- 000release-packages:SUSE-Manager-Proxy-release
-
n/a
- aaa_base
-
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to also fix the typo to set JAVA_BINDIR in the csh variant
of the alljava profile script (bsc#1221361)
- modify git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
drop the stderr redirection for csh (bsc#1221361)
- add git-49-3f8f26123d91f70c644677a323134fc79318c818.patch
drop sysctl.d/50-default-s390.conf (bsc#1211721)
- add aaa_base-preinstall.patch
make sure the script does not exit with 1 if a file
with content is found (bsc#1222547)
- add patch git-48-477bc3c05fcdabf9319e84278a1cba2c12c9ed5a.patch
home and end button not working from ssh client (bsc#1221407)
- use autosetup in prep stage of specfile
- apache2
-
- security update
- added patches
fix CVE-2023-38709 [bsc#1222330], HTTP response splitting
+ apache2-CVE-2023-38709.patch
fix CVE-2024-24795 [bsc#1222332], HTTP Response Splitting in multiple modules
+ apache2-CVE-2024-24795.patch
fix CVE-2024-27316 [bsc#1221401], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ apache2-CVE-2024-27316.patch
- audit-secondary
-
- Fix plugin termination when using systemd service units (bsc#1215377)
* add auditd.service-fix-plugin-termination.patch
- autofs
-
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
Don't use initgroups at spawn (bsc#1214710, bsc#1221181)
- ca-certificates
-
- Update to version 2+git20240416.98ae794 (bsc#1221184):
* Use flock to serialize calls (boo#1188500)
* Make certbundle.run container friendly
* Create /var/lib/ca-certificates if needed
- catatonit
-
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
- 99bb9048f.patch
- chrony
-
- Use make quickcheck instead of make check to avoid >1h build
times and failures due to timeouts. This was the default before
3.2 but it changed to make tests more reliable. Here a seed is
already set to get deterministic execution.
- Use shorter NTS-KE retry interval when network is down
(bsc#1213551, chrony-burst_total_samples_to_go.patch,
chrony-retry_interval_ke_start.patch).
- cloud-netconfig
-
- Update to version 1.14
+ Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)
- Add version settings to Provides/Obsoletes
- coreutils
-
- ls: avoid triggering automounts (bsc#1221632)
- add coreutils-ls-avoid-triggering-automounts.patch
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
- add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch
- cups
-
- cups-2.2.7-CVE-2024-35235.patch is derived
from the upstream patch against master (CUPS 2.5)
to behave backward compatible for CUPS 2.2.7
in SLE15 and openSUSE Leap 15 to fix CVE-2024-35235
"cupsd Listen port arbitrary chmod 0140777"
without the more secure but backward-incompatible behaviour
of the upstream patch for CUPS 2.5
that ignores domain sockets specified in 'Listen' entries
in /etc/cups/cupsd.conf when cupsd is lauched via systemd
(in particular when launched on-demand by systemd)
https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f
bsc#1225365
- cups-2.2.7-web-ui-kerberos-authentication.patch, update
patch to handle local 'Negotiate' authentication response
for cli clients. (bsc#1223179).
- Remove '--enable-debug-printfs' from configure options, see
https://github.com/OpenPrinting/cups/issues/875
(bsc#1217119).
- curl
-
- Security fix: [bsc#1221665, CVE-2024-2004]
* Usage of disabled protocol
* Add curl-CVE-2024-2004.patch
- Security fix: [bsc#1221667, CVE-2024-2398]
* curl: HTTP/2 push headers memory-leak
* Add curl-CVE-2024-2398.patch
- docker
-
- Add patch to fix bsc#1220339
* 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch
- Allow to disable apparmor support (ALP supports only SELinux)
- dwz
-
- Add dwz-0.12-clean-up-temporary-file-in-hardlink-mode.patch to
cleanup left-over temporary file (swo#24275, bsc#1221634).
- Replace "%doc COPYING" with "%license COPYING".
- e2fsprogs
-
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
several tests (bsc#1223596)
- fdupes
-
- Do not use sqlite, as this pulls sqlite into Ring0 at no real
benefit performance wise: the cache is not reused between runs.
+ Drop sqlite-devel BuildRequires
+ Pass --without-sqlite to configure
- Update to 2.3.0:
* Add --cache option to speed up file comparisons.
* Use nanosecond precision for file times, if available.
* Fix compilation issue on OpenBSD.
* Other changes like fixing typos, wording, etc.
- update to 2.2.1:
* Fix bug in code meant to skip over the current log file when --log option is given.
* Updates to copyright notices in source code.
* Add --deferconfirmation option.
* Check that files marked as duplicates haven't changed during program execution before deleting them.
* Update documentation to indicate units for SIZE in command-line options.
* Move some configuration settings to configure.ac file.
- Fixes for the new wrapper:
* Order duplicates by name, to get a reproducible file set
(boo#1197484).
* Remove redundant order parameter from fdupes invocation.
* Modernize code, significantly reduce allocations.
* Exit immediately when mandatory parameters are missing.
* Remove obsolete buildroot parameter
* Add some tests for the wrapper
- A more correct approach to creating symlinks (old bug actually):
Do not link the files as given by fdupes, but turn them into
relative links (it works by chance if given a buildroot, but
fails if running on a subdirectory)
- Support multiple directories given (as glob to the macro)
- Handle symlinks (-s argument) correctly
- Simplify macros.fdupes with a call to a C++ program that does
the same within a fraction of a second what the shell loop did
in many seconds (bsc#1195709)
- glib2
-
- Add patches to fix CVE-2024-34397 (boo#1224044):
glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
- glibc
-
- nscd-netgroup-cache-timeout.patch: Use time_t for return type of
addgetnetgrentX (CVE-2024-33602, bsc#1223425)
- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue
for _start routine (bsc#1221940)
- glibc-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch:
nscd: Stack-based buffer overflow in netgroup cache
(CVE-2024-33599, bsc#1223423, BZ #31677)
- glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch:
nscd: Do not send missing not-found response in addgetnetgrentX
(CVE-2024-33600, bsc#1223424, BZ #31678)
- glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch:
netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601,
CVE-2024-33602, bsc#1223425, BZ #31680)
- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
- duplocale-global-locale.patch: duplocale: protect use of global locale
(bsc#1220441, BZ #23970)
- google-guest-agent
-
- Update to version 20240314.00 (bsc#1221900, bsc#1221901)
* NetworkManager: only set secondary interfaces as up (#378)
* address manager: make sure we check for oldMetadata (#375)
* network: early setup network (#374)
* NetworkManager: fix ipv6 and ipv4 mode attribute (#373)
* Network Manager: make sure we clean up ifcfg files (#371)
* metadata script runner: fix script download (#370)
* oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369)
* Dynamic vlan (#361)
* Check for nil response (#366)
* Create NetworkManager implementation (#362)
* Skip interface manager on Windows (#363)
* network: remove ignore setup (#360)
* Create wicked network service implementation and its respective unit (#356)
* Update metadata script runner, add tests (#357)
* Refactor guest-agent to use common retry util (#355)
* Flush logs before exiting #358 (#359)
- Refresh patches for new version
* dont_overwrite_ifcfg.patch
- No need for double %setup.
- Use %patch -P N instead of deprecated %patchN.
- google-guest-configs
-
- Update to version 20240307.00 (bsc#1221146, bsc#1221900, bsc#1221901)
* Support dot in NVMe device ids (#68)
- from version 20240304.00
* google_set_hostname: Extract rsyslog service name
with a regexp for valid systemd unit names (#67)
- from version 20240228.00
* Remove quintonamore from OWNERS (#64)
- from version 20240119.00
* Setup smp affinity for IRQs and XPS on A3+ VMs (#63)
- Update to version 20231214.00
* set multiqueue: A3 check set timeout the MDS call in 1s (#62)
- from version 20231103.00
* Update owners (#61)
* Update owners (#58)
- Update to version 20230929.00
* Update multinic filter to pick only pci devices (#59)
- google-guest-oslogin
-
- Fix file permissions for google_authorized_principals binary (bsc#1222171)
- Update to version 20240311.00 (bsc#1218548, bsc#1221900, bsc#1221901)
* pam: Bring back pam's account management implementation (#133)
* Change error messages when checking login policy (#129)
* Remove quintonamore from OWNERS (#128)
- google-osconfig-agent
-
- Update to version 20240320.00 (bsc#1221900, bsc#1221901)
* Enable OSConfig agent to read GPG keys files with multiple entities (#537)
- from version 20240314.00
* Update OWNERS file to replace mahmoudn GitHub
username by personal email GitHub username (#534)
- from version 20240313.01
* Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /e2e_tests (#535)
- from version 20240313.00
* Adds a console and gcloud example policies (#533)
- from version 20240228.00
* GuestPolicies e2e: Remove ed package if exist for zypper
startup_script in recipe-steps tests (#532)
- from version 20240126.00
* Fix Enterprise Linux Recipe-Steps tests to install
info dependency package in the startup-script (#530)
- from version 20240125.01
* Fix SUSE pkg-update and pkg-no-update e2e tests (#529)
- from version 20240125.00
* Fix zypper patch info parser to consider conflicts-pkgs float versions (#528)
- from version 20240123.01
* Fix SUSE package update e2e tests to use another existing package (#527)
- from version 20240123.00
* Update cis-exclude-check-once-a-day.yaml (#526)
- Update to version 20231219.00
* Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#524)
- from version 20231207.01
* Some change to create an agent release (#523)
- from version 20231207.00
* Some change to create an agent release (#522)
- from version 20231205.00
* Some change to create an agent release (#521)
- from version 20231130.02
* Merge pull request #519 from Gulio/just-release
* Merge branch 'master' into just-release
* Some change to create an agent release
* Some change to create an agent release
- from version 20231130.00
* Some change to create an agent release (#518)
- from version 20231129.00
* Fix parse yum updates to consider the packages under
installing-dependencies keyword (#502)
* Update feature names in the README file (#517)
- from version 20231128.00
* Updating owners (#508)
- from version 20231127.00
* Move OS policy CIS examples under the console folder (#514)
- from version 20231123.01
* Adds three more OS Policy examples to CIS folder (#509)
* Added ekrementeskii and MahmoudNada0 to OWNERS (#505)
- from version 20231123.00
* docs(osconfig):add OS policy examples for CIS scanning (#503)
- from version 20231121.02
* Added SCODE to Windows error description (#504)
- from version 20231121.01
* Update OWNERS (#501)
* Update go version to 1.21 (#507)
- from version 20231121.00
* Call fqdn (#481)
- from version 20231116.00
* Removing obsolete MS Windows 2019 images (#500)
- from version 20231107.00
* Update owners. (#498)
- from version 20231103.02
* Increasing test timeouts (#499)
* Update OWNERS (#497)
- from version 20231103.01
* Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /e2e_tests (#493)
* Bump google.golang.org/grpc from 1.53.0 to 1.56.3 (#494)
- from version 20231103.00
* Removing deprecated Win for containers OSs (#496)
- from version 20231027.00
* Shortening the reported image names (#495)
- from version 20231025.00
* Merge pull request #492 from GoogleCloudPlatform/michaljankowiak-patch-1
* Merge branch 'master' into michaljankowiak-patch-1
* Fixing name changes
* Fixing rename issue
* Fixed formatting
* Fixed formatting
* Fixing formatting
* Removing support for RHEL 6, adding RHEL 9
* Removing support for RHEL 6, adding for RHEL 9
* Removing support for RHEL 6 and adding for RHEL 9
* Removing step needed for RHEL 6
* Fixing build issues
* Removing nonexistent images and adding new ones
- from version 20231024.00
* Removing obsolete OS images and adding new ones (#491)
- from version 20231020.00
* Change debug messages when parsing zypper patch output (#490)
- from version 20231013.00
* Bump golang.org/x/net from 0.7.0 to 0.17.0 (#489)
- from version 20231010.00
* Revert "Added [main] section with gpgcheck to
the agent-managed repo file (#484)" (#488)
- from version 20231003.00
* Bump google.golang.org/grpc from 1.42.0 to 1.53.0 in /e2e_tests (#478)
- from version 20230920.00
* Update OWNERS (#485)
- from version 20230912.00
* Added [main] section with gpgcheck to the agent-managed repo file (#484)
* Migrate empty interface to any (#483)
- Bump the golang compiler version to 1.21 (bsc#1216546)
- Update to version 20230829.00
* Added burov, dowgird, paulinakania and Gulio to OWNERS (#482)
>>>>>>> ./google-osconfig-agent.changes.new
- growpart-rootgrow
-
- Update to version 1.0.7 (bsc#1219941)
+ Support root to be in a btrfs snapshot
+ 1.0.6 had different implementation for btrfs in snapshot support
- hwdata
-
- update to 0.380:
* Update pci, usb and vendor ids
- update to 0.379:
* Update pci, usb and vendor ids
- ipset
-
- Fix build with latest kernel, bsc#1223370
* bsc1223370.patch
- iputils
-
- Update 0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
after upstream merged the fix, update git commit hashes.
- Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877)
0002-arping-Fix-unsolicited-ARP-regressions-on-c-1.patch
- Backport upstream fix for bsc#1224877
4db1de6 ("arping: Fix 1s delay on exit for unsolicited arpings")
0001-arping-Fix-1s-delay-on-exit-for-unsolicited-arpings.patch
- kernel-default
-
- pstore: inode: Only d_invalidate() is needed (bsc#1223705
CVE-2024-27389).
- commit bbe965a
- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
bsc#1223824).
- commit e3d9ce5
- Update
patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
(bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit d2d22f0
- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
(CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
(CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
(CVE-2024-23848 bsc#1219104).
- commit 5f84bce
- media: cec: abort if the current transmit was canceled
(CVE-2024-23848 bsc#1219104).
- commit f23b730
- Update
patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
(git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d
- Update
patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
(bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545
- Update
patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
(git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
(bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640
- Update
patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
(jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52
- Update
patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
(bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6
- drm/i915/gem: Really move i915_gem_context.link under ref
protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
(bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c
- Update
patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
(git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a
- Update
patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
(git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811
- Update
patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
(git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659
- Update
patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
(bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952
- Update
patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
(git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3
- Update
patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
(git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad
- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
(bsc#1223513 CVE-2022-48651).
- commit c96a663
- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- commit 18e662b
- Update
patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
(git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d
- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
(CVE-2023-52616 bsc#1221612).
- commit 6fa74bc
- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd
- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33
- Update
patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
(bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a
- Update
patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
(bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
(CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e
- Update
patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
(git-fixes CVE-2021-47207 bsc#1222790).
- Update
patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
(bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
(jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
(git-fixes CVE-2021-47187 bsc#1222703).
- Update
patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
(git-fixes CVE-2021-47194 bsc#1222829).
- Update
patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
(git-fixes CVE-2021-47205 bsc#1222888).
- Update
patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
(git-fixes CVE-2021-47200 bsc#1222838).
- Update
patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
(jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
(jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
(git-fixes CVE-2021-47217 bsc#1222836).
- Update
patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
(git-fixes CVE-2021-47204 bsc#1222787).
- Update
patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
(jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
(jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
(jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
(bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
(git-fixes CVE-2021-47216 bsc#1222876).
- Update
patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
(git-fixes CVE-2021-47192 bsc#1222867).
- Update
patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
(bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
(bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
(git-fixes CVE-2021-47193 bsc#1222879).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(git-fixes CVE-2021-47191 bsc#1222866).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
(git-fixes CVE-2021-47188 bsc#1222671).
- Update
patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
(git-fixes CVE-2021-47218 bsc#1222791).
- Update
patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
(stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185 bsc#1222669).
- Update
patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
(git-fixes CVE-2021-47206 bsc#1222894).
- Update
patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
(git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db
- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
bsc#1221299).
- commit e7967c5
- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
bsc#1222435).
- commit eb41ab9
- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d
- ext4: regenerate buddy after block freeing failed if under fc
replay (bsc#1220342 CVE-2024-26601).
- commit c12e20f
- blacklist.conf: Blacklist 83e80a6e3543f3
- commit 62a580e
- fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
(bsc#1222721 CVE-2024-26764).
- commit b81d662
- fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via
libaio (bsc#1222721 CVE-2024-26764).
- commit 6f0ed6e
- ext4: avoid allocating blocks from corrupted group in
ext4_mb_try_best_found() (bsc#1222618 CVE-2024-26773).
- commit 821043d
- Update patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch (stable-5.14.21 CVE-2021-47202 bsc#1222878)
- commit 9b2ed28
- Update references in
patches.suse/ocfs2-Avoid-touching-renamed-directory-if-parent-doe.patch
(bsc#1221044 bsc#1221088 CVE-2023-52591 CVE-2023-52590).
- commit 6a6852e
- Update patches.suse/spi-fix-use-after-free-of-the-add_lock-mutex.patch (git-fixes CVE-2021-47195 bsc#1222832)
- commit e8d48f1
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (bsc#1222726 CVE-2024-26766)
- commit dc4bba0
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- commit af79c3f
- md/raid5: fix atomicity violation in raid5_cache_count
(bsc#1219169, CVE-2024-23307).
- commit 7709383
- Update
patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
(git-fixes CVE-2021-47189 bsc#1222706).
- commit 95bc72d
- Update
patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
(git-fixes CVE-2021-47185).
- commit de9e1db
- Update
patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
(bsc#1192145 CVE-2021-47183 bsc#1222664).
- commit 720685d
- Update
patches.suse/scsi-core-Fix-scsi_mode_sense-buffer-length-handling.patch
(git-fixes CVE-2021-47182 bsc#1222662).
- commit 641c737
- Update
patches.suse/usb-musb-tusb6010-check-return-value-after-calling-p.patch
(git-fixes CVE-2021-47181 bsc#1222660).
- commit 27da195
- ceph: prevent use-after-free in encode_cap_msg() (CVE-2024-26689
bsc#1222503).
- commit c307f9b
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
(bsc#1222619).
- commit 900d642
- arp: Prevent overflow in arp_req_get() (CVE-2024-26733
bsc#1222585).
- commit aed9764
- net/sched: act_mirred: don't override retval if we already
lost the skb (CVE-2024-26733 bsc#1222585).
- commit 57213f3
- Update
patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
(bsc#1219126 CVE-2024-23850 CVE-2024-26727 bsc#1222536).
- commit 9619dfe
- ext4: fix double-free of blocks due to wrong extents moved_len
(bsc#1222422 CVE-2024-26704).
- commit 4e96ad3
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
(bsc#1219264 CVE-2024-0841).
- commit aa8204a
- nfsd: Fix error cleanup path in nfsd_rename() (bsc#1221044
CVE-2023-52591).
- commit a849be1
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500).
- commit fc88013
- Update
patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
(CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
- commit fd3aabc
- selinux: saner handling of policy reloads (bsc#1222230 bsc#1221044
CVE-2023-52591).
- commit 66a189d
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem
(bsc#1209657 CVE-2023-0160).
- commit 989b8c6
- blacklist.conf: omit reverted sockmap deadlock fix
- commit 397323e
- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 2e3eba1
- netfilter: nf_tables: disallow anonymous set with timeout flag
(CVE-2024-26642 bsc#1221830).
- commit 02a907f
- netfilter: ctnetlink: fix possible refcount leak in
ctnetlink_create_conntrack() (CVE-2023-7192 bsc#1218479).
- commit 0b47032
- README.BRANCH: Remove copy of branch name
- commit 4834fba
- README.BRANCH: Remove copy of branch name
- commit 704bda3
- ipv6: init the accept_queue's spinlocks in inet6_create
(bsc#1221293 CVE-2024-26614).
- commit 0ab8c0f
- tcp: make sure init the accept_queue's spinlocks once
(bsc#1221293 CVE-2024-26614).
- commit 943f002
- powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
(CVE-2023-52607 bsc#1221061).
- commit 36feafa
- Update
patches.suse/HID-intel-ish-hid-ipc-Disable-and-reenable-ACPI-GPE-.patch
(git-fixes CVE-2023-52519 bsc#1220920).
- Update
patches.suse/HID-sony-Fix-a-potential-memory-leak-in-sony_probe.patch
(git-fixes CVE-2023-52529 bsc#1220929).
- Update
patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
(git-fixes CVE-2023-52474 bsc#1220445).
- Update
patches.suse/RDMA-siw-Fix-connection-failure-handling.patch
(git-fixes CVE-2023-52513 bsc#1221022).
- Update
patches.suse/RDMA-srp-Do-not-call-scsi_done-from-srp_abort.patch
(git-fixes CVE-2023-52515 bsc#1221048).
- Update
patches.suse/Revert-tty-n_gsm-fix-UAF-in-gsm_cleanup_mux.patch
(git-fixes CVE-2023-52564 bsc#1220938).
- Update
patches.suse/bpf-Check-rcu_read_lock_trace_held-before-calling-bp.patch
(bsc#1220251 CVE-2023-52447 CVE-2023-52621 bsc#1222073).
- Update
patches.suse/ieee802154-ca8210-Fix-a-potential-UAF-in-ca8210_prob.patch
(git-fixes CVE-2023-52510 bsc#1220898).
- Update
patches.suse/net-nfc-llcp-Add-lock-when-modifying-device-list.patch
(git-fixes CVE-2023-52524 bsc#1220927).
- Update
patches.suse/net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75.patch
(git-fixes CVE-2023-52528 bsc#1220843).
- Update
patches.suse/nfc-nci-assert-requested-protocol-is-valid.patch
(git-fixes CVE-2023-52507 bsc#1220833).
- Update
patches.suse/nilfs2-fix-potential-use-after-free-in-nilfs_gccache.patch
(git-fixes CVE-2023-52566 bsc#1220940).
- Update
patches.suse/nvme-fc-Prevent-null-pointer-dereference-in-nvme_fc_.patch
(bsc#1214842 CVE-2023-52508 bsc#1221015).
- Update
patches.suse/nvmet-tcp-Fix-a-kernel-panic-when-host-sends-an-inva.patch
(bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
CVE-2023-6356 CVE-2023-52454 bsc#1220320).
- Update
patches.suse/platform-x86-think-lmi-Fix-reference-leak.patch
(git-fixes CVE-2023-52520 bsc#1220921).
- Update
patches.suse/ravb-Fix-use-after-free-issue-in-ravb_tx_timeout_wor.patch
(bsc#1212514 CVE-2023-35827 CVE-2023-52509 bsc#1220836).
- Update
patches.suse/ring-buffer-Do-not-attempt-to-read-past-commit.patch
(git-fixes CVE-2023-52501 bsc#1220885).
- Update
patches.suse/serial-8250_port-Check-IRQ-data-before-use.patch
(git-fixes CVE-2023-52567 bsc#1220839).
- Update
patches.suse/spi-sun6i-fix-race-between-DMA-RX-transfer-completio.patch
(git-fixes CVE-2023-52517 bsc#1221055).
- Update
patches.suse/spi-sun6i-reduce-DMA-RX-transfer-width-to-single-byt.patch
(git-fixes CVE-2023-52511 bsc#1221012).
- Update
patches.suse/wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_proc.patch
(git-fixes CVE-2023-52525 bsc#1220840).
- Update
patches.suse/x86-alternatives-disable-kasan-in-apply_alternatives.patch
(git-fixes CVE-2023-52504 bsc#1221553).
- Update
patches.suse/x86-srso-fix-sbpb-enablement-for-spec_rstack_overflow-off.patch
(git-fixes CVE-2023-52575 bsc#1220871).
- commit 5f353b0
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487 CVE-2022-48626 bsc#1220366).
- Update
patches.suse/crypto-qcom-rng-ensure-buffer-for-generate-is-comple.patch
(git-fixes CVE-2022-48629 bsc#1220989).
- Update
patches.suse/crypto-qcom-rng-fix-infinite-loop-on-requests-not-mu.patch
(git-fixes CVE-2022-48630 bsc#1220990).
- commit f8cf886
- Update
patches.suse/ALSA-hda-intel-sdw-acpi-harden-detection-of-controll.patch
(git-fixes CVE-2021-46926 bsc#1220478).
- Update
patches.suse/ALSA-rawmidi-fix-the-uninitalized-user_pversion.patch
(git-fixes CVE-2021-47096 bsc#1220981).
- Update
patches.suse/IB-qib-Fix-memory-leak-in-qib_user_sdma_queue_pkts.patch
(git-fixes CVE-2021-47104 bsc#1220960).
- Update
patches.suse/Input-elantech-fix-stack-out-of-bound-access-in-elan.patch
(git-fixes CVE-2021-47097 bsc#1220982).
- Update
patches.suse/KVM-x86-mmu-Don-t-advance-iterator-after-restart-due.patch
(git-fixes CVE-2021-47094 bsc#1221551).
- Update patches.suse/NFSD-Fix-READDIR-buffer-overflow.patch
(git-fixes bsc#1196346 CVE-2021-47107 bsc#1220965).
- Update
patches.suse/asix-fix-uninit-value-in-asix_mdio_read.patch
(git-fixes CVE-2021-47101 bsc#1220987).
- Update
patches.suse/drm-mediatek-hdmi-Perform-NULL-pointer-check-for-mtk.patch
(git-fixes CVE-2021-47108 bsc#1220986).
- Update
patches.suse/hwmon-lm90-Prevent-integer-overflow-underflow-in-hys.patch
(git-fixes CVE-2021-47098 bsc#1220983).
- Update
patches.suse/ipmi-Fix-UAF-when-uninstall-ipmi_si-and-ipmi_msghand.patch
(git-fixes CVE-2021-47100 bsc#1220985).
- Update
patches.suse/ipmi-ssif-initialize-ssif_info-client-early.patch
(bsc#1193490 CVE-2021-47095 bsc#1220979).
- Update
patches.suse/mac80211-fix-locking-in-ieee80211_start_ap-error-pat.patch
(git-fixes CVE-2021-47091 bsc#1220959).
- Update
patches.suse/net-fix-use-after-free-in-tw_timer_handler.patch
(bsc#1217195 CVE-2021-46936 bsc#1220439).
- Update
patches.suse/net-marvell-prestera-fix-incorrect-structure-access.patch
(git-fixes CVE-2021-47102 bsc#1221009).
- Update
patches.suse/net-smc-fix-kernel-panic-caused-by-race-of-smc_sock
(git-fixes CVE-2021-46925 bsc#1220466).
- Update
patches.suse/nitro_enclaves-Use-get_user_pages_unlocked-call-to-handle-mmap-assert.patch
(git fixes (mm/gup) CVE-2021-46927 bsc#1220443).
- Update
patches.suse/platform-x86-intel_pmc_core-fix-memleak-on-registrat.patch
(git-fixes CVE-2021-47093 bsc#1220978).
- Update patches.suse/sctp-use-call_rcu-to-free-endpoint.patch
(CVE-2022-20154 bsc#1200599 CVE-2021-46929 bsc#1220482).
- Update patches.suse/tee-optee-Fix-incorrect-page-free-bug.patch
(jsc#SLE-21844 CVE-2021-47087 bsc#1220954).
- Update
patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
(bsc#1209635 CVE-2022-4744 git-fixes CVE-2021-47082
bsc#1220969).
- Update
patches.suse/usb-gadget-f_fs-Clear-ffs_eventfd-in-ffs_data_clear.patch
(git-fixes CVE-2021-46933 bsc#1220487).
- Update patches.suse/usb-mtu3-fix-list_head-check-warning.patch
(git-fixes CVE-2021-46930 bsc#1220484).
- Update
patches.suse/veth-ensure-skb-entering-GRO-are-not-cloned.patch
(git-fixes CVE-2021-47099 bsc#1220955).
- commit b15f74e
- wifi: ath10k: fix NULL pointer dereference in
ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336
CVE-2023-7042).
- commit 1784f9f
- x86/sev: Harden #VC instruction emulation somewhat (CVE-2024-25742 bsc#1221725).
- commit 02ed75a
- dmaengine: fix NULL pointer in channel unregistration function (bsc#1221276 CVE-2023-52492)
- commit f21c2ab
- Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
(bsc#1219170 CVE-2024-22099).
- commit ece27a6
- perf/x86/lbr: Filter vsyscall addresses (bsc#1220703,
CVE-2023-52476).
- commit c52b506
- fs: introduce lock_rename_child() helper (bsc#1221044
CVE-2023-52591).
Refresh patches.suse/fs-Establish-locking-order-for-unrelated-directories.patch
- commit 86376e0
- rename(): avoid a deadlock in the case of parents having no
common ancestor (bsc#1221044 CVE-2023-52591).
- commit 16e3098
- kill lock_two_inodes() (bsc#1221044 CVE-2023-52591).
- commit 8b8deef
- rename(): fix the locking of subdirectories (bsc#1221044
CVE-2023-52591).
- commit 146d81f
- f2fs: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 5344280
- ext4: don't access the source subdirectory content on
same-directory rename (bsc#1221044 CVE-2023-52591).
- commit b2b6374
- ext2: Avoid reading renamed directory if parent does not change
(bsc#1221044 CVE-2023-52591).
- commit 2edcc11
- udf_rename(): only access the child content on cross-directory
rename (bsc#1221044 CVE-2023-52591).
- commit 0257614
- ocfs2: Avoid touching renamed directory if parent does not
change (bsc#1221044 CVE-2023-52591).
- commit e786f3a
- reiserfs: Avoid touching renamed directory if parent does not
change (git-fixes bsc#1221044 CVE-2023-52591).
Refresh patches.suse/reiserfs-add-check-to-detect-corrupted-directory-entry.patch
Refresh patches.suse/reiserfs-don-t-panic-on-bad-directory-entries.patch
- commit 523ddca
- fs: don't assume arguments are non-NULL (bsc#1221044
CVE-2023-52591).
- commit 2177893
- fs: Restrict lock_two_nondirectories() to non-directory inodes
(bsc#1221044 CVE-2023-52591).
- commit a59a7cb
- fs: ocfs2: check status values (bsc#1221044 CVE-2023-52591).
- commit 8c6576f
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in
upi_fill_topology() (bsc#1220237, CVE-2023-52450).
- commit 246b58a
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (bsc#1213456 CVE-2023-28746).
- commit 4fed4e6
- Sort upstream patches
- Refresh
patches.suse/Documentation-hw-vuln-Add-documentation-for-RFDS.patch.
- Refresh
patches.suse/KVM-x86-Export-RFDS_NO-and-RFDS_CLEAR-to-guests.patch.
- Refresh
patches.suse/x86-entry-ia32-Ensure-s32-is-sign-extended-to-s64.patch.
- Refresh
patches.suse/x86-rfds-Mitigate-Register-File-Data-Sampling-RFDS.patch.
- commit f172e12
- Refresh patches.kabi/team-Hide-new-member-header-ops.patch.
Fix for kABI workaround.
- commit 6ba2f5d
- ceph: fix deadlock or deadcode of misusing dget() (bsc#1221058
CVE-2023-52583).
- commit 1a81018
- netfs: Only call folio_start_fscache() one time for each folio
(CVE-2023-52582 bsc#1220878).
- commit dfd082b
- Refresh
patches.suse/mm-ima-kexec-of-use-memblock_free_late-from-ima_free.patch.
Fix:
* Section mismatch (function ima_free_kexec_buffer()) in modpost: vmlinux.o in ima_free_kexec_buffer()
WARNING: modpost: vmlinux.o(.text+0xac1250): Section mismatch in reference from the function ima_free_kexec_buffer() to the function .init.text:__memblock_free_late()
- commit 5522f01
- Update
patches.suse/usb-hub-Guard-against-accesses-to-uninitialized-BOS-.patch
(bsc#1220790 CVE-2023-52477).
- commit d33bab7
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (bsc#1220413 CVE-2023-52470).
- commit 9d7d799
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (bsc#1220411 CVE-2023-52469).
- commit f4f0cf4
- group-source-files.pl: Quote filenames (boo#1221077).
The kernel source now contains a file with a space in the name.
Add quotes in group-source-files.pl to avoid splitting the filename.
Also use -print0 / -0 when updating timestamps.
- commit a005e42
- mm,ima,kexec,of: use memblock_free_late from
ima_free_kexec_buffer (bsc#1220872 CVE-2023-52576).
- commit b1b1c9a
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (bsc#1220340,CVE-2024-26600)
- commit 78e2b4a
- erofs: fix lz4 inplace decompression (CVE-2023-52497
bsc#1220879).
- commit ddeedf9
- ACPI: extlog: fix NULL pointer dereference check (bsc#1221039
CVE-2023-52605).
- commit 635c481
- kernel-binary: Fix i386 build
Fixes: 89eaf4cdce05 ("rpm templates: Move macro definitions below buildrequires")
- commit f7c6351
- btrfs: remove BUG() after failure to insert delayed dir index
item (bsc#1220918 CVE-2023-52569).
- btrfs: improve error message after failure to add delayed dir
index item (bsc#1220918 CVE-2023-52569).
- commit 53e1d2d
- net: nfc: fix races in nfc_llcp_sock_get() and
nfc_llcp_sock_get_sn() (CVE-2023-52502 bsc#1220831).
- commit 8c33586
- kabi: team: Hide new member header_ops (bsc#1220870
CVE-2023-52574).
- commit 9f49992
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392
bsc#1221040 CVE-2023-52597).
- commit a90b87c
- kernel-binary: vdso: fix filelist for non-usrmerged kernel
Fixes: a6ad8af207e6 ("rpm templates: Always define usrmerged")
- commit fb3f221
- bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets
(bsc#1220926 CVE-2023-52523).
- commit 90d9f50
- krb5
-
- Fix memory leaks, add patch 0012-Fix-two-unlikely-memory-leaks.patch
* CVE-2024-26458, bsc#1220770
* CVE-2024-26461, bsc#1220771
- less
-
- Fix CVE-2024-32487, mishandling of \n character in paths when
LESSOPEN is set leads to OS command execution
(CVE-2024-32487, bsc#1222849)
* CVE-2024-32487.patch
- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
metacharacters, bsc#1219901
* CVE-2022-48624.patch
- gcc13
-
- Add gcc13-pr111731.patch to fix unwinding for JIT code.
[bsc#1221239]
- Revert libgccjit dependency change. [boo#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Use %patch -P N instead of %patchN.
- Add gcc13-sanitizer-remove-crypt-interception.patch to remove
crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285
- Add gcc13-pr88345-min-func-alignment.diff to add support for
- fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250
* Includes fix for building TVM. [boo#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[boo#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than
in gcc13-devel. [boo#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs
are linked against libstdc++6.
- Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205
- Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109
* Includes fix for building mariadb on i686. [bsc#1217667]
* Remove pr111411.patch contained in the update.
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
- avahi
-
- Add avahi-CVE-2023-38471.patch: Extract host name using
avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
records (bsc#1216598, CVE-2023-38469).
- util-linux
-
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- c-ares
-
- CVE-2024-25629.patch: fix out of bounds read in ares__read_line()
(bsc#1220279, CVE-2024-25629)
- expat
-
- Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion
attack when there is isolated use of external parsers.
* Added expat-CVE-2024-28757.patch
- Security fix:
* (CVE-2023-52425, bsc#1219559) denial of service (resource
consumption) caused by processing large tokens.
- Added patch expat-CVE-2023-52425-1.patch
- Added patch expat-CVE-2023-52425-2.patch
- Added patch expat-CVE-2023-52425-backport-parser-changes.patch
- Added patch expat-CVE-2023-52425-fix-tests.patch
- gnutls
-
- Security fix: [bsc#1221747, CVE-2024-28835]
* gnutls: certtool crash when verifying a certificate chain
* Add gnutls-CVE-2024-28835.patch
- Security fix: [bsc#1221746, CVE-2024-28834]
* gnutls: side-channel in the deterministic ECDSA
* Add gnutls-CVE-2024-28834.patch
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread. [bsc#1221242]
* Add gnutls-FIPS-jitterentropy-deinit-threads.patch
- jitterentropy
-
- Fix a stack corruption on s390x: [bsc#1209627]
* Output size of the STCKE command on s390x is 16 bytes, compared
to 8 bytes of the STCK command. Fix a stack corruption in the
s390x version of jent_get_nstime(). Add some more detailed
information on the STCKE command.
* github.com/smuellerDD/jitterentropy-library/commit/7bf9f85
* Add jitterentropy-fix-a-stack-corruption-on-s390x.patch
- ncurses
-
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
* Backport from ncurses-6.4-20230615.patch
improve checks in convert_string() for corrupt terminfo entry
- nghttp2
-
- security update
- added patches
fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-1.patch
fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-2.patch
- openssl-1_1
-
- Security fix: [bsc#1222548, CVE-2024-2511]
* Fix unconstrained session cache growth in TLSv1.3
* Add openssl-CVE-2024-2511.patch
- protobuf
-
- update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
- update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
[#] C++
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
[#] Java
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split("/")
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
[#] UPB (Python/PHP/Ruby C-Extension)
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- build against modern python on sle15
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
- update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
- update to 23.3:
C++
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp
* [C#] Replace regex that validates descriptor names
- drop 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch (upstream)
- Add patch to fix linking ThreadSafeArena:
* 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch
- Drop the protobuf-source package, no longer used
- update to 22.5:
C++
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
- update to 22.4:
C++
* Fix libprotoc: export useful symbols from .so
* Fix btree issue in map tests.
Python
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
- drop python2 handling
- fix version handling and package the private libs again
- Fix confusion in versions
- Mention the rpmlintrc file in the spec.
- Make possible to build on older systems, like SLE12 that miss
some of the used macros.
- update to v22.3
UPB (Python/PHP/Ruby C-Extension)
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
- update to 22.2:
Java
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
- update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip "src" from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
- python sub packages version is set 4.22.3 as defined in
python/google/protobuf/__init__.py to stay compatible
- skip python2 builds by default
- drop patches:
* 10355.patch,
* gcc12-disable-__constinit-with-c++-11.patch (merged upstream)
- added patches:
* add-missing-stdint-header.patch added for compile fixes
- Enable LTO (boo#1133277).
- update to v21.12:
* Python
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
- update to 21.11:
* Python
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
- update to 21.10:
* Java
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
- update to 21.9:
* Ruby
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private "parsing
constructor" to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
- update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
- update to 21.5:
PHP
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python
* Fixed comparison of maps in Python.
- add 10355.patch to fix soversioning
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP
* Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel
* Add back a filegroup for :well_known_protos (#10061)
- Update to 21.2:
- C++
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Do not use %%autosetup, but %%setup and %%patch on other line
* Allows building on SLE-12-SP5
- Add temporary patch gcc12-disable-__constinit-with-c++-11.patch
that addresses gh#protocolbuffers/protobuf#9916.
- python3
-
- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
gh#python/cpython!16557) fixes syslog making default "ident"
from sys.argv[0].
- suseconnect-ng
-
- Update to version 1.9.0
* Fix certificate import for Yast when using a registration proxy with
self-signed SSL certificate (bsc#1223107)
- Update to version 1.8.0
* Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)
- libzypp
-
- Don't try to refresh volatile media as long as raw metadata are
present (bsc#1223094)
- version 17.32.5 (32)
- Fix creation of sibling cache dirs with too restrictive mode
(bsc#1222398)
Some install workflows in YAST may lead to too restrictive (0700)
raw cache directories in case of newly created repos. Later
commands running with user privileges may not be able to access
these repos.
- version 17.32.4 (32)
- Update RepoStatus fromCookieFile according to the files mtime
(bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)
- Fixup New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
Fixed the name of the keyword to "support_superseded" as it was
agreed on in jsc#OBS-301.
- version 17.32.2 (32)
- Add resolver option 'removeUnneeded' to file weak remove jobs
for unneeded packages (bsc#1175678)
- version 17.32.1 (32)
- Add resolver option 'removeOrphaned' for distupgrade
(bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
(jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)
- ProblemSolution::skipsPatchesOnly overload to handout the
patches.
- Remove https->http redirection exceptions for
download.opensuse.org.
- version 17.31.32 (22)
- shadow
-
- bsc#1176006: Fix chage date miscalculation
Add shadow-bsc1176006-chage-date.patch
- bsc#1188307: Fix passwd segfault
Add shadow-bsc1188307-passwd-segfault.patch
- bsc#1203823: Remove pam_keyinit from PAM config files
Remove pam_keyinit from PAM configuration.
This was introduced for bsc#1144060.
- openssh
-
- Add patches from upstream to change the default value of
UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
This makes ssh update the known_hosts stored keys with all
published versions by the server (after it's authenticated
with an existing key), which will allow to identify the
server with a different key if the existing key is considered
insecure at some point in the future (bsc#1222831).
* 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
* 0002-upstream-disable-UpdateHostkeys-by-default-if.patch
- Add patches openssh-7.7p1-seccomp_getuid.patch and
openssh-bsc1216474-s390-leave-fds-open.patch
(bsc#1216474, bsc#1218871)
- Fix hostbased ssh login failing occasionally with "signature
unverified: incorrect signature" by fixing a typo in patch
(bsc#1221123):
* openssh-7.8p1-role-mls.patch
- pam-config
-
- Fix pam_gnome_keyring module for AUTH.
[pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#166
- log grub2-install errors correctly (bsc#1221470)
- 0.947
- merge gh#openSUSE/perl-bootloader#161
- support old grub versions (<= 2.02) that used /usr/lib
(bsc#1218842)
- create EFI boot fallback directory if necessary
- 0.946
- perl
-
- fix space calculation issues in pp_pack.c [bnc#1082216]
[CVE-2018-6913]
* new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
[CVE-2018-6798]
new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
new patch: perl-net-ftp-tls13.diff
- python-Jinja2
-
- Add CVE-2024-34064.patch upstream patch
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
Also fixes (CVE-2024-22195, bsc#1218722)
- python-idna
-
- Add CVE-2024-3651.patch, backported from upstream commit
gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
(bsc#1222842, CVE-2024-3651)
- python-requests
-
- Add CVE-2024-35195.patch (CVE-2024-35195, bsc#1224788)
- Add httpbin.patch to fix a test failure caused by the previous patch.
- salt
-
- Make "man" a recommended package instead of required
- Convert oscap output to UTF-8
- Make Salt compatible with Python 3.11
- Ignore non-ascii chars in oscap output (bsc#1219001)
- Fix detected issues in Salt tests when running on VMs
- Make importing seco.range thread safe (bsc#1211649)
- Fix problematic tests and allow smooth tests executions
on containers
- Discover Ansible playbook files as "*.yml" or "*.yaml"
files (bsc#1211888)
- Provide user(salt)/group(salt) capabilities for RPM 4.19
- Extend dependencies for python3-salt-testsuite
and python3-salt packages
- Improve Salt and testsuite packages multibuild
- Enable multibuilld and create test flavor
- Prevent exceptions with fileserver.update when called
via state (bsc#1218482)
- Improve pip target override condition with VENV_PIP_TARGET
environment variable (bsc#1216850)
- Fixed KeyError in logs when running a state that fails
- Added:
* fixed-keyerror-in-logs-when-running-a-state-that-fai.patch
* decode-oscap-byte-stream-to-string-bsc-1219001.patch
* fix-salt-warnings-and-testuite-for-python-3.11-635.patch
* make-importing-seco.range-thread-safe-bsc-1211649.patch
* improve-pip-target-override-condition-with-venv_pip_.patch
* allow-kwargs-for-fileserver-roots-update-bsc-1218482.patch
* fix-problematic-tests-and-allow-smooth-tests-executi.patch
* discover-both-.yml-and-.yaml-playbooks-bsc-1211888.patch
* fix-tests-failures-and-errors-when-detected-on-vm-ex.patch
* switch-oscap-encoding-to-utf-8-639.patch
- spacewalk-certs-tools
-
- version 4.3.23-0
* Fix liberty bootstrapping when zypper is installed (bsc#1222347)
* Apply reboot method changes for transactional systems in the bootstrap script
- spacewalk-client-tools
-
- version 4.3.19-0
* Update translation strings
- uyuni-common-libs
-
- version 4.3.10-0
* Add support for package signature type V4 RSA/SHA384
* Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
- release-notes-susemanager-proxy
-
- Update to SUSE Manager 4.3.12
* Bugs mentioned:
bsc#1208572, bsc#1214387, bsc#1217204, bsc#1220980, bsc#1221465
bsc#1222347, bsc#1220001
- rpm
-
- implement subkey binding signature checking [bsc#1191175]
* new patch: verifybindingsig.diff
- accept more signature subpackets marked as critical [bsc#1218686]
* new patch: accept-crit-subpkt.diff
- backport limit support for the autopatch macro [bsc#1189495]
* new patch: autopatch.diff
- backport signature reserved space handling from upstream
* new patch: sigreserved.diff
- turn on imaevm file signature support and move the imaevm code
that needs the libimaevm library into a plugin. Put this
plugin into a new "rpm-imaevmsign" subpackage. [jsc#PED-7246]
* new patch: imaevmsignplugin.diff
- rpm-ndb
-
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
- runc
-
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
+ 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
+ 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
+ 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- sed
-
- 0001-sed-set-correct-umask-on-temporary-files.patch
Fix for bsc#1221218
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000product:sle-module-suse-manager-proxy-release
-
n/a
- spacewalk-backend
-
- version 4.3.28-0
* Strip whitespace from .deb package metadata (bsc#1214387)
* Fix inserting NULL into some columns during ISSv1 sync (bsc#1220980)
* Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
* Unquote HTML-encoded credentials before synchronizing repositories (bsc#1217204)
- spacewalk-web
-
- version 4.3.38-0
* Upgrade json5 to 2.2.3
* Upgrade semver to 7.6.0
* Add one-shot action execution to recurring custom state
create/edit
* Add two filters for rpmlint in package spacewalk-web:
explicit-lib-dependency and filename-too-long-for-joliet
* Added: spacewalk-web-rpmlintrc
* Fix virtual systems filters (bsc#1208572)
* Improve CLM Create New Filter button
* Bump the WebUI version to 4.3.12
- squid
-
- CVE-2024-33427.patch: fixes possible buffer overread leading to
denial of service (bsc#1225417, CVE-2024-33427)
- SQUID-2024_2.patch: Fixes denial of service in HTTP header parser
(bsc#1219960, CVE-2024-25617)
- SQUID-2024_1.patch: Fixes Chunked Encoding Stack Overflow
(bsc#1216715, CVE-2024-25111)
- supportutils
-
- Changes in version 3.1.30
+ Added -V key:value pair option (bsc#1222021, PED-8211)
+ Avoid getting duplicate kernel verifications in boot.text (pr#193)
+ Suppress file descriptor leak warnings from lvm commands (pr#192, bsc#1220082)
+ Includes container log timestamps (pr#197)
- Changes to version 3.1.29
+ Extended scaling for performance (bsc#1214713)
+ Fixed kdumptool output error (bsc#1218632)
+ Corrected podman ID errors (bsc#1218812)
+ Duplicate non root podman entries removed (bsc#1218814)
+ Corrected get_sles_ver for SLE Micro (bsc#1219241)
+ Check nvidida-persistenced state (bsc#1219639)
- systemd-default-settings
-
- Import 0.10
5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)
- Import 0.9
bb859bf user@.service: Disable controllers by default (jsc#PED-2276)
- The usage of drop-ins is now the official way for configuring systemd and its
various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
"feature" has been abandoned.
- Import 0.8
f34372f User priority '26' for SLE-Micro
c8b6f0a Revert "Convert more drop-ins into early ones"
- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
6b8dde1 Convert more drop-ins into early ones
- systemd-presets-branding-SLE
-
- Enable sysctl-logger (jsc#PED-5024)
- systemd-presets-common-SUSE
-
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
(bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
Support both the old and new service to avoid complex version interdependency.
- systemd-rpm-macros
-
- Bump version to 15
- Order packages that requires systemd after systemd-sysvcompat when this part
of the transaction (bsc#1217964)
systemd-sysvcompat has been introduced recently and contains the compatibility
scripts used to support SysV init scripts. Make sure that the packages ordered
after systemd are also ordered after systemd-sysvcompat so theirs rpm
scriptlets can still rely on the compat scripts.
On distributions where systemd-sysvcompat doesn't exist, the new ordering
constraint should be a nop.
- util-linux-systemd
-
- Properly neutralize escape sequences in wall
(util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
and its prerequisites: util-linux-fputs_careful1.patch,
util-linux-wall-migrate-to-memstream.patch
util-linux-fputs_careful2.patch).
- Add upstream patch
more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
bsc#1220117 - L3-Question: Processes not cleaned up after failed SSH session are using up 100% CPU
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- vim
-
- Updated to version 9.1 with patch level 0330, fixes the following problems
* Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330
- wicked
-
- client: fix ifreload to pull UP ports/links again when the config
of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
[+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
- Update to version 0.6.75:
- cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
- cleanup: fix overflow warnings in a socket testcase on i586
- ifcheck: report new and deleted configs as changed (bsc#1218926)
- man: improve ARP configuration options in the wicked-config.5
- bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
- cleanup: fix interface dependencies and shutdown order (bsc#1205604)
- Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
and consistently use config and state info attached to the port
interface as in rtnetlink(7).
- Cleanup ifcfg parsing, schema configuration and service properties
- Migrate ports in xml config and policies already applied in nanny
- Remove "missed config" generation from finite state machine, which
is completed while parsing the config or while xml config migration.
- Issue a warning when "lower" interface (e.g. eth0) config is missed
while parsing config depending on it (e.g. eth0.42 vlan).
- Resolve ovs master to the effective bridge in config and wickedd
- Implement netif-check-state require checks using system relations
from wickedd/kernel instead of config relations for ifdown and add
linkDown and deleteDevice checks to all master and lower references.
- Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
system/config interface hierarchies as notice with +/- marked
interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
[- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
[- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
[- 0003-move-all-attribute-definitions-to-compiler-h.patch]
[- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
[- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- client: do not convert sec to msec twice (bsc#1222105)
[+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]
- addrconf: fix fallback-lease drop (bsc#1220996)
[+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
- extensions/nbft: use upstream `nvme nbft show` (bsc#1221358)
[+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
- hide secrets in debug log (bsc#1221194)
[+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
[+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
- xen
-
- Update to Xen 4.16.6 security bug fix release (bsc#1027519)
xen-4.16.6-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
- Dropped patches contained in new tarball
64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
64f71f50-Arm-handle-cache-flush-at-top.patch
65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
65087004-x86-entry-restore_all_xen-stack_end.patch
65087005-x86-entry-track-IST-ness-of-entry.patch
65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
65087007-x86-AMD-Zen-1-2-predicates.patch
65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
650abbfe-x86-shadow-defer-PV-top-level-release.patch
65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
65263471-libfsimage-xfs-remove-dead-code.patch
65263472-libfsimage-xfs-amend-mask32lo.patch
65263473-libfsimage-xfs-sanity-check-superblock.patch
65263474-libfsimage-xfs-compile-time-check.patch
65263475-pygrub-remove-unnecessary-hypercall.patch
65263476-pygrub-small-refactors.patch
65263477-pygrub-open-output-files-earlier.patch
65263478-libfsimage-function-to-preload-plugins.patch
65263479-pygrub-deprivilege.patch
6526347a-libxl-allow-bootloader-restricted-mode.patch
6526347b-libxl-limit-bootloader-when-restricted.patch
6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
6526347d-x86-PV-auditing-of-guest-breakpoints.patch
65536847-AMD-IOMMU-correct-level-for-quarantine-pt.patch
65536848-x86-spec-ctrl-remove-conditional-IRQs-on-ness.patch
xsa440.patch
xsa449.patch
xsa451.patch
xsa452-1.patch
xsa452-2.patch
xsa452-3.patch
xsa452-4.patch
xsa452-5.patch
xsa452-6.patch
xsa452-7.patch
xsa453-1.patch
xsa453-2.patch
xsa453-3.patch
xsa453-4.patch
xsa453-5.patch
xsa453-6.patch
xsa453-7.patch
xsa453-8.patch
xsa454-1.patch
xsa454-2.patch
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
Sampling (XSA-452)
xsa452-1.patch
xsa452-2.patch
xsa452-3.patch
xsa452-4.patch
xsa452-5.patch
xsa452-6.patch
xsa452-7.patch
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
Race Conditions (XSA-453)
xsa453-1.patch
xsa453-2.patch
xsa453-3.patch
xsa453-4.patch
xsa453-5.patch
xsa453-6.patch
xsa453-7.patch
xsa453-8.patch
- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
exceptions from emulation stubs (XSA-451)
xsa451.patch
- yast2-network
-
- Guard secret attributes against leaking to the log (bsc#1221194)
- 4.4.60
- yast2-packager
-
- Reimplemented the hardcoded product mapping to support also the
migration from SLE_HPC to SLES SP6+ (with the HPC module)
(bsc#1220567)
- 4.4.35
- Do not fail when the installation URL contains a space
(bsc#1201816)
- 4.4.34
- yast2-registration
-
- Set the new product mapping when upgrading SLE_HPC to SLES SP6+
(with the HPC module), use the old product mapping when upgrading
from SLE_HPC-SP3 to SLE_HPC-SP4 (bsc#1220567)
- 4.4.24
- yast2-users
-
- Add a missing require in the auto client (bsc#1219422).
- 4.4.16
- zypper
-
- Do not try to refresh repo metadata as non-root user
(bsc#1222086)
Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
list them.
- Don't print 'reboot required' message if download-only or
dry-run (fixes #529)
Instead point out that a reboot would be required if the option
was not used.
- Resepect zypper.conf option `showAlias` search commands
(bsc#1221963)
Repository::asUserString (or Repository::label) respects the
zypper.conf option, while name/alias return the property.
- version 1.14.71
- dup: New option --remove-orphaned to remove all orphaned
packages in dup (bsc#1221525)
- version 1.14.70
- info,summary: Support VendorSupportOption flag
VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires: libzypp-devel >= 17.32.0.
API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
The problem description() is one rule out possibly many in
completeProblemInfo() the solver has chosen to represent the
problem. So either description or completeProblemInfo should be
printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
first one (bsc#1218171)
- version 1.14.69