- 000release-packages:SUSE-MicroOS-release
-
n/a
- boost
-
- CVE-2016-9840: fixed out-of-bounds pointer arithmetic in zlib in beast
(bsc#1245936)
- adds patch boost-zlib.patch
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- curl
-
- tool_operate: fix return code when --retry is used but not
triggered [bsc#1249367]
* Add curl-tool_operate-fix-return-code-when-retry-is-used.patch
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- Fix the --ftp-pasv option in curl v8.14.1 [bsc#1246197]
* tool_getparam: fix --ftp-pasv [5f805ee]
* Add curl-fix--ftp-pasv.patch
- Update to 8.14.1: [jsc#PED-13055, jsc#PED-13056]
* Remove pre_checkin.sh and add _multibuild
* Rename patch from dont-mess-with-rpmoptflags.diff to
dont-mess-with-rpmoptflags.patch
* Rebase patches:
- curl-disabled-redirect-protocol-message.patch
- curl-secure-getenv.patch
- libcurl-ocloexec.patch
* Remove patches fixed in the update:
- curl-CVE-2020-8169.patch
- curl-CVE-2020-8177.patch
- curl-CVE-2020-8231.patch
- curl-CVE-2020-8284.patch
- curl-CVE-2020-8285.patch
- curl-CVE-2020-8286.patch
- curl-CVE-2021-22876.patch
- curl-CVE-2021-22890.patch
- curl-CVE-2021-22898.patch
- curl-CVE-2021-22924.patch
- curl-CVE-2021-22925.patch
- curl-CVE-2021-22946.patch
- curl-CVE-2021-22947.patch
- curl-CVE-2022-22576.patch
- curl-CVE-2022-27775.patch
- curl-CVE-2022-27776.patch
- curl-CVE-2022-27781.patch
- curl-CVE-2022-27782.patch
- curl-CVE-2022-32206.patch
- curl-CVE-2022-32208.patch
- curl-CVE-2022-32221.patch
- curl-CVE-2022-35252.patch
- curl-CVE-2022-43552.patch
- curl-CVE-2023-23916.patch
- curl-CVE-2023-27533-no-sscanf.patch
- curl-CVE-2023-27533.patch
- curl-CVE-2023-27534-dynbuf.patch
- curl-CVE-2023-27534-tilde-back.patch
- curl-CVE-2023-27534.patch
- curl-CVE-2023-27535.patch
- curl-CVE-2023-27536.patch
- curl-CVE-2023-27538.patch
- curl-CVE-2023-28320.patch
- curl-CVE-2023-28321.patch
- curl-CVE-2023-28322.patch
- curl-CVE-2023-38546.patch
- curl-CVE-2023-46218.patch
- curl-CVE-2024-11053.patch
- curl-CVE-2024-2398.patch
- curl-CVE-2024-7264.patch
- curl-CVE-2024-8096.patch
- curl-CVE-2025-0167.patch
- curl-CVE-2025-0725.patch
- curl-X509_V_FLAG_PARTIAL_CHAIN.patch
- curl-check-content-type.patch
- curl-expire-clear.patch
- curl-http-lowercase-headernames-for-HTTP-2-and-HTTP-3.patch
- curl-libssh_Implement_SFTP_packet_size_limit.patch
- curl-use_OPENSSL_config.patch
- ignore_runtests_failure.patch
- Sync spec file with SLE codestreams: [jsc#PED-13055, jsc#PED-13056]
* Add curl-mini.rpmlintrc to avoid rpmlint shlib-policy-name-error
when building the curl-mini package in SLE.
* Add libssh minimum version requirements.
* Use ldconfig_scriptlets when available.
* Remove unused option --disable-ntlm-wb.
- docker
-
- Update to Docker 28.3.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2833>
CVE-2025-54388 bsc#1247367
- Update to docker-buildx v0.26.1. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.1>
- Update to docker-buildx v0.26.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.0>
- Update to Go 1.24 for builds, to match upstream.
- Update to Docker 28.3.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2832>
- Update to Docker 28.3.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2831>
- Update to Docker 28.3.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2830>
bsc#1246556
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2822>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- transactional-update
-
- Build with PIE enabled [bsc#1239954]
- google-dracut-config
-
- Add sed and find to requirements bsc#1245352
- grub2
-
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#168
- fix usb network card detection (bsc#1245950)
- 21.89
- ignition
-
- Add CVE-2022-28948.patch
* Fixes [bsc#1248548]
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
- Fix bsc#1243284 - ping on s390x prints invalid ttl
* Add iputils-invalid-ttl-s390x.patch
* Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems
- kernel-default
-
- md-raid10: fix KASAN warning (CVE-2022-50211 bsc#1245140).
- commit 31bcd4f
- Update
patches.suse/netfilter-nf_set_pipapo_avx2-fix-initial-map-fill.patch
(git-fixes CVE-2024-57947 bsc#1236333 CVE-2025-38120
bsc#1245711).
- commit 7d06dc1
- Refresh
patches.suse/RDMA-core-Always-release-restrack-object.patch.
- Refresh
patches.suse/RDMA-core-Don-t-access-cm_id-after-its-destruction.patch.
Add one missing hunk in each patch. This is a no-op because the missing
hunks were compensating each other, but this makes each backport more
obviously correct.
- commit d3f88e2
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit d9ba7e8
- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
bsc#1247349).
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (CVE-2025-38495 bsc#1247348).
- commit a678d3e
- usb: gadget: configfs: Fix OOB read on empty string write
(CVE-2025-38497 bsc#1247347).
- commit e1f48cd
- RDMA/core: Update CMA destination address on rdma_resolve_addr (bsc#1210629 CVE-2023-2176)
- commit 7ed89f3
- s390/pkey: Prevent overflow in size calculation for
memdup_user() (1246186 CVE-2025-38257).
- commit 8e1774a
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit 880fc41
- Revert those fixes for bsc#1238160 because the CVSS less than 7.0
Revert those fixes for bsc#1238160 because the CVSS less than 7.0, and
they cause merge conflicts on SLE15-SP3-LTSS which are not easy to resolve.
- Delete
patches.suse/Bluetooth-hci_event-Fix-checking-conn-for-le_conn_co.patch.
- Delete
patches.suse/Bluetooth-hci_event-Fix-checking-for-invalid-handle-.patch.
- Delete
patches.suse/Bluetooth-hci_event-Ignore-multiple-conn-complete-ev.patch.
(bsc#1238160 CVE-2022-49138)
- commit 6d6e523
- netfilter: nft_set_hash: unaligned atomic read on struct
nft_set_ext (CVE-2023-52923 bsc#1236104).
- commit c227a9f
- netfilter: nft_set_hash: skip duplicated elements pending gc
run (CVE-2023-52923 bsc#1236104).
- commit 51924b8
- net: sched: fix ordering of qlen adjustment (CVE-2024-53164 bsc#1234863)
- commit ea64d33
- Refresh patches.suse/Bluetooth-hci_event-Fix-checking-conn-for-le_conn_co.patch
Remove the duplicate upstream commit ID from blacklist.conf and add it
as Alt-commit to the patch instead.
- commit fa5a3c4
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit 30fc041
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- commit 5b1ce89
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(CVE-2025-38181 bsc#1246000).
- commit f693286
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(CVE-2025-38213 bsc#1246037).
- commit a806d03
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1238160 CVE-2022-49138).
- commit 9fb4996
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1238160 CVE-2022-49138).
- commit 33a7a6d
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1238160 CVE-2022-49138).
- commit 86d3f6a
- crypto: algif_hash - fix double free in hash_accept
(CVE-2025-38079 bsc#1245217).
- commit 7f960ba
- net_sched: hfsc: Fix a UAF vulnerability in class handling
(CVE-2025-37797 bsc#1242417).
- commit a414920
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit b56116d
- netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes
CVE-2024-57947 bsc#1236333).
- commit e92eecd
- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
bsc#1236333).
- commit bff7b74
- scsi: storvsc: Increase the timeouts to storvsc_timeout
(bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv
status (git-fixes).
- commit a5f8a2c
- firmware: arm_scpi: Ensure scpi_info is not assigned if the
probe fails (CVE-2022-50087 bsc#1245119).
- commit ed98a38
- Update
patches.suse/0012-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0014-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0023-loop-Check-for-overflow-while-configuring-loop.patch
(git-fixes CVE-2022-49993 bsc#1245121).
- Update
patches.suse/0025-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/ALSA-bcd2000-Fix-a-UAF-bug-on-the-error-path-of-prob.patch
(git-fixes CVE-2022-50229 bsc#1244856).
- Update
patches.suse/ASoC-SOF-debug-Fix-potential-buffer-overflow-by-snpr.patch
(git-fixes CVE-2022-50051 bsc#1245041).
- Update
patches.suse/ASoC-mt6797-mt6351-Fix-refcount-leak-in-mt6797_mt635.patch
(git-fixes CVE-2022-50124 bsc#1244816).
- Update
patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch
(git-fixes CVE-2022-50156 bsc#1244782).
- Update
patches.suse/HID-hidraw-fix-memory-leak-in-hidraw_release.patch
(git-fixes CVE-2022-49981 bsc#1245072).
- Update
patches.suse/HID-steam-Prevent-NULL-pointer-dereference-in-steam_.patch
(git-fixes CVE-2022-49984 bsc#1244950).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch
(git-fixes CVE-2022-50072 bsc#1244979).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/RDMA-qedr-Fix-potential-memory-leak-in-__qedr_alloc_.patch
(git-fixes CVE-2022-50138 bsc#1244797).
- Update
patches.suse/RDMA-rxe-Fix-error-unwind-in-rxe_create_qp.patch
(git-fixes CVE-2022-50127 bsc#1244815).
- Update
patches.suse/RDMA-siw-Fix-duplicated-reported-IW_CM_EVENT_CONNECT.patch
(git-fixes CVE-2022-50136 bsc#1244804).
- Update
patches.suse/ceph-don-t-leak-snap_rwsem-in-handle_cap_grant.patch
(bsc#1202810 CVE-2022-50059 bsc#1245031).
- Update
patches.suse/clk-qcom-ipq8074-dont-disable-gcc_sleep_clk_src.patch
(git-fixes CVE-2022-50029 bsc#1245146).
- Update
patches.suse/crypto-arm64-poly1305-fix-a-read-out-of-bound.patch
(git-fixes CVE-2022-50231 bsc#1244853).
- Update
patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch
(git-fixes CVE-2022-50149 bsc#1244883).
- Update
patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch
(git-fixes CVE-2022-50176 bsc#1244902).
- Update
patches.suse/drm-meson-Fix-refcount-bugs-in-meson_vpu_has_availab.patch
(git-fixes CVE-2022-50038 bsc#1244943).
- Update
patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(git-fixes CVE-2022-50173 bsc#1244992).
- Update
patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch
(git-fixes CVE-2022-50185 bsc#1244887).
- Update
patches.suse/drm-sun4i-dsi-Prevent-underflow-when-computing-packe.patch
(git-fixes CVE-2022-50036 bsc#1244941).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(git-fixes CVE-2022-49978 bsc#1245195).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update patches.suse/gadgetfs-ep_io-wait-until-IRQ-finishes.patch
(git-fixes CVE-2022-50028 bsc#1245135).
- Update
patches.suse/hwmon-gpio-fan-Fix-array-out-of-bounds-access.patch
(git-fixes CVE-2022-49945 bsc#1244908).
- Update
patches.suse/ieee802154-adf7242-defer-destroy_workqueue-call.patch
(git-fixes CVE-2022-49968 bsc#1244959).
- Update
patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch
(git-fixes CVE-2022-50218 bsc#1244861).
- Update
patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch
(git-fixes CVE-2022-50143 bsc#1244790).
- Update patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch
(git-fixes CVE-2022-50142 bsc#1244796).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update
patches.suse/locking-csd_lock-Change-csdlock_debug-from-early_par.patch
(git-fixes CVE-2022-50091 bsc#1244885).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update patches.suse/memstick-ms_block-Fix-a-memory-leak.patch
(git-fixes CVE-2022-50140 bsc#1244793).
- Update
patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch
(git-fixes CVE-2022-50209 bsc#1244868).
- Update
patches.suse/mfd-max77620-Fix-refcount-leak-in-max77620_initialis.patch
(git-fixes CVE-2022-50108 bsc#1244834).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-open.patch
(git-fixes CVE-2022-49950 bsc#1244958).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-probe.patch
(git-fixes CVE-2022-49952 bsc#1244945).
- Update
patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch
(git-fixes CVE-2022-50141 bsc#1244794).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch
(git-fixes CVE-2022-50172 bsc#1244764).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-ap_flash_init.patch
(git-fixes CVE-2022-50160 bsc#1244776).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-of_flash_probe_versati.patch
(git-fixes CVE-2022-50161 bsc#1244774).
- Update
patches.suse/mtd-partitions-Fix-refcount-leak-in-parse_redboot_of.patch
(git-fixes CVE-2022-50158 bsc#1244779).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-CHAIN_ID-to-refer-t.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50212 bsc#1244869).
- Update
patches.suse/pinctrl-nomadik-Fix-refcount-leak-in-nmk_pinctrl_dt_.patch
(git-fixes CVE-2022-50061 bsc#1245033).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-perf-Optimize-clearing-the-pending-PMI-and-r.patch
(bsc#1156395 CVE-2022-50118 bsc#1244825).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch
(git-fixes CVE-2022-50191 bsc#1244899).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(git-fixes CVE-2022-49990 bsc#1245006).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch
(bsc#1201956 CVE-2022-50027 bsc#1245073).
- Update
patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch
(bsc#1201956 CVE-2022-50030 bsc#1245265).
- Update
patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch
(bsc#1201160 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/tty-serial-Fix-refcount-leak-bug-in-ucc_uart.c.patch
(git-fixes CVE-2022-50019 bsc#1245098).
- Update
patches.suse/tty-vt-initialize-unicode-screen-buffer.patch
(git-fixes CVE-2022-50222 bsc#1245136).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-host-ohci-ppc-of-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50033 bsc#1245139).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update patches.suse/usb-renesas-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50032 bsc#1245103).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(git-fixes CVE-2022-50109 bsc#1244884).
- Update
patches.suse/video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(git-fixes CVE-2022-50099 bsc#1244842).
- Update
patches.suse/video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(git-fixes CVE-2022-50102 bsc#1244838).
- Update
patches.suse/video-fbdev-i740fb-Check-the-argument-of-i740_calc_v.patch
(git-fixes CVE-2022-50010 bsc#1245122).
- Update
patches.suse/video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(git-fixes CVE-2022-50097 bsc#1244845).
- Update
patches.suse/video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(git-fixes CVE-2022-50101 bsc#1244839).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- Update
patches.suse/vt-Clear-selection-before-changing-the-font.patch
(git-fixes CVE-2022-49948 bsc#1245058).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch
(git-fixes CVE-2022-50164 bsc#1244770).
- Update
patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch
(git-fixes CVE-2022-50162 bsc#1244773).
- Update
patches.suse/wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch
(git-fixes CVE-2022-49942 bsc#1244881).
- Update
patches.suse/wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch
(git-fixes CVE-2022-49934 bsc#1245051).
- Update
patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch
(git-fixes CVE-2022-50169 bsc#1244767).
- Update
patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch
(git-fixes CVE-2022-50165 bsc#1244771).
- Update
patches.suse/xen-privcmd-fix-error-exit-of-privcmd_ioctl_dm_op.patch
(git-fixes CVE-2022-49989 bsc#1245007).
- commit 138997d
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662 CVE-2022-49936 bsc#1244984).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/bpf-Don-t-use-tnum_range-on-array-range-checking-for.patch
(bsc#1202564 bsc#1202860 CVE-2022-2905 CVE-2022-49985
bsc#1244956).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50213 bsc#1244867).
- Update patches.suse/sch_htb-make-htb_deactivate-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37953 bsc#1243543).
- Update
patches.suse/sch_htb-make-htb_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37932 bsc#1243627).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- commit cfda5f9
- selinux: Add boundary check in put_entry() (CVE-2022-50200
bsc#1245149).
- commit 66f4090
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 23a5ba6
- dm raid: fix address sanitizer warning in raid_resume
(CVE-2022-50085 bsc#1245147).
- commit 014ae24
- kabi: place tstamp needed for nftables set in a hole
(CVE-2024-27397 bsc#1224095).
- commit 77b63ae
- netfilter: nf_tables: use timestamp to check for set element
timeout (CVE-2024-27397 bsc#1224095).
- commit 9049387
- netfilter: nft_set_rbtree: .deactivate fails if element has
expired (CVE-2024-27397 bsc#1224095).
- commit 1e980c4
- net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (CVE-2025-38001 bsc#1244234).
- commit f66f8f9
- sch_ets: make est_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
Note: this patch is only needed SLE15-SP3-LTSS as sch_ets was not
backported into other 5.3 based branches.
- commit 6c457bf
- sch_htb: make htb_deactivate() idempotent (CVE-2025-37798
bsc#1242414).
- codel: remove sch->q.qlen check before
qdisc_tree_reduce_backlog() (CVE-2025-37798 bsc#1242414).
- sch_qfq: make qfq_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_drr: make drr_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_htb: make htb_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- commit 76ca52d
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- kernel-source: Remove log.sh from sources
- commit 96bd779
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141 bsc#1234381)
- commit 21ac02b
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
(CVE-2025-37823 bsc#1242924).
- commit dca98b0
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (CVE-2025-37890 bsc#1243330).
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit 8d2bb29
- netfilter: ipset: fix region locking in hash types
(CVE-2025-37997 bsc#1243832).
- commit d102bab
- net: sched: Disallow replacing of child qdisc from one parent
to another (CVE-2025-21700 bsc#1237159).
- commit bde17d3
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
(git-fixes CVE-2025-21703 bsc#1237313).
- commit 982a71f
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702 bsc#1237312)
- commit f34470d
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit a87a922
- netfilter: nft_set_pipapo: do not free live element
(CVE-2024-26924 bsc#1223387).
- commit b465633
- net/sched: netem: account for backlog updates from child qdisc
(CVE-2024-56770 bsc#1235637).
- sch/netem: fix use after free in netem_dequeue (CVE-2024-56770
bsc#1235637 CVE-2024-46800 bsc#1230827).
- commit 3360a1a
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- wifi: cfg80211: fix certs build to not depend on file order
(bsc#1243001).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- commit eda1fcf
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals
KABI: symbol asc2ax(mod:net/ax25/ax25) lost
KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost
KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost
KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost
KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost
KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost
KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost
KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost
KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost
KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost
KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost
KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost
KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost
KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost
KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost
KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost
KABI: symbol ax25cmp(mod:net/ax25/ax25) lost
KABI: symbol ax2asc(mod:net/ax25/ax25) lost
KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost
KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost
KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost
KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost
KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost
KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost
- commit fc0b9ba
- drop rose drivers (bsc#1238471).
- drop netrom drivers (bsc#1238471).
- drop hamradio drivers (bsc#1238471).
- drop ax25 drivers (bsc#1238471).
- commit bde35e8
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0015-CVE-2025-3576.patch
- gcc14
-
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Disable build of glibc cross to loongarch64 and hppa in SLFO
and SLE15.
- Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Remove gcc14-pr120061.patch which is now included upstream.
- Add gcc14-pr120061.patch to fix the PR108900 fix instead of
reverting it.
- Remove gcc14-pr108900.patch
- Add gcc14-pr108900.patch to revert it, fixing libqt6webengine build.
- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
* Remove gcc14-pr118780.patch now on the upstream branch
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Add gcc14-pr119680.patch to fix cross-compiler builds with
- -enable-host-pie.
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_01_s390x.patch
* Add libgcrypt-CVE-2024-2236_02.patch
* Add libgcrypt-CVE-2024-2236_03.patch
- gnutls
-
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- Fix double-free due to incorrect ownership handling in the export logic of
SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
* Add patch gnutls-CVE-2025-32988.patch
- Fix NULL pointer dereference when 2nd Client Hello omits PSK
[bsc#1246299, CVE-2025-6395]
* Add patch gnutls-CVE-2025-6395.patch
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- python3
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
The backported fixes do not contain changes for ntpath.py and
related tests, because the support for symlinks and junctions
were added later in Python 3.9, and it does not make sense to
backport them to 3.6 here.
The patch is contains the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration, bsc#1233012
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
_PyBytes_DecodeEscape signature.
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- ruby2.5
-
- update suse.patch to 3f3682bf07fcd4f2fa875958853d3843ee7dcdb9
- fix remote DoS via YAML manifest
bsc#1225905 CVE-2024-35221
- update suse.patch to c76fb820676cfded16c697a62281a3bfeb8e4bb1
- fix webrick: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
bsc#1245254 CVE-2025-6442
- update suse.patch to 5d79fc609c5761864aec47e1ae4796b93db99104
- fix ruby: userinfo leakage in URI#join, URI#merge and URI#+
bsc#1237805 CVE-2025-27221
- libsolv
-
- add support for product-obsoletes() provides in the product
autopackage generation code
- bump version to 0.7.34
- improve transaction ordering by allowing more uninst->uninst
edges [bsc#1243457]
- implement color filtering when adding update targets
- support orderwithrequires dependencies in susedata.xml
- bump version to 0.7.33
- sqlite3
-
- Backpatch the URLs in sqlite3.n from https to http to avoid a
file conflict with the tcl package on SLE-15-GA up to SP2. In
SP3 and onwards the Tcl package does not contain the sqlite
extension anymore.
- Sync version 3.50.2 from Factory:
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Add subpackage for the lemon parser generator.
+ sqlite-3.49.0-fix-lemon-missing-cflags.patch
+ sqlite-3.6.23-lemon-system-template.patch
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- libzypp
-
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
(fixes #667)
- version 17.37.16 (35)
- Append RepoInfo::path() to the mirror URLs in Preloader
(bsc#1247054)
- version 17.37.15 (35)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- version 17.37.14 (35)
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- version 17.37.13 (35)
- Allow explicit request to probe an added repo's URL
(bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661)
- version 17.37.12 (35)
- Add runtime check for a broken rpm-4.18.0 --runpostrans
(bsc#1246149)
- Add regression test for bsc#1245220 and some other filesize
related tests.
- version 17.37.11 (35)
- BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
Newer rpm versions no longer allow a ':' in rpm package names or
obsoletes. So injecting an
Obsoletes: product:oldproductname < oldproductversion
into the -release package to indicate a product rename is no longer
possible.
Since libsolv-0.7.34 you can and should use:
Provides: product-obsoletes(oldproductname) < oldproductversion
in the -release package. libsolv will then inject the appropriate
Obsoletes into the Product.
- version 17.37.10 (35)
- Ignore DeltaRpm download errors (bsc#1245672)
DeltaRpms are in fact optional resources. In case of a failure
the full rpm is downloaded.
- Improve fix for incorrect filesize handling (bsc#1245220)
- version 17.37.9 (35)
- Do not trigger download data exceeded errors on HTTP non data
responses (bsc#1245220)
In some cases a HTTP 401 or 407 did trigger a "filesize exceeded"
error, because the response payload size was compared against the
expected filesize. This patch adds some checks if the response
code is in the success range and only then takes expected
filesize into account. Otherwise the response content-length is
used or a fallback of 2Mb if no content-length is known.
- version 17.37.8 (35)
- Fix SEGV in MediaDISK handler (bsc#1245452)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
DownloadAsNeeded can not be combined with the rpm singletrans
installer backend because a rpm transaction requires all package
headers to be available the the beginning of the transaction. So
explicitly selecting this mode also turns on the classic_rpmtrans
backend.
- Fix evaluation of libproxy results (bsc#1244710)
- version 17.37.7 (35)
- Enhancements regarding mirror handling during repo refresh.
Added means to disable the use of mirrors when downloading
security relevant files. Requires updaing zypper to 1.14.91.
- Fix autotestcase writer if ZYPP_FULLLOG=1 (bsc#1244042)
If ZYPP_FULLLOG=1 a solver testcase to
"/var/log/YaST2/autoTestcase" should be written for each solver
run. There was no testcase written for the very first solver run.
This is now fixed.
- Pass $1==2 to %posttrans script if it's an update (bsc#1243279)
- version 17.37.6 (35)
- net-tools
-
- Drop 0002-Do-not-warn-about-interface-socket-not-binded.patch. It
worked around a net-tools-1.60 specific problem, that does not
happen in net-tools-2.10. It is more harmful than useful, as it
can hide real problems. (bsc#430864#c15,
https://github.com/ecki/net-tools/issues/32#issuecomment-3265471116).
- Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It
was net-tools-1.60 specific leak fix and breaks netrom in
net-tools-2.10 (bnc#544339#c2).
- Drop old Fedora patch 0006-Allow-interface-stacking.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased
bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
[bsc#1246221, CVE-2024-10041,
+ libpam-introduce-secure-memory-erasure-helpers.patch
+ pam_modutil_get-overwrite-password-at-free.patch
- passverify-always-run-the-helper-to-obtain-shadow_pwd.patch]
- python-PyYAML
-
- Add python36-PyYAML provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-appdirs
-
- Add python36-appdirs provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-asn1crypto
-
- Add python36-asn1crypto provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-cffi
-
- Add python36-cffi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-chardet
-
- Add python36-chardet provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyparsing
-
- Add python36-pyparsing provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pytz
-
- Add python36-pytz provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- salt
-
- Prevent tests failures when pygit2 is not present
- Several fixes for security issues
(bsc#1244561, CVE-2024-38822)
(bsc#1244564, CVE-2024-38823)
(bsc#1244565, CVE-2024-38824)
(bsc#1244566, CVE-2024-38825)
(bsc#1244567, CVE-2025-22240)
(bsc#1244568, CVE-2025-22236)
(bsc#1244570, CVE-2025-22241)
(bsc#1244571, CVE-2025-22237)
(bsc#1244572, CVE-2025-22238)
(bsc#1244574, CVE-2025-22239)
(bsc#1244575, CVE-2025-22242)
* Request server hardening
* Prevent traversal in local_cache::save_minions
* Add test and fix for file_recv cve
* Fix traversal in gitfs find_file
* Fix traversal in salt.utils.virt
* Fix traversal in pub_ret
* Reasonable failures when pillars timeout
* Make send_req_async wait longer
* Remove token to prevent decoding errors
* Fix checking of non-url style git remotes
* Allow subdirs in GitFS find_file check
- Add subsystem filter to udev.exportdb (bsc#1236621)
- tornado.httputil: raise errors instead of logging in
multipart/form-data parsing (CVE-2025-47287, bsc#1243268)
- Fix Ubuntu 24.04 edge-case test failures
- Fix broken tests for Ubuntu 24.04
- Fix refresh of osrelease and related grains on Python 3.10+
- Make "salt" package to obsolete "python3-salt" package on SLE15SP7+
- Fix issue requiring proper Python flavor for dependencies and recommended package
- Added:
* fix-tests-issues-in-salt-shaker-environments-721.patch
* several-fixes-for-security-issues.patch
* fix-of-cve-2025-47287-bsc-1243268-718.patch
* add-subsystem-filter-to-udev.exportdb-bsc-1236621-71.patch
* fix-ubuntu-24.04-specific-failures-716.patch
* fix-debian-tests-715.patch
* fix-refresh-of-osrelease-and-related-grains-on-pytho.patch
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- Add python36-urllib3 provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- suse-build-key
-
- adjust UID (name + email) of SLES16 signing key with official
names. (bsc#1245223)
- suse-module-tools
-
- Update to version 15.3.19:
* add blacklist entry for reiserfs (jsc#PED-6167)
* Add more modules to file system blacklist (jsc#PED-6167)
* Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632)
* Enable f2fs (bsc#1184415)
- systemd-presets-branding-SMO
-
- Enable sysstat_collect.timer and sysstat_summary.timer.
Bugs: bsc#1244553 / bsc#1246835
- Modified sources:
* 50-default-SUSE_MicroOS.preset
- vim
-
- Refresh patch:
* vim-8.2.2411-globalvimrc.patch
- Add patch:
* reorder-exit-raw-mode.patch
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
- xen
-
- bsc#1246112, bsc#1238896 - VUL-0: xen: More AMD transient
execution attack (XSA-471)
xsa471-01.patch
xsa471-02.patch
xsa471-03.patch
xsa471-04.patch
xsa471-05.patch
xsa471-06.patch
xsa471-07.patch
xsa471-08.patch
xsa471-09.patch
xsa471-10.patch
xsa471-11.patch
xsa471-12.patch
xsa471-13.patch
xsa471-14.patch
xsa471-15.patch
xsa471-16.patch
xsa471-17.patch
xsa471-18.patch
xsa471-19.patch
xsa471-20.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
xsa470.patch
- zypper
-
- Fix addrepo to handle explicit --check and --no-check requests
(bsc#1246466)
- Accept "show" as alias for "info" (bsc#1245985)
- version 1.14.93
- sh: Reset solver options after command (bsc#1245496)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
- version 1.14.92
- BuildRequires: libzypp-devel >= 17.37.6.
Enhancements regarding mirror handling during repo refresh. Adapt
to libzypp API changes. (bsc#1230267)
- version 1.14.91