- autofs
-
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
Fix problem with quote handling
(bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
Fix locking problem that causes deadlock when sss used.
(bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
- binutils
-
- Add binutils-add-z16-name.diff so that the now official name
z16 for arch14 is recognized. [bsc#1198237]
- cifs-utils
-
- CVE-2022-27239: mount.cifs: fix length check for ip option
parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
* add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- cloud-init
-
- Update to version 21.4 (bsc#1192343, jsc#PM-3181)
+ Also include VMWare functionality for (jsc#PM-3175)
+ Remove patches included upstream:
- cloud-init-purge-cache-py-ver-change.patch
- cloud-init-update-test-characters-in-substitution-unit-test.patch
+ Forward port:
- cloud-init-write-routes.patch
- cloud-init-no-tempnet-oci.patch
+ Add cloud-init-vmware-test.patch
- Test is system dependend, not properly mocked
+ Azure: fallback nic needs to be reevaluated during reprovisioning
(#1094) [Anh Vo]
+ azure: pps imds (#1093) [Anh Vo]
+ testing: Remove calls to 'install_new_cloud_init' (#1092)
+ Add LXD datasource (#1040)
+ Fix unhandled apt_configure case. (#1065) [Brett Holman]
+ Allow libexec for hotplug (#1088)
+ Add necessary mocks to test_ovf unit tests (#1087)
+ Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336)
+ distros: Remove a completed "/TODO"/ comment (#1086)
+ cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)
[dermotbradley]
+ Add "/install hotplug"/ module (SC-476) (#1069) (LP: #1946003)
+ hosts.alpine.tmpl: rearrange the order of short and long hostnames
(#1084) [dermotbradley]
+ Add max version to docutils
+ cloudinit/dmi.py: Change warning to debug to prevent console display
(#1082) [dermotbradley]
+ remove unnecessary EOF string in
disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele
Giuseppe Esposito]
+ Add module 'write-files-deferred' executed in stage 'final' (#916)
[Lucendio]
+ Bump pycloudlib to fix CI (#1080)
+ Remove pin in dependencies for jsonschema (#1078)
+ Add "/Google"/ as possible system-product-name (#1077) [vteratipally]
+ Update Debian security suite for bullseye (#1076) [Johann Queuniet]
+ Leave the details of service management to the distro (#1074)
[Andy Fiddaman]
+ Fix typos in setup.py (#1059) [Christian Clauss]
+ Update Azure _unpickle (SC-500) (#1067) (LP: #1946644)
+ cc_ssh.py: fix private key group owner and permissions (#1070)
[Emanuele Giuseppe Esposito]
+ VMware: read network-config from ISO (#1066) [Thomas Weißschuh]
+ testing: mock sleep in gce unit tests (#1072)
+ CloudStack: fix data-server DNS resolution (#1004)
[Olivier Lemasle] (LP: #1942232)
+ Fix unit test broken by pyyaml upgrade (#1071)
+ testing: add get_cloud function (SC-461) (#1038)
+ Inhibit sshd-keygen@.service if cloud-init is active (#1028)
[Ryan Harper]
+ VMWARE: search the deployPkg plugin in multiarch dir (#1061)
[xiaofengw-vmware] (LP: #1944946)
+ Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493)
+ Use specified tmp location for growpart (#1046) [jshen28]
+ .gitignore: ignore tags file for ctags users (#1057) [Brett Holman]
+ Allow comments in runcmd and report failed commands correctly (#1049)
[Brett Holman] (LP: #1853146)
+ tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050)
[Paride Legovini]
+ Allow disabling of network activation (SC-307) (#1048) (LP: #1938299)
+ renderer: convert relative imports to absolute (#1052) [Paride Legovini]
+ Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045)
[Vlastimil Holer]
+ integration-requirements: bump the pycloudlib commit (#1047)
[Paride Legovini]
+ Allow Vultr to set MTU and use as-is configs (#1037) [eb3095]
+ pin jsonschema in requirements.txt (#1043)
+ testing: remove cloud_tests (#1020)
+ Add andgein as contributor (#1042) [Andrew Gein]
+ Make wording for module frequency consistent (#1039) [Nicolas Bock]
+ Use ascii code for growpart (#1036) [jshen28]
+ Add jshen28 as contributor (#1035) [jshen28]
+ Skip test_cache_purged_on_version_change on Azure (#1033)
+ Remove invalid ssh_import_id from examples (#1031)
+ Cleanup Vultr support (#987) [eb3095]
+ docs: update cc_disk_setup for fs to raw disk (#1017)
+ HACKING.rst: change contact info to James Falcon (#1030)
+ tox: bump the pinned flake8 and pylint version (#1029)
[Paride Legovini] (LP: #1944414)
+ Add retries to DataSourceGCE.py when connecting to GCE (#1005)
[vteratipally]
+ Set Azure to apply networking config every BOOT (#1023)
+ Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603)
+ docs: fix typo and include sudo for report bugs commands (#1022)
[Renan Rodrigo] (LP: #1940236)
+ VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun]
+ Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798)
+ Integration test upgrades for the 21.3-1 SRU (#1001)
+ Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans]
+ Improve ug_util.py (#1013) [Shreenidhi Shedi]
+ Support openEuler OS (#1012) [zhuzaifangxuele]
+ ssh_utils.py: ignore when sshd_config options are not key/value pairs
(#1007) [Emanuele Giuseppe Esposito]
+ Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006)
+ cc_update_etc_hosts: Use the distribution-defined path for the hosts
file (#983) [Andy Fiddaman]
+ Add CloudLinux OS support (#1003) [Alexandr Kravchenko]
+ puppet config: add the start_agent option (#1002) [Andrew Bogott]
+ Fix `make style-check` errors (#1000) [Shreenidhi Shedi]
+ Make cloud-id copyright year (#991) [Andrii Podanenko]
+ Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi]
+ Update ds-identify to pass shellcheck (#979) [Andrew Kutz]
+ Azure: Retry dhcp on timeouts when polling reprovisiondata (#998)
[aswinrajamannar]
+ testing: Fix ssh keys integration test (#992)
- From 21.3
+ Azure: During primary nic detection, check interface status continuously
before rebinding again (#990) [aswinrajamannar]
+ Fix home permissions modified by ssh module (SC-338) (#984)
(LP: #1940233)
+ Add integration test for sensitive jinja substitution (#986)
+ Ignore hotplug socket when collecting logs (#985) (LP: #1940235)
+ testing: Add missing mocks to test_vmware.py (#982)
+ add Zadara Edge Cloud Platform to the supported clouds list (#963)
[sarahwzadara]
+ testing: skip upgrade tests on LXD VMs (#980)
+ Only invoke hotplug socket when functionality is enabled (#952)
+ Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz]
+ cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi]
+ Replace broken httpretty tests with mock (SC-324) (#973)
+ Azure: Check if interface is up after sleep when trying to bring it up
(#972) [aswinrajamannar]
+ Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi]
+ Azure: Logging the detected interfaces (#968) [Moustafa Moustafa]
+ Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz]
+ Azure: Limit polling network metadata on connection errors (#961)
[aswinrajamannar]
+ Update inconsistent indentation (#962) [Andrew Kutz]
+ cc_puppet: support AIO installations and more (#960) [Gabriel Nagy]
+ Add Puppet contributors to CLA signers (#964) [Noah Fontes]
+ Datasource for VMware (#953) [Andrew Kutz]
+ photon: refactor hostname handling and add networkd activator (#958)
[sshedi]
+ Stop copying ssh system keys and check folder permissions (#956)
[Emanuele Giuseppe Esposito]
+ testing: port remaining cloud tests to integration testing framework
(SC-191) (#955)
+ generate contents for ovf-env.xml when provisioning via IMDS (#959)
[Anh Vo]
+ Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski]
+ Implementing device_aliases as described in docs (#945)
[Mal Graty] (LP: #1867532)
+ testing: fix test_ssh_import_id.py (#954)
+ Add ability to manage fallback network config on PhotonOS (#941) [sshedi]
+ Add VZLinux support (#951) [eb3095]
+ VMware: add network-config support in ovf-env.xml (#947) [PengpengSun]
+ Update pylint to v2.9.3 and fix the new issues it spots (#946)
[Paride Legovini]
+ Azure: mount default provisioning iso before try device listing (#870)
[Anh Vo]
+ Document known hotplug limitations (#950)
+ Initial hotplug support (#936)
+ Fix MIME policy failure on python version upgrade (#934)
+ run-container: fixup the centos repos baseurls when using http_proxy
(#944) [Paride Legovini]
+ tools: add support for building rpms on rocky linux (#940)
+ ssh-util: allow cloudinit to merge all ssh keys into a custom user
file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito]
(LP: #1911680)
+ VMware: new "/allow_raw_data"/ switch (#939) [xiaofengw-vmware]
+ bump pycloudlib version (#935)
+ add renanrodrigo as a contributor (#938) [Renan Rodrigo]
+ testing: simplify test_upgrade.py (#932)
+ freebsd/net_v1 format: read MTU from root (#930) [Gonéri Le Bouder]
+ Add new network activators to bring up interfaces (#919)
+ Detect a Python version change and clear the cache (#857)
[Robert Schweikert]
+ cloud_tests: fix the Impish release name (#931) [Paride Legovini]
+ Removed distro specific network code from Photon (#929) [sshedi]
+ Add support for VMware PhotonOS (#909) [sshedi]
+ cloud_tests: add impish release definition (#927) [Paride Legovini]
+ docs: fix stale links rename master branch to main (#926)
+ Fix DNS in NetworkState (SC-133) (#923)
+ tests: Add 'adhoc' mark for integration tests (#925)
+ Fix the spelling of "/DigitalOcean"/ (#924) [Mark Mercado]
+ Small Doc Update for ReportEventStack and Test (#920) [Mike Russell]
+ Replace deprecated collections.Iterable with abc replacement (#922)
(LP: #1932048)
+ testing: OCI availability domain is now required (SC-59) (#910)
+ add DragonFlyBSD support (#904) [Gonéri Le Bouder]
+ Use instance-data-sensitive.json in jinja templates (SC-117) (#917)
(LP: #1931392)
+ doc: Update NoCloud docs stating required files (#918) (LP: #1931577)
+ build-on-netbsd: don't pin a specific py3 version (#913)
[Gonéri Le Bouder]
+ Create the log file with 640 permissions (#858) [Robert Schweikert]
+ Allow braces to appear in dhclient output (#911) [eb3095]
+ Docs: Replace all freenode references with libera (#912)
+ openbsd/net: flush the route table on net restart (#908)
[Gonéri Le Bouder]
+ Add Rocky Linux support to cloud-init (#906) [Louis Abel]
+ Add "/esposem"/ as contributor (#907) [Emanuele Giuseppe Esposito]
+ Add integration test for #868 (#901)
+ Added support for importing keys via primary/security mirror clauses
(#882) [Paul Goins] (LP: #1925395)
+ [examples] config-user-groups expire in the future (#902)
[Geert Stappers]
+ BSD: static network, set the mtu (#894) [Gonéri Le Bouder]
+ Add integration test for lp-1920939 (#891)
+ Fix unit tests breaking from new httpretty version (#903)
+ Allow user control over update events (#834)
+ Update test characters in substitution unit test (#893)
+ cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886)
[dermotbradley]
+ Add AlmaLinux OS support (#872) [Andrew Lukoshko]
+ Still need to consider the "/network"/ configuration option
- cloud-regionsrv-client
-
- Update to version 10.0.3 (bsc#1198389)
- Descend into the extension tree even if top level module is recommended
- Cache license state for AHB support to detect type switch
- Properly clean suse.com credentials when switching from SCC to update
infrastructure
- New log message to indicate base product registration success
- e2fsprogs
-
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
for libreadline.so.7 for Leap 15.3 (bsc#1196939)
- gcc11
-
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Add gcc11-D-dependence-fix.patch to fix memory corruption when
creating dependences with the D language frontend.
- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap
on aarch64 which is unresolvable.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
- gzip
-
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
* bsc1198062.patch
- fix DFLTCC segfault [bsc#1177047]
- added patches
fix https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=be0a534ba2b6e77da289de8da79e70843b1028cc
+ gzip-1.10-fix-DFLTCC-segfault.patch
- gzip.spec: move %patch10 from the ifarch condition (mistake)
- add gzip-1.10-fix_count_of_lines_to_skip.patch to fix count
of lines to skip [bsc#1180713]
- kernel-default
-
- Update
patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
references (add CVE-2022-28356 bsc#1197391).
- commit 923d4a9
- netfilter: nf_tables: initialize registers in nft_do_chain()
(CVE-2022-1016 bsc#1197227).
- commit 4726ea9
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit caaa7d4
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
in error path (CVE-2022-28390 bsc#1198031).
- commit 2396928
- xprtrdma: fix incorrect header size calculations (CVE-2022-0812
bsc#1196639).
- commit 19d5b1d
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 5ef2c78
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 62bc950
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562
bsc#1196761 CVE-2022-0850).
- commit 8570e10
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
(bsc#1196836 CVE-2022-26966).
fixed typo in References
- commit e04f4f1
- esp: Fix possible buffer overflow in ESP transformation
(bsc#1197131 CVE-2022-0886).
- commit d9e58bc
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 0ee241b
- quota: check block number when reading the block in quota file
(bsc#1197366 CVE-2021-45868).
- commit b7d9616
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit f284bec
- Fixing a series_sort.py issue for a patch
The patch: blk-mq-move-_blk_mq_update_nr_hw_queues-synchronize_rcu-call
was placed at the end of the sorted section by series_insert.py at
one time, but now series_sort.py is complaining. So move this patch
to later in series.conf, outside of the sorted section, making
series_sort.py happy.
- commit a65cae5
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
bsc#1197331).
- commit 86d43c7
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit e5bbf41
- ALSA: pcm: Fix races among concurrent prealloc proc writes
(CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
calls (CVE-2022-1048 bsc#1197331).
- commit 0f72275
- macros.kernel-source: Fix conditional expansion.
Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- rpm: Use bash for %() expansion (jsc#SLE-18234).
Since 15.4 alternatives for /bin/sh are provided by packages
<something>-sh. While the interpreter for the build script can be
selected the interpreter for %() cannot.
The kernel spec files use bashisms in %().
While this could technically be fixed there is more serious underlying
problem: neither bash nor any of the alternatives are 100% POSIX
compliant nor bug-free.
It is not my intent to maintain bug compatibility with any number of
shells for shell scripts embedded in the kernel spec file. The spec file
syntax is not documented so embedding the shell script in it causes some
unspecified transformation to be applied to it. That means that
ultimately any changes must be tested by building the kernel, n times if
n shells are supported.
To reduce maintenance effort require that bash is used for kernel build
always.
- commit bb95fef
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
(bsc#1196018).
- commit 95d7e2c
- net: usb: ax88179_178a: fix packet alignment padding
(bsc#1196018).
- commit 065384f
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
(bsc#1196018).
- commit f59903f
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
(bac#1196836 CVE-2022-26966).
added CVE number
- commit 7e940d6
- rpm: Run external scriptlets on uninstall only when available
(bsc#1196514 bsc#1196114 bsc#1196942).
When dependency cycles are encountered package dependencies may not be
fulfilled during zypper transaction at the time scriptlets are run.
This is a problem for kernel scriptlets provided by suse-module-tools
when migrating to a SLE release that provides these scriptlets only as
part of LTSS. The suse-module-tools that provides kernel scriptlets may
be removed early causing migration to fail.
- commit ab8dd2d
- Delete patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
Change included in patches.suse/tipc-improve-size-validations-for-received-domain-re.patch
- commit 064907e
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- rpm/kernel-source.spec.in: call fdupes per subpackage
It is a waste of time to do a global fdupes when we have
subpackages.
- commit 1da8439
- net: sched: use Qdisc rcu API instead of relying on rtnl lock
(bsc#1196973 CVE-2021-39713).
- net: sched: add helper function to take reference to Qdisc
(bsc#1196973 CVE-2021-39713).
- net: sched: extend Qdisc with rcu (bsc#1196973 CVE-2021-39713).
- net: sched: rename qdisc_destroy() to qdisc_put() (bsc#1196973
CVE-2021-39713).
- net: core: netlink: add helper refcount dec and lock function
(bsc#1196973 CVE-2021-39713).
- commit a22ecb0
- xen/netfront: react properly to failing
gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
CVE-2022-23042).
- commit 2b38f30
- xen/gnttab: fix gnttab_end_foreign_access() without page
specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 7149843
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
CVE-2022-23041).
- commit a920e1c
- xen/usb: don't use gnttab_end_foreign_access() in
xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit e8ca175
- xen/gntalloc: don't use gnttab_query_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23039).
- commit 02e08de
- xen/scsifront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit 78fd62a
- xen/netfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 335a138
- xen/blkfront: don't use gnttab_query_foreign_access() for
mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 69cc608
- xen/grant-table: add gnttab_try_end_foreign_access()
(bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit d8d4a06
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 9eb0e70
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- commit 520b1bb
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- usb: host: xen-hcd: add missing unlock in error path
(git-fixes).
- commit af60176
- Refresh
patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit ee8e3fd
- Refresh
patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 29bb7f5
- rpm/kernel-docs.spec.in: use %%license for license declarations
Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- kabi/severities: Ignore NPU DMA functions (bsc#1196433 ltc#196449).
These cannot be supported anymore after the following changes.
These were removed upstream in 5.3 because they were never used.
- commit f1f926b
- kABI: Add back some NPU related structure members (bsc#1196433 ltc#196449).
- commit cc295da
- Move kABI patches to kABI section.
- commit 9b9f67a
- powerpc/powernv: remove unused NPU DMA code (bsc#1196433 ltc#196449).
- commit ba1f3b7
- sr9700: sanity check for packet length (bsc#1196836).
- commit 7ac3395
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
(CVE-2022-26490 bsc#1196830).
- commit 47ae8c5
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 43f0d0b
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 936ea82
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
There is a check in OBS that fails when it is included. Also the key is
not reproducible.
Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- gve: Recording rx queue before sending to napi (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer queue index check
(jsc#SLE-23652).
- gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
- gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
- gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(jsc#SLE-23652).
- gve: remove memory barrier around seqno (jsc#SLE-23652).
- gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
- gve: Move the irq db indexes out of the ntfy block struct
(jsc#SLE-23652).
- gve: Correct order of processing device options (jsc#SLE-23652).
- gve: fix for null pointer dereference (jsc#SLE-23652).
- gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
- gve: Add a jumbo-frame device option (jsc#SLE-23652).
- gve: Implement packet continuation for RX (jsc#SLE-23652).
- gve: Add RX context (jsc#SLE-23652).
- gve: Track RX buffer allocation failures (jsc#SLE-23652).
- gve: Allow pageflips on larger pages (jsc#SLE-23652).
- gve: Add netif_set_xps_queue call (jsc#SLE-23652).
- gve: Do lazy cleanup in TX path (jsc#SLE-23652).
- gve: Add rx buffer pagecnt bias (jsc#SLE-23652).
- gve: Switch to use napi_complete_done (jsc#SLE-23652).
- gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
- gve: DQO: avoid unused variable warnings (jsc#SLE-23652).
- gve: report 64bit tx_bytes counter from
gve_handle_report_stats() (jsc#SLE-23652).
- gve: fix gve_get_stats() (jsc#SLE-23652).
- gve: Properly handle errors in gve_assign_qpl (jsc#SLE-23652).
- gve: Avoid freeing NULL pointer (jsc#SLE-23652).
- gve: Correct available tx qpl check (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer overflow check (jsc#SLE-23652).
- gve: DQO: Remove incorrect prefetch (jsc#SLE-23652).
- gve: Simplify code and axe the use of a deprecated API
(jsc#SLE-23652).
- gve: Propagate error codes to caller (jsc#SLE-23652).
- gve: Fix an error handling path in 'gve_probe()'
(jsc#SLE-23652).
- gve: Fix swapped vars when fetching max queues (jsc#SLE-23652).
- gve: DQO: Fix off by one in gve_rx_dqo() (jsc#SLE-23652).
- gve: Fix warnings reported for DQO patchset (jsc#SLE-23652).
- gve: DQO: Add RX path (jsc#SLE-23652).
- gve: DQO: Add TX path (jsc#SLE-23652).
- gve: DQO: Configure interrupts on device up (jsc#SLE-23652).
- gve: DQO: Add ring allocation and initialization
(jsc#SLE-23652).
- gve: DQO: Add core netdev features (jsc#SLE-23652).
- gve: Update adminq commands to support DQO queues
(jsc#SLE-23652).
- gve: Add DQO fields for core data structures (jsc#SLE-23652).
- gve: Add dqo descriptors (jsc#SLE-23652).
- gve: Add support for DQO RX PTYPE map (jsc#SLE-23652).
- gve: adminq: DQO specific device descriptor logic
(jsc#SLE-23652).
- gve: Introduce per netdev `enum gve_queue_format`
(jsc#SLE-23652).
- gve: Introduce a new model for device options (jsc#SLE-23652).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
(jsc#SLE-23652).
- gve: gve_rx_copy: Move padding to an argument (jsc#SLE-23652).
- gve: Move some static functions to a common file
(jsc#SLE-23652).
- gve: Correct SKB queue index validation (jsc#SLE-23652).
- gve: Upgrade memory barrier in poll routine (jsc#SLE-23652).
- gve: Add NULL pointer checks when freeing irqs (jsc#SLE-23652).
- gve: Update mgmt_msix_idx if num_ntfy changes (jsc#SLE-23652).
- gve: Check TX QPL was actually assigned (jsc#SLE-23652).
- net: gve: remove duplicated allowed (jsc#SLE-23652).
- net: gve: convert strlcpy to strscpy (jsc#SLE-23652).
- gve: Add support for raw addressing in the tx path
(jsc#SLE-23652).
- gve: Rx Buffer Recycling (jsc#SLE-23652).
- gve: Add support for raw addressing to the rx path
(jsc#SLE-23652).
- gve: Add support for raw addressing device option
(jsc#SLE-23652).
- gve: Replace zero-length array with flexible-array member
(jsc#SLE-23652).
- gve: Enable Link Speed Reporting in the driver (jsc#SLE-23652).
- gve: Use link status register to report link status
(jsc#SLE-23652).
- gve: Batch AQ commands for creating and destroying queues
(jsc#SLE-23652).
- gve: NIC stats for report-stats and for ethtool (jsc#SLE-23652).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
(jsc#SLE-23652).
- gve: Use dev_info/err instead of netif_info/err (jsc#SLE-23652).
- gve: Add stats for gve (jsc#SLE-23652).
- gve: Get and set Rx copybreak via ethtool (jsc#SLE-23652).
- net: Google gve: Remove dma_wmb() before ringing doorbell
(jsc#SLE-23652).
- gve: Fix the queue page list allocated pages count
(jsc#SLE-23652).
- gve: fix dma sync bug where not all pages synced
(jsc#SLE-23652).
- commit 11aa9c5
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
ltc#196449).
- powerpc: Don't flush caches when adding memory (bsc#1196433
ltc#196449).
- commit 23c9b78
- kernel-binary: Do not include sourcedir in certificate path.
The certs macro runs before build directory is set up so it creates the
aggregate of supplied certificates in the source directory.
Using this file directly as the certificate in kernel config works but
embeds the source directory path in the kernel config.
To avoid this symlink the certificate to the build directory and use
relative path to refer to it.
Also fabricate a certificate in the same location in build directory
when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- kernel-obs-build: include 9p (boo#1195353)
To be able to share files between host and the qemu vm of the build
script, the 9p and 9p_virtio kernel modules need to be included in
the initrd of kernel-obs-build.
- commit 0cfe67a
- net: tipc: validate domain record count on input (bsc#1195254).
- commit eaeeffc
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
tumbleweed rpm is adding these warnings to the log:
It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- commit 3ba8941
- build initrd without systemd
This reduces the size of the initrd by over 25%, which
improves startup time of the virtual machine by 0.5-0.6s on
very fast machines, more on slower ones.
- commit ef4c569
- kernel-obs-build: remove duplicated/unused parameters
lbs=0 - this parameters is just giving "/unused parameter"/ and it looks
like I can not find any version that implemented this.
rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it
alread loads the kernel module.
quiet and panic=1 will now be also always added by OBS, so we don't have
to set it here anymore.
- commit 972c692
- Revert "/- rpm/*build: use buildroot macro instead of env variable"/
buildroot macro is not being expanded inside a shell script. go
back to the environment variable usage. This reverts parts of
commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
Currently the Open Build Service hardcodes the kernel boot parameters
globally. Recently functionality was added to control the parameters
by the kernel-obs-build package, so make use of that. parameters here
will overwrite what is used by OBS otherwise.
- commit a631240
- kernel-obs-build: inform build service about virtio-serial
Inform the build worker code that this kernel supports virtio-serial,
which improves performance and relability of logging.
- commit 301a3a7
- rpm/*.spec.in: use buildroot macro instead of env variable
The RPM_BUILD_ROOT variable is considered deprecated over
a buildroot macro. future proof the spec files.
- commit e2f6026
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
Newer distros have capability to decompress zstd, which
provides a 2-5% better compression ratio at very similar
cpu overhead. Plus this tests the zstd codepaths now as well.
- commit 3d53a5b
- gve: Add basic driver framework for Compute Engine Virtual NIC
(jsc#SLE-23652).
- gve: Add ethtool support (jsc#SLE-23652).
- gve: Add workqueue and reset support (jsc#SLE-23652).
- gve: Copy and paste bug in gve_get_stats() (jsc#SLE-23652).
- gve: Fix case where desc_cnt and data_cnt can get out of sync
(jsc#SLE-23652).
- gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-23652).
- gve: Fix u64_stats_sync to initialize start (jsc#SLE-23652).
- gve: Fixes DMA synchronization (jsc#SLE-23652).
- gve: Remove the exporting of gve_probe (jsc#SLE-23652).
- gve: fix -ENOMEM null check on a page allocation
(jsc#SLE-23652).
- gve: fix unused variable/label warnings (jsc#SLE-23652).
- gve: replace kfree with kvfree (jsc#SLE-23652).
Replaced single commit gve driver add commit with all its upstream commits.
This is done in a single commit to keep bisectability.
- commit 461f4aa
- libsolv
-
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
[bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
- libzypp
-
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
- mozilla-nss
-
- Mozilla NSS 3.68.3 (bsc#1197903)
This release improves the stability of NSS when used in a multi-threaded
environment. In particular, it fixes memory safety violations that
can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
We presume that with enough effort these memory safety violations are exploitable.
* Remove token member from NSSSlot struct (bmo#1756271).
* Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
(bmo#1755555).
* Check return value of PK11Slot_GetNSSToken (bmo#1370866).
- perl
-
- Stabilize Socket::VERSION comparisons [bnc#1193489]
new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
- psmisc
-
* Add a fallback if the system call name_to_handle_at() is
not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
* Replace the synchronizing over pipes of the sub process for the
stat(2) system call with mutex and conditions from pthreads(7)
(bsc#1194172)
- Add patch psmisc-22.21-statx.patch
* Use statx(2) or SYS_statx system call to replace the stat(2)
system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- python-paramiko
-
- Add CVE-2022-24302-race-condition.patch:
* Fix a race condition between creation and chmod when writing private
keys. (bsc#1197279)
- python-pip
-
- Add wheel subpackage with the generated wheel for this package
(bsc#1176262, CVE-2019-20916).
- Make wheel a separate build run to avoid the setuptools/wheel build
cycle.
- Switch this package to use update-alternatives for all files
in %{_bindir} so it doesn't collide with the versions on
"/the latest"/ versions of Python interpreter (jsc#SLE-18038,
bsc#1195831).
- python-uamqp
-
- Update in SLE-15 (bsc#1197848)
- New upstream release
+ Version 1.5.3
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.5.1
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.5.0
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.4.3
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.4.1
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.4.0
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- New upstream release
+ Version 1.2.15
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- Refresh patches for new version
+ u_strip-werror.patch
- New upstream release
+ Version 1.2.13
+ For detailed information about changes see the
HISTORY.rst file provided with this package
- Only build Python3 flavors for distributions 15 and greater
- ruby2
-
- Update suse.patch:
- backport fix for CVE-2022-28739: ruby: Buffer overrun in
String-to-Float conversion (boo#1198441)
- back port date 2.0.3 CVE-2021-41817 (boo#1193035)
- merge the previous bug fixes into suse.patch
- CVE-2021-32066.patch
- CVE-2021-31810.patch
- CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
extconf.rb work
- salt
-
- Fix regression preventing bootstrapping new clients caused by
redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
* prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
* fix-regression-with-depending-client.ssh-on-psutil-b.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
* add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
* clear-network-interface-cache-when-grains-are-reques.patch
* fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
* fix-state.orchestrate_single-to-not-pass-pillar-none.patch
* remove-duplicated-method-definitions-in-salt.netapi-.patch
- Renamed:
* patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
* Sign authentication replies to prevent MiTM (CVE-2022-22935)
* Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
* Prevent job and fileserver replays (CVE-2022-22936)
* Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- samba
-
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
/var/run/samba; (bsc#1134046);
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- suse-build-key
-
- No longer install 1024bit keys by default. (bsc#1197293)
- SLE11 key moved to documentation
- old PTF (pre March 2022) moved to documentation only
- systemd-presets-common-SUSE
-
- enable vgauthd service for VMWare by default (bsc#1195251)
- tar
-
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
(%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
weren't previously mentioned in the changes file:
* bsc#1181131, CVE-2021-20193
* bsc#1120610
- GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
not contain any info files, and has not even a pre script. The
- doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
tar-1.31-racy_compress_tests.patch that are no longer needed
(applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
it but finds xattr functions in libc.
- update to version 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the "/-K NAME"/ option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
* tar-1.30-tests-difflink.patch
* tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
- xz
-
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
(ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
* bsc1198062.patch
- zypper
-
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52