sle-micro-5-3-byos-v20250130-x86-64 Package Source Changes

000release-packages:SLE-Micro-release

n/a

cloud-regionsrv-client

- Update to 10.3.11 (bsc#1234050)
  + Send registration code for the extensions, not only base product

- Update to 10.3.8 (bsc#1233333)
  + Fix the package requirements for cloud-regionsrv-client
  + Follow changes to suseconnect error reporting from stdout to stderr

containerd

- Update to containerd v1.7.23. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.22. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

cryptsetup

- luksFormat succeeds despite creating corrupt device [bsc#1234273]
  * Add a better warning if luksFormat ends with image without any space for data.
  * Print warning early if LUKS container is too small for activation.
  * Add patches:
  - cryptsetup-Add-a-better-warning-if-luksFormat-no-space-for-data.patch
  - cryptsetup-Print-warning-early-if-LUKS-container-is-too-small-for-activation.patch

kernel-default

- ovl: Filter invalid inodes with missing lookup function
  (bsc#1235035 CVE-2024-56570).
- commit 54169ab

- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
  (CVE-2024-53173 bsc#1234891).
- commit f801b5b

- Bluetooth: L2CAP: do not leave dangling sk pointer on error
  in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit c461209

- idpf: trigger SW interrupt when exiting wb_on_itr mode
  (bsc#1235507).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
  (bsc#1235246).
- idpf: enable WB_ON_ITR (bsc#1235507).
- commit 3cbddc0

- smb: client: fix use-after-free of signing key (CVE-2024-53179
  bsc#1234921).
- commit 86400c7

- smb: client: fix TCP timers deadlock after rmmod (git-fixes)
  [hcarvalho: this fixes issue discussed in bsc#1233642].
- commit 3e3e1af

- smb: client: Fix use-after-free of network namespace
  (CVE-2024-53095 bsc#1233642).
  [hcarvalho: remove netfs_tracker_* related code because we don't have
  such infrastructure.]
- commit 97b2d9e

- wifi: mwifiex: Fix memcpy() field-spanning write warning in
  mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit e27d4b2

- vfio/pci: Properly hide first-in-list PCIe extended capability
  (bsc#1235004 CVE-2024-53214).
- commit f520125

- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
  rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit cf32d9d

- Bluetooth: Consolidate code around sk_alloc into a helper
  function (bsc#1235056 CVE-2024-56604).
  Refresh
  patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit 4de890e

- nilfs2: fix potential out-of-bounds memory access in
  nilfs_find_entry() (bsc#1235224 CVE-2024-56619).
- commit b3f788e

- jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220
  CVE-2024-56598).
- commit 4762f9a

- hfsplus: don't query the device logical block size multiple
  times (bsc#1235073 CVE-2024-56548).
- commit 67473c2

- wifi: ath9k: add range check for conn_rsp_epid in
  htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 747e664

- ALSA: 6fire: Release resources at card release (CVE-2024-53239
  bsc#1235054).
- commit 6995b0a

- NFSD: Prevent a potential integer overflow (CVE-2024-53146
  bsc#1234853).
- commit 79b751c

- Update
  patches.suse/tcp-Fix-use-after-free-of-nreq-in-reqsk_timer_handler.patch
  (CVE-2024-50154 bsc#1233070 CVE-2024-53206 bsc#1234960).
- commit cdf9cb8

- Update
  patches.suse/media-s5p_cec-limit-msg.len-to-CEC_MAX_MSG_SIZE.patch
  (git-fixes CVE-2022-49035 bsc#1215304).
- commit d91bb81

- x86/xen: use new hypercall functions instead of hypercall page
  (XSA-466 CVE-2024-53241 bsc#1234282).
- commit 439afbb

- x86/xen: add central hypercall functions (XSA-466 CVE-2024-53241
  bsc#1234282).
- commit 1784c5e

- x86/xen: don't do PV iret hypercall through hypercall page
  (XSA-466 CVE-2024-53241 bsc#1234282).
- commit 9f17f93

- x86/static-call: provide a way to do very early static-call
  updates (XSA-466 CVE-2024-53241 bsc#1234282).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit 2e422a6

- objtool/x86: allow syscall instruction (XSA-466 CVE-2024-53241
  bsc#1234282).
- commit 1f61d5b

- x86: make get_cpu_vendor() accessible from Xen code (XSA-466
  CVE-2024-53241 bsc#1234282).
- commit 4d90703

- xen/netfront: fix crash when removing device (XSA-465
  CVE-2024-53240 bsc#1234281).
- commit f11b367

- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
  (git-fixes, bsc#1230697, CVE-2024-8805).
- commit cddc976

- Update
  patches.suse/initramfs-avoid-filename-buffer-overrun.patch
  (CVE-2024-53142 bsc#1232436).
- commit 14f79ec

- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- commit fe5d084

libzypp

- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)

python-Jinja2

- Add security patch CVE-2024-56326.patch (bsc#1234809)

rsync

- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
  * Added rsync-fix-FLAG_GOT_DIR_FLIST.patch

- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
  * Added rsync-CVE-2024-12747.patch

- Security update, fix multiple vulnerabilities:
  * CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
  * CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
  * CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
  * CVE-2024-12088, bsc#1234104 - --safe-links Bypass
  * Added rsync-CVE-2024-12085.patch
  * Added rsync-CVE-2024-12086_01.patch
  * Added rsync-CVE-2024-12086_02.patch
  * Added rsync-CVE-2024-12086_03.patch
  * Added rsync-CVE-2024-12086_04.patch
  * Added rsync-CVE-2024-12087_01.patch
  * Added rsync-CVE-2024-12087_02.patch
  * Added rsync-CVE-2024-12088.patch
  * Added rsync-fix-compile-missing-my_alloc_ref.patch

zypper

- info: Allow to query a specific version (jsc#PED-11268)
  To query for a specific version simply append "-<version>" or
  "-<version>-<release>" to the "<name>" pattern. Note that the
  edition part must always match exactly.
- version 1.14.79