- aaa_base
-
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
allow ICMP ping
- added patches
+ git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
current version which includes a rename of patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
the 8 bit escape sequence which interfere with UTF-8 multi byte
characters as well as support the vi mode of readline library.
This is done with the patches
* git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
* git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
before the changed patch
git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
rename it to
git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
and also add the patches
* git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
* git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
- augeas
-
- support new chrony 4.1 options (jsc#SLE-17334)
augeas-new_options_for_chrony.patch
- avahi
-
- Downgrade python3-Twisted to a Recommends. It is not available
on SLED or PackageHub, and it is only needed by avahi-bookmarks
(bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
avahi-add-resolv-conf-to-inotify.patch: re-read configuration
when resolv.conf changes, per discussion on the bug
(boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
a host's up/down status to be easily discovered and should not
be enabled by default (boo#1179060).
- bind
-
- When using forwarders, bogus NS records supplied by, or via, those
forwarders may be cached and used by named if it needs to recurse
for any reason, causing it to obtain and pass on potentially
incorrect answers.
[CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
- cloud-init
-
- systemctl location (bsc#1193531)
- Add cloud-init-sysctl-not-in-bin.patch
- The sytemctl executable is not necessarily in '/bin'
- Remove unneeded BuildRequires on python3-nose.
- cloud-regionsrv-client
-
- Update to version 10.0.2
+ Fix name of logfile in error message
+ Fix variable scoping to properly detect registration error
+ Cleanup any artifacts on registration failure
+ Fix latent bug with /etc/hosts population
+ Do not throw error when attemting to unregister a system that is not
registered
+ Skip extension registration if the extension is recommended by the
baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
+ Provide status feedback on registration, success or failure
+ Log warning message if data provider is configured but no data
can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
+ The repo enablement timer cannot depend on guestregister.service
- crash
-
- Fix module loading (bsc#1190743 ltc#194414).
+ crash-mod-fix-module-object-file-lookup.patch
- dapl
-
- Add reproducible.patch to override build date (boo#1047218)
- expat
-
* (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
breaks biboumi, ClairMeta, jxmlease, libwbxml,
openleadr-python, rnv, xmltodict
- Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
- filesystem
-
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
- glibc
-
- pthread-rwlock-trylock-stalls.patch: nptl: Fix pthread_rwlock_try*lock
stalls (bsc#1195560, BZ #23844)
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
(CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
(CVE-2021-3999, bsc#1194640, BZ #28769)
- pop-fail-stack.patch: Assertion failure in pop_fail_stack when executing
a malformed regexp (CVE-2015-8985, bsc#1193625, BZ #21163)
- libtirpc
-
- fix memory leak in client protocol version 2 code (bsc#1193805)
- update: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- libzypp
-
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
- version 17.29.4 (22)
- nfs-utils
-
- Add 0023-cache.c-removed-a-couple-warning.patch
Fix compilation with new glibc (SLE15-SP4)
(bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
Ensure "/sloppy"/ is added correctly for newer kernels. Particularly
required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
(boo#1197297)
- openldap2
-
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- openssh
-
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
connections update their dbus environment (bsc#1179465).
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
(bsc#1190975, CVE-2021-41617), backported from upstream by
Ali Abdallah.
- openssl-1_1
-
- Security Fix: [bsc#1196877, CVE-2022-0778]
* Infinite loop in BN_mod_sqrt() reachable when parsing certificates
* Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
* PAC pointer authentication signs the return address against the
value of the stack pointer, to prevent stack overrun exploits
from corrupting the control flow. The Poly1305 armv8 code got
this wrong, resulting in crashes on PAC capable hardware.
* Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
* Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
* Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
- pam
-
- Between allocating the variable "/ai"/ and free'ing them, there are
two "/return NO"/ were we don't free this variable. This patch
inserts freaddrinfo() calls before the "/return NO;"/s.
[bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
The variable is needed by systemd and others.
[bsc#1196093, macros.pam]
- procps
-
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
ignore SIGURG
- protobuf
-
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
bsc#1195258
* Add protobuf-CVE-2021-22570.patch
- python-jsonschema
-
- Add patch to fix build with new webcolors:
* webcolors.patch
- update to version 3.2.0 (jsc#SLE-18756):
* Added a format_nongpl setuptools extra, which installs only format
dependencies that are non-GPL (#619).
- specfile:
* be more explicit in %files section
* require python-importlib-metadata
- update to version 3.1.1:
* Temporarily revert the switch to js-regex until #611 and #612 are
resolved.
- changes from version 3.1.0:
* Regular expressions throughout schemas now respect the ECMA 262
dialect, as recommended by the specification (#609).
- Replace %fdupes -s with plain %fdupes; hardlinks are better.
- Activate more of the test suite
- Remove tests and benchmarking from the runtime package
- Update to v3.0.2
* Fixed a bug where 0 and False were considered equal by
const and enum
- from v3.0.1
* Fixed a bug where extending validators did not preserve their
notion of which validator property contains $id information.
- from v3.0.0
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions
(and overrides)
* Falling back to isodate for the date-time format checker is
no longer attempted, in accordance with the specification
- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients
- Update to 3.0.1:
* Support for Draft 6 and Draft 7
* Draft 7 is now the default
* New TypeChecker object for more complex type definitions (and overrides)
* Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification
- Use %license instead of %doc [bsc#1082318]
- python-lxml
-
- With the new update to 4.7.1, the old Bugzilla entries are also
fixed:
- bsc#1118088 (related to CVE-2018-19787)
- bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
Features added
- Chunked Unicode string parsing via parser.feed() now encodes the input
data to the native UTF-8 encoding directly, instead of going through
Py_UNICODE / wchar_t encoding first, which previously required duplicate
recoding in most cases.
Bugs fixed
- The standard namespace prefixes were mishandled during "/C14N2"/
serialisation
on Python 3.
See
https://mail.python.org/archives/list/lxml@python.org/thread/
6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
- lxml.objectify previously accepted non-XML numbers with underscores
(like "/1_000"/) as integers or float values in Python 3.6 and later.
It now adheres to the number format of the XML spec again.
- LP#1939031: Static wheels of lxml now contain the header files of zlib
and libiconv (in addition to the already provided headers of
libxml2/libxslt/libexslt).
Other changes
- Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
- Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
Bugs fixed
- A vulnerability (GHSL-2021-1038) in the HTML cleaner
- allowed sneaking script content through SVG images
- (bnc#1193752, CVE-2021-43818).
- A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
- sneaking script content through CSS imports and other crafted
- constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
Features added
- GH#317: A new property system_url was added to DTD entities.
- Patch by Thirdegree.
- GH#314: The STATIC_* variables in setup.py can now be passed
- via env vars.
- Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
Bugs fixed
- A vulnerability (CVE-2021-28957) was discovered in the HTML
- Cleaner by Kevin Chung, which allowed JavaScript to pass through.
- The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
Bugs fixed
- A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
Cleaner
- by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
- now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
Bugs fixed
- A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
- which allowed JavaScript to pass through. The cleaner now removes
- more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
Features added
- GH#310: lxml.html.InputGetter supports __len__() to count the number
- of input fields. Patch by Aidan Woolley.
- lxml.html.InputGetter has a new .items() method to ease processing
- all input fields.
- lxml.html.InputGetter.keys() now returns the field names in document
- order.
- GH-309: The API documentation is now generated using sphinx-apidoc.
- Patch by Chris Mayo.
Bugs fixed
- LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
- when a default namespace was defined.
- TreeBuilder.close() raised AssertionError in some error cases where
- it should have raised XMLSyntaxError. It now raises a combined
- exception to keep up backwards compatibility, while switching to
- XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
Bugs fixed
- Cleaner() now validates that only known configuration options
- can be set.
- LP#1882606: Cleaner.clean_html() discarded comments and PIs
- regardless of the corresponding configuration option, if
- remove_unknown_tags was set.
- LP#1880251: Instead of globally overwriting the document loader
- in libxml2, lxml now sets it per parser run, which improves the
- interoperability with other users of libxml2 such as libxmlsec.
- LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
- The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
- were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
- in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
Bugs fixed
- LP#1570388: Fix failures when serialising documents larger than
- 2GB in some cases.
- LP#1865141, GH#298: QName values were not accepted by the
- el.iter() method. Patch by xmo-odoo.
- LP#1863413, GH#297: The build failed to detect libraries on Linux
- that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
Features added
- A new function indent() was added to insert tail whitespace for
- pretty-printing an XML tree.
Bugs fixed
- LP#1857794: Tail text of nodes that get removed from a document
using item deletion disappeared silently instead of sticking with
the node that was removed.
Other changes
- MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
explicitly to override it.
- Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
- LP#1840234: The package version number is now available as
lxml.__version__.
- Update 4.4.3 (2020-01-28)
Bugs fixed
- LP#1844674: itertext() was missing tail text of comments and PIs
since 4.4.0.
- salt
-
- (CVE-2020-22934) (CVE-2020-22935) (CVE-2020-22936) (CVE-2020-22941) (bsc#1197417)
- Added:
* patch_for_cve_bsc1197417.patch
- supportutils
-
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
+ Added command blkid #114
+ Added s390x specific files and output #115
+ Fix for invalid argument during updates (bsc#1193204)
+ Optimized conf_files, conf_files_text and log_cmd functions #118
+ Fixed iscsi initiator name (bsc#1195797)
+ Added rpcinfo -p output #116
+ Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
+ Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
+ Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
+ Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
+ Include 'multipath -t' output in mpio.txt #105
+ Improved lsblk readability with --ascsi #106
+ Removed duplicate commands in network.txt
+ Remove duplicate firewalld status output #109
- suse-build-key
-
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
- systemd
-
- Import commit 5e7db68eb43ec3733c56e98262973431f57e2265
4f00efadc7 systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- timezone
-
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not -03-26*
* zdump -v now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
- update-alternatives
-
- break bash <-> update-alternatives cycle by coolo's rewrite
of %post in lua [bsc#1195654]
- util-linux
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- util-linux-systemd
-
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
(bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Warn if uuidd lock state is not usable (bsc#1194642,
util-linux-uuidd-check-lock-state.patch).
- Fix "/su -s"/ bash completion
(bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- yaml-cpp
-
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
cpp allows remote attackers to cause DOS via a crafted YAML file
(CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
yaml-cpp which cause DOS by stack consumption
(CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
- zlib
-
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
* bsc1197459.patch