- apache-commons-lang3
-
- Update to 3.16.0:
* New features:
+ Add StopWatch.getSplitDuration() and deprecate
getSplitTime().
+ Add StopWatch.getStartInstant() and deprecate getStartTime().
+ Add StopWatch.getStopInstant() and deprecate getStopTime().
+ Add StopWatch.getDuration() and deprecate getTime().
+ Add Javadoc links from StopWatch to DurationUtils #1249.
+ Add LangCollectors.collect(Collector, T...).
+ Add RandomStringUtils.secure().
+ Add RandomStringUtils.insecure().
* Fixed bugs:
+ Reimplement StopWatch internals to use java.time.
+ RandomStringUtils.random() with a negative character index
should throw IllegalArgumentException. Fixes LANG-1745.
+ LocaleUtils.toLocale(String) cannot parse four segments.
Fixes LANG-1741.
+ Use fewer intermediary strings in
DefaultExceptionContext.getFormattedExceptionMessage(String).
+ Fix Javadoc in StringUtils.splitPreserveAllTokens() #1251.
+ Deprecate ArraySort constructor for removal.
+ Deprecate CharEncoding constructor for removal.
+ Deprecate Conversion constructor for removal.
+ Deprecate Conversion constructor for removal.
+ Deprecate EntityArrays constructor for removal.
+ Deprecate ObjectToStringComparator constructor for removal.
+ Deprecate RuntimeEnvironment constructor for removal.
- Includes changes from 3.15.0:
* New features:
+ Customize text pattern in DiffResult#toString(). Fixes
LANG-1724.
+ Add DiffBuilder.Builder.
+ Add DiffBuilder.builder().
+ Add ReflectionDiffBuilder.Builder.
+ Add ReflectionDiffBuilder.builder().
+ Add test in TypeUtilsTest #1151.
+ Add Streams.failableStream(T), non-varargs variant.
+ Add Streams.nonNull(T), non-varargs variant.
+ Add ArrayUtils.nullTo(T[], T[]).
+ Add T ArrayUtils.arraycopy(T, int, T, int, int) fluent style.
+ Add T ArrayUtils.arraycopy(T, int, int, int, Function) fluent
style.
+ Add SystemUtils.IS_JAVA_22.
+ Add JavaVersion.JAVA_22.
+ Add SystemProperties.getUserName(Supplier<String>).
+ Add SystemProperties.getLineSeparator(Supplier<String>).
+ Add
+ SystemProperties.getJavaSpecificationVersion(Supplier<String>).
+ Add SystemProperties constants and methods for system
properties as of Java 22.
+ Add MethodUtils.getMethodObject(Class, String, Class...).
+ Add null-safe Consumers.accept() and Functions.apply() #1215.
Fixes LANG-1733.
+ Add SystemUtils.IS_OS_ANDROID.
+ Add SystemUtils.IS_OS_MAC_OSX_SONOMA.
+ Add RuntimeEnvironment.inContainer() #1241.
+ Add AppendableJoiner and refactor string joining #1244.
* Fixed bugs:
+ Improve Javadoc in ExceptionUtils #1136.
+ Fixed two non-deterministic tests in EnumUtilsTest.java
[#1131].
+ Fix wrong number check that cause
StringIndexOutOfBoundsException #1140. Fixes LANG-1721.
+ Rethrow NegativeArraySizeException as SerializationException
in SerializationUtils.deserialize(InputStream) #1141. Fixes
LANG-1722.
+ Throw NumberFormatException instead of
IndexOutOfBoundsException in NumberUtils.getMantissa(String,
int) #1145. Fixes LANG-1723.
+ Minor grammar fixes #1143.
+ ArrayUtils will return null when adding two null arrays, but
undocumented. Fixes LANG-1713.
+ Let parent POM figure out commons.spdx.version.
+ Undeprecate ExceptionUtils.rethrow(Throwable). Fixes
LANG-1726.
+ Test the Conversion class #1155. Fixes LANG-1702.
+ Address minor redundancies after code inspection #1148.
+ Allow EventListenerSupport to handle (and ignore) exception
from listeners allowing invocation of all listeners #1167.
+ Deprecate AnnotationUtils 0-argument constructor.
+ Deprecate ArchUtils 0-argument constructor.
+ Deprecate ArrayUtils 0-argument constructor.
+ Deprecate BooleanUtils 0-argument constructor.
+ Deprecate CharSequenceUtils 0-argument constructor.
+ Deprecate CharSetUtils 0-argument constructor.
+ Deprecate CharUtils 0-argument constructor.
+ Deprecate ClassLoaderUtils 0-argument constructor.
+ Deprecate ClassPathUtils 0-argument constructor.
+ Deprecate ClassUtils 0-argument constructor.
+ Deprecate ConstructorUtils 0-argument constructor.
+ Deprecate DateFormatUtils 0-argument constructor.
+ Deprecate DateUtils 0-argument constructor.
+ Deprecate Diff.getType().
+ Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle).
+ Deprecate DiffBuilder.DiffBuilder(T, T, ToStringStyle,
boolean).
+ Deprecate DurationFormatUtils 0-argument constructor.
+ Deprecate DurationUtils 0-argument constructor.
+ Deprecate EnumUtils 0-argument constructor.
+ Deprecate EventUtils 0-argument constructor.
+ Deprecate FieldUtils 0-argument constructor.
+ Deprecate IEEE754rUtils 0-argument constructor.
+ Deprecate InheritanceUtils 0-argument constructor.
+ Deprecate IntStreams 0-argument constructor.
+ Deprecate LocaleUtils 0-argument constructor.
+ Deprecate LockingVisitors 0-argument constructor.
+ Deprecate MemberUtils 0-argument constructor.
+ Deprecate MethodUtils 0-argument constructor.
+ Deprecate NumberUtils 0-argument constructor.
+ Deprecate ObjectUtils 0-argument constructor.
+ Deprecate RandomStringUtils 0-argument constructor.
+ Deprecate RandomUtils 0-argument constructor.
+ Deprecate ReflectionDiffBuilder.ReflectionDiffBuilder(T, T,
ToStringStyle).
+ Deprecate RegExUtils 0-argument constructor.
+ Deprecate SerializationUtils 0-argument constructor.
+ Deprecate Streams 0-argument constructor.
+ Deprecate StringEscapeUtils 0-argument constructor.
+ Deprecate StringUtils 0-argument constructor.
+ Deprecate Suppliers 0-argument constructor.
+ Deprecate SystemProperties 0-argument constructor.
+ Deprecate ThreadUtils 0-argument constructor.
+ Deprecate TypeUtils 0-argument constructor.
+ Make ArrayFill null-safe.
+ Make ArraySorter null-safe.
+ Make ArrayUtils.removeAll() null-safe.
+ Fix Java version in README.md #1170.
+ StringUtils.stripAccents() should handle ligatures, UTF32
math blocks, etc. #1201.
+ TypeUtils.toString(Type) StackOverflowError for an inner
class in the inner class parameterized enclosing class #657.
Fixes LANG-1524.
+ Deprecate SystemUtils.getUserName(String) in favor of
SystemProperties.getUserName(Supplier).
+ Make LockVisitor.acceptReadLocked(FailableConsumer)
null-safe.
+ Make LockVisitor.applyWriteLocked(FailableConsumer)
null-safe.
+ Make ObjectUtils.getFirstNonNull(Supplier...) null-safe.
+ Make SystemProperties.getLineSeparator(Supplier).
+ StringUtils.stripAccents(String) doesn't handle "\u0111" and
"\u0110" (Vietnamese) #1216.
+ StringUtils.stripAccents(String) doesn't handle I with bar.
+ StringUtils.stripAccents(String) doesn't handle U with bar.
+ StringUtils.stripAccents(String) doesn't handle T with
stroke.
+ Fix Javadoc for FluentBitSet.setInclusive(int, int) #1222.
Fixes LANG-1735.
+ Same Javadoc changes as [TEXT-234] #1223.
+ Remove duplicate static data in
SerializationUtils.ClassLoaderAwareObjectInputStream.
+ Reimplement RandomUtils and RandomStringUtils on top of
SecureRandom#getInstanceStrong() #1235.
+ DiffBuilder: Type constraint for method append(...,
DiffResult) too strict #786. Fixes LANG-1657.
- Update to 3.14.0:
* New features:
+ Add Functions#function(Function).
+ Add FailableFunction#function(FailableFunction).
+ Add CalendarUtils.getInstance().
+ Add syntax for optional tokens to DurationFormatUtils.
+ Add ArrayFill.
+ Add FastDateParser.TimeZoneStrategy.TzInfo.toString().
+ Add LocaleUtils.isLanguageUndetermined(Locale).
+ Add ObjectUtils.toString(Supplier<Object>, Supplier<String>).
+ Add LazyInitializer.isInitialized().
+ Add ConcurrentInitializer#isInitialized() #1120.
+ Add Streams.failableStream(T...).
+ Add FailableSupplier.nul().
+ Add Suppliers.nul().
+ Add ExceptionUtils.throwUnchecked(T) where T extends
Throwable, and deprecate Object version.
+ Add ExceptionUtils.rethrowRuntimeException(T), and deprecate
rethrow(T).
+ ConcurrentInitializer implementations can now be instantiated
and configured with allocation and release lambdas.
Fixes LANG-1716.
+ Add support for RISC-V in ArchUtils #1128. Fixes LANG-1717.
* Fixed bugs:
+ Rename variable names from 'clss' to 'clazz'.
+ [Javadoc] ComparableUtils'c1' to 'comparable1', 'c2' to
'comparable2'
+ [Javadoc] Remove 2.1 specific comment #1091.
+ [Javadoc] Fix Incorrect Description in Processor isAarch64()
[#1093]. Fixes LANG-1704.
+ [Javadoc] Point to right getShortClassName flavor in Javadoc
for relevant notes #1097.
+ Improve performance of StringUtils.isMixedCase().
+ ThreadUtils find methods should not return null items. Fixes
LANG-1706.
+ ReflectionToStringBuilder changes in version 3.13.0 has broken
the logic for overriding classes. Fixes LANG-1710.
+ Return "null" instead of NPE in
ClassLoaderUtils.toString(ClassLoader).
+ Return "null" instead of NPE in
ClassLoaderUtils.toString(URLClassLoader).
+ Return ToStringStyle.nullText instead of NPE for
ReflectionToStringBuilder.toString().
+ Fix ThresholdCircuitBreaker#checkState().
+ Use ConcurrentInitializer implementations without subclassing.
+ Update critical value for chi-square test.
+ Fix Javadoc syntax errors #1129.
- From 3.13.0 update
* New features:
+ Add GitHub coverage.yml.
+ Add EnumUtils.getEnumSystemProperty(...).
+ Add TriConsumer.
+ Add and use EnumUtils.getFirstEnumIgnoreCase(Class, String,
Function, E).
+ Add and use Suppliers.
+ Add and use ArrayUtils.getComponentType(T[]).
+ Add and use ClassUtils.getComponentType(Class>T[]>).
+ Add and use ObjectUtils.getClass(T).
+ Add and use ArrayUtils.newInstance(Class>T>, int).
+ Add and use null-safe Streams.of(T...).
+ Add ClassUtils.comparator().
+ Add and use ThreadUtils.sleepQuietly(Duration).
+ Add and use ArrayUtils.setAll(T[], IntFunction).
+ Add and use ArrayUtils.setAll(T[], Supplier).
+ Add BooleanConsumer.
+ Add IntToCharFunction.
+ Add IntStreams.
+ Add UncheckedFuture.
+ Add UncheckedException.
+ Add UncheckedExecutionException.
+ Add UncheckedTimeoutException.
+ Add UncheckedInterruptedException.
+ Add TimeZones.GMT.
+ Add ObjectUtils.identityHashCodeHex(Object).
+ Add ObjectUtils.hashCodeHex(Object).
+ Add StringUtils.removeStart(String, char).
+ Add null-safe ObjectUtils.isArray(). Fixes LANG-1659.
+ Add ComparableUtils.max(A, A) and ComparableUtils.min(A, A).
+ Add UncheckedReflectiveOperationException.
+ Add and use ClassUtils.isPublic(Class).
+ Add UncheckedIllegalAccessException.
+ Add MethodInvokers.
+ Add Streams.nullSafeStream(Collection).
+ Add Streams.toStream(Collection).
+ Add Streams.failableStream(Collection) and deprecate misnamed
stream(Collection).
+ Add Streams.failableStream(Stream) and deprecate misnamed
stream(Stream).
+ Add EnumUtils.getEnumMap(Class, Function).
+ Add FluentBitSet.
+ Add Streams.instancesOf(Class, Collection).
+ Add ImmutablePair.ofNonNull(L, R).
+ Add ImmutableTriple.ofNonNull(L, M, R).
+ Add MutablePair.ofNonNull(L, R).
+ Add MutableTriple.ofNonNull(L, M, R).
+ Add Pair.ofNonNull(L, R).
+ Add Triple.ofNonNull(L, M, R).
+ Add ArrayUtils.containsAny(Object[], Object...).
+ Add Processor.Type.AARCH_64.
+ Add Processor.isAarch64().
+ Update ArchUtils.getProcessor(String) for "aarch64".
+ Add JavaVersion.JAVA_18.
+ Add JavaVersion.JAVA_19.
+ Add JavaVersion.JAVA_20.
+ Add JavaVersion.JAVA_21.
+ Add TimeZones.toTimeZone(TimeZone).
+ Add FutureTasks.
+ Add Memoizer(Function) and Memoizer(Function, boolean).
+ Add Consumers.
+ Add github/codeql-action.
+ Add coverage.yml.
+ Add DurationUtils.since(Temporal).
+ Add DurationUtils.of(FailableConsumer|FailableRunnbale).
+ Add ExceptionUtils.forEach(Throwable, Consumer<Throwable>).
+ Add ExceptionUtils.stream(Throwable).
+ Add ExceptionUtils.getRootCauseStackTraceList(Throwable).
+ Add SystemUtils.IS_OS_WINDOWS_11.
+ Add SystemUtils.IS_JAVA_16.
+ Add SystemUtils.IS_JAVA_17.
+ Add SystemUtils.IS_JAVA_18.
+ Add SystemUtils.IS_JAVA_19.
+ Add SystemUtils.IS_JAVA_20.
+ Add SystemUtils.IS_JAVA_21.
+ Add ArrayUtils.oneHot(). Fixes LANG-1627.
+ Let ReflectionToStringBuilder only reflect given field names.
Fixes LANG-1662.
+ Add Streams.of(Enumeration<E>).
+ Add Streams.of(Iterable<E>).
+ Add Streams.of(Iterator<E>).
+ Simple support for Optional in ObjectUtils#isEmpty(). Fixes
LANG-1689.
+ Add Processor.Type.getLabel().
+ Add Processor.toString().
+ Add HashCodeBuilder.equals(Object).
+ Add BooleanUtils.values() and forEach().
+ Add ClassPathUtils.packageToPath(String) and pathToPackage(String)
+ Add CalendarUtils#getDayOfYear()
+ Add NumberRange, DoubleRange, IntegerRange, LongRange.
+ Add missing exception javadoc/tests for some null arguments.
+ Add ClassLoaderUtils.getSystemURLs() and getThreadURLs().
+ Add RegExUtils.dotAll() and dotAllMatcher().
+ Add Pair.accept(FailableBiConsumer).
+ Add Pair.apply(FailableBiFunction).
+ Add ReflectionDiffBuilder.setExcludeFieldNames(...) and
DiffExclude a... Fixes LANG-1677.
+ Add and ExceptionUtils.isChecked() and isUnchecked(). Fixes
LANG-1647.
+ Add and use ExceptionUtils.throwUnchecked(throwable).
+ Add LockingVisitors.create(O, ReadWriteLock).
* Fixed bugs:
+ NumberUtils.createNumber() to recognize hex integers prefixed
with +. Fixes LANG-1645.
+ NumberUtils.createNumber() to return requested floating point
type for zero. Fixes LANG-1646.
+ DMI: Random object created and used only once
(DMI_RANDOM_USED_ONLY_ONCE); Better multi-threaded behavior.
+ Redundant Collection operation. Use
Collections.emptyIterator(). Fixes LANG-1646.
+ Make Streams.stream(Collection) null-safe.
+ Allow tests to access java.util classes such as ArrayList in
Java 16. Fixes LANG-1667.
+ OpenJDK 16 Day Period Parsing. Fixes LANG-1669.
+ Update documentation to list correct exception for null array
parameters. Fixes LANG-1663.
+ Fixing reversed Javadoc descriptions in StopWatch.
+ Fix typos in JavaDoc. Fixes LANG-1670.
+ Simplify assertions with equivalent but more simple..
+ Avoid multiple equivalent occurrences of the same expression.
+ Remove redundant initializers.
+ Fix ObjectUtils Javadocs.
+ Make Range constructors more generic. Fixes LANG-1674.
+ Use final and Remove redundant String.
+ Use Set instead of List for checking the contains() method.
+ Javadoc for StringUtils.substringBefore(String str,
int separator) doesn't mention that the separator is an int.
+ Fix NullPointerException in ThreadUtils.getSystemThreadGroup()
when the current thread is stopped.
+ ArrayUtils.toPrimitive(Boolean...) null array elements map to
false, like Boolean.parseBoolean(null) and its callers return
false.
+ StrBuilder.StrBuilderReader.skip(long): Throw an exception
when an implicit narrowing conversion in a compound assignment
would result in information loss or a numeric error such as an
overflows.
+ Deprecate Validate#notNull(Object) in favor of using
Objects#requireNonNull(Object, String).
+ Use TimeZone from calendar in DateFormatUtils. Fixes
LANG-1462.
+ Updating javadoc for NullPointerException when
Validate.notNull() is called.
+ Fixing and adding DateUtils exception Javadocs.
+ Improve performance of StringUtils.unwrap(String, String).
Fixes LANG-1679.
+ Improve performance of StringUtils.join for primitives. Fixes
LANG-1675.
+ Fixed NPE getting Stack Trace if Throwable is null. Fixes
LANG-1675.
+ Make Validate.isAssignableFrom() check null inputs.
+ Fix Javadoc for Validate.isAssignableFrom().
+ Make final mappingFunction variable.
+ Remove unnecessary variable creations.
+ Minor changes.
+ FastDateFormat does not support the 'L'-Pattern from
SimpleDateFormat. Fixes LANG-1680.
+ Increase test coverage of ComparableUtils from 71% to 100%.
+ Increase method test coverage of
MultilineRecursiveToStringStyle.
+ Fix unstable coverage of CharSequenceUtils tests noticed
during merge of PRs 898 and 899.
+ Rewrite Conversion.binaryBeMsb0ToHexDigit to invert logic of
binaryToHexDigit.
+ Allow extension of previously final classes ImmutablePair and
ImmutableTriple.
+ Update ClassUtils Javadoc with some missing throws NPE.
+ Javadoc: StringUtils.repeat("", "x", 3) = "xx";.
+ StringUtils.join(Iterable, String) should only return null
when the Iterable is null.
+ Add tests to increase coverage.
+ Extends Object clauses are redundant.
+ Simplify conditional expression..
+ Fix some Javadoc comments.
+ Deprecate getNanosOfMiili() method with typo and create proper
getNanosOfMilli().
+ Deprecate ThreadUtils code that defines custom function
interfaces in favor of stock java.util.function.Predicate
usage.
+ Fix links in Javadoc and documentation.
+ Deprecate RandomUtils in favor of Apache Commons RNG
UniformRandomProvider. Fixes LANG-1604.
+ Added docs regarding week year support. Fixes LANG-1638.
+ ClassUtils.getShortCanonicalName doesn't use the
canonicalName. Fixes LANG-1691.
+ Validate: Get error messages without using String.format when
varargs is empty.
+ Simplify expression (length is never < 0).
+ Fix simple broken javadoc..
+ Fix typo.
+ Use Objects.requireNonNull() directly.
+ MethodUtils.getMatchingMethod() fails with "Found multiple
candidates". Fixes LANG-1694.
+ Construct ArrayList with better default size. Fixes LANG-1643.
+ ThreadUtilsTest#testThreadGroups will test failed when using
Junit5 parallel test.
+ Swap the order of assertion args (first excepted then actual).
+ Fix the comment of Failable, redundant "-".
+ Fix the comment of ComparableUtils, using "smallest", not
"largest".
+ AnnotationUtilsTest and FormattableUtilsTest Only use static
imports to import assert methods in tests.
+ [LANG-1681] Fix some FieldUtils Javadocs.
+ Remove unnecessary statement in DurationFormatUtils.
+ Corrected value of SystemUtils.JAVA_VENDOR. Fixes LANG-1699.
+ [StepSecurity] ci: Harden GitHub Actions.
+ Update Javadoc for the insert methods in ArrayUtils.
+ Deprecate ExceptionUtils.ExceptionUtils().
+ TypeUtils.getRawType() throws a NullPointerException on
Wildcard GenericArrayType. Fixes LANG-1697.
+ Throw IllegalArgumentException instead of InternalError in the
builder package.
+ Avoid NPE in MutableObject#equals() for null content.
+ SystemUtils fix and updates related to macOS.
- Break cycle with the new bcel
- Removed patch:
* apache-commons-lang3-junit-bom.patch
+ not needed since we install the pom file using the new
%%mvn_install_pom macro which sanitizes the pom file to the
bare runtime dependencies.
- apache2
-
- Refresh apache2-CVE-2023-45802.patch.
- Fix for regression bsc#1233165.
- Apply fix for CVE-2023-45802, bsc#1216423.
Patch file added:
* apache2-CVE-2023-45802.patch
- Apply fix for CVE-2024-40725, bsc#1228097.
Patch file added:
* apache2-CVE-2024-40725.patch
- Apply fix for CVE-2024-39884, bsc#1227353.
Patch file added:
* apache2-CVE-2024-39884.patch
- Apply fix for CVE-2024-38474, bsc#1227278.
Patch file added:
* apache2-CVE-2024-38474.patch
- Apply fix for CVE-2024-38473, bsc#1227276.
Patch files added:
* apache2-CVE-2024-38473-1.patch
* apache2-CVE-2024-38473-2.patch
* apache2-CVE-2024-38473-3.patch
* apache2-CVE-2024-38473-4.patch
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- bcel
-
- Update to version 6.10.0
* 6.10.0 (2024-06-24) Maintenance and bug fix release. Requires
a minimum of Java 8.
+ Fix PMD UnnecessaryFullyQualifiedName.
+ Fix PMD EmptyCatchBlock by allowing commented blocks.
+ Fix PMD EmptyControlStatement by allowing commented blocks.
+ Fix SpotBugs RV_RETURN_VALUE_IGNORED_BAD_PRACTICE in
JasminVisitor.
+ SpotBugs checks should ignore code generated by JavaCC.
+ Fix SpotBugs URF_UNREAD_FIELD in ClassDumper.
+ Fix SpotBugs DM_DEFAULT_ENCODING in JasminVisitor.
+ Fix SpotBugs RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE in
ASTFunAppl.
+ Fix SpotBugs RV_ABSOLUTE_VALUE_OF_HASHCODE in
Mini.Environment.
+ Fix SpotBugs DM_DEFAULT_ENCODING in Mini.MiniC.
+ Fix SpotBugs WMI_WRONG_MAP_ITERATOR in Package.go(String[]).
+ Deprecate TransitiveHull.INGORED in favor of
TransitiveHull.getIgnored().
+ Add accessors to model and unit tests, Javadoc #183.
+ Add Const.MAJOR_22.
+ Add Const.MINOR_22.
+ Add Const.MAJOR_23.
+ Add Const.MINOR_23.
+ Add Const.MAJOR_24.
+ Add Const.MINOR_24.
+ Bump tests from org.assertj:assertj-core 3.25.3 to 3.26.3
[#322], #332.
+ Bump tests from org.jetbrains.kotlin:kotlin-stdlib 1.9.23 to
2.0.0 #309, #318.
+ Bump tests from org.apache.commons:commons-collections4 4.4
to 4.5.0-M2.
+ Bump org.apache.commons:commons-parent from 69 to 71.
+ Bump org.codehaus.mojo:taglist-maven-plugin from 3.0.0 to
3.1.0 #331.
* Includes changes from 6.9.0 Maintenance and bug fix release.
+ Add Support for Java 16 records #290.
+ Add null guard for InstructionFactory.createInvoke() #289.
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.DescendingVisitor.accept(E[]).
+ Avoid possible NullPointerException in
AnnotationEntryGen.getAnnotationAttributes(ConstantPoolGen,
AnnotationEntryGen[]).
+ Avoid possible NullPointerException in
AnnotationEntryGen.copyValues(ElementValuePair[],
ConstantPoolGen, boolean).
+ Avoid possible NullPointerException in
ArrayElementValueGen.ArrayElementValueGen(int,
ElementValue[], ConstantPoolGen).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.setMethods(Method[]).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.unpackAnnotations(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.ClassGen.ClassGen(JavaClass).
+ Avoid possible NullPointerException in
org.apache.bcel.generic.FieldGenOrMethodGen.addAll(Attribute[]).
+ Avoid possible NullPointerException in
org.apache.bcel.classfile.ParameterAnnotationEntry.createParameterAnnotationEntries(Attribute[]).
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.MethodParameters.setParameters(MethodParameter[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ParameterAnnotations.setParameterAnnotationTable(ParameterAnnotationEntry[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LocalVariableTypeTable.setLocalVariableTable(LocalVariable[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LocalVariableTable.setLocalVariableTable(LocalVariable[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.LineNumberTable.setLineNumberTable(LineNumber[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setMethods(Method[] with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setInterfaces(int[]) with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setInterfaceNames(String[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setFields(Field[]) with
null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.JavaClass.setAttributes(Attribute[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ConstantPool.setConstantPool(Constant[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.FieldOrMethod.setAttributes(Attribute[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.Annotations.setAnnotationTable(AnnotationEntry[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.ArrayElementValue.ArrayElementValue(int,
ElementValue[], ConstantPool) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethod.BootstrapMethod(int,
int[]) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethod.setBootstrapArguments(int[])
with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethods.BootstrapMethods(int,
int, BootstrapMethod[], ConstantPool) with null.
+ Avoid NullPointerException after calling
org.apache.bcel.classfile.BootstrapMethods.setBootstrapMethods(BootstrapMethod[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.redirectLocalVariables(LocalVariableGen[],
InstructionHandle, InstructionHandle) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.redirectExceptionHandlers(CodeExceptionGen[],
InstructionHandle, InstructionHandle) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.InstructionList.findHandle(InstructionHandle[],
int[], int, int) with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.setArgumentTypes(Type[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.setArgumentNames(String[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.removeRuntimeAttributes(Attribute[])
with null.
+ Avoid NullPointerException calling
org.apache.bcel.generic.MethodGen.makeMutableVersion(AnnotationEntry[])
with null.
+ Bump org.apache.commons:commons-parent from 66 to 69 #283,
[#297].
+ Bump org.jetbrains.kotlin:kotlin-stdlib from 1.9.22 to 1.9.23
[#284].
+ Bump commons-io:commons-io from 2.15.1 to 2.16.1 #295, #300.
- Update to version 6.8.0
* 6.8.0 (2023-12-08) Maintenance and bug fix release.
+ New features:
~ Add and use InvalidMethodSignatureException extending
ClassFormatException.
~ Increase code coverage in Class2HTMLTestCase with new test
input Java4Example #186.
~ Add verifier tests on some opcodes #180.
~ Added signature test cases for class/method, and bad
signatures #182.
~ Add Const.MAJOR_20.
~ Add Const.MINOR_20.
~ Add Const.MAJOR_21.
~ Add Const.MINOR_21.
~ [Bcelifier] stackmap support to pass JDK verifier #177.
~ Fix SpotBugs [ERROR] Class org.apache.bcel.util.ClassVector
defines non-transient non-serializable instance field vec
[org.apache.bcel.util.ClassVector] In ClassVector.java
SE_BAD_FIELD.
~ Fix SpotBugs [ERROR] Switch statement found in
org.apache.bcel.util.BCELFactory.visitAllocationInstruction(AllocationInstruction)
where one case falls through to the next case
[org.apache.bcel.util.BCELFactory,
org.apache.bcel.util.BCELFactory] At
BCELFactory.java:[lines 188-191]Another occurrence at
BCELFactory.java:[lines 192-196] SF_SWITCH_FALLTHROUGH.
+ Fixed bugs:
~ When parsing an class with an invalid constant reference,
ensure ClassParser.parse() throws ClassFormatException, not
NullPointerException.
~ Ensure that references to a constant pool entry with index
zero trigger a ClassFormatException, not a
NullPointerException.
~ Ensure that references to the unused constant pool entry
after a long/double entry triggers a ClassFormatException,
not a NullPointerException.
~ Test and coverage of InstructionFactory #190.
~ Verifier: test and coverage for SWAP instruction #188.
~ Exception parsing Kotlin class with 'fun `method name with
() in it`()' #205.
~ Fix null pointers in AnnotationEntry #213.
~ Field not found, search field in both super class and
implemented interfaces (5x duplicated code to find field by
name and type is refactored to a new method and now
supports package-private) #181.
~ BCEL-366: Use alternative name for broken classes under
test #220.
~ BCEL-367: Fixes java.lang.IndexOutOfBoundsException for
ATHROW on empty stack #223.
~ BCEL-368: Fixes java.lang.StackOverflowError in
Select#toString(boolean) #229.
~ Fix for type.getType(...) use on non-signature type names
[#221].
~ Fix EmptyVisitorTestCase on Java 21.
+ Changes:
~ Bump commons-parent from 54 to 65 #189, #198, #222.
~ Bump jna.version from 5.12.1 to 5.13.0 #203.
~ Bump kotlin-stdlib from 1.8.10 to 1.9.21 #217, #219, #227,
[#231], #235, #245, #247.
~ Bump commons-io from 2.11.0 to 2.15.1.
~ Bump commons-lang3 from 3.12.0 to 3.14.0.
~ Bump org.codehaus.mojo:exec-maven-plugin from 3.1.0 to
3.1.1 #246.
- Update to version 6.7.0
* 6.7.0 (2022-11-28) Maintenance and bug fix release.
* 6.6.1 (2022-10-29) Maintenance and bug fix release.
* 6.6.0 (2022-10-08) Minor feature and bug fix release.
* 6.5.0 (2020-06-05) Minor feature and bug fix release.
* 6.4.1 (2019-09-26) Bug fix release.
* 6.4.0 (2019-09-20) Feature and bug fix release.
* 6.3.1 (2019-03-20) Bug fix release
* 6.3 (2019-01-23) Experimental Java 9, 10, 11, 12-EA, and 13-EA
Support
* 6.2 (2017-12-08) Experimental Java 9 Support
* 6.1 (2017-09-14) Experimental Java 9 Support
* 6.0 (2016-07-10) Apache Commons BCEL 6.0 is a major release
supporting the new features introduced in Java 6, 7 and 8. It
requires Java 7 or higher to run.
COMPATIBILITY with 5.2
+ Binary compatible
- not strictly compatible
- The constant interface org.apache.bcel.Constants has been
deprecated. Classes which implemented this interface in 5.2
now use the constants defined in the org.apache.bcel.Const
class.
- The constant interface
org.apache.bcel.generic.InstructionConstants has been
deprecated. Classes which implemented this interface in 5.2
now use the constants defined in the
org.apache.bcel.generic.InstructionConsts class.
- Return type of method 'public java.lang.Object
getElementAt(int)' in org.apache.bcel.verifier
.VerifierFactoryListModel has been changed to
java.lang.String.
- The BCEL classes do no longer implement java.io.Serializable.
+ Source compatible
- Yes, sort of;
- The org.apache.bcel.classfile.Visitor interface has been
enhanced with additional methods. If you implemented it
directly instead of extending the EmptyVisitor class you'll
have to implement the new methods.
- The org.apache.bcel.generic.Visitor interface has been
enhanced with an additional method. If you implemented it
directly instead of extending the EmptyVisitor class you'll
have to implement the new methods.
+ Semantic compatible
- Yes, except:
- BCEL 6.0 handles new attributes such as code annotations
that could only be processed by implementing a custom
AttributeReader in the previous versions. Code relying on
this behavior will have to be adjusted since the
AttributeReader will no longer be called in these cases.
+ For full information about API changes please see the extended
Clirr report: https://commons.apache.org/bcel/clirr-report.html
- Removed patches:
* bcel-5.2-encoding.patch
+ part of our own build.xml file generated to build with ant
* bcel-CVE-2022-42920.patch
+ integrated upstrea
- binutils
-
- Update to current 2.43.1 branch [PED-10474]:
* PR32109 - fuzzing problem
* PR32083 - LTO vs overridden common symbols
* PR32067 - crash with LTO-plugin and --oformat=binary
* PR31956 - LTO vs wrapper symbols
* riscv - add Zimop and Zcmop extensions
- Adjusted binutils-2.43-branch.diff.gz.
- Update to version 2.43:
* new .base64 pseudo-op, allowing base64 encoded data as strings
* Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF
(APX_F now fully supported)
* x86 Intel syntax now warns about more mnemonic suffixes
* macros and .irp/.irpc/.rept bodies can use \+ to get at number
of times the macro/body was executed
* aarch64: support 'armv9.5-a' for -march, add support for LUT
and LUT2
* s390: base register operand in D(X,B) and D(L,B) can now be
omitted (ala 'D(X,)'); warn when register type doesn't match
operand type (use option
'warn-regtype-mismatch=[strict|relaxed|no]' to adjust)
* riscv: support various extensions: Zacas, Zcmp, Zfbfmin,
Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw,
XSfCease, all at version 1.0;
remove support for assembly of privileged spec 1.9.1 (linking
support remains)
* arm: remove support for some old co-processors: Maverick and FPA
* mips: '--trap' now causes either trap or breakpoint instructions
to be emitted as per current ISA, instead of always using trap
insn and failing when current ISA was incompatible with that
* LoongArch: accept .option pseudo-op for fine-grained control
of assembly code options; add support for DT_RELR
* readelf: now displays RELR relocations in full detail;
add -j/--display-section to show just those section(s) content
according to their type
* objdump/readelf now dump also .eh_frame_hdr (when present) when
dumping .eh_frame
* gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake
processors; add minimal support for riscv
* linker:
- put .got and .got.plt into relro segment
- add -z isa-level-report=[none|all|needed|used] to the x86 ELF
linker to report needed and used x86-64 ISA levels
- add --rosegment option which changes the -z separate-code
option so that only one read-only segment is created (instead
of two)
- add --section-ordering-file <FILE> option to add extra
mapping of input sections to output sections
- add -plugin-save-temps to store plugin intermediate files
permanently
- Removed binutils-2.42.tar.bz2, binutils-2.42-branch.diff.gz.
- Added binutils-2.43.tar.bz2, binutils-2.43-branch.diff.gz.
- Removed upstream patch riscv-no-relax.patch.
- Rebased ld-relro.diff and binutils-revert-rela.diff.
- binutils-pr22868.diff: Remove obsolete patch
- Undefine _FORTIFY_SOURCE when running checks
- Allow to disable profiling
- Use %patch -P N instead of deprecated %patchN.
- riscv-no-relax.patch: RISC-V: Don't generate branch/jump relocation if
symbol is local when no-relax
- Add binutils-disable-code-arch-error.diff to demote an
error about swapped .arch/.code directives to a warning.
It happens in the wild.
- Update to version 2.42:
* Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16,
RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and
flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2',
'+rcpc2' and '+wfxt'
* Add experimantal support for GAS to synthesize call-frame-info for
some hand-written asm (--scfi=experimental) on x86-64.
* Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2,
PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16.
* Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0,
SiFive VCIX v1.0.
* BPF assembler: ';' separates statements now, and does not introduce
line comments anymore (use '#' or '//' for this).
* x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with
dynamic tags.
* risc-v ld: Add '--[no-]check-uleb128'.
* New linker script directive: REVERSE, to be combined with SORT_BY_NAME
or SORT_BY_INIT_PRIORITY, reverses the generated order.
* New linker options --warn-execstack-objects (warn only about execstack
when input object files request it), and --error-execstack plus
- -error-rxw-segments to convert the existing warnings into errors.
* objdump: Add -Z/--decompress to be used with -s/--full-contents to
decompress section contents before displaying.
* readelf: Add --extra-sym-info to be used with --symbols (currently
prints section name of references section index).
* objcopy: Add --set-section-flags for x86_64 to include
SHF_X86_64_LARGE.
* s390 disassembly: add target-specific disasm option 'insndesc',
as in "objdump -M insndesc" to display an instruction description
as comment along with the disassembly.
- Add binutils-2.42-branch.diff.gz.
- Rebased s390-biarch.diff.
- Adjusted binutils-revert-hlasm-insns.diff,
binutils-revert-plt32-in-branches.diff and binutils-revert-rela.diff
for upstream changes.
- Removed binutils-2.41-branch.diff.gz, binutils-2.41.tar.bz2,
binutils-2.41-branch.diff.gz.
- Removed binutils-use-less-memory.diff, binutils-old-makeinfo.diff
and riscv-relro.patch (all upstreamed).
- Removed add-ulp-section.diff, we use a different mechanism
for live patching since a long time.
- Add binutils-use-less-memory.diff to be a little nicer to 32bit
userspace and huge links. [bsc#1216908]
- riscv-relro.patch: RISC-V: Protect .got with relro
- Add libzstd-devel to Requires of binutils-devel. (bsc#1215341)
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- cobbler
-
- CVE-2024-47533: Prevent privilege escalation from none to admin (bsc#1231332)
- Added:
* xmlrpc_privilege_escalation_prevention.patch
- Increase start timeout for cobblerd unit (bsc#1219450)
- Provide sync_single_system for DHCP modules to improve performance (bsc#1219450)
- Add input_string_*, input_boolean, input_int functiont to public API
- Add new setting for uyuni authentication endpoint (bsc#1219887)
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- csp-billing-adapter
-
- Update to version 1.1.0:
* Fix unit file jsc#PED-8482 bsc#1227329
* Support daily billing interval to enable testing on Azure
- Update to version 1.0.0:
* Switch spec build to python 3.11
- cups
-
- cups-branch-2.2-commit-b643d6ba92f00752aa5e74ff86ad3974334914c1.diff
is https://github.com/OpenPrinting/cups/commit/b643d6ba92f00752aa5e74ff86ad3974334914c1
which was added in CUPS 2.2.8 that
fixed a parsing bug in cups_auth_find() in cups/auth.c
which lead to cupsd failing to authenticate users
when group membership is required by cupsd configuration
like 'Require user @GROUP' which lead to CUPS related commands
requesting password from group users even if it is not needed
(bsc#1226227)
- In cups.changes replaced one place where UTF-8 characters
were used in the entry dated "Sat Sep 30 08:52:42 UTC 2017"
for what should be ' - ' by ASCII to avoid RPMLINT warning
about 'non-break-space' which "can lead to obscure errors".
- curl
-
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- deltarpm
-
- update to deltarpm-3.6.5
* support for archive files bigger than 2GByte [bnc#1230547]
- update to deltarpm-3.6.4
* support for threaded zstd
* use a tmp file instead of memory to hold the incore data
[bsc#1228948]
- dropped patches:
* deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch
- deltarpm-b7987f6aa4211df3df03dcfc55a00b2ce7472e0a.patch: fixed
some C bugs ( incorrect sized memset() , memcpy instead of strcpy,
unsigned int)
- update to deltarpm-3.6.3
* support for threaded zstd compression
- Actually enable zstd compression
- update to deltarpm-3.6.2
* support for zstd compression
- dracut
-
- Update to version 055+suse.359.geb85610b:
* fix(convertfs): error in conditional expressions (bsc#1228847)
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- glibc
-
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- grafana-formula
-
- Version 0.11.0
* Add SLES 15 SP6 to supported versions (bsc#1228286)
- grub2
-
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- httpcomponents-asyncclient
-
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
- Adapted for Enterprise Linux 9
- httpcomponents-client
-
- Update to version 4.5.14
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent
response objects.
* HTTPCLIENT-2174: URIBuilder to return a new empty list instead
of unmodifiable Collections#emptyList.
* Don't retry requests in case of NoRouteToHostException.
* HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
of requests with form url-encoded body.
* PR #269: 4.5.x use array fill and more.
+ Use Arrays.fill().
+ Remove redundant modifiers.
+ Use Collections.addAll() and Collection.addAll() APIs instead
of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg
method.
+ Remote extra semicolons (;).
+ Use a 'L' instead of 'l' to make long literals more readable.
* PublicSuffixListParser.parseByType(Reader) allocates but does
not use a 256 char StringBuilder.
* Incorrect handling of malformed authority component by
URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
* Avoid updating Content-Length header in a 304 response.
* Bug fix: BasicExpiresHandler is annotated as immutable but is
not (#239)
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler (#222).
- Use %patch -P N instead of deprecated %patchN.
- httpcomponents-core
-
- Upgraded to version 4.4.14
* PR #231: 4.4.x Use better map apis and more.
+ Remove redundant modifiers.
+ Use Collections.addAll() API instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg
method.
+ Remote extra semicolons (;).
* Bug fix: Non-blocking TLSv1.3 connections can end up in an
infinite event spin when closed concurrently by the local and
the remote endpoints.
* HTTPCORE-647: Non-blocking connection terminated due to
'java.io.IOException: Broken pipe' can enter an infinite loop
flushing buffered output data.
* PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
that can cause internal state corruption when persistent
connections are manually removed from the pool.
- Use %patch -P N instead of deprecated %patchN.
- hwdata
-
- update to 0.389:
* Update pci and vendor ids
- update to 0.385:
* Update pci and vendor ids
- update to 0.383:
* Update pci and vendor ids
- update to 0.382:
* Update pci, usb and vendor ids
- jackson-annotations
-
- Update to 2.17.3
* No changes since 2.17.2
- Build the module-info.java source too (with release=9)
- Update to 2.17.2
* No changes since 2.17.1
- Update to 2.17.1
* No changes since 2.17.0
- Includes changes from 2.17.0
* #242: Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for
use on constructor parameters)
- jackson-core
-
- Update to 2.17.3
* #1331: Update to FastDoubleParser v1.0.1 to fix 'BigDecimal'
decoding problem
* #1340: Missing 'JsonFactory' "provides" SPI with JPMS in
'jackson-core' module
* #1352: Fix infinite loop due to integer overflow when reading
large strings
- Build the module-info.java source too (with release=9)
- Update to 2.17.2
* #1308: Relax validation by 'NumberInput.looksLikeValidNumber()'
to allow trailing dot (like '3.')
- Reproducible builds: generate javadoc without timestamps
- Update to 2.17.1
* #1241: Fix 'NumberInput.looksLikeValidNumber()' implementation
* #1256: Revert #1117: change default recycler pool back to
'threadLocalPool()' for 2.17.1
- Includes changes from 2.17.0
* #507: Add 'JsonWriteFeature.ESCAPE_FORWARD_SLASHES' to allow
escaping of '/' for String values
* #1117: Change default 'RecylerPool' implementation to
'newLockFreePool' (from 'threadLocalPool')
* #1137: Improve detection of "is a NaN" to only consider
explicit cases, not 'double' overflow/underflow
* #1145: 'JsonPointer.appendProperty(String)' does not escape the
property name
* #1149: Add 'JsonParser.getNumberTypeFP()'
* #1157: Use fast parser (FDP) for large 'BigDecimal's (500+
chars)
* #1169: 'ArrayIndexOutOfBoundsException' for specific invalid
content, with Reader-based parser
* #1173: 'JsonLocation' consistently off by one character for
many invalid JSON parsing cases
* #1179: Allow configuring 'DefaultPrettyPrinter' separators for
empty Arrays and Objects
* #1186: 'BufferRecycler' should avoid setting replacement if one
already returned, bigger
* #1195: Use 'BufferRecycler' provided by output ('OutputStream',
'Writer') object if available
* #1202: Add 'RecyclerPool.clear()' method for dropping all
pooled Objects
* #1203: Faster division by 1000
* #1205:
JsonFactory.setStreamReadConstraints(StreamReadConstraints)
fails to update "maxNameLength" for symbol tables
* #1217: Optimize char comparison using bitwise OR
* #1218: Simplify Unicode surrogate pair conversion for
generation
- jackson-databind
-
- Update to 2.17.3
* #4718: Should not fail on trying to serialize
'java.time.DateTimeException'
- Remove LGPL-2.1-or-later license, since not found in the package
- Build the module-info.java source too (with release=9)
- Update to 2.17.2
* #4561: Issues using jackson-databind 2.17.1 with Reactor
* #4575: StdDelegatingSerializer does not consider a Converter
that may return null for a non-null input
* #4577: Cannot deserialize value of type 'java.math.BigDecimal'
from String "3." (not a valid representation)
* #4595: No way to explicitly disable wrapping in custom
annotation processor
* #4607: 'MismatchedInput': No Object Id found for an instance of
X to assign to property '@id'
* #4610: 'DeserializationFeature.FAIL_ON_UNRESOLVED_OBJECT_IDS'
does not work when used with Polymorphic type handling
- Update to 2.17.1
* 2.17.1 (04-May-2024)
+ #4428: 'ByteBuddy' scope went beyond 'test' in version 2.17.0
+ #4430: Use 'ReentrantLock' instead of 'synchronized' in
'DeserializerCache' to avoid deadlock on pinning
+ #4435: Cannot deserialize value of type 'java.math.BigDecimal'
from String ".05": not a valid representation
+ #4441: '@JsonSetter(nulls = Nulls.SKIP)' doesn't work in some
situations
+ #4450: Empty QName deserialized as 'null'
+ #4471: Reconsider deprecation of
'JsonNode.asText(defaultValue)'
+ #4481: Unable to override
'DeserializationFeature.READ_UNKNOWN_ENUM_VALUES_AS_NULL' with
'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_AS_NULL'
+ #4489: Unable to override 'DeserializationFeature
.READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE' with
'JsonFormat.Feature.READ_UNKNOWN_ENUM_VALUES_USING_DEFAULT_VALUE'
* 2.17.0 (12-Mar-2024)
+ #437: Support throwing 'MismatchedInputException' when
deserializing properties that are not part of the view
+ #736: 'MapperFeature.REQUIRE_SETTERS_FOR_GETTERS' has no effect
+ #2543: Introspection includes delegating ctor's only parameter
as a property in 'BeanDescription'
+ #4160: Deprecate 'DefaultTyping.EVERYTHING' in '2.x' and
remove in '3.0'
+ #4194: Add 'JsonNodeFeature
.FAIL_ON_NAN_TO_BIG_DECIMAL_COERCION' option to fail on
attempting to coerce 'NaN' into 'BigDecimal'
+ #4205: Consider types in 'sun.*' package(s) to be JDK
(platform) types for purposes of handling
+ #4209: Make 'BeanDeserializerModifier'/'BeanSerializerModifier'
implement 'java.io.Serializable'
+ #4214: 'EnumSet' deserialization does not work when we
activate default typing in 'ObjectMapper'
+ #4248: 'ThrowableDeserializer' does not handle 'null' well for
'cause'
+ #4250: Add input validation for 'NumberDeserializers'
deserializers for "stringified" FP numbers
+ #4262: Improve handling of 'null' insertion failure for
'TreeSet'
+ #4263: Change 'ObjectArrayDeserializer' to use "generic" type
parameter ('java.lang.Object') to remove co-variant return
type
+ #4299: Some 'Collection' and 'Map' fallbacks don't work in
GraalVM native image
+ #4309: '@JsonSetter(nulls=...)' handling of 'Collection'
'null' values during deserialization with
'READ_UNKNOWN_ENUM_VALUES_AS_NULL' and
'FAIL_ON_INVALID_SUBTYPE' wrong
+ #4327: '@JsonAlias' not respected by polymorphic deduction
+ #4337: 'AtomicReference' serializer does not support
'@JsonSerialize(contentConverter=...)'
+ #4364: '@JsonProperty' and equivalents should merge with
'AnnotationIntrospectorPair'
+ #4394: Better Base64 support for 'java.util.UUIDs' without
padding
+ #4403: Deserialization of unknown value for enums does not
yield default enum value
+ #4416: Deprecate 'JsonNode.asText(String)'
* 2.16.2 (09-Mar-2024)
+ #4302: Problem deserializing some type of Enums when using
'PropertyNamingStrategy'
+ #4303: 'ObjectReader' is not serializable if it's configured
for polymorphism
+ #4316: NPE when deserializing 'JsonAnySetter' in 'Throwable'
+ #4355: Jackson 2.16 fails attempting to obtain 'ObjectWriter'
for an 'Enum' of which some value returns null from
'toString()'
+ #4409: Deserialization of enums with name defined with
different cases leads to 'InvalidDefinitionException':
Multiple fields representing property
- java-11-openjdk
-
- Upgrade to upstream tag jdk-11.0.25+9 (October 2024 CPU)
* Security fixes
+ JDK-8290367, JDK-8332643: Update default value and extend the
scope of com.sun.jndi.ldap.object.trustSerialData system
property
+ JDK-8307383: Enhance DTLS connections
+ JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
+ JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of
vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446, CVE-2024-21217, bsc#1231716: Improve
deserialization support
+ JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph
optimizations
+ JDK-8335713: Enhance vectorization analysis
* Other changes
+ JDK-7124313: [macosx] Swing Popups should overlap taskbar
+ JDK-7156347: javax/swing/JList/6462008/bug6462008.java fails
+ JDK-8078725: method adjustments can be done just once for all
classes involved into redefinition
+ JDK-8205076: [17u] Inet6AddressImpl.c: 'lookupIfLocalHost'
accesses 'int InetAddress.preferIPv6Address' as a boolean
+ JDK-8206440: Remove javac -source/-target 6 from jdk
regression tests
+ JDK-8210338: Better output for GenerationTests.java
+ JDK-8211920: Close server socket and cleanups in
test/jdk/javax/naming/module/RunBasic.java
+ JDK-8222005: ClassRedefinition crashes with: guarantee(false)
failed: OLD and/or OBSOLETE method(s) found
+ JDK-8222884: ConcurrentClassDescLookup.java times out
intermittently
+ JDK-8224081: SOCKS v4 tests require IPv4
+ JDK-8227122: [TESTBUG] Create Docker sidecar test cases
+ JDK-8229822: ThrowingPushPromises tests sometimes fail due to
EOF
+ JDK-8231427: Warning cleanup in tests of java.io.Serializable
+ JDK-8236917: TestInstanceKlassSize.java fails with "The size
computed by SA for java.lang.Object does not match"
+ JDK-8238169: BasicDirectoryModel getDirectories and
DoChangeContents.run can deadlock
+ JDK-8240226: DeflateIn_InflateOut.java test incorrectly
assumes size of compressed file
+ JDK-8242999: HTTP/2 client may not handle CONTINUATION frames
correctly
+ JDK-8244966: Add .vscode to .hgignore and .gitignore
+ JDK-8249097: test/lib/jdk/test/lib/util/JarBuilder.java has a
bad copyright
+ JDK-8249772: (ch) Improve
sun/nio/ch/TestMaxCachedBufferSize.java
+ JDK-8249826: 5 javax/net/ssl/SSLEngine tests use @ignore w/o
bug-id
+ JDK-8251188: Update LDAP tests not to use wildcard addresses
+ JDK-8253207: enable problemlists jcheck's check
+ JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
/FilenameFilterTest.java fails on Mac OS
+ JDK-8255913: Decrease number of iterations in
TestMaxCachedBufferSize
+ JDK-8255969: Improve java/io/BufferedInputStream/
/LargeCopyWithMark.java using jtreg tags
+ JDK-8259274: Increase timeout duration in
sun/nio/ch/TestMaxCachedBufferSize.java
+ JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
/MouseEventAfterStartDragTest.html test failed
+ JDK-8261433: Better pkcs11 performance for
libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
+ JDK-8263031: HttpClient throws Exception if it receives a
Push Promise that is too large
+ JDK-8266149: mark hotspot compiler/startup tests which ignore
VM flags
+ JDK-8266150: mark hotspot compiler/arguments tests which
ignore VM flags
+ JDK-8266153: mark hotspot compiler/onSpinWait tests which
ignore VM flags
+ JDK-8266154: mark hotspot compiler/oracle tests which ignore
VM flags
+ JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java
assumes that GCs take 1ms minimum
+ JDK-8269428: java/util/concurrent/ConcurrentHashMap/
/ToArray.java timed out
+ JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java
fails with Address already in use error
+ JDK-8273135: java/awt/color/ICC_ColorSpace/
/MTTransformReplacedProfile.java crashes in liblcms.dylib with
NULLSeek+0x7
+ JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
/JComponent/6683775/bug6683775.java
+ JDK-8276036: The value of full_count in the message of
insufficient codecache is wrong
+ JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails
intermittently on storage acquisition
+ JDK-8276819: javax/print/PrintServiceLookup/
/FlushCustomClassLoader.java fails to free
+ JDK-8279164: Disable TLS_ECDH_* cipher suites
+ JDK-8279337: The MToolkit is still referenced in a few places
+ JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
/NonfocusableOwnerTest.java failed with "RuntimeException:
Test failed."
+ JDK-8284585: PushPromiseContinuation test fails
intermittently in timeout
+ JDK-8286601: Mac Aarch: Excessive warnings to be ignored for
build jdk
+ JDK-8286781: Replace the deprecated/obsolete gethostbyname
and inet_addr calls
+ JDK-8292044: HttpClient doesn't handle 102 or 103 properly
+ JDK-8294148: Support JSplitPane for instructions and test UI
+ JDK-8294310: compare.sh fails on macos after JDK-8293550
+ JDK-8296410: HttpClient throws java.io.IOException: no
statuscode in response for HTTP2
+ JDK-8298873: Update IllegalRecordVersion.java for changes to
TLS implementation
+ JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
when connection is idle
+ JDK-8299487: Test
java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out
+ JDK-8301189: validate-source fails after JDK-8298873
+ JDK-8303216: Prefer ArrayList to LinkedList in
sun.net.httpserver.ServerImpl
+ JDK-8303965: java.net.http.HttpClient should reset the stream
if response headers contain malformed header fields
+ JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
+ JDK-8305079: Remove finalize() from compiler/c2/Test719030
+ JDK-8305081: Remove finalize() from
test/hotspot/jtreg/compiler/runtime/Test8168712
+ JDK-8305825: getBounds API returns wrong value resulting in
multiple Regression Test Failures on Ubuntu 23.04
+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address
+ JDK-8306060: Open source few AWT Insets related tests
+ JDK-8306432: Open source several AWT Text Component related
tests
+ JDK-8306466: Open source more AWT Drag & Drop related tests
+ JDK-8306489: Open source AWT List related tests
+ JDK-8306566: Open source several clipboard AWT tests
+ JDK-8306850: Open source AWT Modal related tests
+ JDK-8307091: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8307779: Relax the java.awt.Robot specification
+ JDK-8308184: Launching java with large number of jars in
classpath with java.protocol.handler.pkgs system property set
can lead to StackOverflowError
+ JDK-8309934: Update GitHub Actions to use JDK 17 for building
jtreg
+ JDK-8310201: Reduce verbose locale output in -XshowSettings
launcher option
+ JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
+ JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
+ JDK-8314614: jdk/jshell/ImportTest.java failed with
"InternalError: Failed remote listen"
+ JDK-8315422: getSoTimeout() would be in try block in
SSLSocketImpl
+ JDK-8315437: Enable parallelism in
vmTestbase/nsk/monitoring/stress/classload tests
+ JDK-8315442: Enable parallelism in
vmTestbase/nsk/monitoring/stress/thread tests
+ JDK-8315804: Open source several Swing JTabbedPane JTextArea
JTextField tests
+ JDK-8315898: Open source swing JMenu tests
+ JDK-8315965: Open source various AWT applet tests
+ JDK-8316104: Open source several Swing SplitPane and
RadioButton related tests
+ JDK-8316211: Open source several manual applet tests
+ JDK-8316240: Open source several add/remove MenuBar manual
tests
+ JDK-8316285: Opensource JButton manual tests
+ JDK-8316306: Open source and convert manual Swing test
+ JDK-8316328: Test jdk/jfr/event/oldobject/
/TestSanityDefault.java times out for some heap sizes
+ JDK-8316462: sun/jvmstat/monitor/MonitoredVm/
/MonitorVmStartTerminate.java ignores VM flags
+ JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+ JDK-8317039: Enable specifying the JDK used to run jtreg
+ JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+ JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
Press on the outside area didn't cause ungrab
+ JDK-8317316: G1: Make TestG1PercentageOptions use
createTestJvm
+ JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+ JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+ JDK-8317807: JAVA_FLAGS removed from jtreg running in
JDK-8317039
+ JDK-8318039: GHA: Bump macOS and Xcode versions
+ JDK-8320079: The ArabicBox.java test has no control buttons
+ JDK-8320570: NegativeArraySizeException decoding >1G UTF8
bytes with non-ascii characters
+ JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
+ JDK-8320945: problemlist tests failing on latest Windows 11
update
+ JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC
and ZGC
+ JDK-8323670: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8324755: Enable parallelism in
vmTestbase/gc/gctests/LargeObjects tests
+ JDK-8325022: Incorrect error message on client authentication
+ JDK-8325179: Race in BasicDirectoryModel.validateFileCache
+ JDK-8325862: set -XX:+ErrorFileToStderr when executing java
in containers for some container related jtreg tests
+ JDK-8325876: crashes in docker container tests on
Linuxppc64le Power8 machines
+ JDK-8326140: src/jdk.accessibility/windows/native/
/libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp
ReleaseStringChars might be missing in early returns
+ JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java
fails
+ JDK-8327137: Add test for ConcurrentModificationException in
BasicDirectoryModel
+ JDK-8327631: Update IANA Language Subtag Registry to Version
2024-03-07
+ JDK-8327787: Convert javax/swing/border/Test4129681.java
applet test to main
+ JDK-8327840: Automate javax/swing/border/Test4129681.java
+ JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
/GetBoundsResizeTest.java applet test to main
+ JDK-8328110: Allow simultaneous use of PassFailJFrame with
split UI and additional windows
+ JDK-8328115: Convert java/awt/font/TextLayout/
/TestJustification.html applet test to main
+ JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
to automatic main test
+ JDK-8328218: Delete test
java/awt/Window/FindOwner/FindOwner.html
+ JDK-8328234: Remove unused nativeUtils files
+ JDK-8328238: Convert few closed manual applet tests to main
+ JDK-8328269: NonFocusablePopupMenuTest.java should be marked
as headful
+ JDK-8328273: sun/management/jmxremote/bootstrap/
/RmiRegistrySslTest.java failed with
java.rmi.server.ExportException: Port already in use
+ JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
/ClickDuringKeypress.java imports Applet
+ JDK-8328561: test java/awt/Robot/ManualInstructions/
/ManualInstructions.java isn't used
+ JDK-8328953: JEditorPane.read throws ChangedCharSetException
+ JDK-8328999: Update GIFlib to 5.2.2
+ JDK-8329004: Update Libpng to 1.6.43
+ JDK-8329013: StackOverflowError when starting Apache Tomcat
with signed jar
+ JDK-8329103: assert(!thread->in_asgct()) failed during
multi-mode profiling
+ JDK-8329510: Update ProblemList for
JFileChooser/8194044/FileSystemRootTest.java
+ JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
because The End and Start buttons are not placed correctly and
Tab focus does not move as expected
+ JDK-8329995: Restricted access to '/proc' can cause JFR
initialization to crash
+ JDK-8330063: Upgrade jQuery to 3.7.1
+ JDK-8330416: Update system property for Java SE specification
maintenance version
+ JDK-8330523: Reduce runtime and improve efficiency of
KeepAliveTest
+ JDK-8331063: Some HttpClient tests don't report leaks
+ JDK-8331263: Bump update version for OpenJDK: jdk-11.0.25
+ JDK-8331466: Problemlist serviceability/dcmd/gc/
/RunFinalizationTest.java on generic-all
+ JDK-8331746: Create a test to verify that the cmm id is not
ignored
+ JDK-8331798: Remove unused arg of checkErgonomics() in
TestMaxHeapSizeTools.java
+ JDK-8332008: Enable issuestitle check
+ JDK-8332113: Update nsk.share.Log to be always verbose
+ JDK-8332424: Update IANA Language Subtag Registry to Version
2024-05-16
+ JDK-8332524: Instead of printing "TLSv1.3," it is showing
"TLS13"
+ JDK-8332898: failure_handler: log directory of commands
+ JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
/TestDescription.java fails with no GC's recorded
+ JDK-8333724: Problem list security/infra/java/security/cert/
/CertPathValidator/certification/CAInterop.java
[#]teliasonerarootcav1
+ JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
an exception with 0 failures
+ JDK-8333837: [11u] HexPrinterTest.java javac compile fails
illegal start of expression
+ JDK-8333839: [11u] LingeredAppTest.java fails Can't find
source file: LingeredApp.java
+ JDK-8334166: Enable binary check
+ JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
includes elements of JDK-8163327
+ JDK-8334418: Update IANA Language Subtag Registry to Version
2024-06-14
+ JDK-8334653: ISO 4217 Amendment 177 Update
+ JDK-8334711: [TEST_BUG] Compilation failed of
MimeFormatsTest/MimeFormatsTest.java
+ JDK-8335803: SunJCE cipher throws NPE for un-extractable RSA
keys
+ JDK-8336301: test/jdk/java/nio/channels/
/AsyncCloseAndInterrupt.java leaves around a FIFO file upon
test completion
+ JDK-8336928: GHA: Bundle artifacts removal broken
+ JDK-8337664: Distrust TLS server certificates issued after
Oct 2024 and anchored by Entrust Root CAs
+ JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
are inconsistent with their setVerbose methods
+ JDK-8341057: Add 2 SSL.com TLS roots
+ JDK-8341059: Change Entrust TLS distrust date to November 12,
2024
+ JDK-8341675: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25
- Added patches:
* reproducible-directory-mtime.patch
+ if present, use SOURCE_DATE_EPOCH as timestamp for newly
created directories
* reproducible-search-index-files.patch
+ if present, use SOURCE_DATE_EPOCH as timestamp for the search
index zip files created by javadoc
- javapackages-tools
-
- Upgrade to upstream version 6.3.4
* Changes:
+ A corner case when which is not present
+ Remove dependency on which
+ Simplify after the which -> type -p change
+ jpackage_script: Remove pointless assignment when %java_home
is unset
+ Don't require %java_home for %java etc.
+ Don't export JAVA_HOME
- Removed patches:
* do-not-require-which.patch
* fix-broken-commands.patch
* remove-pointless-assignment.patch
+ integrated upstream
- Modified patch:
* python-optional.patch
+ account for changed context
- Added patch:
* 0001-Revert-jpackage_script-Remove-unneeded-backslashes.patch
+ This change breaks build with rpm 4.14.1
- remove-pointless-assignment.patch: Remove pointless assignment if
%java_home is unset
- Added patch:
* fix-broken-commands.patch
+ fix commands broken after recent removal of the default
%%{java_home} macro
- Added patch:
* do-not-require-which.patch
+ do not fail launching scripts if which is not installed
(bsc#1231347)
- Upgrade to upstream version 6.3.2
* Changes
+ spec: Update Obsoletes versions
+ Search for JAVACMD under JAVA_HOME only if it's set
+ Obsolete set_jvm and set_jvm_dirs functions
+ Drop unneeded _set_java_home function
+ Remove JAVA_HOME check from check_java_env function
+ Bump codecov/codecov-action from 2.0.2 to 4.6.0
+ Bump actions/setup-python from 4 to 5
+ Bump actions/checkout from 2 to 4
+ Add custom dependabot config
+ Remove the test for JAVA_HOME and error if it is not set
+ java-functions: Remove unneeded local variables
+ Fix build status shield
- Removed patch:
* 0001-Double-quote-to-avoid-substitution-during-build.patch
+ Fixed differently in this version
- Upgrade to upstream version 6.3.1
* Changes:
+ Allow missing components with abs2rel
+ Fix tests with python 3.4
+ Sync spec file from Fedora
+ Drop default JRE/JDK
+ Fix the use of java-functions in scripts
+ Update RPM spec file
+ Reproducible builds: constant timestamp for pom.properties
+ Test that we don't bomb on <relativePath/>
+ Test variable expansion in artifactId
+ Interpolate properties also in the current artifact
+ Rewrite abs2rel in shell
+ Use asciidoctor instead of asciidoc
+ Fix incompatibility with RPM 4.20
+ Don't define %topdir macro
+ coverage: use usercustomize
+ Reproducible builds: keep order of aliases and dependencies
+ Reproducible exclusions order in maven metadata
+ Do not bomb on <relativePath/> construct
+ Make maven_depmap order of aliases reproducible
- Removed patches:
* 0001-Make-maven_depmap-order-of-aliases-reproducible.patch
* 0002-Do-not-bomb-on-relativePath-construct.patch
* 0003-Reproducible-exclusions-order-in-maven-metadata.patch
* 0004-Reproducible-builds-keep-order-of-aliases-and-depend.patch
* 0005-Interpolate-properties-also-in-the-current-artifact.patch
* 0006-Test-variable-expansion-in-artifactId.patch
* 0007-Test-that-we-don-t-bomb-on-relativePath.patch
* 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
+ Integrated in this version
- Added patch:
* 0001-Double-quote-to-avoid-substitution-during-build.patch
+ Double-quote a macro in macros.jpackages to avoid value
substitution during the build
- Added patch:
* 0008-Reproducible-builds-constant-timestamp-for-pom.prope.patch
+ use reproducible timestamp when post-processing jar files and
adding there the pom.properties file.
- kernel-default
-
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit 0369bdb
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a
- block: initialize integrity buffer to zero before writing it
to media (CVE-2024-43854 bsc#1229345).
- commit 2fc5adb
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit c11660d
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit ed25954
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit c192a62
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit 6ba5342
- vhost_vdpa: assign irq bypass producer token correctly
(bsc#1232174 CVE-2024-47748).
- commit 51b6257
- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit 7dec126
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 05a71d8
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766 bsc#1230620).
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(git-fixes CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80
- Update
patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
(bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
(git-fixes CVE-2022-48994 bsc#1232119).
- Update
patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
(git-fixes CVE-2022-48951 bsc#1231929).
- Update
patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
(git-fixes CVE-2022-49005 bsc#1232150).
- Update
patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
(git-fixes CVE-2022-48992 bsc#1232071).
- Update
patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
(git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
(CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
(git-fixes CVE-2022-48978 bsc#1232038).
- Update
patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
(git-fixes CVE-2022-48995 bsc#1232120).
- Update
patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
(git-fixes CVE-2022-48967 bsc#1232304).
- Update
patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
(git-fixes CVE-2022-49012 bsc#1232005).
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
(bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
(git-fixes CVE-2022-49024 bsc#1232001).
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(git-fixes CVE-2022-48997 bsc#1232035).
- Update
patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
(git-fixes CVE-2022-48981 bsc#1232229).
- Update
patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
(git-fixes CVE-2022-49026 bsc#1231997).
- Update
patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
(git-fixes CVE-2022-48973 bsc#1232039).
- Update
patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
(git-fixes CVE-2022-48975 bsc#1231885).
- Update
patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
(git-fixes CVE-2022-49010 bsc#1232172).
- Update
patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
(git-fixes CVE-2022-49011 bsc#1232006).
- Update
patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
(git-fixes CVE-2022-49029 bsc#1231995).
- Update
patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
(jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
(git-fixes CVE-2022-49031 bsc#1231992).
- Update
patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
(git-fixes CVE-2022-49032 bsc#1231991).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
(git-fixes CVE-2022-49002 bsc#1232133).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
(git-fixes CVE-2022-49000 bsc#1232123).
- Update
patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
(git-fixes CVE-2022-49028 bsc#1231996).
- Update
patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
(git-fixes CVE-2022-48972 bsc#1232025).
- Update
patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
(git-fixes CVE-2022-48987 bsc#1232067).
- Update
patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
(git-fixes CVE-2022-49019 bsc#1231940).
- Update
patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
(git-fixes CVE-2022-48961 bsc#1232108).
- Update
patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
(git-fixes CVE-2022-49016 bsc#1231937).
- Update
patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
(jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
(git-fixes CVE-2022-49021 bsc#1231939).
- Update
patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
(git-fixes CVE-2022-48955 bsc#1231892).
- Update
patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
(git-fixes CVE-2022-49014 bsc#1231890).
- Update
patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
(git-fixes CVE-2022-49007 bsc#1232170).
- Update
patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
(git-fixes CVE-2022-49003 bsc#1232136).
- Update
patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
(jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
(git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
(bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
(git-fixes CVE-2022-49006 bsc#1232163).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
(git-fixes CVE-2022-48948 bsc#1231896).
- Update
patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
(git-fixes CVE-2022-49023 bsc#1231961).
- Update
patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
(git-fixes CVE-2022-49022 bsc#1231962).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
(CVE-2024-49974 bsc#1232383).
- commit e488dd4
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit 1bb3615
- Delete patches.suse/scsi-Update-max_hw_sectors-on-rescan.patch (bsc#1216223)
- commit c6f8315
- Refresh
patches.suse/scsi-ibmvfc-Add-max_sectors-module-parameter.patch.
- commit 707c768
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3
- smb: client: fix UAF in async decryption (bsc#1232418
CVE-2024-50047).
- commit dcba7ec
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit 0f23f49
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
(CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit 3ab8533
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525
- mm/khugepaged: take the right locks for page table retraction
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4
- mm: gup: fix the fast GUP race against THP collapse
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454
bsc#1232281).
- commit fc1d054
- net: seeq: Fix use after free vulnerability in ether3 Driver
Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1
- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2
- RDMA/mana_ib: use the correct page size for mapping user-mode
doorbell page (bsc#1232036).
- net: mana: Fix the extra HZ in mana_hwc_send_request
(bsc#1232033).
- commit 8c14fb0
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13
- wifi: ath11k: fix array out-of-bound access in SoC stats
(CVE-2024-49930 bsc#1232260).
- commit e11de4c
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8
- net: dsa: sja1105: fix memory leak in
sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit 9910e8f
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- commit 2e9108a
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3
- dn_route: set rt neigh to blackhole_netdev instead of
loopback_dev in ifdown (bsc#1216813).
- commit 673d32f
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
in ifdown (bsc#1216813).
- commit 0e5b278
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit 0c7762c
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 5d1a23a
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit e949a45
- efi: fix NULL-deref in init error path (bsc#1229556
CVE-2022-48879).
- commit 41e1770
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit fd93435
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356
- Delete some more obsolete scripts
- commit 0d4cf12
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- NFSv3: only use NFS timeout for MOUNT when protocols are
compatible (bsc#1231016).
- commit 2b5943c
- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
Delete
patches.suse/ibmvfc-make-max_sectors-a-module-option.patch.
- commit 13d3e25
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 75bf6d9
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272 bsc#1231016).
- commit d8ddf61
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 09526c9
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0515c56
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit 4537dc0
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- blacklist.conf: update blacklist
- commit 401873a
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit 95da232
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit 0a4b370
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- scsi: smartpqi: Expose SAS address for SATA drives
(bsc#1223958).
- commit 6711c21
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
Add CVE references.
- commit 637c320
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 314f719
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- apr
-
- security update
- added patches
fix CVE-2023-49582 [bsc#1229783], unexpected lax shared memory permissions
+ apr-CVE-2023-49582.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- libmodulemd
-
- Build python bindings for all pythons (jsc#PED-6218)
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- postgresql16
-
- Upgrade to 16.4 (bsc#1229013):
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
during pg_dump executes arbitrary SQL
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
* https://www.postgresql.org/docs/release/16.4/
- python3
-
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.5
-
- backport REXML from 3.3
- fix denial of service when parsing a XML that has many deep
elements with the same local name attributes
(boo#1229673 CVE-2024-43398)
- fix denial of service when parsing an XML that contains many
specific characters such as whitespaces, >] and ]>
(boo#1228794 CVE-2024-41123)
- fix denial of service when parsing an XML that has many entity
expansions with SAX2 or pull parser API
(boo#1228799 CVE-2024-41946)
- fix denial of service when parsing an XML that has many left
angled brackets in an attribute value
(boo#1224390 CVE-2024-35176)
- fix ReDoS when parsing an XML that has many specific characters
(boo#1228072 CVE-2024-39908)
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- libzypp
-
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- postgresql
-
- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.
- postgresql14
-
- Upgrade to 14.13 (bsc#1229013):
* bsc#1229013, CVE-2024-7348 PostgreSQL relation replacement
during pg_dump executes arbitrary SQL
* https://www.postgresql.org/about/news/postgresql-164-158-1413-1316-1220-and-17-beta-3-released-2910/
* https://www.postgresql.org/docs/release/14.13/
- protobuf
-
- Build the java part with maven, so that we create artifacts
that correspond to upstream distributed ones.
- Add maven artifact metadata to the protoc binary
- Package also the bom and pom artifacts
- Add patch to fix StackOverflow vulnerability in Protocol Buffers
* CVE-2024-7254.patch (bsc#1230778, CVE-2024-7254)
- python-azure-agent
-
- Restart the agent (bsc#1227600)
+ The agent service gets restarted in post but may fail due to a missing
config file. config files were split into their own package previously.
When we detect that we have to restore a config file we also need
to restart the agent again.
- python3-dmidecode
-
- Update to the upstream release 3.12.3 (bsc#1229855):
- consolidation of previous git commits
- support SMBIOS3.3.0
- Remove upstreamed huge-memory.patch
- Remove upstreamed fix-memory-Type-Detail-map-size.patch
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- salt
-
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
- Added:
* join-masters-if-it-is-a-list-671.patch
* fix-deprecated-code-677.patch
* fix-x509-test-fails-on-old-openssl-systems-682.patch
* replace-use-of-pygit2-deprecated-and-removed-1.15.0-.patch
* fix-the-selinux-context-for-salt-minion-service-bsc-.patch
* avoid-crash-on-wrong-output-of-systemctl-version-bsc.patch
* use-cachedir-for-extension_modules-in-salt-call-bsc-.patch
* allow-namedloadercontexts-to-be-returned-from-loader.patch
* prevent-using-syncwrapper-with-no-reason.patch
* make-tests-compatible-with-venv-bundle.patch
* fix-test_debian-to-work-in-our-infrastructure-676.patch
* skip-more-tests-related-to-old-openssl-algorithms.patch
* fix-test_system-flaky-setup_teardown-fn.patch
* remove-redundant-run_func-from-salt.master.mworker._.patch
* improve-error-handling-with-different-openssl-versio.patch
* avoid-explicit-reading-of-etc-salt-minion-bsc-122035.patch
* revert-the-change-making-reactor-less-blocking-bsc-1.patch
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- spacewalk-certs-tools
-
- version 4.3.26-0
* Fix private key format in jabberd certificate file (bsc#1228851)
* Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)
* Support multiple certificates for root-ca-file and server-cert-file
- spacewalk-client-tools
-
- version 4.3.21-0
* Update translation strings
- uyuni-common-libs
-
- version 4.3.11-0
* Enforce directory permissions at repo-sync when creating
directories (bsc#1229260)
* Make ISSv1 timezone independent (bsc#1221505)
- csp-billing-adapter-local
-
- Update to version 1.0.0:
* Switch build to python 3.11
- csp-billing-adapter-microsoft
-
- Update to version 1.0.0:
* Switch build to python 3.11
- python-pluggy
-
- add sle15_python_module_pythons (jsc#PED-68)
- Make calling of %{sle15modernpython} optional.
- Update to version 1.0.0
Deprecations and Removals
* #116: Remove deprecated implprefix support. Decorate hook
implementations using an instance of HookimplMarker instead.
The deprecation was announced in release 0.7.0.
* #120: Remove the deprecated proc argument to call_historic. Use
result_callback instead, which has the same behavior. The
deprecation was announced in release 0.7.0.
* #265: Remove the _Result.result property. Use
_Result.get_result() instead. Note that unlike result,
get_result() raises the exception if the hook raised. The
deprecation was announced in release 0.6.0.
* #267: Remove official support for Python 3.4.
* #272: Dropped support for Python 2. Continue to use pluggy
0.13.x for Python 2 support.
* #308: Remove official support for Python 3.5.
* #313: The internal pluggy.callers, pluggy.manager and
pluggy.hooks are now explicitly marked private by a _ prefix
(e.g. pluggy._callers). Only API exported by the top-level
pluggy module is considered public.
* #59: Remove legacy __multicall__ recursive hook calling system.
The deprecation was announced in release 0.5.0.
Features
* #282: When registering a hookimpl which is declared as
hookwrapper=True but whose function is not a generator
function, a PluggyValidationError exception is now raised.
* #309: Add official support for Python 3.9.
* #251: Add specname option to @hookimpl. If specname is
provided, it will be used instead of the function name when
matching this hook implementation to a hook specification
during registration (allowing a plugin to register a hook
implementation that was not named the same thing as the
corresponding @hookspec).
- release-notes-susemanager
-
- Update to SUSE Manager 4.3.14
* Ubuntu 24.04 support as client
* Product migration from RHEL and Clones to SUSE Liberty Linux
* POS image templates now produce compressed images
* Date format for API endpoints has been changed to ISO-8601 format
* CVE Fixed
CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
* Bugs mentioned:
bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003, bsc#1217338
bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887
bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108
bsc#1224209, bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090
bsc#1226439, bsc#1226461, bsc#1226478, bsc#1226687, bsc#1226917
bsc#1227133, bsc#1227334, bsc#1227406, bsc#1227526, bsc#1227543
bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036, bsc#1228101
bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345
bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945
bsc#1229079, bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332
bsc#1231852, bsc#1231922, bsc#1231900
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- restart daemon after update at the end of the transaction
(bsc#1230984)
- rubygem-nokogiri
-
- added only-complain-about-version-diff-if-it-is-older.patch:
make nokogiri only complain about mismatching libxml2 version
if the runtime version is older than the build version as we
assume newer versions should be ABI compatible (boo#1213999)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- spacecmd
-
- version 4.3.29-0
* Speed up softwarechannel_removepackages (bsc#1227606)
- spacewalk-backend
-
- version 4.3.30-0
* Make ISSv1 timezone independent (bsc#1221505)
* reposync: introduce timeout when syncing DEB channels (bsc#1225960)
* yum_src: use proper name variable name for subprocess.TimeoutExpired
* Check and populate PTF attributes at the time of importing
packages (bsc#1225619)
* reposync: import GPG keys to RPM DB individually (bsc#1217003)
* Add log string to the journal when services are stopped
because of insufficient disk space
- spacewalk-web
-
- version 4.3.42-0
* CVE-2024-49503: Escape organization credentials username to
mitigate XSS vulnerability (bsc#1231922)
- version 4.3.41-0
* CVE-2024-49502: Validate proxy hostname format and escape proxy
username to mitigate XSS vulnerabilities (bsc#1231852)
- version 4.3.40-0
* Fix channel selection using SSM (bsc#1226917)
* Fix datetime selection when using maintenance windows (bsc#1228036)
- spacewalk-config
-
- version 4.3.14-0
* Trust the Content-Length header from AJP (bsc#1226439)
- spacewalk-java
-
- version 4.3.82-0
* Limit frontend-log message size (bsc#1231900)
- version 4.3.81-0
* Add detection of Ubuntu 24.04
- version 4.3.80-0
* Use custom select instead of errata view for better performance
(bsc#1225619)
- version 4.3.79-0
* Add info URL for cobbler to clean the system profile (bsc#1219645)
* Require correct scap packages for Ubuntu
* Require correct scap packages for Debian 12 (bsc#1227746)
* Fix finding system_checkin_threshold configuration value on Sytems
Overview page (bsc#1224108)
* Allow changing base channel to Liberty LTSS when the system is on
Liberty (bsc#1228326)
* Implement product migration from RHEL and Clones to Liberty
* Remove system also from proxy SSH known_hosts (bsc#1228345)
* Fix NullPointerException when generating subscription matcher
input (bsc#1228638)
* Allow free products and SUSE Manager Proxy being managed by SUSE Manager
Server PAYG
* Open bootstrap script directory URL in a new page (bsc#1225603)
* Delay package list refresh when Salt was updated (bsc#1217978)
* Add SLE Micro 5 to the list of systems which support monitoring (bsc#1227334)
* Add all SLE Micro systems to the list of systems which get PTF repositories
* Update last sync refresh timestamp only when at least one time products
were synced before
* Prevent NullPointerException when listing history events without completion
time (bsc#1146701)
* Autoinstallation: prevent issues with duplicate IP address due to some
networks (bsc#1226461)
* Improve SQL queries and performance to check for PTF packages (bsc#1225619)
* Check the correct Salt package before product migration (bsc#1224209)
* Fix the date format output when using the HTTP API to use ISO 8601
format (bsc#1227543)
* Fix transactional update check for SL Micro (bsc#1227406)
* Improve score comparison in system search to fix ISE (bsc#1228412)
* Fix package profile update on CentOS 7 when yum-utils is not
installed (bsc#1227133)
- spacewalk-utils
-
- version 4.3.22-0
* Add repositories for Ubuntu 24.04 LTS
- version 4.3.21-0
* Drop unsupported tool spacewalk-final-archive as it is broken
and may disclose sensitive information (bsc#1228945)
- strace
-
- Change the license to the correct LGPL-2.1-or-later
(bsc#1228216).
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- ensure key2rpmname is called using bash.
- make the per-project inclusion optional, default off.
- Also include the GPG key from the current build project
to allow Staging testing without production keys. (bsc#1231829)
- susemanager-build-keys
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- susemanager-docs_en
-
- Documented Ubuntu 24.04 LTS as a supported client OS in Client
Configuration Guide
- SUSE Manager 4.3.14 documentation update
- In network ports section, deleted partially outdated image, added
port 443 for clients, and removed Cobbler only used internally
(bsc#1217338)
- Added installer-updates.suse.com to the list of URLs in Installation
and Upgrade Guide (bsc#1229178)
- Enhanced instructions about the permissions for the IAM role
in Public Cloud Guide
- Fixed OS minor number in Client Configuration Guide (bsc#1218090)
- Added warning about Package Hub (bsc#1221435)
- Removed Verify Packages section from Package Management chapter
in Client Configuration Guide
- Added note about usernames in PAM section in Administration Guide
(bsc#1227599)
- Updated Content Lifecycle Management (CLM) examples for Red Hat
Enterprise Linux 9 (bsc#1226687)
- Added VM based proxy installation in Installation and Upgrade Guide
- Fixed PostgreSQL name entity
- Improved Large Deployments Guide with better tuning values and
extra parameters added
- Updated lists of SUSE Linux Enterprise hardening profiles in openSCAP
chapter in the Administration Guide
- susemanager-schema
-
- version 4.3.27-0
* Introduce new attributes to detect PTF packages (bsc#1225619)
- susemanager-sls
-
- version 4.3.45-0
* Start using DEB822 format for repository sources beginning with Ubuntu 24.04
- version 4.3.44-0
* Speed-up mgrutil.remove_ssh_known_host runner (bsc#1223312)
* Implement product migration from RHEL and clones to Liberty
* Disable transactional-update.timer on SLEM at bootstrap
* Explicitly remove old venv-minion environment when updating Python versions
* sumautil: properly detect bridge interfaces (bsc#1226461)
* Fix typo on directories to clean up when deleting a system (bsc#1228101)
* Translate GPG URL if it has server name and client behind proxy
(bsc#1223988)
* Fix yum-utils package missing on CentOS7 minions (bsc#1227133)
* Implement IMDSv2 for AWS instance detection (bsc#1226090)
* Fix package profile update on CentOS 7 when yum-utils is not
installed (bsc#1227133)
* Fix parsing passwords with special characters for PostgreSQL
exporter
- susemanager-sync-data
-
- version 4.3.21-0
* Add SLES15-SP5-LTSS channel families
* Add MicroOS PPC channel family
- version 4.3.20-0
* Add Ubuntu 24.04 support
- version 4.3.19-0
* Fix CentOS 7 repo urls (bsc#1227526)
* Add channel family for SLES 12 SP5 LTSS Extended Security
* Implement product migration from RHEL and clones to Liberty
- susemanager
-
- version 4.3.39-0
* Enable bootstrapping for Ubuntu 24.04 LTS
- version 4.3.38-0
* Add missing package python3-ply to bootstrap repo definition (bsc#1228130)
* Create special bootstrap data for SUSE Manager Server 4.3 with LTSS
updates for Hub scenario (bsc#1211899)
* Add LTSS updates to SUSE Manager Proxy 4.3 bootstrap data
* Add traditional stack to boostrap repo on sles15sp6 (bsc#1228147)
* Change package to libdbus-glib-1-2 on sle15sp6 (bsc#1228147)
- tomcat
-
- Update to Tomcat 9.0.97
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method
HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application
class loader. Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class. The
primary advantage for doing this is less code to process init-param
values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection.
(remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation.
(remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a
request body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV Delete should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource
will create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be
configured using the 'propertyStore' init parameter of the WebDAV
servlet. A simple non-persistent implementation is used if no custom
store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by
components such as java.sql.DriverManager which, in some circumstances,
will search for the same class repeatedly. In a large web application
this can cause performance problems. The size of the cache can be
controlled via the new notFoundClassResourceCacheSize on the
StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the
fields were set as if the file exists and some as set as if it does
not. This resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also skip requests where the application has set
Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response by
calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only
creates one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist.
(markt)
+ Fix: Correct the logic used to detect errors when deleting temporary
files associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if
the CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non wildcard mappings are used with the
WebdavServlet. (remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were
processed. (markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson.
(markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use
this feature by casting the HttpServletResponse to
org.apache.catalina.connector.Reponse and then calling the method
void sendEarlyHints(). This method will be added to the Servlet API
(removing the need for the cast) in Servlet 6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not
include a content-type header. Tomcat now correctly processes this as
a simple CORS request. Based on a patch suggested by thebluemountain.
(markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
than Subject.doAs() when available. (markt)
* Coyote
+ Fix: Return null SSL session id on zero length byte array returned from
the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced on a previous
refactoring to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of
attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
it is nested within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
fields no longer need to be received before the headers of the
subsequent stream nor are trailer fields for an in-progress stream
swallowed if the Connector is paused before the trailer fields are
received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Fix 69320, a regression in the fix for 69302 that meant the
HTTP/2 processing was likely to be broken for all clients once any
client sent an HTTP/2 reset frame. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body is
fully written, ensure that any ReadListener is notified via a call to
ReadListener.onErrror(). (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the
coyote request and response to the HTTP/2 processing. (markt)
+ Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
org.apache.catalina.core.OpenSSLLifecycleListener listener on the
Server element when using Java 22 or later. (remm)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there
is a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level
to the Protocol level since the parser configuration depends on the
protocol and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
request and response processing objects by default. This behaviour can
be controlled via the new discardRequestsAndResponses attribute on the
HTTP/2 upgrade protocol. (markt)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by the improvement 69333 which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments there is no need to consider
casting or coercion and the method lookup process can be simplified.
Based on pull request #770 by John Engebretson.
+ Fix: 69382: Improve the performance of the JSP include action by
re-using results of relatively expensive method calls in the generated
code rather than repeating them. Patch provided by John Engebretson.
(markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson.
(markt)
+ Fix: 69429: Optimise EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson.
(markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that
include AND or OR operations with more than two operands and expressions
that use not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments.
(markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should
handle the exception and make the decision whether or not to close the
connection. (markt)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by
pull request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that
methods that previously returned a null ResultSet were returning a proxy
with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
(markt)
+ Fix: 69206: Ensure statements returned from Statement methods
executeQuery(), getResultSet() and getGeneratedKeys() are correctly
wrapped before being returned to the caller. Based on pull request
[#742] provided by Michael Clarke.
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
(markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
(markt)
+ Fix: Change the default log handler level to ALL so log messages are
not dropped by default if a logger is configured to use trace (FINEST)
level logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
(markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following
addition of the test-only build target. (remm)
+ Update: Update Tomcat Native to 1.3.1. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
- Adapt the scripts to run also with javapackages-tools >= 6.3
- Fix build after removal of the default %%{java_home} define
- Modified patch:
* tomcat-9.0-osgi-build.patch
+ move the definition of bnd.classpath out of the setup-bnd task
since it is one component in build.classpath
- unzip
-
- Use %patch -P N instead of deprecated %patchN.
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- uyuni-reportdb-schema
-
- version 4.3.11-0
* Change Errata CVE column to type text as a varchar reaches the
maximum (bsc#1226478)
- wget
-
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xalan-j2
-
- Use SOURCE_DATE_EPOCH for reproducible builds
- Split into two _multibuild flavours to avoid use of binary jars
and prevent build cycles
- Fetch the sources from git and clean the tarball of binary jars
- Modified patches:
* openjdk-build.patch
* xalan-j2-crosslink.patch
* xalan-j2-manifest.patch
* xalan-j2-noxsltcdeps.patch
+ adapt to different line-endings and to slightly changed
context
- Use %patch -P N instead of deprecated %patchN.
- Update to upstream version 2.7.3
* Java 8 requirement
+ This XalanJ release, requires users to use Java minimum
version 8 for working with XalanJ.
* Fix for CVE-2022-34169 (bsc#1201684) An integer truncation issue
when processing malicious XSLT stylesheets
+ This issue was fixed within XalanJ's XSLTC processor. This
XalanJ issue, when present causes following problems:
Malicious XSLT stylesheets may be written, which could result
in XalanJ invalid translet Java byte code to be produced by
XalanJ XSLTC processor. The XalanJ translet is a Java byte
code compiled representation, of an XSLT transformation.
* Upgrade to Apache Commons BCEL 6.7.0
+ This XalanJ release, contains upgraded version of Apache
Commons BCEL library.
* Enhancements for, performing XalanJ build and running of XalanJ
tests from source distribution
+ The XalanJ users, can now make XalanJ builds and perform
XalanJ tests from the XalanJ source distribution. The XalanJ
build scripts for the implementation and the tests, both for
the Windows and Linux platforms, were enhanced to support
building XalanJ with JDK 1.8.
* Upgrade to Xerces-J 2.12.2
+ This XalanJ release, contains upgraded versions of
xercesImpl.jar and xml-apis.jar (Xerces-J 2.12.2).
- Modified patches:
* openjdk-build.patch
* xalan-j2-manifest.patch
+ rediff to changed context
- xen
-
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop the following patches
stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- bsc#1228201 - [Baremetal][sles15sp4][guest migration] xl
migration fail , guest not shutdown.
This also fixes, bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86:
Native Branch History Injection (XSA-456)
661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb7316-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
- Drop xsa458.patch in favor of upstream version (bsc#1227355)
669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
- xerces-j2
-
- Simplify the spec file: remove old macros
- Use %patch -P N instead of deprecated %patchN.
- xstream
-
- Upgrade to 1.4.21
* Security fixes
+ This maintenance release addresses the security vulnerability
CVE-2024-47072 (bsc#1233085), when using the BinaryDriver to
unmarshal a manipulated input stream causing a Denial of
Service due to a stack overflow.
* Major changes
+ #350: Optimize memory allocation
+ Add a converter for the WeakHashMap which does not write any
elements of the map. Avoids also access to the ReentrantLock
contained in the WeakHashMap since Java 19.
* Minor changes
+ #335: Allow PrettyPrintWriter to replace invalid XML
characters when not running in quirks mode
+ #331, #326: Fix handling of empty
java.util.concurrent.atomic.AtomicReference
+ #334: Fix remaining buffer size calculation in QuickWriter
+ #342: Optimize internal handling of children in DomReader
avoiding O(n^2) access times for siblings
+ #349: Fix support of lambda objects for Java 21 and above
+ #359: Add KEYS file with public keys to verify signed
artifacts.
+ Detect input manipulation in
c.t.x.io.binary.BinaryStreamReader.
+ Use Jettison 1.5.4 by default for Java Runtimes version 8 or
higher.
* API changes
+ Added constant
c.t.x.io.xml.PrettyPrintWriter.XML_1_0_REPLACEMENT.
+ Added constant
c.t.x.io.xml.PrettyPrintWriter.XML_1_1_REPLACEMENT.
+ Added c.t.x.converters.collections.WeakHashMapConverter.
+ Protected field fieldsToOmit of
c.t.x.mapper.ElementIgnoringMapper set to private.
+ Protected field unknownElementsToIgnore of
c.t.x.mapper.ElementIgnoringMapper set to private.
* Stream compatibility
+ The WeakHashMaps, that have been written with previous
versions of XStream, can still be deserialized.
- Build against the stax:stax and stax:stax-api artifact
and without hibernate unconditionally
- Modified patch:
* Revert-MXParser-changes.patch
+ rediff
- Use %patch -P N instead of deprecated %patchN.
- Build with source/target 8 with java 18+
- Reproducible builds: use SOURCE_DATE_EPOCH for timestamp
- Make dependency on bea-stax optional and disable it by default
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74