- audit-secondary
-
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
* add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
- augeas
-
- add augeas-sysctl_parsing.patch (bsc#1197443)
* backport original patch and rebase.
- binutils
-
- Add binutils-revert-rela.diff to revert back to old behaviour
of not ignoring the in-section content of to be relocated
fields on x86-64, even though that's a RELA architecture.
Compatibility with buggy object files generated by old tools.
[bsc#1198422]
- cifs-utils
-
- CVE-2022-27239: mount.cifs: fix length check for ip option
parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
* add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- cluster-glue
-
- Requesting cluster-glue bugfix (bsc#1197681)
* Add upstream patch:
0002-bugfix-for-comment-in-external-ec2.patch
- curl
-
- Securiy fix: [bsc#1199223, CVE-2022-27781]
* CERTINFO never-ending busy-loop
* Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
* TLS and SSH connection too eager reuse
* Add curl-CVE-2022-27782.patch
- Security fix: [bsc#1198766, CVE-2022-27776]
* Auth/cookie leak on redirect
* Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
* OAUTH2 bearer bypass in connection re-use
* Add curl-CVE-2022-22576.patch
- dhcp
-
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
- e2fsprogs
-
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
- gcc11
-
- Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
* includes gcc11-pr104931.patch
* includes fix for Firefox ICE [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
* includes change to adjust gnats idea of the target, fixing
the build of gprbuild. [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
in 0ad on i586. [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
cross-riscv64-gcc11 now provide a fully hosted C (and C++)
cross compiler, not just a freestanding one. I.e. with a cross
glibc. They don't yet support the sanitizer libraries.
Part of [jsc#OBS-124].
- glib2
-
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
- gzip
-
- Add hardening for zgrep (CVE-2022-1271, bsc#1198062)
* bsc1198062-2.patch
- jasper
-
- bsc#1184757 CVE-2021-3467: Fix NULL pointer deref in jp2_decode()
Add jasper-CVE-2021-3467.patch
- bsc#1184798 CVE-2021-3443: Fix NULL pointer derefin jp2_decode()
Add jasper-CVE-2021-3443.patch
- bsc#1182104 CVE-2021-26927: Fix NULL pointer deref in jp2_decode()
bsc#1182105 CVE-2021-26926: Fix Out of bounds read in jp2_decode()
Add jasper-CVE-2021-26926-CVE-2021-26927.patch
- kernel-default
-
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit be1f831
- fsl/fman: Check for null pointer after calling devm_ioremap
(git-fixes).
- commit a939025
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit df66a4a
- can: gs_usb: fix use of uninitialized variable, detach device
on reception of invalid USB data (git-fixes).
- commit 8660202
- net: ethernet: mtk_eth_soc: fix return values and refactor
MDIO ops (git-fixes).
- commit 0892190
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
(git-fixes).
- commit 039c504
- i40e: Fix incorrect netdev's real number of RX/TX queues
(git-fixes).
- commit 71ccdfa
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 0fdc23e
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit e2aedd0
- USB: Fix xhci event ring dequeue pointer ERDP update issue
(git-fixes).
- commit c9dd9d4
- blacklist.conf: Append 'vgacon: Propagate console boot parameters before calling `vc_resize''
- commit 049412f
- blacklist.conf: kABI
- commit 82bdaff
- blacklist.conf: irrelevant in our configs
- commit 56584e8
- blacklist.conf: cleanup, not a fix
- commit d0b397b
- net/x25: Fix null-ptr-deref caused by x25_disconnect
(CVE-2022-1516 bsc#1199012).
- commit 70361a9
- blacklist.conf: Append 'backlight: qcom-wled: Fix off-by-one maximum with default num_strings'
- commit 51cd556
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit f58734a
- video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
- commit 783e7a7
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#1129770)
- commit 155ebc4
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
- commit 639ac93
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
- commit e434e14
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
- commit 344bc32
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#1129770)
- commit 66c9a63
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770)
- commit 816cbfa
- parisc/sticon: fix reverse colors (bsc#1129770)
- commit 96cba65
- video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
- commit b2ee4b1
- fbmem: don't allow too huge resolutions (bsc#1129770)
- commit 3261ce6
- backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
- commit 1e071a0
- Restore kabi after Revert "/NFSv4: Handle the special Linux file
open access mode"/ (git-fixes).
- commit 454c575
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- commit ae8eb8d
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- commit 1ab34f7
- blacklist.conf: misattributed
- commit 67e9964
- blacklist.conf: irrelevant in our config
- commit b67c63d
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- commit fba8723
- media: stkwebcam: fix memory leak in stk_camera_probe
(git-fixes).
- commit 93825c5
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
(git-fixes).
- commit 40501ef
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
(git-fixes).
- commit 451e148
- media: rc-loopback: return number of emitters rather than error
(git-fixes).
- commit cff83f4
- media: uvc: don't do DMA on stack (git-fixes).
- commit c3b7b8e
- media: videobuf2-core: dequeue if start_streaming fails
(git-fixes).
- commit dc1215d
- media: lmedm04: Fix misuse of comma (git-fixes).
- commit fdc42cf
- ovl: fix missing negative dentry check in ovl_rename()
(CVE-2021-20321 bsc#1191647).
- commit 3e23b63
- blacklist.conf: duplicate
- commit cf7be65
- blacklist.conf: cleanup
- commit 41d47c2
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
(bsc#1028340 bsc#1198825).
- commit 058dc1f
- rtl8187: fix control-message timeouts (git-fixes).
- commit 79977ac
- ath6kl: fix division by zero in send path (git-fixes).
- commit 4d7c95f
- ath6kl: fix control-message timeout (git-fixes).
- commit 77388d0
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- commit 4a06a7f
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- commit 85a369e
- libertas: Fix possible memory leak in probe and disconnect
(git-fixes).
- commit 3b6017c
- libertas_tf: Fix possible memory leak in probe and disconnect
(git-fixes).
- commit 966339e
- ath10k: fix max antenna gain unit (git-fixes).
- commit b33c09d
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- commit d0dc5a4
- mwifiex: Send DELBA requests according to spec (git-fixes).
- commit 1fdac31
- mwifiex: Read a PCI register after writing the TX ring write
pointer (git-fixes).
- commit 3308154
- b43: fix a lower bounds test (git-fixes).
- commit 1a2c981
- b43legacy: fix a lower bounds test (git-fixes).
- commit 12ea1d7
- blacklist.conf: optimization that breaks kABI
- commit 0b8cb68
- USB: usb-storage: Fix use of bitfields for hardware data in
ene_ub6250.c (git-fixes).
- commit 8485f85
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- commit e071cd2
- USB: serial: simple: add Nokia phone driver (git-fixes).
- commit 6cdbd34
- blacklist.conf: optimization
- commit efab6ed
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- commit 8306949
- blacklist.conf: no gadget mode in SLE12
- commit 6d57b76
- usb: ulpi: Call of_node_put correctly (git-fixes).
- commit 98c8547
- USB: core: Fix bug in resuming hub's handling of wakeup requests
(git-fixes).
- commit d42a2ba
- USB: Fix "/slab-out-of-bounds Write"/ bug in
usb_hcd_poll_rh_status (git-fixes).
- commit 7c8f2b6
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
(git-fixes).
- commit 6c78568
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race
(git-fixes).
- commit 62d7e13
- io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros
(git-fixes).
- commit 48bc31d
- mxser: fix xmit_buf leak in activate when LSR == 0xff
(git-fixes).
- PCI: iproc: Fix out-of-bound array accesses (git-fixes).
- PCI: Fix overflow in command-line resource alignment requests
(git-fixes).
- PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
(git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
- Refresh
patches.suse/PCI-qcom-Add-missing-reset-for-ipq806x.patch.
- PCI: Add device even if driver attach failed (git-fixes).
- PCI/switchtec: Read all 64 bits of part_event_bitmap
(git-fixes).
- commit 9f2996c
- SUNRPC: Handle low memory situations in call_status()
(git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
(git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
(git-fixes).
- fs/nfs: Use fatal_signal_pending instead of signal_pending
(git-fixes).
- commit 2cecf8b
- Refresh
patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
Update git-commit now that it has landed.
- commit 4e48858
- Update
patches.suse/drm-ttm-nouveau-don-t-call-tt-destroy-callback-on-al.patch
(bsc#1175232 bsc#1183723 CVE-2021-20292).
- commit 9708de1
- net-sysfs: call dev_hold if kobject_init_and_add success
(CVE-2019-20811 bsc#1172456).
- commit 5de8a61
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748).
- commit 25ea790
- random: check for signal_pending() outside of need_resched()
check (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
(git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- commit 0ec1c9f
- blacklist.conf: blacklist compile fix for test routines
- commit 0cd9e6f
- blacklist.conf: add one ARCH_NOMADIK entry
- commit f5b6eaf
- Update
patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch
(bsc#1051510 bsc#1084513 CVE-2018-7755).
- commit 371ca37
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit f3d608f
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit c2b5f0e
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(bsc#1191958 CVE-2021-43389).
- commit 6296574
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
failed connect (CVE-2021-38208 bsc#1187055).
- commit 54aed86
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 01cc4ae
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803).
- commit e3bcaa0
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit ffb367f
- kABI fix for tcp: fix race condition when creating child
sockets from syncookies (bsc#1197075).
- commit fd09edb
- tcp: Fix potential use-after-free due to double kfree()
(bsc#1197075).
- commit ad52893
- tcp: fix race condition when creating child sockets from
syncookies (bsc#1197075).
- commit 6729a4f
- NFSv4: Fix a regression in nfs_set_open_stateid_locked()
(bsc#1196247).
- kabi fix for NFSv4: Wait for stateid updates after
CLOSE/OPEN_DOWNGRADE (bsc#1196247).
- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE
(bsc#1196247).
Adjust some kabi fixes to match.
- NFSv4.x recover from pre-mature loss of openstateid (bsc#1196247).
- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE
(bsc#1196247).
- NFSv4: Don't try to CLOSE if the stateid 'other' field has
changed (bsc#1196247).
- commit 639faa6
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- commit c63cb9b
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- commit 323e981
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- commit 9fa453a
- net/mlx5e: Reduce tc unsupported key print level (git-fixes).
- commit ccf2751
- Update
patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
(bsc#1198400).
- Update
patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
(bsc#1198400).
- commit b81f481
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
PTRACE_SEIZE (bsc#1198413).
- commit 9eb132f
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit f836b54
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit b729b95
- Revert "/module, async: async_synchronize_full() on module init
iff async is used"/ (bsc#1197888).
- commit 23e6efe
- i40e: add correct exception tracing for XDP (git-fixes).
- commit 646c060
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure
(CVE-2021-20292 bsc#1183723).
- commit f1a5fa2
- i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
- commit eba7817
- blacklist.conf: misattributed in upstream
- commit d24b230
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- commit 49769d6
- blacklist.conf: cleanup, not a fix
- commit 7a11af1
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
(git-fixes).
- commit dc3e8da
- blacklist.conf: depends on intrusive updates
- commit 86c3906
- x86/speculation: Restore speculation related MSRs during S3
resume (bsc#1114648).
- commit 46f1ca5
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
commands (git-fixes).
- commit d81a725
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
(git-fixes).
- commit 3893e26
- fuse: handle kABI change in struct fuse_req (bsc#1197343
CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
CVE-2022-1011).
- commit e67cd7e
- x86/pm: Save the MSR validity status at context setup
(bsc#1114648).
- commit 87c5893
- livepatch: Don't block removal of patches that are safe to
unload (bsc#1071995).
- commit 3b32a28
- fix parallelism for rpc tasks (bsc#1197663).
- Make the xprtiod workqueue unbounded (bsc#1197663).
- commit 8b97258
- Refresh
patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch.
Fix missplaced qdisc_put()
- commit 883b3be
- xen: fix is_xen_pmu() (git-fixes).
- commit bd40deb
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c99cc8
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit dd22f66
- xen: don't continue xenstore initialization in case of errors
(git-fixes).
- commit 6a9b916
- blacklist.conf: 1dbd11ca75fe ("/xen: remove gnttab_query_foreign_access()"/)
- commit 37fa08f
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
- commit c239ab7
- RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
- commit 986a537
- RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
- commit dacc35c
- RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
- commit f3ecb3d
- Update
patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
references (add CVE-2022-28356 bsc#1197391).
- commit 658b50e
- net: rtlwifi: properly check for alloc_workqueue() failure
(git-fixes).
- commit 3c2f34d
- blacklist.conf: dependency would break kABI
- commit 0dc5499
- mac80211: fix station rate table updates on assoc (git-fixes).
- commit 7c6c73d
- mt7601u: fix rx buffer refcounting (git-fixes).
- commit f6f3ca9
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit cfcccfb
- arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
- commit bbc565a
- arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
- commit 03dcd08
- arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
- commit a917d0c
- arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes)
- commit f170463
- arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
- commit b039486
- blacklist.conf: ("/arm64: defconfig: Re-enable bcm2835-thermal driver"/)
- commit e6a130b
- arm64: cmpxchg: Use "/K"/ instead of "/L"/ for ll/sc immediate constraint (git-fixes)
- commit 7722c1f
- arm64: relocatable: fix inconsistencies in linker script and options (git-fixes)
- commit 64d186d
- arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
- commit 310ed92
- arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
- commit 2bbad05
- arm64: fix for bad_mode() handler to always result in panic (git-fixes)
- commit 14351ce
- arm64: only advance singlestep for user instruction traps (git-fixes)
- commit cf205ee
- crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
- commit 3a20ee6
- libvirt
-
- CVE-2022-0897: nwfilter: fix crash when counting number of
network filters
a4947e8f-nwfilter-CVE-2022-0897.patch
bsc#1197636
- libxl: Mark auto-allocated graphics ports to used on reconnect
e0241f33-libxl-mark-allocated-graphics-ports.patch
- libxl: Release all auto-allocated graphics ports
18ec405a-libxl-release-graphics-ports.patch
bsc#1191668
- libxml2
-
- Security fix: [bsc#1069689, CVE-2017-16932]
* parser.c in libxml2 before 2.9.5 does not prevent infinite
recursion inparameter entities.
* Add libxml2-CVE-2017-16932.patch
- Sync and fix changelog entries between libxml2 and
python-libxml2.
- Security fix: [bsc#1199132, CVE-2022-29824]
* Integer overflow leading to out-of-bounds write in buf.c
(xmlBuf*) and tree.c (xmlBuffer*)
* Add libxml2-CVE-2022-29824.patch
* Add libxml2-CVE-2022-23308.patch
* Add libxml2-CVE-2021-3541.patch
- Version update to 2.9.7 release:
* Bug Fixes:
+ xmlcatalog: restore ability to query system catalog easily
+ Fix comparison of nodesets to strings
* Improvements:
+ Add Makefile rules to rebuild HTML man pages
+ Remove generated file python/setup.py from version control
+ Fix mixed decls and code in timsort.h
+ Rework handling of return values in thread tests
+ Fix unused variable warnings in testrecurse
+ Fix -Wimplicit-fallthrough warnings
+ Upgrade timsort.h to latest revision
+ Fix a couple of warnings in dict.c and threads.c
+ Fix unused variable warnings in nanohttp.c
+ Don't include winsock2.h in xmllint.c
+ Use __linux__ macro in generated code
* Portability:
+ Add declaration for DllMain
+ Fix preprocessor conditional in threads.h
+ Fix macro redefinition warning
+ many Windows specific improvements
* Documentation:
+ xmlcatalog: refresh man page wrt. quering system catalog easily
- Includes bug fixes from 2.9.6:
* Fix XPath stack frame logic
* Report undefined XPath variable error message
* Fix regression with librsvg
* Handle more invalid entity values in recovery mode
* Fix structured validation errors
* Fix memory leak in LZMA decompressor
* Set memory limit for LZMA decompression
* Handle illegal entity values in recovery mode
* Fix debug dump of streaming XPath expressions
* Fix memory leak in nanoftp
* Fix memory leaks in SAX1 parser
- Drop libxml2-bug787941.patch
* upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
- Update package summaries and RPM groups. Trim descriptions for
size on secondary subpackages. Replace install call by a
commonly-used macro.
- Add patch to fix TW integration:
* libxml2-bug787941.patch
- Version update to 2.9.5 release:
* Merged all the previous cve fixes that were patched in
* Few small tweaks
- Remove merged patches:
* libxml2-CVE-2016-4658.patch
* libxml2-CVE-2017-0663.patch
* libxml2-CVE-2017-5969.patch
* libxml2-CVE-2017-9047.patch
* libxml2-CVE-2017-9048.patch
* libxml2-CVE-2017-9049.patch
* libxml2-2.9.4-fix_attribute_decoding.patch
- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
XPointer ranges. Namespace nodes must be copied to avoid
use-after-free errors. But they don't necessarily have a physical
representation in a document, so simply disallow them in XPointer
ranges [bsc#1005544] [CVE-2016-4658]
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
push parser that fails with bogus UTF-8 encoding error when
multi-byte character in large CDATA section is split across
buffer [bnc#962796]
- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix
that doesn't break other applications
- buildignore python to avoid build cycle
- fix version
- renamed to python-libxml2 to follow python naming expectations
- do not require python but let rpm figure it out
- buildrequire python-xml to fix build
- libyajl
-
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
- lifecycle-data-sle-live-patching
-
- Added data for 4_12_14-122_110, 4_12_14-122_113, 4_12_14-95_88,
4_12_14-95_93, 4_4_180-94_153, 4_4_180-94_156. (bsc#1020320)
- mutt
-
- Add patch uudecode-e5ed080c.patch for bsc#1198518 and CVE-2022-1328
to fix a buffer overflow in uudecoder
- openldap2
-
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
* 0225-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1198383 - Resolve issue with SASL init
* 0224-ITS-8648-init-SASL-library-in-global-init.patch
- psmisc
-
* Add a fallback if the system call name_to_handle_at() is
not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
* Replace the synchronizing over pipes of the sub process for the
stat(2) system call with mutex and conditions from pthreads(7)
(bsc#1194172)
- Add patch psmisc-22.21-statx.patch
* Use statx(2) or SYS_statx system call to replace the stat(2)
system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- samba
-
- Revert NIS support removal; (bsc#1199247);
- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);
- Update to 4.15.7
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written
to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal; (bso#14983);
* Simple bind doesn't work against an RODC (with non-preloaded users);
(bso#13879);
* Crash of winbind on RODC; (bso#14641);
* uncached logon on RODC always fails once; (bso#14865);
* KVNO off by 100000; (bso#14951);
* LDAP simple binds should honour "/old password allowed period"/;
(bso#15001);
* wbinfo -a doesn't work reliable with upn names; (bso#15003);
* Simple bind doesn't work against an RODC (with non-preloaded
users); (bso#13879);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* Regression: create krb5 conf = yes doesn't work with a single KDC;
(bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
previous versions; (bsc#1198663);
- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);
- Add missing samba-libs requirement to samba-winbind package;
(bsc#1198255);
- sapconf
-
- version update from 5.0.3 to 5.0.4
- change block device handling to handle multipath devices
correctly. Only the DM multipath devices (mpath) will be used for
the settings, but not its paths.
(bsc#1188743)
- fixed wrong comparison used for setting force_latency
(bsc#1185702)
- SAP Note 1771258 v6 updates nofile values to 1048576
(bsc#1192841)
- tiff
-
- security update
* CVE-2022-0561 [bsc#1195964]
+ tiff-CVE-2022-0561.patch
* CVE-2022-0562 [bsc#1195965]
+ tiff-CVE-2022-0562.patch
* CVE-2022-0865 [bsc#1197066]
+ tiff-CVE-2022-0865.patch
* CVE-2022-0909 [bsc#1197072]
+ tiff-CVE-2022-0909.patch
* CVE-2022-0924 [bsc#1197073]
+ tiff-CVE-2022-0924.patch
* CVE-2022-0908 [bsc#1197074]
+ tiff-CVE-2022-0908.patch
- security update
* CVE-2022-1056 [bsc#1197631]
* CVE-2022-0891 [bsc#1197068]
+ tiff-CVE-2022-1056,CVE-2022-0891.patch