- 000release-packages:SL-Micro-release
-
n/a
- cockpit
-
- Update dependencies for bsc#1257324/CVE-2025-13465
- crun
-
- make sure the opened .krun_config.json is below the rootfs directory
and we don't follow any symlink. (CVE-2025-24965, bsc#1237421)
* krun-fix-CVE-2025-24965.patch
- curl
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- google-guest-configs
-
- Update to version 20260116.00 (bsc#1256906)
* set_multiqueue: Only set XPS on "multinic accelerator platforms"
- Update to version 20260112.00
* Make c4x a "multinic accelerator platform"
* Merge pull request #140 from a-r-n:xps-many-numa
* set_multiqueue xps: stop assuming 2 numa nodes
* Merge pull request #137 from a-r-n:a4x-pick
* Add IDPF irq setting; improve a4x-max performance
* Merge pull request #133 from a-r-n:master
* Allow test injection of the root directory and metadata server endpoint
* add nic naming support for connextx VF in baremetal
* bugfix for idpf only rename got skipped.
* add a4x-max to google_set_multiqueue is_multinic_accelerator_platform
* remove unnecessary link up and down
* fix inconsistent NIC index between smart NICs and GPU NICs.
- Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323)
- Update to version 20251014.00
* No public description
- Update to version 20250913.00
* Swap guest-config rule from checking the build VM OS to taking
in a variable for target version
- from version 20250905.00
* No public description
- from version 20250826.00
* Merge pull request #119 from bk202:master
* Moved tx/rx IRQ logging after assignment
* Fix core assignment in set_irq_range
* Correct IRQ tx/rx affinity core assignment
- Update to version 20250807.00
* Merge pull request #96 from rjschwei:noDupMetaData
* Avoid duplicate entries for the metadata server in /etc/hosts
- Drop ggc-no-dup-metasrv-entry.patch, merged upstream
- Update to version 20250709.00
* Add comments in scripts to document the behavior in google
hostname setting.
* Always use primary NIC IP for NetworkManager dispatcher hook.
- from version 20250626.00
* Fix spelling error: "explicilty" -> "explicitly"
- Update to version 20250605.00
* Merge pull request (#112) from bk202:liujoh_416067717
* Added comment to the bitmap conversion functions
* Remove IRQ affinity overwrite to XPS affinity
* Update XPS affinity to assign the remaining unassigned CPUs
to the last queue when populating the last queue
* Fix set_xps_affinity to correctly parse cpus array
* Update XPS CPU assignment logic
* Update CPU assignment algorithm in XPS affinity
* Remove commented code
* Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned
to a queue are on the same core - fixed IRQ affinity on NUMA1 not using
the correct bind_cores_index
* Fixed NUMA comparison error in set_xps_affinity
* Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask
calculation
- from version 20250604.00
* Merge pull request (#114) from bk202:liujoh_irq_affinity_bug_fix
* Bug fix: bind_cores_begin -> bind_cores_index
* Name smart NICs in lexicographic order
- Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0
during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade
- Check that %{_sysconfdir}/sysconfig/network/ifcfg-eth0 actually
exists before making any modifications to it (bsc#1241112)
- Update to version 20250516.00
* Merge pull request #109 from xiliuxyz:master
* Remove unused fset
* Remove unused lines
* Update google_set_multiqueue to unpack IRQ ranges before core assignment
- Update to version 20250501.00
* Configure local domain as route only domain to support cloud dns local
domain but avoid adding it to the search path.
- from version 20250409.00
* Change RDMA test condition to ensure renaming race conditions can be
detected. If such a case is detected the script will err and exit rather
than returning a name. Udev accepts this and continues as though the rule
was not triggered in such a case.
- from version 20250328.00
* Merge pull request #105 from dorileo:revert-ubuntu-hostname-hooks
* Revert "Include systemd-networkd hook in Ubuntu packaging (#77)"
- from version 20250326.00
* Merge pull request #104 from xiliuxyz:master
* Merge pull request #1 from xiliuxyz/xiliuxyz-patch-1
* Update google_set_multiqueue to check pnic_ids
- from version 20250221.00
* Merge pull request #103 from a-r-n:master
* Make google_set_multiqueue aware A4X is multinic_accelerator_platform
- from version 20250207.00
* Merge pull request #102 from xiliuxyz:master
* Update google_set_multiqueue to adapt A4 platform
* Merge branch 'GoogleCloudPlatform:master' into master
* Fix IS_A3_PLATFORM syntax
* Fix IS_A3_PLATFORM syntax
* Correct IS_A3_PLATFORM to save is_a3_platform results
* Remove excess empty line.
* Store is_a3_platform results into a global variable to avoid redundant curl calls
* Skip tx affinity binding on non-gvnic interfaces only on A3 platforms.
* Skip tx affinity binding on non-gvnic interfaces
* Update comments for get_vcpu_ranges_on_accelerator_platform
to reflect the expected vcpu ranges
* rename get_vcpu_ranges to get_vcpu_ranges_on_accelerator_platform
* Avoid IRQ binding on vCPU 0
* Fix returned value for get_vcpu_ranges
* Update get_vcpu_ranges to read from sys file instead of hardcoded value
* Update google_set_multiqueue
* Update google_set_multiqueue to set vCPU ranges based on platform
* Merge branch 'GoogleCloudPlatform:master' into master
* Add comment for handling IRQ binding on non-gvnic devices
* Remove excess empty line.
* Update is_gvnic to include gvnic driver checks
* Merge branch 'master' into master
* revert removed echo lines
* Update google_set_multiqueue to skip set_irq if nic is not a gvnic device.
* Update google_set_multiqueue to enable on A3Ultra family
- from version 20250124.00
* Merge pull request #88 from zmarano:nvme
* Fix missing files. This is a no-op.
* No public description
* Also force virtio_scsi.
- from version 20250116.00
* Add GPL-2 to licensing information (#98)
- from version 20250107.00
* Restore IDPF devices for renaming rules (#95)
- from version 20241213.00
* Remove Pat from owners file. (#97)
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
- curl:mini
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- expat
-
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libsolv
-
- fixed rare crash in the handling of allowuninstall in combination
with forcebest updates
- new pool_satisfieddep_map feature to test if a set of packages
satisfies a dependency
- bump version to 0.7.35
- libxml2
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libzypp
-
- Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros.
See the ZYPP.CONF(5) man page for details.
- Fix runtime check for broken rpm --runposttrans (bsc#1257068)
- version 17.38.2 (35)
- Avoid libcurl-mini4 when building as it does not support ftp
protocol.
- Translation: updated .pot file.
- version 17.38.1 (35)
- zypp.conf: follow the UAPI configuration file specification
(PED-14658)
In short terms it means we will no longer ship an
/etc/zypp/zypp.conf, but store our own defaults in
/usr/etc/zypp/zypp.conf. The systems administrator may choose to
keep a full copy in /etc/zypp/zypp.conf ignoring our config file
settings completely, or - the preferred way - to overwrite
specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files.
See the ZYPP.CONF(5) man page for details.
- cmake: correctly detect rpm6 (fixes #689)
- Use 'zypp.tmp' as temp directory component to ease setting up
SELinux policies (bsc#1249435)
- zyppng: Update Provider to current MediaCurl2 download
approach, drop Metalink ( fixes #682 )
- version 17.38.0 (35)
- podman
-
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- libxml2:python
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python-urllib3
-
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
- suseconnect-ng
-
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- util-linux:systemd
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).