- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- libpcap
-
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- systemd
-
- Add 6001-udev_monitor_receive_device-dynamically-allocate-rec.patch (bsc#1226095)
- python
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- vim
-
- Fix for bsc#1231373 / CVE-2024-47814.
- Fix for bsc#1229238 / CVE-2024-43374.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- Remove patch to fix bsc#1220618:
* vim-8.2.3607-revert-gtk3-code-removal.patch
- This patch introduced this bug that caused Vim to use significantly more CPU.
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- Update version to 1.11
- Added uname as collector
- Added SAP workload detection
- Added detection of container runtimes
- Multiple fixes on ARM64 detection
- Use `read_values` for the CPU collector on Z
- Fixed data collection for ppc64le
- Grab the home directory from /etc/passwd if needed (bsc#1226128)
- Update version to 1.10.0
* Build zypper-migration and zypper-packages-search as standalone
binaries rather then one single binary
* Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004)
* Include /etc/products.d in directories whose content are backed
up and restored if a zypper-migration rollback happens. (bsc#1219004)
* Add the ability to upload the system uptime logs, produced by the
suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report.
(jsc#PED-7982) (jsc#PED-8018)
* Add support for third party packages in SUSEConnect
* Refactor existing system information collection implementation
- iputils
-
- Bring back ifenslave binary bcs#1234224
* Add iputils-ifenslave.diff
* Rebase iputils-disable-rarpd-rdisc.patch
- Resolve jsc#PED-9524
- Bump version to version s20161105 (bsc#1221439)
- This version can use ICMP datagram sockets without CAP_NET_RAW capabilites.
- Added iputils-disable-rarpd-rdisc.patch
- disables building of rarpd and rdisc as they're provided by separate package (rarpd) in SLE12-SP5
Full changelog:
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- Remove 2 old patches (iputils-sec-ping-unblock.diff, iputils-ping-interrupt.diff)
Although not documented, they both belong to bsc#674304. Fix from 2011 was
resolved upstream in commit 810dd7f ("ping,ping6: Unmask signals on
start-up.") [1], released in s20121112.
- Update iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
(backport 4471ac6 to add changes in header files)
- Use git format for iputils-ping-fix-pmtu-for-ipv6.patch (required by
%autosetup -p1)
- Use %autosetup -p1
- Backport license information from upstream (bnc#1082788):
iputils-add-license-info.diff
- Backport iputils-ping-fix-pmtu-for-ipv6.patch from upstream
to fix PMTU discovery in ping6. (bsc#1072460)
- Install rdisc as rdisc, do not use in.rdisc anymore (xinetd which
was using in.* names is obsolete anyways)
- iputils: remove man pages of unused binaries: ninfod, pg3, rdisc
(rdisc is in a separate package)
- Add systemd service for rarpd
- mark ping also verify not caps, as these are changed by the
permissions package. (bsc#1065835)
- Reintroduce rarpd as subpackage
- Explicitly list content in filelist as we have two subpackages
now
- Cleanup with spec-cleaner
- Update to version s20161105 (Changes taken from the RELNOTES file)
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add ping6 symlink (boo#1017616)
- do not install rarpd and rarpd.8 manpage (comes from rarpd rpm currently)
- Update to version s20160308 (Changes taken from the RELNOTES file)
* use syntax compatible with busybox date in Makefile
* 'admin prohibited' should print !X not !S.
* Makefile: use #define as in previous code changes
* doc/Makefile: require bash, because we use pushd and popd
* doc: don't timestamp manpages by default
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* ping: ICMP error replies while errno < 0 is a hard error
* ping: always use POSIX locale when parsing -i
* ping: link against libm
* made ping functions protocol independent
* ping: perform dual-stack ping by default
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* ping: fix defines and libs in Makefile
* ping: handle single protocol systems
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* Allow ping to use IPv6 addresses
* ping,ping6 doc: More description on CAP_NET_RAW usage.
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* tracepath,doc: fix corrupted tag
* doc: ping: add missing options and remove ping6
* ninfod: remove unused variables
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* Fix building with musl
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* remove IPV4_TARGETS and IPV6_TARGETS
* Use svg instead of png to get better image quality
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
- Refreshed patches
* iputils-ping-interrupt.diff
* iputils-sec-ping-unblock.diff
- Remove ifenslave.c. It has been removed in the linux kernel commit
b1098bbe1b24("bonding: remove ifenslave.c from kernel source").
bonding can be done via iproute (netlink)
- dropped iputils-ifenslave.diff
- Append our CFLAGS to the upstream ones instead of overriding them.
- Cleanup old make command since the upstream Makefile does things right
it seems.
- Use Provides: for old /{,s}bin utils to satisfy reverse dependencies.
- Install utilities to /bin and /sbin until reverse dependencies are
properly fixed.
- Do not install tftp and traceroute to avoid conflicts with the tftp and
traceroute packages. Stick to what iputils used to provide in the past.
- Remove iputils-traceroute6-stdint.diff patch since we are not building
the traceroute* utilities.
- Install tracepath to /usr/bin. (boo#795788)
- Update to version s20150815
* use syntax compatible with busybox date in Makefile
* Makefile: use #define as in previous code changes
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* tracepath,doc: fix corrupted tag
* made ping functions protocol independent
* Allow ping to use IPv6 addresses
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* ping: perform dual-stack ping by default
* remove IPV4_TARGETS and IPV6_TARGETS
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* Use svg instead of png to get better image quality
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
* ping,ping6 doc: More description on CAP_NET_RAW usage.
- Update patches
* iputils-s20101006-ping-interrupt.diff > iputils-ping-interrupt.diff
* iputils-s20101006-sec-ping-unblock.diff > iputils-sec-ping-unblock.diff
* iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- Update home project page and download Url
- Remove obsolete %clean section
- Remove UsrMerge process; it has been done for more than two
openSUSE releases now
- Fix a bogus kernel version check (boo#927831):
iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- sudo
-
- Fix a regression in -P handling cased by fix for CVE-2021-3156
Fix provided by Brahmajit Das [bsc#1234371]
* sudo-CVE-2021-3156.patch updated
- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- _product:sle-sdk-release
-
n/a
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- Add rgnsrv-clnt-fix-docker-setup.patch (bsc#1229137)
+ The entry for the update infrastructure registry mirror was written
incorrectly causing docker daemon startup to fail.
- Update to version 10.3.0 (bsc#1227308, bsc#1222985)
+ Add support for sidecar registry
Podman and rootless Docker support to set up the necessary
configuration for the container engines to run as defined
+ Add running command as root through sudoers file
- Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016)
+ In addition to logging, write message to stderr when registration fails
+ Detect transactional-update system with read only setup and use
the transactional-update command to register
+ Handle operation in a different target root directory for credentials
checking
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- Update to version 0.6.76
- compat-suse: warn user and create missing parent config of
infiniband children (gh#openSUSE/wicked#1027)
- client: fix origin in loaded xml-config with obsolete port
references but missing port interface config, causing a
no-carrier of master (bsc#1226125)
- ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976)
- wireless: add frequency-list in station mode (jsc#PED-8715)
- client: fix crash while hierarchy traversing due to loop in
e.g. systemd-nspawn containers (bsc#1226664)
- man: add supported bonding options to ifcfg-bonding(5) man page
(gh#openSUSE/wicked#1021)
- arputil: Document minimal interval for getopts (gh#openSUSE/wicked#1019)
- man: (re)generate man pages from md sources (gh#openSUSE/wicked#1018)
- client: warn on interface wait time reached (gh#openSUSE/wicked#1017)
- compat-suse: fix dummy type detection from ifname to not cause
conflicts with e.g. correct vlan config on dummy0.42 interfaces
(gh#openSUSE/wicked#1016)
- compat-suse: fix infiniband and infiniband child type detection
from ifname (gh#openSUSE/wicked#1015)
- Removed patches included in the source archive:
[- 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]
[- 0002-increase-arp-retry-attempts-on-sending-bsc1218668.patch]
- python3-base
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add bpo27240-rewrite_email_hdr_fold.patch rewriting the email
header folding algorithm to make the codebase compatible with
Python 3.6.4+, so we can continue to maintain it.
- And even before that we have to add
bpo24211-RFC6532-supp-email.patch.
- Also bpo20098-email-mangle_from-policy.patch.
- Add finally, CVE-2024-6923-email-hdr-inject.patch to prevent
email header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- shadow
-
- bsc#916845 (CVE-2013-4235): Fix TOCTOU race condition
Update shadow-CVE-2013-4235.patch to be more complete
- yast2-network
-
- Honor the AutoYaST profile allowing to disable the IP check
(bsc#1216859).
- 3.4.12
- python-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- python-azure-agent
-
- Restart the agent (bsc#1227600)
+ The agent service gets restarted in post but may fail due to a missing
config file. config files were split into their own package previously.
When we detect that we have to restore a config file we also need
to restart the agent again.
- Add agent-btrfs-use-f.patch (bsc#1227711)
+ Use the proper option to force btrfs to overwrite a file system on the
resource disk if one already exists.
- Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro >= 5.5
(bsc#1227106).
- Do not package waagent2.0 in Python 3 builds.
- Drop obsolete otherproviders keyword from Conflicts statements
- Do not require wicked in non-SUSE build environments.
- Apply python3 interpreter patch in non SLE build environments
(bcs#1227067)
- Simplify %suse_version conditionals
- Use the -Z option for mv and cp in the posttrans to properly handle
SELinux context (bsc#1225946)
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when linux root device is on lvm thin volume
(bsc#1192622) (bsc#1191974)
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
- update to NSS 3.101.2
* bmo#1905691 - ChaChaXor to return after the function
- python36
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- avahi
-
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- xfsprogs
-
- libfrog: fix missing error checking in workqueue code (bsc#1227232)
- add xfsprogs-libfrog-fix-missing-error-checking-in-workqueue-code.patch
- xfs_repair: ignore empty xattr leaf blocks (bsc#1227911)
- add xfsprogs-xfs_repair-ignore-empty-xattr-leaf-blocks.patch
- mkfs: terminate getsubopt arrays properly (bsc#1228270)
- add xfsprogs-mkfs-terminate-getsubopt-arrays-properly.patch
- xfs_copy: bail out early when superblock cannot be verified
(bsc#1227150)
- fix return value of error code, which is expected to be negative
- python-urllib3
-
- Add CVE-2024-37891.patch (bsc#1226469, CVE-2024-37891)
- release-notes-sles
-
- 12.5.20241206 (tracked in bsc#933411)
- Added note about openJDK 11 support status (bsc#1233970)
- 12.5.20241014 (tracked in bsc#933411)
- Added note about openSSH 8.4 (bsc#1222298)
- Added note about unsupported hibernate/suspend on Xen (bsc#1214405)
- Added note about chrony 4.1 (jsc#SLE-22248)
- Added note about adcli --dont-expire-password (jsc#SLE-21223)
- Added note about sudo -U -l restriction (jsc#SLE-22569)
- Added note about nodejs16 addition (jsc#SLE-21234)
- Added note about rsyslog 8.2106 (jsc#SLE-21522)
- Added note about tcl 8.6.12 (jsc#SLE-21015)
- Added note about sudo 1.8.27 update (jsc#SLE-17083)
- Added note about unsupported modules (jsc#PED-8089)
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- python-pyOpenSSL
-
- Fix for bsc#1231700:
* 0001-Don-t-use-things-after-they-re-freed.duh-709.patch: Add
missing patch that introduced X509._from_raw_x509_ptr needed by
CVE-2018-1000807 fix.
gh#pyca/pyopenssl@4aa52c33d3ee
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- Security fix (bsc#1221563, bsc#1219559, CVE-2023-52425):
* expat-CVE-2023-52425-1.patch: [PATCH] Grow buffer based on
current size
* expat-CVE-2023-52425-2.patch:
* expat-CVE-2023-52425-backport-parser-changes.patch:
CVE-2023-52425 Additional parser fixes
* expat-CVE-2023-52425-fix-tests.patch: CVE-2023-52425 Tests and
Test suite fixes
- python-base
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- ruby2.1
-
- Add CVE-2024-47220.patch (CVE-2024-47220) Fix HTTP request
smuggling (boo#1230930)
- openssl-1_0_0
-
- Pull libopenssl-1_0_0 when updating openssl-1_0_0 with the same
version. [bsc#1228291]
- Security fix: [bsc#1227138, bsc#1227227, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- apparmor
-
- Add apparmor-fix-ping6-denied.patch to allow ping to use
IPv6 RAW sockets ( bsc#1230541 ).
- kernel-azure
-
- Revert "Merge branch 'users/dwagner/SLE12-SP5/for-next' into SLE12-SP5"
This reverts commit aa4c39a920ecb484add5aa1733bbaa0fb81c7d46, reversing
changes made to 4527634da2625f9c0c83176368afe9fe8acb3ffc.
- --
Following breaks kABI:
commit 72d636029eff5515a118fd98f44689c4421a836e
Author: Daniel Wagner <dwagner@suse.de>
Date: Mon Sep 30 15:48:52 2024 +0200
kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- --
As designed the path match does not match symbols exported from vmlinux
(built-in), those have to be listed explicitly.
Listing the offending symbols should make this change work. It's
possible that more of the nvme support is modular on later kernels or
the kABI brekage is not as widespread compared to 4.12.
- ---
- commit 5f0ddca
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- net: core: Specify skb_pad()/skb_put_padto() SKB freeing
(CVE-2024-46854 bsc#1231084).
- commit 8314902
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.kabi/move-new-members-of-struct-usbnet-to-end.patch.
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit d5af998
- blacklist.conf: powerpc/imc-pmu fixes not applicable to 4.12
- commit aaf94f3
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex
(bsc#1065729).
- commit 9d9f624
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1065729).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
(bsc#1054914 fate#322448 git-fixes).
- powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
- commit 1b7c467
- Fix bsc#1054914 reference.
- commit 4b9db88
- nvme: avoid double free special payload (bsc#1228635
CVE-2024-41073).
- commit 837f90a
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231184).
- commit 4527634
- nvmet: always initialize cqe.result (bsc#1228615
CVE-2024-41079).
- commit 3bc4bb2
- kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848)
These are lowlevel functions not used outside of exception handling and
kernel debugging facilities.
- commit abc513a
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (CVE-2024-46859 bsc#1231089).
- commit 59d5c89
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(CVE-2024-46853 bsc#1231083).
- commit bb10262
- media: vivid: fix compose size exceed boundary (CVE-2022-48945
bsc#1230398).
- commit 9b78931
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit acf39f7
- kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- commit 72d6360
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
- nvme: remove unused timeout parameter (bsc#1228620
CVE-2024-41082).
- nvme: split nvme_alloc_request() (bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- nvme: centralize setting the timeout in nvme_alloc_request
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- commit 9d0eaf2
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 6f4c555
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit cd9816b
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit 0c95f6d
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 2519a16
- drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709 CVE-2024-46731)
- commit 1b11b68
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b2aa7b
- blacklist.conf: CVE-2024-46773 bsc#1230791: not applicable
Functionality not present.
- commit 408499b
- blacklist.conf: CVE-2024-46772 bsc#1230772: not applicable, code does not exist
- commit 82ea9e2
- blacklist.conf: CVE-2024-46778 bsc#1230776: not applicable, code does not exist
- commit f2eab46
- blacklist.conf: CVE-2024-46720 bsc#1230724: not applicable
Fix to functionality that's not present in this code (hive, recovery).
- commit a674b96
- blacklist.conf: CVE-2024-46727 bsc#1230707: not applicable, code does not exist
- commit c18f303
- drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722 bsc#1230712)
- commit 7ff2284
- blacklist.conf: CVE-2024-46714 bsc#1230699: not applicable, code does not exist
- commit 2a9e21b
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229457 CVE-2024-44947 bsc#1229456).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- commit ad5a546
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit a5d0a66
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- commit ace75db
- blacklist.conf: add three PCI git-fixes
- commit 0d7494c
- kabi: add __nf_queue_get_refs() for kabi compliance
(bsc#1229633,CVE-2022-48911).
- commit ffffe4c
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit c9290c8
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit a4946ef
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit 4ef1336
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 7580f3e
- blacklist.conf: CVE-2024-44972 bsc#1230212: not applicable
Code does not exist (subpage + zoned mode).
- commit 0ae4830
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit ab888f1
- Delete
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch.
This patch should have been only in kernel v5.11+, which is when
the double free issue was introduced.
- commit 92bb491
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (CVE-2024-46761 bsc#1230761)
- commit 0c20c64
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759 bsc#1230814)
- commit 8ed41b4
- blacklist.conf: CVE-2024-46747 bsc#1230752: not applicable, code does not exist
- commit b312e3b
- Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745 bsc#1230748)
- commit 9508651
- blacklist.conf: CVE-2024-46746 bsc#1230751: not applicable, code does not exist
- commit b83f97d
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738 bsc#1230731)
- commit 98e87d9
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit f6705ba
- Update references in patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit 91952f9
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- commit 07a5a05
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (CVE-2024-44982 bsc#1230204).
- commit 4f660ab
- drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702 CVE-2024-46723)
- commit ff45869
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd6ac3f
- PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750
bsc#1230783).
- commit 6d64b3d
- blacklist.conf: CVE-2021-47620 bsc#1226669: not applicable, code does not exist
The patch is moving an out-of-bound read, which was performed at the end of a
loop, to the beginning, to avoid filling journal with false positives.
Here we don't have the code, so there is nothing to move.
- commit 979e3b3
- blacklist.conf: CVE-2024-46717 bsc#1230719: not applicable
- commit ad3c776
- blacklist.conf: CVE-2024-40973 bsc#1227890: not applicable, code does not exist
- commit b579e7a
- Squashfs: sanity check symbolic link size (bsc#1230747 CVE-2024-46744)
- commit 067cd70
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit 36cf250
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 13d7dfe
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 4386caf
- powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0
(bsc#1230826 ltc#205848).
- commit 4de0867
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 8403759
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit f7336e3
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit e892b22
- blacklist.conf: CVE-2023-52766 bsc#1230620: no i3c code
- commit cc0fba5
- usb: dwc3: core: Prevent USB core invalid event buffer address access (CVE-2024-46675 bsc#1230533)
- commit 9657973
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 74749bb
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit 9cca3e0
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit b132ff0
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 2b27b0b
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit b3221e1
- nfc: pn533: Add poll mod list filling check (CVE-2024-46676 bsc#1230535)
- commit 0ff9f28
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556).
- commit 34a40a8
- powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix incorrect return from analyze_instr()
(bsc#1230826 ltc#205848).
- commit be8f831
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826
ltc#205848).
- powerpc/sstep: Check instruction validity against ISA version
before emulation (bsc#1230826 ltc#205848).
- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826
ltc#205848).
- Refresh patches.suse/powerpc-Don-t-clobber-f0-vs0-during-fp-altivec-regis.patch
- powerpc/sstep: Add support for divde[.] and
divdeu[.] instructions (bsc#1230826 ltc#205848).
- powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for modsd, modud instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for modsw, moduw instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for extswsli instruction (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for cnttzw, cnttzd instructions
(bsc#1230826 ltc#205848).
- powerpc: sstep: Add support for darn instruction (bsc#1230826
ltc#205848).
- powerpc: sstep: Add support for maddhd, maddhdu, maddld
instructions (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-bpf-use-unsigned-division-instruction-for-64.patch
- powerpc/sstep: Fix kernel crash if VSX is not present
(bsc#1230826 ltc#205848).
- powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
- powerpc/lib: Fix "integer constant is too large" build failure
(bsc#1230826 ltc#205848).
- powerpc/32: Move the inline keyword at the beginning of function
declaration (bsc#1230826 ltc#205848).
- powerpc/kprobes: Blacklist emulate_update_regs() from kprobes
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point shift instructions that
set CA32 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point arithmetic instructions
that set CA32 (bsc#1230826 ltc#205848).
- powerpc/kprobes: Update optprobes to use emulate_update_regs()
(bsc#1230826 ltc#205848).
- powerpc: Fix handling of alignment interrupt on dcbz instruction
(bsc#1230826 ltc#205848).
- powerpc: Fix kernel crash in emulation of vector loads and
stores (bsc#1230826 ltc#205848).
- commit 41c7998
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 2925547
- blacklist.conf: Remove ppc sstep instruction emulation (bsc#1230826).
- commit eeace57
- powerpc/lib/sstep: Fix count leading zeros instructions
(bsc#1230826 ltc#205848).
- powerpc/sstep: mullw should calculate a 64 bit signed result
(bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with set_cr0() (bsc#1230826
ltc#205848).
- powerpc/sstep: Avoid used uninitialized error (bsc#1230826
ltc#205848).
- powerpc: Wrap register number correctly for string load/store
instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating point as integer word
instructions (bsc#1230826 ltc#205848).
- powerpc: Use instruction emulation infrastructure to handle
alignment faults (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-Fix-check-for-copy-paste-instructions-in-ali.patch
- Update config files.
- powerpc: Separate out load/store emulation into its own function
(bsc#1230826 ltc#205848).
- powerpc: Handle opposite-endian processes in emulation code
(bsc#1230826 ltc#205848).
- powerpc: Set regs->dar if memory access fails in emulate_step()
(bsc#1230826 ltc#205848).
- powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating double pair instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate vector element load/store instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate FP/vector/VSX loads/stores correctly when
regs not live (bsc#1230826 ltc#205848).
- powerpc: Make load/store emulation use larger memory accesses
(bsc#1230826 ltc#205848).
- powerpc: Add emulation for the addpcis instruction (bsc#1230826
ltc#205848).
- powerpc: Don't update CR0 in emulation of popcnt, prty, bpermd
instructions (bsc#1230826 ltc#205848).
- powerpc: Fix emulation of the isel instruction (bsc#1230826
ltc#205848).
- powerpc/64: Fix update forms of loads and stores to write
64-bit EA (bsc#1230826 ltc#205848).
- powerpc: Handle most loads and stores in instruction emulation
code (bsc#1230826 ltc#205848).
- powerpc: Don't check MSR FP/VMX/VSX enable bits in
analyse_instr() (bsc#1230826 ltc#205848).
- powerpc: Change analyse_instr so it doesn't modify *regs
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826
ltc#205848).
- commit 10b1c67
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 7a83511
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit a7c5ad6
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit a6e55a2
- perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953
CVE-2022-48799).
- commit 7c98d1e
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (bsc#1228000 (CVE-2022-48789)).
- nvme: fix a possible use-after-free in controller reset during
load (bsc#1227941 (CVE-2022-48790)).
- commit 699f243
- blacklist.conf: CVE-2021-47408 has no security implications, it is an issue for
timing only and no functionality is impacted.
- commit 1da9771
- blacklist.conf: add two CVE commits that don't apply
From CVE-2024-41000/bsc#1227867 and CVE-2021-47622/bsc#1227917
- commit 4846912
- x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174 CVE-2024-44948).
- commit c14b9b5
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (bsc#1227952 (CVE-2022-48788)).
- commit 0f2b472
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 18c0fe4
- Refresh
patches.suse/media-cec-core-avoid-confusing-transmit-timed-out-me.patch.
Moved into sorted section to avoid false positives of the checker
- commit 6e68152
- media: vivid: avoid integer overflow (git-fixes).
- commit 2e17cad
- media: vivid: dev->bitmap_cap wasn't freed in all cases
(git-fixes).
- commit 249a367
- media: vivid: s_fbuf: add more sanity checks (git-fixes).
- commit de48b55
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 0c654cd
- blacklist.conf: added entry for driver not included in SLE12
- commit 1dc2266
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit a6345f7
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit 6133ce9
- powerpc: Remove support for PowerPC 601 (Remove unused and
malformed assembly causing build error).
- commit a186115
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
(git-fixes).
- commit 2c432a7
- profiling: fix shift too large makes kernel panic (git-fixes).
- commit 92e9109
- KVM: x86/mmu: make apf token non-zero to fix bug (CVE-2022-48943
bsc#1229645).
- commit 20aabb8
- blacklist.conf: CVE-2021-4442 bsc#1229912: not applicable, code does not exist
To check if queues are empty, when tp->repair_queue == TCP_SEND_QUEUE, the
function tcp_rtx_queue_empty(const struct sock *sk) is used. This function
checks the field tcp_rtx_queue of struct sock, but this field is not present
(it was added in v4.15-rc1)
- commit 64800ee
- media: dvb-usb-v2: af9035: fix missing unlock (CVE-2023-52915
bsc#1230270).
- commit 48622c6
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (CVE-2023-52915 bsc#1230270).
- commit a6997db
- usbnet: modern method to get random MAC (git-fixes).
- commit 26fa49e
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit f6a8914
- ACPI: EC: Avoid printing confusing messages in acpi_ec_setup()
(git-fixes).
- ACPI: EC: tweak naming in preparation for GpioInt support
(git-fixes).
- ACPI / EC: Clean up EC GPE mask flag (git-fixes).
- ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
- commit 9e80cf5
- Bluetooth: hci_core: Fix leaking sent_cmd skb (CVE-2022-48844 bsc#1228068)
- commit 33c7b67
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 3f6faef
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (CVE-2022-48791 bsc#1228002)
- commit 0f736ca
- scsi: pm80xx: Fix TMF task completion race condition (CVE-2022-48791 bsc#1228002)
- commit 47ce134
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit d2ce48d
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit e9fe84a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 1e9d591
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 126ef02
- ACPI: video: Add new hw_changes_brightness quirk, set it on
PB Easynote MZ35 (git-fixes).
- ACPI: blacklist: fix clang warning for unused DMI table
(git-fixes).
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
(git-fixes).
- ACPI: SPCR: Consider baud rate 0 as preconfigured state
(git-fixes).
- ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
- commit 18ef221
- ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment
errata (git-fixes).
- Refresh
patches.suse/0001-tty-pl011-fix-initialization-order-of-QDF2400-E44.patch.
- commit 0985189
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit b162aad
- kabi fix for proc/mounts: add cursor (bsc#1207341).
- commit 1fada3d
- proc/mounts: add cursor (bsc#1207341).
- autofs4: use wait_event_killable (bsc#1207341).
- commit 1adc77e
- blacklist.conf: Add c055fc00c07b ("net/rds: fix WARNING in
rds_conn_connect_if_down") (CVE-2024-27024 bsc#1223777)
- commit e06af01
- ALSA: line6: Fix racy access to midibuf (CVE-2024-44954
bsc#1230176).
- commit 899798d
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit c758c1a
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (CVE-2021-47387 bsc#1225316)
- commit ce3e04b
- s390/sclp: Prevent release of buffer in I/O (bsc#1230200
CVE-2024-44969 git-fixes).
- commit 495f327
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230151).
- commit 3543834
- Bluetooth: L2CAP: Fix not validating setsockopt user input
(bsc#1224579 CVE-2024-35965).
- commit 6d78576
- blacklist.conf: update blacklist
- commit 4f86ed8
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 6afc15c
- blacklist.conf: Add db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit eb0c44d
- Bluetooth: btintel: Fixe build regression (bsc#1224640
CVE-2024-35933).
- commit 67f9898
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
(bsc#1224640 CVE-2024-35933).
- commit 8955b3c
- blacklist.conf: remove three stale entries
- commit 89bb6b6
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 1ab205e
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 7294061
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (bsc#1229156 CVE-2024-42259)
- commit ad9c138
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 706ebe0
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (bsc#1229497 CVE-2024-43863)
- commit 3f53b56
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit a9800d1
- xfs: fix uninitialized variable access (git-fixes).
- commit 3f7682d
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit f1b3405
- Update
patches.suse/0001-usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(bsc#1210629 CVE-2023-2176 CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1190317 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsystem.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(git-fixes CVE-2022-48896 bsc#1229540).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- commit d202e91
- blacklist.conf: 0cac183b98d8 drm/amdkfd: range check cp bad op exception interrupts
- commit 42d3b40
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit bdef5f8
- blacklist.conf: c02c1960c93e drm/amdgpu/pm: Fix the null pointer dereference for smu7
- commit 9652c5d
- blacklist.conf: 4c11d30c9557 drm/amdgpu: Fix the null pointer dereference to ras_manager
- commit d86617b
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (CVE-2024-43907 bsc#1229787).
- commit 95a59bd
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (CVE-2024-43905 bsc#1229784).
- commit 93f42ad
- serial: core: check uartclk for zero to avoid divide by zero
(bsc#1229759 CVE-2024-43893).
- commit 150a54e
- media: xc2028: avoid use-after-free in load_firmware_cb()
(CVE-2024-43900 bsc#1229756).
- commit 764489c
- blacklist.conf: add one IRQ HANDLING
- commit e56caa6
- Revert "irqdomain: Fixed unbalanced fwnode get and put (git-fixes)."
(bsc#1229851)
This reverts commit 37becc871554a4057226a862be812b4c0ff8c711 as it
breaks irqs on 12sp5. The patch is actually wrong in 12sp5. of_node is
refcounted here, not fwnode. So revert the patch without replacement.
- commit c53dc2f
- blacklist.conf: 38e6f715b02b drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update
- commit ad81cdb
- drm/amd/display: Add null checker before passing variables (CVE-2024-43902 bsc#1229767).
- commit 1c0c16f
- blacklist.conf: CVE-2024-43904 bsc#1229768: not applicable
Driver code does not exist, added in 5.7.
- commit faa2712
- Bluetooth: MGMT: Add error handling to pair_device() (CVE-2024-43884 bsc#1229739)
- commit ecb471c
- blacklist.conf: ecbf60782662 drm/amd/display: Fix null pointer deref in dcn20_resource.c
- commit 582eb56
- btrfs: get rid of warning on transaction commit when using
flushoncommit (bsc#1229658 CVE-2022-48920).
- commit 2ac5fdc
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit f6c36eb
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- commit 202caf3
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 236a83a
- vfio: Introduce interface to flush virqfd inject workqueue
(bsc#1222808 CVE-2024-26812).
- commit 71f96a8
- vfio/pci: Create persistent INTx handler (bsc#1222808
CVE-2024-26812).
- commit 26ca5db
- ip6_tunnel: Fix broken GRO (bsc#1226323).
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- commit d1b0995
- net: ipv6: ensure we call ipv6_mc_down() at most once (CVE-2022-48910 bsc#1229632)
- commit 80d1e79
- blacklist.conf: Add a50e1fcbc9b85 ("btrfs: do not WARN_ON() if we have PageError set")
- commit 479a93f
- gsmi: fix null-deref in gsmi_get_variable (CVE-2023-52893 bsc#1229535)
- commit 0d2fd7b
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 705c30b
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- commit 1712d5c
- nfc: pn533: initialize struct pn533_out_arg properly
(CVE-2022-48875 bsc#1229516).
- commit 3dc4ecc
- nfc: pn533: Wait for out_urb's completion in
pn533_usb_send_frame() (CVE-2023-52907 bsc#1229526).
- commit 462fb2b
- wifi: mac80211: sdata can be NULL during AMPDU start
(CVE-2022-48875 bsc#1229516).
- commit 5fb2170
- devres: Fix memory leakage caused by driver API devm_free_percpu() (CVE-2024-43871 bsc#1229490)
- commit 4465aef
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- commit 13ea3b5
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
(bsc#1226846 CVE-2024-38596).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch
(git-fixes bsc#1226846).
- commit a35b43b
- RDMA/hns: Fix soft lockup under heavy CEQE load (bsc#1229489 CVE-2024-43872)
- commit 8bd84db
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit 9c4fab9
- usb: xhci: prevent potential failure in handle_tx_event()
for Transfer events without TRB (CVE-2024-42226 bsc#1228709).
- commit e6525c1
- usb: gadget: configfs: Prevent OOB read/write in
usb_string_copy() (CVE-2024-42236 bsc#1228964).
- commit bf495b3
- USB: serial: mos7840: fix crash on resume (CVE-2024-42244
bsc#1228967).
- commit c904d0e
- blacklist.conf: CVE-2021-47289 bsc#1224984: not applicable, code does not exist
Patch adds a NULL pointer check to acpi_dev_put(), but this does not
exist in this codebase. It was added as an unrelated fix fe066621c7966f
("gpio: merrifield: Fix build err without CONFIG_ACPI") and then a lot
of refactoring in ACPI subsystem started to use it.
There isn't an equivalent code that should do the NULL pointer check,
probably added later in the refactoring as well as the bug.
- commit 6f50897
- wifi: cfg80211: handle 2x996 RU allocation in
cfg80211_calculate_bitrate_he() (CVE-2024-43879 bsc#1229482).
- commit 8fe6121
- kABI: tpm-interface: Hide new include from genksyms
(bsc#1082555).
- commit d46dd8a
- cpufreq: schedutil: Use kobject release() method to free sugov_tunables (CVE-2021-47387 bsc#1225316)
CVE backport so remove it from blacklist.conf, added in 56273cd113da0c
("blacklist.conf: Fix to experimental feature, fix only in the event of
a customer bug").
- commit 074afac
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit 5b46784
- Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
(bsc#1225578 CVE-2024-36013).
- commit 12a50ad
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 0ef50b1
- filelock: Remove locks reliably when fcntl/close race is
detected (bsc#1228247 CVE-2024-41012).
- commit c84976c
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 0c4fd3e
- netfilter: nft_limit: fix packet ratelimiting (CVE-2024-26668
bsc#1222335).
- Refresh
patches.suse/netfilter-nft_limit-avoid-possible-divide-error-in-n.patch.
- commit 045f275
- kvm: s390: Reject memory region operations for ucontrol VMs
(CVE-2024-43819 bsc#1229290 git-fixes).
- commit e43e818
- s390/pkey: Wipe sensitive data on failure (CVE-2024-42157
bsc#1228727 git-fixes).
- commit 323dd0d
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in
irq_data_get_affinity_mask() (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- genirq/irqdesc: Don't try to remove non-existing sysfs files
(git-fixes).
- genirq/msi: Ensure deactivation on teardown (git-fixes).
- genirq/msi: Activate Multi-MSI early when
MSI_FLAG_ACTIVATE_EARLY is set (git-fixes).
- genirq/irqdomain: Check pointer in
irq_domain_alloc_irqs_hierarchy() (git-fixes).
- genirq/proc: Reject invalid affinity masks (again) (git-fixes).
- genirq: Delay deactivation in free_irq() (git-fixes).
- kABI: genirq: Delay deactivation in free_irq() (kabi git-fixes).
- genirq: Make sure the initial affinity is not empty (git-fixes).
- commit 37becc8
- KVM: mmio: Fix use-after-free Read in
kvm_vm_ioctl_unregister_coalesced_mmio (CVE-2021-47341
bsc#1224923).
- commit 12d646d
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- commit 5a42d4e
- efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
(bsc#1226629 CVE-2022-48769).
- commit 88b4118
- dma: fix call order in dmam_free_coherent (bsc#1229346
CVE-2024-43856).
- commit b96a5fb
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 3ee11b6
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit d5e958c
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
Previous four patches fix other bound check bugs or prepare code for
this to apply cleanly.
- commit ca9c856
- netfilter: nf_conntrack_h323: restore boundary check correctness (bsc#1223074)
- commit a87a86d
- netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well (bsc#1223074)
- commit 034ab36
- netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function (bsc#1223074)
- commit f812de4
- netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack (bsc#1223074)
- commit b7e85f6
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your
kernel is fine." (bsc#1227820 CVE-2024-40984).
- commit cc6eb03
- blacklist.conf: Add e7870cf13d20 ("rxrpc: Fix delayed ACKs to not set the
reference serial number")
(CVE-2024-26677 bsc#1222387)
- commit b725045
- blacklist.conf: add two IRQ HANDLING
- commit dad4350
- scsi: target: core: Silence the message about unknown VPD pages
(bsc#1221252 bsc#1229462).
- commit 73ee6e7
- mISDN: Fix a use after free in hfcmulti_tx() (CVE-2024-42280 bsc#1229388)
- commit e5565c3
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 4d8536f
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit b5674a1
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (CVE-2024-42310 bsc#1229358)
- commit ac17234
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (CVE-2024-42309 bsc#1229359)
- commit 452c306
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit 2414013
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit 3e24abe
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit b4a682d
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (bsc#1229381 CVE-2024-42285)
- commit b6331d8
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit c501ca8
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit 38f48e2
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229457).
- commit 7188cb3
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit 4edf813
- Refresh
patches.suse/bpf-fix-bpf_skb_adjust_net-bpf_skb_proto_xlat-to-dea.patch.
- add hunks that were missing because this patch predates
patches.suse/bpf-add-bpf_skb_adjust_room-helper.patch
- commit b6ecdd7
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228975).
- commit f2f712f
- Refresh sorted patches.
- Refresh patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch.
- Refresh patches.suse/powerpc-topology-Check-if-a-core-is-online.patch.
- commit 1b405bb
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit a8be45e
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- commit 6e52103
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes CVE-2024-38618 bsc#1226754).
- commit de27c4e
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CVE-2024-41035 bsc#1228485)
- commit 456ee09
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229229).
- commit 172448f
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit 7acbc65
- blacklist.conf: add one from IRQ HANDLING git-fixes
- commit 14e4231
- net: mana: Fix race on per-CQ variable napi work_done
(bsc#1229154).
- Refresh
patches.suse/net-mana-Configure-hwc-timeout-from-hardware.patch.
- commit d7d72be
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- commit 72d0bd1
- KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
(git-fixes bsc#1229222).
- commit 590a719
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (bsc#1225483
CVE-2023-52708).
- commit c7ef14e
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
(bsc#1225508 CVE-2021-47549).
- commit ed3ad9e
- irqchip/gic-v3-its: Fix potential VPE leak on error (bsc#1225190
CVE-2021-47373).
- commit c95f6d5
- i2c: acpi: fix resource leak in reconfiguration device addition
(bsc#1225223 CVE-2021-47425).
- commit 61ff581
- nfc: nci: Fix handling of zero-length payload packets in
nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nfc: nci: Fix kcov check in nci_rx_work() (git-fixes).
- commit b2f9141
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- Refresh
patches.suse/SUNRPC-improve-swap-handling-scheduling-and-PF_MEMAL.patch.
- commit 135ee65
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit bf2704c
- ata: libata-core: Fix null pointer dereference on error (CVE-2024-41098 bsc#1228467).
- commit 706447c
- vsock: correct removal of socket from the list (bsc#1227996).
- commit fa0bbe3
- x86/xen: Drop USERGS_SYSRET64 paravirt call (CVE-2021-4440
bsc#1227069).
- Refresh
patches.suse/x86-entry_64-Add-VERW-just-before-userspace-transition.patch.
- Refresh
patches.suse/x86-xen-add-xenpv_restore_regs_and_return_to_usermode.patch.
- commit 8c4b30e
- tcp_metrics: validate source addr length
(CVE-2024-42154 bsc#1228507).
- commit 21723ca
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit 7946225
- x86/pv: Switch SWAPGS to ALTERNATIVE (CVE-2021-4440
bsc#1227069).
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-entry-add-kernel-ibrs-implementation.patch.
- commit 0ebe004
- vsock: remove vsock from connected table when connect is
interrupted by a signal (CVE-2022-48786 bsc#1227996).
- commit 1f3fc69
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 498ef72
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
(git-fixes CVE-2024-35915 bsc#1224479).
- commit e2eb32a
- blacklist.conf: bsc#1226885 (CVE-2024-38662) patches that are too
intrusive
- commit 1c89392
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit 97c33e4
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- commit 8188617
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 71e61fd
- tipc: fix kernel panic when enabling bearer (CVE-2022-48865
bsc#1228065).
- commit a0e7a51
- s390/sclp: Fix sclp_init() cleanup on failure (CVE-2024-41068
bsc#1228579).
- commit 1a2e580
- btrfs: fix processing of delayed tree block refs during backref
walking (bsc#1228982).
- btrfs: Remove unused op_key var from add_delayed_refs
(bsc#1228982).
- commit 1382fa0
- tpm: tpm1_bios_measurements_next should increase position index
(bsc#1082555).
- tpm: access command header through struct in tpm_try_transmit()
(bsc#1082555).
- commit f79c4b3
- blacklist.conf: Remove TPM fix.
- commit 52faa19
- blacklist.conf: Remove already included commit.
- commit 3769b33
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails
(bsc#1082555).
- tpm: Add a flag to indicate TPM power is managed by firmware
(bsc#1082555).
- commit 7eb0e28
- blacklist.conf: add CVE-2022-48822, code not built
- commit 8003a3d
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
(bsc#1082555).
- commit a397ffb
- tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing
for interrupts" (bsc#1082555).
- commit b8cd04a
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 3f265d8
- blacklist.conf: 2cf49e00d40d drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again
- commit f313cfb
- pinctrl: fix deadlock in create_pinctrl() when handling
- EPROBE_DEFER (CVE-2024-42090 bsc#1228449).
- commit f210b8f
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (CVE-2024-42101 bsc#1228495).
- commit f00bb1f
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (CVE-2024-42228 bsc#1228667).
- commit d4e3f63
- btrfs: send: fix send failure of a subcase of orphan inodes
(bsc#1228030).
- btrfs: send: fix failures when processing inodes with no links
(bsc#1228030).
- commit 9fd4ec5
- btrfs: send: use boolean types for current inode status
(bsc#1228030).
- commit 2ab676b
- btrfs: send: refactor arguments of get_inode_info()
(bsc#1228030).
- commit 3731717
- kABI: Hide the new last_cc member in a hole in struct tpm_chip
(bsc#1082555).
- commit fac3e7a
- btrfs: send: always use the rbtree based inode ref management
infrastructure (bsc#1228030).
- commit 252130e
- btrfs: fix 64bit compat send ioctl arguments not initializing
version member (bsc#1228030).
- btrfs: fix send ioctl on 32bit with 64bit kernel (bsc#1228030).
- btrfs: send: add new command FILEATTR for file attributes
(bsc#1228030).
- btrfs: send: add stream v2 definitions (bsc#1228030).
- btrfs: send: avoid copying file data (bsc#1228030).
- btrfs: send: explicitly number commands and attributes
(bsc#1228030).
- btrfs: send: get rid of i_size logic in send_write()
(bsc#1228030).
- btrfs: send: prepare for v2 protocol (bsc#1228030).
- btrfs: send: remove unused send_ctx::{total,cmd}_send_size
(bsc#1228030).
- Refresh
patches.suse/Btrfs-fix-race-between-send-and-deduplication-that-l.patch.
- Refresh
patches.suse/btrfs-send-ensure-send_fd-is-writable.patch.
- Refresh
patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch.
- commit 956ca27
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- commit f899605
- Refresh patches.suse/IB-hfi1-Fix-bugs-with-non-PAGE_SIZE-end-multi-iovec-.patch
Alt-commit added
Blacklist the follow-up fix of the Alt-commit
- commit c3542b0
- ima: Fix use-after-free on a dentry's dname.name (bsc#1227716
CVE-2024-39494).
- commit 2e3d558
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- Update config files.
- commit 4549b89
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
This commit was missing for SLE12-SP5 which made the performance profile
of SLE12-SP5 and SLE15-SP[56] differ. Our decision was to follow
upstream w.r.t how BHI is going to be mitigated and the decision was to
do away with 'auto' mode.
- Update config files.
- commit 02bfc90
- Sort BHI mitigation patches
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- Refresh
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit f2f0729
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- commit 08ef890
- kABI: do not rename tpm_do_selftest, tpm_pcr_read_dev, and tpm1_getcap
(bsc#1082555).
- Delete patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- commit 5a6f1d9
- kABI: Do not rename tpm_getcap (bsc#1082555).
- commit 01263dd
- kABI: re-export tpm2_calc_ordinal_duration (bsc#1082555).
- commit 1303a23
- kABI: Instead of changing the pcr argument type add a local
variable of the desired type, and assign it from the actual
argument (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- commit e919992
- kABI: no need to store the tpm long long duration in tpm_chip
struct, it is an arbitrary hardcoded value (bsc#1082555).
- commit 75cc28e
- kABI: do not change return type of tpm_tis_update_timeouts
(bsc#1082555).
- commit 57d9ed9
- Move kABI patch to kABI section.
- commit 3f941d1
- KVM: PPC: Book3S HV: remove extraneous asterisk from
rm_host_ipi_action() comment (bsc#1065729).
- KVM: PPC: Book3S HV: Don't take kvm->lock around
kvm_for_each_vcpu (bsc#1065729).
- KVM: PPC: Book3S: Use new mutex to synchronize access to rtas
token list (bsc#1065729).
- Refresh patches.suse/KVM-PPC-Book3S-Fix-H_RTAS-rets-buffer-overflow.patch
- KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv
machines (bsc#1065729).
- KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE (bsc#1065729).
- KVM: PPC: Inform the userspace about TCE update failures
(bsc#1065729).
- KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup
both PC and LR (bsc#1065729).
- commit ad6fee4
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit 0bc3d2d
- btrfs: send: remove stale code when checking for shared extents
(bsc#1228030).
- btrfs: silence maybe-uninitialized warning in clone_range
(bsc#1228030).
- commit 095e644
- Btrfs: incremental send, fix emission of invalid clone
operations (bsc#1228030).
- commit 88a98fe
- Btrfs: send, improve clone range (bsc#1228030).
- commit 8a72517
- btrfs: remove unused members dir_path from recorded_ref
(bsc#1228030).
- Refresh
patches.suse/btrfs-incremental-send-fix-invalid-path-for-unlink-commands.patch.
- Refresh
patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch.
- commit 980e08a
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- i40e: Fix queues reservation for XDP (CVE-2021-47619
bsc#1226645).
- commit 37ce537
- btrfs: send: remove unused found_type parameter to
lookup_dir_item_inode() (bsc#1228030).
- commit bc238fe
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- commit 2402124
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- commit 67b36fc
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 9aa0d29
- Update
patches.suse/Bluetooth-SCO-Fix-not-validating-setsockopt-user-inp.patch
(bsc#1224576 CVE-2024-35966 CVE-2024-35967 bsc#1224587).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/ocfs2-fix-races-between-hole-punching-and-AIO-DIO.patch
(bsc#1227849 CVE-2024-40943).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- commit 71c68bc
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(git-fixes CVE-2023-52885 bsc#1227750).
- commit 4594a5d
- Update
patches.suse/Input-aiptek-properly-check-endpoint-type.patch
(git-fixes CVE-2022-48836 bsc#1227989).
- Update
patches.suse/net-ieee802154-at86rf230-Stop-leaking-skb-s.patch
(git-fixes CVE-2022-48794 bsc#1228025).
- Update
patches.suse/net-packet-fix-slab-out-of-bounds-access-in-packet_r.patch
(CVE-2022-20368 bsc#1202346 CVE-2022-48839 bsc#1227985).
- Update
patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
(bsc#1196018 CVE-2022-28748 CVE-2022-2964 CVE-2022-48805
bsc#1227969).
- commit 55fdbd1
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit 7bd7589
- media: dvb-frontends: tda10048: Fix integer overflow (CVE-2024-42223 bsc#1228726)
- commit 4d685fd
- drm/amd/display: Skip finding free audio for unknown engine_id (CVE-2024-42119 bsc#1228584)
- commit f0a5549
- drm/amd/display: Check pipe offset before setting vblank (CVE-2024-42120 bsc#1228588)
- commit d85398e
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (CVE-2024-41095 bsc#1228662)
- commit bb0cd8f
- btrfs: send: fix sending link commands for existing file paths
(bsc#1228030).
- commit 5a1f564
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit f7ea584
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (CVE-2024-41072 bsc#1228626)
- commit c131ba5
- bpf, sockmap: Fix partial copy_page_to_iter so progress can still be made (CVE-2024-41048 bsc#1228565)
- commit 79dff63
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
Based on c9c89dcd872e ("bpf, sockmap: Fix partial copy_page_to_iter so
progress can still be made"), previous commit.
Upstream commit 2bc793e3272a13 ("skmsg: Extract __tcp_bpf_recvmsg() and
tcp_bpf_wait_data()") moved the code from net/ipv4/tcp_bpf.c to
net/core/skmsg.c.
- commit 80be5ae
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit ee1ce8a
- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free
(bsc#1228030).
- commit 2f5e245
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit e47e175
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- commit 0bdb098
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- dpaa2-eth: Refactor xps code (CVE-2024-42093 bsc#1228680).
- commit caf72f9
- drm/nouveau/dispnv04: fix null pointer dereference in (bsc#1228658 CVE-2024-41089)
- commit aec5d0e
- drm/radeon: check bo_va->bo is non-NULL before using it (bsc#1228567 CVE-2024-41060)
- commit 7a28cea
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
(CVE-2022-48829 bsc#1228055).
- NFSD: Fix ia_size underflow (CVE-2022-48828 bsc#1228054).
- NFSD: Fix the behavior of READ near OFFSET_MAX (CVE-2022-48827
bsc#1228037).
- commit 1c127f3
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit 263e74a
- wifi: mac80211: Avoid address calculations via out of bounds
array indexing (CVE-2024-41071 bsc#1228625).
- commit be2129f
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit 145d8ea
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit 6dc890d
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit 9ec349b
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
(bsc#1228013 CVE-2022-48792).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
(bsc#1228045 CVE-2022-48823).
- commit 2a5c419
- blacklist.conf: CVE-2024-41076 bsc#1228649: not applicable
Different code using a local variable, switch to dynamic allocation done
in 1b00ad657997c8 ("NFS: Remove the nfs4_label from the nfs_setattrres")
in 5.16.
- commit ff35317
- ext4: fix uninitialized ratelimit_state->lock access in
__ext4_fill_super() (bsc#1227866 CVE-2024-40998).
- commit 5fe487a
- hfsplus: fix uninit-value in copy_name (bsc#1228561
CVE-2024-41059).
- commit 8d75c30
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- commit bc4c361
- usb: atm: cxacru: fix endpoint checking in cxacru_bind()
(git-fixes).
- commit c9a5140
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log
messages (git-fixes).
- commit 7c21caa
- blacklist.conf: misattributed
- commit 3e3428a
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (bsc#1228235 CVE-2024-40987)
- commit 60606a5
- drm/vc4: Fix deadlock on DSI device attach error (bsc#1227975 CVE-2022-48826)
- commit bcda77c
- drm/vc4: dsi: Only register our component once a DSI device is (bsc#1227975)
- commit 0a73252
- genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() (bsc#1222625
CVE-2024-27437).
- commit 351bbe3
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- ocfs2: remove redundant assignment to variable free_space
(bsc#1228409).
- commit 2a658bc
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit 9829ce8
- Fix reference in patches.suse/ixgbe-Fix-NULL-pointer-dereference-in-ixgbe_xdp_setu.patch (CVE-2021-47399 bsc#1225328)
- commit 7933225
- ocfs2: fix DIO failure due to insufficient transaction credits
(bsc#1216834).
- commit e4fdc60
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (CVE-2024-41063 bsc#1228580)
- commit 95070bc
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit d9e81e6
- KVM: PPC: Book3S: Fix some RCU-list locks (git-fixes).
- commit e20a5cb
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 1cd5894
- tpm: use tpm_msleep() value as max delay (bsc#1082555).
- Refresh patches.suse/tpm-use-struct-tpm_chip-for-tpm_chip_find_get.patch
- commit fd76767
- tpm_tis: Resend command to recover from data transfer errors
(bsc#1082555).
- tpm_tis: Explicitly check for error code (bsc#1082555).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
(bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values
(bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside
tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on
resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers
(bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector
(bsc#1082555).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
(bsc#1082555).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
register (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts
(bsc#1082555).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
(bsc#1082555).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
(bsc#1082555).
- char: tpm: Protect tpm_pm_suspend with locks (bsc#1082555).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (bsc#1082555).
- tpm: Fix error handling in async work (bsc#1082555).
- tpm: fix NPE on probe for missing device (bsc#1082555).
- tpm_tis: Fix an error handling path in 'tpm_tis_core_init()'
(bsc#1082555).
- tpm: fix Atmel TPM crash caused by too frequent queries
(bsc#1082555).
- tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status()
(bsc#1082555).
- tpm, tpm_tis: Reserve locality in tpm_tis_resume()
(bsc#1082555).
- tpm, tpm_tis: Extend locality handling to TPM2 in
tpm_tis_gen_interrupt() (bsc#1082555).
- tpm: vtpm_proxy: Avoid reading host log when using a virtual
device (bsc#1082555).
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with
request_locality() (bsc#1082555).
- tpm, tpm_tis: Decorate tpm_get_timeouts() with
request_locality() (bsc#1082555).
- tpm: Remove tpm_dev_wq_lock (bsc#1082555).
- tpm_tis: Add a check for invalid status (bsc#1082555).
- kABI: tpm2-space: Do not add buf_size to struct tpm_space
(bsc#1082555).
- tpm: Unify the mismatching TPM space buffer sizes (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: Fix TIS locality timeout problems (bsc#1082555).
- tpm: Handle negative priv->response_len in tpm_common_read()
(bsc#1082555).
- tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's"
(bsc#1082555).
- tpm: Revert "tpm_tis: reserve chip for duration of
tpm_tis_core_init" (bsc#1082555).
- Refresh patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch
- tpm: fix invalid locking in NONBLOCKING mode (bsc#1082555).
- tpm_tis: reserve chip for duration of tpm_tis_core_init
(bsc#1082555).
- Refresh patches.suse/tpm_tis-extra-chip-ops-check-on-error-path-in-tpm_ti.patch
- tpm: Wrap the buffer from the caller to tpm_buf in tpm_send()
(bsc#1082555).
- tpm_tis_core: Turn on the TPM before probing IRQ's
(bsc#1082555).
- Refresh patches.suse/tpm_tis_core-Set-TPM_CHIP_FLAG_IRQ-before-probing-fo.patch
- tpm: Fix null pointer dereference on chip register error path
(bsc#1082555).
- tpm: Actually fail on TPM errors during "get random"
(bsc#1082555).
- tpm: fix an invalid condition in tpm_common_poll (bsc#1082555).
- tpm: turn on TPM on suspend for TPM 1.x (bsc#1082555).
- tpm: remove @flags from tpm_transmit() (bsc#1082555).
- Refresh patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch
- Refresh patches.suse/tpm-add-request_locality-before-write-TPM_INT_ENABLE.patch
- Refresh patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
- Refresh patches.kabi/kABI-Instead-of-changing-the-pcr-argument-type-add-a.patch
- tpm: take TPM chip power gating out of tpm_transmit()
(bsc#1082555).
- Refresh patches.suse/tpm-Fix-TPM-1.2-Shutdown-sequence-to-prevent-future-.patch
- Refresh patches.suse/tpm-add-request_locality-before-write-TPM_INT_ENABLE.patch
- Refresh patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch
- tpm: introduce tpm_chip_start() and tpm_chip_stop()
(bsc#1082555).
- tpm: remove TPM_TRANSMIT_UNLOCKED flag (bsc#1082555).
- tpm: use tpm_try_get_ops() in tpm-sysfs.c (bsc#1082555).
- tpm: remove @space from tpm_transmit() (bsc#1082555).
- tpm: move TPM space code out of tpm_transmit() (bsc#1082555).
- tpm: move tpm_validate_commmand() to tpm2-space.c (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: clean up tpm_try_transmit() error handling flow
(bsc#1082555).
- tpm: encapsulate tpm_dev_transmit() (bsc#1082555).
- tpm: declare struct tpm_header (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: print tpm2_commit_space() error inside tpm2_commit_space()
(bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails
(bsc#1082555).
- tpm: fix invalid return value in pubek_show() (bsc#1082555).
- tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter
(bsc#1082555).
- tpm: don't return bool from update_timeouts (bsc#1082555).
- tpm: add support for partial reads (bsc#1082555).
- tpm: use u32 instead of int for PCR index (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm1: reimplement tpm1_continue_selftest() using tpm_buf
(bsc#1082555).
- tpm1: reimplement SAVESTATE using tpm_buf (bsc#1082555).
- tpm1: rename tpm1_pcr_read_dev to tpm1_pcr_read() (bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm1: implement tpm1_pcr_read_dev() using tpm_buf structure
(bsc#1082555).
- tpm: tpm1: rewrite tpm1_get_random() using tpm_buf structure
(bsc#1082555).
- tpm: add tpm_auto_startup() into tpm-interface.c (bsc#1082555).
- tpm: factor out tpm_startup function (bsc#1082555).
- tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c
(bsc#1082555).
- Refresh patches.kabi/kABI-do-not-rename-tpm_do_selftest-tpm_pcr_read_dev-.patch
- tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c
(bsc#1082555).
- Refresh patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- tpm: factor out tpm1_get_random into tpm1-cmd.c (bsc#1082555).
- Refresh patches.kabi/kABI-Do-not-rename-tpm_getcap.patch
- tpm: move tpm_getcap to tpm1-cmd.c (bsc#1082555).
- tpm: move tpm1_pcr_extend to tpm1-cmd.c (bsc#1082555).
- tpm: factor out tpm_get_timeouts() (bsc#1082555).
- Refresh patches.kabi/kABI-no-need-to-store-the-tpm-long-long-duration-in-.patch
- tpm: add tpm_calc_ordinal_duration() wrapper (bsc#1082555).
- tpm: factor out tpm 1.x duration calculation to tpm1-cmd.c
(bsc#1082555).
- tpm: add support for nonblocking operation (bsc#1082555).
- Refresh patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
- tpm: add ptr to the tpm_space struct to file_priv (bsc#1082555).
- tpm: replace TPM_TRANSMIT_RAW with TPM_TRANSMIT_NESTED
(bsc#1082555).
- tpm: rename tpm_chip_find_get() to tpm_find_get_ops()
(bsc#1082555).
- tpm: migrate tpm2_get_random() to use struct tpm_buf
(bsc#1082555).
- Refresh patches.suse/tpm-fix-response-size-validation-in-tpm_get_random.patch
- tpm: migrate tpm2_get_tpm_pt() to use struct tpm_buf
(bsc#1082555).
- tpm: migrate tpm2_probe() to use struct tpm_buf (bsc#1082555).
- tpm: migrate tpm2_shutdown() to use struct tpm_buf
(bsc#1082555).
- tpm2: add longer timeouts for creation commands (bsc#1082555).
- tpm: fix buffer type in tpm_transmit_cmd (bsc#1082555).
- tpm: migrate pubek_show to struct tpm_buf (bsc#1082555).
- tpm: vtpm_proxy: Prevent userspace from sending driver command
(bsc#1082555).
- tpm, tpmrm: Mark tpmrm_write as static (bsc#1082555).
- tpm: remove struct tpm_pcrextend_in (bsc#1082555).
- Refresh patches.suse/tpm-consolidate-the-TPM-startup-code.patch
- tpm: fix byte order related arithmetic inconsistency in
tpm_getcap() (bsc#1082555).
- Refresh patches.suse/tpm-consolidate-the-TPM-startup-code.patch
- tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
(bsc#1082555).
- Refresh patches.suse/tpm-use-struct-tpm_chip-for-tpm_chip_find_get.patch
- commit 989dcf1
- HID: usbhid: free raw_report buffers in usbhid_stop (bsc#1225238
CVE-2021-47405).
- commit 67ff2bd
- drm/radeon: fix UBSAN warning in kv_dpm.c (bsc#1227957 CVE-2024-40988)
- commit 4f641c6
- drm/exynos/vidi: fix memory leak in .get_modes() (bsc#1227828 CVE-2024-40932)
- commit d694b72
- ipack: ipoctal: fix module reference leak (bsc#1225241
CVE-2021-47403).
- commit 3f2bac7
- mac80211: fix use-after-free in CCMP/GCMP RX (bsc#1225214
CVE-2021-47388).
- commit 180ca41
- xfs: refactor xfs_verifier_error and xfs_buf_ioerror
(git-fixes).
- Refresh
patches.suse/xfs-don-t-ever-return-a-stale-pointer-from-__xfs_dir.patch.
- commit ac4dc1f
- xfs: remove XFS_WANT_CORRUPTED_RETURN from dir3 data verifiers
(git-fixes).
- commit 5d31a73
- xfs: check that dir block entries don't off the end of the
buffer (git-fixes).
- commit 46f96de
- xfs: add bounds checking to xlog_recover_process_data
(bsc#1228408 CVE-2024-41014).
- commit b3db770
- tun: add missing verification for short frame (CVE-2024-41091
bsc#1228327).
- tap: add missing verification for short frame (CVE-2024-41090
bsc#1228328).
- net: ena: Add validation for completion descriptors consistency
(CVE-2024-40999 bsc#1227913).
- net: mvpp2: clear BM pool before initialization (CVE-2024-35837
bsc#1224500).
- commit 69b68ee
- Update
patches.suse/xhci-Fix-incorrect-tracking-of-free-space-on-transfe.patch.
Fix a backporting mistake which was causing the following warning:
drivers/usb/host/xhci-ring.c: In function 'xhci_queue_intr_tx':
drivers/usb/host/xhci-ring.c:3255:6: warning: unused variable 'trbs_freed' [-Wunused-variable]
- commit 787d888
- xhci: Poll for U0 after disabling USB2 LPM (git-fixes).
- commit c66374c
- blacklist.conf: changes semantics
- commit eaf3cb6
- sit: do not call ipip6_dev_free() from sit_init_net()
(CVE-2021-47588 bsc#1226568).
- commit 9afcbd9
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit 9f9395f
- Refresh
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch.
- commit af33133
- vt_ioctl: fix array_index_nospec in vt_setactivate
(CVE-2022-48804 bsc#1227968).
- commit ee44df4
- serial: imx: Introduce timeout when waiting on transmitter empty
(CVE-2024-40967 bsc#1227891).
- commit 9b7db88
- kABI: tty: add the option to have a tty reject a new ldisc
(kabi CVE-2024-40966 bsc#1227886).
- tty: add the option to have a tty reject a new ldisc
(CVE-2024-40966 bsc#1227886).
- commit 16b4088
- net-sysfs: add check for netdevice being present to speed_show (CVE-2022-48850 bsc#1228071)
- commit 9fdf37b
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
(bsc#1222824 CVE-2021-47219).
Fix incorrect Bug number and incorrect CVE number.
- commit b4dbf5c
- blacklist.conf: kABI
- commit 6f08f5c
- Update
patches.suse/scsi-lpfc-Release-hbalock-before-calling-lpfc_worker_wake_up.patch
(bsc#1225820 CVE-2024-36924).
Fix incorrect CVE number.
- commit cb94423
- Update
patches.suse/nvme-rdma-remove-redundant-reference-between-ib_devi.patch
(bsc#1149446).
Fix bug reference (missing digit).
- commit 4f5320f
- Update patches.suse/ovl-fix-failure-to-fsync-lower-dir.patch
(bsc#1088701).
Fix bug reference (missing digit).
- commit 718aec5
- usb: core: Don't hold the device lock while sleeping in
do_proc_control() (CVE-2021-47582 bsc#1226559).
- commit ff00ceb
- USB: usbfs: fix mmap dma mismatch (CVE-2021-47582 bsc#1226559).
- commit 6c5305a
- usb: add a hcd_uses_dma helper (git-fixes).
- commit f8aa53d
- ssb: Fix potential NULL pointer dereference in
ssb_device_uevent() (CVE-2024-40982 bsc#1227865).
- commit 9fbb468
- isdn: mISDN: Fix sleeping function called from invalid context
(bsc#1225346 CVE-2021-47468).
- commit 34167c4
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (bsc#1225326 CVE-2021-47395).
- commit 2fdeaab
- tools lib: Fix builds when glibc contains strlcpy() (git-fixes).
- blacklist.conf: unblaclist it
This commit allows for local builds with newer glibc.
- commit 480e775
- PCI: Fix resource double counting on remove & rescan
(git-fixes).
- commit 68ca613
- ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table()
on failure path (CVE-2022-48810 bsc#1227936).
- commit 7af1a4f
- blacklist.conf: add one pci entry
- commit 0f5e70f
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
ath9k_htc_txstatus() (CVE-2023-52594 bsc#1221045).
- commit d04a718
- sctp: fix kernel-infoleak for SCTP sockets (CVE-2022-48855
bsc#1228003).
- commit 5317e78
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
(bsc#1226550 CVE-2021-47580).
- commit 72ff240
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(bsc#1222372 CVE-2024-26735).
- commit 5258c5a
- signal: Introduce clear_siginfo (git-fixes).
- commit 276fe89
- Update
patches.suse/scsi-scsi_debug-Fix-type-in-min_t-to-avoid-stack-OOB.patch
(bsc#1226550 CVE-2021-47580).
Fix incorrect bug#
- commit a8e747b
- scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786
CVE-2024-38560).
- commit 2623515
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1227928
CVE-2022-48811).
- commit b1dc7a1
- Update References
patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch
(bsc#1186463, CVE-2021-0129, CVE-2020-26558, bsc#1179610,
CVE-2020-26558).
- commit ef3041a
- gve: Clear napi->skb before dev_kfree_skb_any() (CVE-2024-40937
bsc#1227836).
- net: hns3: fix kernel crash problem in concurrent scenario
(CVE-2024-39507 bsc#1227730).
- ibmvnic: don't release napi in __ibmvnic_open() (CVE-2022-48811
bsc#1227928).
- commit 753a87a
- Refresh
patches.suse/ipv6-sr-fix-missing-sk_buff-release-in-seg6_input_co.patch.
Fix broken patch, which only applys with rapidquilt but not with normal
patch.
- commit 9ba3403
- vmxnet3: disable rx data ring on dma allocation failure
(CVE-2024-40923 bsc#1227786).
- commit 4f3a9e9
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation
(git-fixes CVE-2024-40941 bsc#1227771).
- commit e4b5384
- ethernet: Fix error handling in xemaclite_of_probe (CVE-2022-48860 bsc#1228008)
- commit f50353a
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
(bsc#1224576 CVE-2024-35966).
- commit 68cb9dc
- mISDN: Fix memory leak in dsp_pipeline_build() (CVE-2022-48863
bsc#1228063).
- commit 98e043d
- KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()
(CVE-2024-40953, bsc#1227806).
- commit b18a093
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (CVE-2024-39499 bsc#1227725)
- commit d42ba53
- HID: core: remove unnecessary WARN_ON() in implement() (CVE-2024-39509 bsc#1227733)
- commit fe2364e
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CVE-2024-39487 bsc#1227573)
- commit b775587
- blacklist.conf: CVE-2024-35934 bsc#1224641: not applicable
Patch fixing code that does not exist in SLE12-SP5 and there's no
equivalent either. Added by e888a2e8337c96 ("net/smc: introduce list of
pnetids for Ethernet devices").
- commit 4b9f331
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch.
Fix a build warning about using min() vs min_t().
- commit a4b6164
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 38ba090
- ocfs2: fix races between hole punching and AIO+DIO (CVE-2024-40943 bsc#1227849).
- commit a8b4b50
- net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893 bsc#1224512)
- commit 3a867bb
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (CVE-2021-47399 1225328)
- commit f559799
- mlxsw: thermal: Fix out-of-bounds memory accesses (CVE-2021-47441 bsc#1225224)
Simplified backport. Upstream patch removes code that does not exist in
SLE12-SP5, the only relevant fix is the bounds checking.
- commit 0b8797d
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (CVE-2021-47194 bsc#1222829)
- commit 6cc8bdc
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (CVE-2024-27020 bsc#1223815)
- commit cfe8cf0
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes, bsc#1227924, CVE-2022-48775).
- Tools: hv: kvp: eliminate 'may be used uninitialized' warning (git-fixes).
- tools: hv: fix KVP and VSS daemons exit code (git-fixes).
- commit 51c2361
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (CVE-2024-27019 bsc#1223813)
- commit 2fcd5af
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
(CVE-2024-40929 bsc#1227774).
- wifi: mac80211: Fix deadlock in
ieee80211_sta_ps_deliver_wakeup() (CVE-2024-40912 bsc#1227790).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
(CVE-2024-40942 bsc#1227770).
- NFC: port100: fix use-after-free in port100_send_complete
(CVE-2022-48857 bsc#1228005).
- commit 1f497da
- ipv6: fib6_rules: avoid possible NULL dereference in
fib6_rule_action() (CVE-2024-36902 bsc#1225719).
- commit 4cdf9a2
- USB: core: Make do_proc_control() and do_proc_bulk() killable
(CVE-2021-47582 bsc#1226559).
- commit 6d322e2
- net: netlink: af_netlink: Prevent empty skb by adding a check
on len (CVE-2021-47606 bsc#1226555).
- commit 314dfef
- usb: get rid of pointless access_ok() calls (CVE-2021-47582
bsc#1226559).
- commit 6b48efc
- usb: usbfs: correct kernel->user page attribute mismatch
(CVE-2021-47582 bsc#1226559).
- commit d089a07
- USB: usbfs: Always unlink URBs in reverse order (CVE-2021-47582
bsc#1226559).
- commit 2364ecb
- usb: core: devio.c: Fix assignment of 0/1 to bool variables
(CVE-2021-47582 bsc#1226559).
- commit 202a764
- usb: usbfs: only account once for mmap()'ed usb memory usage
(CVE-2021-47582 bsc#1226559).
- commit a282a95
- USB: core: Fix compiler warnings in devio.c (CVE-2021-47582
bsc#1226559).
- commit d3c8045
- usb: core: Replace hardcoded check with inline function from
usb.h (CVE-2021-47582 bsc#1226559).
- commit a0c8b54
- usb: usbfs: use irqsave() in USB's complete callback
(CVE-2021-47582 bsc#1226559).
- commit 89f4a73
- signal: Replace memset(info,...) with clear_siginfo for clarity
(CVE-2021-47582 bsc#1226559).
- commit 10e5b53
- usbdevfs: get rid of field-by-field copyin (CVE-2021-47582
bsc#1226559).
- commit 9053160
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated
memory (bsc#1227762 CVE-2024-40901).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
(bsc#1225820 CVE-2024-26924).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
(bsc#1226560 CVE-2021-47580).
- commit 4de5c4e
- i40e: Fix VF MAC filter removal (CVE-2024-26830 bsc#1223012).
- commit 55935e5
- i40e: Do not allow untrusted VF to remove administratively
set MAC (CVE-2024-26830 bsc#1223012).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (CVE-2021-47516
bsc#1225427).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc
(CVE-2021-47501 bsc#1225361).
- commit e2ee4f5
- net: ieee802154: fix null deref in parse dev addr (CVE-2021-47257 bsc#1224896).
- commit 41e01f4
- net/smc: Transitional solution for clcsock race issue (CVE-2022-48751 bsc#1226653). - Refresh patches.suse/net-smc-fix-fallback-failed-while-sendmsg-with-fasto.patch.
- commit 7ad7d3a
- drivers: core: synchronize really_probe() and dev_uevent()
(CVE-2024-39501 bsc#1227754).
- commit 1b7df5b
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2023-52743 bsc#1225003)
- commit 0b6d94a
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (CVE-2021-47542 bsc#1225455)
- commit ce2e7bb
- ipv6: prevent NULL dereference in ip6_output() (CVE-2024-36901 bsc#1225711)
- commit ab46189
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004 bsc#1224545)
- commit de141a1
- nbd: null check for nla_nest_start (CVE-2024-27025 bsc#1223778)
- commit b887966
- btrfs: use latest_dev in btrfs_show_devname (CVE-2021-47599 bsc#1226571)
Simplified backport, keep mutex protection and only remove WARN_ON.
- commit 2ee6fb6
- net: prevent mss overflow in skb_segment() (CVE-2023-52435
bsc#1220138).
- commit 63a8256
- tipc: Check the bearer type before calling
tipc_udp_nl_bearer_add() (CVE-2024-26663 bsc#1222326).
- commit 91299f0
- inet_diag: fix kernel-infoleak for UDP sockets
(CVE-2021-47597 bsc#1226553).
- commit 5ef7515
- ipv6: sr: fix missing sk_buff release in seg6_input_core
(bsc#1227626 CVE-2024-39490).
- net: openvswitch: fix overwriting ct original tuple for ICMPv6
(bsc#1226783 CVE-2024-38558).
- net/smc: fix illegal rmb_desc access in SMC-D connection dump
(bsc#1220942 CVE-2024-26615).
- commit ee46311
- kabi/severities: Ignore tpm_transmit_cmd and tpm_tis_core_init
(bsc#1082555).
- commit c8a552a
- Bluetooth: SCO: Fix not validating setsockopt user input
(bsc#1224576 CVE-2024-35966).
- commit d80abbf
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/ax25-fix-use-after-free-bugs-caused-by-ax25_ds_del_t.patch
(CVE-2024-35887 bzg#1224663 bsc#1224663).
- Update
patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
(bsc#1225229 CVE-2021-47438 CVE-2021-47197 bsc#1222776).
- Update
patches.suse/nfs-Handle-error-of-rpc_proc_register-in-nfs_net_ini.patch
(git-fixes CVE-2024-36939 bsc#1225838).
- Update
patches.suse/scsi-lpfc-Move-NPIV-s-transport-unregistration-to-after-resource-clean-up.patch
(bsc#1225898 CVE-2024-36592 CVE-2024-36952).
- Update
patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
(bsc#122286 CVE-2021-47191 bsc#1222866).
- Update
patches.suse/soc-fsl-qbman-Always-disable-interrupts-when-taking-.patch
(bsc#1224683 CVE-2024-35819 CVE-2024-35806 bsc#1224699).
- commit 81c691f
- pstore/ram: Fix crash when setting number of cpus to an odd number (bsc#1221618, CVE-2023-52619).
- commit 03ca866
- Fix build warning
Refresh
patches.suse/PM-hibernate-x86-Use-crc32-instead-of-md5-for-hibernation-.patch.
- commit 33d6e41
- xhci: Fix incorrect tracking of free space on transfer rings
(CVE-2024-26659 bsc#1222317).
- commit 985549c
- xhci: process isoc TD properly when there was a transaction
error mid TD (CVE-2024-26659 bsc#1222317).
- commit 1966e44
- xhci: store TD status in the td struct instead of passing it
along (CVE-2024-26659 bsc#1222317).
- commit dba92cd
- xhci: Add a separate debug message for split transaction errors
(CVE-2024-26659 bsc#1222317).
- commit 93897b0
- usb: xhci: Remove ep_trb from finish_td() (CVE-2024-26659
bsc#1222317).
- commit 75b9c07
- usb: xhci: Remove ep_trb from xhci_cleanup_halted_endpoint()
(CVE-2024-26659 bsc#1222317).
- Refresh
patches.suse/xhci-remove-extra-loop-in-interrupt-context.patch.
- commit 93f2e51
- usb: xhci: remove unused variable ep_ring (CVE-2024-26659
bsc#1222317).
- commit 25ab80d
- xhci: remove extra loop in interrupt context (CVE-2024-26659
bsc#1222317).
- commit 58c6482
- Bluetooth: Fix memory leak in hci_req_sync_complete()
(bsc#1224571 CVE-2024-35978).
- commit 0071ef8
- xhci: get isochronous ring directly from endpoint structure
(CVE-2024-26659 bsc#1222317).
- commit 1c8c540
- crypto: s390/aes - Fix buffer overread in CTR mode
(CVE-2023-52669 bsc#1224637).
- commit bc65b53
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng
(CVE-2023-52615 bsc#1221614).
- commit c3d2ac9
- blacklist.conf: 55e78c933d74 mm: zswap: increase reject_compress_poor but not reject_compress_fail if compression returns ENOSPC
bsc#1221616, CVE-2023-52612 required backport of
commit 744e1885922a ("crypto: scomp - fix req->dst buffer overflow"),
for which there is the subsequent commit 55e78c933d74 ("mm: zswap:
increase reject_compress_poor but not reject_compress_fail if
compression returns ENOSPC") referencing it from the Fixes tag.
That latter commit fixes a debugfs counter stat (reject_compress_fail),
which got introduced only with commit cb61dad80fdc ("zswap: export
compression failure stats"). Thus, it's not needed, blacklist it.
- commit 6bbc535
- ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557
CVE-2024-35995).
- commit 33ff733
- ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro
(bsc#1224557 CVE-2024-35995).
- commit ae6202b
- SUNRPC: Fix a suspicious RCU usage warning (CVE-2023-52623
bsc#1222060).
- commit ffa9576
- ACPI: CPPC: Use access_width over bit_width for system memory
accesses (bsc#1224557 CVE-2024-35995).
- commit ef057c5
- ACPI: CPPC: Drop redundant local variable from cpc_read()
(bsc#1224557 CVE-2024-35995).
- commit 73812cd
- Update
patches.suse/scsi-bnx2fc-Remove-spin_lock_bh-while-releasing-resources-after-upload.patch
(bsc#1225767 CVE-2024-36919).
fix incorrect bug number
- commit d503d18
- crypto: scomp - fix req->dst buffer overflow (CVE-2023-52612
bsc#1221616).
- commit 3b5d943
- xhci: handle isoc Babble and Buffer Overrun events properly
(CVE-2024-26659 bsc#1222317).
- commit 98fde6e
- net_sched: fix a missing refcnt in tcindex_init() (bsc#1224975).
- commit 45da465
- net_sched: add a temporary refcnt for struct tcindex_data
(bsc#1224975).
- Refresh
patches.suse/net-sched-tcindex-update-imperfect-hash-filters-resp.patch.
- commit b3f881b
- net_sched: fix a memory leak in cls_tcindex (bsc#1224975).
- Refresh
patches.suse/net_sched-fix-an-OOB-access-in-cls_tcindex.patch.
- Refresh
patches.suse/net_sched-keep-alloc_hash-updated-after-hash-allocat.patch.
- commit 98c1fbb
- net: sched: fix memory leak in tcindex_partial_destroy_work (CVE-2021-47295 bsc#1224975)
- commit 280e278
- net_sched: hold rtnl lock in tcindex_partial_destroy_work() (bsc#1224975)
- commit 6f5da00
- blacklist.conf: convert entry to Alt-commit:
Refresh patches.suse/net_sched-fix-a-race-condition-in-tcindex_destroy.patch.
- commit 4a1ea17
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213,bsc#1227191)
Refresh patches.suse/drm-qxl-fix-UAF-on-handle-creation.patch
- commit 55a7bf6
- ACPI: video: check for error while searching for backlight
device parent (bsc#1224686 CVE-2023-52693).
- commit aafdad5
- ACPI: LPIT: Avoid u32 multiplication overflow (bsc#1224627
CVE-2023-52683).
- commit 57dc5ae
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- commit 90918cd
- netfilter: nft_set: preserve kabi (bsc#1215420 CVE-2023-4244).
- commit 4994a14
- netfilter: take a reference when looking up nft_sets
(bsc#1215420 CVE-2023-4244).
- commit 3f2e165
- netfilter: Implement reference counting for nft_sets
(bsc#1215420 CVE-2023-4244).
- commit b5c850d
- Fix the warning:
* return makes pointer from integer without a cast [enabled by default] in ../drivers/infiniband/hw/mlx5/srq.c in mlx5_ib_create_srq
../drivers/infiniband/hw/mlx5/srq.c: In function 'mlx5_ib_create_srq':
../drivers/infiniband/hw/mlx5/srq.c:259:3: warning: return makes pointer from integer without a cast [enabled by default]
- commit d292fa8
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- commit 29d18ef
- fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435 CVE-2024-39475)
- commit 3cf493f
- kgdb: Move the extern declaration kgdb_has_hit_break() to generic kgdb.h (git-fixes).
- commit 4c96601
- kgdb: Add kgdb_has_hit_break function (git-fixes).
- commit 096e8f7
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- commit 51d4d78
- blacklist.conf: Blacklist unapplicable commit
- commit 8985317
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit 53fc2d1
- x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes (git-fixes).
- commit 4cbd29b
- x86/fpu: Return proper error codes from user access functions (git-fixes).
- commit 16cc345
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- commit 530272a
- blacklist.conf: We don't support clang so black list related commit
- commit 0b88169
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- commit 3e224a7
- x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys (git-fixes).
- commit f7c83aa
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- commit fe70714
- PM: hibernate: x86: Use crc32 instead of md5 for hibernation e820 integrity check (git-fixes).
- commit 63895f5
- can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431
CVE-2021-47520).
- commit 0efd10b
- wifi: nl80211: don't free NULL coalescing rule (bsc#1225835 CVE-2024-36941).
- commit 6927c00
- powerpc/rtas: Prevent Spectre v1 gadget construction in
sys_rtas() (bsc#1227487).
- commit 564651d
- SUNRPC: Fix loop termination condition in
gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- nfs: Handle error of rpc_proc_register() in nfs_net_init()
(git-fixes).
- commit 823e515
- btrfs: do not BUG_ON in link_to_fixup_dir (bsc#1222005
CVE-2021-47145).
- commit fb0f08c
- soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683
CVE-2024-35819).
- commit 4f6a315
- soc: fsl: qbman: Add CGR update function (bsc#1224683
CVE-2024-35819).
- commit 3b2ce3f
- soc: fsl: qbman: Add helper for sanity checking cgr ops
(bsc#1224683 CVE-2024-35819).
- commit b33b9fc
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock
(bsc#1224683 CVE-2024-35819).
- commit 99e6ba5
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- commit a2420fb
- blacklist.conf: Add c7fcb99877f9 sched/rt: Fix sysctl_sched_rr_timeslice intial value
- commit 71427f6
- blacklist.conf: Add a57415f5d1e4 sched/deadline: Fix sched_dl_global_validate()
- commit b39262b
- sched/deadline: Fix BUG_ON condition for deboosted tasks
(bsc#1227407).
- commit 58fafac
- dyndbg: fix old BUG_ON in >control parser (bsc#1224647
CVE-2024-35947).
- commit 52ffbf7
- net: tulip: de4x5: fix the problem that the array 'lp->phy'
may be out of bound (bsc#1225505 CVE-2021-47547).
- commit 605a3ba
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (CVE-2023-52817 bsc#1225569).
- commit d2e5a64
- blacklist.conf: cd90511557fd drm/amdgpu/vkms: fix a possible null pointer dereference
- commit d0def0c
- blacklist.conf: 80285ae1ec87 drm/amdgpu: Fix potential null pointer derefernce
- commit 95c5571
- blacklist.conf: 406e8845356d drm/amd: check num of link levels when update pcie param
- commit f93c72c
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (CVE-2023-52819 bsc#1225532).
- commit d196cd8
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (CVE-2023-52818 bsc#1225530).
- commit d67dcd9
- blacklist.conf: 282c1d793076 drm/amdkfd: Fix shift out-of-bounds issue
- commit cc813e8
- drm/amd/display: Avoid NULL dereference of timing generator (CVE-2023-52753 bsc#1225478).
- commit f316fd9
- blacklist.conf: 31729e8c21ec drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
- commit 785f136
- blacklist.conf: add 2a19b28f7929866e1cec92a3619f4de9f2d20005.
- commit a4c7fa2
- drm/arm/malidp: fix a possible null pointer dereference (CVE-2024-36014 bsc#1225593).
- commit 3f35223
- llc: make llc_ui_sendmsg() more robust against bonding changes
(CVE-2024-26636 bsc#1221659).
- commit 727fec1
- llc: Drop support for ETH_P_TR_802_2 (CVE-2024-26635
bsc#1221656).
- commit 4792924
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
(bsc#1224622 CVE-2024-35828).
- commit 9f39e76
- nfc: nci: assert requested protocol is valid (bsc#1220833, CVE-2023-52507).
- commit 78bd01e
- md: fix resync softlockup when bitmap size is less than array
size (CVE-2024-38598, bsc#1226757).
- commit e578184
- dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743,
CVE-2024-35805).
- dm: call the resume method on internal suspend (bsc#1223188,
CVE-2024-26880).
- dm rq: don't queue request to blk-mq during DM suspend
(bsc#1225357, CVE-2021-47498).
- bcache: avoid oversized read request in cache missing code path
(bsc#1224965, CVE-2021-47275).
- bcache: remove bcache device self-defined readahead
(bsc#1224965, CVE-2021-47275).
- commit 0df91b9
- net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() (bsc#1225229 CVE-2021-47438)
- commit dd90392
- net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path (bsc#1225229 CVE-2021-47438)
- commit eebb92a
- usb-storage: alauda: Check whether the media is initialized
(CVE-2024-38619 bsc#1226861).
- commit 8f69e1a
- iavf: free q_vectors before queues in iavf_disable_vf
(CVE-2021-47201 bsc#1222792).
- commit 5fa75c2
- blacklist.conf: 9cb46b31f3d0 drm/xe/xe_migrate: Cast to output precision before multiplying operands
- commit 6d5246f
- bind
-
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
only allowing a maximum of 100 records to be stored per name
and type in a cache or zone database.
(CVE-2024-1737)
[bsc#1228256, bind-9.11-CVE-2024-1737.patch]
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975)
[bsc#1228257, bind-9.11-CVE-2024-1975.patch]
- gcc13
-
- Add gcc13-pr116657.patch to fix for parsing tzdata 2024b [gcc#116657]
- python3
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add bpo27240-rewrite_email_hdr_fold.patch rewriting the email
header folding algorithm to make the codebase compatible with
Python 3.6.4+, so we can continue to maintain it.
- And even before that we have to add
bpo24211-RFC6532-supp-email.patch.
- Also bpo20098-email-mangle_from-policy.patch.
- Add finally, CVE-2024-6923-email-hdr-inject.patch to prevent
email header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-4032-private-IP-addrs.patch to fix bsc#1226448
(CVE-2024-4032) rearranging definition of private v global IP
addresses.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- util-linux-systemd
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- fix Xen virtualization type misidentification bsc#1215918
lscpu-fix-parameter-order-for-ul_prefix_fopen.patch
- libzypp
-
- Url: queryparams without value should not have a trailing "=".
- version 16.22.15 (0)
- Url query part: `=` is a safe char in value (bsc#1234304)
Some CDN auth token implementations require a `=` within the
query parameters value not to be %-encoded.
- version 16.22.14 (0)
- grep
-
- port-recent-fix-to-older-pcre-version.patch: Don't assume that
a pcre_exec that returns PCRE_ERROR_NOMATCH leaves its sub
argument alone. (bsc#1227099)
- ksh
-
- do not use posix_spawn as it lacks proper job handling [bsc#1224057]
new patch: ksh93-no-posix_spawn.dif
- fix segfault in variable substitution [bsc#1129288]
new patch: ksh93-putval.dif
- fix untrusted environment execution [bsc#1160796] [CVE-2019-14868]
new patch: ksh93-untrustedenv.dif