- aaa_base
-
- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
to actually apply
- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
* fix the issues from bsc#1107342 and bsc#1215434 and just
use the settings from update-alternatives to set JAVA_HOME
- antlr3
-
- Remove dependency on maven2
- Added patches:
* reproducible-order.patch
+ ensure reproducible elements order by sorting
* reproducible-timestamp.patch
+ support SOURCE_DATE_EPOCH for generatedTimestamp
- Modified patch:
* antlr3-generated_sources.patch
+ regenerate in cycle with stringtemplate4 to correspond to
the reproducible build changes
- Override build date (boo#1047218)"
- apache-commons-daemon
-
- Update to 1.3.4:
* Procrun. Configured stack size now applies to the main thread
when running in JVM mode. Fixes DAEMON-451.
* Procrun. If the specified log directory does not exist, attempt
to create any missing parent directories, as well as the
specified directory, when the service starts. Fixes DAEMON-452.
* Procrun. Allow Windows service dependencies to be managed by
Procrun or by 'sc config ...'. Fixes DAEMON-458.
* jsvc. Fix DaemonController.reload() only working the first time
it is called. Fixes DAEMON-459. Thanks to Klaus Malorny.
* jsvc. Remove incorrent definition 'supported_os' which defined
in psupport.m4 file to fix jsvc build error on riscv64.
* Bump commons-parent from 54 to 57 #71, #91.
- Update to 1.3.3:
* Fixes:
- Procrun. Follow-up to ensure all child processes are cleaned
up if the service does not stop cleanly.
- Procrun. Fix creation of duplicate ACL entries on some
Windows platforms.
* Updates:
- Bump actions/cache from 3.0.8 to 3.0.11.
- Bump actions/checkout from 3.0.2 to 3.1.0.
- Bump actions/setup-java from 3.5.1 to 3.6.0.
- Bump spotbugs-maven-plugin from 4.7.2.0 to 4.7.3.0.
- azure-cli
-
- Add missing python3-azure-mgmt-resource dependency to Requires (bsc#1201870)
- Extend %check section to test individual az commands
+ Determine current list of available az commands
+ Ignore sub-commands for now
+ Iterate over all commands and run az --help
+ Print OK or FAIL depending on the result for each call
+ Make failures non-fatal for now
- cloud-init
-
- Move fdupes call back to %install (boo#1214169)
- Update to version 23.3 (bsc#1216011, bsc#1215794, bsc#1215740)
+ Remove patches included upstream:
- cloud-init-fix-ca-test.patch
- cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
- cloud-init-power-rhel-only.patch
- cloud-init-flake8-fixes.patch
+ Add
- cloud-init-keep-flake.patch
- cloud-init-lint-fixes.patch
+ Update
- cloud-init-write-routes.patch (bsc#1216007)
+ Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
+ Fix cc_keyboard in mantic (LP: #2030788)
+ ec2: initialize get_instance_userdata return value to bytes (#4387)
[Noah Meyerhans]
+ cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
+ Fix pip-managed ansible
+ status: treat SubState=running and MainPID=0 as service exited
+ azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
+ collect-logs fix memory usage (SC-1590) (#4289)
[Alec Warren] (LP: #1980150)
+ cc_mounts: Use fallocate to create swapfile on btrfs (#4369) [王煎饼]
+ Undocument nocloud-net (#4318)
+ feat(akamai): add akamai to settings.py and apport.py (#4370)
+ read-version: fallback to get_version when git describe fails (#4366)
+ apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
+ integration tests: Pass username to pycloudlib (#4324)
+ Bump pycloudlib to 1!5.1.0 (#4353)
+ cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
[dermotbradley]
+ analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić]
+ cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić]
+ subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić]
+ cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić]
+ util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić]
+ cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić]
+ unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
(#4328) [Ani Sinha]
+ Fix test_tools.py collection (#4315)
+ cc_keyboard: add Alpine support (#4278) [dermotbradley]
+ Flake8 fixes (#4340) [Robert Schweikert]
+ cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127)
+ ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281)
[Wei Zhou]
+ ec2: Support double encoded userdata (#4276) [Noah Meyerhans]
+ cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić]
+ tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
[Chris Patterson]
+ change openEuler to openeuler and fix some bugs in openEuler (#4317)
[sxt1001]
+ Replace flake8 with ruff (#4314)
+ NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
(#4291) [Ani Sinha]
+ cc_ssh_import_id: add Alpine support and add doas support (#4277)
[dermotbradley]
+ sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539)
+ Added support for Akamai Connected Cloud (formerly Linode) (#4167)
[Will Smith]
+ Fix reference before assignment (#4292)
+ Overhaul module reference page (#4237) [Sally]
+ replaced spaces with commas for setting passenv (#4269) [Alec Warren]
+ DS VMware: modify a few log level (#4284) [PengpengSun]
+ tools/read-version refactors and unit tests (#4268)
+ Ensure get_features() grabs all features (#4285)
+ Don't always require passlib dependency (#4274)
+ tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
+ Fix NoCloud kernel commandline key parsing (#4273)
+ testing: Clear all LRU caches after each test (#4249)
+ Remove the crypt dependency (#2139) [Gonéri Le Bouder]
+ logging: keep current file mode of log file if its stricter than the
new mode (#4250) [Ani Sinha]
+ Remove default membership in redundant groups (#4258)
[Dave Jones] (LP: #1923363)
+ doc: improve datasource_creation.rst (#4262)
+ Remove duplicate Integration testing button (#4261) [Rishita Shaw]
+ tools/read-version: fix the tool so that it can handle version parsing
errors (#4234) [Ani Sinha]
+ net/dhcp: add udhcpc support (#4190) [Jean-François Roche]
+ DS VMware: add i386 arch dir to deployPkg plugin search path
[PengpengSun]
+ LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
+ cc_mounts.py: Add note about issue with creating mounts inside mounts
(#4232) [dermotbradley]
+ lxd: install lxd from snap, not deb if absent in image
+ landscape: use landscape-config to write configuration
+ Add deprecation log during init of DataSourceDigitalOcean (#4194)
[tyb-truth]
+ doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
+ Inspect systemd state for cloud-init status (#4230)
+ instance-data: add system-info and features to combined-cloud-config
(#4224)
+ systemd: Block login until config stage completes (#2111) (LP: #2013403)
+ tests: proposed should invoke apt-get install -t=<release>-proposed
(#4235)
+ cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley]
+ Remove feature flag override ability (#4228)
+ tests: drop stray unrelated file presence test (#4227)
+ Update LXD URL (#4223) [Sally]
+ schema: add network v1 schema definition and validation functions
+ tests: daily PPA for devel series is version 99.daily update tests to
match (#4225)
+ instance-data: write /run/cloud-init/combined-cloud-config.json
+ mount parse: Fix matching non-existent directories (#4222) [Mina Galić]
+ Specify build-system for pep517 (#4218)
+ Fix network v2 metric rendering (#4220)
+ Migrate content out of FAQ page (SD-1187) (#4205) [Sally]
+ setup: fix generation of init templates (#4209) [Mina Galić]
+ docs: Correct some bootcmd example wording
+ fix changelog
+ tests: reboot client to assert x-shellscript-per-boot is triggered
+ nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204)
(LP: 4203, #2025180)
+ Add docstring and typing to mergemanydict (#4200)
+ BSD: add dsidentify to early startup scripts (#4182) [Mina Galić]
+ handler: report errors on skipped merged cloud-config.txt parts
(LP: #1999952)
+ Add cloud-init summit writeups (#4179) [Sally]
+ tests: Update test_clean_log for oci (#4187)
+ gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163)
+ tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184)
+ Ephemeral Networking for FreeBSD (#2165) [Mina Galić]
+ Clarify directory syntax for nocloud local filesystem. (#4178)
+ Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha]
+ Test static routes and netplan 0.106
+ FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić]
+ test: add tracking bug id (#4164)
+ tests: can't match MAC for LXD container veth due to netplan 0.106
(#4162)
+ Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar]
+ BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić]
+ launching salt-minion in masterless mode (#4110) [Denis Halturin]
+ tools: fix run-container builds for rockylinux/8 git hash mismatch
(#4161)
+ fix doc lint: spellchecker tripped up (#4160) [Mina Galić]
+ Support Ephemeral Networking for BSD (#2127)
+ Added / fixed support for static routes on OpenBSD and FreeBSD (#2157)
[Kadir Mueller]
+ cc_rsyslog: Refactor for better multi-platform support (#4119)
[Mina Galić] (LP: #1798055)
+ tests: fix test_lp1835584 (#4154)
+ cloud.cfg mod names: docs and rename salt_minion and set_password (#4153)
+ tests: apt support for deb822 format .sources files on mantic
+ vultr: remove check_route check (#2151) [Jonas Chevalier]
+ Update SECURITY.md (#4150) [Indrranil Pawar]
+ Update CONTRIBUTING.rst (#4149) [Indrranil Pawar]
+ Update .github-cla-signers (#4151) [Indrranil Pawar]
+ Standardise module names in cloud.cfg.tmpl to only use underscore
(#4128) [dermotbradley]
+ tests: update test_webhook_reporting
+ Modify PR template so autoclose works
+ doc: add missing semi-colon to nocloud cmdline docs (#4120)
+ .gitignore: extend coverage pattern (#4143) [Mina Galić]
From 23.2.2
+ Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271)
(LP: #2028562)
+ Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784)
From 23.2.1
+ nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204)
(Fixes: 4203) (LP: #2025180)
From 23.2
+ BSD: simplify finding MBR partitions by removing duplicate code
[Mina Galić]
+ tests: bump pycloudlib version for mantic builds
+ network-manager: Set higher autoconnect priority for nm keyfiles (#3671)
[Ani Sinha]
+ alpine.py: change the locale file used (#4139) [dermotbradley]
+ cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić]
+ config: drop refresh_rmc_and_interface as RHEL 7 no longer supported
[Robert Schweikert]
+ docs: Add feedback button to docs
+ net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh
plugin (#4132) [Ani Sinha]
+ For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley]
+ network_manager: add a method for ipv6 static IP configuration (#4127)
[Ani Sinha]
+ correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley]
+ nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115)
[Ani Sinha]
+ Add templates for GitHub Issues
+ Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela]
+ FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594)
+ FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić]
+ Update tests in Azure TestCanDevBeReformatted class (#2771)
[Ksenija Stanojevic]
+ Replace Launchpad references with GitHub Issues
+ Fix KeyError in iproute pformat (#3287) [Dmitry Zykov]
+ schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance
+ azure/errors: introduce reportable errors for imds (#3647)
[Chris Patterson]
+ FreeBSD (and friends): better identify MBR slices (#2168)
[Mina Galić] (LP: #2016350)
+ azure/errors: add host reporting for dhcp errors (#2167)
[Chris Patterson]
+ net: purge blacklist_drivers across net and azure (#2160)
[Chris Patterson]
+ net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153)
[Chris Patterson]
+ tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d
(#2251)
+ net: refactor find_candidate_nics_on_linux() to use get_interfaces()
(#2159) [Chris Patterson]
+ resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden]
+ Remove mount NTFS error message (#2134) [Ksenija Stanojevic]
+ integration tests: fix image specification parsing (#2166)
+ ci: add hypothesis scheduled GH check (#2149)
+ Move supported distros list to docs (#2162)
+ Fix logger, use instance rather than module function (#2163)
+ README: Point to Github Actions build status (#2158)
+ Revert "fix linux-specific code on bsd (#2143)" (#2161)
+ Do not generate dsa and ed25519 key types when crypto FIPS mode is
enabled (#2142) [Ani Sinha] (LP: 2017761)
+ Add documentation label automatically (#2156)
+ sources/azure: report success to host and introduce kvp module (#2141)
[Chris Patterson]
+ setup.py: use pkg-config for udev/rules path (#2137) [dankm]
+ openstack/static: honor the DNS servers associated with a network
(#2138) [Gonéri Le Bouder]
+ fix linux-specific code on bsd (#2143)
+ cli: schema validation of jinja template user-data (SC-1385) (#2132)
(LP: #1881925)
+ gce: activate network discovery on every boot (#2128)
+ tests: update integration test to assert 640 across reboots (#2145)
+ Make user/vendor data sensitive and remove log permissions (#2144)
(LP: #2013967)
+ Update kernel command line docs (SC-1457) (#2133)
+ docs: update network configuration path links (#2140) [d1r3ct0r]
+ sources/azure: report failures to host via kvp (#2136) [Chris Patterson]
+ net: Document use of `ip route append` to add routes (#2130)
+ dhcp: Add missing mocks (#2135)
+ azure/imds: retry fetching metadata up to 300 seconds (#2121)
[Chris Patterson]
+ [1/2] DHCP: Refactor dhcp client code (#2122)
+ azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson]
+ azure/errors: introduce reportable errors (#2129) [Chris Patterson]
+ users: schema permit empty list to indicate create no users
+ azure: introduce identity module (#2116) [Chris Patterson]
+ Standardize disabling cloud-init on non-systemd (#2112)
+ Update .github-cla-signers (#2126) [Rob Tongue]
+ NoCloud: Use seedfrom protocol to determine mode (#2107)
+ rhel: Remove sysvinit files. (#2114)
+ tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson]
+ Fix NoCloud kernel commandline semi-colon args
+ run-container: make the container/VM timeout configurable (#2118)
[Paride Legovini]
+ suse: Remove sysvinit files. (#2115)
+ test: Backport assert_call_count for old requests (#2119)
+ Add "licebmi" as contributor (#2113) [Mark Martinez]
+ Adapt DataSourceScaleway to upcoming IPv6 support (#2033)
[Louis Bouchard]
+ rhel: make sure previous-hostname file ends with a new line (#2108)
[Ani Sinha]
+ Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai]
+ Cleanup ephemeral IP routes on exception (#2100) [sxt1001]
+ commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291)
+ Standardize kernel commandline user interface (#2093)
+ config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson]
+ Fix test_dhclient_exits_with_error (#2105)
+ net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083)
[Chris Patterson]
+ sources/azure: move pps handling out of _poll_imds() (#2075)
[Chris Patterson]
+ tests: bump pycloudlib version (#2102)
+ schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098)
+ sources/azure/imds: don't count timeout errors as connection errors
(#2074) [Chris Patterson]
+ Fix Python 3.12 unit test failures (#2099)
+ integration tests: Refactor instance checking (#1989)
+ ci: migrate remaining jobs from travis to gh (#2085)
+ missing ending quote in instancedata docs(#2094) [Hong L]
+ refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r]
+ tests/vmware: fix test_no_data_access_method failure (#2092)
[Chris Patterson]
+ Don't change permissions of netrules target (#2076) (LP: #2011783)
+ tests/sources: patch util.get_cmdline() for datasource tests (#2091)
[Chris Patterson]
+ macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090)
(LP: #2008888)
+ Fedora: Enable CA handling (#2086) [František Zatloukal]
+ Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa]
+ cc_ansible: complete the examples and doc (#2082) [Yves]
+ bddeb: for dev package, derive debhelper-compat from host system
+ apport: only prompt for cloud_name when instance-data.json is absent
+ datasource: Optimize datasource detection, fix bugs (#2060)
+ Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi]
+ sources/azure: add networking check for all source PPS (#2061)
[Chris Patterson]
+ do not attempt dns resolution on ip addresses (#2040)
+ chore: fix style tip (#2071)
+ Fix metadata IP in instancedata.rst (#2063) [Brian Haley]
+ util: Pass deprecation schedule in deprecate_call() (#2064)
+ config: Update grub-dpkg docs (#2058)
+ docs: Cosmetic improvements and styling (#2057) [s-makin]
+ cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner]
+ tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059)
+ oracle-ds: prefer system_cfg over ds network config source (#1998)
(LP: #1956788)
+ Remove dead code (#2038)
+ source: Force OpenStack when it is only option (#2045) (LP: #2008727)
+ cc_ubuntu_advantage: improve UA logs discovery
+ sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson]
+ tests: fix test_schema (#2042)
+ dhcp: Cleanup unused kwarg (#2037)
+ sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027)
[PengpengSun]
+ dhclient_hook: remove vestigal dhclient_hook command (#2015)
+ log: Add standardized deprecation tooling (SC-1312) (#2026)
+ Enable SUSE based distros for ca handling (#2036) [Robert Schweikert]
From 23.1.2
+ Make user/vendor data sensitive and remove log permissions
(LP: #2013967) (CVE-2023-1786)
From 23.1.1
+ source: Force OpenStack when it is only option (#2045)
+ sources/azure: fix regressions in IMDS behavior (#2041)
[Chris Patterson]
- Add cloud-init-flake8-fixes.patch
- Revert chnages from previous commit
+ Disabling checks the primary maintainer enabled for specific reasons
is not a fix.
- update to 23.1.2:
* Make user/vendor data sensitive and remove log permissions
* source: Force OpenStack when it is only option (#2045)
* sources/azure: fix regressions in IMDS behavior
- drop
cloud-init-cve-2023-1786-redact-instance-data-json-main.patch (upstream)
- spec-file cleanups, including dropping flake8 (as build fails
with newer flake8 versions)
- cloud-regionsrv-client
-
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
+ Fix the algorithm to determine the region from the availability zone
information retrieved from IMDS.
- Update to version 10.1.6
+ Support specifying an IPv6 address for a manually configured target
update server.
- Update to version 10.1.5 (bsc#1217583)
+ Fix fallback path when IPv6 network path is not usable
+ Enable an IPv6 fallback path in IMDS access if it cannot be accessed
over IPv4
+ Enable IMDS access over IPv6
- containerd
-
- Add patch for bsc#1217952:
+ 0002-shim-Create-pid-file-with-0644-permissions.patch
- Update to containerd v1.7.10. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- cpio
-
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
* fix-bsc1219238.patch
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
* fix-CVE-2023-7207.patch
- gcc7
-
- Add gcc7-pr87723.patch to avoid ICE when hitting a broken pattern
in the s390 backend.
- Add gcc7-bsc1216488.patch to avoid creating recursive DIE references
through DW_AT_abstract_origin when using LTO. [bsc#1216488]
- curl
-
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
* Add curl-libssh_Implement_SFTP_packet_size_limit.patch
- lvm2
-
- Error creating linux volume on SAN device lvmlockd (bsc#1215229)
+ bug-1215229_lvmlockd-use-4K-sector-size-when-any-dev-is-4K.patch
- docker
-
- Update to Docker 24.0.7-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
version-specific templating for the default apparmor profile. bsc#1213500
+ 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Update to Docker 24.0.6-ce. See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- ecj
-
- Upgrade to eclipse 4.23 ecj (jsc#PED-2979)
* No changelog was made available.
- Use the bundled javax17api.jar stubs, but don't distribute
them
- Removed patches:
* encoding.patch
+ handled by a simple sed run
* javaAPI.patch
+ not needed with this version
- jackson-annotations
-
- Update to 2.15.2
* no subsantial changes from 2.15.0
* 2.15.0 (23-Apr-2023)
+ #211: Add 'JsonFormat.Feature's:
READ_UNKNOWN_ENUM_VALUES_AS_NULL,
READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE
+ #214: Add NOTICE file with copyright information
+ #221: Add
'JsonFormat.Feature.READ_DATE_TIMESTAMPS_AS_NANOSECONDS'
* 2.14.0 (05-Nov-2022)
+ #204: Allow explicit 'JsonSubTypes' repeated names check
- Update to 2.13.3
* no substantial changes, just version allignment to other
jackson packages
- jackson-core
-
- Update to 2.15.2
* 2.15.2 (30-May-2023)
+ #1019: Allow override of 'StreamReadContraints' default with
'overrideDefaultStreamReadConstraints()'
+ #1027: Extra module-info.class in 2.15.1
+ #1028: Wrong checksums in 'module.json' (2.15.0, 2.15.1)
+ #1032: 'LICENSE' missing from 2.15.1 jar
* 2.15.1 (16-May-2023))
+ #999: Gradle metadata for 'jackson-core' '2.15.0' adds
dependency on 'ch.randelshofer:fastdoubleparser'
+ #1003: Add FastDoubleParser section to 'NOTICE'
+ #1014: Increase default max allowed String value length from
5 megs to 20 megs
+ #1023: Problem with 'FilteringGeneratorDelegate' wrt
'TokenFilter.Inclusion.INCLUDE_NON_NULL'
* 2.15.0 (23-Apr-2023)
+ #827: Add numeric value size limits via
'StreamReadConstraints' (fixes 'sonatype-2022-6438')
+ #844: Add SLSA provenance via build script
+ #851: Add 'StreamReadFeature.USE_FAST_BIG_DECIMAL_PARSER' to
enable faster 'BigDecimal', 'BigInteger' parsing
+ #863: Add 'StreamReadConstraints' limit for longest textual
value to allow (default: 5M)
+ #865: Optimize parsing 19 digit longs
+ #898: Possible flaw in 'TokenFilterContext#skipParentChecks()'
+ #902: Add 'Object JsonParser.getNumberValueDeferred()' method
to allow for deferred decoding in some cases
+ #921: Add 'JsonFactory.Feature.CHARSET_DETECTION' to disable
charset detection
+ #948: Use 'StreamConstraintsException' in name canonicalizers
+ #962: Offer a way to directly set 'StreamReadConstraints' via
'JsonFactory' (not just Builder)
+ #965: 2.15.0-rc1 missing Gradle module metadata marker in
pom.xml
+ #968: Prevent inefficient internal conversion from
'BigDecimal' to 'BigInteger' wrt ultra-large scale
+ #984: Add 'JsonGenerator.copyCurrentEventExact' as alternative
to 'copyCurrentEvent()'
* 2.14.3 (05-May-2023)
+ #909: Revert schubfach changes in #854
+ #912: Optional padding Base64Variant still throws exception on
missing padding character
+ #967: Address performance issue with 'BigDecimalParser'
+ #990: Backport removal of BigDecimal to BigInt conversion
(#987)
+ #1004: FastDoubleParser license
+ #1012: Got 'NegativeArraySizeException' when calling
'writeValueAsString()'
* 2.14.2 (28-Jan-2023)
+ #854: Backport schubfach changes from v2.15#8
+ #882: Allow TokenFIlter to skip last elements in arrays
+ #886: Avoid instance creations in fast parser code
+ #890: 'FilteringGeneratorDelegate' does not create new
'filterContext' if 'tokenFilter' is null
* 2.14.0 (05-Nov-2022)
+ #478: Provide implementation of async JSON parser fed by
'ByteBufferFeeder'
+ #577: Allow use of faster floating-point number parsing with
'StreamReadFeature.USE_FAST_DOUBLE_PARSER'
+ #684: Add "JsonPointer#appendProperty" and
"JsonPointer#appendIndex"
+ #715: Allow TokenFilters to keep empty arrays and objects
+ #717: Hex capitalization for JsonWriter should be configurable
(add 'JsonWriteFeature.WRITE_HEX_UPPER_CASE')
+ #733: Add 'StreamReadCapability.EXACT_FLOATS' to indicate
whether parser reports exact floating-point values or not
+ #736: 'JsonPointer' quadratic memory use: OOME on deep inputs
+ #745: Change minimum Java version to 8
+ #749: Allow use of faster floating-point number serialization
('StreamWriteFeature.USE_FAST_DOUBLE_WRITER')
+ #751: Remove workaround for old issue with a particular double
+ #753: Add 'NumberInput.parseFloat()'
+ #757: Update ParserBase to support floats directly
+ #759: JsonGenerator to provide current value to the context
before starting objects
+ #762: Make 'JsonPointer' 'java.io.Serializable'
+ #763: 'JsonFactory.createParser()' with 'File' may leak
'InputStream's
+ #764: 'JsonFactory.createGenerator()' with 'File' may leak
'OutputStream's
+ #773: Add option to accept non-standard trailing decimal point
('JsonReadFeature.ALLOW_TRAILING_DECIMAL_POINT_FOR_NUMBERS')
+ #774: Add a feature to allow leading plus sign
('JsonReadFeature.ALLOW_LEADING_PLUS_SIGN_FOR_NUMBERS')
+ #788: 'JsonPointer.empty()' should NOT indicate match of a
property with key of ""
+ #798: Avoid copy when parsing 'BigDecimal'
+ #811: Add explicit bounds checks for 'JsonGenerator' methods
that take 'byte[]'/'char[]'/String-with-offsets input
+ #812: Add explicit bounds checks for
'JsonFactory.createParser()' methods that take
'byte[]'/'char[]'-with-offsets input
+ #814: Use 'BigDecimalParser' for BigInteger parsing very long
numbers
+ #818: Calling 'JsonPointer.compile(...)' on very deeply nested
expression throws 'StackOverflowError'
+ #828: Make 'BigInteger' parsing lazy
+ #830: Make 'BigDecimal' parsing lazy
+ #834: ReaderBaseJsonParser._verifyRootSpace() can cause buffer
boundary failure
- Added patch:
* 0001-Remove-ch.randelshofer.fastdoubleparser.patch
+ we don't have 'ch.randelshofer:fastdoubleparser'
- Update to 2.13.3
* 2.13.3 (14-May-2022)
+ #744: Limit size of exception message in BigDecimalParser
* 2.13.2 (06-Mar-2022)
+ #732: Update Maven wrapper
+ #739: 'JsonLocation' in 2.13 only uses identity comparison
for "content reference"
* 2.13.1 (19-Dec-2021)
+ #713: Incorrect parsing of single-quoted surrounded String
values containing double quotes
- jackson-databind
-
- Update to 2.15.2
* 2.15.2 (30-May-2023)
+ #3938: Record setter not included from interface
(2.15 regression)
* 2.15.1 (16-May-2023)
+ #3882: Error in creating nested 'ArrayNode's with
'JsonNode.withArray()'
+ #3894: Only avoid Records fields detection for deserialization
+ #3895: 2.15.0 breaking behaviour change for records and Getter
Visibility
+ #3897: 2.15.0 breaks deserialization when POJO/Record only has
a single field and is marked 'Access.WRITE_ONLY'
+ #3913: Issue with deserialization when there are unexpected
properties (due to null 'StreamReadConstraints')
+ #3914: Fix TypeId serialization for
'JsonTypeInfo.Id.DEDUCTION', native type ids
* 2.15.0 (23-Apr-2023)
+ #2536: Add 'EnumFeature.READ_ENUM_KEYS_USING_INDEX' to work
with existing "WRITE_ENUM_KEYS_USING_INDEX"#
+ #2667: Add '@EnumNaming', 'EnumNamingStrategy' to allow use of
naming strategies for Enums
+ #2968: Deserialization of '@JsonTypeInfo' annotated type fails
with missing type id even for explicit concrete subtypes
+ #2974: Null coercion with '@JsonSetter' does not work with
'java.lang.Record'
+ #2992: Properties naming strategy do not work with Record
+ #3053: Allow serializing enums to lowercase
('EnumFeature.WRITE_ENUMS_TO_LOWERCASE')
+ #3180: Support '@JsonCreator' annotation on record classes
+ #3262: InvalidDefinitionException when calling
mapper.createObjectNode().putPOJO
+ #3297: '@JsonDeserialize(converter = ...)' does not work with
Records
+ #3342: 'JsonTypeInfo.As.EXTERNAL_PROPERTY' does not work with
record wrappers
+ #3352: Do not require the usage of opens in a modular app when
using records
+ #3566: Cannot use both 'JsonCreator.Mode.DELEGATING' and
'JsonCreator.Mode.PROPERTIES' static creator factory methods
for Enums
+ #3637: Add enum features into '@JsonFormat.Feature'
+ #3638: Case-insensitive and number-based enum deserialization
are (unnecessarily) mutually exclusive
+ #3651: Deprecate "exact values" setting from 'JsonNodeFactory',
replace with
'JsonNodeFeature.STRIP_TRAILING_BIGDECIMAL_ZEROES'
+ #3654: Infer '@JsonCreator(mode = Mode.DELEGATING)' from use
of '@JsonValue')
+ #3676: Allow use of '@JsonCreator(mode = Mode.PROPERTIES)'
creator for POJOs with"empty String" coercion
+ #3680: Timestamp in classes inside jar showing 02/01/1980
+ #3682: Transient 'Field's are not ignored as Mutators if there
is visible Getter
+ #3690: Incorrect target type for arrays when disabling
coercion
+ #3708: Seems like 'java.nio.file.Path' is safe for Android API
level 26
+ #3730: Add support in 'TokenBuffer' for lazily decoded (big)
numbers
+ #3736: Try to avoid auto-detecting Fields for Record types
+ #3742: schemaType of 'LongSerializer' is wrong
+ #3745: Deprecate classes in package
'com.fasterxml.jackson.databind.jsonschema'
+ #3748: 'DelegatingDeserializer' missing override of
'getAbsentValue()' (and couple of other methods)
+ #3771: Classloader leak: DEFAULT_ANNOTATION_INTROSPECTOR holds
annotation reference
+ #3791: Flush readonly map together with shared on
'SerializerCache.flush()'
+ #3796: Enum Deserialisation Failing with Polymorphic type
validator
+ #3809: Add Stream-friendly alternative to
'ObjectNode.fields()': 'Set<Map.Entry<String, JsonNode>>
properties()'
+ #3814: Enhance 'StdNodeBasedDeserializer' to support
'readerForUpdating'
+ #3816: TokenBuffer does not implement writeString(Reader
reader, int len)
+ #3819: Add convenience method
'SimpleBeanPropertyFilter.filterOutAll()' as counterpart of
'serializeAll()'
+ #3836: 'Optional<Boolean>' is not recognized as boolean field
+ #3853: Add 'MapperFeature.REQUIRE_TYPE_ID_FOR_SUBTYPES' to
enable/disable strict subtype Type Id handling
+ #3876: 'TypeFactory' cache performance degradation with
'constructSpecializedType()'
* 2.14.3 (05-May-2023)
+ #3784: 'PrimitiveArrayDeserializers$ByteDeser.deserialize'
ignores 'DeserializationProblemHandler' for invalid Base64
content
+ #3837: Set transformer factory attributes to improve
protection against XXE
* 2.14.2 (28-Jan-2023)
+ #1751: '@JsonTypeInfo' does not work if the Type Id is an
Integer value
+ #3063: '@JsonValue' fails for Java Record
+ #3699: Allow custom 'JsonNode' implementations
+ #3711: Enum polymorphism not working correctly with DEDUCTION
+ #3741: 'StdDelegatingDeserializer' ignores 'nullValue' of
'_delegateDeserializer'.
* 2.14.1 (21-Nov-2022)
+ #3655: 'Enum' values can not be read from single-element array
even with 'DeserializationFeature.UNWRAP_SINGLE_VALUE_ARRAYS'
+ #3665: 'ObjectMapper' default heap consumption increased
significantly from 2.13.x to 2.14.0
* 2.14.0 (05-Nov-2022)
+ #1980: Add method(s) in 'JsonNode' that works like combination
of 'at()' and 'with()': 'withObject(...)' and 'withArray(...)'
+ #2541: Cannot merge polymorphic objects
+ #3013: Allow disabling Integer to String coercion via
'CoercionConfig'
+ #3212: Add method 'ObjectMapper.copyWith(JsonFactory)'
+ #3311: Add serializer-cache size limit to avoid Metaspace
issues from caching Serializers
+ #3338: 'configOverride.setMergeable(false)' not supported by
'ArrayNode'
+ #3357: '@JsonIgnore' does not if together with '@JsonProperty'
or '@JsonFormat'
+ #3373: Change 'TypeSerializerBase' to skip
'generator.writeTypePrefix()' for 'null' typeId
+ #3394: Allow use of 'JsonNode' field for '@JsonAnySetter'
+ #3405: Create DataTypeFeature abstraction (for JSTEP-7) with
placeholder features
+ #3417: Allow (de)serializing records using
Bean(De)SerializerModifier even when reflection is unavailable
+ #3419: Improve performance of 'UnresolvedForwardReference' for
forward reference resolution
+ #3421: Implement 'JsonNodeFeature.READ_NULL_PROPERTIES' to
allow skipping of JSON 'null' values on reading
+ #3443: Do not strip generic type from 'Class<C>' when
resolving 'JavaType'
+ #3447: Deeply nested JsonNode throws StackOverflowError for
toString()
+ #3475: Support use of fast double parse
+ #3476: Implement 'JsonNodeFeature.WRITE_NULL_PROPERTIES' to
allow skipping JSON 'null' values on writing
+ #3481: Filter method only got called once if the field is null
when using '@JsonInclude(value = JsonInclude.Include.CUSTOM,
valueFilter = SomeFieldFilter.class)'
+ #3484: Update 'MapDeserializer' to support
'StreamReadCapability.DUPLICATE_PROPERTIES'
+ #3497: Deserialization of Throwables with
PropertyNamingStrategy does not work
+ #3500: Add optional explicit 'JsonSubTypes' repeated names
check
+ #3503: 'StdDeserializer' coerces ints to floats even if
configured to fail
+ #3505: Fix deduction deserializer with
DefaultTypeResolverBuilder
+ #3528: 'TokenBuffer' defaults for parser/stream-read features
neither passed from parser nor use real defaults
+ #3530: Change LRUMap to just evict one entry when maxEntries
reached
+ #3533: Deserialize missing value of 'EXTERNAL_PROPERTY' type
using custom 'NullValueProvider'
+ #3535: Replace 'JsonNode.with()' with 'JsonNode.withObject()'
+ #3559: Support 'null'-valued 'Map' fields with "any setter"
+ #3568: Change 'JsonNode.with(String)' and 'withArray(String)'
to consider argument as 'JsonPointer' if valid expression
+ #3590: Add check in primitive value deserializers to avoid
deep wrapper array nesting wrt 'UNWRAP_SINGLE_VALUE_ARRAYS'
[CVE-2022-42003, bsc#1204370]
+ #3609: Allow non-boolean return type for "is-getters" with
'MapperFeature.ALLOW_IS_GETTERS_FOR_NON_BOOLEAN'
+ #3613: Implement 'float' and 'boolean' to 'String' coercion
config
+ #3624: Legacy 'ALLOW_COERCION_OF_SCALARS' interacts poorly
with Integer to Float coercion
+ #3633: Expose 'translate()' method of standard
'PropertyNamingStrategy' implementations
* 2.13.5 (23-Jan-2023)
+ #3659: Improve testing (likely via CI) to try to ensure
compatibility with specific Android SDKs
+ #3661: Jackson 2.13 uses Class.getTypeName() that is only
available on Android SDK 26 (with fix works on ASDK 24)
- java-11-openjdk
-
- Upgrade to upstream tag jdk-11.0.22+7 (January 2024 CPU)
* Security fixes
+ JDK-8308204: Enhanced certificate processing
+ JDK-8314295, CVE-2024-20919, bsc#1218903: Enhance
verification of verifier
+ JDK-8314284, CVE-2024-20926, bsc#1218906: Enhance Nashorn
performance
+ JDK-8314307, CVE-2024-20921, bsc#1218905: Improve loop
handling
+ JDK-8314468, CVE-2024-20918, bsc#1218907: Improve Compiler
loops
+ JDK-8316976, CVE-2024-20945, bsc#1218909: Improve signature
handling
+ JDK-8317547, CVE-2024-20952, bsc#1218911: Enhance TLS
connection support
* Other fixes
+ JDK-6381945: (cal) Japanese calendar unit test system should
avoid multiple static imports
+ JDK-6445283: ProgressMonitorInputStream not large file aware
(>2GB)
+ JDK-8026393: jarsigner never shows a warning in badKeyUsage
case
+ JDK-8041447: Test javax/swing/dnd/7171812/bug7171812.java
fails with java.lang.RuntimeException: Test failed, scroll on
drag doesn't work
+ JDK-8053479: (dc) DatagramChannel.read() throws exception
instead of discarding data when buffer too small
+ JDK-8067250: [mlvm] vm/mlvm/mixed/stress/regression/b6969574
fails and perf regression
+ JDK-8153090: TAB key cannot change input focus after the
radio button in the Color Selection dialog
+ JDK-8168408: Test java/awt/Focus/ActualFocusedWindowTest/
/ActualFocusedWindowBlockingTest.java fails intermittentently
on windows
+ JDK-8183374: Refactor java/lang/Runtime shell tests to java
+ JDK-8185531: [TESTBUG] Improve test configuration for shared
strings
+ JDK-8195589: T6587786.java failed after JDK-8189997
+ JDK-8197825: [Test] Intermittent timeout with javax/swing
JColorChooser Test
+ JDK-8205467: javax/management/remote/mandatory/connection/
/MultiThreadDeadLockTest.java possible deadlock
+ JDK-8207166: jdk/jshell/
/JdiHangingLaunchExecutionControlTest.java - launch timeout
+ JDK-8210168: JCK test .vm.classfmt.ins.code__002.code__00201m1
.code__00201m1 hangs with -noverify
+ JDK-8210265: Crash in HSpaceCounters::update_used()
+ JDK-8211045: [Testbug] Fix for 8144279 didn't define a test
case!
+ JDK-8212997: [TESTBUG] Remove defmeth tests for class file
versions 50 and 51
+ JDK-8213898: CDS dumping of springboot asserts in
G1ArchiveAllocator::alloc_new_region
+ JDK-8214694: cleanup rawtypes warnings in open jndi tests
+ JDK-8217329: JTREG: Clean up, remove unused imports in gc
folder
+ JDK-8218178: vmTestbase/vm/mlvm/mixed/stress/regression/
/b6969574/INDIFY_Test.java fails with -Xcomp
+ JDK-8220083: Remove hard-coded 127.0.0.1 loopback address in
JDK networking tests
+ JDK-8221396: Clean up serviceability/sa/TestUniverse.java
+ JDK-8223145: Replace wildcard address with loopback or local
host in tests - part 1
+ JDK-8223788: [macos] JSpinner buttons in JColorChooser dialog
may capture focus using TAB Key.
+ JDK-8224035: Replace wildcard address with loopback or local
host in tests - part 9
+ JDK-8224204: Replace wildcard address with loopback or local
host in tests - part 10
+ JDK-8226825: Replace wildcard address with loopback or local
host in tests - part 19
+ JDK-8230435: Replace wildcard address with loopback or local
host in tests - part 22
+ JDK-8230858: Replace wildcard address with loopback or local
host in tests - part 23
+ JDK-8231556: Wrong font ligatures used when 2 versions of
same font used
+ JDK-8231931: [TESTBUG] serviceability/sa/TestUniverse.java
looks for wrong string with Shenandoah
+ JDK-8232135: Add diagnostic output to test
java/util/ProcessBuilder/Basic.java
+ JDK-8232513: java/net/DatagramSocket/PortUnreachable.java
still fails intermittently with BindException
+ JDK-8232933: Javac inferred type does not conform to equality
constraint
+ JDK-8233000: Mark vmTestbase/vm/mlvm/meth/stress/compiler/
/deoptimize test as stress test
+ JDK-8233847: (sctp) Flx link-local IPv6 scope handling and
test cleanup.
+ JDK-8237858: PlainSocketImpl.socketAccept() handles EINTR
incorrectly
+ JDK-8238740: java/net/httpclient/whitebox/FlowTestDriver.java
should not specify a TLS protocol
+ JDK-8240235: jdk.test.lib.util.JarUtils updates jar files
incorrectly
+ JDK-8240604: Rewrite sun/management/jmxremote/bootstrap/
/CustomLauncherTest.java test to make binaries from source
file
+ JDK-8240754: Instrument FlowTest.java to provide more debug
traces.
+ JDK-8242330: Arrays should be cloned in several JAAS Callback
classes
+ JDK-8244508: JFR: FlightRecorderOptions reset date format
+ JDK-8249812: java/net/DatagramSocket/PortUnreachable.java
still fails intermittently with SocketTimeoutException
+ JDK-8251177: [macosx] The text "big" is truncated in
JTabbedPane
+ JDK-8252713: jtreg time out of CtrlASCII.java seems to hang
the Xserver.
+ JDK-8254711: Add java.security.Provider.getService JFR Event
+ JDK-8255548: Missing coverage for
javax.xml.crypto.dom.DOMCryptoContext
+ JDK-8258914: javax/net/ssl/DTLS/RespondToRetransmit.java
timed out
+ JDK-8259266: com/sun/jdi/JdbOptions.java failed with
"RuntimeException: 'prop[boo] = >foo 2<' missing from
stdout/stderr"
+ JDK-8260035: Deproblemlist few problemlisted test
+ JDK-8260431: com/sun/jdi/JdbOptions.java failed with
"RuntimeException: 'prop[boo] = >foo<' missing from
stdout/stderr"
+ JDK-8263530: sun.awt.X11.ListHelper.removeAll() should use
clear()
+ JDK-8265586: [windows] last button is not shown in AWT Frame
with BorderLayout and MenuBar set.
+ JDK-8265678: Test java/awt/Focus/ActualFocusedWindowTest/
/ActualFocusedWindowBlockingTest.java fails intermittentently
on windows
+ JDK-8266249: javax/swing/JPopupMenu/7156657/bug7156657.java
fails on macOS
+ JDK-8267860: Off-by-one bug when searching arrays in
AlpnGreaseTest
+ JDK-8268916: Tests for AffirmTrust roots
+ JDK-8271519: java/awt/event/SequencedEvent/
/MultipleContextsFunctionalTest.java failed with
"Total [200] - Expected [400]"
+ JDK-8273804: Platform.isTieredSupported should handle the
no-compiler case
+ JDK-8275329: ZGC: vmTestbase/gc/gctests/SoftReference/soft004/
/soft004.java fails with assert(_phases->length() <= 1000)
failed: Too many recored phases?
+ JDK-8275333: Print count in "Too many recored phases?" assert
+ JDK-8278456: Define jtreg jdk_desktop test group time-based
sub-tasks for use by headful testing.
+ JDK-8280004: DCmdArgument<jlong>::parse_value() should handle
NULL input
+ JDK-8282143: Objects.requireNonNull should be ForceInline
+ JDK-8282404: DrawStringWithInfiniteXform.java failed with
"RuntimeException: drawString with InfiniteXform transform
takes long time"
+ JDK-8284331: Add sanity check for signal handler modification
warning.
+ JDK-8285612: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/ImagePrinting/ClippedImages.java
+ JDK-8285687: Remove jtreg tag manual=yesno for
java/awt/print/PrinterJob/PageRangesDlgTest.java
+ JDK-8286707: JFR: Don't commit JFR internal
jdk.JavaMonitorWait events
+ JDK-8288325: [windows] Actual and Preferred Size of AWT
Non-resizable frame are different
+ JDK-8288415: java/awt/PopupMenu/PopupMenuLocation.java is
unstable in MacOS machines
+ JDK-8288993: Make AwtFramePackTest generic by removing
@requires tag
+ JDK-8289077: Add manual tests to open
+ JDK-8289238: Refactoring changes to PassFailJFrame Test
Framework
+ JDK-8289547: Update javax/swing/Popup/TaskbarPositionTest.java
+ JDK-8289584: (fs) Print size values in
java/nio/file/FileStore/Basic.java when they differ by > 1GiB
+ JDK-8289745: JfrStructCopyFailed uses heap words instead of
bytes for object sizes
+ JDK-8289917: Metadata for regionsRefilled of
G1EvacuationStatistics event is wrong
+ JDK-8290067: Show stack dimensions in UL logging when
attaching threads
+ JDK-8290469: Add new positioning options to PassFailJFrame
test framework
+ JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests
resilience under spurious failures
+ JDK-8292683: Remove BadKeyUsageTest.java from Problem List
+ JDK-8292713: Unsafe.allocateInstance should be intrinsified
without UseUnalignedAccesses
+ JDK-8293098: GHA: Harmonize GCC version handling for host and
cross builds
+ JDK-8293107: GHA: Bump to Ubuntu 22.04
+ JDK-8293166: jdk/jfr/jvm/TestDumpOnCrash.java fails on Linux
ppc64le and Linux aarch64
+ JDK-8293361: GHA: dump config.log in case of configure failure
+ JDK-8293466: libjsig should ignore non-modifying sigaction
calls
+ JDK-8293811: Provide a reason for PassFailJFrame.forceFail
+ JDK-8294281: Allow warnings to be disabled on a per-file basis
+ JDK-8294427: Check boxes and radio buttons have rendering
issues on Windows in High DPI env
+ JDK-8294673: JFR: Add SecurityProviderService#threshold to
TestActiveSettingEvent.java
+ JDK-8294941: GHA: Cut down cross-compilation sysroots
+ JDK-8294956: GHA: qemu-debootstrap is deprecated, use the
regular one
+ JDK-8295213: Run GHA manually with user-specified make and
configure arguments
+ JDK-8295885: GHA: Bump gcc versions 8313428: GHA: Bump GCC
versions for July 2023 updates
+ JDK-8296275: Write a test to verify setAccelerator method of
JMenuItem
+ JDK-8297296: java/awt/Mouse/EnterExitEvents/
/DragWindowTest.java fails with "No MouseReleased event on
label!"
+ JDK-8297640: Increase buffer size for buf
(insert_features_names) in
Abstract_VM_Version::insert_features_names
+ JDK-8298905: Test "java/awt/print/PrinterJob/ImagePrinting/
/PrintARGBImage.java" fails because the frames of instruction
does not display
+ JDK-8299255: Unexpected round errors in FreetypeFontScaler
+ JDK-8299330: Minor improvements in MSYS2 Workflow handling
+ JDK-8300259: Add test coverage for processing of pending
block files in signed JARs
+ JDK-8300272: Improve readability of the test
JarWithOneNonDisabledDigestAlg
+ JDK-8300405: Screen capture for test
JFileChooserSetLocationTest.java, failure case
+ JDK-8301065: Handle control characters in
java_lang_String::print
+ JDK-8301167: Update VerifySignedJar to actually exercise and
test verification
+ JDK-8301570: Test runtime/jni/nativeStack/ needs to detach
the native thread
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302525: Write a test to check various components send
Events while mouse and key are used simultaneously
+ JDK-8303607: SunMSCAPI provider leaks memory and keys
+ JDK-8306134: Open source some AWT tests relating to Button
and a few other classes
+ JDK-8306135: Clean up and open source some AWT tests
+ JDK-8306280: Open source several choice AWT tests
+ JDK-8306372: Open source AWT CardLayout and Checkbox tests
+ JDK-8306430: Open source some AWT tests related to
TextComponent and Toolkit
+ JDK-8306575: Clean up and open source four Dialog related
tests
+ JDK-8306765: Some client related jtreg problem list entries
are malformed
+ JDK-8306883: Thread stacksize is reported with wrong units in
os::create_thread logging
+ JDK-8307079: Update test java/awt/Choice/DragOffNoSelect.java
+ JDK-8307165: java/awt/dnd/NoFormatsDropTest/
/NoFormatsDropTest.java timed out
+ JDK-8308592: Framework for CA interoperability testing
+ JDK-8308910: Allow executeAndLog to accept running process
+ JDK-8309095: Remove UTF-8 character from
TaskbarPositionTest.java
+ JDK-8310265: (process) jspawnhelper should not use argv[0]
+ JDK-8310549: avoid potential leaks in KeystoreImpl.m related
to JNU_CHECK_EXCEPTION early returns
+ JDK-8311285: report some fontconfig related environment
variables in hs_err file
+ JDK-8311813: C1: Uninitialized PhiResolver::_loop field
+ JDK-8312065: Socket.connect does not timeout when profiling
+ JDK-8312126: NullPointerException in CertStore.getCRLs after
8297955
+ JDK-8312489: Increase jdk.jar.maxSignatureFileSize default
which is too low for JARs such as WhiteSource/Mend unified
agent jar
+ JDK-8312535: MidiSystem.getSoundbank() throws unexpected
SecurityException
+ JDK-8312573: Failure during CompileOnly parsing leads to
ShouldNotReachHere
+ JDK-8312972: Bump update version for OpenJDK: jdk-11.0.22
+ JDK-8313576: GCC 7 reports compiler warning in bundled
freetype 2.13.0
+ JDK-8313626: C2 crash due to unexpected exception control flow
+ JDK-8313657: com.sun.jndi.ldap.Connection.cleanup does not
close connections on SocketTimeoutErrors
+ JDK-8313691: use close after failing os::fdopen in vmError
and ciEnv
+ JDK-8313707: GHA: Bootstrap sysroots with --variant=minbase
+ JDK-8313792: Verify 4th party information in
src/jdk.internal.le/share/legal/jline.md
+ JDK-8313815: The exception messages printed by jcmd
ManagementAgent.start are corrupted on Japanese Windows
+ JDK-8314063: The socket is not closed in
Connection::createSocket when the handshake failed for LDAP
connection
+ JDK-8314094: java/lang/ProcessHandle/InfoTest.java fails on
Windows when run as user with Administrator privileges
+ JDK-8314242: Update applications/scimark/Scimark.java to
accept VM flags
+ JDK-8314262: GHA: Cut down cross-compilation sysroots deeper
+ JDK-8314263: Signed jars triggering Logger finder recursion
and StackOverflowError
+ JDK-8314730: GHA: Drop libfreetype6-dev transitional package
in favor of libfreetype-dev
+ JDK-8315020: The macro definition for LoongArch64 zero build
is not accurate.
+ JDK-8315062: [GHA] get-bootjdk action should return the
abolute path
+ JDK-8315135: Memory leak in the native implementation of
Pack200.Unpacker.unpack()
+ JDK-8315214: Do not run sun/tools/jhsdb tests concurrently
+ JDK-8315480: [11u] Harmonize GHA cross-compilation block with
mainline
+ JDK-8315683: Parallelize java/util/concurrent/tck/
/JSR166TestCase.java
+ JDK-8315692: Parallelize
gc/stress/TestStressRSetCoarsening.java test
+ JDK-8315696: SignedLoggerFinderTest.java test failed
+ JDK-8315766: Parallelize gc/stress/
/TestStressIHOPMultiThread.java test
+ JDK-8315770: serviceability/sa/TestJmapCoreMetaspace.java
should run with -XX:-VerifyDependencies
+ JDK-8315862: [11u] Backport 8227337: javax/management/remote/
/mandatory/connection/ReconnectTest.java NoSuchObjectException
no such object in table
+ JDK-8315863: [GHA] Update checkout action to use v4
+ JDK-8315937: Enable parallelism in
vmTestbase/nsk/stress/numeric tests
+ JDK-8316087: Test SignedLoggerFinderTest.java is still failing
+ JDK-8316178: Better diagnostic header for CodeBlobs
+ JDK-8316206: Test StretchedFontTest.java fails for Baekmuk
font
+ JDK-8316380: [11u] Backport 8170089:
nsk/jdi/EventSet/resume/resume008: ERROR: suspendCounts don't
match for : Common-Cleaner
+ JDK-8316514: Better diagnostic header for VtableStub
+ JDK-8316710: Exclude java/awt/font/Rotate/RotatedTextTest.java
+ JDK-8316746: Top of lock-stack does not match the unlocked
object
+ JDK-8316906: Clarify TLABWasteTargetPercent flag
+ JDK-8317373: Add Telia Root CA v2
+ JDK-8317374: Add Let's Encrypt ISRG Root X2
+ JDK-8317920: JDWP-agent sends broken exception event with
onthrow option
+ JDK-8317967: Enhance test/jdk/javax/net/ssl/TLSCommon/
/SSLEngineTestCase.java to handle default cases
+ JDK-8318669: Target OS detection in 'test-prebuilt' makefile
target is incorrect when running on MSYS2
+ JDK-8318705: [macos] ProblemList
java/rmi/registry/multipleRegistries/MultipleRegistries.java
+ JDK-8318759: Add four DigiCert root certificates
+ JDK-8319187: Add three eMudhra emSign roots
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8323423: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.22
- kernel-default
-
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- commit 8afebed
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
(bsc#1218659).
- commit 4ee6819
- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- commit a036bcf
- xen/events: fix delayed eoi list handling (git-fixes).
- commit eb0149c
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
(git-fixes).
- commit f6ed3e4
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- commit a41e3fe
- vsock/virtio: Fix unsigned integer wrap around in
virtio_transport_has_space() (git-fixes).
- commit db5c328
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
(git-fixes).
- commit ad9e29a
- virtio_balloon: Fix endless deflation and inflation on arm64
(git-fixes).
- commit 6583f74
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- commit d624528
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
(git-fixes).
- commit 8696527
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- commit 146bca2
- io_uring/af_unix: disable sending io_uring over sockets
(bsc#1218447, CVE-2023-6531).
- commit fdc256b
- smb: client: fix potential OOB in smb2_dump_detail()
(bsc#1217946 CVE-2023-6610).
- commit cfca7f7
- x86/purgatory: Remove LTO flags (git-fixes).
- commit bbd4f84
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- commit 46d60b3
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- commit 7686df9
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- Refresh patches.suse/x86-srso-set-cpuid-feature-bits-independently-of-bug-or-mitigation-status.patch.
- commit c22f4b4
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- commit d74349c
- vsprintf/kallsyms: Prevent invalid data when printing symbol
(bsc#1217602).
- commit 8dab9cc
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- commit fdc98a7
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- commit 6bf16e1
- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
(git-fixes).
- commit 3929c70
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit 4a0b72a
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- commit 7029135
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- commit 8087b92
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- commit 7b8dfd1
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- Refresh
patches.suse/x86-srso-fix-vulnerability-reporting-for-missing-microcode.patch.
- commit b121d1d
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 43e31d9
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- commit 98085ae
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- commit 270b9c8
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- commit 1bd102b
- gfs2: fix an oops in gfs2_permission (git-fixes).
- commit 60a8e84
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- commit a2dd84b
- gfs2: ignore negated quota changes (git-fixes).
- commit c2a4d43
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- commit 50de71c
- gfs2: Fix possible data races in gfs2_show_options()
(git-fixes).
- commit 7592b99
- gfs2: Fix inode height consistency check (git-fixes).
- commit 935054a
- gfs2: jdata writepage fix (git-fixes).
- commit e5f9516
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- commit 86c44aa
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 130df3d
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- commit 3054547
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- commit 4e4b75a
- gfs2: Fix filesystem block deallocation for short writes
(git-fixes).
- commit 87cd867
- gfs2: Make sure FITRIM minlen is rounded up to fs block size
(git-fixes).
- commit 62669a7
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- commit d0e789c
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- commit 1a34aa3
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- commit 09da26e
- gfs2: Clean up function may_grant (git-fixes).
- commit ce33b14
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- commit e045f1b
- locks: fix KASAN: use-after-free in
trace_event_raw_event_filelock_lock (git-fixes).
- commit 4758492
- fs: avoid empty option when generating legacy mount string
(git-fixes).
- commit 00945db
- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit d4a18c5
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
(git-fixes).
- commit b9e9b76
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
(git-fixes).
- commit 1d47e4a
- orangefs: Fix sysfs not cleanup when dev init failed
(git-fixes).
- commit f7a82d1
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- commit e861bd6
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- commit 41989d9
- orangefs: Fix the size of a memory allocation in
orangefs_bufmap_alloc() (git-fixes).
- commit 6623b23
- iomap: Fix iomap_dio_rw return value for user copies
(git-fixes).
- commit 2b65ea1
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- commit dfe9a1f
- ubifs: fix possible dereference after free (git-fixes).
- commit 971dae9
- fs: ocfs2: namei: check return value of ocfs2_add_entry()
(git-fixes).
- commit 63eae38
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- commit 8906b9a
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- commit 28815ad
- fs/jfs: Add validity check for db_maxag and db_agpref
(git-fixes).
- commit 39d5b5e
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- commit f831778
- jfs: validate max amount of blocks before allocation
(git-fixes).
- commit 4be1419
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
(git-fixes).
- commit 5b4b023
- fs/jfs: prevent double-free in dbUnmount() after failed
jfs_remount() (git-fixes).
- commit 51a993a
- reiserfs: Replace 1-element array with C99 style flex-array
(git-fixes).
- commit 6ad83f4
- reiserfs: Check the return value from __getblk() (git-fixes).
- commit 0e912c9
- afs: Fix use-after-free due to get/remove race in volume tree
(git-fixes).
- commit f4a57bf
- afs: Fix overwriting of result of DNS query (git-fixes).
- commit fe0f4c6
- afs: Fix dynamic root lookup DNS check (git-fixes).
- commit 1e86064
- afs: Fix the dynamic root's d_delete to always delete unused
dentries (git-fixes).
- commit 3d5b3d7
- afs: Fix refcount underflow from error handling race
(git-fixes).
- commit 0a9c8bb
- afs: Fix file locking on R/O volumes to operate in local mode
(git-fixes).
- commit 5431cb3
- afs: Return ENOENT if no cell DNS record can be found
(git-fixes).
- commit 863355b
- afs: Make error on cell lookup failure consistent with OpenAFS
(git-fixes).
- commit 5fcd2cf
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- commit 8fc4f69
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- commit 6bd8135
- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
(CVE-2023-51779 bsc#1218559).
- commit b8b3309
- Delete doc/config-options.changes (jsc#PED-5021)
Following on adedbd2a5c6 ("kernel-source: Remove config-options.changes
(jsc#PED-5021)"), remove the now unused file from the tree.
- commit d1b9e97
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- commit f6f3907
- ring-buffer: Fix wake ups when buffer_percent is set to 100
(git-fixes).
- commit 21c1070
- tracing / synthetic: Disable events after testing in
synth_event_gen_test_init() (git-fixes).
- commit e21c29f
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- commit 62cdcf8
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
(git-fixes).
- commit 9be35d2
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
When MULTIBUILD option in config.sh is enabled generate a _multibuild
file listing all spec files.
- commit f734347
- Build in the correct KOTD repository with multibuild
(JSC-SLE#5501, boo#1211226, bsc#1218184)
With multibuild setting repository flags is no longer supported for
individual spec files - see
https://github.com/openSUSE/open-build-service/issues/3574
Add ExclusiveArch conditional that depends on a macro set up by
bs-upload-kernel instead. With that each package should build only in
one repository - either standard or QA.
Note: bs-upload-kernel does not interpret rpm conditionals, and only
uses the first ExclusiveArch line to determine the architectures to
enable.
- commit aa5424d
- blacklist.conf: Add c98c18270be1 sched, cgroup: Restore meaning to hierarchical_quota
- commit 6115840
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
(bsc#1218515).
- commit 00f113e
- blacklist.conf: e63a57303599 blk-cgroup: bypass blkcg_deactivate_policy after destroying
- commit 895355e
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- commit dbe7edd
- ring-buffer: Remove useless update to write_stamp in
rb_try_to_discard() (git-fixes).
- commit 64ff947
- RDMA/hfi1: Workaround truncation compilation error (git-fixes)
- commit 2302fb3
- RDMA/hns: The UD mode can only be configured with DCQCN (git-fixes)
- commit ca9d38d
- RDMA/hns: Add check for SL (git-fixes)
- commit cf9e8e3
- RDMA/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- commit 34178f4
- RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- commit 47c4074
- RDMA/hns: Fix printing level of asynchronous events (git-fixes)
- commit 892f8ec
- IB/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- commit ffaf04e
- RDMA/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- commit 4b8aeed
- RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- commit 605983a
- uapi: propagate __struct_group() attributes to the container
union (jsc#SLE-18978).
- commit 3b553e2
- Update References
patches.suse/Bluetooth-Reject-connection-with-the-device-which-ha.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 0b8be40
- Update References
patches.suse/Bluetooth-hci_event-Ignore-NULL-link-key.patch
(git-fixes bsc#1215237 CVE-2020-26555).
- commit 3386934
- iio: adc: ti_am335x_adc: Fix return value check of
tiadc_request_dma() (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer
(git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in
inv_mpu6050_read_raw (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion
time table (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error
(git-fixes).
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
(git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0
(git-fixes).
- ASoC: hdmi-codec: fix missing report for jack initial status
(git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the
start conditions (git-fixes).
- pinctrl: at91-pio4: use dedicated lock class for IRQ
(git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for
rxq->lock (git-fixes).
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
omap_soc_device_init (git-fixes).
- spi: atmel: Fix clock issue when using devices with different
polarities (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link
(git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
(git-fixes).
- PCI: loongson: Limit MRRS to 256 (git-fixes).
- ALSA: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170
variants (git-fixes).
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
(git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- commit ed00079
- Drop PCI AER patch that has been reverted on stable trees
Deleted:
patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch
- commit 43c7676
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- commit b9351c7
- smb: client: fix OOB in smbCalcSize() (bsc#1217947
CVE-2023-6606).
- commit 97b24d1
- Update References
patches.suse/tty-n_gsm-fix-the-UAF-caused-by-race-condition-in-gs.patch
(git-fixes bsc#1218335 CVE-2023-6546).
- commit ad12641
- perf: Fix perf_event_validate_size() lockdep splat
(CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
bsc#1218258).
- commit 00427a6
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
(git-fixes).
- commit 6c500e1
- s390/vx: fix save/restore of fpu kernel context (git-fixes
bsc#1218357).
- commit 4f47f85
- blacklist.conf: add nvme entries
- commit 9216151
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap
pointers (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none
(git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-pci: factor the iod mempool creation into a helper
(git-fixes).
Refresh:
- patches.suse/nvme-pci-fix-page-size-checks.patch
- commit 19bc755
- Rename to
patches.suse/nvme-auth-use-chap-s2-to-indicate-bidirectional-auth.patch.
and move the patch into the sorted section
- commit 633cfe2
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit 513a67c
- bus: ti-sysc: Flush posted write only after srst_udelay
(git-fixes).
- commit c942b7c
- reset: Fix crash when freeing non-existent optional resets
(git-fixes).
- commit 6de5ad5
- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
(git-fixes).
- commit 60dd723
- HID: hid-asus: reset the backlight brightness level on resume
(git-fixes).
- commit 79eff80
- HID: hid-asus: add const to read-only outgoing usb buffer
(git-fixes).
- commit 1c939ed
- HID: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- commit d088123
- restore renamed device IDs for USB HID devices (git-fixes).
- commit 5519e39
- HID: glorious: fix Glorious Model I HID report (git-fixes).
- commit ad69d7e
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- commit 513fc35
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 3ae518f
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
(git-fixes).
- commit d714a95
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
(git-fixes).
- commit ad9ad0d
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 697b74c
- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
packet (bsc#1218253 CVE-2023-6932).
- commit 87dfb84
- Refresh patches.suse/gve-Tx-path-for-DQO-QPL.patch.
Fix backport.
- commit f5531ee
- Input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- commit 6d0690b
- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
(git-fixes).
- commit 8fa7ef8
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
(git-fixes).
- commit a4fe241
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- commit df9fac1
- ring-buffer: Have saved event hold the entire event (git-fixes).
- commit 5347597
- ring-buffer: Do not update before stamp when switching
sub-buffers (git-fixes).
- commit 9c594ba
- tracing: Update snapshot buffer on resize if it is allocated
(git-fixes).
- commit d5996f1
- ring-buffer: Fix memory leak of free page (git-fixes).
- commit ee5f869
- ring-buffer: Fix writing to the buffer with max_data_size
(git-fixes).
- commit bb90d48
- blacklist.conf: cleanup
- commit 16dcb62
- usb: hub: Guard against accesses to uninitialized BOS
descriptors (git-fixes).
- commit 573da1a
- kABI: restore void return to typec_altmode_attention
(git-fixes).
- commit 9821aa3
- usb: typec: bus: verify partner exists in
typec_altmode_attention (git-fixes).
- commit 5fea3d2
- blacklist.conf: it changes only logging
- commit 3cbbd08
- r8152: Add RTL8152_INACCESSIBLE checks to more loops
(git-fixes).
- commit f62163f
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
(git-fixes).
- commit 064cc95
- Documentation: drop more IDE boot options and ide-cd.rst
(git-fixes).
- commit 7993dcc
- Update patches.suse/spi-tegra210-quad-Fix-duplicate-resource-error.patch (git-fixes, jsc#PED-3459
Add reference to PED-3459
- commit c4a5ea6
- Update patches.suse/spi-tegra210-quad-Multi-cs-support.patch (bsc#1212584, jsc#PED-3459
Add reference to PED-3459.
- commit fc374a4
- Update patches.suse/spi-tegra210-quad-Fix-combined-sequence.patch (bsc#1212584, jsc#PED-3459)
Add reference to PED-3459.
- commit bff7fca
- Drop Documentation/ide/ (git-fixes).
- commit d3eb72d
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- commit 5219779
- tracing: Set actual size after ring buffer resize (git-fixes).
- commit b915dbf
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- commit 9da609b
- tracing: Reuse logic from perf's get_recursion_context()
(git-fixes).
- commit adc2c65
- tracing: relax trace_event_eval_update() execution with
cond_resched() (git-fixes).
- commit 017c09c
- ring-buffer: Force absolute timestamp on discard of event
(git-fixes).
- commit 703d47b
- tracing: Disable snapshot buffer when stopping instance tracers
(git-fixes).
- commit ea1804c
- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 416045c
- tracing: Always update snapshot buffer size (git-fixes).
- commit ab3ac02
- kprobes: consistent rcu api usage for kretprobe holder
(git-fixes).
- commit bd133f6
- tracing/kprobes: Fix the order of argument descriptions
(git-fixes).
- commit 4822ad0
- tracing: Have the user copy of synthetic event address use
correct context (git-fixes).
- commit ee4a2b2
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- commit 5b3fa66
- kabi/severities: ignore kABI for asus-wmi drivers
Tolerate the kABI changes, as used only locally for asus-wmi stuff
- commit 42dad1e
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode
(git-fixes).
- commit 1640ab2
- serial: sc16is7xx: address RX timeout interrupt errata
(git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards
(git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
(git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
(git-fixes).
- ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
(git-fixes).
- nilfs2: fix missing error check for sb_set_blocksize call
(git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared
asus-wmi code (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count
(git-fixes).
- kconfig: fix memory leak from range properties (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR
(git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
(git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch
reporting (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use
struct wmi_driver (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling
(git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing
(git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use
enum (git-fixes).
- commit e47d99c
- tracing/kprobes: Fix the description of variable length
arguments (git-fixes).
- commit ee78d8b
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
(git-fixes).
- commit 946e077
- netfilter: nf_tables: bail out on mismatching dynset and set
expressions (bsc#1217938 CVE-2023-6622).
- commit de1dd10
- HID: lenovo: Restrict detection of patched firmware only to
USB cptkbd (git-fixes).
- commit 1bd99d4
- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
(git-fixes).
- Bluetooth: hci_qca: Fix the teardown problem for real
(git-fixes).
- Documentation: qat: Use code block for qat sysfs example
(git-fixes).
- commit c75f6d8
- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
(git-fixes).
- ALSA: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
(git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad
Z470 (git-fixes).
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- ALSA: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- commit 200c0a2
- blacklist.conf: add two ceph commits
- commit d8d4641
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- libceph: use kernel_connect() (bsc#1217981).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
(bsc#1217980).
- commit e3e482f
- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- commit 794f0e7
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- commit 4dcfded
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- commit 0fd1b8d
- arm64: dts: arm: add missing cache properties (git-fixes)
- commit 710ea40
- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames")
- commit 37fe1b1
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- commit 8cd5213
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- commit 68db0d6
- tracing: Fix a possible race when disabling buffered events
(bsc#1217036).
- commit 26540da
- tracing: Fix a warning when allocating buffered events fails
(bsc#1217036).
- commit ec57b73
- tracing: Fix incomplete locking when disabling buffered events
(bsc#1217036).
- commit 2d81a3a
- tracing: Disable preemption when using the filter buffer
(bsc#1217036).
- commit 0ade134
- tracing: Use __this_cpu_read() in
trace_event_buffer_lock_reserver() (bsc#1217036).
- commit 8aa5d9a
- tracing: Fix warning in trace_buffered_event_disable()
(git-fixes, bsc#1217036).
- commit b71b6ff
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
(git-fixes).
- commit 19f2446
- nvmet: nul-terminate the NQNs passed in the connect command
(bsc#1217250 CVE-2023-6121).
- commit e359ed1
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
bsc#1217933).
- commit e39e7a6
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD
xHC 1.1" (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
(git-fixes).
- ARM: PL011: Fix DMA support (git-fixes).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
(git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
(git-fixes).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in
mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write
(git-fixes).
- commit 09a57bf
- md/raid1: fix error: ISO C90 forbids mixed declarations
(git-fixes).
- md: raid0: account for split bio in iostat accounting
(git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
(git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
(git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
(git-fixes).
- md/md-bitmap: remove unnecessary local variable in
backlog_store() (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices
(git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in
action_store" (git-fixes).
- md/raid0: add discard support for the 'original' layout
(git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct()
(git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
(git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
(git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
(git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in
raid5_read_one_chunk() (git-fixes).
- md/raid10: don't call bio_start_io_acct twice for bio which
experienced read error (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
(git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
(git-fixes).
- commit 75c9e76
- md/raid10: fix task hung in raid10d (git-fixes).
- Refresh patches.suse/md-display-timeout-error.patch for the above change.
- commit 90d12ef
- md: avoid signed overflow in slot_store() (git-fixes).
- md/raid10: factor out code from wait_barrier() to
stop_waiting_barrier() (git-fixes).
- commit c35659b
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- Update patches.suse/md-display-timeout-error.patch for the above change.
- commit 77abf5c
- md: raid10 add nowait support (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md/bitmap: don't set max_write_behind if there is no write
mostly device (git-fixes).
- commit 44a1c08
- blacklist.conf: add non-backport commits
- commit 731fcaa
- kernel-source: Remove config-options.changes (jsc#PED-5021)
The file doc/config-options.changes was used in the past to document
kernel config changes. It was introduced in 2010 but haven't received
any updates on any branch since 2015. The file is renamed by tar-up.sh
to config-options.changes.txt and shipped in the kernel-source RPM
package under /usr/share/doc. As its content now only contains outdated
information, retaining it can lead to confusion for users encountering
this file.
Config changes are nowadays described in associated Git commit messages,
which get automatically collected and are incorporated into changelogs
of kernel RPM packages.
Drop then this obsolete file, starting with its packaging logic.
For branch maintainers: Upon merging this commit on your branch, please
correspondingly delete the file doc/config-options.changes.
- commit adedbd2
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
Reduce indentation in the list of references, make the style consistent
with README.md.
- commit 70e3c33
- regmap: fix bogus error on regcache_sync success (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value
(git-fixes).
- commit e5d6930
- doc/README.SUSE: Add how to update the config for module signing
(jsc#PED-5021)
Configuration files for SUSE kernels include settings to integrate with
signing support provided by the Open Build Service. This creates
problems if someone tries to use such a configuration file to build
a "standalone" kernel as described in doc/README.SUSE:
* Default configuration files available in the kernel-source repository
unset CONFIG_MODULE_SIG_ALL to leave module signing to
pesign-obs-integration. In case of a "standalone" build, this
integration is not available and the modules don't get signed.
* The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
".kernel_signing_key.pem" which is a file populated by certificates
provided by OBS but otherwise not available. The value ends up in
/boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
decides to use one of these files as their base configuration then the
build fails with an error because the specified module signing key is
missing.
Add information on how to enable module signing and where to find the
relevant upstream documentation.
- commit a699dc3
- doc/README.SUSE: Remove how to build modules using kernel-source
(jsc#PED-5021)
Remove the first method how to build kernel modules from the readme. It
describes a process consisting of the kernel-source installation,
configuring this kernel and then performing an ad-hoc module build.
This method is not ideal as no modversion data is involved in the
process. It results in a module with no symbol CRCs which can be wrongly
loaded on an incompatible kernel.
Removing the method also simplifies the readme because only two main
methods how to build the modules are then described, either doing an
ad-hoc build using kernel-devel, or creating a proper Kernel Module
Package.
- commit 9285bb8
- blacklist.conf: just in case fix for a corner case
- commit a3fc582
- xhci: Clear EHB bit only at end of interrupt handler
(git-fixes).
- commit d5adf2a
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
(git-fixes).
- commit 5cdcb2d
- usb: host: xhci-plat: fix possible kernel oops while resuming
(git-fixes).
- commit b0504f4
- NFS: More fixes for nfs_direct_write_reschedule_io()
(bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group()
(bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths
(bsc#1211162).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling
(bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group()
(bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted
data (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release
semantics (bsc#1211162).
- commit e61bcf9
- xfs: make sure maxlen is still congruent with prod when rounding
down (git-fixes).
- commit 2b9fc44
- xfs: fix units conversion error in xfs_bmap_del_extent_delay
(git-fixes).
- commit 95e2620
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- commit bfb62b0
- xfs: return EINTR when a fatal signal terminates scrub
(git-fixes).
- commit e6f4fe7
- xfs: fix a bug in the online fsck directory leaf1 bestcount
check (git-fixes).
- commit e328537
- xfs: fix incorrect unit conversion in scrub tracepoint
(git-fixes).
- Refresh
patches.suse/xfs-standardize-AG-block-number-formatting-in-ftrace-output.patch.
- Refresh
patches.suse/xfs-standardize-AG-number-formatting-in-ftrace-output.patch.
- commit e256630
- xfs: decode scrub flags in ftrace output (git-fixes).
- commit d1fe7f7
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- commit 4e9f379
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- commit e9c4821
- xfs: convert flex-array declarations in struct xfs_attrlist*
(git-fixes).
- commit e33e297
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- commit c807e19
- xfs: convert flex-array declarations in xfs attr shortform
objects (git-fixes).
- commit 757cbc7
- xfs: convert flex-array declarations in xfs attr leaf blocks
(git-fixes).
- commit 1823624
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- commit d160cc2
- xfs: fix silly whitespace problems with kernel libxfs
(git-fixes).
- commit d822e52
- xfs: rename xfs_has_attr() (git-fixes).
- commit fe8702c
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- commit 6ea2cef
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- commit 74d9b5c
- xfs: replace snprintf in show functions with sysfs_emit
(git-fixes).
- commit 84db35d
- xfs: simplify two-level sysctl registration for xfs_table
(git-fixes).
- commit 0321d28
- xfs: add selinux labels to whiteout inodes (git-fixes).
- commit 8dc479c
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- Refresh
patches.suse/xfs-reject-crazy-array-sizes-being-fed-to-XFS_IOC_GE.patch.
- commit 89900e3
- xfs: clean up "%Ld/%Lu" which doesn't meet C standard
(git-fixes).
- commit dbcc289
- xfs: aborting inodes on shutdown may need buffer lock
(git-fixes).
- commit 8b202be
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- commit 4747a77
- xfs: dump log intent items that cannot be recovered due to
corruption (git-fixes).
- commit 6f8c678
- xfs: sb verifier doesn't handle uncached sb buffer (git-fixes).
- commit c0c7079
- xfs: remove kmem_alloc_io() (git-fixes).
- commit 831b642
- x86/platform/uv: Use alternate source for socket to node data
(bsc#1215696 bsc#1217790).
- commit ec7f699
- avahi
-
- Add avahi-CVE-2023-38472.patch: Fix reachable assertion in
avahi_rdata_parse (bsc#1216853, CVE-2023-38472).
- util-linux
-
- Add upstream patch
util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
bsc#1207987 gh#util-linux/util-linux@1d98827edde4
- libxcrypt
-
- fix variable name for datamember in 'struct crypt_data' [bsc#1215496]
- added patches
fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
+ libxcrypt-man-fix-variable-name.patch
- mozilla-nss
-
- update to NSS 3.90.1
* bmo#1813401 - regenerate NameConstraints test certificates.
* bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.
- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- gnutls
-
- Security fix: [bsc#1217277, CVE-2023-5981]
* Fix timing side-channel inside RSA-PSK key exchange.
* auth/rsa_psk: side-step potential side-channel
* Add curl-CVE-2023-5981.patch
- ncurses
-
- Add patch bsc1218014-cve-2023-50495.patch
* Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
- Add patch boo1201384.patch
* Do not fully reset serial lines
- polkit
-
- Change permissions for rules folders (bsc#1209282)
- procps
-
- Submit latest procps 3.3.17 to SLE-15 tree for jira#PED-3244
and jira#PED-6369
- The patches now upstream had been dropped meanwhile
* procps-vmstat-1b9ea611.patch (bsc#1185417)
- For support up to 2048 CPU as well
* bsc1209122-a6c0795d.patch (bnc#1209122)
- allow `-´ as leading character to ignore possible errors
on systctl entries
* patch procps-ng-3.3.9-bsc1121753-Cpus.patch (bsc#1121753)
- was a backport of an upstream fix to get the first CPU
summary correct
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
the pwait tool and its manual page will be build
- Modify patches
* procps-ng-3.3.9-w-notruncate.diff
* procps-ng-3.3.17-logind.patch
to real to not truncate output of w with option -n
- procps-ng-3.3.17-logind.patch: Backport from 4.x git, prefer
logind over utmp (jsc#PED-3144)
- sg3_utils
-
- Make sure initrd is rebuilt when sg3_utils is updated
(bsc#1215772)
- Update to version 1.47+15.b6898b8:
* rescan-scsi-bus.sh: remove /tmp/rescan-scsi-mpath-info.txt
(gh#doug-gilbert/sg3_utils#44)
* rescan_scsi_bus.sh: fix multipath issue when called with -s and
without -u (bsc#1215720, bsc#1216355)
- net-snmp
-
- Update to net-snmp-5.9.4 (bsc#1214364).
add (rename):
* net-snmp-5.9.4-add-lustre-fs-support.patch
* net-snmp-5.9.4-add-netgroups-functionality.patch
* net-snmp-5.9.4-fix-create-v3-user-outfile.patch
* net-snmp-5.9.4-fixed-python2-bindings.patch
* net-snmp-5.9.4-fix-Makefile.PL.patch
* net-snmp-5.9.4-modern-rpm-api.patch
* net-snmp-5.9.4-net-snmp-config-headercheck.patch
* net-snmp-5.9.4-perl-tk-warning.patch
* net-snmp-5.9.4-pie.patch
* net-snmp-5.9.4-snmpstatus-suppress-output.patch
* net-snmp-5.9.4-socket-path.patch
* net-snmp-5.9.4-subagent-set-response.patch
* net-snmp-5.9.4-suse-systemd-service-files.patch
* net-snmp-5.9.4-testing-empty-arptable.patch
delete (now part of v5.9.4):
* net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
delete (rename):
* net-snmp-5.9.1-add-lustre-fs-support.patch
* net-snmp-5.9.1-fix-Makefile.PL.patch
* net-snmp-5.9.1-modern-rpm-api.patch
* net-snmp-5.9.1-net-snmp-config-headercheck.patch
* net-snmp-5.9.1-perl-tk-warning.patch
* net-snmp-5.9.1-snmpstatus-suppress-output.patch
* net-snmp-5.9.1-socket-path.patch
* net-snmp-5.9.1-subagent-set-response.patch
* net-snmp-5.9.1-suse-systemd-service-files.patch
* net-snmp-5.9.1-testing-empty-arptable.patch
* net-snmp-5.9.1-velocity-mib.patch
* net-snmp-5.9.3-fix-create-v3-user-outfile.patch
* net-snmp-5.9.3-pie.patch
* net-snmp-5.9.3-fixed-python2-bindings.patch
- Removing legacy MIBs used by Velocity Software (jira#PED-6416).
- Re-add support for hostname netgroups that was removed accidentally and
previously added with FATE#316305 (bsc#1207697).
'@hostgroup' can be specified for multiple hosts
- Hardening systemd services setting "ProtectHome=true" caused home directory
size and allocation to be listed incorrectly (bsc#1206044).
add (rename):
* net-snmp-5.9.4-harden_snmpd.service.patch
* net-snmp-5.9.4-harden_snmptrapd.service.patch
delete (rename):
* net-snmp-5.9.3-harden_snmpd.service.patch
* net-snmp-5.9.3-harden_snmptrapd.service.patch
- libsolv
-
- add zstd support for the installcheck tool
- add putinowndirpool cache to make file list handling in
repo_write much faster
- bump version to 0.7.27
- fix evr roundtrip in testcases
- do not use deprecated headerUnload with newer rpm versions
- bump version to 0.7.26
- support complex deps in SOLVABLE_PREREQ_IGNOREINST
- fix minimization not prefering installed packages in some cases
- reduce memory usage in repo_updateinfoxml
- fix lock-step interfering with architecture selection
- fix choice rule handing for package downgrades
- fix complex dependencies with an "else" part sometimes leading
to unsolved dependencies
- bump version to 0.7.25
- libssh
-
- Update to version 0.9.8
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
- suseconnect-ng
-
- Update to version 1.6.0
* Disable EULA display for addons (bsc#1218649 and bsc#1217961)
- Update to version 1.5.0
* Configure docker credentials for registry authentication
* Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
* Add --json output option
- systemd
-
- Import commit 2cb4d40f1c6a388706af8a83d5344fc0de3c6f4d (merge of v249.17)
c8578cef7f resolved: actually check authenticated flag of SOA transaction
- Import commit 86f0670d3a01c1a2d4df17f1c68d03f1586195e3
ba7f1df7a5 vconsole-setup: simplify error handling
94f4eaea77 Introduce RET_GATHER and use it in src/shared/
e02406fcc1 mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
0b8db54511 mount: drop UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT and UNIT_DEPENDENCY_MOUNTINFO_DEFAULT
98ba536bd1 mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
73c7b2bb48 core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
ba585a28d7 core: Add trace logging to mount_add_device_dependencies()
36e0a4f80f core/mount: also remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
bc107c86c3 core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
ce4907c7c3 core: wrap some long comment
- Import commit e677079182c975ecdad88a76f657fecb4de523d9
7692c5bda8 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
29c3eb4681 utmp-wtmp: fix error in case isatty() fails
98970eb90b homed: handle EINTR gracefully when waiting for device node
0305809edd resolved: handle -EINTR returned from fd_wait_for_event() better
40db4d6abe sd-netlink: handle EINTR from poll() gracefully, as success
5e681711c6 varlink: also handle EINTR gracefully when waiting for EIO via ppoll()
6bbd70f092 stdio-bridge: don't be bothered with EINTR
f978feb591 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
746962ff40 core: replace slice dependencies as they get added (bsc#1214668)
- systemd.spec: add missing `%tmpfiles_create systemd-resolve.conf`
- Rename 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch into
1013-strip-the-domain-part-from-etc-hostname-when-setting.patch
- Rename 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch into
1014-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
- Rename 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch into
1015-networkd-make-network.service-an-alias-of-systemd-ne.patch
- Rename 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch into
1016-core-disable-session-keyring-per-system-sevice-entir.patch
- Rename 0011-core-disable-session-keyring-per-system-sevice-entir.patch into
1017-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
Hence these patch files can be easily identified as SLE specific ones.
- libtcnative-1-0
-
- Version update to version 1.2.38:
* Align default pass phrase prompt with HTTPd.
* #66669: Fix memory leak in SNI processing.
* Update the recommended minimum version of OpenSSL to 1.1.1v.
* Update the recommended minimum version of APR to 1.7.4.
* Document the TLS rengotiation behaviour.
* Add HOWTO-RELEASE.txt that describes the release process.
* Refactor library initialization so it is compatible with Tomcat
10.1.x onwards where a number of Java classes have been removed.
* Map the OpenSSL 3.x FIPS behaviour to the OpenSSL 1.x API to
allow clients to determine if the FIPS provider is being used
when Tomcat Native is compiled against OpenSSL 3.x.
* #66035: Fix crash when attempting to read TLS session ID after
a handshake failure.
* Enable download_deps.sh to be called from any directory.
* Fix release script so it works with the current git layout.
* #65441: Correct previous fix that enabled building to continue
with OpenSSL 3.x.
* #65659: Remove remaining reference to pkg-config which is no
longer included in the Tomcat Native distribution.
* #65181: Additional changes required to provided support for
using OpenSSL Engines that use proprietary key formats.
* #65329: Correct handling of WINVER in make file to use correct
constant for Windows 7. Add constants for Windows 8, Windows 8.1
and Windows 10. Rename WINNT to WIN2k as it is used for Windows
2000 upwards, not Windows NT upwards.
* Add a patch for APR that fixes an issue where some Windows
systems in some configurations would only listen on IPv6
addresses on dual stack systems even though configured to listen
on both IPv6 and IPv4 addresses.
* Correct a regression in the fix for 65181 that prevented an
error message from being displayed if an invalid key file was
provided and no OpenSSL Engine was configured.
* #65181: Improve support for using OpenSSL Engines that use
proprietary key formats.
* Enable building to continue against OpenSSL 3.x and 1.1.1.
* Incomplete name mangling fix for C++ compilers in tcn_api.h.
* Improve OS-specific header include for native thread id.
* Disable keylog callback support for LibreSSL.
* Add support for SSLContext.addChainCertificateRaw() with
LibreSSL 2.9.1 and up.
* Add support for HP-UX's _lwp_self() in our ssl_thread_id(void).
* Remove default option passed for rpath to linker on HP-UX.
* Add an option to allow the OCSP responder check to be bypassed.
Note that if OCSP is enabled, a missing responder is now treated
as an error.
* #64429: Fix compilation with LibreSSL.
* #63671: libtcnative does not compile with OpenSSL < 1.1.0 and
APR w/o threading support.
* Correct configure message for OpenSSL libdir.
* #64260: Clean up install target.
* #64315: configure output for OpenSSL wrong/incomplete sometimes.
* Drop obsolete build time workarounds for HP-UX.
* Add support for FreeBSD's pthread_getthreadid_np() in our
ssl_thread_id(void).
* #64316: Introduce tcn_get_thread_id(void) to reduce code
duplication.
* Fix linking against OpenSSL in non-standard locations on FreeBSD.
- Removed patch:
* libtcnative-1-0-bsc1199170.patch
+ fix integrated
- libzypp
-
- CheckAccessDeleted: fix 'running in container' filter
(bsc#1218291)
- version 17.31.27 (22)
- Call zypp commit plugins during transactional update (fixes #506)
- Add support for loongarch64 (fixes #504)
- Teach MediaMultiCurl to download HTTP Multibyte ranges.
- Teach zsync downloads to MultiCurl.
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
Convenient and helps documentation as it may refer to a single
command for a bunch of distributions. Like e.g. "zypper ar
'https://server.my/$releasever/my.repo'".
- version 17.31.26 (22)
- Fix build issue with zchunk build flags (fixes #500)
- version 17.31.25 (22)
- Open rpmdb just once during execution of %posttrans scripts
(bsc#1216412)
- Avoid using select() since it does not support fd numbers >
1024 (fixes #447)
- tools/DownloadFiles: use standard zypp progress bar (fixes #489)
- Revert "Color download progress bar" (fixes #475)
Cyan is already used for the output of RPM scriptlets. Avoid this
colorific collision between download progress bar and scriptlet
output.
- Fix ProgressBar's calculation of the printed tag position (fixes #494)
- Switch zypp::Digest to Openssl 3.0 Provider API (fixes #144)
- Fix usage of deprecated CURL features (fixes #486)
- version 17.31.24 (22)
- Stop using boost version 1 timer library (fixes #489,
bsc#1215294)
- version 17.31.23 (22)
- openssh
-
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
This mitigates a prefix truncation attack that could be used to
undermine channel security.
- Enhanced SELinux functionality. Added
* openssh-7.8p1-role-mls.patch
Proper handling of MLS systems and basis for other SELinux
improvements
* openssh-6.6p1-privsep-selinux.patch
Properly set contexts during privilege separation
* openssh-6.6p1-keycat.patch
Add ssh-keycat command to allow retrival of authorized_keys
on MLS setups with polyinstantiation
* openssh-6.6.1p1-selinux-contexts.patch
Additional changes to set the proper context during privilege
separation
* openssh-7.6p1-cleanup-selinux.patch
Various changes and putting the pieces together
For now we don't ship the ssh-keycat command, but we need the patch
for the other SELinux infrastructure
This change fixes issues like bsc#1214788, where the ssh daemon
needs to act on behalf of a user and needs a proper context for this
- pam
-
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
[bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- pam_lastlog: check localtime_r() return value (bsc#1217000)
* Added: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
- postfix
-
- (bsc#1218304) VUL-0: postfix: new SMTP smuggling attack
(bsc#1218314) SMTP Smuggling - Spoofing E-Mails Worldwide
Apply patch containing the feature smtpd_forbid_unauth_pipelining
as default yes.
add patch:
postfix-3.7-patch06
- Security: the Postfix SMTP server optionally disconnects remote
SMTP clients that violate RFC 2920 (or 5321) command pipelining
constraints. The server replies with "554 5.5.0 Error: SMTP protocol
synchronization" and logs the unexpected remote SMTP client input.
Specify "smtpd_forbid_unauth_pipelining = yes" to enable.
- Workaround to limit collateral damage from OS distributions that
crank up security to 11, increasing the number of plaintext email
deliveries. This introduces basic OpenSSL configuration file support,
with two new parameters "tls_config_file" and "tls_config_name".
Details are in the postconf(5) manpage under "tls_config_file" and
"tls_config_name".
- python-instance-billing-flavor-check
-
- Version 0.0.6 (bsc#1218561)
Support proxy setup on the client to access the update infrastructure
API
- Version 0.0.5
Add IPv6 support (bsc#1218739)
- python-azure-mgmt-appconfiguration
-
- Downgrade to upstream version 0.6.0
- Update Requires from setup.py
- python-azure-mgmt-resource
-
- Downgrade to upstream version 10.3.0 (bsc#1205340)
- Update Requires from setup.py
- python-chardet
-
- Fix update-alternative in %postun, bsc#1218765
- python3-cryptography
-
- Add CVE-2023-49083.patch to fix A null-pointer-dereference and
segfault could occur when loading certificates from a PKCS#7 bundle.
bsc#1217592
- python-uamqp
-
- Add patch to fix integer overflow which may cause remote code execution
+ CVE-2024-21646.patch (CVE-2024-21646, bsc#1219409)
- python-websocket-client
-
- Add reenable-py36.patch (bsc#1215314)
* upstream dropped Python 3.6 between 1.3.1 and 1.3.2 because it was EOL
* no Python 3.6 incompatible changes between those two versions
- rsyslog
-
- suppress installation errors when systemd is not running
(bsc#1218799)
- restart daemon after modules packages have been updated
(bsc#1217292)
- runc
-
[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
<https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
+ CVE-2024-21626.patch
- Update to runc v1.1.11. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
- samba
-
- Add "net offlinejoin composeodj" command; (bsc#1214076);
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000product:sle-module-suse-manager-server-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- suse-module-tools
-
- Update to version 15.4.19:
* rpm-script: add symlink /boot/.vmlinuz.hmac (bsc#1217775)
- susemanager-schema
-
- version 4.3.23-1
* Revert adding unique index for rhnpackagechangelogdata table
(bsc#1218027)
- tar
-
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
PAX archives can lead to a crash, bsc#1217969
* fix-CVE-2023-39804.patch
- xen
-
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
assigned to incorrect contexts (XSA-449)
xsa449.patch
- Upstream bug fixes (bsc#1027519)
62ab2ed9-x86-more-MSR_ARCH_CAPS.patch
64763137-x86-AutoIBRS-definitions.patch
652fef4f-x86-AMD-erratum-1485.patch
6532858d-x86-DOITM.patch
65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
65536847-AMD-IOMMU-correct-level-for-quarantine-pt.patch
65536848-x86-spec-ctrl-remove-conditional-IRQs-on-ness.patch
655b2ba9-fix-sched_move_domain.patch
6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
656ee5e1-x86emul-avoid-triggering-event-assertions.patch
656ee602-cpupool-adding-offline-CPU.patch
656ee6c3-domain_create-error-path.patch
- Patches dropped / replaced by newer upstream versions
xsa445.patch
xsa446.patch
- yast2-pkg-bindings
-
- Fixed repository and service probing with libzypp 7.31.26
and newer, fixes broken repository handling (bsc#1218977,
bsc#1218399)
- 4.4.7
- yast2-samba-client
-
- Use translation macro for range settings expert details text;
(bsc#1197936).
- 4.4.4
- zypper
-
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
The switch makes search commands return 0 rather than 104 for
empty search results.
- version 1.14.68
- patch: Make sure reboot-needed is remembered until next boot
(bsc#1217873)
- version 1.14.67