- apache-commons-lang3
-
- Update to 3.16.0:
* New features:
+ Add StopWatch.getSplitDuration() and deprecate
getSplitTime().
+ Add StopWatch.getStartInstant() and deprecate getStartTime().
+ Add StopWatch.getStopInstant() and deprecate getStopTime().
+ Add StopWatch.getDuration() and deprecate getTime().
+ Add Javadoc links from StopWatch to DurationUtils #1249.
+ Add LangCollectors.collect(Collector, T...).
+ Add RandomStringUtils.secure().
+ Add RandomStringUtils.insecure().
* Fixed bugs:
+ Reimplement StopWatch internals to use java.time.
+ RandomStringUtils.random() with a negative character index
should throw IllegalArgumentException. Fixes LANG-1745.
+ LocaleUtils.toLocale(String) cannot parse four segments.
Fixes LANG-1741.
+ Use fewer intermediary strings in
DefaultExceptionContext.getFormattedExceptionMessage(String).
+ Fix Javadoc in StringUtils.splitPreserveAllTokens() #1251.
+ Deprecate ArraySort constructor for removal.
+ Deprecate CharEncoding constructor for removal.
+ Deprecate Conversion constructor for removal.
+ Deprecate Conversion constructor for removal.
+ Deprecate EntityArrays constructor for removal.
+ Deprecate ObjectToStringComparator constructor for removal.
+ Deprecate RuntimeEnvironment constructor for removal.
- Includes changes from 3.15.0:
* New features:
+ Customize text pattern in DiffResult#toString(). Fixes
LANG-1724.
+ Add DiffBuilder.Builder.
+ Add DiffBuilder.builder().
+ Add ReflectionDiffBuilder.Builder.
+ Add ReflectionDiffBuilder.builder().
+ Add test in TypeUtilsTest #1151.
+ Add Streams.failableStream(T), non-varargs variant.
+ Add Streams.nonNull(T), non-varargs variant.
+ Add ArrayUtils.nullTo(T[], T[]).
+ Add T ArrayUtils.arraycopy(T, int, T, int, int) fluent style.
+ Add T ArrayUtils.arraycopy(T, int, int, int, Function) fluent
style.
+ Add SystemUtils.IS_JAVA_22.
+ Add JavaVersion.JAVA_22.
+ Add SystemProperties.getUserName(Supplier<String>).
+ Add SystemProperties.getLineSeparator(Supplier<String>).
+ Add
+ SystemProperties.getJavaSpecificationVersion(Supplier<String>).
+ Add SystemProperties constants and methods for system
properties as of Java 22.
+ Add MethodUtils.getMethodObject(Class, String, Class...).
+ Add null-safe Consumers.accept() and Functions.apply() #1215.
Fixes LANG-1733.
+ Add SystemUtils.IS_OS_ANDROID.
+ Add SystemUtils.IS_OS_MAC_OSX_SONOMA.
+ Add RuntimeEnvironment.inContainer() #1241.
+ Add AppendableJoiner and refactor string joining #1244.
* Fixed bugs:
+ Improve Javadoc in ExceptionUtils #1136.
+ Fixed two non-deterministic tests in EnumUtilsTest.java
[#1131].
+ Fix wrong number check that cause
StringIndexOutOfBoundsException #1140. Fixes LANG-1721.
+ Rethrow NegativeArraySizeException as SerializationException
in SerializationUtils.deserialize(InputStream) #1141. Fixes
LANG-1722.
+ Throw NumberFormatException instead of
IndexOutOfBoundsException in NumberUtils.getMantissa(String,
int) #1145. Fixes LANG-1723.
+ Minor grammar fixes #1143.
+ ArrayUtils will return null when adding two null arrays, but
undocumented. Fixes LANG-1713.
+ Let parent POM figure out commons.spdx.version.
+ Undeprecate ExceptionUtils.rethrow(Throwable). Fixes
LANG-1726.
+ Test the Conversion class #1155. Fixes LANG-1702.
+ Address minor redundancies after code inspection #1148.
+ Allow EventListenerSupport to handle (and ignore) exception
from listeners allowing invocation of all listeners #1167.
+ Deprecate AnnotationUtils 0-argument constructor.
+ Deprecate ArchUtils 0-argument constructor.
+ Deprecate ArrayUtils 0-argument constructor.
+ Deprecate BooleanUtils 0-argument constructor.
+ Deprecate CharSequenceUtils 0-argument constructor.
+ Deprecate CharSetUtils 0-argument constructor.
+ Deprecate CharUtils 0-argument constructor.
+ Deprecate ClassLoaderUtils 0-argument constructor.
+ Deprecate ClassPathUtils 0-argument constructor.
+ Deprecate ClassUtils 0-argument constructor.
+ Deprecate ConstructorUtils 0-argument constructor.
+ Deprecate DateFormatUtils 0-argument constructor.
+ Deprecate DateUtils 0-argument constructor.
+ Deprecate Diff.getType().
+ Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle).
+ Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle,
boolean).
+ Deprecate DurationFormatUtils 0-argument constructor.
+ Deprecate DurationUtils 0-argument constructor.
+ Deprecate EnumUtils 0-argument constructor.
+ Deprecate EventUtils 0-argument constructor.
+ Deprecate FieldUtils 0-argument constructor.
+ Deprecate IEEE754rUtils 0-argument constructor.
+ Deprecate InheritanceUtils 0-argument constructor.
+ Deprecate IntStreams 0-argument constructor.
+ Deprecate LocaleUtils 0-argument constructor.
+ Deprecate LockingVisitors 0-argument constructor.
+ Deprecate MemberUtils 0-argument constructor.
+ Deprecate MethodUtils 0-argument constructor.
+ Deprecate NumberUtils 0-argument constructor.
+ Deprecate ObjectUtils 0-argument constructor.
+ Deprecate RandomStringUtils 0-argument constructor.
+ Deprecate RandomUtils 0-argument constructor.
+ Deprecate ReflectionDiffBuilder.ReflectionDiffBuilder(T, T,
ToStringStyle).
+ Deprecate RegExUtils 0-argument constructor.
+ Deprecate SerializationUtils 0-argument constructor.
+ Deprecate Streams 0-argument constructor.
+ Deprecate StringEscapeUtils 0-argument constructor.
+ Deprecate StringUtils 0-argument constructor.
+ Deprecate Suppliers 0-argument constructor.
+ Deprecate SystemProperties 0-argument constructor.
+ Deprecate ThreadUtils 0-argument constructor.
+ Deprecate TypeUtils 0-argument constructor.
+ Make ArrayFill null-safe.
+ Make ArraySorter null-safe.
+ Make ArrayUtils.removeAll() null-safe.
+ Fix Java version in README.md #1170.
+ StringUtils.stripAccents() should handle ligatures, UTF32
math blocks, etc. #1201.
+ TypeUtils.toString(Type) StackOverflowError for an inner
class in the inner class parameterized enclosing class #657.
Fixes LANG-1524.
+ Deprecate SystemUtils.getUserName(String) in favor of
SystemProperties.getUserName(Supplier).
+ Make LockVisitor.acceptReadLocked(FailableConsumer)
null-safe.
+ Make LockVisitor.applyWriteLocked(FailableConsumer)
null-safe.
+ Make ObjectUtils.getFirstNonNull(Supplier...) null-safe.
+ Make SystemProperties.getLineSeparator(Supplier).
+ StringUtils.stripAccents(String) doesn't handle "\u0111" and
"\u0110" (Vietnamese) #1216.
+ StringUtils.stripAccents(String) doesn't handle I with bar.
+ StringUtils.stripAccents(String) doesn't handle U with bar.
+ StringUtils.stripAccents(String) doesn't handle T with
stroke.
+ Fix Javadoc for FluentBitSet.setInclusive(int, int) #1222.
Fixes LANG-1735.
+ Same Javadoc changes as [TEXT-234] #1223.
+ Remove duplicate static data in
SerializationUtils.ClassLoaderAwareObjectInputStream.
+ Reimplement RandomUtils and RandomStringUtils on top of
SecureRandom#getInstanceStrong() #1235.
+ DiffBuilder: Type constraint for method append(...,
DiffResult) too strict #786. Fixes LANG-1657.
- Update to 3.14.0:
* New features:
+ Add Functions#function(Function).
+ Add FailableFunction#function(FailableFunction).
+ Add CalendarUtils.getInstance().
+ Add syntax for optional tokens to DurationFormatUtils.
+ Add ArrayFill.
+ Add FastDateParser.TimeZoneStrategy.TzInfo.toString().
+ Add LocaleUtils.isLanguageUndetermined(Locale).
+ Add ObjectUtils.toString(Supplier<Object>, Supplier<String>).
+ Add LazyInitializer.isInitialized().
+ Add ConcurrentInitializer#isInitialized() #1120.
+ Add Streams.failableStream(T...).
+ Add FailableSupplier.nul().
+ Add Suppliers.nul().
+ Add ExceptionUtils.throwUnchecked(T) where T extends
Throwable, and deprecate Object version.
+ Add ExceptionUtils.rethrowRuntimeException(T), and deprecate
rethrow(T).
+ ConcurrentInitializer implementations can now be instantiated
and configured with allocation and release lambdas.
Fixes LANG-1716.
+ Add support for RISC-V in ArchUtils #1128. Fixes LANG-1717.
* Fixed bugs:
+ Rename variable names from 'clss' to 'clazz'.
+ [Javadoc] ComparableUtils'c1' to 'comparable1', 'c2' to
'comparable2'
+ [Javadoc] Remove 2.1 specific comment #1091.
+ [Javadoc] Fix Incorrect Description in Processor isAarch64()
[#1093]. Fixes LANG-1704.
+ [Javadoc] Point to right getShortClassName flavor in Javadoc
for relevant notes #1097.
+ Improve performance of StringUtils.isMixedCase().
+ ThreadUtils find methods should not return null items. Fixes
LANG-1706.
+ ReflectionToStringBuilder changes in version 3.13.0 has broken
the logic for overriding classes. Fixes LANG-1710.
+ Return "null" instead of NPE in
ClassLoaderUtils.toString(ClassLoader).
+ Return "null" instead of NPE in
ClassLoaderUtils.toString(URLClassLoader).
+ Return ToStringStyle.nullText instead of NPE for
ReflectionToStringBuilder.toString().
+ Fix ThresholdCircuitBreaker#checkState().
+ Use ConcurrentInitializer implementations without subclassing.
+ Update critical value for chi-square test.
+ Fix Javadoc syntax errors #1129.
- From 3.13.0 update
* New features:
+ Add GitHub coverage.yml.
+ Add EnumUtils.getEnumSystemProperty(...).
+ Add TriConsumer.
+ Add and use EnumUtils.getFirstEnumIgnoreCase(Class, String,
Function, E).
+ Add and use Suppliers.
+ Add and use ArrayUtils.getComponentType(T[]).
+ Add and use ClassUtils.getComponentType(Class>T[]>).
+ Add and use ObjectUtils.getClass(T).
+ Add and use ArrayUtils.newInstance(Class>T>, int).
+ Add and use null-safe Streams.of(T...).
+ Add ClassUtils.comparator().
+ Add and use ThreadUtils.sleepQuietly(Duration).
+ Add and use ArrayUtils.setAll(T[], IntFunction).
+ Add and use ArrayUtils.setAll(T[], Supplier).
+ Add BooleanConsumer.
+ Add IntToCharFunction.
+ Add IntStreams.
+ Add UncheckedFuture.
+ Add UncheckedException.
+ Add UncheckedExecutionException.
+ Add UncheckedTimeoutException.
+ Add UncheckedInterruptedException.
+ Add TimeZones.GMT.
+ Add ObjectUtils.identityHashCodeHex(Object).
+ Add ObjectUtils.hashCodeHex(Object).
+ Add StringUtils.removeStart(String, char).
+ Add null-safe ObjectUtils.isArray(). Fixes LANG-1659.
+ Add ComparableUtils.max(A, A) and ComparableUtils.min(A, A).
+ Add UncheckedReflectiveOperationException.
+ Add and use ClassUtils.isPublic(Class).
+ Add UncheckedIllegalAccessException.
+ Add MethodInvokers.
+ Add Streams.nullSafeStream(Collection).
+ Add Streams.toStream(Collection).
+ Add Streams.failableStream(Collection) and deprecate misnamed
stream(Collection).
+ Add Streams.failableStream(Stream) and deprecate misnamed
stream(Stream).
+ Add EnumUtils.getEnumMap(Class, Function).
+ Add FluentBitSet.
+ Add Streams.instancesOf(Class, Collection).
+ Add ImmutablePair.ofNonNull(L, R).
+ Add ImmutableTriple.ofNonNull(L, M, R).
+ Add MutablePair.ofNonNull(L, R).
+ Add MutableTriple.ofNonNull(L, M, R).
+ Add Pair.ofNonNull(L, R).
+ Add Triple.ofNonNull(L, M, R).
+ Add ArrayUtils.containsAny(Object[], Object...).
+ Add Processor.Type.AARCH_64.
+ Add Processor.isAarch64().
+ Update ArchUtils.getProcessor(String) for "aarch64".
+ Add JavaVersion.JAVA_18.
+ Add JavaVersion.JAVA_19.
+ Add JavaVersion.JAVA_20.
+ Add JavaVersion.JAVA_21.
+ Add TimeZones.toTimeZone(TimeZone).
+ Add FutureTasks.
+ Add Memoizer(Function) and Memoizer(Function, boolean).
+ Add Consumers.
+ Add github/codeql-action.
+ Add coverage.yml.
+ Add DurationUtils.since(Temporal).
+ Add DurationUtils.of(FailableConsumer|FailableRunnbale).
+ Add ExceptionUtils.forEach(Throwable, Consumer<Throwable>).
+ Add ExceptionUtils.stream(Throwable).
+ Add ExceptionUtils.getRootCauseStackTraceList(Throwable).
+ Add SystemUtils.IS_OS_WINDOWS_11.
+ Add SystemUtils.IS_JAVA_16.
+ Add SystemUtils.IS_JAVA_17.
+ Add SystemUtils.IS_JAVA_18.
+ Add SystemUtils.IS_JAVA_19.
+ Add SystemUtils.IS_JAVA_20.
+ Add SystemUtils.IS_JAVA_21.
+ Add ArrayUtils.oneHot(). Fixes LANG-1627.
+ Let ReflectionToStringBuilder only reflect given field names.
Fixes LANG-1662.
+ Add Streams.of(Enumeration<E>).
+ Add Streams.of(Iterable<E>).
+ Add Streams.of(Iterator<E>).
+ Simple support for Optional in ObjectUtils#isEmpty(). Fixes
LANG-1689.
+ Add Processor.Type.getLabel().
+ Add Processor.toString().
+ Add HashCodeBuilder.equals(Object).
+ Add BooleanUtils.values() and forEach().
+ Add ClassPathUtils.packageToPath(String) and pathToPackage(String)
+ Add CalendarUtils#getDayOfYear()
+ Add NumberRange, DoubleRange, IntegerRange, LongRange.
+ Add missing exception javadoc/tests for some null arguments.
+ Add ClassLoaderUtils.getSystemURLs() and getThreadURLs().
+ Add RegExUtils.dotAll() and dotAllMatcher().
+ Add Pair.accept(FailableBiConsumer).
+ Add Pair.apply(FailableBiFunction).
+ Add ReflectionDiffBuilder.setExcludeFieldNames(...) and
DiffExclude a... Fixes LANG-1677.
+ Add and ExceptionUtils.isChecked() and isUnchecked(). Fixes
LANG-1647.
+ Add and use ExceptionUtils.throwUnchecked(throwable).
+ Add LockingVisitors.create(O, ReadWriteLock).
* Fixed bugs:
+ NumberUtils.createNumber() to recognize hex integers prefixed
with +. Fixes LANG-1645.
+ NumberUtils.createNumber() to return requested floating point
type for zero. Fixes LANG-1646.
+ DMI: Random object created and used only once
(DMI_RANDOM_USED_ONLY_ONCE); Better multi-threaded behavior.
+ Redundant Collection operation. Use
Collections.emptyIterator(). Fixes LANG-1646.
+ Make Streams.stream(Collection) null-safe.
+ Allow tests to access java.util classes such as ArrayList in
Java 16. Fixes LANG-1667.
+ OpenJDK 16 Day Period Parsing. Fixes LANG-1669.
+ Update documentation to list correct exception for null array
parameters. Fixes LANG-1663.
+ Fixing reversed Javadoc descriptions in StopWatch.
+ Fix typos in JavaDoc. Fixes LANG-1670.
+ Simplify assertions with equivalent but more simple..
+ Avoid multiple equivalent occurrences of the same expression.
+ Remove redundant initializers.
+ Fix ObjectUtils Javadocs.
+ Make Range constructors more generic. Fixes LANG-1674.
+ Use final and Remove redundant String.
+ Use Set instead of List for checking the contains() method.
+ Javadoc for StringUtils.substringBefore(String str,
int separator) doesn't mention that the separator is an int.
+ Fix NullPointerException in ThreadUtils.getSystemThreadGroup()
when the current thread is stopped.
+ ArrayUtils.toPrimitive(Boolean...) null array elements map to
false, like Boolean.parseBoolean(null) and its callers return
false.
+ StrBuilder.StrBuilderReader.skip(long): Throw an exception
when an implicit narrowing conversion in a compound assignment
would result in information loss or a numeric error such as an
overflows.
+ Deprecate Validate#notNull(Object) in favor of using
Objects#requireNonNull(Object, String).
+ Use TimeZone from calendar in DateFormatUtils. Fixes
LANG-1462.
+ Updating javadoc for NullPointerException when
Validate.notNull() is called.
+ Fixing and adding DateUtils exception Javadocs.
+ Improve performance of StringUtils.unwrap(String, String).
Fixes LANG-1679.
+ Improve performance of StringUtils.join for primitives. Fixes
LANG-1675.
+ Fixed NPE getting Stack Trace if Throwable is null. Fixes
LANG-1675.
+ Make Validate.isAssignableFrom() check null inputs.
+ Fix Javadoc for Validate.isAssignableFrom().
+ Make final mappingFunction variable.
+ Remove unnecessary variable creations.
+ Minor changes.
+ FastDateFormat does not support the 'L'-Pattern from
SimpleDateFormat. Fixes LANG-1680.
+ Increase test coverage of ComparableUtils from 71% to 100%.
+ Increase method test coverage of
MultilineRecursiveToStringStyle.
+ Fix unstable coverage of CharSequenceUtils tests noticed
during merge of PRs 898 and 899.
+ Rewrite Conversion.binaryBeMsb0ToHexDigit to invert logic of
binaryToHexDigit.
+ Allow extension of previously final classes ImmutablePair and
ImmutableTriple.
+ Update ClassUtils Javadoc with some missing throws NPE.
+ Javadoc: StringUtils.repeat("", "x", 3) = "xx";.
+ StringUtils.join(Iterable, String) should only return null
when the Iterable is null.
+ Add tests to increase coverage.
+ Extends Object clauses are redundant.
+ Simplify conditional expression..
+ Fix some Javadoc comments.
+ Deprecate getNanosOfMiili() method with typo and create proper
getNanosOfMilli().
+ Deprecate ThreadUtils code that defines custom function
interfaces in favor of stock java.util.function.Predicate
usage.
+ Fix links in Javadoc and documentation.
+ Deprecate RandomUtils in favor of Apache Commons RNG
UniformRandomProvider. Fixes LANG-1604.
+ Added docs regarding week year support. Fixes LANG-1638.
+ ClassUtils.getShortCanonicalName doesn't use the
canonicalName. Fixes LANG-1691.
+ Validate: Get error messages without using String.format when
varargs is empty.
+ Simplify expression (length is never < 0).
+ Fix simple broken javadoc..
+ Fix typo.
+ Use Objects.requireNonNull() directly.
+ MethodUtils.getMatchingMethod() fails with "Found multiple
candidates". Fixes LANG-1694.
+ Construct ArrayList with better default size. Fixes LANG-1643.
+ ThreadUtilsTest#testThreadGroups will test failed when using
Junit5 parallel test.
+ Swap the order of assertion args (first excepted then actual).
+ Fix the comment of Failable, redundant "-".
+ Fix the comment of ComparableUtils, using "smallest", not
"largest".
+ AnnotationUtilsTest and FormattableUtilsTest Only use static
imports to import assert methods in tests.
+ [LANG-1681] Fix some FieldUtils Javadocs.
+ Remove unnecessary statement in DurationFormatUtils.
+ Corrected value of SystemUtils.JAVA_VENDOR. Fixes LANG-1699.
+ [StepSecurity] ci: Harden GitHub Actions.
+ Update Javadoc for the insert methods in ArrayUtils.
+ Deprecate ExceptionUtils.ExceptionUtils().
+ TypeUtils.getRawType() throws a NullPointerException on
Wildcard GenericArrayType. Fixes LANG-1697.
+ Throw IllegalArgumentException instead of InternalError in the
builder package.
+ Avoid NPE in MutableObject#equals() for null content.
+ SystemUtils fix and updates related to macOS.
- Break cycle with the new bcel
- Removed patch:
* apache-commons-lang3-junit-bom.patch
+ not needed since we install the pom file using the new
%%mvn_install_pom macro which sanitizes the pom file to the
bare runtime dependencies.
- apache2
-
- Apply fix for CVE-2023-45802, bsc#1216423.
Patch file added:
* apache2-CVE-2023-45802.patch
- Apply fix for CVE-2024-40725, bsc#1228097.
Patch file added:
* apache2-CVE-2024-40725.patch
- Apply fix for CVE-2024-39884, bsc#1227353.
Patch file added:
* apache2-CVE-2024-39884.patch
- Apply fix for CVE-2024-38474, bsc#1227278.
Patch file added:
* apache2-CVE-2024-38474.patch
- Apply fix for CVE-2024-38473, bsc#1227276.
Patch files added:
* apache2-CVE-2024-38473-1.patch
* apache2-CVE-2024-38473-2.patch
* apache2-CVE-2024-38473-3.patch
* apache2-CVE-2024-38473-4.patch
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- bcel
-
- Update to version 6.10.0
* 6.10.0 (2024-06-24) Maintenance and bug fix release. Requires
a minimum of Java 8.
+ Fix PMD UnnecessaryFullyQualifiedName.
+ Fix PMD EmptyCatchBlock by allowing commented blocks.
+ Fix PMD EmptyControlStatement by allowing commented blocks.
+ Fix SpotBugs RV_RETURN_VALUE_IGNORED_BAD_PRACTICE in
JasminVisitor.
+ SpotBugs checks should ignore code generated by JavaCC.
+ Fix SpotBugs URF_UNREAD_FIELD in ClassDumper.
+ Fix SpotBugs DM_DEFAULT_ENCODING in JasminVisitor.
+ Fix SpotBugs RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE in
ASTFunAppl.
+ Fix SpotBugs RV_ABSOLUTE_VALUE_OF_HASHCODE in
Mini.Environment.
+ Fix SpotBugs DM_DEFAULT_ENCODING in Mini.MiniC.
+ Fix SpotBugs WMI_WRONG_MAP_ITERATOR in Package.go(String[]).
+ Deprecate TransitiveHull.INGORED in favor of
TransitiveHull.getIgnored().
+ Add accessors to model and unit tests, Javadoc #183.
+ Add Const.MAJOR_22.
+ Add Const.MINOR_22.
+ Add Const.MAJOR_23.
+ Add Const.MINOR_23.
+ Add Const.MAJOR_24.
+ Add Const.MINOR_24.
+ Bump tests from org.assertj:assertj-core 3.25.3 to 3.26.3
[#322], #332.
+ Bump tests from org.jetbrains.kotlin:kotlin-stdlib 1.9.23 to
2.0.0 #309, #318.
+ Bump tests from org.apache.commons:commons-collections4 4.4
to 4.5.0-M2.
+ Bump org.apache.commons:commons-parent from 69 to 71.
+ Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to
3.1.0 #331.
* Includes changes from 6.9.0 Maintenance and bug fix release.
+ Add Support for Java 16 records #290.
+ Add null guard for InstructionFactory.createInvoke() #289.
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.DescendingVisitor.accept(E[]).
+ Avoid possible NullPointerException in
AnnotationEntryGen.getAnnotationAttributes(ConstantPoolGen,
AnnotationEntryGen[]).
+ Avoid possible NullPointerException in
AnnotationEntryGen.copyValues(ElementValuePair[],
ConstantPoolGen, boolean).
+ Avoid possible NullPointerException in
ArrayElementValueGen.ArrayElementValueGen(int,
ElementValue[], ConstantPoolGen).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.setMethods(Method[]).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.unpackAnnotations(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.ClassGen(JavaClass).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.FieldGenOrMethodGen.addAll(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.MethodParameters.setParameters(MethodParameter[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ParameterAnnotations.setParameterAnnotationTable(ParameterAnnotationEntry[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LocalVariableTypeTable.setLocalVariableTable(LocalVariable[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LocalVariableTable.setLocalVariableTable(LocalVariable[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LineNumberTable.setLineNumberTable(LineNumber[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setMethods(Method[] with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setInterfaces(int[]) with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setInterfaceNames(String[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setFields(Field[]) with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setAttributes(Attribute[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ConstantPool.setConstantPool(Constant[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.FieldOrMethod.setAttributes(Attribute[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.Annotations.setAnnotationTable(AnnotationEntry[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ArrayElementValue.ArrayElementValue(int,
ElementValue[], ConstantPool) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethod.BootstrapMethod(int,
int[]) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethod.setBootstrapArguments(int[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethods.BootstrapMethods(int,
int, BootstrapMethod[], ConstantPool) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethods.setBootstrapMethods(BootstrapMethod[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.redirectLocalVariables(LocalVariableGen[],
InstructionHandle, InstructionHandle) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.redirectExceptionHandlers(CodeExceptionGen[],
InstructionHandle, InstructionHandle) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.findHandle(InstructionHandle[],
int[], int, int) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.setArgumentTypes(Type[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.setArgumentNames(String[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.removeRuntimeAttributes(Attribute[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.makeMutableVersion(AnnotationEntry[])
with null.
+ Bump org.apache.commons:commons-parent from 66 to 69 #283,
[#297].
+ Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.22 to 1.9.23
[#284].
+ Bump commons-io:commons-io from 2.15.1 to 2.16.1 #295, #300.
- Update to version 6.8.0
* 6.8.0 (2023-12-08) Maintenance and bug fix release.
+ New features:
~ Add and use InvalidMethodSignatureException extending
ClassFormatException.
~ Increase code coverage in Class2HTMLTestCase with new test
input Java4Example #186.
~ Add verifier tests on some opcodes #180.
~ Added signature test cases for class/method, and bad
signatures #182.
~ Add Const.MAJOR_20.
~ Add Const.MINOR_20.
~ Add Const.MAJOR_21.
~ Add Const.MINOR_21.
~ [Bcelifier] stackmap support to pass JDK verifier #177.
~ Fix SpotBugs [ERROR] Class org.apache.bcel.util.ClassVector
defines non-transient non-serializable instance field vec
[org.apache.bcel.util.ClassVector] In ClassVector.java
SE_BAD_FIELD.
~ Fix SpotBugs [ERROR] Switch statement found in
org.apache.bcel.util.BCELFactory.visitAllocationInstruction(AllocationInstruction)
where one case falls through to the next case
[org.apache.bcel.util.BCELFactory,
org.apache.bcel.util.BCELFactory] At
BCELFactory.java:[lines 188-191]Another occurrence at
BCELFactory.java:[lines 192-196] SF_SWITCH_FALLTHROUGH.
+ Fixed bugs:
~ When parsing an class with an invalid constant reference,
ensure ClassParser.parse() throws ClassFormatException, not
NullPointerException.
~ Ensure that references to a constant pool entry with index
zero trigger a ClassFormatException, not a
NullPointerException.
~ Ensure that references to the unused constant pool entry
after a long/double entry triggers a ClassFormatException,
not a NullPointerException.
~ Test and coverage of InstructionFactory #190.
~ Verifier: test and coverage for SWAP instruction #188.
~ Exception parsing Kotlin class with 'fun `method name with
() in it`()' #205.
~ Fix null pointers in AnnotationEntry #213.
~ Field not found, search field in both super class and
implemented interfaces (5x duplicated code to find field by
name and type is refactored to a new method and now
supports package-private) #181.
~ BCEL-366: Use alternative name for broken classes under
test #220.
~ BCEL-367: Fixes java.lang.IndexOutOfBoundsException for
ATHROW on empty stack #223.
~ BCEL-368: Fixes java.lang.StackOverflowError in
Select#toString(boolean) #229.
~ Fix for type.getType(...) use on non-signature type names
[#221].
~ Fix EmptyVisitorTestCase on Java 21.
+ Changes:
~ Bump commons-parent from 54 to 65 #189, #198, #222.
~ Bump jna.version from 5.12.1 to 5.13.0 #203.
~ Bump kotlin-stdlib from 1.8.10 to 1.9.21 #217, #219, #227,
[#231], #235, #245, #247.
~ Bump commons-io from 2.11.0 to 2.15.1.
~ Bump commons-lang3 from 3.12.0 to 3.14.0.
~ Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to
3.1.1 #246.
- Update to version 6.7.0
* 6.7.0 (2022-11-28) Maintenance and bug fix release.
* 6.6.1 (2022-10-29) Maintenance and bug fix release.
* 6.6.0 (2022-10-08) Minor feature and bug fix release.
* 6.5.0 (2020-06-05) Minor feature and bug fix release.
* 6.4.1 (2019-09-26) Bug fix release.
* 6.4.0 (2019-09-20) Feature and bug fix release.
* 6.3.1 (2019-03-20) Bug fix release
* 6.3 (2019-01-23) Experimental Java 9, 10, 11, 12-EA, and 13-EA
Support
* 6.2 (2017-12-08) Experimental Java 9 Support
* 6.1 (2017-09-14) Experimental Java 9 Support
* 6.0 (2016-07-10) Apache Commons BCEL 6.0 is a major release
supporting the new features introduced in Java 6, 7 and 8. It
requires Java 7 or higher to run.
COMPATIBILITY with 5.2
+ Binary compatible
- not strictly compatible
- The constant interface org.apache.bcel.Constants has been
deprecated. Classes which implemented this interface in 5.2
now use the constants defined in the org.apache.bcel.Const
class.
- The constant interface
org.apache.bcel.generic.InstructionConstants has been
deprecated. Classes which implemented this interface in 5.2
now use the constants defined in the
org.apache.bcel.generic.InstructionConsts class.
- Return type of method 'public java.lang.Object
getElementAt(int)' in org.apache.bcel.verifier
.VerifierFactoryListModel has been changed to
java.lang.String.
- The BCEL classes do no longer implement java.io.Serializable.
+ Source compatible
- Yes, sort of;
- The org.apache.bcel.classfile.Visitor interface has been
enhanced with additional methods. If you implemented it
directly instead of extending the EmptyVisitor class you'll
have to implement the new methods.
- The org.apache.bcel.generic.Visitor interface has been
enhanced with an additional method. If you implemented it
directly instead of extending the EmptyVisitor class you'll
have to implement the new methods.
+ Semantic compatible
- Yes, except:
- BCEL 6.0 handles new attributes such as code annotations
that could only be processed by implementing a custom
AttributeReader in the previous versions. Code relying on
this behavior will have to be adjusted since the
AttributeReader will no longer be called in these cases.
+ For full information about API changes please see the extended
Clirr report: https://commons.apache.org/bcel/clirr-report.html
- Removed patches:
* bcel-5.2-encoding.patch
+ part of our own build.xml file generated to build with ant
* bcel-CVE-2022-42920.patch
+ integrated upstrea
- bind
-
- Update to release 9.16.50
Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737)
[bsc#1228256, bind-9.16-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.16-CVE-2024-1975.patch]
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076)
[bsc#1228258, bind-9.16-CVE-2024-4076.patch]
- binutils
-
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- cups
-
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
which was added in CUPS 2.2.8 that
fixed a parsing bug in cups_auth_find() in cups/auth.c
which lead to cupsd failing to authenticate users
when group membership is required by cupsd configuration
like 'Require user @GROUP' which lead to CUPS related commands
requesting password from group users even if it is not needed
(bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
for what should be ' - ' by ASCII to avoid RPMLINT warning
about 'non-break-space' which "can lead to obscure errors".
- curl
-
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- dracut
-
- Update to version 055+suse.359.geb85610b:
* fix(convertfs): error in conditional expressions (bsc#1228847)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- glib2
-
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- grub2
-
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
SLE-15-SP2 (bsc#1217102)
* add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
* add 0002-ofdisk-add-early_log-support.patch
- Enhancement to PPC secure boot's root device discovery config (bsc#1207230)
- Fix regex for Open Firmware device specifier with encoded commas
* 0002-prep_loadenv-Fix-regex-for-Open-Firmware-device-spec.patch
- Fix regular expression in PPC secure boot config to prevent escaped commas
from being treated as delimiters when retrieving partition substrings.
- Use prep_load_env in PPC secure boot config to handle unset host-specific
environment variables and ensure successful command execution.
* 0004-Introduce-prep_load_env-command.patch
- Refreshed
* 0005-export-environment-at-start-up.patch
- java-11-openjdk
-
- Upgrade to upstream tag jdk-11.0.25+9 (October 2024 CPU)
* Security fixes
+ JDK-8290367, JDK-8332643: Update default value and extend the
scope of com.sun.jndi.ldap.object.trustSerialData system
property
+ JDK-8307383: Enhance DTLS connections
+ JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
+ JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of
vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446, CVE-2024-21217, bsc#1231716: Improve
deserialization support
+ JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph
optimizations
+ JDK-8335713: Enhance vectorization analysis
* Other changes
+ JDK-7124313: [macosx] Swing Popups should overlap taskbar
+ JDK-7156347: javax/swing/JList/6462008/bug6462008.java fails
+ JDK-8078725: method adjustments can be done just once for all
classes involved into redefinition
+ JDK-8205076: [17u] Inet6AddressImpl.c: 'lookupIfLocalHost'
accesses 'int InetAddress.preferIPv6Address' as a boolean
+ JDK-8206440: Remove javac -source/-target 6 from jdk
regression tests
+ JDK-8210338: Better output for GenerationTests.java
+ JDK-8211920: Close server socket and cleanups in
test/jdk/javax/naming/module/RunBasic.java
+ JDK-8222005: ClassRedefinition crashes with: guarantee(false)
failed: OLD and/or OBSOLETE method(s) found
+ JDK-8222884: ConcurrentClassDescLookup.java times out
intermittently
+ JDK-8224081: SOCKS v4 tests require IPv4
+ JDK-8227122: [TESTBUG] Create Docker sidecar test cases
+ JDK-8229822: ThrowingPushPromises tests sometimes fail due to
EOF
+ JDK-8231427: Warning cleanup in tests of java.io.Serializable
+ JDK-8236917: TestInstanceKlassSize.java fails with "The size
computed by SA for java.lang.Object does not match"
+ JDK-8238169: BasicDirectoryModel getDirectories and
DoChangeContents.run can deadlock
+ JDK-8240226: DeflateIn_InflateOut.java test incorrectly
assumes size of compressed file
+ JDK-8242999: HTTP/2 client may not handle CONTINUATION frames
correctly
+ JDK-8244966: Add .vscode to .hgignore and .gitignore
+ JDK-8249097: test/lib/jdk/test/lib/util/JarBuilder.java has a
bad copyright
+ JDK-8249772: (ch) Improve
sun/nio/ch/TestMaxCachedBufferSize.java
+ JDK-8249826: 5 javax/net/ssl/SSLEngine tests use @ignore w/o
bug-id
+ JDK-8251188: Update LDAP tests not to use wildcard addresses
+ JDK-8253207: enable problemlists jcheck's check
+ JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
/FilenameFilterTest.java fails on Mac OS
+ JDK-8255913: Decrease number of iterations in
TestMaxCachedBufferSize
+ JDK-8255969: Improve java/io/BufferedInputStream/
/LargeCopyWithMark.java using jtreg tags
+ JDK-8259274: Increase timeout duration in
sun/nio/ch/TestMaxCachedBufferSize.java
+ JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
/MouseEventAfterStartDragTest.html test failed
+ JDK-8261433: Better pkcs11 performance for
libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
+ JDK-8263031: HttpClient throws Exception if it receives a
Push Promise that is too large
+ JDK-8266149: mark hotspot compiler/startup tests which ignore
VM flags
+ JDK-8266150: mark hotspot compiler/arguments tests which
ignore VM flags
+ JDK-8266153: mark hotspot compiler/onSpinWait tests which
ignore VM flags
+ JDK-8266154: mark hotspot compiler/oracle tests which ignore
VM flags
+ JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java
assumes that GCs take 1ms minimum
+ JDK-8269428: java/util/concurrent/ConcurrentHashMap/
/ToArray.java timed out
+ JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java
fails with Address already in use error
+ JDK-8273135: java/awt/color/ICC_ColorSpace/
/MTTransformReplacedProfile.java crashes in liblcms.dylib with
NULLSeek+0x7
+ JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
/JComponent/6683775/bug6683775.java
+ JDK-8276036: The value of full_count in the message of
insufficient codecache is wrong
+ JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails
intermittently on storage acquisition
+ JDK-8276819: javax/print/PrintServiceLookup/
/FlushCustomClassLoader.java fails to free
+ JDK-8279164: Disable TLS_ECDH_* cipher suites
+ JDK-8279337: The MToolkit is still referenced in a few places
+ JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
/NonfocusableOwnerTest.java failed with "RuntimeException:
Test failed."
+ JDK-8284585: PushPromiseContinuation test fails
intermittently in timeout
+ JDK-8286601: Mac Aarch: Excessive warnings to be ignored for
build jdk
+ JDK-8286781: Replace the deprecated/obsolete gethostbyname
and inet_addr calls
+ JDK-8292044: HttpClient doesn't handle 102 or 103 properly
+ JDK-8294148: Support JSplitPane for instructions and test UI
+ JDK-8294310: compare.sh fails on macos after JDK-8293550
+ JDK-8296410: HttpClient throws java.io.IOException: no
statuscode in response for HTTP2
+ JDK-8298873: Update IllegalRecordVersion.java for changes to
TLS implementation
+ JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
when connection is idle
+ JDK-8299487: Test
java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out
+ JDK-8301189: validate-source fails after JDK-8298873
+ JDK-8303216: Prefer ArrayList to LinkedList in
sun.net.httpserver.ServerImpl
+ JDK-8303965: java.net.http.HttpClient should reset the stream
if response headers contain malformed header fields
+ JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
+ JDK-8305079: Remove finalize() from compiler/c2/Test719030
+ JDK-8305081: Remove finalize() from
test/hotspot/jtreg/compiler/runtime/Test8168712
+ JDK-8305825: getBounds API returns wrong value resulting in
multiple Regression Test Failures on Ubuntu 23.04
+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address
+ JDK-8306060: Open source few AWT Insets related tests
+ JDK-8306432: Open source several AWT Text Component related
tests
+ JDK-8306466: Open source more AWT Drag & Drop related tests
+ JDK-8306489: Open source AWT List related tests
+ JDK-8306566: Open source several clipboard AWT tests
+ JDK-8306850: Open source AWT Modal related tests
+ JDK-8307091: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8307779: Relax the java.awt.Robot specification
+ JDK-8308184: Launching java with large number of jars in
classpath with java.protocol.handler.pkgs system property set
can lead to StackOverflowError
+ JDK-8309934: Update GitHub Actions to use JDK 17 for building
jtreg
+ JDK-8310201: Reduce verbose locale output in -XshowSettings
launcher option
+ JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
+ JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
+ JDK-8314614: jdk/jshell/ImportTest.java failed with
"InternalError: Failed remote listen"
+ JDK-8315422: getSoTimeout() would be in try block in
SSLSocketImpl
+ JDK-8315437: Enable parallelism in
vmTestbase/nsk/monitoring/stress/classload tests
+ JDK-8315442: Enable parallelism in
vmTestbase/nsk/monitoring/stress/thread tests
+ JDK-8315804: Open source several Swing JTabbedPane JTextArea
JTextField tests
+ JDK-8315898: Open source swing JMenu tests
+ JDK-8315965: Open source various AWT applet tests
+ JDK-8316104: Open source several Swing SplitPane and
RadioButton related tests
+ JDK-8316211: Open source several manual applet tests
+ JDK-8316240: Open source several add/remove MenuBar manual
tests
+ JDK-8316285: Opensource JButton manual tests
+ JDK-8316306: Open source and convert manual Swing test
+ JDK-8316328: Test jdk/jfr/event/oldobject/
/TestSanityDefault.java times out for some heap sizes
+ JDK-8316462: sun/jvmstat/monitor/MonitoredVm/
/MonitorVmStartTerminate.java ignores VM flags
+ JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+ JDK-8317039: Enable specifying the JDK used to run jtreg
+ JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+ JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
Press on the outside area didn't cause ungrab
+ JDK-8317316: G1: Make TestG1PercentageOptions use
createTestJvm
+ JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+ JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+ JDK-8317807: JAVA_FLAGS removed from jtreg running in
JDK-8317039
+ JDK-8318039: GHA: Bump macOS and Xcode versions
+ JDK-8320079: The ArabicBox.java test has no control buttons
+ JDK-8320570: NegativeArraySizeException decoding >1G UTF8
bytes with non-ascii characters
+ JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
+ JDK-8320945: problemlist tests failing on latest Windows 11
update
+ JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC
and ZGC
+ JDK-8323670: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8324755: Enable parallelism in
vmTestbase/gc/gctests/LargeObjects tests
+ JDK-8325022: Incorrect error message on client authentication
+ JDK-8325179: Race in BasicDirectoryModel.validateFileCache
+ JDK-8325862: set -XX:+ErrorFileToStderr when executing java
in containers for some container related jtreg tests
+ JDK-8325876: crashes in docker container tests on
Linuxppc64le Power8 machines
+ JDK-8326140: src/jdk.accessibility/windows/native/
/libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp
ReleaseStringChars might be missing in early returns
+ JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java
fails
+ JDK-8327137: Add test for ConcurrentModificationException in
BasicDirectoryModel
+ JDK-8327631: Update IANA Language Subtag Registry to Version
2024-03-07
+ JDK-8327787: Convert javax/swing/border/Test4129681.java
applet test to main
+ JDK-8327840: Automate javax/swing/border/Test4129681.java
+ JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
/GetBoundsResizeTest.java applet test to main
+ JDK-8328110: Allow simultaneous use of PassFailJFrame with
split UI and additional windows
+ JDK-8328115: Convert java/awt/font/TextLayout/
/TestJustification.html applet test to main
+ JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
to automatic main test
+ JDK-8328218: Delete test
java/awt/Window/FindOwner/FindOwner.html
+ JDK-8328234: Remove unused nativeUtils files
+ JDK-8328238: Convert few closed manual applet tests to main
+ JDK-8328269: NonFocusablePopupMenuTest.java should be marked
as headful
+ JDK-8328273: sun/management/jmxremote/bootstrap/
/RmiRegistrySslTest.java failed with
java.rmi.server.ExportException: Port already in use
+ JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
/ClickDuringKeypress.java imports Applet
+ JDK-8328561: test java/awt/Robot/ManualInstructions/
/ManualInstructions.java isn't used
+ JDK-8328953: JEditorPane.read throws ChangedCharSetException
+ JDK-8328999: Update GIFlib to 5.2.2
+ JDK-8329004: Update Libpng to 1.6.43
+ JDK-8329013: StackOverflowError when starting Apache Tomcat
with signed jar
+ JDK-8329103: assert(!thread->in_asgct()) failed during
multi-mode profiling
+ JDK-8329510: Update ProblemList for
JFileChooser/8194044/FileSystemRootTest.java
+ JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
because The End and Start buttons are not placed correctly and
Tab focus does not move as expected
+ JDK-8329995: Restricted access to '/proc' can cause JFR
initialization to crash
+ JDK-8330063: Upgrade jQuery to 3.7.1
+ JDK-8330416: Update system property for Java SE specification
maintenance version
+ JDK-8330523: Reduce runtime and improve efficiency of
KeepAliveTest
+ JDK-8331063: Some HttpClient tests don't report leaks
+ JDK-8331263: Bump update version for OpenJDK: jdk-11.0.25
+ JDK-8331466: Problemlist serviceability/dcmd/gc/
/RunFinalizationTest.java on generic-all
+ JDK-8331746: Create a test to verify that the cmm id is not
ignored
+ JDK-8331798: Remove unused arg of checkErgonomics() in
TestMaxHeapSizeTools.java
+ JDK-8332008: Enable issuestitle check
+ JDK-8332113: Update nsk.share.Log to be always verbose
+ JDK-8332424: Update IANA Language Subtag Registry to Version
2024-05-16
+ JDK-8332524: Instead of printing "TLSv1.3," it is showing
"TLS13"
+ JDK-8332898: failure_handler: log directory of commands
+ JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
/TestDescription.java fails with no GC's recorded
+ JDK-8333724: Problem list security/infra/java/security/cert/
/CertPathValidator/certification/CAInterop.java
[#]teliasonerarootcav1
+ JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
an exception with 0 failures
+ JDK-8333837: [11u] HexPrinterTest.java javac compile fails
illegal start of expression
+ JDK-8333839: [11u] LingeredAppTest.java fails Can't find
source file: LingeredApp.java
+ JDK-8334166: Enable binary check
+ JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
includes elements of JDK-8163327
+ JDK-8334418: Update IANA Language Subtag Registry to Version
2024-06-14
+ JDK-8334653: ISO 4217 Amendment 177 Update
+ JDK-8334711: [TEST_BUG] Compilation failed of
MimeFormatsTest/MimeFormatsTest.java
+ JDK-8335803: SunJCE cipher throws NPE for un-extractable RSA
keys
+ JDK-8336301: test/jdk/java/nio/channels/
/AsyncCloseAndInterrupt.java leaves around a FIFO file upon
test completion
+ JDK-8336928: GHA: Bundle artifacts removal broken
+ JDK-8337664: Distrust TLS server certificates issued after
Oct 2024 and anchored by Entrust Root CAs
+ JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
are inconsistent with their setVerbose methods
+ JDK-8341057: Add 2 SSL.com TLS roots
+ JDK-8341059: Change Entrust TLS distrust date to November 12,
2024
+ JDK-8341675: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25
- Added patches:
* reproducible-directory-mtime.patch
+ if present, use SOURCE_DATE_EPOCH as timestamp for newly
created directories
* reproducible-search-index-files.patch
+ if present, use SOURCE_DATE_EPOCH as timestamp for the search
index zip files created by javadoc
- kernel-default
-
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
Delete
patches.suse/ibmvfc-make-max_sectors-a-module-option.patch.
- commit 13d3e25
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272 bsc#1231016).
- commit d8ddf61
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 09526c9
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0515c56
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit 4537dc0
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- blacklist.conf: update blacklist
- commit 401873a
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit 0a4b370
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- scsi: smartpqi: Expose SAS address for SATA drives
(bsc#1223958).
- commit 6711c21
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
Add CVE references.
- commit 637c320
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 314f719
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- btrfs: sysfs: update fs features directory asynchronously
(bsc#1226168).
- commit 97cd90c
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 81484ec
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- commit 586db1a
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 8f44f81
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 810053d
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit 205cc4c
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit e2c5917
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-being-des.patch
(bsc#1223635 (CVE-2024-26976) CVE-2024-26976).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/vfio-fsl-mc-Block-calling-interrupt-handler-without-trigge.patch
(bsc#1222810 (CVE-2024-26814) CVE-2024-26814).
- Update
patches.suse/vfio-platform-Create-persistent-IRQ-handlers.patch
(bsc#1222809 (CVE-2024-26813) CVE-2024-26813).
- commit 39eeeb9
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/virtio-blk-fix-implicit-overflow-on-virtio_max_dma_size.patch
(bsc#1225573 (CVE-2023-52762) CVE-2023-52762).
- commit 3784f34
- Update
patches.suse/HID-hid-thrustmaster-fix-OOB-read-in-thrustmaster_in.patch
(git-fixes CVE-2022-48866 bsc#1228014).
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/KVM-x86-nSVM-fix-potential-NULL-derefernce-on-nested.patch
(git-fixes CVE-2022-48793 bsc#1228019).
- Update
patches.suse/NFC-port100-fix-use-after-free-in-port100_send_compl.patch
(git-fixes CVE-2022-48857 bsc#1228005).
- Update
patches.suse/NFSD-Fix-NFSv3-SETATTR-CREATE-s-handling-of-large-fi.patch
(git-fixes CVE-2022-48829 bsc#1228055).
- Update patches.suse/NFSD-Fix-ia_size-underflow.patch (git-fixes
CVE-2022-48828 bsc#1228054).
- Update
patches.suse/NFSD-Fix-the-behavior-of-READ-near-OFFSET_MAX.patch
(bsc#1195957 CVE-2022-48827 bsc#1228037).
- Update
patches.suse/SUNRPC-lock-against-sock-changing-during-sysfs-read.patch
(bsc#1194324 CVE-2022-48816 bsc#1228038).
- Update
patches.suse/can-isotp-fix-potential-CAN-frame-reception-race-in-.patch
(git-fixes CVE-2022-48830 bsc#1227982).
- Update
patches.suse/cfg80211-fix-race-in-netlink-owner-interface-destruc.patch
(git-fixes CVE-2022-48784 bsc#1227938).
- Update
patches.suse/dmaengine-ptdma-Fix-the-error-handling-path-in-pt_co.patch
(git-fixes CVE-2022-48774 bsc#1227923).
- Update
patches.suse/drm-amdgpu-bypass-tiling-flag-check-in-virtual-displ.patch
(git-fixes CVE-2022-48849 bsc#1228061).
- Update
patches.suse/drm-vc4-Fix-deadlock-on-DSI-device-attach-error.patch
(git-fixes CVE-2022-48826 bsc#1227975).
- Update
patches.suse/drm-vrr-Set-VRR-capable-prop-only-if-it-is-attached-.patch
(git-fixes CVE-2022-48843 bsc#1228066).
- Update
patches.suse/eeprom-ee1004-limit-i2c-reads-to-I2C_SMBUS_BLOCK_MAX.patch
(git-fixes CVE-2022-48806 bsc#1227948).
- Update
patches.suse/ethernet-Fix-error-handling-in-xemaclite_of_probe.patch
(git-fixes CVE-2022-48860 bsc#1228008).
- Update
patches.suse/fs-proc-task_mmu.c-don-t-read-mapcount-for-migration-entry.patch
(CVE-2023-1582 bsc#1209636 CVE-2022-48802 bsc#1227942).
- Update
patches.suse/gianfar-ethtool-Fix-refcount-leak-in-gfar_get_ts_inf.patch
(git-fixes CVE-2022-48856 bsc#1228004).
- Update patches.suse/iavf-Fix-hang-during-reboot-shutdown.patch
(jsc#SLE-18385 CVE-2022-48840 bsc#1227990).
- Update
patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch
(bsc#1195668 ltc#195811 CVE-2022-48811 bsc#1227928).
- Update
patches.suse/ice-Fix-KASAN-error-in-LAG-NETDEV_UNREGISTER-handler.patch
(git-fixes CVE-2022-48807 bsc#1227970).
- Update
patches.suse/ice-Fix-race-condition-during-interface-enslave.patch
(git-fixes CVE-2022-48842 bsc#1228064).
- Update
patches.suse/ice-fix-NULL-pointer-dereference-in-ice_update_vsi_t.patch
(jsc#SLE-18375 CVE-2022-48841 bsc#1227991).
- Update
patches.suse/iio-buffer-Fix-file-related-error-handling-in-IIO_BU.patch
(git-fixes CVE-2022-48801 bsc#1227956).
- Update
patches.suse/ima-fix-reference-leak-in-asymmetric_verify.patch
(git-fixes CVE-2022-48831 bsc#1227986).
- Update
patches.suse/iommu-Fix-potential-use-after-free-during-probe
(git-fixes CVE-2022-48796 bsc#1228028).
- Update patches.suse/iwlwifi-fix-use-after-free.patch
(bsc#1197762 git-fixes CVE-2022-48787 bsc#1227932).
- Update
patches.suse/mISDN-Fix-memory-leak-in-dsp_pipeline_build.patch
(git-fixes CVE-2022-48863 bsc#1228063).
- Update
patches.suse/misc-fastrpc-avoid-double-fput-on-failed-usercopy.patch
(git-fixes CVE-2022-48821 bsc#1227976).
- Update
patches.suse/mm-don-t-try-to-NUMA-migrate-COW-pages-that-have-other-uses.patch
(git fixes (mm/numa) CVE-2022-48797 bsc#1228035).
- Update
patches.suse/mm-vmscan-remove-deadlock-due-to-throttling.patch
(bsc#1195357 CVE-2022-48800 bsc#1227954).
- Update
patches.suse/msft-hv-2515-Drivers-hv-vmbus-Fix-memory-leak-in-vmbus_add_channe.patch
(git-fixes CVE-2022-48775 bsc#1227924).
- Update
patches.suse/mtd-parsers-qcom-Fix-kernel-panic-on-skipped-partiti.patch
(git-fixes CVE-2022-48777 bsc#1227922).
- Update
patches.suse/mtd-parsers-qcom-Fix-missing-free-for-pparts-in-clea.patch
(git-fixes CVE-2022-48776 bsc#1227925).
- Update
patches.suse/mtd-rawnand-gpmi-don-t-leak-PM-reference-in-error-pa.patch
(git-fixes CVE-2022-48778 bsc#1227935).
- Update
patches.suse/net-dsa-ar9331-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48817 bsc#1227931).
- Update
patches.suse/net-dsa-bcm_sf2-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48815 bsc#1227933).
- Update
patches.suse/net-dsa-felix-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48813 bsc#1227963).
- Update
patches.suse/net-dsa-lantiq_gswip-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48812 bsc#1227971).
- Update
patches.suse/net-dsa-lantiq_gswip-fix-use-after-free-in-gswip_rem.patch
(git-fixes CVE-2022-48783 bsc#1227949).
- Update
patches.suse/net-dsa-mv88e6xxx-don-t-use-devres-for-mdiobus.patch
(git-fixes CVE-2022-48818 bsc#1228039).
- Update
patches.suse/net-dsa-seville-register-the-mdiobus-under-devres.patch
(git-fixes CVE-2022-48814 bsc#1227944).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-marvell-prestera-Add-missing-of_node_put-in-pres.patch
(git-fixes CVE-2022-48859 bsc#1228007).
- Update
patches.suse/net-mlx5-Fix-a-race-on-command-flush-flow.patch
(git-fixes CVE-2022-48858 bsc#1228006).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-smc-Avoid-overwriting-the-copies-of-clcsock-callback-functions
(git-fixes CVE-2022-48780 bsc#1227995).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 bsc#1202686 CVE-2022-2964
CVE-2022-48805 bsc#1227969).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48790
bsc#1227941).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48788
bsc#1227952).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1193787 bsc#1197146 bsc#1193554 CVE-2022-48789
bsc#1228000).
- Update
patches.suse/perf-Fix-list-corruption-in-perf_cgroup_switch.patch
(git fixes CVE-2022-48799 bsc#1227953).
- Update
patches.suse/phy-stm32-fix-a-refcount-leak-in-stm32_usbphyc_pll_e.patch
(git-fixes CVE-2022-48820 bsc#1227972).
- Update
patches.suse/phy-ti-Fix-missing-sentinel-for-clk_div_table.patch
(git-fixes CVE-2022-48803 bsc#1227965).
- Update
patches.suse/s390-cio-verify-the-driver-availability-for-path_event-call
(bsc#1195927 LTC#196420 CVE-2022-48798 bsc#1227945).
- Update
patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing.patch
(git-fixes CVE-2022-48835 bsc#1228060).
- Update patches.suse/scsi-myrs-Fix-crash-in-error-case.patch
(git-fixes CVE-2022-48824 bsc#1227964).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-SSP-STP-sas_task.patch
(git-fixes CVE-2022-48792 bsc#1228013).
- Update
patches.suse/scsi-pm8001-Fix-use-after-free-for-aborted-TMF-sas_task.patch
(git-fixes CVE-2022-48791 bsc#1228002).
- Update
patches.suse/scsi-qedf-Add-stag_work-to-all-the-vports.patch
(git-fixes CVE-2022-48825 bsc#1228056).
- Update
patches.suse/scsi-qedf-Fix-refcount-issue-when-LOGO-is-received-during-TMF.patch
(git-fixes CVE-2022-48823 bsc#1228045).
- Update
patches.suse/staging-gdm724x-fix-use-after-free-in-gdm_lte_rx.patch
(git-fixes CVE-2022-48851 bsc#1227997).
- Update
patches.suse/swiotlb-fix-info-leak-with-DMA_FROM_DEVICE.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update patches.suse/usb-f_fs-Fix-use-after-free-for-epfile.patch
(git-fixes CVE-2022-48822 bsc#1228040).
- Update
patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch
(git-fixes CVE-2022-48838 bsc#1227988).
- Update
patches.suse/usb-gadget-rndis-prevent-integer-overflow-in-rndis_s.patch
(git-fixes CVE-2022-48837 bsc#1227987).
- Update
patches.suse/usb-usbtmc-Fix-bug-in-pipe-direction-for-control-tra.patch
(git-fixes CVE-2022-48834 bsc#1228062).
- Update
patches.suse/vdpa-fix-use-after-free-on-vp_vdpa_remove.patch
(git-fixes CVE-2022-48861 bsc#1228009).
- Update
patches.suse/vhost-fix-hung-thread-due-to-erroneous-iotlb-entries.patch
(git-fixes CVE-2022-48862 bsc#1228010).
- Update
patches.suse/vsock-remove-vsock-from-connected-table-when-connect.patch
(git-fixes CVE-2022-48786 bsc#1227996).
- Update
patches.suse/vt_ioctl-fix-array_index_nospec-in-vt_setactivate.patch
(git-fixes CVE-2022-48804 bsc#1227968).
- Update patches.suse/watch_queue-Fix-filter-limit-check.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-48847 bsc#1227993).
- Update
patches.suse/xprtrdma-fix-pointer-derefs-in-error-cases-of-rpcrdm.patch
(git-fixes CVE-2022-48773 bsc#1227921).
- commit e328ee7
- Update
patches.suse/net-sunrpc-fix-reference-count-leaks-in-rpc_sysfs_xp.patch
(git-fixes CVE-2021-47624 bsc#1227920).
- Update
patches.suse/scsi-ufs-Fix-a-deadlock-in-the-error-handler.patch
(git-fixes CVE-2021-47622 bsc#1227917).
- commit f2d923e
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit c8086f4
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8837200
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit e2a1614
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit 51a7eb4
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 10bbd80
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 724dd5c
- ASoC: topology: Fix references to freed memory (CVE-2024-41069
bsc#1228644).
- commit 44dd0c7
- Update
patches.suse/ext2-Avoid-reading-renamed-directory-if-parent-does-.patch
(bsc#1221044 CVE-2023-52591 bsc#1228440).
- commit d21f810
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit cfc2db1
- dmaengine: idxd: Fix possible Use-After-Free in
irq_process_work_list (CVE-2024-40956 bsc#1227810).
- commit 3632d87
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit edabc6f
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- commit e64bcfc
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit e559e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit 07b8b4e
- drm/amdkfd: don't allow mapping the MMIO HDP page with large
pages (CVE-2024-41011 bsc#1228115).
- commit ff8f843
- 9p: add missing locking around taking dentry fid list (bsc#1227090, CVE-2024-39463).
- commit c58a66f
- sch_cake: do not call cake_destroy() from cake_init()
(CVE-2021-47598 bsc#1226574).
- commit d533b8e
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- commit 610d469
- Update
patches.suse/powerpc-pseries-iommu-LPAR-panics-during-boot-up-wit.patch
(bsc#1222011 ltc#205900 CVE-2024-36926 bsc#1225829).
- commit 1ec0d1e
- Update
patches.suse/perf-x86-intel-pt-Fix-crash-with-stop-filters-in-single-range-mode.patch
(git fixes CVE-2022-48713 bsc#1227549).
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226758 CVE-2024-38559 bsc#1226785).
- Update
patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
CVE-2024-26800 bsc#1222728).
- commit 329a684
- vfio/fsl-mc: Block calling interrupt handler without trigger
(bsc#1222810 CVE-2024-26814).
- commit 520ae3c
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (bsc#1223635 CVE-2024-26976).
- commit c5ed396
- virtio-blk: fix implicit overflow on virtio_max_dma_size
(bsc#1225573 CVE-2023-52762).
- commit 4296dc1
- vfio/platform: Create persistent IRQ handlers (bsc#1222809
CVE-2024-26813).
- commit a8290e8
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes CVE-2024-35901 bsc#1224495).
- commit 9db7ad0
- Update patches.suse/net-tls-factor-out-tls_-crypt_async_wait.patch.
- fix build warning
- commit 01715f7
- powerpc/pseries: Fix scv instruction crash with kexec
(bsc#1194869 CVE-2024-42230).
- powerpc/kasan: Disable address sanitization in kexec paths
(bsc#1194869 CVE-2024-42230).
- commit c9d175f
- kernel-binary: vdso: Own module_dir
- commit ff69986
- Update
patches.suse/scsi-qedf-Ensure-the-copied-buf-is-NUL-terminated.patch
(bsc#1226785 CVE-2024-38559).
Fixed incorrect bug reference.
- commit e3b8fb6
- net/dcb: check for detached device before executing callbacks
(bsc#1215587).
- commit 9c27e1c
- kABI: rtas: Workaround false positive due to lost definition
(bsc#1227487).
- commit fb8a8f3
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 9648fb4
- tls: fix use-after-free on failed backlog decryption
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: separate no-async decryption request handling from async
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: decrement decrypt_pending if no async completion will be
called (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: handle backlogging of crypto requests (CVE-2024-26584
bsc#1220186).
- tls: fix race between tx work scheduling and socket close
(CVE-2024-26585 bsc#1220187).
- tls: fix race between async notify and socket close
(CVE-2024-26583 bsc#1220185).
- net: tls: factor out tls_*crypt_async_wait() (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- net: tls: fix async vs NIC crypto offload (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: use async as an in-out argument (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: assume crypto always calls our callback (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't track the async count (CVE-2024-26583
CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: simplify async wait (CVE-2024-26583 CVE-2024-26584
bsc#1220185 bsc#1220186).
- tls: rx: wrap decryption arguments in a structure
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: don't report text length from the bowels of decrypt
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- tls: rx: drop unnecessary arguments from tls_setup_from_iter()
(CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186).
- commit 63dd4a4
- Delete
patches.suse/tls-fix-race-between-tx-work-scheduling-and-socket-c.patch.
Will be replaced with a refreshed version once all conflicting new patches are in.
- commit a0fa0a3
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Don't re-read the entire page cache to find the next cookie
(bsc#1226662).
- commit a10cc0e
- jfs: xattr: fix buffer overflow for invalid xattr
(bsc#1227383).
- commit 33e2d96
- apr
-
- security update
- added patches
fix CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
+ apr-CVE-2023-49582.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- libmodulemd
-
- Build python bindings for all pythons (jsc#PED-6218)
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- postgresql16
-
- Upgrade to 16.4 (bsc#1229013):
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
during pg_dump executes arbitrary SQL
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
* https://www.postgresql.org/docs/release/16.4/
- python3
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- libzypp
-
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- postgresql
-
- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.
- postgresql14
-
- Upgrade to 14.13 (bsc#1229013):
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
during pg_dump executes arbitrary SQL
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
* https://www.postgresql.org/docs/release/14.13/
- protobuf
-
- Build the java part with maven, so that we create artifacts
that correspond to upstream distributed ones.
- Add maven artifact metadata to the protoc binary
- Package also the bom and pom artifacts
- Add patch to fix StackOverflow vulnerability in Protocol Buffers
* CVE-2024-7254.patch (bsc#1230778, CVE-2024-7254)
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-dmidecode
-
- Update to the upstream release 3.12.3 (bsc#1229855):
- consolidation of previous git commits
- support SMBIOS3.3.0
- Remove upstreamed huge-memory.patch
- Remove upstreamed fix-memory-Type-Detail-map-size.patch
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- salt
-
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- zypp-plugin
-
- Fix stomp header regex to include '-' (bsc#1227793)
- version 0.6.4
- singlespec in Tumbleweed must support multiple python3 flavors
in the future gh#openSUSE/python-rpm-macros#66
- Provide python3-zypp-plugin down to SLE12 (bsc#1081596)
- Provide python3-zypp-plugin in SLE12-SP3 (bsc#1081596)
- regionServiceClientConfigGCE
-
- Version 4.2.0 (jsc#PCT-361)
+ Add IPv6 certs to supprt access of the update infrastructure via
IPv6 on GCE instances.
- Update to version 4.1.0 (bsc#1217538)
+ Replace 162.222.182.90 and 35.187.193.56 (length 4096):
rgnsrv-gce-asia-northeast1 -> 162.222.182.90 expires in 9 years
rgnsrv-gce-us-central1 -> 35.187.193.56 expires in 10 years
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- wget
-
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xalan-j2
-
- Use SOURCE_DATE_EPOCH for reproducible builds
- Split into two _multibuild flavours to avoid use of binary jars
and prevent build cycles
- Fetch the sources from git and clean the tarball of binary jars
- Modified patches:
* openjdk-build.patch
* xalan-j2-crosslink.patch
* xalan-j2-manifest.patch
* xalan-j2-noxsltcdeps.patch
+ adapt to different line-endings and to slightly changed
context
- Use %patch -P N instead of deprecated %patchN.
- Update to upstream version 2.7.3
* Java 8 requirement
+ This XalanJ release, requires users to use Java minimum
version 8 for working with XalanJ.
* Fix for CVE-2022-34169 (bsc#1201684) An integer truncation issue
when processing malicious XSLT stylesheets
+ This issue was fixed within XalanJ's XSLTC processor. This
XalanJ issue, when present causes following problems:
Malicious XSLT stylesheets may be written, which could result
in XalanJ invalid translet Java byte code to be produced by
XalanJ XSLTC processor. The XalanJ translet is a Java byte
code compiled representation, of an XSLT transformation.
* Upgrade to Apache Commons BCEL 6.7.0
+ This XalanJ release, contains upgraded version of Apache
Commons BCEL library.
* Enhancements for, performing XalanJ build and running of XalanJ
tests from source distribution
+ The XalanJ users, can now make XalanJ builds and perform
XalanJ tests from the XalanJ source distribution. The XalanJ
build scripts for the implementation and the tests, both for
the Windows and Linux platforms, were enhanced to support
building XalanJ with JDK 1.8.
* Upgrade to Xerces-J 2.12.2
+ This XalanJ release, contains upgraded versions of
xercesImpl.jar and xml-apis.jar (Xerces-J 2.12.2).
- Modified patches:
* openjdk-build.patch
* xalan-j2-manifest.patch
+ rediff to changed context
- xen
-
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- bsc#1228201 - [Baremetal][sles15sp4][guest migration] xl
migration fail , guest not shutdown.
This also fixes, bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86:
Native Branch History Injection (XSA-456)
661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb7316-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
- Drop xsa458.patch in favor of upstream version (bsc#1227355)
669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
- xerces-j2
-
- Simplify the spec file: remove old macros
- Use %patch -P N instead of deprecated %patchN.
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74