- SUSEConnect
-
- Update to 0.3.29
- replace env ruby path with native ruby path during build phase
- bind
-
- Updated named.root (aka /var/lib/named/root.hint) to the newest
version available at ftp://FTP.INTERNIC.NET/domain/named.cache
[named.root, bsc#1181372]
- Each subpackage which has the sonum in its name now Provides:
its basename:
libbind9, libdns, libirs, libisccc, libisccfg, liblwres
and Obsoletes: any previous version, so when thas package is
upgraded, the old version can be easily removed.
[bind.spec]
- cups
-
- cups-1.7.5-CVE-2020-10001.patch fixes CVE-2020-10001
access to uninitialized buffer in ipp.c (bsc#1180520)
- cups-1.7.5-CVE-2019-8842.patc fixes CVE-2019-8842 (bsc#1170671)
the ippReadIO function may under-read an extension field
- cyrus-sasl
-
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
has an out-of-bounds write leading to unauthenticated remote
denial-of-service in OpenLDAP via a malformed LDAP packet
o apply upstream patch
- 0001-Fix-587.patch
- google-guest-agent
-
- Update to version 20201102.00 (bsc#1179031, bsc#1179032)
* Only attempt to connect to snapshot service once (#88)
- google-guest-oslogin
-
- Update to version 20200925.00 (bsc#1179031, bsc#1179032)
* add getpwnam,getpwuid,getgrnam,getgrgid (#42)
* Change requires to not require the python library for policycoreutils. (#44)
* add dial and recvline (#41)
* PR feedback
* new client component and tests
- libnl3
-
- Add libnl3-fix-ipv6-privacy-extension.patch: fix ipv6 privacy
extension of NetworkManager not working by backporting these 3
commits (bsc#1025043):
42c41336000e ("/add support for IFA_FLAGS nl attribute"/)
dcc0baac020e ("/addr: add address flag IFA_F_MANAGETEMPADDR"/)
b203c89d862a ("/addr: add address flag IFA_F_NOPREFIXROUTE"/)
- libxml2
-
- Avoid quadratic checking of identity-constraints: [bsc#1178823]
* key/unique/keyref schema attributes currently use qudratic loops
to check their various constraints (that keys are unique and that
keyrefs refer to existing keys).
* This fix uses a hash table to avoid the quadratic behaviour.
- Add libxml2-Avoid-quadratic-checking-of-identity-constraints.patch
- libzypp
-
- RepoManager: Carefully tidy up the caches. Remove non-directory
entries. (bsc#1178966)
- version 16.21.4 (0)
- ZYPP_MEDIA_CURL_DEBUG logs full Authorization: header (bsc#1174215)
The Authorization: header may include base64 encoded credentials
which could be restored from the log file. The credentials are
now stripped from the log.
- version 16.21.3 (0)
- logrotate
-
- Fix false alarm when using su and compress (bsc#1179189)
Applies commit 15a768b340d1010e22955ace518425cdb13bba5f
* Added patch logrotate-3.11.0-false-alarm-for-su-compress.patch
- lvm2
-
- pvmove destination LV always has KRahead=0 (bsc#1179326)
+ bug-1179326_pvmove-correcting-read_ahead-setting.patch
- in %postun, disable restart blk-availability.service & lvm2-monitor.service
- openldap2-client
-
- bsc#1178909 CVE-2020-25709 CVE-2020-25710 - Resolves two issues
where openldap would crash due to malformed inputs.
* patch: 0207-ITS-9383-remove-assert-in-certificateListValidate.patch
* patch: 0208-ITS-9384-remove-assert-in-obsolete-csnNormalize23.patch
- openssh
-
- Add openssh-bsc1148566-scp-handle-quotes-while-checking-filenames-from-serv.patch,
openssh-bsc1148566-scp-show-filename-match-patterns-in-verbose-mode.patch
(bsc#1148566). Fixes a class of false alarms due to filename
validation. Patches by Josef Cejka <jcejka@suse.com>.
- Add openssh-bsc1161684-authorizedkeyscommand-deadlock.patch
(bsc#1161684), which fixes a deadlock when AuthorizedKeysCommand
or AuthorizedPrincipalsCommand produce a lot of output and a
key is matched early.
- Add openssh-CVE-2020-14145-information-leak.patch
(CVE-2020-14145, bsc#1173513). This partially mitigates a
potential information leak during host key exchange that could
be exploited by a man-in-the-middle attacker.
- openssl-1_0_0
-
- Add declaration of BN_secure_new() needed by other packages
* add openssl-1.0.2p-declare-BN_secure_new.patch
* [bsc#1180777]
- Add FIPS key check necessary for certification.
* modified openssl-DH.patch
* [bsc#1180959]
* Fix EDIPARTYNAME NULL pointer dereference
(CVE-2020-1971, bsc#1179491)
- pam-modules
-
- The fail delay is fixed and annoying. The relevant code sections
from factory are backported here. There is not patch as the
file with the offending code resides in the top level directory.
[unix2_chkpw.c, bsc#1070595]
- parted
-
- skip probing _part devices (bsc#1137259)
+ parted-bsc1137259-fix-_part-error.patch
- python
-
- Replace bundled wheels for pip and setuptools with the updated ones
(bsc#1176262 CVE-2019-20916).
- python-base
-
- Replace bundled wheels for pip and setuptools with the updated ones
(bsc#1176262 CVE-2019-20916).
- python-urllib3
-
- Add CVE-2020-26116-CRLF-injection.patch which raises ValueError
if method contains control characters and thus prevents CRLF
injection into URLs (bsc#1177211, bpo#39603, CVE-2020-26116,
gh#urllib3/urllib3#1800).
- python3
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- python3-base
-
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- salt
-
- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Adjusted python2-cherrypy naming in salt-api. (#40)
- Added:
* revert-add-patch-support-for-allow-vendor-change-opt.patch
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Added:
* force-zyppnotify-to-prefer-packages.db-than-packages.patch
* add-patch-support-for-allow-vendor-change-option-wit.patch
- Add pkg.services_need_restart
- Bigvm backports:
virt consoles, CPU tuning and topology, and memory tuning.
- Fix for file.check_perms to work with numeric uid/gid
- Added:
* fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
* add-pkg.services_need_restart-302.patch
* opensuse-3000-bigvm-backports-300.patch
- Change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110)
- Fix syntax error on pkgrepo state with Python 2.7
- transactional_update: unify with chroot.call
- Added:
* pkgrepo-support-python-2.7-function-call-294.patch
* transactional_update-unify-with-chroot.call.patch
- Add "/migrated"/ state and GPG key management functions
- Added:
* add-migrated-state-and-gpg-key-management-functions-.patch
- Master can read grains
- Added:
* grains-master-can-read-grains.patch
- Fix for broken psutil (bsc#1102248)
- Added:
* fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch
- Fix novendorchange handling in zypperpkg module
- Added:
* fix-novendorchange-option-284.patch
- sudo
-
- Fix Heap-based buffer overflow in Sudo [bsc#1181090,CVE-2021-3156]
* sudo-CVE-2021-3156.patch
- Possible Dir Existence Test due to Race Condition in `sudoedit`
[bsc#1180684,CVE-2021-23239]
* sudo-CVE-2021-23239.patch
- Possible Symlink Attack in SELinux Context in `sudoedit` [bsc#1180685,
CVE-2021-23240]
* sudo-CVE-2021-23240.patch
- User Could Enable Debug Settings not Intended for it [bsc#1180687]
* sudo-fix-bsc-1180687.patch
- timezone
-
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- yast2-tune
-
- Backport: Fixed scheduler activation: do not activate the new
scheduler for devices which do not support it (bsc#1052770)
(backport request at bsc#1177035)
- 3.2.1
- zypper
-
- Fix typo in list-patches help (bsc#1178925)
- version 1.13.58