- cloud-regionsrv-client
-
- Update -addon-azure to 1.0.2 (bsc#1196305)
+ The is-registered() function expects a string of the update server FQDN.
The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
+ Lower case the region hint to reduce issues with Azure region name
case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
+ Refactor removes check_registration() function in utils implementation
+ Only start the registration service for PAYG images
- addon-azure sub-package to version 1.0.1
- containerd
-
- Add patch for CVE-2022-23648. bsc#1196441
+ CVE-2022-23648.patch
- Update to containerd v1.4.12 for Docker 20.10.11-ce. bsc#1192814
bsc#1193273 CVE-2021-41190
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- coreutils
-
- coreutils-df-fuse-portal-dummy.patch:
df: Add "/fuse.portal"/ as a dummy file system (used in flatpak
implementations). (bsc#1189152)
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- cyrus-sasl-saslauthd
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- docker
-
- Update to Docker 20.10.12-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201012>.
- Remove CHANGELOG.md. It hasn't been maintained since 2017, and all of the
changelogs are currently only available online.
- Update to Docker 20.10.11-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#201011>. bsc#1192814
bsc#1193273 CVE-2021-41190
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Remove upstreamed patches:
- 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Update to Docker 20.10.9-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20109>. bsc#1191355
CVE-2021-41089 bsc#1191015 CVE-2021-41091 bsc#1191434
CVE-2021-41092 bsc#1191334 CVE-2021-41103 bsc#1191121
- Update to Docker 20.10.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20106>. bsc#1184768
- Update to Docker 20.10.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/#20105>. bsc#1182947
- dracut
-
- Update to version 049.1+suse.228.g07676562:
* fix(network): consistent use of "/$gw"/ for gateway (bsc#1192685)
* fix(install): handle builtin modules (bsc#1194716)
- expat
-
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
* Added expat-CVE-2022-22827.patch
- gnutls
-
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- grub2
-
- Fix error not a btrfs filesystem on s390x (bsc#1187645)
* 80_suse_btrfs_snapshot
- Add support for simplefb (boo#1193532).
* grub2-simplefb.patch
- kernel-default
-
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 4f3bbf5
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- gve: Recording rx queue before sending to napi (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer queue index check
(jsc#SLE-23652).
- gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
- gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
- gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(jsc#SLE-23652).
- gve: remove memory barrier around seqno (jsc#SLE-23652).
- gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
- gve: Move the irq db indexes out of the ntfy block struct
(jsc#SLE-23652).
- gve: Correct order of processing device options (jsc#SLE-23652).
- gve: fix for null pointer dereference (jsc#SLE-23652).
- gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
- gve: Add a jumbo-frame device option (jsc#SLE-23652).
- gve: Implement packet continuation for RX (jsc#SLE-23652).
- gve: Add RX context (jsc#SLE-23652).
- gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
- commit e1a9cfc
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
(CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- USB: gadget: validate interface OS descriptor requests
(CVE-2022-25258 bsc#1196095).
- commit 4c69367
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 6aa037a
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 7be7563
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
(CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
bsc#1195905).
- commit 96dda76
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed
(bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed
(bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state
(bsc#1192483).
- commit 4fab2c0
- KVM: s390: Return error on SIDA memop on normal guest
(bsc#1195516 CVE-2022-0516).
- commit d46602b
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit be8e591
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 413d689
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: target: iscsi: Fix cmd abort fabric stop race
(bsc#1195286).
- commit 79c1016
- Update kabi files.
- update from February 2022 maintenance update submission (commit 49453fa0b26b)
- commit 10d28a1
- series.conf: sort
Fix patch ordering in sorted section.
- commit f4bbbbf
- fix patches metadata
- fix Patch-mainline, mark partial backport, add a note to commit message
- patches.suse/net-xdp-Introduce-xdp_init_buff-utility-routine.patch
- patches.suse/net-xdp-Introduce-xdp_prepare_buff-utility-routine.patch
- commit c8555c7
- Update kabi files.
- update from out of order January 2022 maintenance update (commit 712a8e6dffc3)
- commit d4e500b
- update
- commit 8000467
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit 98c27cb
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- Delete
patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch.
which caused a regression (bsc#1194048).
- fix patches.kabi/revert-xfrm-xfrm_state_mtu-should-return-at-least-1280.patch
fixes the resulting KABI change
- Replace with an alternative fix for bsc#1185377
- commit ccdfbb9
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- SLE15-SP2 went to LTSS, hand over to L3
- commit 1e60178
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit b93c2a4
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- commit 92fcdfb
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- commit bf95985
- net/packet: rx_owner_map depends on pg_vec (bsc#1195184
CVE-2021-22600).
- commit ef975a8
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit a954734
- Update
patches.suse/usb-gadget-configfs-Fix-use-after-free-issue-with-ud.patch
(bsc#1193861 CVE-2021-39648).
updated references for a CVE that became known after the fix
had been applied for other reasons
- commit 2372cca
- net: mana: Add RX fencing (bsc#1193506).
- commit 86ca026
- net: mana: Add XDP support (bsc#1193506).
- commit 8a8d94e
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- commit 2ce60c3
- net, xdp: Introduce xdp_prepare_buff utility routine
(bsc#1193506).
- commit f1f2607
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- commit d81f88a
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- commit 472ff50
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- commit ac668ff
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- commit 38bf9aa
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 34a8919
- net: allow retransmitting a TCP packet if original is still
in queue (bsc#1188605 bsc#1187428).
- commit 07dea3c
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
This reverts commit 3aa0c01fad38360cc9cd840d49bdfdc565e2e718.
With the backport of the upstream fix for bsc#1183405 race, this workaround
is no longer needed.
- commit e063337
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
lockless qdisc (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset()
(bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times
(bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- commit abc4d94
- libzypp
-
- Public header files on older distros must use c++11
(bsc#1194597)
- Fix exception handling when reading or writing credentials
(bsc#1194898)
- version 17.29.3 (22)
- Fix Legacy include (bsc#1194597)
- version 17.29.2 (22)
- Fix broken install path for parser compat headers (fixes #372,
bsc#1194597)
- RepoManager: remember exec errors in exception history
(bsc#1193007)
- version 17.29.1 (22)
- Use the default zypp.conf settings if no zypp.conf exists
(bsc#1193488)
- Fix wrong encoding of iso: URL components (bsc#954813)
- Handle armv8l as armv7hl compatible userland.
- Introduce zypp-curl a sublibrary for CURL related code.
- zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set.
- Save all signatures associated with a public key in its
PublicKeyData.
- version 17.29.0 (22)
- nfs-utils
-
- Add 0020-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- psmisc
-
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- release-notes-sles
-
- 15.2.20220202 (tracked in bsc#933411)
- Added kernel parameter change (bsc#1195107)
- Added note about deprecating XFS V4 (jsc#SLE-22662)
- Added note about ODBC driver location (jsc#SLE-13242)
- Added note about unixODBC drivers in production (jsc#SLE-20554)
- Added note about GNOME and vncserver (bsc#1186415)
- rsyslog
-
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
- salt
-
- Fix inspector module export function (bsc#1097531)
- Add all ssh kwargs to sanitize_kwargs method
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Added:
* fix-inspector-module-export-function-bsc-1097531-480.patch
* vendor-stateresult.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* add-all-ssh-kwargs-to-sanitize_kwargs-method-3002.2-.patch
* refactor-and-improvements-for-transactional-updates-.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
- samba
-
- CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bsc#1194859); (bso#14914).
- sudo
-
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- systemd
-
- Import commit c46bcb2df93c802f43e240ceb96eaf28027808a8
28e379cc21 systemctl: exit with 1 if no unit files found (bsc#1193841)
* 60-io-scheduler.rules: add rules for virtual devices
(boo#1193759)
* 60-io-scheduler.rules: enforce "/none"/ for loop devices
(boo#1193759)
- vim
-
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
Heap-based Buffer Overflow in vim prior to 8.2.
/ vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
/ vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
/ vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
/ vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
/ vim-8.0.1568-CVE-2022-0413.patch
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
[+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
[+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
- xen
-
- bsc#1194576 - VUL-0: CVE-2022-23033: xen: arm:
guest_physmap_remove_page not removing the p2m mappings (XSA-393)
xsa393.patch
- bsc#1194581 - VUL-0: CVE-2022-23034: xen: a PV guest could DoS
Xen while unmapping a grant (XSA-394)
xsa394.patch
- bsc#1194588 - VUL-0: CVE-2022-23035: xen: insufficient cleanup of
passed-through device IRQs (XSA-395)
xsa395.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
list not giving any output
libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
- Collect active VM config files in the supportconfig plugin
xen-supportconfig
- bsc#1191510 - [UEFI]15sp4 uefi fv guest on 12sp5 host unable to
bootup with sriov pci device plugin
5e15e174-libxl-dont-needlessly-report-highmem-in-use.patch
- Upstream bug fixes (bsc#1027519)
616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
616e7cfe-x86-paging-restrict-paddr-width-reported.patch
619b7ac9-harden-assign_pages.patch
619b8cb0-x86-PoD-misaligned-GFNs.patch
619b8cb1-x86-PoD-intermediate-page-orders.patch
619b8cb2-x86-P2M-set-partial-success.patch
- Drop xsa patches in favor of upstream versions
xsa385.patch
xsa388-1.patch
xsa388-2.patch
xsa389.patch
- yast2-add-on
-
- Restore the repo unexpanded URL to get it properly saved in
the /etc/zypp/repos.d file (bsc#972046, bsc#1194851).
- 4.2.19
- zsh
-
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
could be exploited through e.g. VCS_Info to execute arbitrary shell
commands (CVE-2021-45444 bsc#1196435)
- zypper
-
- Singletrans: handle fatal and non-fatal script errors properly.
- Add SingleTransReportReceiver.
- Immediately write out additional rpm output.
- BuildRequires: libzypp-devel >= 17.29.0.
Need SingleTransReport and immediate rpm script output reports.
- version 1.14.51