- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- Add CVE fixes:
+ glib2-CVE-2025-13601-1.patch, glib2-CVE-2025-13601-2.patch
(bsc#1254297 CVE-2025-13601 glgo#GNOME/glib#3827).
+ glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch,
glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087
glgo#GNOME/glib#3834).
+ glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512
glgo#GNOME/glib#3845).
- google-guest-configs
-
- Update to version 20260116.00 (bsc#1256906)
* set_multiqueue: Only set XPS on "multinic accelerator platforms"
- Update to version 20260112.00
* Make c4x a "multinic accelerator platform"
* Merge pull request #140 from a-r-n:xps-many-numa
* set_multiqueue xps: stop assuming 2 numa nodes
* Merge pull request #137 from a-r-n:a4x-pick
* Add IDPF irq setting; improve a4x-max performance
* Merge pull request #133 from a-r-n:master
* Allow test injection of the root directory and metadata server endpoint
* add nic naming support for connextx VF in baremetal
* bugfix for idpf only rename got skipped.
* add a4x-max to google_set_multiqueue is_multinic_accelerator_platform
* remove unnecessary link up and down
* fix inconsistent NIC index between smart NICs and GPU NICs.
- Mark %{_modprobedir}/gce-blacklist.conf as %config(noreplace) (bsc#1198323)
- Update to version 20251014.00
* No public description
- Update to version 20250913.00
* Swap guest-config rule from checking the build VM OS to taking
in a variable for target version
- from version 20250905.00
* No public description
- from version 20250826.00
* Merge pull request #119 from bk202:master
* Moved tx/rx IRQ logging after assignment
* Fix core assignment in set_irq_range
* Correct IRQ tx/rx affinity core assignment
- Update to version 20250807.00
* Merge pull request #96 from rjschwei:noDupMetaData
* Avoid duplicate entries for the metadata server in /etc/hosts
- Drop ggc-no-dup-metasrv-entry.patch, merged upstream
- Update to version 20250709.00
* Add comments in scripts to document the behavior in google
hostname setting.
* Always use primary NIC IP for NetworkManager dispatcher hook.
- from version 20250626.00
* Fix spelling error: "explicilty" -> "explicitly"
- Update to version 20250605.00
* Merge pull request (#112) from bk202:liujoh_416067717
* Added comment to the bitmap conversion functions
* Remove IRQ affinity overwrite to XPS affinity
* Update XPS affinity to assign the remaining unassigned CPUs
to the last queue when populating the last queue
* Fix set_xps_affinity to correctly parse cpus array
* Update XPS CPU assignment logic
* Update CPU assignment algorithm in XPS affinity
* Remove commented code
* Update XPS affinity vCPU distribution algorithm s.t. the vCPUs assigned
to a queue are on the same core - fixed IRQ affinity on NUMA1 not using
the correct bind_cores_index
* Fixed NUMA comparison error in set_xps_affinity
* Update XPS affinity setup to be NUMA aware and support 64 bit CPU mask
calculation
- from version 20250604.00
* Merge pull request (#114) from bk202:liujoh_irq_affinity_bug_fix
* Bug fix: bind_cores_begin -> bind_cores_index
* Name smart NICs in lexicographic order
- Run %postun to modify %{_sysconfdir}/sysconfig/network/ifcfg-eth0
during uninstall only to avoid removal of POST_UP_SCRIPT on upgrade
- Check that %{_sysconfdir}/sysconfig/network/ifcfg-eth0 actually
exists before making any modifications to it (bsc#1241112)
- Update to version 20250516.00
* Merge pull request #109 from xiliuxyz:master
* Remove unused fset
* Remove unused lines
* Update google_set_multiqueue to unpack IRQ ranges before core assignment
- Update to version 20250501.00
* Configure local domain as route only domain to support cloud dns local
domain but avoid adding it to the search path.
- from version 20250409.00
* Change RDMA test condition to ensure renaming race conditions can be
detected. If such a case is detected the script will err and exit rather
than returning a name. Udev accepts this and continues as though the rule
was not triggered in such a case.
- from version 20250328.00
* Merge pull request #105 from dorileo:revert-ubuntu-hostname-hooks
* Revert "Include systemd-networkd hook in Ubuntu packaging (#77)"
- from version 20250326.00
* Merge pull request #104 from xiliuxyz:master
* Merge pull request #1 from xiliuxyz/xiliuxyz-patch-1
* Update google_set_multiqueue to check pnic_ids
- from version 20250221.00
* Merge pull request #103 from a-r-n:master
* Make google_set_multiqueue aware A4X is multinic_accelerator_platform
- from version 20250207.00
* Merge pull request #102 from xiliuxyz:master
* Update google_set_multiqueue to adapt A4 platform
* Merge branch 'GoogleCloudPlatform:master' into master
* Fix IS_A3_PLATFORM syntax
* Fix IS_A3_PLATFORM syntax
* Correct IS_A3_PLATFORM to save is_a3_platform results
* Remove excess empty line.
* Store is_a3_platform results into a global variable to avoid redundant curl calls
* Skip tx affinity binding on non-gvnic interfaces only on A3 platforms.
* Skip tx affinity binding on non-gvnic interfaces
* Update comments for get_vcpu_ranges_on_accelerator_platform
to reflect the expected vcpu ranges
* rename get_vcpu_ranges to get_vcpu_ranges_on_accelerator_platform
* Avoid IRQ binding on vCPU 0
* Fix returned value for get_vcpu_ranges
* Update get_vcpu_ranges to read from sys file instead of hardcoded value
* Update google_set_multiqueue
* Update google_set_multiqueue to set vCPU ranges based on platform
* Merge branch 'GoogleCloudPlatform:master' into master
* Add comment for handling IRQ binding on non-gvnic devices
* Remove excess empty line.
* Update is_gvnic to include gvnic driver checks
* Merge branch 'master' into master
* revert removed echo lines
* Update google_set_multiqueue to skip set_irq if nic is not a gvnic device.
* Update google_set_multiqueue to enable on A3Ultra family
- from version 20250124.00
* Merge pull request #88 from zmarano:nvme
* Fix missing files. This is a no-op.
* No public description
* Also force virtio_scsi.
- from version 20250116.00
* Add GPL-2 to licensing information (#98)
- from version 20250107.00
* Restore IDPF devices for renaming rules (#95)
- from version 20241213.00
* Remove Pat from owners file. (#97)
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- grub2
-
- Optimize PBKDF2 to reduce the decryption time (bsc#1248516)
* 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
* 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
* 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
- expat
-
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- python311:base
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- systemd
-
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 8bbac1d508acb8aa4e7262f47c7f4076b8350f72
8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- libxml2
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libzypp
-
- Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros.
See the ZYPP.CONF(5) man page for details.
- Fix runtime check for broken rpm --runposttrans (bsc#1257068)
- version 17.38.2 (35)
- Avoid libcurl-mini4 when building as it does not support ftp
protocol.
- Translation: updated .pot file.
- version 17.38.1 (35)
- zypp.conf: follow the UAPI configuration file specification
(PED-14658)
In short terms it means we will no longer ship an
/etc/zypp/zypp.conf, but store our own defaults in
/usr/etc/zypp/zypp.conf. The systems administrator may choose to
keep a full copy in /etc/zypp/zypp.conf ignoring our config file
settings completely, or - the preferred way - to overwrite
specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files.
See the ZYPP.CONF(5) man page for details.
- cmake: correctly detect rpm6 (fixes #689)
- Use 'zypp.tmp' as temp directory component to ease setting up
SELinux policies (bsc#1249435)
- zyppng: Update Provider to current MediaCurl2 download
approach, drop Metalink ( fixes #682 )
- version 17.38.0 (35)
- podman
-
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- python-urllib3
-
- Add security patches:
* CVE-2025-66471.patch (bsc#1254867)
* CVE-2025-66418.patch (bsc#1254866)
- python311
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- proxy-httpd-image
-
n/a
- proxy-salt-broker-image
-
n/a
- proxy-squid-image
-
n/a
- proxy-ssh-image
-
n/a
- proxy-tftpd-image
-
n/a
- suseconnect-ng
-
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.