- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- python
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- google-guest-configs
-
- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
* Temporarily revert google_set_multiqueue changes for release (#92)
- from version 20241115.00
* Remove IDPF devices from renaming rules (#91)
- from version 20241112.00
* Revert "Revert 3 commits:" (#89)
- from version 20241108.00
* Revert 3 commits: (#87)
- from version 20241107.00
* gce-nic-naming: Exit 1 so that udev ignores the rule on error (#86)
- from version 20241106.00
* Remove Apt IPv4 only config for Debian and Ubuntu (#85)
- from version 20241031.00
* Add GCE intent based NIC naming tools (#84)
- from version 20241025.00
* Update google_set_multiqueue to skip set_irq
if NIC is not a gvnic device (#83)
- Add new binary gce-nic-naming to %{_bindir} in %files section
- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
* Add GCE-specific config for systemd-resolved (#82)
- from version 20241015.00
* Update google_set_multiqueue to enable on A3Ultra family (#79)
- from version 20241013.00
* Update OWNERS (#81)
- from version 20241010.00
* Depend on jq in enterprise linux (#80)
- from version 20241008.00
* Always use IP from primary NIC in the
networkd-dispatcher routable hook (#78)
- Update to version 20240925.00
* Call google_set_hostname on openSUSE and when the agent
is configured to manage hostname and FQDN, let it (#75)
- from version 20240924.00
* Include systemd-networkd hook in Ubuntu packaging (#77)
- from version 20240905.00
* Update packaging as of Ubuntu devel packaging (#65)
- from version 20240830.00
* Fix the name for A3 Edge VMs (#76)
- Update to version 20240725.00
* Fix: hostnamectl command (#74)
- Update to version 20240607.00
* Update is_a3_platform to include A3-edge shape (#73)
- Update to version 20240514.00
* Add systemd-networkd hostname hook (#71)
- from version 20240501.00
* Add hostname hook for NetworkManager without
dhclient compat script (#70)
- kernel-default
-
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072 CVE-2024-53114).
- commit ace41bd
- Update
patches.suse/initramfs-avoid-filename-buffer-overrun.patch
(CVE-2024-53142 bsc#1232436).
- commit c12c103
- Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886
bsc#1223044).
- Bluetooth: Avoid potential use-after-free in hci_error_reset
(CVE-2024-26801 bsc#1222413).
- commit 0002c48
- dm cache: fix potential out-of-bounds access on the first resume
(bsc#1233467, CVE-2024-50278).
- dm cache: optimize dirty bit checking with find_next_bit when
resizing (bsc#1233467, CVE-2024-50278).
- commit 0b89286
- Update References: field,
patches.suse/dm-cache-fix-out-of-bounds-access-to-the-dirty-bitset-when-resizing.patch
(bsc#1233467, bsc#1233468, CVE-2024-50278, CVE-2024-50279).
- commit 3ad9690
- dm cache: fix flushing uninitialized delayed_work on cache_ctr
error (bsc#1233467, CVE-2024-50278).
- dm cache: correct the number of origin blocks to match the
target length (bsc#1233467, CVE-2024-50278).
- commit 4bc71b8
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(CVE-2024-46771 bsc#1230766).
- commit 491eb77
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- commit 8d46222
- sch/netem: fix use after free in netem_dequeue (CVE-2024-46800
bsc#1230827).
- can: bcm: Remove proc entry when dev is unregistered
(CVE-2024-46771 bsc#1230766).
- commit 4db26bc
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit 5e374e6
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5cba6cd
- usb: typec: altmode should keep reference to parent (CVE-2024-50150 bsc#1233051)
- commit 42ad9b3
- net: hns3: fix kernel crash when uninstalling driver (CVE-2024-50296 bsc#1233485)
- commit 184c4c0
- drm/vc4: Warn if some v3d code is run on BCM2711 (bsc#1233108)
Only take struct vc4file.dev for bsc#1233108. Leave out the commit's
tests and warnings.
- commit 7eeddbe
- net: relax socket state check at accept time (git-fixes).
- commit 4a31544
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
(CVE-2024-36905 bsc#1225742).
- commit 9ad4cc7
- drm/vc4: Stop the active perfmon before being destroyed (bsc#1233108 CVE-2024-50187)
- commit f0f44d8
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (CVE-2024-49938 bsc#1232552)
- commit 4092e67
- netfilter: nf_tables: prevent nf_skb_duplicated corruption (CVE-2024-49952 bsc#1232157)
- commit 0b60580
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit 6e6d2aa
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit 12a43db
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit a5eeed1
- nvme-pci: fix race condition between reset and
nvme_dev_disable() (bsc#1232888 CVE-2024-50135).
- commit d800691
- scsi: lpfc: Ensure DA_ID handling completion before deleting
an NPIV instance (bsc#1233130 CVE-2024-50183).
- commit 2341eee
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
Patch has been manually modified to apply.
- commit e2aba08
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
(CVE-2024-53066 bsc#1233560).
- commit b4e2ec3
- btrfs: fix a NULL pointer dereference when failed to start a
new trasacntion (CVE-2024-49868 bsc#1232272).
- commit 28e08c8
- Reinstate some of "swiotlb: rework "fix info leak with
DMA_FROM_DEVICE"" (CVE-2022-48853 bsc#1228015).
- commit ddba53c
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 6bc7fd8
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit edf6fa0
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
SKB data (CVE-2024-53058 bsc#1233552).
- commit ebde361
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- Bluetooth: call sock_hold earlier in sco_conn_del
(CVE-2024-50125 bsc#1232928).
- commit 4838e6d
- Update
patches.suse/posix-clock-posix-clock-Fix-unbalanced-locking-in-pc.patch
(CVE-2024-50195 bsc#1233103 CVE-2024-50210 bsc#1233097).
- commit 4b1cf97
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
(CVE-2024-50228, bsc#1233204, git fixes (mm/shmem)).
- commit 84efe19
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit dede472
- media: av7110: fix a spectre vulnerability (CVE-2024-50289
bsc#1233478).
- commit 43a6f6e
- efi/memattr: Ignore table if the size is clearly bogus
(CVE-2024-49858 bsc#1232251 bsc#1231465).
- commit 3272541
- i40e: fix race condition by adding filter's intermediate sync
state (CVE-2024-53088 bsc#1233580).
- i40e: fix i40e_count_filters() to count only active/new filters
(CVE-2024-53088 bsc#1233580).
- commit c0c4369
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (bsc#1233454 CVE-2024-50265).
- commit 3e0d522
- net: hns3: fix a deadlock problem when config TC during
resetting (CVE-2024-44995 bsc#1230231).
- commit 398b1db
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 62f1f9b
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555
git-fixes CVE-2024-53085 bsc#1233577).
- commit 70d272c
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit 506c426
- Update
patches.suse/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch
(bsc#1221977 CVE-2021-47162 bsc#1225764 CVE-2024-36954
CVE-2024-36886 bsc#1225730).
- commit 6b7c8a5
- net: netem: use a list in addition to rbtree
(git-fixes CVE-2024-45016 bsc#1230429).
- commit 2b0774f
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-48853
bsc#1228015).
- commit 56fe90d
- crypto: ecdh - explicitly zeroize private_key (CVE-2024-42098
bsc#1228779).
- commit ef82dbf
- crypto: aead,cipher - zeroize key buffer after use
(CVE-2024-42229 bsc#1228708).
- commit 1b83698
- btrfs: reinitialize delayed ref list after deleting it from
the list (bsc#1233462 CVE-2024-50273).
- commit 0901f0b
- Refresh
patches.suse/net-prevent-mss-overflow-in-skb_segment.patch.
Fix the following warning:
net/core/skbuff.c: In function 'skb_segment':
include/linux/kernel.h:795:16: warning: comparison of distinct pointer types lacks a cast [enabled by default]
include/linux/kernel.h:798:2: note: in expansion of macro '__min'
net/core/skbuff.c:3302:18: note: in expansion of macro 'min'
This is how the warning got silenced in upstream stable kernel
v4.19.321.
- commit 68ad1ea
- Refresh
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch.
Adjust the backport to match the old size of struct members. This
fixes the following warning:
../drivers/scsi/lpfc/lpfc_sli.c: In function 'lpfc_sli_flush_io_rings':
../drivers/scsi/lpfc/lpfc_sli.c:4436:5: warning: format '%lx' expects argument of type 'long unsigned int', but argument 5 has type 'int' [-Wformat=]
../drivers/scsi/lpfc/lpfc_sli.c:4436:5: warning: format '%lx' expects argument of type 'long unsigned int', but argument 6 has type 'uint32_t' [-Wformat=]
- commit dff4c6e
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit b1b7b65
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 41e678c
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (CVE-2024-50171 bsc#1233057)
- commit a8cf9c8
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CVE-2024-50148 bsc#1233063)
- commit cb3dc55
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073 bsc#1232520)
- commit 68babec
- Update
patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch
(git-fixes CVE-2024-50194 bsc#1233111).
- Update
patches.suse/arm64-probes-Remove-broken-LDR-literal-uprobe-support.patch
(git-fixes CVE-2024-50099 bsc#1232887).
- Update
patches.suse/ceph-remove-the-incorrect-Fw-reference-check-when-dir.patch
(bsc#1231184 CVE-2024-50179 bsc#1233123).
- commit c9a203b
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
(bsc#1233191 CVE-2024-50218).
- commit cc4dbc4
- Update tags in
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- commit dcc8f26
- Fix compiler warnings introduced in
patches.suse/udf-Avoid-excessive-partition-lengths.patch.
- commit fc54634
- mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228,
bsc#1233204, git fixes (mm/shmem)).
- commit e71d93b
- driver core: bus: Fix double free in driver API bus_register()
(bsc#1232329 CVE-2024-50055).
- commit 0448963
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 0050d80
- drm/amd: Guard against bad data for ATIF ACPI method (bsc#1232897 CVE-2024-50117)
- commit 97c9929
- wifi: mac80211: do not pass a stopped vif to the driver in
.get_txpower (CVE-2024-50237 bsc#1233216).
- commit 6d8f0b7
- wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236
bsc#1233212).
- commit 0b6cbda
- wifi: iwlegacy: Clear stale interrupts before resuming device
(CVE-2024-50234 bsc#1233211).
- commit 01cb9ce
- drm/amd/display: Check null pointers before used (bsc#1232371 CVE-2024-49921)
- commit e8deeae
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit a88491e
- Update tags
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-42131 bsc#1228650).
- commit 3f14d21
- RDMA/mad: Improve handling of timed out WRs of mad agent (bsc#1232873 CVE-2024-50095)
- commit 2d90f41
- IB/mad: Issue complete whenever decrements agent refcount (bsc#1232873 CVE-2024-50095)
- commit 27da1c4
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167
bsc#1233049).
- commit 4f25cff
- cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations
(CVE-2024-27051 bsc#1223769).
- commit 6437a99
- driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
- commit 7264309
- parport: Proper fix for array out-of-bounds access (CVE-2024-50074 bsc#1232507)
- commit ee8e094
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's
return value (CVE-2024-27051 bsc#1223769).
- commit e56562b
- vfs: fix race between evice_inodes() and find_inode()&iput()
(bsc#1231930 CVE-2024-47679).
- commit ebf12b1
- ext4: avoid OOB when system.data xattr changes underneath the
filesystem (bsc#1231920 CVE-2024-47701).
- commit 06b6d21
- ext4: explicitly exit when ext4_find_inline_entry returns an
error (bsc#1231920 CVE-2024-47701).
- commit 76db0bc
- ext4: return error on ext4_find_inline_entry (bsc#1231920
CVE-2024-47701).
- commit 3ce9700
- ext4: ext4_search_dir should return a proper error (bsc#1231920
CVE-2024-47701).
- commit 35d9543
- wifi: cfg80211: check A-MSDU format more carefully (stable-fixes
CVE-2024-35937 bsc#1224526).
- blacklist.conf: remove the entry that we're just adding
- commit efe6631
- driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
- commit 993ec78
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 7ae8606
- driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
- commit d16dce7
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit bff3087
- NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304 CVE-2022-48967)
- commit 5a26fef
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e5b93cf
- kabi/severities: ignore amdgpu symbols
amdkfd symbols are exported but they are supposed to be used only
by amdgpu, so they are local symbols that can be ignored.
- commit 381c434
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit fea62f0
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1232218 CVE-2024-49891).
- commit b5db475
- SLE12-SP5 turned LTSS (Extended Security) - maintainership goes to L3
- commit 6e14d1d
- Bluetooth: RFCOMM: FIX possible deadlock in
rfcomm_sk_state_change (CVE-2024-50044 bsc#1231904).
- commit e681821
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit ba288b6
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 2fa13cf
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit ce009ae
- Remove duplicate CVE references
Update patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
Update patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
Update patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
- commit 2663e32
- mm: split critical region in remap_file_pages() and invoke
LSMs in between (CVE-2024-47745 bsc#1232135 git-fix).
- commit 661d796
- nfs: fix memory leak in error path of nfs4_do_reclaim
(git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least
30 seconds (git-fixes).
- commit 05c4d99
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/RDMA-cxgb4-Added-NULL-check-for-lookup_atid.patch
(git-fixes CVE-2024-47749 bsc#1232180).
- Update
patches.suse/RDMA-iwcm-Fix-WARNING-at_kernel-workqueue.c-check_fl.patch
(git-fixes CVE-2024-47696 bsc#1231864).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- Update
patches.suse/ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
(git-fixes CVE-2024-49957 bsc#1232152).
- Update
patches.suse/ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
(git-fixes CVE-2024-49877 bsc#1232339).
- Update
patches.suse/ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
(git-fixes CVE-2024-49965 bsc#1232142).
- commit d1259c0
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(bsc#1219125 CVE-2023-46343 CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- commit 9477732
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(bsc#1082555 CVE-2022-48997 bsc#1232035).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(git-fixes CVE-2022-48949 bsc#1231897).
- Update
patches.suse/net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(bsc#1229154 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1227941 (CVE-2022-48790) CVE-2022-48790).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1227952 (CVE-2022-48788) CVE-2022-48788).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1228000 (CVE-2022-48789) CVE-2022-48789).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit c8e7e6a
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
bsc#1225336 CVE-2021-47416 bsc#1225189).
- commit 9036983
- smb: client: fix UAF in async decryption (bsc#1232418,
CVE-2024-50047).
- commit f679375
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (CVE-2024-49894 bsc#1232354)
- commit b558147
- drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (CVE-2024-49901 bsc#1232305)
- commit 9c2561f
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006 bsc#1232442)
- commit 8639f10
- ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007 bsc#1232394)
- commit 013518a
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959 bsc#1232149)
- commit 284567a
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit aede924
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit bc2150c
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 1df90ba
- khugepaged: retract_page_tables() remember to test exit
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit f4a1619
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881 bsc#1232201)
- commit b5dc210
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- commit 693aa17
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info()
in walk_down_proc() (CVE-2024-46841 bsc#1231094).
- commit 6d306f6
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883 bsc#1232199)
- commit ec16b20
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929 bsc#1232253)
- commit 84425bf
- net: fix a memleak when uncloning an skb dst and its metadata
(CVE-2022-48809 bsc#1227947).
- commit 2bf5e2a
- tpm: Clean up TPM space after command failure (CVE-2024-49851
bsc#1232134).
- commit 7bbb5a1
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058 bsc#1232285).
- commit 41b7884
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (CVE-2024-49962 bsc#1232314)
- commit 4df8d00
- drm/amd/display: Check stream before comparing them (CVE-2024-49896 bsc#1232221)
- commit b1fe975
- drm/amd/pm: ensure the fw_info is not null before using it (CVE-2024-49890 bsc#1232217)
- commit c3be196
- ASoC: ops: Correct bounds check for second channel on SX controls (CVE-2022-48951 bsc#1231929)
- commit bf654bc
- firmware_loader: Block path traversal (CVE-2024-47742 bsc#1232126)
- commit 7af5448
- ASoC: soc-pcm: Add NULL check in BE reparenting (CVE-2022-48992 bsc#1232071)
- commit 70e6117
- media: pci: cx23885: check cx23885_vdev_init() return (CVE-2023-52918 bsc#1232047)
- commit 713adf4
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (CVE-2022-48951 bsc#1231929)
- commit 26bb290
- btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840 bsc#1231105)
- commit 61febb6
- drm/amd/display: Check null pointers before multiple uses (bsc#1232313 CVE-2024-49920)
- commit 2448039
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
(bsc#1232123 CVE-2022-49000).
- commit 02b654b
- net: mvneta: Fix an out of bounds check (CVE-2022-48966
bsc#1232191).
- commit 0317c39
- iommu/vt-d: Fix PCI device refcount leak in
dmar_dev_scope_init() (bsc#1232133 CVE-2022-49002).
- commit 5c0b5c2
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit fc49b9f
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035
bsc#1232392).
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949 bsc#1232160).
- net: mvneta: Prevent out of bounds read in mvneta_config_rss()
(CVE-2022-48966 bsc#1232191).
- net/9p: Fix a potential socket leak in p9_socket_open
(CVE-2022-49020 bsc#1232175).
- commit 2c23eba
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
(bsc#1232006 CVE-2022-49011).
- hwmon: (coretemp) Check for null before removing sysfs attrs
(bsc#1232172 CVE-2022-49010).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
fails (bsc#1231995 CVE-2022-49029).
- commit 71880ba
- Update
patches.suse/0001-x86-kaslr-Expose-and-use-the-end-of-the-physical-mem.patch
(bsc#1230405, bsc#1232236).
- commit a8a279f
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
(CVE-2024-47745 bsc#1232135).
- commit ed0f269
- Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950
bsc#1232159).
- commit 30ab1b9
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- commit 3e6f9a6
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- commit a1137d7
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- commit e35a346
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- commit 03723c2
- ext4: fix double brelse() the buffer of the extents path
(bsc#1232200 CVE-2024-49882).
- ext4: no need to continue when the number of entries is 1
(bsc#1232140 CVE-2024-49967).
- commit fc369f8
- ethernet: aeroflex: fix potential skb leak in greth_init_rings()
(CVE-2022-48958 bsc#1231889).
- e100: Fix possible use after free in e100_xmit_prepare
(CVE-2022-49026 bsc#1231997).
- iavf: Fix error handling in iavf_init_module() (CVE-2022-49027
bsc#1232007).
- ixgbevf: Fix resource leak in ixgbevf_init_module()
(CVE-2022-49028 bsc#1231996).
- net: phy: fix null-ptr-deref while probe() failed
(CVE-2022-49021 bsc#1231939).
- commit ed7ba02
- net: usb: usbnet: fix name regression (get-fixes).
- commit 505fee4
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 38ee0dd
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- drbd: Add NULL check for net_conf to prevent dereference in
state validation (git-fixes).
- commit 8ea7f3b
- gpio: amd8111: Fix PCI device reference count leak (CVE-2022-48973 bsc#1232039)
- commit cbd0482
- Bluetooth: Fix not cleanup led when bt_init fails (CVE-2022-48971 bsc#1232037)
- commit ce6c97c
- cifs: Fix buffer overflow when parsing NFS reparse points
(bsc#1232089, CVE-2024-49996).
- commit 009c8ed
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685 bsc#1231998)
- commit 6b03439
- net: Fix an unsafe loop on the list (CVE-2024-50024 bsc#1231954)
- commit b3d8cae
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707 bsc#1231935)
- commit 4b59ef3
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (CVE-2022-48972 bsc#1232025)
- commit 0168947
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978 bsc#1232038)
- commit 7a79be0
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045 bsc#1231903)
- commit 2c7a2ef
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c8fc3bd
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 3560609
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 6ebc760
- ocfs2: cancel dqi_sync_work before freeing oinfo (bsc#1232141
CVE-2024-49966).
- commit b3c314a
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (bsc#1232111 CVE-2024-47735)
- commit 78adc47
- ocfs2: reserve space for inline xattr before attaching reflink
tree (bsc#1232151 CVE-2024-49958).
- commit 75ba1c4
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (CVE-2024-47713 bsc#1232016).
- commit 6ae0d21
- nfsd: call cache_put if xdr_reserve_space returns NULL
(bsc#1232056 CVE-2024-47737).
- commit 629ef18
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit 3727547
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033 bsc#1231914).
- net: tun: Fix use-after-free in tun_detach() (CVE-2022-49014
bsc#1231890).
- commit c68baf4
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (bsc#1227437, CVE-2024-39476).
- Delete the following patch, it is replaced by the above one,
patches.suse/Revert-md-raid5-Wait-for-MD_SB_CHANGE_PENDING-in-rai.patch.
- commit e9834f3
- net/ipv6: prevent use after free in ip6_route_mpath_notify
(CVE-2024-26852 bsc#1223057 bsc#1230784).
- Update
patches.suse/net-ipv6-avoid-possible-UAF-in-ip6_route_mpath_notif.patch
(CVE-2024-26852 bsc#1223057 bsc#1230784).
- commit 7d060a6
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (bsc#1231858 CVE-2024-47697).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (bsc#1231859 CVE-2024-47698).
- commit d62c304
- ethtool: fail closed if we can't get max channel used in
indirection tables (CVE-2024-46834 bsc#1231096).
- commit bddfacf
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes CVE-2024-44931
bsc#1229837).
- commit 664410d
- gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
(stable-fixes CVE-2024-42253 bsc#1229005).
- commit 966ef70
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit b85f7d9
- udf: Avoid excessive partition lengths (bsc#1230773
CVE-2024-46777).
- fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439
CVE-2024-47660).
- commit 1cf833b
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- net: netem: fix use after free and double free with packet
corruption (git-fixes CVE-2024-45016 bsc#1230429).
- net: netem: correct the parent's backlog when corrupted packet
was dropped (git-fixes CVE-2024-45016 bsc#1230429).
- net: netem: fix error path for corrupted GSO frames (git-fixes
CVE-2024-45016 bsc#1230429).
- net: netem: fix backlog accounting for corrupted GSO frames
(git-fixes CVE-2024-45016 bsc#1230429).
- commit 8535e0c
- perf/x86/intel: Limit the period on Haswell (bsc#1231072,
CVE-2024-46848).
- commit ddcb55d
- Update
patches.suse/ocfs2-add-bounds-checking-to-ocfs2_xattr_find_entry.patch
(bsc#1228410 CVE-2024-41016 CVE-2024-47670 bsc#1231537).
- commit 3c9794f
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(CVE-2024-47673 bsc#1231539).
- commit ec71cef
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672 bsc#1231540).
- commit bf00ca5
- sched/smt: Fix unbalance sched_smt_present dec/inc
(CVE-2024-44958 bsc#1230179).
- commit d76ce7a
- add bug reference for a mana change (bsc#1229769).
- commit 365e607
- nfc: fix segfault in nfc_genl_dump_devices_done (CVE-2021-47612 bsc#1226585)
- commit 04d816c
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit 9a97d1d
- xhci: Fix null pointer dereference when host dies
(CVE-2023-52898 bsc#1229568).
- commit 8083a37
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit 8169915
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (bsc#1230802 CVE-2024-46755).
- commit 3faac0d
- Delete some more obsolete scripts
- commit c036565
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit fce3225
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (bsc#1230725 CVE-2024-46724)
- commit a6d26f5
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit 6cd35ce
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- Update kabi files from rpm-4.12.14-122.228
Some nvme symbols are listed as exported from vmlinux while the driver
is modular. This is because the symvers files were not updated after
making the driver modular.
- commit 00d2c7f
- ELF: fix kernel.randomize_va_space double read (CVE-2024-46826 bsc#1231115)
Dropped const and split declaration and assignment to avoid warning of
mixing declarations and statements.
- commit 8b66569
- drm/amd/display: added NULL check at start of dc_validate_stream (CVE-2024-46802 bsc#1231111)
- commit a598fc3
- Revert "Merge branch 'users/dwagner/SLE12-SP5/for-next' into SLE12-SP5"
This reverts commit aa4c39a920ecb484add5aa1733bbaa0fb81c7d46, reversing
changes made to 4527634da2625f9c0c83176368afe9fe8acb3ffc.
- --
Following breaks kABI:
commit 72d636029eff5515a118fd98f44689c4421a836e
Author: Daniel Wagner <dwagner@suse.de>
Date: Mon Sep 30 15:48:52 2024 +0200
kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- --
As designed the path match does not match symbols exported from vmlinux
(built-in), those have to be listed explicitly.
Listing the offending symbols should make this change work. It's
possible that more of the nvme support is modular on later kernels or
the kABI brekage is not as widespread compared to 4.12.
- ---
- commit 5f0ddca
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- net: core: Specify skb_pad()/skb_put_padto() SKB freeing
(CVE-2024-46854 bsc#1231084).
- commit 8314902
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.kabi/move-new-members-of-struct-usbnet-to-end.patch.
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit d5af998
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex
(bsc#1065729).
- commit 9d9f624
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1065729).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
(bsc#1054914 fate#322448 git-fixes).
- powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
- commit 1b7c467
- Fix bsc#1054914 reference.
- commit 4b9db88
- nvme: avoid double free special payload (bsc#1228635
CVE-2024-41073).
- commit 50941e4
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231184).
- commit 4527634
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- nvmet: always initialize cqe.result (bsc#1228615
CVE-2024-41079).
- commit 0c4e344
- kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848)
These are lowlevel functions not used outside of exception handling and
kernel debugging facilities.
- commit abc513a
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809 bsc#1231148).
- commit 006eae3
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (CVE-2024-46859 bsc#1231089).
- commit 59d5c89
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(CVE-2024-46853 bsc#1231083).
- commit bb10262
- media: vivid: fix compose size exceed boundary (CVE-2022-48945
bsc#1230398).
- commit 9b78931
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit acf39f7
- kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- commit 72d6360
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
- nvme: remove unused timeout parameter (bsc#1228620
CVE-2024-41082).
- nvme: split nvme_alloc_request() (bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- nvme: centralize setting the timeout in nvme_alloc_request
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- commit 1db4029
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 6f4c555
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit cd9816b
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit 0c95f6d
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 2519a16
- drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709 CVE-2024-46731)
- commit 1b11b68
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b2aa7b
- drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722 bsc#1230712)
- commit 7ff2284
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
(bsc#1227885 CVE-2024-40965).
- commit 115f782
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229457 CVE-2024-44947 bsc#1229456).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- commit ad5a546
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit a5d0a66
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- commit ace75db
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- commit 7a0d3d3
- net: tunnels: annotate lockless accesses to dev->needed_headroom
(CVE-2024-26804 bsc#1222629).
- Refresh
patches.kabi/kabi-preserve-struct-header_ops-after-bsc-1176081-fi.patch.
- commit 4908ccc
- kabi: add __nf_queue_get_refs() for kabi compliance
(bsc#1229633,CVE-2022-48911).
- commit ffffe4c
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit c9290c8
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit a4946ef
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit 4ef1336
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 7580f3e
- kABI fix for tipc: wait and exit until all work queues are done
(CVE-2021-47163 bsc#1221980).
- commit 685278e
- tipc: wait and exit until all work queues are done
(CVE-2021-47163 bsc#1221980).
- commit 60b5a40
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit ab888f1
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit 37ef8fc
- x86/kaslr: Expose and use the end of the physical memory
address space (bsc#1230405).
- commit 151c0a3
- Delete
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch.
This patch should have been only in kernel v5.11+, which is when
the double free issue was introduced.
- commit 92bb491
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (CVE-2024-46761 bsc#1230761)
- commit 0c20c64
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759 bsc#1230814)
- commit 8ed41b4
- Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745 bsc#1230748)
- commit 9508651
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738 bsc#1230731)
- commit 98e87d9
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit f6705ba
- Update references in patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit 91952f9
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- commit 07a5a05
- net: fix use-after-free in tw_timer_handler (CVE-2021-46936
bsc#1220439).
- commit b2028df
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (CVE-2024-44982 bsc#1230204).
- commit 4f660ab
- drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702 CVE-2024-46723)
- commit ff45869
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd6ac3f
- PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750
bsc#1230783).
- commit 6d64b3d
- Squashfs: sanity check symbolic link size (bsc#1230747 CVE-2024-46744)
- commit 067cd70
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit 36cf250
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 13d7dfe
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 4386caf
- powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0
(bsc#1230826 ltc#205848).
- commit 4de0867
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 8403759
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit f7336e3
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit e892b22
- usb: dwc3: core: Prevent USB core invalid event buffer address access (CVE-2024-46675 bsc#1230533)
- commit 9657973
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 74749bb
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit 9cca3e0
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit b132ff0
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 2b27b0b
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit b3221e1
- nfc: pn533: Add poll mod list filling check (CVE-2024-46676 bsc#1230535)
- commit 0ff9f28
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556).
- commit 34a40a8
- powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix incorrect return from analyze_instr()
(bsc#1230826 ltc#205848).
- commit be8f831
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826
ltc#205848).
- powerpc/sstep: Check instruction validity against ISA version
before emulation (bsc#1230826 ltc#205848).
- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826
ltc#205848).
- Refresh patches.suse/powerpc-Don-t-clobber-f0-vs0-during-fp-altivec-regis.patch
- powerpc/sstep: Add support for divde[.] and
divdeu[.] instructions (bsc#1230826 ltc#205848).
- powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for modsd, modud instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for modsw, moduw instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for extswsli instruction (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for cnttzw, cnttzd instructions
(bsc#1230826 ltc#205848).
- powerpc: sstep: Add support for darn instruction (bsc#1230826
ltc#205848).
- powerpc: sstep: Add support for maddhd, maddhdu, maddld
instructions (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-bpf-use-unsigned-division-instruction-for-64.patch
- powerpc/sstep: Fix kernel crash if VSX is not present
(bsc#1230826 ltc#205848).
- powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
- powerpc/lib: Fix "integer constant is too large" build failure
(bsc#1230826 ltc#205848).
- powerpc/32: Move the inline keyword at the beginning of function
declaration (bsc#1230826 ltc#205848).
- powerpc/kprobes: Blacklist emulate_update_regs() from kprobes
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point shift instructions that
set CA32 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point arithmetic instructions
that set CA32 (bsc#1230826 ltc#205848).
- powerpc/kprobes: Update optprobes to use emulate_update_regs()
(bsc#1230826 ltc#205848).
- powerpc: Fix handling of alignment interrupt on dcbz instruction
(bsc#1230826 ltc#205848).
- powerpc: Fix kernel crash in emulation of vector loads and
stores (bsc#1230826 ltc#205848).
- commit 41c7998
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 2925547
- powerpc/lib/sstep: Fix count leading zeros instructions
(bsc#1230826 ltc#205848).
- powerpc/sstep: mullw should calculate a 64 bit signed result
(bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with set_cr0() (bsc#1230826
ltc#205848).
- powerpc/sstep: Avoid used uninitialized error (bsc#1230826
ltc#205848).
- powerpc: Wrap register number correctly for string load/store
instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating point as integer word
instructions (bsc#1230826 ltc#205848).
- powerpc: Use instruction emulation infrastructure to handle
alignment faults (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-Fix-check-for-copy-paste-instructions-in-ali.patch
- Update config files.
- powerpc: Separate out load/store emulation into its own function
(bsc#1230826 ltc#205848).
- powerpc: Handle opposite-endian processes in emulation code
(bsc#1230826 ltc#205848).
- powerpc: Set regs->dar if memory access fails in emulate_step()
(bsc#1230826 ltc#205848).
- powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating double pair instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate vector element load/store instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate FP/vector/VSX loads/stores correctly when
regs not live (bsc#1230826 ltc#205848).
- powerpc: Make load/store emulation use larger memory accesses
(bsc#1230826 ltc#205848).
- powerpc: Add emulation for the addpcis instruction (bsc#1230826
ltc#205848).
- powerpc: Don't update CR0 in emulation of popcnt, prty, bpermd
instructions (bsc#1230826 ltc#205848).
- powerpc: Fix emulation of the isel instruction (bsc#1230826
ltc#205848).
- powerpc/64: Fix update forms of loads and stores to write
64-bit EA (bsc#1230826 ltc#205848).
- powerpc: Handle most loads and stores in instruction emulation
code (bsc#1230826 ltc#205848).
- powerpc: Don't check MSR FP/VMX/VSX enable bits in
analyse_instr() (bsc#1230826 ltc#205848).
- powerpc: Change analyse_instr so it doesn't modify *regs
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826
ltc#205848).
- commit 10b1c67
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 7a83511
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit a7c5ad6
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit a6e55a2
- perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953
CVE-2022-48799).
- commit 7c98d1e
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (bsc#1228000 (CVE-2022-48789)).
- nvme: fix a possible use-after-free in controller reset during
load (bsc#1227941 (CVE-2022-48790)).
- commit 699f243
- x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174 CVE-2024-44948).
- commit c14b9b5
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (bsc#1227952 (CVE-2022-48788)).
- commit 0f2b472
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 18c0fe4
- Refresh
patches.suse/media-cec-core-avoid-confusing-transmit-timed-out-me.patch.
Moved into sorted section to avoid false positives of the checker
- commit 6e68152
- media: vivid: avoid integer overflow (git-fixes).
- commit 2e17cad
- netlink: extend policy range validation
(prerequisite CVE-2024-42114 bsc#1228564).
- Refresh patches.kabi/netlink-nla_policy-kabi-workaround.patch.
- commit 1f2aeb8
- media: vivid: dev->bitmap_cap wasn't freed in all cases
(git-fixes).
- commit 249a367
- media: vivid: s_fbuf: add more sanity checks (git-fixes).
- commit de48b55
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 0c654cd
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit a6345f7
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit 6133ce9
- powerpc: Remove support for PowerPC 601 (Remove unused and
malformed assembly causing build error).
- commit a186115
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
(git-fixes).
- commit 2c432a7
- profiling: fix shift too large makes kernel panic (git-fixes).
- commit 92e9109
- KVM: x86/mmu: make apf token non-zero to fix bug (CVE-2022-48943
bsc#1229645).
- commit 20aabb8
- media: dvb-usb-v2: af9035: fix missing unlock (CVE-2023-52915
bsc#1230270).
- commit 48622c6
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (CVE-2023-52915 bsc#1230270).
- commit a6997db
- usbnet: modern method to get random MAC (git-fixes).
- commit 26fa49e
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit f6a8914
- ACPI: EC: Avoid printing confusing messages in acpi_ec_setup()
(git-fixes).
- ACPI: EC: tweak naming in preparation for GpioInt support
(git-fixes).
- ACPI / EC: Clean up EC GPE mask flag (git-fixes).
- ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
- commit 9e80cf5
- Bluetooth: hci_core: Fix leaking sent_cmd skb (CVE-2022-48844 bsc#1228068)
- commit 33c7b67
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 3f6faef
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (CVE-2022-48791 bsc#1228002)
- commit 0f736ca
- scsi: pm80xx: Fix TMF task completion race condition (CVE-2022-48791 bsc#1228002)
- commit 47ce134
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit d2ce48d
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit e9fe84a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 1e9d591
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 126ef02
- ACPI: video: Add new hw_changes_brightness quirk, set it on
PB Easynote MZ35 (git-fixes).
- ACPI: blacklist: fix clang warning for unused DMI table
(git-fixes).
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
(git-fixes).
- ACPI: SPCR: Consider baud rate 0 as preconfigured state
(git-fixes).
- ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
- commit 18ef221
- ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment
errata (git-fixes).
- Refresh
patches.suse/0001-tty-pl011-fix-initialization-order-of-QDF2400-E44.patch.
- commit 0985189
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit b162aad
- kabi fix for proc/mounts: add cursor (bsc#1207341).
- commit 1fada3d
- proc/mounts: add cursor (bsc#1207341).
- autofs4: use wait_event_killable (bsc#1207341).
- commit 1adc77e
- ALSA: line6: Fix racy access to midibuf (CVE-2024-44954
bsc#1230176).
- commit 899798d
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit c758c1a
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (CVE-2021-47387 bsc#1225316)
- commit ce3e04b
- s390/sclp: Prevent release of buffer in I/O (bsc#1230200
CVE-2024-44969 git-fixes).
- commit 495f327
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(CVE-2024-42114 bsc#1228564).
Refresh patches.kabi/netlink-nla_policy-kabi-workaround.patch.
- commit 9abf38c
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230151).
- commit 3543834
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(bsc#1224579 CVE-2024-35965).
- commit 6d78576
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 6afc15c
- Bluetooth: btintel: Fixe build regression (bsc#1224640
CVE-2024-35933).
- commit 67f9898
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
(bsc#1224640 CVE-2024-35933).
- commit 8955b3c
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 1ab205e
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 7294061
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit ad9c138
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 706ebe0
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (bsc#1229497 CVE-2024-43863)
- commit 3f53b56
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit a9800d1
- xfs: fix uninitialized variable access (git-fixes).
- commit 3f7682d
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit f1b3405
- Update
patches.suse/0001-usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(bsc#1210629 CVE-2023-2176 CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1190317 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsystem.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(git-fixes CVE-2022-48896 bsc#1229540).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- commit d202e91
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit bdef5f8
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (CVE-2024-43907 bsc#1229787).
- commit 95a59bd
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (CVE-2024-43905 bsc#1229784).
- commit 93f42ad
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit 150a54e
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit 764489c
- Revert "irqdomain: Fixed unbalanced fwnode get and put (git-fixes)."
(bsc#1229851)
This reverts commit 37becc871554a4057226a862be812b4c0ff8c711 as it
breaks irqs on 12sp5. The patch is actually wrong in 12sp5. of_node is
refcounted here, not fwnode. So revert the patch without replacement.
- commit c53dc2f
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit 1c0c16f
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ecb471c
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit 2ac5fdc
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit f6c36eb
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- commit 202caf3
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 236a83a
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 71f96a8
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 26ca5db
- ip6_tunnel: Fix broken GRO (bsc#1226323).
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- commit d1b0995
- net: ipv6: ensure we call ipv6_mc_down() at most once (CVE-2022-48910 bsc#1229632)
- commit 80d1e79
- gsmi: fix null-deref in gsmi_get_variable (CVE-2023-52893 bsc#1229535)
- commit 0d2fd7b
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 705c30b
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 1712d5c
- nfc: pn533: initialize struct pn533_out_arg properly
(CVE-2022-48875 bsc#1229516).
- commit 3dc4ecc
- nfc: pn533: Wait for out_urb's completion in
pn533_usb_send_frame() (CVE-2023-52907 bsc#1229526).
- commit 462fb2b
- wifi: mac80211: sdata can be NULL during AMPDU start
(CVE-2022-48875 bsc#1229516).
- commit 5fb2170
- devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871 bsc#1229490)
- commit 4465aef
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit 13ea3b5
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit a35b43b
- RDMA/hns: Fix soft lockup under heavy CEQE load (bsc#1229489 CVE-2024-43872)
- commit 8bd84db
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9c4fab9
- usb: xhci: prevent potential failure in handle_tx_event()
for Transfer events without TRB (CVE-2024-42226 bsc#1228709).
- commit e6525c1
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (CVE-2024-42236 bsc#1228964).
- commit bf495b3
- USB: serial: mos7840: fix crash on resume (CVE-2024-42244
bsc#1228967).
- commit c904d0e
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (CVE-2024-43879 bsc#1229482).
- commit 8fe6121
- kABI: tpm-interface: Hide new include from genksyms
(bsc#1082555).
- commit d46dd8a
- cpufreq: schedutil: Use kobject release() method to free sugov_tunables (CVE-2021-47387 bsc#1225316)
CVE backport so remove it from blacklist.conf, added in 56273cd113da0c
("blacklist.conf: Fix to experimental feature, fix only in the event of
a customer bug").
- commit 074afac
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 5b46784
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 12a50ad
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 0ef50b1
- filelock: Remove locks reliably when fcntl/close race is
detected (bsc#1228247 CVE-2024-41012).
- commit c84976c
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 0c4fd3e
- netfilter: nft_limit: fix packet ratelimiting (CVE-2024-26668
bsc#1222335).
- Refresh
patches.suse/netfilter-nft_limit-avoid-possible-divide-error-in-n.patch.
- commit 045f275
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit e43e818
- s390/pkey: Wipe sensitive data on failure (CVE-2024-42157
bsc#1228727 git-fixes).
- commit 323dd0d
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- genirq/msi: Ensure deactivation on teardown (git-fixes).
- genirq/msi: Activate Multi-MSI early when
MSI_FLAG_ACTIVATE_EARLY is set (git-fixes).
- genirq/irqdomain: Check pointer in
irq_domain_alloc_irqs_hierarchy() (git-fixes).
- genirq/proc: Reject invalid affinity masks (again) (git-fixes).
- genirq: Delay deactivation in free_irq() (git-fixes).
- kABI: genirq: Delay deactivation in free_irq() (kabi git-fixes).
- genirq: Make sure the initial affinity is not empty (git-fixes).
- commit 37becc8
- KVM: mmio: Fix use-after-free Read in
kvm_vm_ioctl_unregister_coalesced_mmio (CVE-2021-47341
bsc#1224923).
- commit 12d646d
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- commit 5a42d4e
- efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
(bsc#1226629 CVE-2022-48769).
- commit 88b4118
- dma: fix call order in dmam_free_coherent (bsc#1229346
CVE-2024-43856).
- commit b96a5fb
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 3ee11b6
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit d5e958c
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
Previous four patches fix other bound check bugs or prepare code for
this to apply cleanly.
- commit ca9c856
- netfilter: nf_conntrack_h323: restore boundary check correctness (bsc#1223074)
- commit a87a86d
- netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well (bsc#1223074)
- commit 034ab36
- netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function (bsc#1223074)
- commit f812de4
- netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack (bsc#1223074)
- commit b7e85f6
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (bsc#1227820 CVE-2024-40984).
- commit cc6eb03
- scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252 bsc#1229462).
- commit 73ee6e7
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit e5565c3
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 4d8536f
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit b5674a1
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (CVE-2024-42310 bsc#1229358)
- commit ac17234
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (CVE-2024-42309 bsc#1229359)
- commit 452c306
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 2414013
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit 3e24abe
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit b4a682d
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (bsc#1229381 CVE-2024-42285)
- commit b6331d8
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit c501ca8
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 38f48e2
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229457).
- commit 7188cb3
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 4edf813
- Refresh
patches.suse/bpf-fix-bpf_skb_adjust_net-bpf_skb_proto_xlat-to-dea.patch.
- add hunks that were missing because this patch predates
patches.suse/bpf-add-bpf_skb_adjust_room-helper.patch
- commit b6ecdd7
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228975).
- commit f2f712f
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit 1b405bb
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit a8be45e
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- commit 6e52103
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes CVE-2024-38618 bsc#1226754).
- commit de27c4e
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CVE-2024-41035 bsc#1228485)
- commit 456ee09
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229229).
- commit 172448f
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 7acbc65
- net: mana: Fix race on per-CQ variable napi work_done
(bsc#1229154).
- Refresh
patches.suse/net-mana-Configure-hwc-timeout-from-hardware.patch.
- commit d7d72be
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- commit 72d0bd1
- KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
(git-fixes bsc#1229222).
- commit 590a719
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (bsc#1225483
CVE-2023-52708).
- commit c7ef14e
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
(bsc#1225508 CVE-2021-47549).
- commit ed3ad9e
- irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1225190
CVE-2021-47373).
- commit c95f6d5
- i2c: acpi: fix resource leak in reconfiguration device addition
(bsc#1225223 CVE-2021-47425).
- commit 61ff581
- nfc: nci: Fix handling of zero-length payload packets in
nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nfc: nci: Fix kcov check in nci_rx_work() (git-fixes).
- commit b2f9141
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- Refresh
patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch.
- commit 135ee65
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit bf2704c
- ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098 bsc#1228467).
- commit 706447c
- vsock: correct removal of socket from the list (bsc#1227996).
- commit fa0bbe3
- x86/xen: Drop USERGS_SYSRET64 paravirt call (CVE-2021-4440
bsc#1227069).
- Refresh
patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch.
- Refresh
patches.suse/x86-xen-add-xenpv_restore_regs_and_return_to_usermode.patch.
- commit 8c4b30e
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit 21723ca
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 7946225
- x86/pv: Switch SWAPGS to ALTERNATIVE (CVE-2021-4440
bsc#1227069).
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-entry-add-kernel-ibrs-implementation.patch.
- commit 0ebe004
- vsock: remove vsock from connected table when connect is
interrupted by a signal (CVE-2022-48786 bsc#1227996).
- commit 1f3fc69
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 498ef72
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
(git-fixes CVE-2024-35915 bsc#1224479).
- commit e2eb32a
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 97c33e4
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- commit 8188617
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 71e61fd
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit a0e7a51
- s390/sclp: Fix sclp_init() cleanup on failure (CVE-2024-41068
bsc#1228579).
- commit 1a2e580
- btrfs: fix processing of delayed tree block refs during backref
walking (bsc#1228982).
- btrfs: Remove unused op_key var from add_delayed_refs
(bsc#1228982).
- commit 1382fa0
- tpm: tpm1_bios_measurements_next should increase position index
(bsc#1082555).
- tpm: access command header through struct in tpm_try_transmit()
(bsc#1082555).
- commit f79c4b3
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- tpm: Add a flag to indicate TPM power is managed by firmware
(bsc#1082555).
- commit 7eb0e28
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 8efe375
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
(bsc#1082555).
- commit a397ffb
- tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing
for interrupts" (bsc#1082555).
- commit b8cd04a
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3f265d8
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (CVE-2024-42090 bsc#1228449).
- commit f210b8f
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (CVE-2024-42101 bsc#1228495).
- commit f00bb1f
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit d4e3f63
- btrfs: send: fix send failure of a subcase of orphan inodes
(bsc#1228030).
- btrfs: send: fix failures when processing inodes with no links
(bsc#1228030).
- commit 9fd4ec5
- btrfs: send: use boolean types for current inode status
(bsc#1228030).
- commit 2ab676b
- btrfs: send: refactor arguments of get_inode_info()
(bsc#1228030).
- commit 3731717
- kABI: Hide the new last_cc member in a hole in struct tpm_chip
(bsc#1082555).
- commit fac3e7a
- btrfs: send: always use the rbtree based inode ref management
infrastructure (bsc#1228030).
- commit 252130e
- btrfs: fix 64bit compat send ioctl arguments not initializing
version member (bsc#1228030).
- btrfs: fix send ioctl on 32bit with 64bit kernel (bsc#1228030).
- btrfs: send: add new command FILEATTR for file attributes
(bsc#1228030).
- btrfs: send: add stream v2 definitions (bsc#1228030).
- btrfs: send: avoid copying file data (bsc#1228030).
- btrfs: send: explicitly number commands and attributes
(bsc#1228030).
- btrfs: send: get rid of i_size logic in send_write()
(bsc#1228030).
- btrfs: send: prepare for v2 protocol (bsc#1228030).
- btrfs: send: remove unused send_ctx::{total,cmd}_send_size
(bsc#1228030).
- Refresh
patches.suse/Btrfs-fix-race-between-send-and-deduplication-that-l.patch.
- Refresh
patches.suse/btrfs-send-ensure-send_fd-is-writable.patch.
- Refresh
patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch.
- commit 956ca27
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit f899605
- Refresh patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
Alt-commit added
Blacklist the follow-up fix of the Alt-commit
- commit c3542b0
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 2e3d558
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- Update config files.
- commit 4549b89
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
This commit was missing for SLE12-SP5 which made the performance profile
of SLE12-SP5 and SLE15-SP[56] differ. Our decision was to follow
upstream w.r.t how BHI is going to be mitigated and the decision was to
do away with 'auto' mode.
- Update config files.
- commit 02bfc90
- Sort BHI mitigation patches
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- Refresh
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit f2f0729
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit 08ef890
- kABI: do not rename tpm_do_selftest, tpm_pcr_read_dev, and tpm1_getcap
(bsc#1082555).
- Delete patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- commit 5a6f1d9
- kABI: Do not rename tpm_getcap (bsc#1082555).
- commit 01263dd
- kABI: re-export tpm2_calc_ordinal_duration (bsc#1082555).
- commit 1303a23
- kABI: Instead of changing the pcr argument type add a local
variable of the desired type, and assign it from the actual
argument (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- commit e919992
- kABI: no need to store the tpm long long duration in tpm_chip
struct, it is an arbitrary hardcoded value (bsc#1082555).
- commit 75cc28e
- kABI: do not change return type of tpm_tis_update_timeouts
(bsc#1082555).
- commit 57d9ed9
- Move kABI patch to kABI section.
- commit 3f941d1
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1065729).
- KVM: PPC: Book3S HV: Don't take kvm->lock around
kvm_for_each_vcpu (bsc#1065729).
- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas
token list (bsc#1065729).
- Refresh patches.suse/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch
- KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv
machines (bsc#1065729).
- KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bsc#1065729).
- KVM: PPC: Inform the userspace about TCE update failures
(bsc#1065729).
- KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup
both PC and LR (bsc#1065729).
- commit ad6fee4
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit 0bc3d2d
- btrfs: send: remove stale code when checking for shared extents
(bsc#1228030).
- btrfs: silence maybe-uninitialized warning in clone_range
(bsc#1228030).
- commit 095e644
- Btrfs: incremental send, fix emission of invalid clone
operations (bsc#1228030).
- commit 88a98fe
- Btrfs: send, improve clone range (bsc#1228030).
- commit 8a72517
- btrfs: remove unused members dir_path from recorded_ref
(bsc#1228030).
- Refresh
patches.suse/btrfs-incremental-send-fix-invalid-path-for-unlink-commands.patch.
- Refresh
patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch.
- commit 980e08a
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- i40e: Fix queues reservation for XDP (CVE-2021-47619
bsc#1226645).
- commit 37ce537
- btrfs: send: remove unused found_type parameter to
lookup_dir_item_inode() (bsc#1228030).
- commit bc238fe
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit 2402124
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- commit 67b36fc
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 9aa0d29
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(bsc#1224576 CVE-2024-35966 CVE-2024-35967 bsc#1224587).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ocfs2-fix-races-between-hole-punching-and-AIO-DIO.patch
(bsc#1227849 CVE-2024-40943).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- commit 71c68bc
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- commit 4594a5d
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964 CVE-2022-48805
bsc#1227969).
- commit 55fdbd1
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 7bd7589
- media: dvb-frontends: tda10048: Fix integer overflow (CVE-2024-42223 bsc#1228726)
- commit 4d685fd
- drm/amd/display: Skip finding free audio for unknown engine_id (CVE-2024-42119 bsc#1228584)
- commit f0a5549
- drm/amd/display: Check pipe offset before setting vblank (CVE-2024-42120 bsc#1228588)
- commit d85398e
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (CVE-2024-41095 bsc#1228662)
- commit bb0cd8f
- btrfs: send: fix sending link commands for existing file paths
(bsc#1228030).
- commit 5a1f564
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit f7ea584
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (CVE-2024-41072 bsc#1228626)
- commit c131ba5
- bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (CVE-2024-41048 bsc#1228565)
- commit 79dff63
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
Based on c9c89dcd872e ("bpf, sockmap: Fix partial copy_page_to_iter so
progress can still be made"), previous commit.
Upstream commit 2bc793e3272a13 ("skmsg: Extract __tcp_bpf_recvmsg() and
tcp_bpf_wait_data()") moved the code from net/ipv4/tcp_bpf.c to
net/core/skmsg.c.
- commit 80be5ae
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit ee1ce8a
- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free
(bsc#1228030).
- commit 2f5e245
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit e47e175
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- commit 0bdb098
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- dpaa2-eth: Refactor xps code (CVE-2024-42093 bsc#1228680).
- commit caf72f9
- drm/nouveau/dispnv04: fix null pointer dereference in (bsc#1228658 CVE-2024-41089)
- commit aec5d0e
- drm/radeon: check bo_va->bo is non-NULL before using it (bsc#1228567 CVE-2024-41060)
- commit 7a28cea
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
(CVE-2022-48829 bsc#1228055).
- NFSD: Fix ia_size underflow (CVE-2022-48828 bsc#1228054).
- NFSD: Fix the behavior of READ near OFFSET_MAX (CVE-2022-48827
bsc#1228037).
- commit 1c127f3
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit 263e74a
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit be2129f
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit 145d8ea
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit 6dc890d
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 9ec349b
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
(bsc#1228013 CVE-2022-48792).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
(bsc#1228045 CVE-2022-48823).
- commit 2a5c419
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5fe487a
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit 8d75c30
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- commit bc4c361
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- commit c9a5140
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- commit 7c21caa
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (bsc#1228235 CVE-2024-40987)
- commit 60606a5
- drm/vc4: Fix deadlock on DSI device attach error (bsc#1227975 CVE-2022-48826)
- commit bcda77c
- drm/vc4: dsi: Only register our component once a DSI device is (bsc#1227975)
- commit 0a73252
- genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() (bsc#1222625
CVE-2024-27437).
- commit 351bbe3
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 2a658bc
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 9829ce8
- Fix reference in patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch (CVE-2021-47399 bsc#1225328)
- commit 7933225
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit e4fdc60
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 95070bc
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit d9e81e6
- KVM: PPC: Book3S: Fix some RCU-list locks (git-fixes).
- commit e20a5cb
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 1cd5894
- tpm: use tpm_msleep() value as max delay (bsc#1082555).
- Refresh patches.suse/tpm-use-struct-tpm_chip-for-tpm_chip_find_get.patch
- commit fd76767
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm_tis: Explicitly check for error code (bsc#1082555).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
(bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
(bsc#1082555).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
register (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
(bsc#1082555).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
(bsc#1082555).
- char: tpm: Protect tpm_pm_suspend with locks (bsc#1082555).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1082555).
- tpm: Fix error handling in async work (bsc#1082555).
- tpm: fix NPE on probe for missing device (bsc#1082555).
- tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
(bsc#1082555).
- tpm: fix Atmel TPM crash caused by too frequent queries
(bsc#1082555).
- tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status()
(bsc#1082555).
- tpm, tpm_tis: Reserve locality in tpm_tis_resume()
(bsc#1082555).
- tpm, tpm_tis: Extend locality handling to TPM2 in
tpm_tis_gen_interrupt() (bsc#1082555).
- tpm: vtpm_proxy: Avoid reading host log when using a virtual
device (bsc#1082555).
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with
request_locality() (bsc#1082555).
- tpm, tpm_tis: Decorate tpm_get_timeouts() with
request_locality() (bsc#1082555).
- tpm: Remove tpm_dev_wq_lock (bsc#1082555).
- tpm_tis: Add a check for invalid status (bsc#1082555).
- kABI: tpm2-space: Do not add buf_size to struct tpm_space
(bsc#1082555).
- tpm: Unify the mismatching TPM space buffer sizes (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: Fix TIS locality timeout problems (bsc#1082555).
- tpm: Handle negative priv->response_len in tpm_common_read()
(bsc#1082555).
- tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's"
(bsc#1082555).
- tpm: Revert "tpm_tis: reserve chip for duration of
tpm_tis_core_init" (bsc#1082555).
- Refresh patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch
- tpm: fix invalid locking in NONBLOCKING mode (bsc#1082555).
- tpm_tis: reserve chip for duration of tpm_tis_core_init
(bsc#1082555).
- Refresh patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch
- tpm: Wrap the buffer from the caller to tpm_buf in tpm_send()
(bsc#1082555).
- tpm_tis_core: Turn on the TPM before probing IRQ's
(bsc#1082555).
- Refresh patches.suse/tpm_tis_core-Set-TPM_CHIP_FLAG_IRQ-before-probing-fo.patch
- tpm: Fix null pointer dereference on chip register error path
(bsc#1082555).
- tpm: Actually fail on TPM errors during "get random"
(bsc#1082555).
- tpm: fix an invalid condition in tpm_common_poll (bsc#1082555).
- tpm: turn on TPM on suspend for TPM 1.x (bsc#1082555).
- tpm: remove @flags from tpm_transmit() (bsc#1082555).
- Refresh patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch
- Refresh patches.suse/tpm-add-request_locality-before-write-TPM_INT_ENABLE.patch
- Refresh patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
- Refresh patches.kabi/kABI-Instead-of-changing-the-pcr-argument-type-add-a.patch
- tpm: take TPM chip power gating out of tpm_transmit()
(bsc#1082555).
- Refresh patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch
- Refresh patches.suse/tpm-add-request_locality-before-write-TPM_INT_ENABLE.patch
- Refresh patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
- tpm: introduce tpm_chip_start() and tpm_chip_stop()
(bsc#1082555).
- tpm: remove TPM_TRANSMIT_UNLOCKED flag (bsc#1082555).
- tpm: use tpm_try_get_ops() in tpm-sysfs.c (bsc#1082555).
- tpm: remove @space from tpm_transmit() (bsc#1082555).
- tpm: move TPM space code out of tpm_transmit() (bsc#1082555).
- tpm: move tpm_validate_commmand() to tpm2-space.c (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: clean up tpm_try_transmit() error handling flow
(bsc#1082555).
- tpm: encapsulate tpm_dev_transmit() (bsc#1082555).
- tpm: declare struct tpm_header (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: print tpm2_commit_space() error inside tpm2_commit_space()
(bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails
(bsc#1082555).
- tpm: fix invalid return value in pubek_show() (bsc#1082555).
- tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter
(bsc#1082555).
- tpm: don't return bool from update_timeouts (bsc#1082555).
- tpm: add support for partial reads (bsc#1082555).
- tpm: use u32 instead of int for PCR index (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm1: reimplement tpm1_continue_selftest() using tpm_buf
(bsc#1082555).
- tpm1: reimplement SAVESTATE using tpm_buf (bsc#1082555).
- tpm1: rename tpm1_pcr_read_dev to tpm1_pcr_read() (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm1: implement tpm1_pcr_read_dev() using tpm_buf structure
(bsc#1082555).
- tpm: tpm1: rewrite tpm1_get_random() using tpm_buf structure
(bsc#1082555).
- tpm: add tpm_auto_startup() into tpm-interface.c (bsc#1082555).
- tpm: factor out tpm_startup function (bsc#1082555).
- tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c
(bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c
(bsc#1082555).
- Refresh patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- tpm: factor out tpm1_get_random into tpm1-cmd.c (bsc#1082555).
- Refresh patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- tpm: move tpm_getcap to tpm1-cmd.c (bsc#1082555).
- tpm: move tpm1_pcr_extend to tpm1-cmd.c (bsc#1082555).
- tpm: factor out tpm_get_timeouts() (bsc#1082555).
- Refresh patches.kabi/kABI-no-need-to-store-the-tpm-long-long-duration-in-.patch
- tpm: add tpm_calc_ordinal_duration() wrapper (bsc#1082555).
- tpm: factor out tpm 1.x duration calculation to tpm1-cmd.c
(bsc#1082555).
- tpm: add support for nonblocking operation (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: add ptr to the tpm_space struct to file_priv (bsc#1082555).
- tpm: replace TPM_TRANSMIT_RAW with TPM_TRANSMIT_NESTED
(bsc#1082555).
- tpm: rename tpm_chip_find_get() to tpm_find_get_ops()
(bsc#1082555).
- tpm: migrate tpm2_get_random() to use struct tpm_buf
(bsc#1082555).
- Refresh patches.suse/tpm-fix-response-size-validation-in-tpm_get_random.patch
- tpm: migrate tpm2_get_tpm_pt() to use struct tpm_buf
(bsc#1082555).
- tpm: migrate tpm2_probe() to use struct tpm_buf (bsc#1082555).
- tpm: migrate tpm2_shutdown() to use struct tpm_buf
(bsc#1082555).
- tpm2: add longer timeouts for creation commands (bsc#1082555).
- tpm: fix buffer type in tpm_transmit_cmd (bsc#1082555).
- tpm: migrate pubek_show to struct tpm_buf (bsc#1082555).
- tpm: vtpm_proxy: Prevent userspace from sending driver command
(bsc#1082555).
- tpm, tpmrm: Mark tpmrm_write as static (bsc#1082555).
- tpm: remove struct tpm_pcrextend_in (bsc#1082555).
- Refresh patches.suse/tpm-consolidate-the-TPM-startup-code.patch
- tpm: fix byte order related arithmetic inconsistency in
tpm_getcap() (bsc#1082555).
- Refresh patches.suse/tpm-consolidate-the-TPM-startup-code.patch
- tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
(bsc#1082555).
- Refresh patches.suse/tpm-use-struct-tpm_chip-for-tpm_chip_find_get.patch
- commit 989dcf1
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- HID: usbhid: free raw_report buffers in usbhid_stop (bsc#1225238
CVE-2021-47405).
- commit 67ff2bd
- drm/radeon: fix UBSAN warning in kv_dpm.c (bsc#1227957 CVE-2024-40988)
- commit 4f641c6
- drm/exynos/vidi: fix memory leak in .get_modes() (bsc#1227828 CVE-2024-40932)
- commit d694b72
- ipack: ipoctal: fix module reference leak (bsc#1225241
CVE-2021-47403).
- commit 3f2bac7
- mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1225214
CVE-2021-47388).
- commit 180ca41
- xfs: refactor xfs_verifier_error and xfs_buf_ioerror
(git-fixes).
- Refresh
patches.suse/xfs-don-t-ever-return-a-stale-pointer-from-__xfs_dir.patch.
- commit ac4dc1f
- xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers
(git-fixes).
- commit 5d31a73
- xfs: check that dir block entries don't off the end of the
buffer (git-fixes).
- commit 46f96de
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit b3db770
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 69b68ee
- Update
patches.suse/xhci-Fix-incorrect-tracking-of-free-space-on-transfe.patch.
Fix a backporting mistake which was causing the following warning:
drivers/usb/host/xhci-ring.c: In function 'xhci_queue_intr_tx':
drivers/usb/host/xhci-ring.c:3255:6: warning: unused variable 'trbs_freed' [-Wunused-variable]
- commit 787d888
- xhci: Poll for U0 after disabling USB2 LPM (git-fixes).
- commit c66374c
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 9afcbd9
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 9f9395f
- Refresh
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch.
- commit af33133
- vt_ioctl: fix array_index_nospec in vt_setactivate
(CVE-2022-48804 bsc#1227968).
- commit ee44df4
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 9b7db88
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 16b4088
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 9fdf37b
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(bsc#1222824 CVE-2021-47219).
Fix incorrect Bug number and incorrect CVE number.
- commit b4dbf5c
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker_wake_up.patch
(bsc#1225820 CVE-2024-36924).
Fix incorrect CVE number.
- commit cb94423
- Update
patches.suse/nvme-rdma-remove-redundant-reference-between-ib_devi.patch
(bsc#1149446).
Fix bug reference (missing digit).
- commit 4f5320f
- Update patches.suse/ovl-fix-failure-to-fsync-lower-dir.patch
(bsc#1088701).
Fix bug reference (missing digit).
- commit 718aec5
- usb: core: Don't hold the device lock while sleeping in
do_proc_control() (CVE-2021-47582 bsc#1226559).
- commit ff00ceb
- USB: usbfs: fix mmap dma mismatch (CVE-2021-47582 bsc#1226559).
- commit 6c5305a
- usb: add a hcd_uses_dma helper (git-fixes).
- commit f8aa53d
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 9fbb468
- isdn: mISDN: Fix sleeping function called from invalid context
(bsc#1225346 CVE-2021-47468).
- commit 34167c4
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (bsc#1225326 CVE-2021-47395).
- commit 2fdeaab
- tools lib: Fix builds when glibc contains strlcpy() (git-fixes).
- blacklist.conf: unblaclist it
This commit allows for local builds with newer glibc.
- commit 480e775
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- commit 68ca613
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 7af1a4f
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (CVE-2023-52594 bsc#1221045).
- commit d04a718
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit 5317e78
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
(bsc#1226550 CVE-2021-47580).
- commit 72ff240
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(bsc#1222372 CVE-2024-26735).
- commit 5258c5a
- signal: Introduce clear_siginfo (git-fixes).
- commit 276fe89
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(bsc#1226550 CVE-2021-47580).
Fix incorrect bug#
- commit a8e747b
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 2623515
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1227928
CVE-2022-48811).
- commit b1dc7a1
- Update References
patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch
(bsc#1186463, CVE-2021-0129, CVE-2020-26558, bsc#1179610,
CVE-2020-26558).
- commit ef3041a
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- ibmvnic: don't release napi in __ibmvnic_open() (CVE-2022-48811
bsc#1227928).
- commit 753a87a
- Refresh
patches.suse/ipv6-sr-fix-missing-sk_buff-release-in-seg6_input_co.patch.
Fix broken patch, which only applys with rapidquilt but not with normal
patch.
- commit 9ba3403
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 4f3a9e9
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes CVE-2024-40941 bsc#1227771).
- commit e4b5384
- ethernet: Fix error handling in xemaclite_of_probe (CVE-2022-48860 bsc#1228008)
- commit f50353a
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(bsc#1224576 CVE-2024-35966).
- commit 68cb9dc
- mISDN: Fix memory leak in dsp_pipeline_build() (CVE-2022-48863
bsc#1228063).
- commit 98e043d
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit b18a093
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (CVE-2024-39499 bsc#1227725)
- commit d42ba53
- HID: core: remove unnecessary WARN_ON() in implement() (CVE-2024-39509 bsc#1227733)
- commit fe2364e
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit b775587
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch.
Fix a build warning about using min() vs min_t().
- commit a4b6164
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 38ba090
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit a8b4b50
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit 3a867bb
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (CVE-2021-47399 1225328)
- commit f559799
- mlxsw: thermal: Fix out-of-bounds memory accesses (CVE-2021-47441 bsc#1225224)
Simplified backport. Upstream patch removes code that does not exist in
SLE12-SP5, the only relevant fix is the bounds checking.
- commit 0b8797d
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (CVE-2021-47194 bsc#1222829)
- commit 6cc8bdc
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit cfe8cf0
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes, bsc#1227924, CVE-2022-48775).
- Tools: hv: kvp: eliminate 'may be used uninitialized' warning (git-fixes).
- tools: hv: fix KVP and VSS daemons exit code (git-fixes).
- commit 51c2361
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit 2fcd5af
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(CVE-2024-40929 bsc#1227774).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (CVE-2024-40912 bsc#1227790).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(CVE-2024-40942 bsc#1227770).
- NFC: port100: fix use-after-free in port100_send_complete
(CVE-2022-48857 bsc#1228005).
- commit 1f497da
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit 4cdf9a2
- USB: core: Make do_proc_control() and do_proc_bulk() killable
(CVE-2021-47582 bsc#1226559).
- commit 6d322e2
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 314dfef
- usb: get rid of pointless access_ok() calls (CVE-2021-47582
bsc#1226559).
- commit 6b48efc
- usb: usbfs: correct kernel->user page attribute mismatch
(CVE-2021-47582 bsc#1226559).
- commit d089a07
- USB: usbfs: Always unlink URBs in reverse order (CVE-2021-47582
bsc#1226559).
- commit 2364ecb
- usb: core: devio.c: Fix assignment of 0/1 to bool variables
(CVE-2021-47582 bsc#1226559).
- commit 202a764
- usb: usbfs: only account once for mmap()'ed usb memory usage
(CVE-2021-47582 bsc#1226559).
- commit a282a95
- USB: core: Fix compiler warnings in devio.c (CVE-2021-47582
bsc#1226559).
- commit d3c8045
- usb: core: Replace hardcoded check with inline function from
usb.h (CVE-2021-47582 bsc#1226559).
- commit a0c8b54
- usb: usbfs: use irqsave() in USB's complete callback
(CVE-2021-47582 bsc#1226559).
- commit 89f4a73
- signal: Replace memset(info,...) with clear_siginfo for clarity
(CVE-2021-47582 bsc#1226559).
- commit 10e5b53
- usbdevfs: get rid of field-by-field copyin (CVE-2021-47582
bsc#1226559).
- commit 9053160
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1225820 CVE-2024-26924).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
(bsc#1226560 CVE-2021-47580).
- commit 4de5c4e
- i40e: Fix VF MAC filter removal (CVE-2024-26830 bsc#1223012).
- commit 55935e5
- i40e: Do not allow untrusted VF to remove administratively
set MAC (CVE-2024-26830 bsc#1223012).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (CVE-2021-47516
bsc#1225427).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
(CVE-2021-47501 bsc#1225361).
- commit e2ee4f5
- net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257 bsc#1224896).
- commit 41e01f4
- net/smc: Transitional solution for clcsock race issue (CVE-2022-48751 bsc#1226653). - Refresh patches.suse/net-smc-fix-fallback-failed-while-sendmsg-with-fasto.patch.
- commit 7ad7d3a
- drivers: core: synchronize really_probe() and dev_uevent()
(CVE-2024-39501 bsc#1227754).
- commit 1b7df5b
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2023-52743 bsc#1225003)
- commit 0b6d94a
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (CVE-2021-47542 bsc#1225455)
- commit ce2e7bb
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit ab46189
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit de141a1
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit b887966
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
Simplified backport, keep mutex protection and only remove WARN_ON.
- commit 2ee6fb6
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 63a8256
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit 91299f0
- inet_diag: fix kernel-infoleak for UDP sockets
(CVE-2021-47597 bsc#1226553).
- commit 5ef7515
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit ee46311
- kabi/severities: Ignore tpm_transmit_cmd and tpm_tis_core_init
(bsc#1082555).
- commit c8a552a
- Bluetooth: SCO: Fix not validating setsockopt user input
(bsc#1224576 CVE-2024-35966).
- commit d80abbf
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(CVE-2024-35887 bzg#1224663 bsc#1224663).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(bsc#1225229 CVE-2021-47438 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/nfs-Handle-error-of-rpc_proc_register-in-nfs_net_ini.patch
(git-fixes CVE-2024-36939 bsc#1225838).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-after-resource-clean-up.patch
(bsc#1225898 CVE-2024-36592 CVE-2024-36952).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(bsc#122286 CVE-2021-47191 bsc#1222866).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(bsc#1224683 CVE-2024-35819 CVE-2024-35806 bsc#1224699).
- commit 81c691f
- pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1221618, CVE-2023-52619).
- commit 03ca866
- Fix build warning
Refresh
patches.suse/PM-hibernate-x86-Use-crc32-instead-of-md5-for-hibernation-.patch.
- commit 33d6e41
- xhci: Fix incorrect tracking of free space on transfer rings
(CVE-2024-26659 bsc#1222317).
- commit 985549c
- xhci: process isoc TD properly when there was a transaction
error mid TD (CVE-2024-26659 bsc#1222317).
- commit 1966e44
- xhci: store TD status in the td struct instead of passing it
along (CVE-2024-26659 bsc#1222317).
- commit dba92cd
- xhci: Add a separate debug message for split transaction errors
(CVE-2024-26659 bsc#1222317).
- commit 93897b0
- usb: xhci: Remove ep_trb from finish_td() (CVE-2024-26659
bsc#1222317).
- commit 75b9c07
- usb: xhci: Remove ep_trb from xhci_cleanup_halted_endpoint()
(CVE-2024-26659 bsc#1222317).
- Refresh
patches.suse/xhci-remove-extra-loop-in-interrupt-context.patch.
- commit 93f2e51
- usb: xhci: remove unused variable ep_ring (CVE-2024-26659
bsc#1222317).
- commit 25ab80d
- xhci: remove extra loop in interrupt context (CVE-2024-26659
bsc#1222317).
- commit 58c6482
- Bluetooth: Fix memory leak in hci_req_sync_complete()
(bsc#1224571 CVE-2024-35978).
- commit 0071ef8
- xhci: get isochronous ring directly from endpoint structure
(CVE-2024-26659 bsc#1222317).
- commit 1c8c540
- crypto: s390/aes - Fix buffer overread in CTR mode
(CVE-2023-52669 bsc#1224637).
- commit bc65b53
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
(CVE-2023-52615 bsc#1221614).
- commit c3d2ac9
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit 33ff733
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit ae6202b
- SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623
bsc#1222060).
- commit ffa9576
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit ef057c5
- ACPI: CPPC: Drop redundant local variable from cpc_read()
(bsc#1224557 CVE-2024-35995).
- commit 73812cd
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug number
- commit d503d18
- crypto: scomp - fix req->dst buffer overflow (CVE-2023-52612
bsc#1221616).
- commit 3b5d943
- xhci: handle isoc Babble and Buffer Overrun events properly
(CVE-2024-26659 bsc#1222317).
- commit 98fde6e
- net_sched: fix a missing refcnt in tcindex_init() (bsc#1224975).
- commit 45da465
- net_sched: add a temporary refcnt for struct tcindex_data
(bsc#1224975).
- Refresh
patches.suse/net-sched-tcindex-update-imperfect-hash-filters-resp.patch.
- commit b3f881b
- net_sched: fix a memory leak in cls_tcindex (bsc#1224975).
- Refresh
patches.suse/net_sched-fix-an-OOB-access-in-cls_tcindex.patch.
- Refresh
patches.suse/net_sched-keep-alloc_hash-updated-after-hash-allocat.patch.
- commit 98c1fbb
- net: sched: fix memory leak in tcindex_partial_destroy_work (CVE-2021-47295 bsc#1224975)
- commit 280e278
- net_sched: hold rtnl lock in tcindex_partial_destroy_work() (bsc#1224975)
- commit 6f5da00
- blacklist.conf: convert entry to Alt-commit:
Refresh patches.suse/net_sched-fix-a-race-condition-in-tcindex_destroy.patch.
- commit 4a1ea17
- kernel-binary: vdso: Own module_dir
- commit ff69986
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213,bsc#1227191)
Refresh patches.suse/drm-qxl-fix-UAF-on-handle-creation.patch
- commit 55a7bf6
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- containerd
-
- Update to containerd v1.7.23. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.22. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Revert noarch for devel subpackage for SLE 15
Switching to noarch causes issues on SLES maintenance updates, reverting it
fixes our image builds
- Update to containerd v1.7.17. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.17>
- Switch back to using tar_scm service. Aside from obs_scm using more bandwidth
and storage than a locally-compressed tar.xz, it seems there's some weird
issue with paths in obscpio that break our SLE-12-only patch.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.16. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.16>
CVE-2023-45288 bsc#1221400
- Use obs_scm service instead of tar_scm
- Removed patch 0002-shim-Create-pid-file-with-0644-permissions.patch
(merged upstream at
<https://github.com/containerd/containerd/pull/9571>)
- Update to containerd v1.7.15. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.15>
- Update to containerd v1.7.14. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.14>
- Update to containerd v1.7.13. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.13>
- Update to containerd v1.7.12. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.12>
- Update to containerd v1.7.11. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.11>
GHSA-jq35-85cj-fj4p bsc#1224323
- Use %patch -P N instead of deprecated %patchN.
- Enable manpage generation
- Make devel package noarch
- adjust rpmlint filters
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
- Update to containerd v1.7.10. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- openssl-1_0_0
-
- Pull libopenssl-1_0_0 when updating openssl-1_0_0 with the same
version. [bsc#1228291]
- Security fix: [bsc#1227138, bsc#1227227, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- ksh
-
- do not use posix_spawn as it lacks proper job handling [bsc#1224057]
new patch: ksh93-no-posix_spawn.dif
- fix segfault in variable substitution [bsc#1129288]
new patch: ksh93-putval.dif
- fix untrusted environment execution [bsc#1160796] [CVE-2019-14868]
new patch: ksh93-untrustedenv.dif
- regionServiceClientConfigGCE
-
- Version 4.2.0 (jsc#PCT-361)
+ Add IPv6 certs to supprt access of the update infrastructure via
IPv6 on GCE instances.
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- ruby2.1
-
- Add CVE-2024-47220.patch (CVE-2024-47220) Fix HTTP request
smuggling (boo#1230930)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- python36
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- libpcap
-
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python3-base
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add bpo27240-rewrite_email_hdr_fold.patch rewriting the email
header folding algorithm to make the codebase compatible with
Python 3.6.4+, so we can continue to maintain it.
- And even before that we have to add
bpo24211-RFC6532-supp-email.patch.
- Also bpo20098-email-mangle_from-policy.patch.
- Add finally, CVE-2024-6923-email-hdr-inject.patch to prevent
email header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- python-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- python3
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add bpo27240-rewrite_email_hdr_fold.patch rewriting the email
header folding algorithm to make the codebase compatible with
Python 3.6.4+, so we can continue to maintain it.
- And even before that we have to add
bpo24211-RFC6532-supp-email.patch.
- Also bpo20098-email-mangle_from-policy.patch.
- Add finally, CVE-2024-6923-email-hdr-inject.patch to prevent
email header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- shadow
-
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Update shadow-CVE-2013-4235.patch to be more complete
- python-pyOpenSSL
-
- Fix for bsc#1231700:
* 0001-Don-t-use-things-after-they-re-freed.duh-709.patch: Add
missing patch that introduced X509._from_raw_x509_ptr needed by
CVE-2018-1000807 fix.
gh#pyca/pyopenssl@4aa52c33d3ee
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- sudo
-
- Fix a regression in -P handling cased by fix for CVE-2021-3156
Fix provided by Brahmajit Das [bsc#1234371]
* sudo-CVE-2021-3156.patch updated
- google-osconfig-agent
-
- Update to version 20240926.03 (bsc#1231775, bsc#1231776)
* Revert "Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)" (#684)
- from version 20240926.02
* Bump go.opentelemetry.io/otel from 1.24.0 to 1.30.0 (#679)
* another batch of depencies upgrade (#683)
- from version 20240926.01
* aggregate dependabot changes to go.mod (#677)
* Revert back Source package info delivery to control-plane (#673)
- from version 20240926.00
* Update OWNERS (#676)
- from version 20240924.02
* Upgrade grpc and it's dependencies to latest version (#672)
- from version 20240924.01
* Implement keepalive config (#671)
- from version 20240924.00
* Set new version of gRPC for test (#669)
- from version 20240920.00
* Revert "bump version of the gRPC" (#667)
- from version 20240919.00
* bump version of the gRPC (#666)
- from version 20240917.00
* Merge pull request #665 from GoogleCloudPlatform/revert-664-update_grpc_dependency
* Revert "Update grpc library and other dependencies. (#664)"
- from version 20240916.00
* Update grpc library and other dependencies. (#664)
- from version 20240913.00
* Move packagebuild presubmit to osconfig (#662)
- from version 20240912.00
* Revert "update osconfig api to v1.13.0 & indirect dependency update" (#659)
- from version 20240822.00
* Revert "Source package info delivery to control-plane (#639)" (#656)
- from version 20240821.00
* Fix golang version format to fix builds. (#655)
- from version 20240814.01
* Use gcsfuse pkg in guest-policies e2e in pkg
update tests instead of old pkgs (#653)
* Replace osconfig-agent-test pkg by gcsfuse in ospolicies
tests and inventory-report tests (#652)
- from version 20240806.00
* Disable Repository Resource test for SLES-12 (#650)
- Update to version 20240801.00
* Fix Debian-12 failing test by using gcsfuse pkg
* Fix fetching gpg key unit tests (#649)
- from version 20240729.00
* Fix for old state file on Windows (#648)
- from version 20240723.00
* Add debugging logs for repository resource config (#646)
- from version 20240718.00
* Fix SLES-12 SP5 RPM package-resource e2e test (#645)
- from version 20240715.01
* Fix OSPolicies e2e tests for SLES-15 SP5 by removing
zypper update from VMs startup script (#644)
- from version 20240715.00
* Fix GuestPolicies e2e tests for SLES-15 SP5 by removing
zypper update from VMs startup script (#643)
- from version 20240709.01
* Source package info delivery to control-plane (#639)
- from version 20240709.00
* Enable gpgcheck flag for RPM e2e tests (#638)
- from version 20240708.00
* Update osconfig api to v1.13.0
* Indirect dependency update (#637)
- from version 20240705.01
* Updating Windows & Linux Chrome packages
to fix failing e2e tests (#636)
- from version 20240705.00
* Merge pull request #635 from Gulio/patch-1
* Update OWNERS
- from version 20240702.02
* Remove RHEL-7 and CentOS-7 images from e2e tests (#634)
- Update to version 20240702.01
* Use Debian-11 img in googet pkg build workflow (#632)
- from version 20240702.00
* Pipeline testing 00 (#631)
- from version 20240701.00
* update readme file (#628)
- from version 20240625.01
* Updating yum install to support multi architecture based packages
* Revert "Adding Architecture to the packages being installed/updated in yum repo"
- from version 20240625.00
* Update old SLES images urls (#627)
- from version 20240620.00
* Merge pull request #626 from GoogleCloudPlatform/yum-multiarch-fix
* Adding Architecture to the packages being installed/updated in yum repo
- from version 20240618.01
* Extract source_name(source_rpm) for rpm packages (#624)
- from version 20240618.00
* update README.md file (#625)
- from version 20240615.00
* Fix(dpkg) return onlt installed items as inventory (#623)
* Extract source name and version for dpkg packages. (#622)
- Update to version 20240607.00
* Update e2e tests to use VMM team's GCP project for pkgs testing version (#621)
- from version 20240606.00
* Disable SUSE tests to run with testing agent repo (#619)
- from version 20240604.00
* Fix the logic of pick region for Artifact Registry function (#618)
- from version 20240603.00
* Disable centos-stream-8 tests as it reached EOL in May 31 (#617)
- from version 20240529.00
* Merge pull request #610 from savijatv/patch-3
* Update cis-level1-once-a-day-policy.yaml
- from version 20240528.00
* Merge pull request #616 from MahmoudOuka/allow-windows-e2e-tests-to-\
install-testing-version-of-agent-from-private-artifact-registry-repos
* Allow Windows e2e tests to pull osconfig-agent pkg from testing (private)
repos from Artifact registry
- from version 20240527.01
* Merge pull request #615 from MahmoudOuka/fix-SUSE-e2e-tests
* fix SUSE e2e tests
- from version 20240527.00
* Merge pull request #614 from MahmoudOuka/allow-apt-and-yum-\
e2e-tests-to-pull-osconfig-agent-pkg-from-testing-repos
* fix golint comments
* Allow Apt & Yum e2e tests to pull osconfig-agent pkg from testing repos
- from version 20240524.03
* Merge pull request #611 from savijatv/patch-ospolicy-samples
* Update to the CIS OS policy samples
- from version 20240524.00
* Merge pull request #612 from MahmoudOuka/update-apt-e2e-tests-\
to-pull-osconfig-agent-pkg-from-new-ar-repos
* fix golint comment
* Update Apt e2e tests to pull osconfig-agent pkg from new AR repos instead of rapture
- from version 20240523.02
* bump golang.org/x/crypto version (#613)
- from version 20240523.00
* update go-cmp dependency (#604)
- from version 20240522.00
* rollback masive dependency update (#603)
* Bump google.golang.org/api from 0.180.0 to 0.181.0 (#596)
- Update to version 20240517.00
* Bump cloud.google.com/go/auth from 0.4.1 to 0.4.2 (#597)
- from version 20240516.01
* Bump cloud.google.com/go/logging from 1.9.0 to 1.10.0 (#595)
* Bump cloud.google.com/go/storage from 1.40.0 to 1.41.0 (#594)
- from version 20240516.00
* Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#593)
- Update to version 20240513.02
* E2e tests: allow passing spesific EL version
number to InstallOSConfigEL func (#592)
- from version 20240513.01
* Bump google.golang.org/api from 0.179.0 to 0.180.0 (#591)
- from version 20240513.00
* E2e tests: Fix EL version detection logic in E2E tests (#590)
* Bump google.golang.org/api from 0.178.0 to 0.179.0 (#589)
- from version 20240510.02
* Bump cloud.google.com/go/auth from 0.4.0 to 0.4.1 (#588)
- from version 20240510.01
* E2e tests: use family url format instead of specific
version URL for head test images (#587)
- from version 20240510.00
* Fix for lock location (#586)
- from version 20240509.03
* Bump cloud.google.com/go from 0.112.2 to 0.113.0 (#584)
- from version 20240509.02
* Remove dependabot not needed label (#576)
- from version 20240509.01
* Write inventory to attributes only if enabled (#486)
- from version 20240509.00
* E2e tests: install gnupg2 and run apt update in VMs startup-scripts (#583)
* Add a temporary e2e test image for Ubuntu to test
the latest osconfig-agent stable version (#582)
* Bump google.golang.org/api from 0.177.0 to 0.178.0 (#578)
* Bump github.com/googleapis/gax-go/v2 from 2.12.3 to 2.12.4 (#579)
* Bump cloud.google.com/go/iam from 1.1.7 to 1.1.8 (#577)
* Bump cloud.google.com/go/auth from 0.3.0 to 0.4.0 (#580)
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#581)
* Bump golang.org/x/net from 0.24.0 to 0.25.0 (#575)
* Bump cloud.google.com/go/osconfig from 1.12.6 to 1.12.7 (#573)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#574)
* Bump cloud.google.com/go/longrunning from 0.5.6 to 0.5.7 (#571)
- from version 20240508.08
* Bump github.com/golang/glog from 1.2.0 to 1.2.1 (#572)
- from version 20240508.07
* Bump golang.org/x/text from 0.14.0 to 0.15.0 (#565)
- from version 20240508.06
* Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#566)
* Bump golang.org/x/sys from 0.19.0 to 0.20.0 (#564)
- from version 20240508.05
* Bump go.opentelemetry.io/otel/trace from 1.24.0 to 1.26.0 (#563)
- from version 20240508.04
* Bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#567)
* Using the default reviewer set for PR approvals (#570)
- from version 20240508.03
* Adding advanced CodeQL settings to scan on PRs (#569)
- from version 20240508.02
* Update Debian-12 package build workflow to use debian-cloud project (#568)
- from version 20240508.01
* Dependabot dependency updates (#562)
- from version 20240508.00
* Revert "Initial configuration of the dependabot
for the direct and indirect d…" (#561)
* Initial configuration of the dependabot for the
direct and indirect dependency scanning (#560)
- from version 20240507.00
* Fix Debian-12 package build workflow typo (#559)
- from version 20240506.00
* Use signed-by keyring approach for apt repos in Debian 12+ and Ubuntu 24+ (#558)
- from version 20240501.03
* Logrus dependency update (#557)
- from version 20240501.02
* Updating dependencies and respective checksums (#556)
- from version 20240501.01
* Update go.mod (#554)
- from version 20240501.00
* Bump golang.org/x/net from 0.17.0 to 0.23.0 (#542)
- from version 20240430.01
* Remove SBOM generation logic from package build workflows (#553)
- from version 20240425.00
* Fix e2e tests for exec-output size limit (#552)
- from version 20240424.00
* Disabled some images which are either past EoL or broken (#549)
- from version 20240423.01
* Copy packagebuild folder from guest-test-infra repo to osconfig repo (#545)
* OS Config windows state file location changed (#544)
- from version 20240423.00
* Removed debian-10 from e2e tests (#548)
- from version 20240422.00
* Merge pull request #541 from GoogleCloudPlatform/michaljankowiak-patch-1
* Update OWNERS
- from version 20240409.00
* Bump output size limit to 500KB (#538)
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- Security fix (bsc#1221563, bsc#1219559, CVE-2023-52425):
* expat-CVE-2023-52425-1.patch: [PATCH] Grow buffer based on
current size
* expat-CVE-2023-52425-2.patch:
* expat-CVE-2023-52425-backport-parser-changes.patch:
CVE-2023-52425 Additional parser fixes
* expat-CVE-2023-52425-fix-tests.patch: CVE-2023-52425 Tests and
Test suite fixes
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- gcc13
-
- Add gcc13-pr116657.patch to fix for parsing tzdata 2024b [gcc#116657]
- yast2-network
-
- Honor the AutoYaST profile allowing to disable the IP check
(bsc#1216859).
- 3.4.12
- xfsprogs
-
- libfrog: fix missing error checking in workqueue code (bsc#1227232)
- add xfsprogs-libfrog-fix-missing-error-checking-in-workqueue-code.patch
- xfs_repair: ignore empty xattr leaf blocks (bsc#1227911)
- add xfsprogs-xfs_repair-ignore-empty-xattr-leaf-blocks.patch
- mkfs: terminate getsubopt arrays properly (bsc#1228270)
- add xfsprogs-mkfs-terminate-getsubopt-arrays-properly.patch
- xfs_copy: bail out early when superblock cannot be verified
(bsc#1227150)
- fix return value of error code, which is expected to be negative
- release-notes-sles
-
- 12.5.20241206 (tracked in bsc#933411)
- Added note about openJDK 11 support status (bsc#1233970)
- 12.5.20241014 (tracked in bsc#933411)
- Added note about openSSH 8.4 (bsc#1222298)
- Added note about unsupported hibernate/suspend on Xen (bsc#1214405)
- Added note about chrony 4.1 (jsc#SLE-22248)
- Added note about adcli --dont-expire-password (jsc#SLE-21223)
- Added note about sudo -U -l restriction (jsc#SLE-22569)
- Added note about nodejs16 addition (jsc#SLE-21234)
- Added note about rsyslog 8.2106 (jsc#SLE-21522)
- Added note about tcl 8.6.12 (jsc#SLE-21015)
- Added note about sudo 1.8.27 update (jsc#SLE-17083)
- Added note about unsupported modules (jsc#PED-8089)
- vim
-
- Fix for bsc#1231373 / CVE-2024-47814.
- Fix for bsc#1229238 / CVE-2024-43374.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- Remove patch to fix bsc#1220618:
* vim-8.2.3607-revert-gtk3-code-removal.patch
- This patch introduced this bug that caused Vim to use significantly more CPU.
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- libzypp
-
- Url: queryparams without value should not have a trailing "=".
- version 16.22.15 (0)
- Url query part: `=` is a safe char in value (bsc#1234304)
Some CDN auth token implementations require a `=` within the
query parameters value not to be %-encoded.
- version 16.22.14 (0)
- apparmor
-
- Add apparmor-fix-ping6-denied.patch to allow ping to use
IPv6 RAW sockets ( bsc#1230541 ).
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- fix Xen virtualization type misidentification bsc#1215918
lscpu-fix-parameter-order-for-ul_prefix_fopen.patch
- google-guest-agent
-
- Update to version 20241011.01 (bsc#1231775, bsc#1231776)
* SUSE no overwrite bug fix, Ubuntu 18.04 exception (#451)
- from version 20241011.00
* Skip MDS setup by default for this release (#450)
- from version 20241010.01
* Revert "network/netplan: Adjust link-local accordingly (#443)" (#448)
* Set enable regardless of previous check failed or not (#447)
- from version 20241009.03
* Avoid unnecessary reloads, check before overwriting configs (#446)
- from version 20241009.02
* network/netplan: Do generate instead of apply (#445)
- from version 20241009.01
* Skip SetupInterfaces if configs are already applied (#444)
* network/netplan: Adjust link-local accordingly (#443)
* Repeated logging could be mistaken for a recurring issue,
log mds mtls endpoint error only once (#439)
* Retry MDS PUT operation, reload netplan/networkctl
only if configs are changed (#438)
* Log interface state after setting up network (#437)
* network: Debian 12 rollback only if default netplan is ok (#436)
- from version 20240930.01
* Change mtls mds defaults, update log message to assure error is harmless (#434)
- from version 20240930.00
* network: Restore Debian 12 netplan configuration. (#433)
* network: Remove primary NIC left over configs. (#432)
* Update VLAN interfaces format to match with MDS (#431)
* Fix panics in agent when setting up VLAN with netplan (#430)
* Add VLAN NIC support for NetworkManager (#429)
* Fix debian12 netplan config issue, use ptr receiver (#428)
* Update README to reflect new network manager changes (#427)
* Introduce a configuration toggle for enabling/disabling cloud logging (#413)
* Adapt and update config key to be consistent with MDS (#426)
* Allow users to enable/disable the mds mtls via metadata key (#423)
* Make primary nic management config consistent across all network managers (#422)
* Document disabling account manager on AD (#421)
* Update README with MDS MTLS docs (#418)
* Avoid writing configuration files when they already exist on wicked and (#410)
* Update golang.org/x/net dependencies to catch up on CVEs (#412)
* Get rid of deperecated dependencies in snapshot service generate code (#411)
* Fix where agent panics on nil event (#409)
* Configure primary nic if only set in cfg file (#408)
* Update NIC management strategy (#402)
* Only release dhclient leases for an interface if the
respective dhclient is still running (#407)
* Disable OS Login without pruning off any extra suffix. (#400)
* Skip root cert rotation if installed once (#405)
* Add ipv6 support to guest agent (#404)
* Update Accounts documentation (#403)
* Update google-startup-scripts.service to enable logging (#399)
* Network subsystem remove os rules (#396)
* oslogin: Don't remove sshca watcher when oslogin is disabled (#398)
* Update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* Update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* windows account: Ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* Change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: Support Debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: Only set secondary interfaces as up (#378)
* address manager: Make sure we check for oldMetadata (#375)
* network: Early setup network (#374)
* NetworkManager: Fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: Make sure we clean up ifcfg files (#371)
* metadata script runner: Fix script download (#370)
* oslogin: Avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: Remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* Ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- Update to version 20240816.00
* Add configuration toggle to enable/disable use
of OS native certificate stores (#419)
* Fix dependencies in stable branch #412 (#415)
* Update dep: golang.org/x/crypto to v0.17.0
* Update dep: google.golang.org/protobuf to 1.33.0
* Update dep: golang.org/x/net to 0.17.0
* Update dep: google.golang.org/grpc to v1.57.1
- from version 20240813.00
* Update README with MDS MTLS docs (#418)
- from version 20240808.01
* Avoid writing configuration files when they already
exist on wicked and NetworkManager (#410)
- from version 20240808.00
* Update golang.org/x/net dependencies
to catch up on CVEs (#412)
- from version 20240805.00
* Get rid of deperecated dependencies in
snapshot service generate code (#411)
- Drop dont_overwrite_ifcfg.patch, fixed upstream
- Update to version 20240802.00
* Fix where agent panics on nil event (#409)
- from version 20240801.00
* Configure primary nic if only set in cfg file (#408)
* Update NIC management strategy (#402)
* Only release dhclient leases for an interface if the respective dhclient is still running (#407)
* Disable OS Login without pruning off any extra suffix. (#400)
* Skip root cert rotation if installed once (#405)
* Add ipv6 support to guest agent (#404)
* Update Accounts documentation (#403)
* Update google-startup-scripts.service to enable logging (#399)
* Network subsystem remove os rules (#396)
* oslogin: don't remove sshca watcher when oslogin is disabled (#398)
* Update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* Update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* Windows account: ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* Change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: support debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: only set secondary interfaces as up (#378)
* address manager: make sure we check for oldMetadata (#375)
* network: early setup network (#374)
* NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: make sure we clean up ifcfg files (#371)
* metadata script runner: fix script download (#370)
* oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* Ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- from version 20240716.00
* Update dep: golang.org/x/crypto to v0.17.0
* Update dep: google.golang.org/protobuf to 1.33.0
* Update dep: golang.org/x/net to 0.17.0
* Update dep: google.golang.org/grpc to v1.57.1
- Update to version 20240701.00
* Update google-startup-scripts.service to enable logging (#399)
- Update to version 20240611.01
* Network subsystem remove os rules (#396)
* oslogin: don't remove sshca watcher when oslogin is disabled (#398)
* update dependencies to catch up on CVE fixes (#397)
* Network manager netplan implementation (#386)
* update dependencies to catch up on CVE fixes (#391)
* Log current available routes on error (#388)
* Fix command monitor bugs (#389)
* windows account: ignore "user already belogs to group" error (#387)
* Add more error logging in snapshot handling requests, use common retry util (#384)
* All non-200 status code from MDS should raise error (#383)
* change metadata key to enable-oslogin-certificates (#382)
* Update dhclient pid/lease file directory to abide apparmor rules (#381)
* Add COS homedir-gid patch to upstream. (#365)
* Add require-oslogin-certificates logic to disable keys (#368)
* systemd-networkd: support debian 12's version (#372)
* Minor update typo in comment (#380)
* NetworkManager: only set secondary interfaces as up (#378)
* address manager: make sure we check for oldMetadata (#375)
* network: early setup network (#374)
* NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: make sure we clean up ifcfg files (#371)
* metadata script runner: fix script download (#370)
* oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
* Create systemd-networkd unit tests. (#354)
* Update network manager unit tests (#351)
* Implement retry util (#350)
* Refactor utils package to not dump everything unrelated into one file (#352)
* Set version on metadata script runner (#353)
* Implement cleanup of deprecated configuration directives (#348)
* ignore DHCP offered routes only for secondary nics (#347)
* Deprecate DHClient in favor of systemd-networkd (#342)
* Generate windows and linux licenses (#346)
* Remove quintonamore from OWNERS (#345)
* Delete integration tests (#343)
- from version 20240528.00
* update dep: golang.org/x/crypto to v0.17.0
* update dep: google.golang.org/protobuf to 1.33.0
* update dep: golang.org/x/net to 0.17.0
* update dep: google.golang.org/grpc to v1.57.1
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- systemd
-
- Add 6001-udev_monitor_receive_device-dynamically-allocate-rec.patch (bsc#1226095)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.13. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.13>.
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- Backport <https://github.com/opencontainers/runc/pull/3931> to fix a
performance issue when running lots of containers, caused by systemd getting
too many mount notifications. bsc#1214960
+ 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- iputils
-
- Bring back ifenslave binary bcs#1234224
* Add iputils-ifenslave.diff
* Rebase iputils-disable-rarpd-rdisc.patch
- Resolve jsc#PED-9524
- Bump version to version s20161105 (bsc#1221439)
- This version can use ICMP datagram sockets without CAP_NET_RAW capabilites.
- Added iputils-disable-rarpd-rdisc.patch
- disables building of rarpd and rdisc as they're provided by separate package (rarpd) in SLE12-SP5
Full changelog:
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- Remove 2 old patches (iputils-sec-ping-unblock.diff, iputils-ping-interrupt.diff)
Although not documented, they both belong to bsc#674304. Fix from 2011 was
resolved upstream in commit 810dd7f ("ping,ping6: Unmask signals on
start-up.") [1], released in s20121112.
- Update iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
(backport 4471ac6 to add changes in header files)
- Use git format for iputils-ping-fix-pmtu-for-ipv6.patch (required by
%autosetup -p1)
- Use %autosetup -p1
- Backport license information from upstream (bnc#1082788):
iputils-add-license-info.diff
- Backport iputils-ping-fix-pmtu-for-ipv6.patch from upstream
to fix PMTU discovery in ping6. (bsc#1072460)
- Install rdisc as rdisc, do not use in.rdisc anymore (xinetd which
was using in.* names is obsolete anyways)
- iputils: remove man pages of unused binaries: ninfod, pg3, rdisc
(rdisc is in a separate package)
- Add systemd service for rarpd
- mark ping also verify not caps, as these are changed by the
permissions package. (bsc#1065835)
- Reintroduce rarpd as subpackage
- Explicitly list content in filelist as we have two subpackages
now
- Cleanup with spec-cleaner
- Update to version s20161105 (Changes taken from the RELNOTES file)
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add ping6 symlink (boo#1017616)
- do not install rarpd and rarpd.8 manpage (comes from rarpd rpm currently)
- Update to version s20160308 (Changes taken from the RELNOTES file)
* use syntax compatible with busybox date in Makefile
* 'admin prohibited' should print !X not !S.
* Makefile: use #define as in previous code changes
* doc/Makefile: require bash, because we use pushd and popd
* doc: don't timestamp manpages by default
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* ping: ICMP error replies while errno < 0 is a hard error
* ping: always use POSIX locale when parsing -i
* ping: link against libm
* made ping functions protocol independent
* ping: perform dual-stack ping by default
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* ping: fix defines and libs in Makefile
* ping: handle single protocol systems
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* Allow ping to use IPv6 addresses
* ping,ping6 doc: More description on CAP_NET_RAW usage.
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* tracepath,doc: fix corrupted tag
* doc: ping: add missing options and remove ping6
* ninfod: remove unused variables
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* Fix building with musl
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* remove IPV4_TARGETS and IPV6_TARGETS
* Use svg instead of png to get better image quality
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
- Refreshed patches
* iputils-ping-interrupt.diff
* iputils-sec-ping-unblock.diff
- Remove ifenslave.c. It has been removed in the linux kernel commit
b1098bbe1b24("bonding: remove ifenslave.c from kernel source").
bonding can be done via iproute (netlink)
- dropped iputils-ifenslave.diff
- Append our CFLAGS to the upstream ones instead of overriding them.
- Cleanup old make command since the upstream Makefile does things right
it seems.
- Use Provides: for old /{,s}bin utils to satisfy reverse dependencies.
- Install utilities to /bin and /sbin until reverse dependencies are
properly fixed.
- Do not install tftp and traceroute to avoid conflicts with the tftp and
traceroute packages. Stick to what iputils used to provide in the past.
- Remove iputils-traceroute6-stdint.diff patch since we are not building
the traceroute* utilities.
- Install tracepath to /usr/bin. (boo#795788)
- Update to version s20150815
* use syntax compatible with busybox date in Makefile
* Makefile: use #define as in previous code changes
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* tracepath,doc: fix corrupted tag
* made ping functions protocol independent
* Allow ping to use IPv6 addresses
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* ping: perform dual-stack ping by default
* remove IPV4_TARGETS and IPV6_TARGETS
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* Use svg instead of png to get better image quality
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
* ping,ping6 doc: More description on CAP_NET_RAW usage.
- Update patches
* iputils-s20101006-ping-interrupt.diff > iputils-ping-interrupt.diff
* iputils-s20101006-sec-ping-unblock.diff > iputils-sec-ping-unblock.diff
* iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- Update home project page and download Url
- Remove obsolete %clean section
- Remove UsrMerge process; it has been done for more than two
openSUSE releases now
- Fix a bogus kernel version check (boo#927831):
iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- _product:sle-sdk-release
-
n/a
- python-base
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- grep
-
- port-recent-fix-to-older-pcre-version.patch: Don't assume that
a pcre_exec that returns PCRE_ERROR_NOMATCH leaves its sub
argument alone. (bsc#1227099)
- docker
-
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
bsc#1232999
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- avahi
-
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- bind
-
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
only allowing a maximum of 100 records to be stored per name
and type in a cache or zone database.
(CVE-2024-1737)
[bsc#1228256, bind-9.11-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.11-CVE-2024-1975.patch]