sles-15-sp3-sap-v20220602-x86-64 Package Source Changes

NetworkManager

- Add 0001-supplicant-interface-Match-more-ciphers-to-determine.patch:
  supplicant/interface: Match more ciphers todetermine AP security
  (glfo#NetworkManager/NetworkManager/commit/e0191320, bsc#1198381);

cups

- cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691
  cups: authentication bypass and code execution (bsc#1199474)

curl

- Securiy fix: [bsc#1199223, CVE-2022-27781]
  * CERTINFO never-ending busy-loop
  * Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
  * TLS and SSH connection too eager reuse
  * Add curl-CVE-2022-27782.patch

dhcp

- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.

firewalld

- Fix regression introduced in previous patch (an api change to a
  function also needed backporting) (bsc#1198814)
  * feature-upstream-new-check-config-1.patch
  * feature-upstream-new-check-config-2.patch

fribidi

- Add fribidi-CVE-2022-25308.patch: fix a stack overflow (boo#1196147
  CVE-2022-25308).
- Add fribidi-CVE-2022-25309.patch: protect against garbage in the
  CapRTL encoder (boo#1196148 CVE-2022-25309).
- Add fribidi-CVE-2022-25310.patch: fix a SEGV in
  fribidi_remove_bidi_marks (boo#1196150 CVE-2022-25310).

glibc

- Add s390-add-z16-name.diff for bsc#1198751.

grep

- Make profiling deterministic (bsc#1040589, SLE-24115)

libtirpc

- check for nullpointer in check_address (bsc#1198176)
  update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch

nftables

- add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare
  crashes that could occur e.g. in firewalld (bsc#1197606).

pcre2

- Added pcre2-10.31-bsc1199232-unicode-property-matching.patch
  * bsc#1199232 / CVE-2022-1586
  * Fixes unicode property matching issue

perl-XML-LibXML

- (bsc#1197798) FTBFS: compile against latest version available of
  libxml in SP4 so perl-XML-LibXSLT compiles cleanly.

suse-build-key

- still ship the old ptf key (was not added to documentation by mistake).
  (bsc#1198504)

tiff

- security update
  * CVE-2022-0561 [bsc#1195964]
    + tiff-CVE-2022-0561.patch
  * CVE-2022-0562 [bsc#1195965]
    + tiff-CVE-2022-0562.patch
  * CVE-2022-0865 [bsc#1197066]
    + tiff-CVE-2022-0865.patch
  * CVE-2022-0909 [bsc#1197072]
    + tiff-CVE-2022-0909.patch
  * CVE-2022-0924 [bsc#1197073]
    + tiff-CVE-2022-0924.patch
  * CVE-2022-0908 [bsc#1197074]
    + tiff-CVE-2022-0908.patch
- security update
  * CVE-2022-1056 [bsc#1197631]
  * CVE-2022-0891 [bsc#1197068]
    + tiff-CVE-2022-1056,CVE-2022-0891.patch