- 000release-packages:SLES_SAP-release
-
n/a
- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.16-CVE-2024-11187.patch]
- cloud-regionsrv-client
-
- Update to 10.3.11 (bsc#1234050)
+ Send registration code for the extensions, not only base product
- Update to 10.3.8 (bsc#1233333)
+ Fix the package requirements for cloud-regionsrv-client
+ Follow changes to suseconnect error reporting from stdout to stderr
- kernel-default
-
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit a0c98f3
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142 bsc#1233028)
- commit 03267d6
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088 CVE-2024-46858)
- commit 9ccbda8
- Fix sorting error
```
Error: Current series.conf is not sorted. Please run series_sort.py first and commit the result before adding new patches.
```
- commit a81b3e9
- kABI fix for net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
net' free in netns dismantle") introduced a new struct element
`defer_free_list` into `struct net`. In order to preserve the kABI, move
the newly added element into a hole.
```
struct netns_nexthop nexthop; /* 560 72 */
/* XXX 8 bytes hole, try to pack */
/* --- cacheline 10 boundary (640 bytes) --- */
struct netns_ipv4 ipv4 __attribute__((__aligned__(64))); /* 640 704 */
```
- commit 3fc1183
- net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
- commit 8694248
- NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847).
- commit 9f70842
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- commit 97689a4
- NFS: Adjust the amount of readahead performed by NFS readdir
(bsc#1231847).
- commit 28137f0
- NFS: Do not flush the readdir cache in nfs_dentry_iput()
(bsc#1231847).
- commit f9c2fd9
- smb: prevent use-after-free due to open_cached_dir error paths
(CVE-2024-53177 bsc#1234896).
- commit bf3cf0a
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600 bsc#1235217).
- commit 4f3d37a
- blacklist.conf: Not affected byy CVE-2024-44932 and CVE-2024-44964
- Delete
patches.suse/idpf-fix-UAFs-when-destroying-the-queues.patch.
- Delete
patches.suse/idpf-fix-memory-leaks-and-crashes-while-performing-a.patch.
This fixes bsc#1236628
- commit eb1fe78
- netfilter: x_tables: fix LED ID check in led_tg_check()
(CVE-2024-56650 bsc#1235430).
- commit a130a9c
- drm/amdkfd: Correct the migration DMA map direction (bsc#1235969 CVE-2024-57897)
- commit e14ed1e
- drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806 CVE-2024-57876)
- commit 7f76a66
- netfilter: nf_tables: validate family when identifying table
via handle (bsc#1233778 ZDI-24-1454).
- commit 1df7b33
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- commit 0a0fe49
- ibmvnic: Free any outstanding tx skbs during scrq reset
(bsc#1226980).
- commit a6b7a28
- scsi: qedi: Fix a possible memory leak in
qedi_alloc_and_init_sb() (CVE-2024-56747 bsc#1234934).
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
(CVE-2024-53227 bsc#1235011).
- scsi: hisi_sas: Create all dump files during debugfs
initialization (CVE-2024-56588 bsc#1235123).
- commit 9c17f1e
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit cb91989
- Update
patches.suse/jffs2-Prevent-rtime-decompress-memory-corruption.patch
(git-fixes CVE-2024-57850 bsc#1235812).
- Update patches.suse/nilfs2-prevent-use-of-deleted-inode.patch
(git-fixes CVE-2024-53690 bsc#1235842).
- Update
patches.suse/powerpc-pseries-vas-Add-close-callback-in-vas_vm_ops.patch
(bsc#1234825 CVE-2024-56765 bsc#1235643).
- commit f49a45b
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601 bsc#1235230).
- commit b4769c0
- README.BRANCH: Add Vasilis as a maintainer
- commit a02a3e0
- ceph: improve error handling and short/overflow-read logic in
__ceph_sync_read() (bsc#1228592).
- commit 7a83331
- btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645 CVE-2024-56759).
- commit e811c1c
- gpiolib: cdev: fix uninitialised kfifo (git-fixes bsc#1225736
CVE-2024-36898).
- commit f6b2a4f
- Fix compiler warning introduced in
patches.suse/udf-Avoid-excessive-partition-lengths.patch.
- commit fcad12d
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
bsc#1235466).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166
bsc#1234884).
- commit 894e940
- Refresh
patches.suse/x86-xen-don-t-do-PV-iret-hypercall-through-hypercall.patch.
- commit df281af
- x86/static-call: Remove early_boot_irqs_disabled check to fix
Xen PVH dom0 (git-fixes).
- commit 2c0880a
- bnxt_en: Fix receive ring space parameters when XDP is active
(CVE-2024-53209 bsc#1235002).
- commit d4ecf76
- Fix broken order in series.conf
- commit e5bdf00
- ALSA: seq: oss: Fix races at processing SysEx messages
(CVE-2024-57893 bsc#1235920).
- commit f05049d
- Refresh
patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch.
exportpatch and refresh to have increasing line numbers, rapidquilt
could've ignored that:
warning: patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch:
Possibly ignored hunk: @@ -5829,10 +5830,12 @@ static irqreturn_t hns_roce_v2_msix_interrupt_abn(int irq, void *dev_id)
- commit eb2308c
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 570da1e
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 15490f2
- net/smc: check return value of sock_recvmsg when draining clc
data (CVE-2024-57791 bsc#1235759).
- commit b879d55
- power: supply: gpio-charger: Fix set charge current limits
(git-fixes CVE-2024-57792 bsc#1235764).
- commit 80ed527
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664 bsc#1235249).
- commit 03e2626
- virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (CVE-2024-57793 bsc#1235768).
- commit 9f7ed49
- s390/cpum_sf: Handle CPU hotplug remove during sampling
(CVE-2024-57849 bsc#1235814).
- commit e03f9af
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes bsc#1230697 CVE-2024-8805 CVE-2024-53144
bsc#1234690).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(git-fixes CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(git-fixes CVE-2024-53229 bsc#1234905).
- Update
patches.suse/Revert-mmc-dw_mmc-Fix-IDMAC-operation-with-pages-big.patch
(git-fixes CVE-2024-53127 bsc#1234153).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/arm64-sve-Discard-stale-CPU-state-when-handling-SVE-traps.patch
(git-fixes CVE-2024-50275 bsc#1233464).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/comedi-Flush-partial-mappings-in-error-case.patch
(git-fixes CVE-2024-53148 bsc#1234832).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/drm-rockchip-vop-Fix-a-dereferenced-before-check-war.patch
(git-fixes CVE-2024-53129 bsc#1234155).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i40e-Fix-XDP-program-unloading-while-removing-the-dr.patch
(git-fixes CVE-2024-41047 bsc#1228537).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848 bsc#1223384).
- Update
patches.suse/jfs-add-a-check-to-prevent-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2024-56595 bsc#1235410).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-jfs_readdir.patch
(git-fixes CVE-2024-56596 bsc#1235458).
- Update patches.suse/jfs-fix-shift-out-of-bounds-in-dbSplit.patch
(git-fixes CVE-2024-56597 bsc#1235222).
- Update
patches.suse/md-Don-t-ignore-suspended-array-in-md_check_recovery-1baa.patch
(git-fixes CVE-2024-26758 bsc#1230341).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/net-ipv6-release-expired-exception-dst-cached-in-soc.patch
(bsc#1216813 CVE-2024-56644 bsc#1235133).
- Update
patches.suse/net-mlx5-Unregister-notifier-on-eswitch-init-failure.patch
(git-fixes CVE-2024-50136 bsc#1232914).
- Update
patches.suse/net-mlx5-fs-lock-FTE-when-checking-if-active.patch
(git-fixes CVE-2024-53121 bsc#1234078).
- Update
patches.suse/net-mlx5e-Take-state-lock-during-tx-timeout-reporter.patch
(git-fixes CVE-2024-45019 bsc#1230432).
- Update
patches.suse/net-mlx5e-kTLS-Fix-incorrect-page-refcounting.patch
(git-fixes CVE-2024-53138 bsc#1234223).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nouveau-dmem-handle-kcalloc-allocation-failure.patch
(git-fixes CVE-2024-26943 bsc#1230527).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/ocfs2-uncache-inode-which-has-failed-entering-the-group.patch
(bsc#1234087 CVE-2024-53112).
- Update
patches.suse/posix-clock-posix-clock-Fix-unbalanced-locking-in-pc.patch
(CVE-2024-50195 bsc#1233103 CVE-2024-50210 bsc#1233097).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
(CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/ubifs-authentication-Fix-use-after-free-in-ubifs_tnc_end_commit.patch
(git-fixes CVE-2024-53171 bsc#1234889).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- commit 69d54c1
- Update
patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
(CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- commit 6deb1aa
- smb: client: fix OOBs when building SMB2_IOCTL request
(bsc#1233055, CVE-2024-50151).
- commit d88d397
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199
bsc#1233112).
- commit 63ec06b
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- commit a0043a3
- README.BRANCH: SLE15-SP5 became LTSS, update maintainers
- commit 513a34e
- scsi: sg: Fix slab-use-after-free read in sg_release()
(CVE-2024-56631 bsc#1235480).
- commit 9399f03
- 9p/xen: fix release of IRQ (CVE-2024-56704 bsc#1235584).
- commit 614e74c
- net: ieee802154: do not leave a dangling sk pointer in
ieee802154_create() (CVE-2024-56602 bsc#1235521).
- commit 4049cc5
- net: hsr: avoid potential out-of-bound access in
fill_frame_info() (CVE-2024-56648 bsc#1235451).
- commit 0a88cb0
- ovl: Filter invalid inodes with missing lookup function
(bsc#1235035 CVE-2024-56570).
- commit 54169ab
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173 bsc#1234891).
- commit f801b5b
- tipc: Fix use-after-free of kernel socket in cleanup_bearer()
(CVE-2024-56642 bsc#1235433).
- commit ec9cc8d
- sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299 bsc#1233488)
- commit 8a0e9b7
- can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645 bsc#1235134).
- commit 5011af1
- Bluetooth: L2CAP: do not leave dangling sk pointer on error
in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit c461209
- Run scripts/renamepatches for cve/linux-5.14-LTSS
- commit 6a1366b
- idpf: trigger SW interrupt when exiting wb_on_itr mode
(bsc#1235507).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
(bsc#1235246).
- idpf: enable WB_ON_ITR (bsc#1235507).
- commit b33decb
- smb: client: fix use-after-free of signing key (CVE-2024-53179
bsc#1234921).
- commit 86400c7
- smb: client: fix TCP timers deadlock after rmmod (git-fixes)
[hcarvalho: this fixes issue discussed in bsc#1233642].
- commit 3e3e1af
- smb: client: Fix use-after-free of network namespace
(CVE-2024-53095 bsc#1233642).
[hcarvalho: remove netfs_tracker_* related code because we don't have
such infrastructure.]
- commit 97b2d9e
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit e27d4b2
- Refresh
patches.suse/nfsd-restore-callback-functionality-for-NFSv4.0.patch.
- commit 60bcd54
- vfio/pci: Properly hide first-in-list PCIe extended capability
(bsc#1235004 CVE-2024-53214).
- commit f520125
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit cf32d9d
- Bluetooth: Consolidate code around sk_alloc into a helper
function (bsc#1235056 CVE-2024-56604).
Refresh
patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit 4de890e
- nilfs2: fix potential out-of-bounds memory access in
nilfs_find_entry() (bsc#1235224 CVE-2024-56619).
- commit b3f788e
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
(bsc#1234825).
- commit 7ec9265
- jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220
CVE-2024-56598).
- commit 4762f9a
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- commit b016f85
- hfsplus: don't query the device logical block size multiple
times (bsc#1235073 CVE-2024-56548).
- commit 67473c2
- netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
(CVE-2024-56755 bsc#1234920).
- cachefiles: Fix NULL pointer dereference in object->file
(CVE-2024-56549 bsc#1234912).
- commit 169a95b
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 747e664
- ALSA: 6fire: Release resources at card release (CVE-2024-53239
bsc#1235054).
- commit 6995b0a
- media: imx-jpeg: Ensure power suppliers be suspended before
detach them (CVE-2024-56575 bsc#1235039).
- media: uvcvideo: Require entities to have a non-zero unique ID
(CVE-2024-56571 bsc#1235037).
- commit 59cd438
- NFSD: Prevent a potential integer overflow (CVE-2024-53146
bsc#1234853).
- commit 79b751c
- net: usb: lan78xx: Fix double free issue with interrupt buffer
allocation (CVE-2024-53213 bsc#1234973).
- commit 15155a2
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141 bsc#1234381)
- commit 8160e7d
- Update
patches.suse/tcp-Fix-use-after-free-of-nreq-in-reqsk_timer_handler.patch
(CVE-2024-50154 bsc#1233070 CVE-2024-53206 bsc#1234960).
- commit cdf9cb8
- Update
patches.suse/media-s5p_cec-limit-msg.len-to-CEC_MAX_MSG_SIZE.patch
(git-fixes CVE-2022-49035 bsc#1215304).
- commit d91bb81
- firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware (CVE-2024-53157 bsc#1234827).
- commit f110472
- EDAC/bluefield: Fix potential integer overflow (CVE-2024-53161
bsc#1234856).
- commit 14c13f2
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
(CVE-2024-53210 bsc#1234971).
- commit bcc5771
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
(CVE-2024-53158 bsc#1234811).
- commit 9318192
- crypto: qat/qat_4xxx - fix off by one in uof_get_name()
(CVE-2024-53162 bsc#1234843).
- commit 21fafcd
- ALSA: usb-audio: Fix out of bounds reads when finding clock
sources (CVE-2024-53150 bsc#1234834).
- commit 9ca989f
- svcrdma: Address an integer overflow (git-fixes).
- commit d7773b3
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- commit 49f5582
- jffs2: Fix rtime decompressor (git-fixes).
- commit 6531a08
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
(git-fixes).
- commit fcfe46d
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
- commit 830e757
- autofs: use flexible array in ioctl structure (git-fixes).
- commit 7918406
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
(git-fixes).
- commit 8cdded6
- nilfs2: fix potential out-of-bounds memory access in
nilfs_find_entry() (git-fixes).
- commit 899e98d
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- commit 5a66060
- jffs2: fix use of uninitialized variable (git-fixes).
- commit a9dd4d9
- ubifs: authentication: Fix use-after-free in
ubifs_tnc_end_commit (git-fixes).
- commit 83c8733
- ubifs: Correct the total block count by deducting journal
reservation (git-fixes).
- commit f37e257
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- commit d4858c9
- jfs: add a check to prevent array-index-out-of-bounds in
dbAdjTree (git-fixes).
- commit 44ea6d2
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- commit cf31b3c
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- commit db0dc92
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- commit ea62655
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- commit fe23c21
- hfsplus: don't query the device logical block size multiple
times (git-fixes).
- commit e73ecea
- nilfs2: prevent use of deleted inode (git-fixes).
- commit b6ac8cc
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- commit e4d2610
- ipc/sem: Fix dangling sem_array access in semtimedop race
(bsc#1234727).
- commit 4dce14b
- idpf: fix idpf_vc_core_init error path (CVE-2024-53064
bsc#1233558 bsc#1234464).
- commit 0a1be5c
- x86/xen: use new hypercall functions instead of hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 439afbb
- btrfs: qgroup: fix sleep from invalid context bug in
btrfs_qgroup_inherit() (CVE-2022-49033 bsc#1232045).
- commit 5b9ca25
- x86/xen: add central hypercall functions (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1784c5e
- x86/xen: don't do PV iret hypercall through hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 9f17f93
- x86/static-call: provide a way to do very early static-call
updates (XSA-466 CVE-2024-53241 bsc#1234282).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit 2e422a6
- objtool/x86: allow syscall instruction (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1f61d5b
- x86: make get_cpu_vendor() accessible from Xen code (XSA-466
CVE-2024-53241 bsc#1234282).
- commit 4d90703
- xen/netfront: fix crash when removing device (XSA-465
CVE-2024-53240 bsc#1234281).
- commit f11b367
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- commit 0ac2c22
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- commit b2083ef
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650
bsc#1233701 bsc#1232472).
- commit ed45f70
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701
bsc#1232472).
- blacklist.conf:
- commit a5863a4
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650
bsc#1233701 bsc#1232472).
- blacklist.conf:
- Refresh
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch.
- Refresh
patches.suse/rename-avoid-a-deadlock-in-the-case-of-parents-havin.patch.
- commit 6fcc887
- devlink: allow registering parameters after the instance
(bsc#1231388 bsc#1230422).
- devlink: don't require setting features before registration
(bsc#1231388 bsc#1230422).
- commit 9e0a4cd
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes, bsc#1230697, CVE-2024-8805).
- commit 32c6a1b
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- commit 6d2db63
- bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156
CVE-2024-53125).
- commit f08e931
- scsi: pm80xx: Set phy->enable_completion only when we wait
for it (CVE-2024-47666 bsc#1231453).
- commit 6eaab68
- kobject: Add sanity check for kset->kobj.ktype in
kset_register() (bsc#1234639).
- commit 191167d
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(git-fixes).
- commit b63fc00
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- commit 374eb43
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
(git-fixes).
- commit 876ac53
- SUNRPC: make sure cache entry active before cache_show
(git-fixes).
- commit 23bad23
- nfsd: make sure exp active before svc_export_show (git-fixes).
- commit 8fcab75
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
(git-fixes).
- commit 3703ee5
- NFSD: Prevent a potential integer overflow (git-fixes).
- commit 69abaa2
- sunrpc: simplify two-level sysctl registration for
svcrdma_parm_table (git-fixes).
- commit fcf1dc3
- net: Make copy_safe_from_sockptr() match documentation
(git-fixes CVE-2024-36915 bsc#1225758).
- commit 6fb42a1
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- commit 979dbfa
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode
(git-fixes).
- Refresh
patches.suse/autofs-use-wake_up-instead-of-wake_up_interruptible.patch.
- commit 9fa435f
- Delete patches.suse/NFSD-Convert-the-callback-workqueue-to-use-delayed_w.patch. (bsc#1233837)
- Delete patches.suse/NFSD-Reschedule-CB-operations-when-backchannel-rpc_c.patch. (bsc#1233837)
- commit 60721fe
- arm64: dts: allwinner: pinephone: Add mount matrix to
accelerometer (git-fixes).
- commit 9be38ad
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
(git-fixes).
- commit 17eb8d6
- bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262 bsc#1233239)
- commit 9c19140
- platform/x86/amd/pmc: Detect when STB is not available (CVE-2024-53072 bsc#1233564)
- commit 1335d85
- Update references for patches.suse/net-mlx5e-CT-Fix-null-ptr-deref-in-add-rule-err-flow.patch (CVE-2024-53120 bsc#1234075 git-fixes)
- commit abf5898
- fs: Fix uninitialized value issue in from_kuid and from_kgid (CVE-2024-53101 bsc#1233769)
- commit e038166
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122 bsc#1234076)
- commit 31129d0
- virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119 bsc#1234073)
- commit 30399e1
- arm64: dts: rockchip: Remove #cooling-cells from fan on
Theobroma lion (git-fixes).
- commit 4b88506
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
(git-fixes).
- commit 836dd0e
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
(git-fixes).
- commit 4d37495
- arm64: dts: rockchip: Fix rt5651 compatible value on
rk3399-sapphire-excavator (git-fixes).
- commit d0928c0
- Fix bug introduced in backport of
patches.suse/udf_rename-only-access-the-child-content-on-cross-di.patch.
- commit ae1fb0a
- udf: Handle error when adding extent to a file (bsc#1234437).
- commit dbea247
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- commit 05606f9
- net: preserve kabi for napi_struct and net_device
(CVE-2024-50018 bsc#1232419).
- netfilter: nf_reject_ipv6: fix potential crash in
nf_send_reset6() (CVE-2024-50256 bsc#1233200).
- fsl/fman: Fix refcount handling of fman-related devices
(CVE-2024-50166 bsc#1233050).
- fsl/fman: Save device references taken in mac_probe()
(CVE-2024-50166 bsc#1233050).
- net: napi: Prevent overflow of napi_defer_hard_irqs
(CVE-2024-50018 bsc#1232419).
- net: fman: Unregister ethernet device on removal (CVE-2024-50166
bsc#1233050).
- commit e372e18
- afs: Fix lock recursion (bsc#1233637 CVE-2024-53090).
- commit 41b742a
- nilfs2: propagate directory read errors from nilfs_find_entry()
(bsc#1233324 CVE-2024-50202).
- commit bad80aa
- netfilter: nft_set_pipapo: do not free live element
(CVE-2024-26924 bsc#1223387).
- commit f3a511c
- rtnetlink: make sure to refresh master_dev/m_ops in
__rtnl_newlink() (CVE-2022-48742 bsc#1226694).
- commit 36fae5a
- Update References: field,
patches.suse/dm-cache-fix-flushing-uninitialized-delayed_work-on--1354.patch
(bsc#1233467, CVE-2024-50278, bsc#1233469, CVE-2024-50280).
- commit ccb7c34
- Delete
patches.suse/smb-client-Fix-use-after-free-of-network-namespace-.patch
(bsc#1233642 CVE-2024-53095).
[hcarvalho: revert because the fix is incomplete. The patch fixes UAF of
network namespace but causes in another UAF (of the socket) when the
cifs module is removed].
- commit 393d09d
- dmaengine: idxd: Check for driver name match before sva user
feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config
user tool (bsc#1234357).
- commit 9a15d19
- kABI: bpf: support non-r10 register spill/fill to/from stack
in precision tracking (bsc#1232823 CVE-2023-52920).
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm
(bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-support-non-r10-register-spill-fill-to-from-stac.patch
- Refresh patches.suse/bpf-handle-fake-register-spill-to-stack-with-BPF_ST_.patch
- commit 66c4fd1
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them
(git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path
(git-fixes).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove
(git-fixes).
- mmc: core: Further prevent card detect during shutdown
(git-fixes).
- commit a85e5af
- bpf: handle fake register spill to stack with BPF_ST_MEM
instruction (bsc#1232823 CVE-2023-52920).
- commit 145a13f
- bpf: support non-r10 register spill/fill to/from stack in
precision tracking (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- Refresh patches.kabi/bpf-bpf_idmap-idset-workaround.patch
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch
- bpf: Fix verifier id tracking of scalars on spill (bsc#1232823
CVE-2023-52920).
- commit 67aeddf
- selftests/bpf: check if BPF_ST with variable offset preserves
STACK_ZERO (bsc#1232823 CVE-2023-52920).
- bpf: BPF_ST with variable offset should preserve STACK_ZERO
marks (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- selftests/bpf: check if verifier tracks constants spilled by
BPF_ST_MEM (bsc#1232823 CVE-2023-52920).
- bpf: track immediate values written to stack by BPF_ST
instruction (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- commit 65c1ce3
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
(bsc#1234220 CVE-2024-53131).
- commit 026d687
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
(bsc#1234219 CVE-2024-53130).
- commit 76ddd8d
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- commit cb2148b
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- commit 379ead1
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243
bsc#1233038 CVE-2024-50143).
- commit 74fc0bf
- udf: refactor inode_bmap() to handle error (bsc#1234242
bsc#1233096 CVE-2024-50211).
- commit 4a34764
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
(CVE-2024-53113 bsc#1234077).
- commit 064f5f8
- mm/kfence: reset PG_slab and memcg_data before freeing
__kfence_pool (bsc#1234120).
- commit b3bbd4a
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072 CVE-2024-53114).
- commit 05659e3
- net/ipv6: release expired exception dst cached in socket
(bsc#1216813).
- commit eda9477
- Update
patches.suse/initramfs-avoid-filename-buffer-overrun.patch
(CVE-2024-53142 bsc#1232436).
- commit 14f79ec
- net: bridge: mcast: wait for previous gc cycles when removing
port (CVE-2024-44934 bsc#1229809).
- Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886
bsc#1223044).
- commit fc48798
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- commit 8769bc2
- dm cache: fix potential out-of-bounds access on the first resume
(bsc#1233467, CVE-2024-50278).
- dm cache: optimize dirty bit checking with find_next_bit when
resizing (bsc#1233467, CVE-2024-50278).
- commit ea1471d
- Update the Rerferences: field,
patches.suse/dm-cache-fix-out-of-bounds-access-to-the-dirty-bitset-when-resizing.patch
(bsc#1233467, bsc#1233468, CVE-2024-50278, CVE-2024-50279).
- commit 685afd3
- dm cache: fix flushing uninitialized delayed_work on cache_ctr
error (bsc#1233467, CVE-2024-50278).
- dm cache: correct the number of origin blocks to match the
target length (bsc#1233467, CVE-2024-50278).
- commit 1c6d167
- containerd
-
- Update to containerd v1.7.23. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.22. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- curl
-
- Security fix: [bsc#1236590, CVE-2025-0725]
* content_encoding: drop support for zlib before 1.2.0.4
* content_encoding: put the decomp buffers into the writer structs
* Add curl-CVE-2025-0725.patch
- Security fix: [bsc#1236588, CVE-2025-0167]
* netrc: 'default' with no credentials is not a match
* Add curl-CVE-2025-0167.patch
- dhcp
-
- bsc#1192020: Add 'Requires(pre): group(nogroup)' to fix user
creation in pre scriptlet for dhcp-server.
- findutils
-
- do not crash when file system loop was encountered [bsc#1231472]
- added patches
fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9
+ findutils-avoid-crash-system-loop.patch
- modified patches
% findutils-xautofs.patch (p1)
- glibc
-
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582))
- google-dracut-config
-
- Update to 0.0.4
+ Move dracut config files to usr/lib/ dir
- Update to 0.0.3
+ Add provides and conflicts on generic name dracut-instance-change-config
- Update to 0.0.2
+ Rename config for nvme for consistency
+ Add dracut build requirement
+ Add virtio_net, virtio_rng and idpf drivers
- google-guest-configs
-
- Add ggc-no-dup-metasrv-entry.patch
+ Follow up to (bsc#1234289, bsc#1234293). Avoid duplicate entries for
the metadata server in /etc/hosts
- Update to version 20241205.00 (bsc#1234254, bsc#1234255)
* Update google_set_multiqueue to configure
vCPU ranges based on VM platform (#90)
- from version 20241204.00
* Restore google_set_multiqueue changes for A3Ultra (#93)
* Depend on networkd-dispatcher in Ubuntu (#94)
- Include components to set hostname and /etc/hosts entries (bsc#1234289, bsc#1234293)
* Add sysconfig and sysconfig-network to BuildRequires
* Install google_set_hostname into %{_bindir}
* Install google_up.sh into %{_sysconfdir}/sysconfig/network/scripts/
* Add code to add and remove POST_UP_SCRIPT="compat:suse:google_up.sh"
to /etc/sysconfig/network/ifcfg-eth0 in %post and %postun sections
- google-osconfig-agent
-
- Update to version 20250115.01 (bsc#1236406, bsc#1236407)
* Bump cloud.google.com/go/osconfig from 1.14.2 to 1.14.3 (#772)
- from version 20250115.00
* Bump cloud.google.com/go/auth from 0.10.2 to 0.14.0 (#767)
* Bump go.opentelemetry.io/otel from 1.32.0 to 1.33.0 (#771)
* Bump google.golang.org/protobuf from 1.35.1 to 1.36.2 (#763)
- from version 20250114.00
* Bump golang.org/x/time from 0.8.0 to 0.9.0 (#770)
- from version 20250113.01
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.5 to 0.2.7 (#766)
- from version 20250113.00
* Bump golang.org/x/net from 0.31.0 to 0.34.0 (#769)
- from version 20250110.00
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0 in the go_modules group (#760)
* Bump cloud.google.com/go/longrunning from 0.6.2 to 0.6.3 (#744)
- from version 20241218.00
* Scanners fixes (#720)
* Bump cloud.google.com/go/storage from 1.46.0 to 1.47.0 (#736)
* Bump go.opentelemetry.io/contrib/detectors/gcp from 1.29.0 to 1.32.0 (#730)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#738)
* Bump golang.org/x/net from 0.30.0 to 0.31.0 (#731)
- from version 20241118.01
* Bump github.com/googleapis/gax-go/v2 from 2.13.0 to 2.14.0 (#737)
- from version 20241118.00
* move example to appropriate directory (#740)
- from version 20241115.00
* Replace sles-15-sp3-sap old deprecated image in e2e tests (#739)
* Bump golang.org/x/time from 0.7.0 to 0.8.0 (#734)
- from version 20241114.03
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp (#735)
- from version 20241114.02
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#729)
- from version 20241114.01
* Remove SLES-15-SP2-SAP from e2e tests and add the new SLES-15-SP6 (#733)
* Bump golang.org/x/crypto from 0.28.0 to 0.29.0 (#728)
* Bump go.opentelemetry.io/otel/sdk/metric from 1.30.0 to 1.32.0 (#727)
- from version 20241114.00
* Add example to run exec script from the gcs bucket (#732)
* Bump cel.dev/expr from 0.16.1 to 0.18.0 (#723)
- from version 20241112.00
* Bump golang.org/x/oauth2 from 0.23.0 to 0.24.0 (#722)
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric (#721)
* Bump google.golang.org/grpc from 1.67.1 to 1.68.0 (#725)
* Bump github.com/golang/glog from 1.2.2 to 1.2.3 (#715)
* Bump google.golang.org/api from 0.203.0 to 0.205.0 (#716)
- from version 20241107.01
* Bump github.com/envoyproxy/go-control-plane from 0.13.0 to 0.13.1 (#717)
* Bump github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping (#718)
* Bump cloud.google.com/go/auth from 0.10.0 to 0.10.1 (#719)
- from version 20241107.00
* Bump cloud.google.com/go/logging from 1.11.0 to 1.12.0 (#709)
* Bump cloud.google.com/go/iam from 1.2.1 to 1.2.2 (#710)
* Bump cloud.google.com/go/storage from 1.43.0 to 1.46.0 (#713)
* Bump cloud.google.com/go/osconfig from 1.14.1 to 1.14.2 (#708)
* Bump cloud.google.com/go/auth/oauth2adapt from 0.2.4 to 0.2.5 (#712)
- from version 20241106.00
* Update OWNERS (#714)
- from version 20241029.01
* remove toolchain override (#706)
* Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp (#701)
- from version 20241029.00
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (#702)
- from version 20241028.00
* Bump cloud.google.com/go/longrunning from 0.6.0 to 0.6.2 (#705)
- from version 20241017.00
* Add a new CloudBuild trigger config-file for auto updating the
presubmit test container image on every new commit (#704)
- from version 20241004.00
* Add new packagebuild presubmit that will use cloud-build (#694)
- from version 20240927.00
* Third batch of dependencies upgrade (#690)
- Bump the golang compiler version to 1.22.4 (bsc#1225974, CVE-2024-24790)
- grub2
-
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- krb5
-
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0012-Prevent-overflow-when-calculating-ulog-block-size.patch
- cryptsetup
-
- luksFormat succeeds despite creating corrupt device [bsc#1234273]
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
* Add patches:
- cryptsetup-Add-a-better-warning-if-luksFormat-no-space-for-data.patch
- cryptsetup-Print-warning-early-if-LUKS-container-is-too-small-for-activation.patch
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- python3
-
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- libtasn1
-
- Security fix: [bsc#1236878, CVE-2024-12133]
* Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
* Add libtasn1-CVE-2024-12133.patch
- libxml2
-
- security update
- added patches
fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
+ libxml2-CVE-2022-49043.patch
- libzypp
-
- Create '.keep_packages' in the package cache dir to enforce
keeping downloaded packages of all repos cahed there (bsc#1232458)
- version 17.35.19 (35)
- Fix missing UID checks in repomanager workflow (fixes #603)
- version 17.35.18 (35)
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
- Fix 'zypper ps' when running in incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- version 17.35.17 (35)
- openssh
-
- Backported patch to fix a MitM attack against OpenSSH's
VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
* fix-CVE-2025-26465.patch
- python-instance-billing-flavor-check
-
- Version 0.1.2 (bsc#1234444)
+ Improve detection of IPv4 and IPv6 network setup and use appropriate
IP version for access the update servers
+ Improve reliability of flavor detection. Try an update server multiple
times to get an answer, if we hit timeouts return the value flavor
value from a cahce file.
- Version 0.1.1 (bsc#1235991, bsc#1235992)
+ Add time stamp to log
- From version 0.1.0
+ Doc improvements clarifying exit staus codes
- salt
-
- Revert setting SELinux context for minion service (bsc#1233667)
- Remove System V init support
- Make systemd the only supported init system by removing System V init
and insserv references
- Ensure package builds with no init system dependencies if built
without systemd (for example for use in containers)
- Apply some spec-cleaner suggestions (update copyright year, sort
requirements, adjust spacing)
- Signed-off-by: Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Fix the condition of alternatives for Tumbleweed and Leap 16
- Use update-alternatives for salt-call and fix builing on EL8
- Build all python bindings for all flavors
- Make minion reconnecting on changing master IP (bsc#1228182)
- Handle logger exception when flushing already closed file
- Include passlib as a recommended dependency
- Make Salt Bundle more tolerant to long running jobs (bsc#1228690)
- Fix additional x509 tests and test_suse tests for SLE12
- Added:
* handle-logger-flushing-already-closed-file-686.patch
* make-minion-reconnecting-on-changing-master-ip-bsc-1.patch
* revert-setting-selinux-context-for-minion-service-bs.patch
* enhance-cleanup-mechanism-after-salt-bundle-upgrade-.patch
* fix-x509-private-key-tests-and-test_suse-on-sle12-68.patch
- rsync
-
- Bump protocol version to 32 - make it easier to show server is patched.
* Add rsync-protocol-version-32.patch
- Fix FLAG_GOT_DIR_FLIST collission with FLAG_HLINKED
* Added rsync-fix-FLAG_GOT_DIR_FLIST.patch
- Security update,CVE-2024-12747, bsc#1235475 race condition in handling symbolic links
* Added rsync-CVE-2024-12747.patch
- Security update, fix multiple vulnerabilities:
* CVE-2024-12085, bsc#1234101 - Info Leak via uninitialized Stack contents defeats ASLR
* CVE-2024-12086, bsc#1234102 - Server leaks arbitrary client files
* CVE-2024-12087, bsc#1234103 - Server can make client write files outside of destination directory using symbolic links
* CVE-2024-12088, bsc#1234104 - --safe-links Bypass
* Added rsync-CVE-2024-12085.patch
* Added rsync-CVE-2024-12086_01.patch
* Added rsync-CVE-2024-12086_02.patch
* Added rsync-CVE-2024-12086_03.patch
* Added rsync-CVE-2024-12086_04.patch
* Added rsync-CVE-2024-12087_01.patch
* Added rsync-CVE-2024-12087_02.patch
* Added rsync-CVE-2024-12088.patch
* Added rsync-fix-compile-missing-my_alloc_ref.patch
- 000release-packages:sle-ha-release
-
n/a
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-sap-applications-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- supportutils-plugin-ha-sap
-
- Update to version 0.0.7+git.1737125956.a7079fc:
* Call saphana-check.sh if the script is available in
/usr/lib/saphana-checks (SUSE package) or in
/opt/sap/saphana-checks (SAP package)
(jsc#PED-11748, jsc#PED-11747)
* to support 'trento checks' on supportutils content
collect additional information:
/usr/sap/hostctrl/exe/saphostctrl -function Ping
corosync-cmapctl -b
su - <SIDADM> -c disp+work
su - <SIDADM> -c 'sapcontrol -nr <NR> -function GetVersionInfo'
ls -lA --time-style=long-iso /etc/polkit-1/rules.d/[0-9][0-9]-SAP[A-Z][A-Z0-9][A-Z0-9]-[0-9][0-9].rules
content of files in /etc/products.d/
(jsc#PED-12000, jsc#PED-12001)
* collect Netweaver version by
'sapcontrol -nr <NR> -function GetVersionInfo'
* collect 'operation_mode' setting by
'python getParameter.py --key=global.ini/system_replication/operation_mode --sapcontrol=1'
* some shellcheck cleanup
* adaption to the new used supportconfig.rc
- change requirements
remove the long deprecated supportconfig-plugin-resource and
supportconfig-plugin-tag and add instead 'Requires: supportutils'
(bsc#1235145)
- vim
-
- Fix for bsc#1234333 / bsc#1234214 / bsc#1234245.
These three bugs all have the same root cause:
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the "Obsoletes" entry was versioned, depending on
which version of 'xxd' that is installed, the "Obsoletes" isn't
actually triggered. Thus, there is a conflict between "vim" and
"xxd" in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
- wget
-
- If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
[bsc#1185551, wget-do-not-propagate-credentials.patch,
bsc#1230795, CVE-2021-31879]
- yast2-cluster
-
- Fix: fix a typo for sctp in cluster.firewalld.xml (bsc#1236903)
- Version 4.5.4
- Update HA related ports (bsc#1219773)
- Version 4.5.3
- zypper
-
- lr: show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- version 1.14.81
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
- version 1.14.80
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append "-<version>" or
"-<version>-<release>" to the "<name>" pattern. Note that the
edition part must always match exactly.
- version 1.14.79