition between ctrl_cdev_ioctl and
ubi_cdev_ioctl (CVE-2021-47634 bsc#1237758).
- commit d5a9e9b
- USB: serial: quatech2: fix null-ptr-deref in
qt2_process_read_urb() (CVE-2025-21689 bsc#1237017).
- commit 10a8b05
- hid: cp2112: Fix duplicate workqueue initialization
(CVE-2023-52853 bsc#1224988).
- commit 0767a8e
- Update References for CVE-2023-52572 and bsc#bsc#1220946
Patch:
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
- commit 8c83bd1
- net: Fix icmp host relookup triggering ip_rt_bug (CVE-2024-56647
bsc#1235435).
- commit 5e3ecca
- net: sched: Disallow replacing of child qdisc from one parent
to another (CVE-2025-21700 bsc#1237159).
- commit 634dd23
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (CVE-2025-21640 bsc#1236123)
- commit fcc1d3a
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (CVE-2025-21639 bsc#1236122)
- commit cef2fdd
- sctp: sysctl: auth_enable: avoid using current->nsproxy (CVE-2025-21638 bsc#1236115)
- commit cb20958
- rtc: cmos: fix build on non-ACPI platforms (CVE-2022-48953
bsc#1231941).
- commit aeaadef
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
service (bsc#1237025 CVE-2025-21690).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change
events (git-fixes).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings
(git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status
(git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Return DID_ERROR for invalid commands
(git-fixes).
- scsi: storvsc: Add validation for untrusted Hyper-V values
(git-fixes).
- scsi: storvsc: Fix spelling mistake (git-fixes).
- commit 1ce0fca
- rtc: cmos: Fix wake alarm breakage (CVE-2022-48953 bsc#1231941).
- rtc: cmos: Fix event handler registration ordering issue
(CVE-2022-48953 bsc#1231941).
- commit 18a134d
- gpiolib: fix memory leak in gpiochip_setup_dev() (CVE-2022-48975
bsc#1231885).
- commit 8811266
- uprobe: avoid out-of-bounds memory access of fetching args
(git-fixes CVE-2024-50067 bsc#1232416).
- commit 113452d
- Refresh
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch.
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Tighten-matching-on-DCC-m.patch.
- powerpc/64/kdump: Limit kdump base to 512MB (bsc#1203410
ltc#199904).
Add upstream commit ID and move to the sorted section.
- commit 8635ca2
- Delete
patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
Obsoleted by upstream commit 9aa422ad326634b76309e8ff342c246800621216
which we already have.
- commit 0f3afb5
- Refresh
patches.suse/SUNRPC-auth-async-tasks-mustn-t-block-waiting-for-me.patch.
- Refresh
patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch.
- Refresh
patches.suse/SUNRPC-xprt-async-tasks-mustn-t-block-waiting-for-me.patch.
Add upstream commit ID to 3 sunrpc patches and move them to the sorted
section.
- commit 95d9bb0
- Refresh
patches.suse/crypto_ccp-fix_resource_leaks_in_ccp_run_aes_gcm_cmd.patch.
- Refresh
patches.suse/mm-pmem-avoid-inserting-hugepage-pte-entry-with-fsdax-if-hugepage-support-is-disabled.patch.
- Refresh
patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch.
Move these 3 patches to the sorted section with proper upstream
references.
- commit b21e43e
- net: mana: Add get_link and get_link_ksettings in ethtool
(bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit cf42fac
- Refresh
patches.suse/eth-bnxt-always-recalculate-features-after-XDP-clear.patch.
Fix warning introduced by commit 26357a58074c ("eth: bnxt:
always recalculate features after XDP clearing, fix null-deref
(CVE-2025-21682 bsc#1236703).")
- commit cb8e39a
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
patches.suse/Bluetooth-L2CAP-Fix-uaf-in-l2cap_connect.patch
(CVE-2024-49950 bsc#1232159 bsc#1225742).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
(CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
patches.suse/btrfs-wait-for-fixup-workers-before-stopping-cleaner.patch
(bsc#1235965 CVE-2024-57896 CVE-2024-49867 bsc#1232262).
- Update
patches.suse/ext4-avoid-OOB-when-system.data-xattr-changes-undern.patch
(bsc#1231920 CVE-2024-47701 bsc#1225742).
- Update
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198 bsc#1225742).
- Update
patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
(bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
patches.suse/tty-n_gsm-Fix-use-after-free-in-gsm_cleanup_mux.patch
(CVE-2024-50073 bsc#1232520 bsc#1225742).
- Update
patches.suse/vfio-pci-Lock-external-INTx-masking-ops.patch
(bsc#1222803 CVE-2024-26810).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
(CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit f832b51
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1235965 CVE-2024-57896 CVE-2022-48664 bsc#1223524).
- commit 1e97612
- smb: client: fix double free of TCP_Server_Info::hostname
(CVE-2025-21673 bsc#1236689).
- commit a8e944b
- kABI fix for net: defer final 'struct net' free in netns
dismantle (CVE-2024-56658 bsc#1235441).
Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
net' free in netns dismantle") introduced a new struct element
`defer_free_list` into `struct net`. In order to preserve the kABI, move
the newly added element into a hole.
```
struct netns_unix unx; /* 536 16 */
/* XXX 24 bytes hole, try to pack */
/* --- cacheline 9 boundary (576 bytes) --- */
struct netns_ipv4 ipv4 __attribute__((__aligned__(64))); /* 576 1088 */
```
- commit 3fe112a
- net: defer final 'struct net' free in netns dismantle
(CVE-2024-56658 bsc#1235441).
- commit a3ad07d
- net: bridge: fix vlan tunnel dst refcnt when egressing (CVE-2021-47222 bsc#1224857)
- commit c5ffad3
- net: bridge: fix vlan tunnel dst null pointer dereference (CVE-2021-47223 bsc#1224856)
- commit 183304e
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142 bsc#1233028)
- commit 44b0b49
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
(bsc#1235485 CVE-2024-56633).
- bpf, sockmap: Fix the sk->sk_forward_alloc warning of
sk_stream_kill_queues (bsc#1235485 CVE-2024-56633).
- bpf, sockmap: Fix more uncharged while msg has more_data
(bsc#1235485 CVE-2024-56633).
- tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict
function (bsc#1235485 CVE-2024-56633).
- commit 312086f
- RDMA/hns: Fix cpu stuck caused by printings during reset (CVE-2024-56722 bsc#1235570)
- commit 8d94b2e
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- Refresh patches.suse/vfio-pci-Create-persistent-INTx-handler.patch.
- commit 0681ef7
- gtp: Destroy device along with udp socket's netns dismantle
(CVE-2025-21678 bsc#1236698).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp()
(CVE-2025-21678 bsc#1236698).
- eth: bnxt: always recalculate features after XDP clearing,
fix null-deref (CVE-2025-21682 bsc#1236703).
- commit e803c29
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in
ip_tunnel_find() (CVE-2024-50304 bsc#1233522).
- commit 225c809
- netfilter: nft_payload: sanitize offset and length before
calling skb_checksum() (CVE-2024-50251 bsc#1233248).
- commit eece26a
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600 bsc#1235217).
- commit a01a9a3
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1222072 CVE-2024-26644).
- commit 41ce9ae
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
bsc#1235466).
- scsi: qedi: Fix a possible memory leak in
qedi_alloc_and_init_sb() (CVE-2024-56747 bsc#1234934).
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
(CVE-2024-53227 bsc#1235011).
- commit 64d880b
- RDMA/uverbs: Prevent integer overflow issue (bsc#1235919 CVE-2024-57890)
- commit 38203c5
- overflow: Implement size_t saturating arithmetic helpers (bsc#1235919 CVE-2024-57890)
- commit 90eb057
- overflow: Add __must_check attribute to check_*() helpers (bsc#1235919 CVE-2024-57890)
Refresh patches.suse/0010-overflow-Correct-check_shl_overflow-comment.patch
- commit 5140cb6
- overflow.h: Add flex_array_size() helper (bsc#1235919 CVE-2024-57890)
- commit 22d16f6
- overflow.h: Add comment documenting __ab_c_size() (bsc#1235919 CVE-2024-57890)
- commit b5a4098
- netfilter: x_tables: fix LED ID check in led_tg_check()
(CVE-2024-56650 bsc#1235430).
- commit 8b9e311
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy
and Mbox devices (git-fixes CVE-2024-53197 bsc#1235464).
- commit dc81ff3
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (CVE-2024-53217 bsc#1234999)
- commit 8a6f9b4
- wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (CVE-2024-57899 bsc#1235924)
- commit 600d381
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (CVE-2024-56369 bsc#1235750)
- commit b3145a1
- drm/modes: Switch to 64bit maths to avoid integer overflow (bsc#1235750)
- commit e4d2dd7
- igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332 bsc#1235700)
- commit 23608e0
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739 bsc#1235611)
- commit 26c24f2
- crypto: bcm - add error check in the ahash_hmac_init function (CVE-2024-56681 bsc#1235557)
- commit f132d27
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688 bsc#1235538)
- commit a4e5ee6
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662 bsc#1235533)
- commit c4dc3c5
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (CVE-2024-56700 bsc#1235500)
- commit d0190f0
- drm/amdgpu: set the right AMDGPU sg segment limitation (CVE-2024-56594 bsc#1235413)
- commit b32a039
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (CVE-2024-56593 bsc#1235252)
- commit 84dd400
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (CVE-2024-56769 bsc#1235155)
- commit d6854a8
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (CVE-2024-56532 bsc#1235059)
- commit c7d5d7e
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (CVE-2024-56533 bsc#1235053)
- commit 7a2524a
- media: ts2020: fix null-ptr-deref in ts2020_probe() (CVE-2024-56574 bsc#1235040)
- commit 994f123
- Move patches.suse/floppy-reintroduce-O_NDELAY-fix.patch to the sorted
section with proper upstream references. Document the reason why the
upstream revert should not be applied to our kernel.
- commit c686e79
- dm thin: make get_first_thin use rcu-safe list first function (CVE-2025-21664 bsc#1236262)
- commit a5449a2
- selinux: ignore unknown extended permissions (CVE-2024-57931 bsc#1236192)
- commit 026448e
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (CVE-2025-21653 bsc#1236161)
- commit 987a924
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (CVE-2024-57938 bsc#1236182)
- commit 3f47e6a
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (CVE-2024-57884 bsc#1235948)
- commit 7ce422e
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (bsc#1235747 CVE-2024-55916).
- commit bfb225e
- gve: guard XDP xmit NDO on existence of xdp queues
(CVE-2024-57932 bsc#1236190).
- commit 9d9586a
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit f670a26
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601 bsc#1235230).
- commit 2328dc9
- net: add more sanity checks to qdisc_pkt_len_init()
(CVE-2024-49948 bsc#1232161).
- commit 39d78f4
- net: restrict SO_REUSEPORT to inet sockets (bsc#1235967 CVE-2024-57903)
- commit eaf865b
- net: do not delay dst_entries_add() in dst_release()
(CVE-2024-50036 bsc#1231912).
- commit 4ae059f
- tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763 bsc#1235638)
- commit 224036d
- dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643 bsc#1235132)
- commit f89cb51
- net/smc: initialize close_work early to avoid warning (CVE-2024-56641 bsc#1235526)
- commit 3572c76
- btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645 CVE-2024-56759).
- btrfs: flush delalloc workers queue before stopping cleaner
kthread during unmount (bsc#1235965 CVE-2024-57896).
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1235965 CVE-2024-57896).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1235965 CVE-2024-57896).
- Btrfs: fix crash during unmount due to race with delayed inode
workers (bsc#1235965 CVE-2024-57896).
- commit 176ee37
- drm/amd/display: Add check for granularity in dml ceil/floor
helpers (CVE-2024-57922 bsc#1236080 with CVSS 5.5).
- commit 447f836
- netfilter: ipset: Hold module reference while requesting a module (CVE-2024-56637 bsc#1235523)
- commit 88e28cd
- dm array: fix releasing a faulty array block twice in
dm_array_cursor_end (bsc#1236096, CVE-2024-57929).
- commit 1959a0b
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
bad targetKeyLength parameters when checking for FIPS approval
after keygen. This was causing false rejections.
- Updated nss-fips-approved-crypto-non-ec.patch to approve
RSA signature verification mechanisms with PKCS padding and
legacy moduli (bsc#1222834).
- vim
-
- 9.1.1101 is a fix for:
bsc#1229685 (CVE-2024-43790)
bsc#1229822 (CVE-2024-43802)
bsc#1230078 (CVE-2024-45306)
bsc#1235695 (CVE-2025-22134)
bsc#1236151 (CVE-2025-24014)
bsc#1237137 (CVE-2025-1215)
- Remove obsoleted patch:
* vim-7.3-mktemp_tutor.patch
- update to 9.1.1101
* insexpand.c hard to read
* tests: Test_log_nonexistent only works on Linux
* Update base-syntax, improve variable matching
* Vim9: import with extends may crash
* leaking memory with completing multi lines
* --log with non-existent path causes a crash
* if_perl: Perl 5.38 adds new symbols causing link failure
* tests: matchparen plugin test wrongly named
* Vim9: problem finding implemented method in type hierarchy
* runtime(qf): Update syntax file, match second delimiter
* tests: output of test ...win32_ctrl_z depends on python version
* tests: fix expected return code for python 3.13 on Windows
* tests: timeout might be a bit too small
* tests: test_terminwscroll_topline2 unreliable
* tests: No check when tests are run under Github actions
* tests: plugin tests are named inconsistently
* Vim9: import with extends may crash
* completion doesn't work with multi lines
* filetype: cmmt files are not recognized
* Unable to persistently ignore events in a window and its buffers
* improve syntax highlighting
* setreg() doesn't correctly handle mbyte chars in blockwise mode
* unexpected DCS responses may cause out of bounds reads
* has('bsd') is true for GNU/Hurd
* filetype: Mill files are not recognized
* GUI late startup leads to uninitialized scrollbars
* Add support for lz4 to tar & gzip plugin
* Terminal ansi colors off by one after tgc reset
* included syntax items do not understand contains=TOP
* vim_strnchr() is strange and unnecessary
* Vim9: len variable not used in compile_load()
* runtime(vim): Update base-syntax, match :debuggreedy count prefix
* Strange error when heredoc marker starts with "trim"
* tests: test_compiler fails on Windows without Maven
* 'diffopt' "linematch" cannot be used with {n} less than 10
* args missing after failing to redefine a function
* Cannot control cursor positioning of getchar()
* preinsert text completions not deleted with <C-W>/<C-U>
* getchar() can't distinguish between C-I and Tab
* tests: Test_termwinscroll_topline2 fails on MacOS
* heap-use-after-free and stack-use-after-scope with :14verbose
* no digraph for "Approaches the limit"
* not possible to use plural forms with gettext()
* too many strlen() calls in userfunc.c
* terminal: E315 when dragging the terminal with the mouse
* runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor()
* runtime(doc): Tweak documentation style a bit
* tests: test_glvs fails when unarchiver not available
* Vim always enables 'termguicolors' in a terminal
* completion: input text deleted with preinsert when adding leader
* translation(sr): Missing Serbian translation for the tutor
* Superfluous cleanup steps in test_ins_complete.vim
* runtime(netrw): correct wrong version check
* Vim doesn't highlight to be inserted text when completing
* runtime(netrw): upstream snapshot of v176
* runtime(dist/vim9): fix regressions in dist#vim9#Open
* runtime(hyprlang): fix string recognition
* make install fails because of a missing dependency
* runtime(asm): add byte directives to syntax script
* Vim doesn't work well with TERM=xterm-direct
* runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection
* runtime: decouple Open and Launch commands and gx mapping from netrw
* "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
* runtime(just): fix typo in syntax file
* runtime(filetype): Improve Verilog detection by checking for modules definition
* tests: off-by-one error in CheckCWD in test_debugger.vim
* tests: no support for env variables when running Vim in terminal
* too many strlen() calls in os_unix.c
* insert-completed items are always sorted
* crash after scrolling and pasting in silent Ex mode
* Makefiles uses non-portable syntax
* fuzzymatching doesn't prefer matching camelcase
* filetype: N-Tripels and TriG files are not recognized
* Vim9: Patch 9.1.1014 causes regressions
* translation(sr): Update Serbian messages translation
- updade to 9.1.1043
* [security]: segfault in win_line()
* update helptags
* filetype: just files are not recognized
* Update base-syntax, match ternary and falsy operators
* Vim9: out-of-bound access when echoing an enum
* Vim9: imported type cannot be used as func return type
* runtime(kconfig): updated ftplugin and syntax script
* runtime(doc): rename last t_BG reference to t_RB
* Vim9: comments are outdated
* tests: test_channel.py fails with IPv6
* runtime(vim): Update base-syntax, fix is/isnot operator matching
* Vim9: confusing error when using abstract method via super
* make install fails when using shadowdir
* Vim9: memory leak with blob2str()
* runtime(tex): add texEmphStyle to texMatchGroup in syntax script
* runtime(netrw): upstream snapshot of v175
* Vim9: compiling abstract method fails without return
* runtime(c): add new constexpr keyword to syntax file (C23)
* tests: shaderslang was removed from test_filetype erroneously
* link error when FEAT_SPELL not defined
* Coverity complains about insecure data handling
* runtime(sh): update syntax script
* runtime(c): Add missing syntax test files
* filetype: setting bash filetype is backwards incompatible
* runtime(c): Update syntax and ftplugin files
* the installer can be improved
* too many strlen() calls in screen.c
* no sanitize check when running linematch
* filetype: swc configuration files are not recognized
* runtime(netrw): change netrw maintainer
* wrong return type of blob2str()
* blob2str/str2blob() do not support list of strings
* runtime(doc): fix typo in usr_02.txt
* Coverity complains about dereferencing NULL pointer
* linematch option value not completed
* string might be used without a trailing NUL
* no way to get current selected item in a async context
* filetype: fd ignore files are not recognized
* v9.1.0743 causes regression with diff mode
* runtime(doc): fix base64 encode/decode examples
* Vim9: Patch 9.1.1013 causes a few problems
* Not possible to convert string2blob and blob2string
* Coverity complains about dereferencing NULL value
* Vim9: variable not found in transitive import
* runtime(colors): Update colorschemes, include new unokai colorscheme
* Vim9: Regression caused by patch v9.1.0646
* runtime(lyrics): support milliseconds in syntax script
* runtime(vim): Split Vim legacy and Vim9 script indent tests
* Vim9: class interface inheritance not correctly working
* popupmenu internal error with some abbr in completion item
* filetype: VisualCode setting file not recognized
* diff feature can be improved
* tests: test for patch 9.1.1006 doesn't fail without the patch
* filetype: various ignore are not recognized
* tests: Load screendump files with "git vimdumps"
* PmenuMatch completion highlight can be combined
* completion text is highlighted even with no pattern found
* tests: a few termdebug tests are flaky
* [security]: heap-buffer-overflow with visual mode
* runtime(doc): add package-<name> helptags for included packages
* Vim9: unknown func error with interface declaring func var
* runtime(filetype): don't detect string interpolation as angular
* ComplMatchIns highlight hard to read on light background
* runtime(vim): Update base-syntax, highlight literal string quote escape
* runtime(editorconfig): set omnifunc to syntaxcomplete func
* tests: ruby tests fail with Ruby 3.4
* Vim9: leaking finished exception
* runtime(tiasm): use correct syntax name tiasm in syntax script
* filetype: TI assembly files are not recognized
* too many strlen() calls in drawscreen.c
* runtime(xf86conf): add section name OutputClass to syntax script
* ComplMatchIns may highlight wrong text
* runtime(vim): Update base-syntax, improve ex-bang matching
* runtime(doc): clarify buffer deletion on popup_close()
* filetype: shaderslang files are not detected
* Vim9: not able to use comment after opening curly brace
- update to 9.1.0993
* 9.1.0993: New 'cmdheight' behavior may be surprising
* runtime(sh): fix typo in Last Change header
* 9.1.0992: Vim9: double-free after v9.1.0988
* 9.1.0991: v:stacktrace has wrong type in Vim9 script
* runtime(sh): add PS0 to bashSpecialVariables in syntax script
* runtime(vim): Remove trailing comma from match_words
* runtime(zsh): sync syntax script with upstream repo
* runtime(doc): Capitalise the mnemonic "Zero" for the 'z' flag of search()
* 9.1.0990: Inconsistent behavior when changing cmdheight
* 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
* runtime(java): Quietly opt out for unsupported markdown.vim versions
* runtime(vim): fix failing vim syntax test
* 9.1.0988: Vim9: no error when using uninitialized var in new()
* runtime(doc): update index.txt
* 9.1.0987: filetype: cake files are not recognized
* 9.1.0986: filetype: 'jj' filetype is a bit imprecise
* runtime(jj): Support diffs in jj syntax
* runtime(vim): Update matchit pattern, no Vim9 short names
* 9.1.0985: Vim9: some ex commands can be shortened
* 9.1.0984: exception handling can be improved
* runtime(doc): update doc for :horizontal
* runtime(doc): update index.txt, windows.txt and version9.txt
* runtime(doc): Tweak documentation about base64 function
* runtime(chordpro): update syntax script
* 9.1.0983: not able to get the displayed items in complete_info()
* runtime(doc): use standard SGR format at :h xterm-true-color
* 9.1.0982: TI linker files are not recognized
* runtime(vim): update vim generator syntax script
* 9.1.0981: tests: typo in test_filetype.vim
* 9.1.0980: no support for base64 en-/decoding functions in Vim Script
* syntax(sh): Improve the recognition of bracket expressions
* runtime(doc): mention how NUL bytes are handled
* 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
* 9.1.0978: GUI tests sometimes fail when setting 'scroll' options
* 9.1.0977: filetype: msbuild filetypes are not recognized
* 9.1.0976: Vim9: missing return statement with throw
* 9.1.0975: Vim9: interpolated string expr not working in object methods
* 9.1.0974: typo in change of commit v9.1.0873
* 9.1.0973: too many strlen() calls in fileio.c
* runtime(sh): set shellcheck as the compiler for supported shells
* runtime(doc): Fix enum example syntax
* 9.1.0972: filetype: TI linker map files are not recognized
* runtime(vim): Improve syntax script generator for Vim Script
* 9.1.0971: filetype: SLNX files are not recognized
* 9.1.0970: VMS: build errors on VMS architecture
* runtime(doc): Fix documentation typos
* runtime(doc): update for new keyprotocol option value (after v9.1.0969)
* 9.1.0969: ghostty not using kitty protocol by default
* 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
* runtime(doc): update version9.txt for bash filetype
* runtime(netrw): update last change header for #16265
* runtime(doc): fix doc error in :r behaviour
* 9.1.0967: SpotBugs compiler setup can be further improved
* 9.1.0966: Vim9: :enum command can be shortened
* runtime(compiler): include a basic bash syntax checker compiler
* 9.1.0965: filetype: sh filetype set when detecting the use of bash
* runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt
* 9.1.0963: fuzzy-matching does not prefer full match
* 9.1.0962: filetype: bun.lock file is not recognized
* runtime(vim): update indentation plugin for Vim script
* runtime(doc): tweak documentation style in helphelp.txt
* runtime(vim): Update base-syntax, allow parens in default arguments
* runtime(doc): mention auto-format using clang-format for sound.c/sign.c
* runtime(help): fix typo s/additional/arbitrary/
* runtime(help): Add better support for language annotation highlighting
* 9.1.0961: filetype: TI gel files are not recognized
* 9.1.0960: filetype: hy history files are not recognized
* translation(fi): Fix typoes in Finish menu translation
* 9.1.0959: Coverity complains about type conversion
* runtime(vim): Use supported syntax in indent tests
* 9.1.0958: filetype: supertux2 config files detected as lisp
* 9.1.0956: completion may crash, completion highlight wrong with preview window
* 9.1.0955: Vim9: vim9compile.c can be further improved
* runtime(doc): move help tag E1182
* runtime(graphql): contribute vim-graphql to Vim core
* 9.1.0954: popupmenu.c can be improved
* 9.1.0953: filetype: APKBUILD files not correctly detected
* 9.1.0952: Vim9: missing type checking for any type assignment
* 9.1.0951: filetype: jshell files are not recognized
* runtime(dockerfile): do not set commentstring in syntax script
* 9.1.0950: filetype: fennelrc files are not recognized
* runtime(netrw): do not double escape Vim special characters
* git: ignore reformatting change of netrw plugin
* runtime(netrw): more reformating #16248
* runtime(doc): Add a note about handling symbolic links in starting.txt
* 9.1.0949: popups inconsistently shifted to the left
* git: ignore reformatting change of netrw plugin
* runtime(netrw): change indent size from 1 to 2
* 9.1.0948: Missing cmdline completion for :pbuffer
* runtime(tutor): Reformat tutor1
* 9.1.0947: short-description
* 9.1.0946: cross-compiling fails on osx-arm64
* 9.1.0945: ComplMatchIns highlight doesn't end after inserted text
* translation(sv): re-include the change from #16240
* 9.1.0944: tests: test_registers fails when not run under X11
* 9.1.0943: Vim9: vim9compile.c can be further improved
* runtime(doc): Update README and mention make check to verify
* translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec
* runtime(vim): update base-syntax after v9.1.0936
* 9.1.0942: a few typos were found
* 9.1.0941: ComplMatchIns doesn't work after multibyte chars
* runtime(doc): Fix style in fold.txt
* translation(sv): Fix typo in Swedish translation
* 9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
* runtime(doc): fix some small errors
* 9.1.0939: make installtutor fails
* 9.1.0938: exclusive selection not respected when re-selecting block mode
* 9.1.0937: test_undolist() is flaky
* 9.1.0936: cannot highlight completed text
* 9.1.0935: SpotBugs compiler can be improved
* 9.1.0934: hard to view an existing buffer in the preview window
* runtime(doc): document how to minimize fold computation costs
* 9.1.0933: Vim9: vim9compile.c can be further improved
* 9.1.0932: new Italian tutor not installed
* runtime(doc): fix a few minor errors from the last doc updates
* translation(it): add Italian translation for the interactive tutor
* runtime(doc): update the change.txt help file
* runtime(help): Add Vim lang annotation support for codeblocks
* 9.1.0931: ml_get error in terminal buffer
* 9.1.0930: tests: test_terminal2 may hang in GUI mode
* 9.1.0929: filetype: lalrpop files are not recognized
* 9.1.0928: tests: test_popupwin fails because the filter command fails
* editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim
* 9.1.0927: style issues in insexpand.c
* 9.1.0926: filetype: Pixi lock files are not recognized
* runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit`
* runtime(doc): add a note about inclusive motions and exclusive selection
* 9.1.0925: Vim9: expression compiled when not necessary
* 9.1.0924: patch 9.1.0923 causes issues
* 9.1.0923: too many strlen() calls in filepath.c
* 9.1.0923: wrong MIN macro in popupmenu.c
* 9.1.0921: popupmenu logic is a bit convoluted
* 9.1.0920: Vim9: compile_assignment() too long
* 9.1.0919: filetype: some assembler files are not recognized
* runtime(netrw): do not pollute search history with symlinks
* 9.1.0918: tiny Vim crashes with fuzzy buffer completion
* 9.1.0917: various vartabstop and shiftround bugs when shifting lines
* runtime(typst): add definition lists to formatlistpat, update maintainer
* 9.1.0916: messages.c is exceeding 80 columns
* runtime(proto): include filetype plugin for protobuf
* 9.1.0915: GVim: default font size a bit too small
* 9.1.0914: Vim9: compile_assignment() is too long
* 9.1.0913: no error check for neg values for 'messagesopt'
* runtime(netrw): only check first arg of netrw_browsex_viewer for being executable
* 9.1.0912: xxd: integer overflow with sparse files and -autoskip
* 9.1.0911: Variable name for 'messagesopt' doesn't match short name
* 9.1.0910: 'messagesopt' does not check max wait time
* runtime(doc): update wrong Vietnamese localization tag
* 9.1.0909: Vim9: crash when calling instance method
- update to 9.1.0908
* refresh vim-7.3-mktemp_tutor.patch
* 9.1.0908: not possible to configure :messages
* 9.1.0907: printoptions:portrait does not change postscript Orientation
* runtime(doc): Add vietnamese.txt to helps main TOC
* 9.1.0906: filetype: Nvidia PTX files are not recognized
* runtime(doc): updated version9.txt with changes from v9.1.0905
* 9.1.0905: Missing information in CompleteDone event
* 9.1.0904: Vim9: copy-paste error in class_defining_member()
* 9.1.0903: potential overflow in spell_soundfold_wsal()
* runtime(netrw): do not detach when launching external programs in gvim
* runtime(doc): make tag alignment more consistent in filetype.txt
* runtime(doc): fix wrong syntax and style of vietnamese.txt
* translation(it): update Italian manpage for vimtutor
* runtime(lua): add optional lua function folding
* Filelist: include translations for Chapter 2 tutor
* translation(vi): Update Vietnamese translation
* runtime(doc): include vietnamese.txt
* runtime(tutor): fix another typo in tutor2
* runtime(doc): fix typo in vimtutor manpage
* translation(it): update Italian manpage for vimtutor
* translation(it): include Italian version of tutor chapter 2
* runtime(tutor): regenerated some translated tutor1 files
* runtime(tutor): fix typo in Chapter 2
* 9.1.0902: filetype: Conda configuration files are not recognized
* runtime(doc): Tweak documentation style a bit
* runtime(tutor): update the tutor files and re-number the chapters
* runtime(tutor): Update the makefiles for tutor1 and tutor2 files
* 9.1.0901: MS-Windows: vimtutor batch script can be improved
* runtime(doc): remove buffer-local completeopt todo item
* 9.1.0900: Vim9: digraph_getlist() does not accept bool arg
* runtime(typst): provide a formatlistpat in ftplugin
* runtime(doc): Update documentation for "noselect" in 'completeopt'
* 9.1.0899: default for 'backspace' can be set in C code
* runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc
* translation(ru): Updated messages translation
* 9.1.0898: runtime(compiler): pytest compiler not included
* 9.1.0897: filetype: pyrex files are not detected
* runtime(compiler): update eslint compiler
* 9.1.0896: completion list wrong after v9.1.0891
* runtime(doc): document changed default value for 'history'
* 9.1.0895: default history value is too small
* 9.1.0894: No test for what the spotbug compiler parses
* 9.1.0893: No test that undofile format does not regress
* translation(de): update German manpages
* runtime(compiler): include spotbugs Java linter
* 9.1.0892: the max value of 'tabheight' is limited by other tabpages
* runtime(po): remove poDiffOld/New, add po-format flags to syntax file
* 9.1.0891: building the completion list array is inefficient
* patch 9.1.0890: %! item not allowed for 'rulerformat'
* runtime(gzip): load undofile if there exists one
* 9.1.0889: Possible unnecessary redraw after adding/deleting lines
* 9.1.0888: leftcol property not available in getwininfo()
* 9.1.0887: Wrong expression in sign.c
* 9.1.0886: filetype: debian control file not detected
* runtime(c3): include c3 filetype plugin
* 9.1.0885: style of sign.c can be improved
* 9.1.0884: gcc warns about uninitialized variable
* runtime(apache): Update syntax directives for apache server 2.4.62
* translation(ru): updated vimtutor translation, update MAINTAINERS file
* 9.1.0883: message history cleanup is missing some tests
* runtime(doc): Expand docs on :! vs. :term
* runtime(netrw): Fixing powershell execution issues on Windows
* 9.1.0882: too many strlen() calls in insexpand.c
* 9.1.0881: GUI: message dialog may not get focus
* runtime(netrw): update netrw's decompress logic
* runtime(apache): Update syntax keyword definition
* runtime(misc): add Italian LICENSE and (top-level) README file
* 9.1.0880: filetype: C3 files are not recognized
* runtime(doc): add helptag for :HelpToc command
* 9.1.0879: source is not consistently formatted
* Add clang-format config file
* runtime(compiler): fix escaping of arguments passed to :CompilerSet
* 9.1.0878: termdebug: cannot enable DEBUG mode
* 9.1.0877: tests: missing test for termdebug + decimal signs
* 9.1.0876: filetype: openCL files are not recognized
* 9.1.0875: filetype: hyprlang detection can be improved
* 9.1.0874: filetype: karel files are not detected
* 9.1.0873: filetype: Vivado files are not recognized
* 9.1.0872: No test for W23 message
* 9.1.0871: getcellpixels() can be further improved
* 9.1.0870: too many strlen() calls in eval.c
* 9.1.0869: Problem: curswant not set on gm in folded line
* 9.1.0868: the warning about missing clipboard can be improved
* runtime(doc): Makefile does not clean up all temporary files
* 9.1.0867: ins_compl_add() has too many args
* editorconfig: don't trim trailing whitespaces in runtime/doc
* translation(am): Remove duplicate keys in desktop files
* runtime(doc): update helptags
* runtime(filetype): remove duplicated *.org file pattern
* runtime(cfg): only consider leading // as starting a comment
* 9.1.0866: filetype: LLVM IR files are not recognized
* 9.1.0865: filetype: org files are not recognized
* 9.1.0864: message history is fixed to 200
* 9.1.0863: getcellpixels() can be further improved
* runtime(sh): better function support for bash/zsh in indent script
* runtime(netrw): small fixes to netrw#BrowseX
* 9.1.0862: 'wildmenu' not enabled by default in nocp mode
* runtime(doc): update how to report issues for mac Vim
* runtime(doc): mention option-backslash at :h CompilerSet
* runtime(compiler): include a Java Maven compiler plugin
* runtime(racket): update Racket runtime files
* runtime(doc): improve indentation in examples for netrw-handler
* runtime(doc): improve examples for netrw-handler functions
* runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg
* runtime(doc): clarify the use of filters and external commands
* 9.1.0861: Vim9: no runtime check for object member access of any var
* runtime(compiler): update pylint linter
* 9.1.0860: tests: mouse_shape tests use hard code sleep value
* 9.1.0859: several problems with the GLVS plugin
* 9.1.0858: Coverity complains about dead code
* runtime(tar): Update tar.vim to support permissions
* 9.1.0857: xxd: --- is incorrectly recognized as end-of-options
* 9.1.0851: too many strlen() calls in getchar.c
* 9.1.0850: Vim9: cannot access nested object inside objects
* runtime(tex): extra Number highlighting causes issues
* runtime(vim): Fix indent after :silent! function
* 9.1.0849: there are a few typos in the source
* runtime(netrw): directory symlink not resolved in tree view
* runtime(doc): add a table of supported Operating Systems
* runtime(tex): update Last Change header in syntax script
* runtime(doc): fix typo in g:termdebug_config
* runtime(vim): Update base-syntax, improve :normal highlighting
* runtime(tex): add Number highlighting to syntax file
* runtime(doc): Tweak documentation style a bit
* 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
* runtime(dune): use :setl instead of :set in ftplugin
* runtime(termdebug): allow to use decimal signs
* translation(it): Updated Italian vimtutor
* runtime(compiler): improve cppcheck
* git: git-blame-ignore-revs shown as an error on Github
* 9.1.0847: tests: test_popupwin fails because of updated help file
* 9.1.0846: debug symbols for xxd are not cleaned in Makefile
* runtime(structurizr): Update structurizr syntax
* runtime(8th): updated 8th syntax
* runtime(doc): Add pi_tutor.txt to help TOC
* runtime(compiler): add mypy and ruff compiler; update pylint linter
* runtime(netrw): fix several bugs in netrw tree listing
* runtime(netrw): prevent polluting the search history
* 9.1.0845: vimtutor shell script can be improved
* 9.1.0844: if_python: no way to pass local vars to python
* 9.1.0843: too many strlen() calls in undo.c
* runtime(doc): update default value for fillchars option
* runtime(compiler): fix typo in cppcheck compiler plugin
* runtime(doc): simplify vimtutor manpage a bit more
* runtime(matchparen): Add matchparen_disable_cursor_hl config option
* 9.1.0842: not checking for the sync() systemcall
* 9.1.0841: tests: still preferring python2 over python3
* 9.1.0840: filetype: idris2 files are not recognized
* 9.1.0839: filetype: leo files are not recognized
* runtime(cook): include cook filetype plugin
* runtime(debversions): Update Debian versions
* patch 9.1.0838: vimtutor is bash-specific
* runtime(doc): add help specific modeline to pi_tutor.txt
* Filelist: vimtutor chapter 2 is missing in Filelist
* 9.1.0837: cross-compiling has some issues
* runtime(vimtutor): Add a second chapter
- glibc
-
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582))
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228044, BZ
[#31934])
- python3
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- gnutls
-
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-x509-optimize-alt-name-access.patch
* Add gnutls-CVE-2024-12243.patch
- libX11
-
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
- libxml2
-
- security update
- modified patches
% fix-perl.diff (p1)
- added patches
fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
+ libxml2-CVE-2024-56171.patch
fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
+ libxml2-CVE-2025-24928.patch
fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
+ libxml2-CVE-2025-27113.patch
- python36
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- grub2
-
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- _product:sle-sdk-release
-
n/a
- libxkbfile
-
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- python-base
-
- Modify CVE-2025-0938-sq-brackets-domain-names.patch: we don't
use bracketed_host variable any more (correction of the fix for
bsc#1236705, discovered during analysis for bsc#1223694).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- timezone
-
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
* Fixes testsuite failures for other packages
- nfsidmap
-
- nss: use strrchr() instead of strchr() to get the last occurrence of
"@" (bsc#1236077)
- add 0003-nss-use-strrchr-instead-of-strchr-to-get-the-last-oc.patch
- openssh
-
- Backported patch to fix a MitM attack against OpenSSH's
VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
* fix-CVE-2025-26465.patch
- write active/enabled switch over files only if not yet present
(bsc#1220110)
- Add patch backported from upstream to add a s390 specific ioctl
for ecc hardware support (bsc#1225637):
* openssh-7.2p2-allow-s390-specific-ioctl-for-ecc-hardware-support.patch
- _product:sle-live-patching-release
-
n/a
- procps
-
- Add patch CVE-2023-4016-part2.patch
* Fix the ps command segfaults when pid argument has a leading space (bsc#1236842)
- python-instance-billing-flavor-check
-
- Update to version 1.0.0 (jsc#PCT-531)
+ API incompatibility: The check_payg_byos function no longer exits, it now
returns a tuple of (flavor, exit_code). This makes the function reusable.
+ Update the build setup to work with the system interpreter of
upcoming SLE releases. SLE 12 stays with the Python 3.4 interpreter
and SLE 15 with the Python 3.6 interpreter.
- Version 0.1.2 (bsc#1234444)
+ Improve detection of IPv4 and IPv6 network setup and use appropriate
IP version for access the update servers
+ Improve reliability of flavor detection. Try an update server multiple
times to get an answer, if we hit timeouts return the value flavor
value from a cache file.