- release-notes-sles
-
- 12.5.20250211 (tracked in bsc#933411)
- Improveed wording (bsc#1233970)
- Fixed lifecycle information with proper version
- 12.5.20250129 (tracked in bsc#933411)
- Fixed lifecycle information (bsc#1236534)
- python-instance-billing-flavor-check
-
- Update to version 1.0.0 (jsc#PCT-531)
+ API incompatibility: The check_payg_byos function no longer exits, it now
returns a tuple of (flavor, exit_code). This makes the function reusable.
+ Update the build setup to work with the system interpreter of
upcoming SLE releases. SLE 12 stays with the Python 3.4 interpreter
and SLE 15 with the Python 3.6 interpreter.
- Version 0.1.2 (bsc#1234444)
+ Improve detection of IPv4 and IPv6 network setup and use appropriate
IP version for access the update servers
+ Improve reliability of flavor detection. Try an update server multiple
times to get an answer, if we hit timeouts return the value flavor
value from a cache file.
- Version 0.1.1 (bsc#1235991, bsc#1235992)
+ Add time stamp to log
- From version 0.1.0
+ Doc improvements clarifying exit staus codes
- libX11
-
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
- krb5
-
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0017-Prevent-overflow-when-calculating-ulog-block-size.patch
- libtasn1
-
- Security fix: [bsc#1236878, CVE-2024-12133]
* Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
* Add libtasn1-CVE-2024-12133.patch
- google-osconfig-agent
-
- Add patch to fix unexpected memory consumption during token
parsing in golang.org/x/oauth2 (bsc#1239197, CVE-2025-22868)
* CVE-2025-22868.patch
- Add patch to fix vulnerability when creating log files
* CVE-2024-45339.patch (bsc#1236560, CVE-2024-45339)
- Update to version 20250115.01 (bsc#1236406, bsc#1236407)
* Bump cloud.google.com/go/osconfig from 1.14.2 to 1.14.3 (#772)
- from version 20250115.00
* Bump cloud.google.com/go/auth from 0.10.2 to 0.14.0 (#767)
* Bump go.opentelemetry.io/otel from 1.32.0 to 1.33.0 (#771)
* Bump google.golang.org/protobuf from 1.35.1 to 1.36.2 (#763)
- from version 20250114.00
* Bump golang.org/x/time from 0.8.0 to 0.9.0 (#770)
- from version 20250113.01
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.5 to 0.2.7 (#766)
- from version 20250113.00
* Bump golang.org/x/net from 0.31.0 to 0.34.0 (#769)
- from version 20250110.00
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in the go_modules group (#760)
* Bump cloud.google.com/go/longrunning from 0.6.2 to 0.6.3 (#744)
- from version 20241218.00
* Scanners fixes (#720)
* Bump cloud.google.com/go/storage from 1.46.0 to 1.47.0 (#736)
* Bump go.opentelemetry.io/contrib/detectors/gcp from 1.29.0 to 1.32.0 (#730)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#738)
* Bump golang.org/x/net from 0.30.0 to 0.31.0 (#731)
- from version 20241118.01
* Bump github.com/googleapis/gax-go/v2 from 2.13.0 to 2.14.0 (#737)
- from version 20241118.00
* move example to appropriate directory (#740)
- from version 20241115.00
* Replace sles-15-sp3-sap old deprecated image in e2e tests (#739)
* Bump golang.org/x/time from 0.7.0 to 0.8.0 (#734)
- from version 20241114.03
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp (#735)
- from version 20241114.02
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#729)
- from version 20241114.01
* Remove SLES-15-SP2-SAP from e2e tests and add the new SLES-15-SP6 (#733)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#728)
* Bump go.opentelemetry.io/otel/sdk/metric from 1.30.0 to 1.32.0 (#727)
- from version 20241114.00
* Add example to run exec script from the gcs bucket (#732)
* Bump cel.dev/expr from 0.16.1 to 0.18.0 (#723)
- from version 20241112.00
* Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#722)
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric (#721)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#725)
* Bump github.com/golang/glog from 1.2.2 to 1.2.3 (#715)
* Bump google.golang.org/api from 0.203.0 to 0.205.0 (#716)
- from version 20241107.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.0 to 0.13.1 (#717)
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping (#718)
* Bump cloud.google.com/go/auth from 0.10.0 to 0.10.1 (#719)
- from version 20241107.00
* Bump cloud.google.com/go/logging from 1.11.0 to 1.12.0 (#709)
* Bump cloud.google.com/go/iam from 1.2.1 to 1.2.2 (#710)
* Bump cloud.google.com/go/storage from 1.43.0 to 1.46.0 (#713)
* Bump cloud.google.com/go/osconfig from 1.14.1 to 1.14.2 (#708)
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.4 to 0.2.5 (#712)
- from version 20241106.00
* Update OWNERS (#714)
- from version 20241029.01
* remove toolchain override (#706)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#701)
- from version 20241029.00
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#702)
- from version 20241028.00
* Bump cloud.google.com/go/longrunning from 0.6.0 to 0.6.2 (#705)
- from version 20241017.00
* Add a new CloudBuild trigger config-file for auto updating the
presubmit test container image on every new commit (#704)
- from version 20241004.00
* Add new packagebuild presubmit that will use cloud-build (#694)
- from version 20240927.00
* Third batch of dependencies upgrade (#690)
- Bump the golang compiler version to 1.22.4 (bsc#1225974, CVE-2024-24790)
- grub2
-
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
* 0001-autofs-Ignore-zfs-not-found.patch
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- vim
-
- 9.1.1101 is a fix for:
bsc#1229685 (CVE-2024-43790)
bsc#1229822 (CVE-2024-43802)
bsc#1230078 (CVE-2024-45306)
bsc#1235695 (CVE-2025-22134)
bsc#1236151 (CVE-2025-24014)
bsc#1237137 (CVE-2025-1215)
- Remove obsoleted patch:
* vim-7.3-mktemp_tutor.patch
- update to 9.1.1101
* insexpand.c hard to read
* tests: Test_log_nonexistent only works on Linux
* Update base-syntax, improve variable matching
* Vim9: import with extends may crash
* leaking memory with completing multi lines
* --log with non-existent path causes a crash
* if_perl: Perl 5.38 adds new symbols causing link failure
* tests: matchparen plugin test wrongly named
* Vim9: problem finding implemented method in type hierarchy
* runtime(qf): Update syntax file, match second delimiter
* tests: output of test ...win32_ctrl_z depends on python version
* tests: fix expected return code for python 3.13 on Windows
* tests: timeout might be a bit too small
* tests: test_terminwscroll_topline2 unreliable
* tests: No check when tests are run under Github actions
* tests: plugin tests are named inconsistently
* Vim9: import with extends may crash
* completion doesn't work with multi lines
* filetype: cmmt files are not recognized
* Unable to persistently ignore events in a window and its buffers
* improve syntax highlighting
* setreg() doesn't correctly handle mbyte chars in blockwise mode
* unexpected DCS responses may cause out of bounds reads
* has('bsd') is true for GNU/Hurd
* filetype: Mill files are not recognized
* GUI late startup leads to uninitialized scrollbars
* Add support for lz4 to tar & gzip plugin
* Terminal ansi colors off by one after tgc reset
* included syntax items do not understand contains=TOP
* vim_strnchr() is strange and unnecessary
* Vim9: len variable not used in compile_load()
* runtime(vim): Update base-syntax, match :debuggreedy count prefix
* Strange error when heredoc marker starts with "trim"
* tests: test_compiler fails on Windows without Maven
* 'diffopt' "linematch" cannot be used with {n} less than 10
* args missing after failing to redefine a function
* Cannot control cursor positioning of getchar()
* preinsert text completions not deleted with <C-W>/<C-U>
* getchar() can't distinguish between C-I and Tab
* tests: Test_termwinscroll_topline2 fails on MacOS
* heap-use-after-free and stack-use-after-scope with :14verbose
* no digraph for "Approaches the limit"
* not possible to use plural forms with gettext()
* too many strlen() calls in userfunc.c
* terminal: E315 when dragging the terminal with the mouse
* runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor()
* runtime(doc): Tweak documentation style a bit
* tests: test_glvs fails when unarchiver not available
* Vim always enables 'termguicolors' in a terminal
* completion: input text deleted with preinsert when adding leader
* translation(sr): Missing Serbian translation for the tutor
* Superfluous cleanup steps in test_ins_complete.vim
* runtime(netrw): correct wrong version check
* Vim doesn't highlight to be inserted text when completing
* runtime(netrw): upstream snapshot of v176
* runtime(dist/vim9): fix regressions in dist#vim9#Open
* runtime(hyprlang): fix string recognition
* make install fails because of a missing dependency
* runtime(asm): add byte directives to syntax script
* Vim doesn't work well with TERM=xterm-direct
* runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection
* runtime: decouple Open and Launch commands and gx mapping from netrw
* "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
* runtime(just): fix typo in syntax file
* runtime(filetype): Improve Verilog detection by checking for modules definition
* tests: off-by-one error in CheckCWD in test_debugger.vim
* tests: no support for env variables when running Vim in terminal
* too many strlen() calls in os_unix.c
* insert-completed items are always sorted
* crash after scrolling and pasting in silent Ex mode
* Makefiles uses non-portable syntax
* fuzzymatching doesn't prefer matching camelcase
* filetype: N-Tripels and TriG files are not recognized
* Vim9: Patch 9.1.1014 causes regressions
* translation(sr): Update Serbian messages translation
- updade to 9.1.1043
* [security]: segfault in win_line()
* update helptags
* filetype: just files are not recognized
* Update base-syntax, match ternary and falsy operators
* Vim9: out-of-bound access when echoing an enum
* Vim9: imported type cannot be used as func return type
* runtime(kconfig): updated ftplugin and syntax script
* runtime(doc): rename last t_BG reference to t_RB
* Vim9: comments are outdated
* tests: test_channel.py fails with IPv6
* runtime(vim): Update base-syntax, fix is/isnot operator matching
* Vim9: confusing error when using abstract method via super
* make install fails when using shadowdir
* Vim9: memory leak with blob2str()
* runtime(tex): add texEmphStyle to texMatchGroup in syntax script
* runtime(netrw): upstream snapshot of v175
* Vim9: compiling abstract method fails without return
* runtime(c): add new constexpr keyword to syntax file (C23)
* tests: shaderslang was removed from test_filetype erroneously
* link error when FEAT_SPELL not defined
* Coverity complains about insecure data handling
* runtime(sh): update syntax script
* runtime(c): Add missing syntax test files
* filetype: setting bash filetype is backwards incompatible
* runtime(c): Update syntax and ftplugin files
* the installer can be improved
* too many strlen() calls in screen.c
* no sanitize check when running linematch
* filetype: swc configuration files are not recognized
* runtime(netrw): change netrw maintainer
* wrong return type of blob2str()
* blob2str/str2blob() do not support list of strings
* runtime(doc): fix typo in usr_02.txt
* Coverity complains about dereferencing NULL pointer
* linematch option value not completed
* string might be used without a trailing NUL
* no way to get current selected item in a async context
* filetype: fd ignore files are not recognized
* v9.1.0743 causes regression with diff mode
* runtime(doc): fix base64 encode/decode examples
* Vim9: Patch 9.1.1013 causes a few problems
* Not possible to convert string2blob and blob2string
* Coverity complains about dereferencing NULL value
* Vim9: variable not found in transitive import
* runtime(colors): Update colorschemes, include new unokai colorscheme
* Vim9: Regression caused by patch v9.1.0646
* runtime(lyrics): support milliseconds in syntax script
* runtime(vim): Split Vim legacy and Vim9 script indent tests
* Vim9: class interface inheritance not correctly working
* popupmenu internal error with some abbr in completion item
* filetype: VisualCode setting file not recognized
* diff feature can be improved
* tests: test for patch 9.1.1006 doesn't fail without the patch
* filetype: various ignore are not recognized
* tests: Load screendump files with "git vimdumps"
* PmenuMatch completion highlight can be combined
* completion text is highlighted even with no pattern found
* tests: a few termdebug tests are flaky
* [security]: heap-buffer-overflow with visual mode
* runtime(doc): add package-<name> helptags for included packages
* Vim9: unknown func error with interface declaring func var
* runtime(filetype): don't detect string interpolation as angular
* ComplMatchIns highlight hard to read on light background
* runtime(vim): Update base-syntax, highlight literal string quote escape
* runtime(editorconfig): set omnifunc to syntaxcomplete func
* tests: ruby tests fail with Ruby 3.4
* Vim9: leaking finished exception
* runtime(tiasm): use correct syntax name tiasm in syntax script
* filetype: TI assembly files are not recognized
* too many strlen() calls in drawscreen.c
* runtime(xf86conf): add section name OutputClass to syntax script
* ComplMatchIns may highlight wrong text
* runtime(vim): Update base-syntax, improve ex-bang matching
* runtime(doc): clarify buffer deletion on popup_close()
* filetype: shaderslang files are not detected
* Vim9: not able to use comment after opening curly brace
- update to 9.1.0993
* 9.1.0993: New 'cmdheight' behavior may be surprising
* runtime(sh): fix typo in Last Change header
* 9.1.0992: Vim9: double-free after v9.1.0988
* 9.1.0991: v:stacktrace has wrong type in Vim9 script
* runtime(sh): add PS0 to bashSpecialVariables in syntax script
* runtime(vim): Remove trailing comma from match_words
* runtime(zsh): sync syntax script with upstream repo
* runtime(doc): Capitalise the mnemonic "Zero" for the 'z' flag of search()
* 9.1.0990: Inconsistent behavior when changing cmdheight
* 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
* runtime(java): Quietly opt out for unsupported markdown.vim versions
* runtime(vim): fix failing vim syntax test
* 9.1.0988: Vim9: no error when using uninitialized var in new()
* runtime(doc): update index.txt
* 9.1.0987: filetype: cake files are not recognized
* 9.1.0986: filetype: 'jj' filetype is a bit imprecise
* runtime(jj): Support diffs in jj syntax
* runtime(vim): Update matchit pattern, no Vim9 short names
* 9.1.0985: Vim9: some ex commands can be shortened
* 9.1.0984: exception handling can be improved
* runtime(doc): update doc for :horizontal
* runtime(doc): update index.txt, windows.txt and version9.txt
* runtime(doc): Tweak documentation about base64 function
* runtime(chordpro): update syntax script
* 9.1.0983: not able to get the displayed items in complete_info()
* runtime(doc): use standard SGR format at :h xterm-true-color
* 9.1.0982: TI linker files are not recognized
* runtime(vim): update vim generator syntax script
* 9.1.0981: tests: typo in test_filetype.vim
* 9.1.0980: no support for base64 en-/decoding functions in Vim Script
* syntax(sh): Improve the recognition of bracket expressions
* runtime(doc): mention how NUL bytes are handled
* 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
* 9.1.0978: GUI tests sometimes fail when setting 'scroll' options
* 9.1.0977: filetype: msbuild filetypes are not recognized
* 9.1.0976: Vim9: missing return statement with throw
* 9.1.0975: Vim9: interpolated string expr not working in object methods
* 9.1.0974: typo in change of commit v9.1.0873
* 9.1.0973: too many strlen() calls in fileio.c
* runtime(sh): set shellcheck as the compiler for supported shells
* runtime(doc): Fix enum example syntax
* 9.1.0972: filetype: TI linker map files are not recognized
* runtime(vim): Improve syntax script generator for Vim Script
* 9.1.0971: filetype: SLNX files are not recognized
* 9.1.0970: VMS: build errors on VMS architecture
* runtime(doc): Fix documentation typos
* runtime(doc): update for new keyprotocol option value (after v9.1.0969)
* 9.1.0969: ghostty not using kitty protocol by default
* 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
* runtime(doc): update version9.txt for bash filetype
* runtime(netrw): update last change header for #16265
* runtime(doc): fix doc error in :r behaviour
* 9.1.0967: SpotBugs compiler setup can be further improved
* 9.1.0966: Vim9: :enum command can be shortened
* runtime(compiler): include a basic bash syntax checker compiler
* 9.1.0965: filetype: sh filetype set when detecting the use of bash
* runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt
* 9.1.0963: fuzzy-matching does not prefer full match
* 9.1.0962: filetype: bun.lock file is not recognized
* runtime(vim): update indentation plugin for Vim script
* runtime(doc): tweak documentation style in helphelp.txt
* runtime(vim): Update base-syntax, allow parens in default arguments
* runtime(doc): mention auto-format using clang-format for sound.c/sign.c
* runtime(help): fix typo s/additional/arbitrary/
* runtime(help): Add better support for language annotation highlighting
* 9.1.0961: filetype: TI gel files are not recognized
* 9.1.0960: filetype: hy history files are not recognized
* translation(fi): Fix typoes in Finish menu translation
* 9.1.0959: Coverity complains about type conversion
* runtime(vim): Use supported syntax in indent tests
* 9.1.0958: filetype: supertux2 config files detected as lisp
* 9.1.0956: completion may crash, completion highlight wrong with preview window
* 9.1.0955: Vim9: vim9compile.c can be further improved
* runtime(doc): move help tag E1182
* runtime(graphql): contribute vim-graphql to Vim core
* 9.1.0954: popupmenu.c can be improved
* 9.1.0953: filetype: APKBUILD files not correctly detected
* 9.1.0952: Vim9: missing type checking for any type assignment
* 9.1.0951: filetype: jshell files are not recognized
* runtime(dockerfile): do not set commentstring in syntax script
* 9.1.0950: filetype: fennelrc files are not recognized
* runtime(netrw): do not double escape Vim special characters
* git: ignore reformatting change of netrw plugin
* runtime(netrw): more reformating #16248
* runtime(doc): Add a note about handling symbolic links in starting.txt
* 9.1.0949: popups inconsistently shifted to the left
* git: ignore reformatting change of netrw plugin
* runtime(netrw): change indent size from 1 to 2
* 9.1.0948: Missing cmdline completion for :pbuffer
* runtime(tutor): Reformat tutor1
* 9.1.0947: short-description
* 9.1.0946: cross-compiling fails on osx-arm64
* 9.1.0945: ComplMatchIns highlight doesn't end after inserted text
* translation(sv): re-include the change from #16240
* 9.1.0944: tests: test_registers fails when not run under X11
* 9.1.0943: Vim9: vim9compile.c can be further improved
* runtime(doc): Update README and mention make check to verify
* translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec
* runtime(vim): update base-syntax after v9.1.0936
* 9.1.0942: a few typos were found
* 9.1.0941: ComplMatchIns doesn't work after multibyte chars
* runtime(doc): Fix style in fold.txt
* translation(sv): Fix typo in Swedish translation
* 9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
* runtime(doc): fix some small errors
* 9.1.0939: make installtutor fails
* 9.1.0938: exclusive selection not respected when re-selecting block mode
* 9.1.0937: test_undolist() is flaky
* 9.1.0936: cannot highlight completed text
* 9.1.0935: SpotBugs compiler can be improved
* 9.1.0934: hard to view an existing buffer in the preview window
* runtime(doc): document how to minimize fold computation costs
* 9.1.0933: Vim9: vim9compile.c can be further improved
* 9.1.0932: new Italian tutor not installed
* runtime(doc): fix a few minor errors from the last doc updates
* translation(it): add Italian translation for the interactive tutor
* runtime(doc): update the change.txt help file
* runtime(help): Add Vim lang annotation support for codeblocks
* 9.1.0931: ml_get error in terminal buffer
* 9.1.0930: tests: test_terminal2 may hang in GUI mode
* 9.1.0929: filetype: lalrpop files are not recognized
* 9.1.0928: tests: test_popupwin fails because the filter command fails
* editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim
* 9.1.0927: style issues in insexpand.c
* 9.1.0926: filetype: Pixi lock files are not recognized
* runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit`
* runtime(doc): add a note about inclusive motions and exclusive selection
* 9.1.0925: Vim9: expression compiled when not necessary
* 9.1.0924: patch 9.1.0923 causes issues
* 9.1.0923: too many strlen() calls in filepath.c
* 9.1.0923: wrong MIN macro in popupmenu.c
* 9.1.0921: popupmenu logic is a bit convoluted
* 9.1.0920: Vim9: compile_assignment() too long
* 9.1.0919: filetype: some assembler files are not recognized
* runtime(netrw): do not pollute search history with symlinks
* 9.1.0918: tiny Vim crashes with fuzzy buffer completion
* 9.1.0917: various vartabstop and shiftround bugs when shifting lines
* runtime(typst): add definition lists to formatlistpat, update maintainer
* 9.1.0916: messages.c is exceeding 80 columns
* runtime(proto): include filetype plugin for protobuf
* 9.1.0915: GVim: default font size a bit too small
* 9.1.0914: Vim9: compile_assignment() is too long
* 9.1.0913: no error check for neg values for 'messagesopt'
* runtime(netrw): only check first arg of netrw_browsex_viewer for being executable
* 9.1.0912: xxd: integer overflow with sparse files and -autoskip
* 9.1.0911: Variable name for 'messagesopt' doesn't match short name
* 9.1.0910: 'messagesopt' does not check max wait time
* runtime(doc): update wrong Vietnamese localization tag
* 9.1.0909: Vim9: crash when calling instance method
- update to 9.1.0908
* refresh vim-7.3-mktemp_tutor.patch
* 9.1.0908: not possible to configure :messages
* 9.1.0907: printoptions:portrait does not change postscript Orientation
* runtime(doc): Add vietnamese.txt to helps main TOC
* 9.1.0906: filetype: Nvidia PTX files are not recognized
* runtime(doc): updated version9.txt with changes from v9.1.0905
* 9.1.0905: Missing information in CompleteDone event
* 9.1.0904: Vim9: copy-paste error in class_defining_member()
* 9.1.0903: potential overflow in spell_soundfold_wsal()
* runtime(netrw): do not detach when launching external programs in gvim
* runtime(doc): make tag alignment more consistent in filetype.txt
* runtime(doc): fix wrong syntax and style of vietnamese.txt
* translation(it): update Italian manpage for vimtutor
* runtime(lua): add optional lua function folding
* Filelist: include translations for Chapter 2 tutor
* translation(vi): Update Vietnamese translation
* runtime(doc): include vietnamese.txt
* runtime(tutor): fix another typo in tutor2
* runtime(doc): fix typo in vimtutor manpage
* translation(it): update Italian manpage for vimtutor
* translation(it): include Italian version of tutor chapter 2
* runtime(tutor): regenerated some translated tutor1 files
* runtime(tutor): fix typo in Chapter 2
* 9.1.0902: filetype: Conda configuration files are not recognized
* runtime(doc): Tweak documentation style a bit
* runtime(tutor): update the tutor files and re-number the chapters
* runtime(tutor): Update the makefiles for tutor1 and tutor2 files
* 9.1.0901: MS-Windows: vimtutor batch script can be improved
* runtime(doc): remove buffer-local completeopt todo item
* 9.1.0900: Vim9: digraph_getlist() does not accept bool arg
* runtime(typst): provide a formatlistpat in ftplugin
* runtime(doc): Update documentation for "noselect" in 'completeopt'
* 9.1.0899: default for 'backspace' can be set in C code
* runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc
* translation(ru): Updated messages translation
* 9.1.0898: runtime(compiler): pytest compiler not included
* 9.1.0897: filetype: pyrex files are not detected
* runtime(compiler): update eslint compiler
* 9.1.0896: completion list wrong after v9.1.0891
* runtime(doc): document changed default value for 'history'
* 9.1.0895: default history value is too small
* 9.1.0894: No test for what the spotbug compiler parses
* 9.1.0893: No test that undofile format does not regress
* translation(de): update German manpages
* runtime(compiler): include spotbugs Java linter
* 9.1.0892: the max value of 'tabheight' is limited by other tabpages
* runtime(po): remove poDiffOld/New, add po-format flags to syntax file
* 9.1.0891: building the completion list array is inefficient
* patch 9.1.0890: %! item not allowed for 'rulerformat'
* runtime(gzip): load undofile if there exists one
* 9.1.0889: Possible unnecessary redraw after adding/deleting lines
* 9.1.0888: leftcol property not available in getwininfo()
* 9.1.0887: Wrong expression in sign.c
* 9.1.0886: filetype: debian control file not detected
* runtime(c3): include c3 filetype plugin
* 9.1.0885: style of sign.c can be improved
* 9.1.0884: gcc warns about uninitialized variable
* runtime(apache): Update syntax directives for apache server 2.4.62
* translation(ru): updated vimtutor translation, update MAINTAINERS file
* 9.1.0883: message history cleanup is missing some tests
* runtime(doc): Expand docs on :! vs. :term
* runtime(netrw): Fixing powershell execution issues on Windows
* 9.1.0882: too many strlen() calls in insexpand.c
* 9.1.0881: GUI: message dialog may not get focus
* runtime(netrw): update netrw's decompress logic
* runtime(apache): Update syntax keyword definition
* runtime(misc): add Italian LICENSE and (top-level) README file
* 9.1.0880: filetype: C3 files are not recognized
* runtime(doc): add helptag for :HelpToc command
* 9.1.0879: source is not consistently formatted
* Add clang-format config file
* runtime(compiler): fix escaping of arguments passed to :CompilerSet
* 9.1.0878: termdebug: cannot enable DEBUG mode
* 9.1.0877: tests: missing test for termdebug + decimal signs
* 9.1.0876: filetype: openCL files are not recognized
* 9.1.0875: filetype: hyprlang detection can be improved
* 9.1.0874: filetype: karel files are not detected
* 9.1.0873: filetype: Vivado files are not recognized
* 9.1.0872: No test for W23 message
* 9.1.0871: getcellpixels() can be further improved
* 9.1.0870: too many strlen() calls in eval.c
* 9.1.0869: Problem: curswant not set on gm in folded line
* 9.1.0868: the warning about missing clipboard can be improved
* runtime(doc): Makefile does not clean up all temporary files
* 9.1.0867: ins_compl_add() has too many args
* editorconfig: don't trim trailing whitespaces in runtime/doc
* translation(am): Remove duplicate keys in desktop files
* runtime(doc): update helptags
* runtime(filetype): remove duplicated *.org file pattern
* runtime(cfg): only consider leading // as starting a comment
* 9.1.0866: filetype: LLVM IR files are not recognized
* 9.1.0865: filetype: org files are not recognized
* 9.1.0864: message history is fixed to 200
* 9.1.0863: getcellpixels() can be further improved
* runtime(sh): better function support for bash/zsh in indent script
* runtime(netrw): small fixes to netrw#BrowseX
* 9.1.0862: 'wildmenu' not enabled by default in nocp mode
* runtime(doc): update how to report issues for mac Vim
* runtime(doc): mention option-backslash at :h CompilerSet
* runtime(compiler): include a Java Maven compiler plugin
* runtime(racket): update Racket runtime files
* runtime(doc): improve indentation in examples for netrw-handler
* runtime(doc): improve examples for netrw-handler functions
* runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg
* runtime(doc): clarify the use of filters and external commands
* 9.1.0861: Vim9: no runtime check for object member access of any var
* runtime(compiler): update pylint linter
* 9.1.0860: tests: mouse_shape tests use hard code sleep value
* 9.1.0859: several problems with the GLVS plugin
* 9.1.0858: Coverity complains about dead code
* runtime(tar): Update tar.vim to support permissions
* 9.1.0857: xxd: --- is incorrectly recognized as end-of-options
* 9.1.0851: too many strlen() calls in getchar.c
* 9.1.0850: Vim9: cannot access nested object inside objects
* runtime(tex): extra Number highlighting causes issues
* runtime(vim): Fix indent after :silent! function
* 9.1.0849: there are a few typos in the source
* runtime(netrw): directory symlink not resolved in tree view
* runtime(doc): add a table of supported Operating Systems
* runtime(tex): update Last Change header in syntax script
* runtime(doc): fix typo in g:termdebug_config
* runtime(vim): Update base-syntax, improve :normal highlighting
* runtime(tex): add Number highlighting to syntax file
* runtime(doc): Tweak documentation style a bit
* 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
* runtime(dune): use :setl instead of :set in ftplugin
* runtime(termdebug): allow to use decimal signs
* translation(it): Updated Italian vimtutor
* runtime(compiler): improve cppcheck
* git: git-blame-ignore-revs shown as an error on Github
* 9.1.0847: tests: test_popupwin fails because of updated help file
* 9.1.0846: debug symbols for xxd are not cleaned in Makefile
* runtime(structurizr): Update structurizr syntax
* runtime(8th): updated 8th syntax
* runtime(doc): Add pi_tutor.txt to help TOC
* runtime(compiler): add mypy and ruff compiler; update pylint linter
* runtime(netrw): fix several bugs in netrw tree listing
* runtime(netrw): prevent polluting the search history
* 9.1.0845: vimtutor shell script can be improved
* 9.1.0844: if_python: no way to pass local vars to python
* 9.1.0843: too many strlen() calls in undo.c
* runtime(doc): update default value for fillchars option
* runtime(compiler): fix typo in cppcheck compiler plugin
* runtime(doc): simplify vimtutor manpage a bit more
* runtime(matchparen): Add matchparen_disable_cursor_hl config option
* 9.1.0842: not checking for the sync() systemcall
* 9.1.0841: tests: still preferring python2 over python3
* 9.1.0840: filetype: idris2 files are not recognized
* 9.1.0839: filetype: leo files are not recognized
* runtime(cook): include cook filetype plugin
* runtime(debversions): Update Debian versions
* patch 9.1.0838: vimtutor is bash-specific
* runtime(doc): add help specific modeline to pi_tutor.txt
* Filelist: vimtutor chapter 2 is missing in Filelist
* 9.1.0837: cross-compiling has some issues
* runtime(vimtutor): Add a second chapter
- procps
-
- Add patch CVE-2023-4016-part2.patch
* Fix the ps command segfaults when pid argument has a leading space (bsc#1236842)
- freetype2
-
- Added patch:
* CVE-2025-27363.patch
+ fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
attempting to parse font subglyph structures related to
TrueType GX and variable font files
- python3
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- nfsidmap
-
- nss: use strrchr() instead of strchr() to get the last occurrence of
"@" (bsc#1236077)
- add 0003-nss-use-strrchr-instead-of-strchr-to-get-the-last-oc.patch
- python36
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- google-guest-oslogin
-
- Rework SELinux support (bsc#1232553)
* Add pkgconfig(systemd) to BuildRequires for SELinux builds
* Add policycoreutils to BuildRequires
* Build and install SELinux module on older distributions as well
to allow users to use the module with their own SELinux policies
* Make checkpolicy build dependency unconditional
* Move oslogin.pp SELinux module into %{selinuxtype} subdirectory
* Own %{_datadir}/selinux{,/packages} on older distributions
* Split SELinux support into separate -selinux package
* Use SELinux RPM macros to install and uninstall SELinux module
* Use RPM conditional builds to enable SELinux on newer distributions
- Build and install SELinux module (bsc#1232553)
- python3-base
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- python-base
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according modifications by the Debian
developers (Sylvain Beucler <beuc@debian.org>,
gh#python/cpython#103848#issuecomment-2708135083).
- Modify CVE-2025-0938-sq-brackets-domain-names.patch: we don't
use bracketed_host variable any more (correction of the fix for
bsc#1236705, discovered during analysis for bsc#1223694).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- glibc
-
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582))
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228044, BZ
[#31934])
- cloud-regionsrv-client
-
- Update to 10.3.11 (bsc#1234050)
+ Send registration code for the extensions, not only base product
- Update to 10.3.8 (bsc#1233333)
+ Fix the package requirements for cloud-regionsrv-client
+ Follow changes to suseconnect error reporting from stdout to stderr
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
bad targetKeyLength parameters when checking for FIPS approval
after keygen. This was causing false rejections.
- Updated nss-fips-approved-crypto-non-ec.patch to approve
RSA signature verification mechanisms with PKCS padding and
legacy moduli (bsc#1222834).
- openssh
-
- Backported patch to fix a MitM attack against OpenSSH's
VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
* fix-CVE-2025-26465.patch
- write active/enabled switch over files only if not yet present
(bsc#1220110)
- Add patch backported from upstream to add a s390 specific ioctl
for ecc hardware support (bsc#1225637):
* openssh-7.2p2-allow-s390-specific-ioctl-for-ecc-hardware-support.patch
- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.11-CVE-2024-11187.patch]
- rsync
-
- Fix bsc#1237187 - rsync daemon mode after protocol bump
* Add greeting line with available digests
* Add rsync-fix-daemon-proto-32.patch
- Bump protocl version to 32 - make it easier to show server is patched.
* Add rsync-protocol-version-32.patch
- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
* Added rsync-fix-FLAG_GOT_DIR_FLIST.patch
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
* Added rsync-CVE-2024-12747.patch
- Security update, fix multiple vulnerabilities:
* CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
* CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
* CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
* CVE-2024-12088, bsc#1234104 - --safe-links Bypass
* Added rsync-CVE-2024-12085.patch
* Added rsync-CVE-2024-12086_01.patch
* Added rsync-CVE-2024-12086_02.patch
* Added rsync-CVE-2024-12086_03.patch
* Added rsync-CVE-2024-12086_04.patch
* Added rsync-CVE-2024-12087_01.patch
* Added rsync-CVE-2024-12087_02.patch
* Added rsync-CVE-2024-12088.patch
* Added rsync-fix-compilation-do_malloc_fixes.patch
- gnutls
-
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-x509-optimize-alt-name-access.patch
* Add gnutls-CVE-2024-12243.patch
- google-guest-configs
-
- Add ggc-no-dup-metasrv-entry.patch
+ Follow up to (bsc#1234289, bsc#1234293). Avoid duplicate entries for
the metadata server in /etc/hosts
- Update to version 20241205.00 (bsc#1234254, bsc#1234255)
* Update google_set_multiqueue to configure
vCPU ranges based on VM platform (#90)
- from version 20241204.00
* Restore google_set_multiqueue changes for A3Ultra (#93)
* Depend on networkd-dispatcher in Ubuntu (#94)
- Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293)
* Add sysconfig and sysconfig-network to BuildRequires
* Install google_set_hostname into %{_bindir}
* Install google_up.sh into %{_sysconfdir}/sysconfig/network/scripts/
* Add code to add and remove POST_UP_SCRIPT="compat:suse:google_up.sh"
to /etc/sysconfig/network/ifcfg-eth0 in %post and %postun sections
- timezone
-
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
* Fixes testsuite failures for other packages
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- kernel-default
-
- mailbox: bcm2835: Fix timeout during suspend mode
(CVE-2024-49963 bsc#1232147).
- commit 75bdf4b
- x86/mce: Work around an erratum on fast string copy instructions (bsc#1238148 CVE-2022-49124).
- commit b1aab7b
- drm/msm/mdp5: Fix global state lock backoff (bsc#1238275)
- commit d68fed1
- sfc: fix use after free when disabling sriov (CVE-2022-49626
bsc#1238270).
- net: hns3: add vlan list lock to protect vlan list
(CVE-2022-49182 bsc#1238260).
- ibmvnic: fix race between xmit and reset (CVE-2022-49201
bsc#1238256).
- mlxsw: spectrum: Guard against invalid local ports
(CVE-2022-49134 bsc#1237982).
- net: hns3: remove useless mutex vport_cfg_mutex in the struct
hclge_dev (CVE-2022-49182 bsc#1238260).
- commit 41d3a51
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is (bsc#1238275 CVE-2022-49490)
- commit af254cd
- drm/amd/display: Fix memory leak (bsc#1238006 CVE-2022-49135)
- commit 74a7dda
- memstick/mspro_block: fix handling of read-only devices
(CVE-2022-49178 bsc#1238107).
- commit f4ff479
- bpf, sockmap: Fix repeated calls to sock_put() when msg has
more_data (bsc#1235485 CVE-2024-56633).
- commit 8b17f20
- tracing: Free buffers when a used dynamic event is removed
(bsc#1232163 CVE-2022-49006).
- blacklist.conf: Remove the commit from the list.
- commit dc40c84
- tracing: Only have rmmod clear buffers that its events were
active in (bsc#1232163).
- kABI: Preserve TRACE_EVENT_FL values (bsc#1232163).
- kABI: Add clear_trace to trace_array (bsc#1232163).
- commit 314b5be
- uprobes: fix kernel info leak via "[uprobes]" vma (bsc#1232104
CVE-2024-49975).
- commit c0c10d0
- btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753 bsc#1237875)
- commit 6c90c9e
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(CVE-2022-49080 bsc#1238033).
- commit 067e764
- IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition (git-fixes CVE-2022-49089 bsc#1238041)
- commit 6e0de51
- RDMA/hfi1: Fix use-after-free bug for mm struct (git-fixes CVE-2022-49076 bsc#1237738)
- commit 6e82988
- nfsd: restore callback functionality for NFSv4.0 (CVE-2024-53217 bsc#1234999)
- commit 805ad92
- netfilter: nf_tables: don't skip expired elements during walk
(CVE-2023-52924 bsc#1236821).
- commit 0526ace
- can: gs_usb: gs_usb_open/close(): fix memory leak
(CVE-2022-49661 bsc#1237788).
- can: mcba_usb: properly check endpoint type (CVE-2022-49151
bsc#1237778).
- commit 9830891
- media: stk1160: If start stream fails, return buffers with
VB2_BUF_STATE_QUEUED (CVE-2022-49247 bsc#1237783).
- commit a93f4c4
- media: staging: media: zoran: move videodev alloc
(CVE-2021-47644 bsc#1237766).
- commit c96d641
- ubi: Fix race condition between ctrl_cdev_ioctl and
ubi_cdev_ioctl (CVE-2021-47634 bsc#1237758).
- commit d5a9e9b
- USB: serial: quatech2: fix null-ptr-deref in
qt2_process_read_urb() (CVE-2025-21689 bsc#1237017).
- commit 10a8b05
- hid: cp2112: Fix duplicate workqueue initialization
(CVE-2023-52853 bsc#1224988).
- commit 0767a8e
- Update References for CVE-2023-52572 and bsc#bsc#1220946
Patch:
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
- commit 8c83bd1
- net: Fix icmp host relookup triggering ip_rt_bug (CVE-2024-56647
bsc#1235435).
- commit 5e3ecca
- net: sched: Disallow replacing of child qdisc from one parent
to another (CVE-2025-21700 bsc#1237159).
- commit 634dd23
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (CVE-2025-21640 bsc#1236123)
- commit fcc1d3a
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (CVE-2025-21639 bsc#1236122)
- commit cef2fdd
- sctp: sysctl: auth_enable: avoid using current->nsproxy (CVE-2025-21638 bsc#1236115)
- commit cb20958
- rtc: cmos: fix build on non-ACPI platforms (CVE-2022-48953
bsc#1231941).
- commit aeaadef
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
service (bsc#1237025 CVE-2025-21690).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change
events (git-fixes).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(git-fixes).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings
(git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status
(git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Return DID_ERROR for invalid commands
(git-fixes).
- scsi: storvsc: Add validation for untrusted Hyper-V values
(git-fixes).
- scsi: storvsc: Fix spelling mistake (git-fixes).
- commit 1ce0fca
- rtc: cmos: Fix wake alarm breakage (CVE-2022-48953 bsc#1231941).
- rtc: cmos: Fix event handler registration ordering issue
(CVE-2022-48953 bsc#1231941).
- commit 18a134d
- gpiolib: fix memory leak in gpiochip_setup_dev() (CVE-2022-48975
bsc#1231885).
- commit 8811266
- uprobe: avoid out-of-bounds memory access of fetching args
(git-fixes CVE-2024-50067 bsc#1232416).
- commit 113452d
- Refresh
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch.
- Refresh
patches.suse/netfilter-nf_conntrack_irc-Tighten-matching-on-DCC-m.patch.
- powerpc/64/kdump: Limit kdump base to 512MB (bsc#1203410
ltc#199904).
Add upstream commit ID and move to the sorted section.
- commit 8635ca2
- Delete
patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
Obsoleted by upstream commit 9aa422ad326634b76309e8ff342c246800621216
which we already have.
- commit 0f3afb5
- Refresh
patches.suse/SUNRPC-auth-async-tasks-mustn-t-block-waiting-for-me.patch.
- Refresh
patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch.
- Refresh
patches.suse/SUNRPC-xprt-async-tasks-mustn-t-block-waiting-for-me.patch.
Add upstream commit ID to 3 sunrpc patches and move them to the sorted
section.
- commit 95d9bb0
- Refresh
patches.suse/crypto_ccp-fix_resource_leaks_in_ccp_run_aes_gcm_cmd.patch.
- Refresh
patches.suse/mm-pmem-avoid-inserting-hugepage-pte-entry-with-fsdax-if-hugepage-support-is-disabled.patch.
- Refresh
patches.suse/proc-Avoid-mixing-integer-types-in-mem_rw.patch.
Move these 3 patches to the sorted section with proper upstream
references.
- commit b21e43e
- net: mana: Add get_link and get_link_ksettings in ethtool
(bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit cf42fac
- Refresh
patches.suse/eth-bnxt-always-recalculate-features-after-XDP-clear.patch.
Fix warning introduced by commit 26357a58074c ("eth: bnxt:
always recalculate features after XDP clearing, fix null-deref
(CVE-2025-21682 bsc#1236703).")
- commit cb8e39a
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
patches.suse/Bluetooth-L2CAP-Fix-uaf-in-l2cap_connect.patch
(CVE-2024-49950 bsc#1232159 bsc#1225742).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
(CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
patches.suse/btrfs-wait-for-fixup-workers-before-stopping-cleaner.patch
(bsc#1235965 CVE-2024-57896 CVE-2024-49867 bsc#1232262).
- Update
patches.suse/ext4-avoid-OOB-when-system.data-xattr-changes-undern.patch
(bsc#1231920 CVE-2024-47701 bsc#1225742).
- Update
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198 bsc#1225742).
- Update
patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
(bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
patches.suse/tty-n_gsm-Fix-use-after-free-in-gsm_cleanup_mux.patch
(CVE-2024-50073 bsc#1232520 bsc#1225742).
- Update
patches.suse/vfio-pci-Lock-external-INTx-masking-ops.patch
(bsc#1222803 CVE-2024-26810).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
(CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit f832b51
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1235965 CVE-2024-57896 CVE-2022-48664 bsc#1223524).
- commit 1e97612
- smb: client: fix double free of TCP_Server_Info::hostname
(CVE-2025-21673 bsc#1236689).
- commit a8e944b
- kABI fix for net: defer final 'struct net' free in netns
dismantle (CVE-2024-56658 bsc#1235441).
Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
net' free in netns dismantle") introduced a new struct element
`defer_free_list` into `struct net`. In order to preserve the kABI, move
the newly added element into a hole.
```
struct netns_unix unx; /* 536 16 */
/* XXX 24 bytes hole, try to pack */
/* --- cacheline 9 boundary (576 bytes) --- */
struct netns_ipv4 ipv4 __attribute__((__aligned__(64))); /* 576 1088 */
```
- commit 3fe112a
- net: defer final 'struct net' free in netns dismantle
(CVE-2024-56658 bsc#1235441).
- commit a3ad07d
- net: bridge: fix vlan tunnel dst refcnt when egressing (CVE-2021-47222 bsc#1224857)
- commit c5ffad3
- net: bridge: fix vlan tunnel dst null pointer dereference (CVE-2021-47223 bsc#1224856)
- commit 183304e
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142 bsc#1233028)
- commit 44b0b49
- tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
(bsc#1235485 CVE-2024-56633).
- bpf, sockmap: Fix the sk->sk_forward_alloc warning of
sk_stream_kill_queues (bsc#1235485 CVE-2024-56633).
- bpf, sockmap: Fix more uncharged while msg has more_data
(bsc#1235485 CVE-2024-56633).
- tcp_bpf: Fix one concurrency problem in the tcp_bpf_send_verdict
function (bsc#1235485 CVE-2024-56633).
- commit 312086f
- RDMA/hns: Fix cpu stuck caused by printings during reset (CVE-2024-56722 bsc#1235570)
- commit 8d94b2e
- vfio/pci: Lock external INTx masking ops (bsc#1222803).
- Refresh patches.suse/vfio-pci-Create-persistent-INTx-handler.patch.
- commit 0681ef7
- gtp: Destroy device along with udp socket's netns dismantle
(CVE-2025-21678 bsc#1236698).
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp()
(CVE-2025-21678 bsc#1236698).
- eth: bnxt: always recalculate features after XDP clearing,
fix null-deref (CVE-2025-21682 bsc#1236703).
- commit e803c29
- ipv4: ip_tunnel: Fix suspicious RCU usage warning in
ip_tunnel_find() (CVE-2024-50304 bsc#1233522).
- commit 225c809
- netfilter: nft_payload: sanitize offset and length before
calling skb_checksum() (CVE-2024-50251 bsc#1233248).
- commit eece26a
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600 bsc#1235217).
- commit a01a9a3
- btrfs: don't abort filesystem when attempting to snapshot
deleted subvolume (bsc#1222072 CVE-2024-26644).
- commit 41ce9ae
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
bsc#1235466).
- scsi: qedi: Fix a possible memory leak in
qedi_alloc_and_init_sb() (CVE-2024-56747 bsc#1234934).
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
(CVE-2024-53227 bsc#1235011).
- commit 64d880b
- RDMA/uverbs: Prevent integer overflow issue (bsc#1235919 CVE-2024-57890)
- commit 38203c5
- overflow: Implement size_t saturating arithmetic helpers (bsc#1235919 CVE-2024-57890)
- commit 90eb057
- overflow: Add __must_check attribute to check_*() helpers (bsc#1235919 CVE-2024-57890)
Refresh patches.suse/0010-overflow-Correct-check_shl_overflow-comment.patch
- commit 5140cb6
- overflow.h: Add flex_array_size() helper (bsc#1235919 CVE-2024-57890)
- commit 22d16f6
- overflow.h: Add comment documenting __ab_c_size() (bsc#1235919 CVE-2024-57890)
- commit b5a4098
- netfilter: x_tables: fix LED ID check in led_tg_check()
(CVE-2024-56650 bsc#1235430).
- commit 8b9e311
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy
and Mbox devices (git-fixes CVE-2024-53197 bsc#1235464).
- commit dc81ff3
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (CVE-2024-53217 bsc#1234999)
- commit 8a6f9b4
- wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (CVE-2024-57899 bsc#1235924)
- commit 600d381
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (CVE-2024-56369 bsc#1235750)
- commit b3145a1
- drm/modes: Switch to 64bit maths to avoid integer overflow (bsc#1235750)
- commit e4d2dd7
- igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332 bsc#1235700)
- commit 23608e0
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739 bsc#1235611)
- commit 26c24f2
- crypto: bcm - add error check in the ahash_hmac_init function (CVE-2024-56681 bsc#1235557)
- commit f132d27
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (CVE-2024-56688 bsc#1235538)
- commit a4e5ee6
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662 bsc#1235533)
- commit c4dc3c5
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (CVE-2024-56700 bsc#1235500)
- commit d0190f0
- drm/amdgpu: set the right AMDGPU sg segment limitation (CVE-2024-56594 bsc#1235413)
- commit b32a039
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (CVE-2024-56593 bsc#1235252)
- commit 84dd400
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (CVE-2024-56769 bsc#1235155)
- commit d6854a8
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (CVE-2024-56532 bsc#1235059)
- commit c7d5d7e
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (CVE-2024-56533 bsc#1235053)
- commit 7a2524a
- media: ts2020: fix null-ptr-deref in ts2020_probe() (CVE-2024-56574 bsc#1235040)
- commit 994f123
- Move patches.suse/floppy-reintroduce-O_NDELAY-fix.patch to the sorted
section with proper upstream references. Document the reason why the
upstream revert should not be applied to our kernel.
- commit c686e79
- dm thin: make get_first_thin use rcu-safe list first function (CVE-2025-21664 bsc#1236262)
- commit a5449a2
- selinux: ignore unknown extended permissions (CVE-2024-57931 bsc#1236192)
- commit 026448e
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (CVE-2025-21653 bsc#1236161)
- commit 987a924
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (CVE-2024-57938 bsc#1236182)
- commit 3f47e6a
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (CVE-2024-57884 bsc#1235948)
- commit 7ce422e
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (bsc#1235747 CVE-2024-55916).
- commit bfb225e
- gve: guard XDP xmit NDO on existence of xdp queues
(CVE-2024-57932 bsc#1236190).
- commit 9d9586a
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit f670a26
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601 bsc#1235230).
- commit 2328dc9
- net: add more sanity checks to qdisc_pkt_len_init()
(CVE-2024-49948 bsc#1232161).
- commit 39d78f4
- net: restrict SO_REUSEPORT to inet sockets (bsc#1235967 CVE-2024-57903)
- commit eaf865b
- net: do not delay dst_entries_add() in dst_release()
(CVE-2024-50036 bsc#1231912).
- commit 4ae059f
- tracing: Prevent bad count for tracing_cpumask_write (CVE-2024-56763 bsc#1235638)
- commit 224036d
- dccp: Fix memory leak in dccp_feat_change_recv (CVE-2024-56643 bsc#1235132)
- commit f89cb51
- net/smc: initialize close_work early to avoid warning (CVE-2024-56641 bsc#1235526)
- commit 3572c76
- btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645 CVE-2024-56759).
- btrfs: flush delalloc workers queue before stopping cleaner
kthread during unmount (bsc#1235965 CVE-2024-57896).
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1235965 CVE-2024-57896).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1235965 CVE-2024-57896).
- Btrfs: fix crash during unmount due to race with delayed inode
workers (bsc#1235965 CVE-2024-57896).
- commit 176ee37
- drm/amd/display: Add check for granularity in dml ceil/floor
helpers (CVE-2024-57922 bsc#1236080 with CVSS 5.5).
- commit 447f836
- netfilter: ipset: Hold module reference while requesting a module (CVE-2024-56637 bsc#1235523)
- commit 88e28cd
- dm array: fix releasing a faulty array block twice in
dm_array_cursor_end (bsc#1236096, CVE-2024-57929).
- commit 1959a0b
- Update
patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch
(CVE-2024-56606 bsc#1235417).
Fix the bug number.
- commit f121592
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (CVE-2024-57887 bsc#1235952).
- commit 5c4ee3f
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
(bsc#1235964 CVE-2024-57892).
- ocfs2: correct return value of ocfs2_local_free_info()
(bsc#1235964 CVE-2024-57892).
- commit b9a152d
- xen: Fix the issue of resource not being properly released in
xenbus_dev_probe() (CVE-2024-53198 bsc#1234923).
- commit ca6183e
- workqueue: skip lockdep wq dependency in cancel_work_sync()
(bsc#1235918).
- commit 1b19fa3
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from
!WQ_MEM_RECLAIM worker (bsc#1235416 bsc#1235918 CVE-2024-57888).
- commit b01b194
- ftrace: Fix regression with module command in stack_trace_filter
(CVE-2024-56569 bsc#1235031).
- commit e7b7c58
- ALSA: seq: oss: Fix races at processing SysEx messages
(CVE-2024-57893 bsc#1235920).
- commit 7be38f2
- bpf: fix OOB devmap writes when deleting elements (CVE-2024-56615 bsc#1235426)
- commit a05e14b
- cifs: fix calc signature on big endian systems (bsc#1235888,
bsc#1234921).
- commit 38ecaae
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (CVE-2024-53155 bsc#1234855)
- commit 1c5aa20
- dlm: fix possible lkb_resource null dereference (CVE-2024-47809 bsc#1235714)
- commit 96406ba
- ocfs2: free inode when ocfs2_get_init_inode() fails (CVE-2024-56630 bsc#1235479)
- commit 3c3dfcf
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (CVE-2024-48881 bsc#1235727)
- commit 027cde8
- netfilter: nf_tables: use timestamp to check for set element
timeout (CVE-2024-27397 bsc#1224095).
- commit f2d74b7
- net/smc: check return value of sock_recvmsg when draining clc
data (CVE-2024-57791 bsc#1235759).
- commit 7c27e5f
- scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (CVE-2024-56748 bsc#1235627)
- commit ce7ef63
- smb: client: fix parsing of SMB3.1.1 POSIX create context
(git-fixes).
- commit bc79049
- s390/cpum_sf: Handle CPU hotplug remove during sampling
(CVE-2024-57849 bsc#1235814).
- commit 0001c5b
- pinmux: Use sequential access to access desc->pinmux data
(CVE-2024-47141 bsc#1235708).
- commit 5d7a944
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199
bsc#1233112).
- commit 46f452a
- drm/dp_mst: Fix MST sideband message body length check (bsc#1235427 CVE-2024-56616)
- commit a9fa1ed
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664 bsc#1235249).
- commit 58b2a56
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- commit 45bfce4
- scsi: sg: Fix slab-use-after-free read in sg_release()
(CVE-2024-56631 bsc#1235480).
- commit 7bf64a1
- Fix CVE reference for patches.suse/af_packet-avoid-erroring-out-after-sock_init_data-in.patch (CVE-2024-56606)
- commit 0d64068
- 9p/xen: fix release of IRQ (CVE-2024-56704 bsc#1235584).
- commit f5768af
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device
(CVE-2024-56724 bsc#1235577).
- commit fe1aa03
- irqchip/gic-v3-its: Prevent double free on error (bsc#1224697
CVE-2024-35847).
- commit 014f7f5
- smb: client: fix use-after-free of signing key (bsc#1234921,
CVE-2024-53179).
- commit c267f82
- af_packet: avoid erroring out after sock_init_data() in packet_create() (CVE-2024-5660 bsc#123541)
- commit 0fe28c5
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (CVE-2024-26976 bsc#1223635).
- commit 55809b2
- netfilter: nft_set_rbtree: .deactivate fails if element has
expired (CVE-2024-27397 bsc#1224095).
- netfilter: nft_set_rbtree: check for inactive element after
flag mismatch (CVE-2024-27397 bsc#1224095).
- commit 40ba8ec
- smb: client: fix NULL ptr deref in crypto_aead_setkey() (CVE-2024-53185 bsc#1234901)
- commit 5cf5c90
- ovl: Filter invalid inodes with missing lookup function
(bsc#1235035 CVE-2024-56570).
- commit 6e7923c
- net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603 bsc#1235415)
- commit c85c522
- ubi: fastmap: Fix duplicate slab cache names while attaching (CVE-2024-53172 bsc#1234898)
- commit 9366af4
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173 bsc#1234891).
- commit a7e3c22
- tipc: Fix use-after-free of kernel socket in cleanup_bearer()
(CVE-2024-56642 bsc#1235433).
- commit 3768de6
- sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299 bsc#1233488)
- commit 537e6f9
- drm/amdgpu: fix usage slab after free (CVE-2024-56551
bsc#1235075).
- commit d5ec598
- Bluetooth: L2CAP: do not leave dangling sk pointer on error
in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit 6ac1393
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit 707ad78
- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
(CVE-2022-49035 bsc#1215304).
- commit e681ca0
- Revert "fbdev: efifb: Register sysfs groups through driver core"
This reverts commit bff30872a052aab87ee7774e2be9b01e1cc917a9.
(bsc#1232224 CVE-2024-49925)
As Michal Koutný's comment#70 in bsc#1232224, the reason is that kABI
fixup in patches.kabi/driver-core-kABI-workaround-for-dev_groups-in-device.patch
is not restoring original KABI since the (extended) struct device_driver
is embedded in other structs, like platform_driver.
And I agree with Michal's comments, CVE-2024-49925 vulnerability is not
easy to be used by attacker who does not have root permission. So let's
revert the following backported/kabi patches and set CVE-2024-49925 to
WONFIX on SLE12-SP5:
72643096ed46b327a37e55db8130cbdc5dadc513
driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
993ec78562135da497117ab08d14b980c9f783ac
driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
d16dce7a3af05c2034c4ba6cea77c5fdc32124cd
driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
bff30872a052aab87ee7774e2be9b01e1cc917a9
fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit 70f2ffa
- Revert "driver core: add dev_groups to all drivers (bsc#1232224"
This reverts commit d16dce7a3af05c2034c4ba6cea77c5fdc32124cd.
(bsc#1232224 CVE-2024-49925)
As Michal Koutný's comment#70 in bsc#1232224, the reason is that kABI
fixup in patches.kabi/driver-core-kABI-workaround-for-dev_groups-in-device.patch
is not restoring original KABI since the (extended) struct device_driver
is embedded in other structs, like platform_driver.
And I agree with Michal's comments, CVE-2024-49925 vulnerability is not
easy to be used by attacker who does not have root permission. So let's
revert the following backported/kabi patches and set CVE-2024-49925 to
WONFIX on SLE12-SP5:
72643096ed46b327a37e55db8130cbdc5dadc513
driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
993ec78562135da497117ab08d14b980c9f783ac
driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
d16dce7a3af05c2034c4ba6cea77c5fdc32124cd
driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
bff30872a052aab87ee7774e2be9b01e1cc917a9
fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit 4b057cb
- Revert "driver core: kABI workaround for dev_groups in device_driver"
This reverts commit 993ec78562135da497117ab08d14b980c9f783ac.
(bsc#1232224 CVE-2024-49925)
As Michal Koutný's comment#70 in bsc#1232224, the reason is that kABI
fixup in patches.kabi/driver-core-kABI-workaround-for-dev_groups-in-device.patch
is not restoring original KABI since the (extended) struct device_driver
is embedded in other structs, like platform_driver.
And I agree with Michal's comments, CVE-2024-49925 vulnerability is not
easy to be used by attacker who does not have root permission. So let's
revert the following backported/kabi patches and set CVE-2024-49925 to
WONFIX on SLE12-SP5:
72643096ed46b327a37e55db8130cbdc5dadc513
driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
993ec78562135da497117ab08d14b980c9f783ac
driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
d16dce7a3af05c2034c4ba6cea77c5fdc32124cd
driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
bff30872a052aab87ee7774e2be9b01e1cc917a9
fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit eade7d6
- Revert "driver core: Fix error return code in really_probe()"
This reverts commit 72643096ed46b327a37e55db8130cbdc5dadc513.
(bsc#1232224 CVE-2024-49925)
As Michal Koutný's comment#70 in bsc#1232224, the reason is that kABI
fixup in patches.kabi/driver-core-kABI-workaround-for-dev_groups-in-device.patch
is not restoring original KABI since the (extended) struct device_driver
is embedded in other structs, like platform_driver.
And I agree with Michal's comments, CVE-2024-49925 vulnerability is not
easy to be used by attacker who does not have root permission. So let's
revert the following backported/kabi patches and set CVE-2024-49925 to
WONFIX on SLE12-SP5:
72643096ed46b327a37e55db8130cbdc5dadc513
driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
993ec78562135da497117ab08d14b980c9f783ac
driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
d16dce7a3af05c2034c4ba6cea77c5fdc32124cd
driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
bff30872a052aab87ee7774e2be9b01e1cc917a9
fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit 409618d
- nvme-pci: fix freeing of the HMB descriptor table (bsc#1234921
CVE-2024-56756).
- commit a639847
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit 07aa3cb
- vfio/pci: Properly hide first-in-list PCIe extended capability
(bsc#1235004 CVE-2024-53214).
- commit 1b7890f
- wifi: ath10k: avoid NULL pointer error during sdio remove
(CVE-2024-56599 bsc#1235138).
- commit 827f8ee
- leds: class: Protect brightness_show() with led_cdev->led_access
mutex (CVE-2024-56587 bsc#1235125).
- commit 654afb9
- net: marvell: mvpp2: phylink requires the link interrupt
(bsc#1117016).
- Delete
patches.suse/net-mvpp2-fix-condition-for-setting-up-link-interrup.patch.
Replace downsteram patch with upstream one
- commit 5355aa8
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit 9674234
- Bluetooth: Consolidate code around sk_alloc into a helper
function (bsc#1235056 CVE-2024-56604).
Refresh
patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit d4282e9
- Bluetooth: hci_sock: purge socket queues in the destruct()
callback (bsc#1235056 CVE-2024-56604).
- commit a8a4e81
- hfsplus: don't query the device logical block size multiple
times (bsc#1235073 CVE-2024-56548).
- commit ff0cbed
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 22125f2
- ALSA: 6fire: Release resources at card release (CVE-2024-53239
bsc#1235054).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(CVE-2024-56531 bsc#1235057).
- commit d3f225e
- NFSD: Prevent a potential integer overflow (CVE-2024-53146
bsc#1234853).
- commit c43d88d
- Refresh
patches.suse/char-virtio-Select-VIRTIO-from-VIRTIO_CONSOLE.patch.
- Refresh
patches.suse/net-packet-fix-overflow-in-tpacket_rcv.patch.
Add upstream references and move to sorted section.
- commit 62678cc
- SUNRPC: 'Directory with parent 'rpc_clnt' already
present!' (bsc#1168202 bsc#1188924).
- commit 511e0dd
- SUNRPC: fix use-after-free in rpc_free_client_work()
(bsc#1168202 bsc#1188924).
- Refresh
patches.suse/SUNRPC-Fix-RPC-client-cleaned-up-the-freed-pipefs-de.patch.
- Refresh
patches.suse/SUNRPC-defer-slow-parts-of-rpc_free_client-to-a-work.patch.
Add upstream reference and move to sorted section. Split a fix-up to a
separate patch so that it also gets its upstream reference. This aligns
with how things were done in other maintained kernel branches.
- commit f5a7a6e
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141 bsc#1234381)
- commit 5b1c6de
- RDMA/mlx5: Cancel pkey work before destroying device resources (bsc#1235009 CVE-2024-53224)
- commit 9ac5166
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes bsc#1230697 CVE-2024-8805 CVE-2024-53144
bsc#1234690).
- Update
patches.suse/can-bcm-Clear-bo-bcm_proc_read-after-remove_proc_ent.patch
(CVE-2024-46771 bsc#1230766 CVE-2024-47709 bsc#1232048).
- Update
patches.suse/mm-revert-mm-shmem-fix-data-race-in-shmem_getattr.patch
(CVE-2024-50228 bsc#1233204 git fixes (mm/shmem) CVE-2024-53136
bsc#1234161).
- Update
patches.suse/net-relax-socket-state-check-at-accept-time.patch
(git-fixes CVE-2024-36484 bsc#1226872).
- Update
patches.suse/ocfs2-uncache-inode-which-has-failed-entering-the-group.patch
(bsc#1234087 CVE-2024-53112).
- commit 357ae3f
- Refresh
patches.suse/Deprecate-NR_UNSTABLE_NFS-use-NR_WRITEBACK.patch.
- Refresh
patches.suse/MM-replace-PF_LESS_THROTTLE-with-PF_LOCAL_THROTTLE.patch.
- Refresh
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch.
Add upstream reference to 2 patches, move them to the sorted section and
refresh another patch to solve context conflicts.
- commit 91ba058
- firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware (CVE-2024-53157 bsc#1234827).
- commit 77c498b
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
(CVE-2024-53210 bsc#1234971).
- commit e1704a7
- ALSA: usb-audio: Fix out of bounds reads when finding clock
sources (CVE-2024-53150 bsc#1234834).
- commit 809edc6
- smb: client: fix OOBs when building SMB2_IOCTL request
(CVE-2024-50151 bsc#1233055).
- commit 5303c51
- xen/netfront: fix crash when removing device (XSA-465
CVE-2024-53240 bsc#1234281).
- commit 6a0455d
- btrfs: qgroup: fix sleep from invalid context bug in
btrfs_qgroup_inherit() (CVE-2022-49033 bsc#1232045).
- commit 1c36522
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(git-fixes, bsc#1230697, CVE-2024-8805).
- commit af6048b
- scsi: pm80xx: Set phy->enable_completion only when we wait
for it (CVE-2024-47666 bsc#1231453).
- commit 3fe50d4
- xfs: don't walk off the end of a directory data block
(bsc#1228405 CVE-2024-41013).
- commit 7e72128
- bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262 bsc#1233239)
- commit deb09e1
- can: bcm: Fix UAF in bcm_proc_show() (CVE-2023-52922 bsc#1233977)
- commit a84b421
- media: v4l2-tpg: prevent the risk of a division by zero (CVE-2024-50287 bsc#1233476)
- commit f6101ec
- fs: Fix uninitialized value issue in from_kuid and from_kgid (CVE-2024-53101 bsc#1233769)
- commit a397183
- udf: refactor inode_bmap() to handle error (bsc#1234242
bsc#1233096 CVE-2024-50211).
- commit 20d3a39
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- commit f098aa9
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- commit b64184f
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243
bsc#1233038 CVE-2024-50143).
- commit 67400f8
- udf: Handle error when adding extent to a file (bsc#1234437).
- commit f03c52b
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- commit eb515fb
- fsl/fman: Fix refcount handling of fman-related devices
(CVE-2024-50166 bsc#1233050).
- fsl/fman: Save device references taken in mac_probe()
(CVE-2024-50166 bsc#1233050).
- net: fman: Unregister ethernet device on removal (CVE-2024-50166
bsc#1233050).
- commit f22236a
- rtnetlink: make sure to refresh master_dev/m_ops in
__rtnl_newlink() (CVE-2022-48742 bsc#1226694).
- commit 8931ec3
- Update References: field, and keep KABI consistency of bioset_exit(),
patches.suse/dm-cache-fix-flushing-uninitialized-delayed_work-on--1354.patch
(bsc#1233467, CVE-2024-50278, bsc#1233469, CVE-2024-50280).
- commit 4bed2c0
- netfilter: nf_reject_ipv6: fix potential crash in
nf_send_reset6() (CVE-2024-50256 bsc#1233200).
- commit c62ba75
- libxml2
-
- security update
- modified patches
% fix-perl.diff (p1)
- added patches
fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
+ libxml2-CVE-2024-56171.patch
fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
+ libxml2-CVE-2025-24928.patch
fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
+ libxml2-CVE-2025-27113.patch
- security update
- added patches
fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
+ libxml2-CVE-2022-49043.patch
- python
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according modifications by the Debian
developers (Sylvain Beucler <beuc@debian.org>,
gh#python/cpython#103848#issuecomment-2708135083).
- Modify CVE-2025-0938-sq-brackets-domain-names.patch: we don't
use bracketed_host variable any more (correction of the fix for
bsc#1236705, discovered during analysis for bsc#1223694).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- wget
-
- If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
[bsc#1185551, wget-do-not-propagate-credentials.patch,
bsc#1230795, CVE-2021-31879]
- curl
-
- Security fix: [bsc#1236590, CVE-2025-0725]
* content_encoding: drop support for zlib before 1.2.0.4
* content_encoding: put the decomp buffers into the writer structs
* Add curl-CVE-2025-0725.patch
- Security fix: [bsc#1236588, CVE-2025-0167]
* netrc: 'default' with no credentials is not a match
* Add curl-CVE-2025-0167.patch
- google-guest-agent
-
- Add patch to fix unexpected memory consumption during token
parsing in golang.org/x/oauth2 (bsc#1239197, CVE-2025-22868)
* CVE-2025-22868.patch
- Update to version 20250116.00: (bsc#1236403)
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to remove
only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
- Update to version 20241209.01: (bsc#1235664)
* readme: add notes about plugin manager (#476)
* Update metadata script runner to honor cloud logging config flag (#475)
* Fixing fallback from systemd-networkd to dhclient (#471)
* network: fix nmcli check pattern (#472)
* Update readme with guest agent manager (#469)
* Add missing packaging spec (#466)
* Bring back side-by-side packaging (#464)
* Avoid changing permissions of directory if parent is / (#463)
* network: force NetworkManager to connect to primary nic (#461)
* Revert plugin manager packaging (#460)
* Add GOPATH to PATH in debian build (#459)
* Add plugin manager to debian build (#457)
* rpm packaging: fix plugin manager assumptions (#458)
* packaging: add plugin manager to rhel packaging (#454)