- cloud-regionsrv-client
-
- Update to 10.3.4
+ Modify the message when network access over a specific IP version does
not work. This is an informational message and should not look like
an error
+ Inform the user that LTSS registration takes a little longer
+ Add fix-for-sles12-no-trans_update.patch
+ SLE 12 family has no products with transactional-update we do not
need to look for this condition
- From 10.3.3 (bsc#1229472)
+ Handle changes in process structure to properly identify the running
zypper parent process and only check for 1 PID
- From 10.3.2
+ Remove rgnsrv-clnt-fix-docker-setup.patch included upstream
- From 10.3.1 (jsc#PCT-400)
+ Add support for LTSS registration
+ Add fix-for-sles12-disable-registry.patch
~ No container support in SLE 12
- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- curl
-
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- Security fix: [bsc#1228535, CVE-2024-7264]
* curl: ASN.1 date parser overread
* Add curl-CVE-2024-7264.patch
- python-kiwi
-
- Update virtualenv setup
types-pkg_resources got dropped from PyPI
- transactional-update
-
- Version 4.1.9
- Adding support for specifying migration arguments
- dracut
-
- Update to version 055+suse.392.g7930ab23:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- glib2
-
- Add glib2-gdbusmessage-cache-arg0.patch: cache the arg0 value in
a dbus message. Fixes a possible use after free (boo#1224044).
- glibc
-
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228043, BZ
[#31934])
- grub2
-
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- snapper
-
- handle content-length of stomp in zypper plugin
(gh#openSUSE/snapper#918) (bsc#1229142)
* added pr919.patch
* added pr920.patch
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- systemd
-
- Import commit a57a6d239c5d6b91fb3dcd269705e60804a03ae1
cd0c9ac4f4 unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
e1eaa86a49 udev: do not set ID_PATH and by-path symlink for nvmf disks
a85d211874 man: Document ranges for distributions config files and local config files
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- Update 1011-sysv-generator-add-back-support-for-SysV-scripts-for.patch
Really skip redundant dependencies specified the LSB description that
references the file name of the service itself for early boot scripts (noticed
in bsc#1221479).
- libzypp
-
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- python-dnspython
-
- Fix CVE-2023-29483-pre1.patch
(bsc#1230353, gh#rthalley/dnspython@6d590f0a2e1b, gh#nrhall/dnspython@55d6a9d81930)
- salt
-
- Fix rich rule comparison in firewalld module (bsc#1222684)
- test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL
- Make auth.pam more robust with Salt Bundle and fix tests
- Fix performance of user.list_groups with many remote groups
- Fix "status.diskusage" function and exclude some tests for Salt Bundle
- Skip certain tests if necessary for some OSes and set flaky ones
- Add a timer to delete old env post update for venv-minion
- Several fixes for tests to avoid errors and failures in some OSes
- Added:
* firewalld-normalize-new-rich-rules-before-comparing-.patch
* several-fixes-for-tests-to-avoid-errors-and-failures.patch
* test_vultrpy-adjust-test-expectation-to-prevent-fail.patch
* fix-status.diskusage-and-exclude-some-tests-to-run-w.patch
* skip-certain-tests-if-necessary-and-mark-some-flaky-.patch
* some-more-small-tests-fixes-enhancements-661.patch
* provide-systemd-timer-unit.patch
* fix-user.list_groups-omits-remote-groups.patch
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- regionServiceClientConfigAzure
-
- Update to version 2.2.0 (jsc#PCT-360)
+ Add IPv6 certs to enable IPv6 access of the update infrastructure
+ Add noipv6.patch to patch out IPv6 on SLE 12, no IPv6 support in SLE 12
in the Public Cloud
- Update to version 2.1.0 (bsc#1217537)
+ Replace certs 23.100.36.229.pem and 40.121.202.140.pem (4096 length):
rgnsrv-azure-westus -> 23.100.36.229.pem expires 9 years
rgnsrv-azure-eastus -> 40.121.202.140.pem expires 10 years
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- selinux-policy
-
- Update to version 20230511+git17.e258ac27:
* Fix mkhomedir_helper label to match on sbin (bsc#1229701)
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- systemd-presets-branding-SMO
-
- preserve wicked enabled during upgrade if it was enabled
before (NM is default only for new installs) (bsc#1228522)
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- zypper
-
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74