- 000release-packages:SUSE-Manager-Proxy-release
-
n/a
- apache2
-
- Apply fix for CVE-2023-45802, bsc#1216423.
Patch file added:
* apache2-CVE-2023-45802.patch
- Apply fix for CVE-2024-40725, bsc#1228097.
Patch file added:
* apache2-CVE-2024-40725.patch
- Apply fix for CVE-2024-39884, bsc#1227353.
Patch file added:
* apache2-CVE-2024-39884.patch
- Apply fix for CVE-2024-38474, bsc#1227278.
Patch file added:
* apache2-CVE-2024-38474.patch
- Apply fix for CVE-2024-38473, bsc#1227276.
Patch files added:
* apache2-CVE-2024-38473-1.patch
* apache2-CVE-2024-38473-2.patch
* apache2-CVE-2024-38473-3.patch
* apache2-CVE-2024-38473-4.patch
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- bind
-
- Update to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- binutils
-
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- cups
-
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
which was added in CUPS 2.2.8 that
fixed a parsing bug in cups_auth_find() in cups/auth.c
which lead to cupsd failing to authenticate users
when group membership is required by cupsd configuration
like 'Require user @GROUP' which lead to CUPS related commands
requesting password from group users even if it is not needed
(bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
for what should be ' - ' by ASCII to avoid RPMLINT warning
about 'non-break-space' which "can lead to obscure errors".
- curl
-
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- dracut
-
- Update to version 055+suse.359.geb85610b:
* fix(convertfs): error in conditional expressions (bsc#1228847)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- glib2
-
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- grub2
-
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- Enhancement to PPC secure boot's root device discovery config (bsc#1207230)
- Fix regex for Open Firmware device specifier with encoded commas
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution.
* 0004-Introduce-prep_load_env-command.patch
- Refreshed
* 0005-export-environment-at-start-up.patch
- kernel-default
-
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
Delete
patches.suse/ibmvfc-make-max_sectors-a-module-option.patch.
- commit 13d3e25
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272 bsc#1231016).
- commit d8ddf61
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 09526c9
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0515c56
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit 4537dc0
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- blacklist.conf: update blacklist
- commit 401873a
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit 0a4b370
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- scsi: smartpqi: Expose SAS address for SATA drives
(bsc#1223958).
- commit 6711c21
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
Add CVE references.
- commit 637c320
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 314f719
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit 97cd90c
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 810053d
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit c8086f4
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit 51a7eb4
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 10bbd80
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit e559e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- commit 1ec0d1e
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes CVE-2024-35901 bsc#1224495).
- commit 9db7ad0
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit 9c27e1c
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit a10cc0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- apr
-
- security update
- added patches
fix CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
+ apr-CVE-2023-49582.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python3
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- libzypp
-
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-dmidecode
-
- Update to the upstream release 3.12.3 (bsc#1229855):
- consolidation of previous git commits
- support SMBIOS3.3.0
- Remove upstreamed huge-memory.patch
- Remove upstreamed fix-memory-Type-Detail-map-size.patch
- salt
-
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- regionServiceClientConfigGCE
-
- Version 4.2.0 (jsc#PCT-361)
+ Add IPv6 certs to supprt access of the update infrastructure via
IPv6 on GCE instances.
- Update to version 4.1.0 (bsc#1217538)
+ Replace 162.222.182.90 and 35.187.193.56 (length 4096):
rgnsrv-gce-asia-northeast1 -> 162.222.182.90 expires in 9 years
rgnsrv-gce-us-central1 -> 35.187.193.56 expires in 10 years
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000product:sle-module-suse-manager-proxy-release
-
n/a
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xen
-
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- bsc#1228201 - [Baremetal][sles15sp4][guest migration] xl
migration fail , guest not shutdown.
This also fixes, bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86:
Native Branch History Injection (XSA-456)
661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb7316-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
- Drop xsa458.patch in favor of upstream version (bsc#1227355)
669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74