- SUSEConnect
-
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- ceph
-
- Update to version 12.2.13-706-gff66d09906:
+ rgw: Replace COMPLETE_MULTIPART_MAX_LEN with configurable rgw_max_put_param_size
(bsc#1180509)
- crmsh
-
- Update to version 3.0.4+git.1609987393.8fcf1c5f:
* Fix: utils: skip if no netmask in the result of ip -o addr show(bsc#1180421)
* Fix: bootstrap: add /etc/modules-load.d/watchdog.conf into csync.cfg(bsc#1180424)
* Low: bootstrap: make invoke return specific error(bsc#1177023)
* Fix: bootstrap: Refactor join_lock.py for more generic using purpose(bsc#1180149)
* Dev: bootstrap: use ping to test host is reachable before joining
* Low: bootstrap: check cluster was running on init node
- Use utils.mkdirp instead of mkdir command(bsc#1179999)(CVE-2020-35459); Add patch:
* 0001-Fix-history-use-utils.mkdirp-instead-of-system-mkdir.patch
- Update to version 3.0.4+git.1607490926.e492f845:
* Fix: bootstrap: use class JoinLock to manage lock in parallel join(bsc#1175976)
* Low: bootstrap: minor change for _get_sbd_device_interactive function(bsc#1178333)
- cups
-
- cups-1.7.5-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-1.7.5-CVE-2019-8842.patc fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- curl
-
- Update curl-CVE-2020-8284.patch [bsc#1179398, CVE-2020-8284]
- Apply "/curl-CVE-2020-8284.patch"/ to enable --ftp-skip-pasv-ip by
default. This change fixes a security issue where a malicious FTP
server was able to use the `PASV` response to trick curl into
connecting back to a given IP address and port, and this way
potentially make curl extract information about services that are
otherwise private and not disclosed, doing port scanning and
service banner extractions. If curl operated on a URL provided by
a user (which by all means is an unwise setup), a user was able
to exploit that and pass in a URL to a malicious FTP server
instance without needing any server breach to perform the attack.
[CVE-2020-8284, bsc#1179398]
- Security fix: [bsc#1179399, CVE-2020-8285]
* FTP wildcard stack overflow: The wc_statemach() internal
function has been rewritten to use an ordinary loop instead of
the recursive approach.
- Add curl-CVE-2020-8285.patch
- Security fix: [bsc#1175109, CVE-2020-8231]
* An application that performs multiple requests with libcurl's
multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in
rare circumstances experience that when subsequently using the
setup connect-only transfer, libcurl will pick and use the wrong
connection and instead pick another one the application has
created since then.
- Add curl-CVE-2020-8231.patch
- cyrus-sasl
-
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
has an out-of-bounds write leading to unauthenticated remote
denial-of-service in OpenLDAP via a malformed LDAP packet
o apply upstream patch
- 0001-Fix-587.patch
- fence-agents
-
- L3-Question: fence_vmware_soap no longer works after update
ref:_00D1igLOd._5001iRVaF7:ref (bsc#1175506)
Apply upstream patch:
* 0001-fence_vmware_soap-fix-for-selfsigned-certificate.patch
- google-guest-agent
-
- Update to version 20201102.00 (bsc#1179031, bsc#1179032)
* Only attempt to connect to snapshot service once (#88)
- google-guest-oslogin
-
- Update to version 20200925.00 (bsc#1179031, bsc#1179032)
* add getpwnam,getpwuid,getgrnam,getgrgid (#42)
* Change requires to not require the python library for policycoreutils. (#44)
* add dial and recvline (#41)
* PR feedback
* new client component and tests
- hawk2
-
- Update to version 2.5:
* Improve further mechanism of controllers to system commands.
* drop patch 0001-Improve-controllers.patch since merged upstream
(CVE-2020-35458)
- Update to version 2.4.0+git.1607523195.05cd3222:
* fix bsc#1179998. Handle better input on app controllers (CVE-2020-35458)
- Update to version 2.3.0+git.1607523195.05cd3222:
* reduce CPU usage (fix bsc#1179651)
* improve the way we disable TLS and use sysconfig vars(bsc#1179841)
* simplify puma config file
- java-1_7_1-ibm
-
- Update to Java 7.1 Service Refresh 4 Fix Pack 75 [bsc#1180063, bsc#1177943]
CVE-2020-14792 CVE-2020-14797 CVE-2020-14782 CVE-2020-14781
CVE-2020-14779 CVE-2020-14798 CVE-2020-14796 CVE-2020-14803
* Class Libraries:
- Z/OS specific C function send_file is changing the file pointer position
* Security:
- Add the new oracle signer certificate
- Certificate parsing error
- JVM memory growth can be caused by the IBMPKCS11IMPL crypto provider
- Remove check for websphere signed jars
- sessionid.hashcode generates too many collisions
- The Java 8 IBM certpath provider does not honor the user
specified system property for CLR connect timeout
- kdump
-
- kdump-fix-multipath-user_friendly_names.patch: Update references
(bsc#1111207, LTC#171953, bsc#1125218, LTC#175465, bsc#1153601).
- kdump-remove-console-hvc0-from-commandline.patch: remove
console=hvc0 from commandline (bsc#1173914).
- kdump-set-serial-console-from-Xen-cmdline.patch: set serial
console from Xen cmdline (bsc#1173914).
- kdump-Remove-noefi-and-acpi_rsdp-for-EFI-firmware.patch: Remove
noefi and acpi_rsdp for EFI firmware (bsc#1123940, bsc#1170336).
- kdump-Add-skip_balance-option-to-BTRFS-mounts.patch: Add
skip_balance option to BTRFS mounts (bsc#1108255).
- kdump-do-not-add-rd.neednet.patch: Do not add 'rd.neednet=1' to
dracut command line (bsc#1177196).
- libnl3
-
- Add libnl3-fix-ipv6-privacy-extension.patch: fix ipv6 privacy
extension of NetworkManager not working by backporting these 3
commits (bsc#1025043):
42c41336000e ("/add support for IFA_FLAGS nl attribute"/)
dcc0baac020e ("/addr: add address flag IFA_F_MANAGETEMPADDR"/)
b203c89d862a ("/addr: add address flag IFA_F_NOPREFIXROUTE"/)
- libxml2
-
- Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- libyajl
-
- fix popd syntax, new bash doesn't like it anymore
- libyui-qt
-
- Prevent segfault if an open dialog is left over:
Don't do anything widget related after the QApplication is
destroyed, in particular not deleting other widgets, even if
indirectly via YDialog::deleteAllDialogs() in YUI.
(bsc#1074596, bsc#1077991)
- 2.47.1.1
- Fix crash when shutting down the UI (gh#libyui-libyui-qt#41, bsc#931762)
- Fix a problem with hanging UI
- 2.47.1
- Add handler for Shift-F1 to show advanced keyboard shortcuts (bsc#1010039)
- 2.47.0
- Add support for @import directive in QSS
(related to bsc#768112 and bsc#780621)
- 2.46.30
- Rename Y2COLORMODE to Y2ALTSTYLE for consistency
(related to bsc#768112 and bsc#780621)
- 2.46.29
- Rename Y2HIGHCONTRAST environment variable to Y2COLORMODE
- Use 'alternate' instead of 'high-contrast'
- Load default style sheet if alternate style sheet does not exist
- All these changes are related to bsc#768112 and bsc#780621
- 2.46.28
- Fix high-contrast support (bsc#76811 and related to bsc#780621)
- 2.46.27
- Fix compilation with Qt 5.7 by using non-deprecated classes
(boo#1001141).
- Force showing widgets that were added after opening a dialog
(bsc#998593)
- Deliver timeout events only if the delivering dialog is still
the topmost (can only happen with Ctrl-Shift-Alt key combos)
- 2.46.25
- Do not append new line when content of log view do not change
(bnc#989155)
- 2.46.24
- Now Yast requests the focus to the window manager when running
fullscreen instead of relying on the window manager focus policy
(bsc#974627)
- 2.46.23
- Show help in wizard widget upon F1 and Alt-H (bnc#973389)
- 2.46.22
- fixed styling for the release notes dialog content (bsc#947167)
- 2.46.21
- Reorganized git for easier tarball creation:
- RPM spec files are kept in git verbatim, not as templates
- no longer call PREP_SPEC_FILES in CMakeLists.common
- No functional change but version bumped to push the package
down the pipeline (boo#946079).
- Handle QtInfoMsg value in switch; fixes build with Qt 5.5
(H Senjan, boo#942101).
- so-version bumped to match the main library.
- 2.46.19
- fixed styling for non-Wizard dialogues (bnc#925882)
- allow styling of the YQMainWinDock object (the main non-Wizard
window)
- the stylesheet editor (Ctrl+Shift+Alt+s) also works for
non-Wizard dialogues now
- 2.46.18
- fix layout of Help and Release Notes buttons (bsc#916814)
(credits to tgoettlicher)
- 2.46.17
- include Help and Release notes buttons in keyboard shortcut
resolution (bsc#880983)
- 2.46.16
- added keyboard shortcuts to Help and Release Notes buttons
(bnc#880983)
- 2.46.15
- added QT-specific dialog for displaying release notes
- Fixed building with cmake 3.1 (PREFIX in spec, boo#911875).
- 2.46.14
- libzypp
-
- RepoManager: Carefully tidy up the caches. Remove non-directory
entries. (bsc#1178966)
- version 16.21.4 (0)
- ZYPP_MEDIA_CURL_DEBUG logs full Authorization: header (bsc#1174215)
The Authorization: header may include base64 encoded credentials
which could be restored from the log file. The credentials are
now stripped from the log.
- version 16.21.3 (0)
- logrotate
-
- Fix false alarm when using su and compress (bsc#1179189)
Applies commit 15a768b340d1010e22955ace518425cdb13bba5f
* Added patch logrotate-3.11.0-false-alarm-for-su-compress.patch
- makedumpfile
-
- makedumpfile-x86_64-xen-vtop.patch: Update references
(bsc#1014136, bsc#1068694, bsc#1162279).
- makedumpfile-vaddr_to_paddr_x86_64-Xen-fix.patch: Fix
vaddr_to_paddr_x86_64 under Xen (bsc#1116830).
- makedumpfile-x86_64-xen-vtop.patch: Remove a hunk that breaks
Xen dumps (bsc#1116830).
- mutt
-
- Add patch mutt-colon.patch for bsc#1181221
CVE-2021-3181: mutt: recipient parsing memory leak
This patch combines three smaller commits
- Add a further correction in patch nofreeze-c72f740a.patch for
external bodies as well (boo#1179461)
- openldap2-client
-
- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues
where openldap would crash due to malformed inputs.
* patch: 0207-ITS-9383-remove-assert-in-certificateListValidate.patch
* patch: 0208-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
- openssh
-
- Add openssh-CVE-2020-14145-information-leak.patch
(CVE-2020-14145, bsc#1173513). This partially mitigates a
potential information leak during host key exchange that could
be exploited by a man-in-the-middle attacker.
- pam-modules
-
- The fail delay is fixed and annoying. The relevant code sections
from factory are backported here. There is not patch as the
file with the offending code resides in the top level directory.
[unix2_chkpw.c, bsc#1070595]
- python-urllib3
-
- Add CVE-2020-26116-CRLF-injection.patch which raises ValueError
if method contains control characters and thus prevents CRLF
injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,
gh#urllib3/urllib3#1800).
- python3
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python3-base
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- sudo
-
- Fix Heap-based buffer overflow in Sudo [bsc#1181090,CVE-2021-3156]
* sudo-CVE-2021-3156.patch
- Possible Dir Existence Test due to Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
* sudo-CVE-2021-23239.patch
- Possible Symlink Attack in SELinux Context in `sudoedit` [bsc#1180685,
CVE-2021-23240]
* sudo-CVE-2021-23240.patch
- User Could Enable Debug Settings not Intended for it [bsc#1180687]
* sudo-fix-bsc-1180687.patch
- timezone
-
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- xen
-
- bsc#1179496 - VUL-0: CVE-2020-29480: xen: xenstore: watch
notifications lacking permission checks (XSA-115)
xsa115-1.patch
xsa115-2.patch
xsa115-3.patch
xsa115-4.patch
xsa115-5.patch
xsa115-6.patch
xsa115-7.patch
xsa115-8.patch
xsa115-9.patch
xsa115-10.patch
- bsc#1179498 - VUL-0: CVE-2020-29481: xen: xenstore: new domains
inheriting existing node permissions (XSA-322)
xsa322.patch
- bsc#1179501 - VUL-0: CVE-2020-29484: xen: xenstore: guests can
crash xenstored via watchs (XSA-324)
xsa324.patch
- bsc#1179502 - VUL-0: CVE-2020-29483: xen: xenstore: guests can
disturb domain cleanup (XSA-325)
xsa325.patch
- bsc#1179506 - VUL-0: CVE-2020-29566: xen: undue recursion in x86
HVM context switch code (XSA-348)
xsa348.patch
- bsc#1179514 - VUL-0: CVE-2020-29570: xen: FIFO event channels
control block related ordering (XSA-358)
xsa358.patch
- bsc#1179516 - VUL-0: CVE-2020-29571: xen: FIFO event channels
control structure ordering (XSA-359)
xsa359.patch
- Upstream bug fixes (bsc#1027519)
5f76caaf-evtchn-FIFO-use-stable-fields.patch
5faa974f-evtchn-rework-per-channel-lock.patch
5fbcdf2e-evtchn-FIFO-access-last.patch
5fc4ee23-evtchn-FIFO-queue-locking.patch
- bsc#1176782 - L3: xl dump-core shows missing nr_pages during
core. If maxmem and current are the same the issue doesn't happen
5fca3b32-tools-libs-ctrl-fix-dumping-of-ballooned-guest.patch
- bsc#1179477 - VUL-0: CVE-2020-29130: xen: out-of-bounds access
while processing ARP packets
CVE-2020-29130-qemut-out-of-bounds-access-while-processing-ARP-packets.patch
- yast2-cluster
-
- bsc#1180424, add watchdog.conf to csync2 default list
- Version 3.4.2
- zypper
-
- Fix typo in list-patches help (bsc#1178925)
- version 1.13.58