- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- azure-cli-core
-
- Refresh CVE-2025-24049.patch
- azure-cli
-
- Drop CVE-2024-43591.patch, fixed upstream
- Fix testsuite evaluation logic
- cifs-utils
-
- Add patches:
* 0001-cifs.upcall-correctly-treat-UPTARGET_UNSPECIFIED-as-.patch
(bsc#1243488)
* 0001-mount.cifs-retry-mount-on-EINPROGRESS.patch
- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
* add New-mount-option-for-cifs.upcall-namespace-reso.patch
- cloud-netconfig
-
- Update to version 1.15
+ Add support for creating IPv6 default route in GCE (bsc#1240869)
+ Minor fix when looking up IPv6 default route
- cloud-regionsrv-client
-
- Update version to 10.4.0
+ Remove repositories when the package is being removed
We do not want to leave repositories behind refering to the plugin that
is being removed when the package gets removed (bsc#1240310, bsc#1240311)
+ Turn docker into an optional setup (jsc#PCT-560)
Change the Requires into a Recommends and adapt the code accordingly
+ Support flexible licenses in GCE (jsc#PCT-531)
+ Drop the azure-addon package it is geting replaced by the
license-watcher package which has a generic implementation of the
same functionality.
+ Handle cache inconsistencies (bsc#1218345)
+ Properly handle the zypper root target argument (bsc#1240997)
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- docker
-
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://github.com/moby/moby/releases/tag/v28.2.2>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- glib2
-
- Add glib2-CVE-2025-3360.patch:
Backport 8d60d7dc from upstream, Fix integer overflow when
parsing very long ISO8601 inputs. This will only happen with
invalid (or maliciously invalid) potential ISO8601 strings,
but `g_date_time_new_from_iso8601()` needs to be robust against
that.
(CVE-2025-3360, bsc#1240897)
- glibc
-
- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
debug env var for setuid for static (CVE-2025-4802, bsc#1243317)
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- haveged
-
- Fix for bsc#1222296 and bsc#1165294.
- Remove haveged-switch-root.service.
- Add haveged-once.service.
- Add patch files introducing the '--once' flag.
* introduce-once-1.patch
* introduce-once-2.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- iputils
-
- Fix bsc#1243284 - ping on s390x prints invalid ttl
* Add iputils-invalid-ttl-s390x.patch
* Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems
- Security fix [bsc#1242300, CVE-2025-47268]
* integer overflow in RTT calculation can lead to undefined behavior
* Add iputils-CVE-2025-47268.patch
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- kernel-default
-
- ext4: fix OOB read when checking dotdot dir (bsc#1241640
CVE-2025-37785).
- commit a1f98cf
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch
(git-fixes CVE-2023-53044 bsc#1242759).
- commit 70937e2
- Update
patches.suse/0001-netfs-Fix-missing-xas_retry-calls-in-xarray-iteratio.patch
(bsc#1213946 CVE-2022-49810 bsc#1242489).
- Update
patches.suse/0037-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch
(git-fixes CVE-2022-49771 bsc#1242686).
- Update
patches.suse/ACPI-APEI-Fix-integer-overflow-in-ghes_estatus_pool_.patch
(git-fixes CVE-2022-49885 bsc#1242735).
- Update
patches.suse/ALSA-hda-fix-potential-memleak-in-add_widget_node.patch
(git-fixes CVE-2022-49835 bsc#1242385).
- Update
patches.suse/ALSA-usb-audio-Drop-snd_BUG_ON-from-snd_usbmidi_outp.patch
(git-fixes CVE-2022-49772 bsc#1242147).
- Update
patches.suse/ASoC-core-Fix-use-after-free-in-snd_soc_exit.patch
(git-fixes CVE-2022-49842 bsc#1242484).
- Update
patches.suse/Bluetooth-L2CAP-Fix-memory-leak-in-vhci_write.patch
(CVE-2022-3619 bsc#1204569 CVE-2022-49908 bsc#1242157).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch
(CVE-2022-3564 bsc#1206073 CVE-2022-49910 bsc#1242452).
- Update
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
(CVE-2022-3640 bsc#1204619 CVE-2022-49909 bsc#1242453).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re-73f7b171b7c0.patch
(git-fixes CVE-2023-53145 bsc#1243047).
- Update
patches.suse/HID-intel-ish-hid-ipc-Fix-potential-use-after-free-i.patch
(git-fixes CVE-2023-53039 bsc#1242745).
- Update
patches.suse/IB-hfi1-Correctly-move-list-in-sc_disable.patch
(git-fixes CVE-2022-49931 bsc#1242382).
- Update
patches.suse/Input-i8042-fix-leaking-of-platform-device-on-module.patch
(git-fixes CVE-2022-49777 bsc#1242232).
- Update
patches.suse/Input-iforce-invert-valid-length-check-when-fetching.patch
(git-fixes CVE-2022-49790 bsc#1242387).
- Update
patches.suse/PCI-s390-Fix-use-after-free-of-PCI-resources-with-pe.patch
(git-fixes CVE-2023-53123 bsc#1242403).
- Update
patches.suse/RDMA-core-Fix-null-ptr-deref-in-ib_core_cleanup.patch
(git-fixes CVE-2022-49925 bsc#1242371).
- Update patches.suse/SUNRPC-Fix-a-server-shutdown-leak.patch
(git-fixes CVE-2023-53131 bsc#1242377).
- Update
patches.suse/SUNRPC-Fix-null-ptr-deref-when-xps-sysfs-alloc-faile.patch
(git-fixes CVE-2022-49928 bsc#1242369).
- Update patches.suse/arm64-entry-avoid-kprobe-recursion.patch
(git-fixes CVE-2022-49888 bsc#1242458).
- Update
patches.suse/ata-libata-transport-fix-double-ata_host_put-in-ata_.patch
(git-fixes CVE-2022-49826 bsc#1242549).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tdev_.patch
(git-fixes CVE-2022-49823 bsc#1242545).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tlink.patch
(git-fixes CVE-2022-49824 bsc#1242547).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tport.patch
(git-fixes CVE-2022-49825 bsc#1242548).
- Update
patches.suse/bnxt_en-Avoid-order-5-memory-allocation-for-TPA-data.patch
(jsc#SLE-18978 CVE-2023-53134 bsc#1242380).
- Update
patches.suse/bnxt_en-Fix-possible-crash-in-bnxt_hwrm_set_coal.patch
(git-fixes CVE-2022-49869 bsc#1242158).
- Update
patches.suse/bridge-switchdev-Fix-memory-leaks-when-changing-VLAN.patch
(git-fixes CVE-2022-49812 bsc#1242151).
- Update
patches.suse/ca8210-fix-mac_len-negative-array-access.patch
(git-fixes CVE-2023-53040 bsc#1242746).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rx_re.patch
(git-fixes CVE-2022-49863 bsc#1242169).
- Update
patches.suse/can-j1939-j1939_send_one-fix-missing-CAN-header-init.patch
(git-fixes CVE-2022-49845 bsc#1243133).
- Update
patches.suse/capabilities-fix-potential-memleak-on-error-path-fro.patch
(git-fixes CVE-2022-49890 bsc#1242469).
- Update
patches.suse/capabilities-fix-undefined-behavior-in-bit-shift-for.patch
(git-fixes CVE-2022-49870 bsc#1242551).
- Update
patches.suse/ceph-avoid-putting-the-realm-twice-when-decoding-snaps-fails.patch
(bsc#1206051 CVE-2022-49770 bsc#1242597).
- Update
patches.suse/cifs-Fix-connections-leak-when-tlink-setup-failed.patch
(git-fixes CVE-2022-49822 bsc#1242544).
- Update
patches.suse/cifs-fix-use-after-free-bug-in-refresh_cache_worker-.patch
(bsc#1193629 CVE-2023-53052 bsc#1242749).
- Update
patches.suse/dmaengine-mv_xor_v2-Fix-a-resource-leak-in-mv_xor_v2.patch
(git-fixes CVE-2022-49861 bsc#1242580).
- Update
patches.suse/dmaengine-ti-k3-udma-glue-fix-memory-leak-when-regis.patch
(git-fixes CVE-2022-49860 bsc#1242586).
- Update
patches.suse/drm-Fix-potential-null-ptr-deref-in-drm_vblank_destr.patch
(git-fixes CVE-2022-49827 bsc#1242689).
- Update
patches.suse/drm-amd-display-fix-shift-out-of-bounds-in-Calculate.patch
(git-fixes CVE-2023-53077 bsc#1242752).
- Update
patches.suse/drm-amdkfd-Fix-NULL-pointer-dereference-in-svm_migra.patch
(git-fixes CVE-2022-49864 bsc#1242685).
- Update
patches.suse/drm-amdkfd-Fix-an-illegal-memory-access.patch
(git-fixes CVE-2023-53090 bsc#1242753).
- Update
patches.suse/drm-drv-Fix-potential-memory-leak-in-drm_dev_init.patch
(git-fixes CVE-2022-49830 bsc#1242150).
- Update
patches.suse/drm-i915-active-Fix-misuse-of-non-idle-barriers-as-f.patch
(git-fixes CVE-2023-53087 bsc#1242280).
- Update
patches.suse/drm-shmem-helper-Remove-another-errant-put-in-error-.patch
(git-fixes CVE-2023-53084 bsc#1242294).
- Update
patches.suse/ext4-Fix-possible-corruption-when-moving-a-directory.patch
(bsc#1210763 CVE-2023-53137 bsc#1242358).
- Update
patches.suse/ext4-fix-BUG_ON-when-directory-entry-has-invalid-rec.patch
(bsc#1206886 CVE-2022-49879 bsc#1242733).
- Update
patches.suse/ext4-fix-WARNING-in-ext4_update_inline_data.patch
(bsc#1213012 CVE-2023-53100 bsc#1242790).
- Update
patches.suse/ext4-fix-another-off-by-one-fsmap-error-on-1k-block-.patch
(bsc#1210767 CVE-2023-53143 bsc#1242276).
- Update
patches.suse/ext4-fix-task-hung-in-ext4_xattr_delete_inode.patch
(bsc#1213096 CVE-2023-53089 bsc#1242744).
- Update
patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch
(bsc#1206887 CVE-2022-49880 bsc#1242734).
- Update
patches.suse/ext4-update-s_journal_inum-if-it-changes-after-journ.patch
(bsc#1213094 CVE-2023-53091 bsc#1242767).
- Update
patches.suse/ext4-zero-i_disksize-when-initializing-the-bootloade.patch
(bsc#1213013 CVE-2023-53101 bsc#1242791).
- Update
patches.suse/firmware-xilinx-don-t-make-a-sleepable-memory-alloca.patch
(git-fixes CVE-2023-53099 bsc#1242399).
- Update
patches.suse/ftrace-Fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
(git-fixes CVE-2023-53075 bsc#1242218).
- Update
patches.suse/ftrace-Fix-null-pointer-dereference-in-ftrace_add_mod.patch
(git-fixes CVE-2022-49802 bsc#1242270).
- Update
patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch
(git-fixes CVE-2022-49892 bsc#1242449).
- Update
patches.suse/gfs2-Check-sb_bsize_shift-after-reading-superblock.patch
(git-fixes CVE-2022-49769 bsc#1242440).
- Update
patches.suse/i2c-piix4-Fix-adapter-not-be-removed-in-piix4_remove.patch
(git-fixes CVE-2022-49900 bsc#1242454).
- Update
patches.suse/i40e-Fix-kernel-crash-during-reboot-when-adapter-is-.patch
(jsc#SLE-18378 CVE-2023-53114 bsc#1242398).
- Update patches.suse/iavf-fix-hang-on-reboot-with-ice.patch
(jsc#SLE-18385 CVE-2023-53064 bsc#1242222).
- Update patches.suse/ibmvnic-Free-rwi-on-reset-success.patch
(bsc#1184350 ltc#191533 git-fixes CVE-2022-49906 bsc#1242464).
- Update
patches.suse/ice-copy-last-block-omitted-in-ice_get_module_eeprom.patch
(git-fixes CVE-2023-53142 bsc#1242282).
- Update
patches.suse/igb-revert-rtnl_lock-that-causes-deadlock.patch
(jsc#SLE-18379 CVE-2023-53060 bsc#1242241).
- Update
patches.suse/iio-adc-at91_adc-fix-possible-memory-leak-in-at91_ad.patch
(git-fixes CVE-2022-49794 bsc#1242392).
- Update
patches.suse/iio-adc-mp2629-fix-potential-array-out-of-bound-acce.patch
(git-fixes CVE-2022-49792 bsc#1242389).
- Update
patches.suse/iio-trigger-sysfs-fix-possible-memory-leak-in-iio_sy.patch
(git-fixes CVE-2022-49793 bsc#1242391).
- Update
patches.suse/interconnect-exynos-fix-node-leak-in-probe-PM-QoS-er.patch
(git-fixes CVE-2023-53092 bsc#1242415).
- Update
patches.suse/interconnect-fix-mem-leak-when-freeing-nodes.patch
(git-fixes CVE-2023-53096 bsc#1242289).
- Update
patches.suse/ipv6-addrlabel-fix-infoleak-when-sending-struct-ifad.patch
(git-fixes CVE-2022-49865 bsc#1242570).
- Update
patches.suse/kprobes-Skip-clearing-aggrprobe-s-post_handler-in-kprobe-on-ftrace-case.patch
(git-fixes CVE-2022-49779 bsc#1242261).
- Update patches.suse/loop-Fix-use-after-free-issues.patch
(bsc#1214991 CVE-2023-53111 bsc#1242428).
- Update
patches.suse/mISDN-fix-misuse-of-put_device-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49818 bsc#1242527).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_dsp_element_.patch
(git-fixes CVE-2022-49821 bsc#1242542).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49915 bsc#1242409).
- Update
patches.suse/macvlan-enforce-a-consistent-minimal-mtu.patch
(git-fixes CVE-2022-49776 bsc#1242248).
- Update
patches.suse/media-meson-vdec-fix-possible-refcount-leak-in-vdec_.patch
(git-fixes CVE-2022-49887 bsc#1242736).
- Update
patches.suse/media-rc-gpio-ir-recv-add-remove-function.patch
(git-fixes CVE-2023-53098 bsc#1242779).
- Update
patches.suse/misc-vmw_vmci-fix-an-infoleak-in-vmci_host_do_receiv.patch
(git-fixes CVE-2022-49788 bsc#1242353).
- Update
patches.suse/mmc-sdhci-pci-Fix-possible-memory-leak-caused-by-mis.patch
(git-fixes CVE-2022-49787 bsc#1242352).
- Update
patches.suse/msft-hv-2675-HID-hyperv-fix-possible-memory-leak-in-mousevsc_prob.patch
(git-fixes CVE-2022-49874 bsc#1242478).
- Update patches.suse/net-ena-Fix-error-handling-in-ena_init.patch
(git-fixes CVE-2022-49813 bsc#1242497).
- Update patches.suse/net-iucv-Fix-size-of-interrupt-data.patch
(bsc#1211465 git-fixes CVE-2023-53108 bsc#1242422).
- Update
patches.suse/net-macvlan-fix-memory-leaks-of-macvlan_common_newli.patch
(git-fixes CVE-2022-49853 bsc#1242688).
- Update
patches.suse/net-mlx5-E-Switch-Fix-an-Oops-in-error-handling-code.patch
(jsc#SLE-19253 CVE-2023-53058 bsc#1242237).
- Update patches.suse/net-mlx5-Fix-steering-rules-cleanup.patch
(jsc#SLE-19253 CVE-2023-53079 bsc#1242765).
- Update
patches.suse/net-smc-Fix-possible-leaked-pernet-namespace-in-smc_init
(git-fixes CVE-2022-49905 bsc#1242467).
- Update
patches.suse/net-tun-Fix-memory-leaks-of-napi_get_frags.patch
(git-fixes CVE-2022-49871 bsc#1242558).
- Update
patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53068 bsc#1242239).
- Update
patches.suse/net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53125 bsc#1242285).
- Update
patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53062 bsc#1242228).
- Update
patches.suse/net-x25-Fix-skb-leak-in-x25_lapb_receive_frame.patch
(git-fixes CVE-2022-49809 bsc#1242402).
- Update
patches.suse/nfc-fdp-Fix-potential-memory-leak-in-fdp_nci_send.patch
(git-fixes CVE-2022-49924 bsc#1242426).
- Update
patches.suse/nfc-fdp-add-null-check-of-devm_kmalloc_array-in-fdp_.patch
(git-fixes CVE-2023-53139 bsc#1242361).
- Update
patches.suse/nfc-nfcmrvl-Fix-potential-memory-leak-in-nfcmrvl_i2c.patch
(git-fixes CVE-2022-49922 bsc#1242378).
- Update
patches.suse/nfc-nxp-nci-Fix-potential-memory-leak-in-nxp_nci_sen.patch
(git-fixes CVE-2022-49923 bsc#1242394).
- Update
patches.suse/nfc-pn533-initialize-struct-pn533_out_arg-properly.patch
(git-fixes CVE-2023-53119 bsc#1242370).
- Update
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990 CVE-2023-53106
bsc#1242215).
- Update
patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch
(git-fixes CVE-2022-49927 bsc#1242416).
- Update
patches.suse/nilfs2-fix-deadlock-in-nilfs_count_free_blocks.patch
(git-fixes CVE-2022-49850 bsc#1242164).
- Update
patches.suse/nilfs2-fix-kernel-infoleak-in-nilfs_ioctl_wrap_copy.patch
(git-fixes CVE-2023-53035 bsc#1242739).
- Update
patches.suse/nilfs2-fix-use-after-free-bug-of-ns_writer-on-remoun.patch
(git-fixes CVE-2022-49834 bsc#1242695).
- Update
patches.suse/nvmet-avoid-potential-UAF-in-nvmet_req_complete.patch
(git-fixes CVE-2023-53116 bsc#1242411).
- Update
patches.suse/nvmet-fix-a-memory-leak-in-nvmet_auth_set_key.patch
(git-fixes CVE-2022-49807 bsc#1242357).
- Update
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- Update
patches.suse/octeontx2-pf-Fix-SQE-threshold-checking.patch
(jsc#SLE-24682 CVE-2022-49858 bsc#1242589).
- Update
patches.suse/perf-core-Fix-perf_output_begin-parameter-is-incorrectly-invoked-in-perf_event_bpf_output.patch
(git fixes CVE-2023-53065 bsc#1242229).
- Update
patches.suse/phy-ralink-mt7621-pci-add-sentinel-to-quirks-table.patch
(git-fixes CVE-2022-49868 bsc#1242550).
- Update
patches.suse/pinctrl-devicetree-fix-null-pointer-dereferencing-in.patch
(git-fixes CVE-2022-49832 bsc#1242154).
- Update
patches.suse/platform-chrome-cros_ec_chardev-fix-kernel-data-leak.patch
(git-fixes CVE-2023-53059 bsc#1242230).
- Update
patches.suse/qed-qed_sriov-guard-against-NULL-derefs-from-qed_iov.patch
(jsc#SLE-19001 CVE-2023-53066 bsc#1242227).
- Update
patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch
(bsc#1204705 CVE-2022-49889 bsc#1242455).
- Update
patches.suse/rose-Fix-NULL-pointer-dereference-in-rose_send_frame.patch
(git-fixes CVE-2022-49916 bsc#1242421).
- Update
patches.suse/scsi-core-Remove-the-proc-scsi-proc_name-directory-earlier.patch
(git-fixes CVE-2023-53140 bsc#1242372).
- Update
patches.suse/scsi-lpfc-Check-kzalloc-in-lpfc_sli4_cgn_params_read.patch
(git-fixes CVE-2023-53038 bsc#1242743).
- Update
patches.suse/scsi-mpt3sas-Fix-NULL-pointer-access-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2023-53124 bsc#1242165).
- Update
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch
(git-fixes CVE-2023-53041 bsc#1242747).
- Update
patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch
(bsc#1209292 bsc#1209684 bsc#1209556 CVE-2023-53056
bsc#1242219).
- Update
patches.suse/scsi-scsi_dh_alua-Fix-memleak-for-qdata-in-alua_activate.patch
(git-fixes CVE-2023-53078 bsc#1242231).
- Update
patches.suse/scsi-scsi_transport_sas-Fix-error-handling-in-sas_phy_add.patch
(git-fixes CVE-2022-49839 bsc#1242443).
- Update
patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails
(git-fixes CVE-2022-49789 bsc#1242366).
- Update
patches.suse/serial-imx-Add-missing-.thaw_noirq-hook.patch
(git-fixes CVE-2022-49841 bsc#1242473).
- Update
patches.suse/siox-fix-possible-memory-leak-in-siox_device_add.patch
(git-fixes CVE-2022-49836 bsc#1242355).
- Update
patches.suse/tracing-Do-not-let-histogram-values-have-some-modifiers.patch
(git-fixes CVE-2023-53093 bsc#1242279).
- Update
patches.suse/tracing-Fix-memory-leak-in-test_gen_synth_cmd-and-test_empty_synth_event.patch
(git-fixes CVE-2022-49800 bsc#1242265).
- Update
patches.suse/tracing-Fix-memory-leak-in-tracing_read_pipe.patch
(git-fixes CVE-2022-49801 bsc#1242338).
- Update
patches.suse/tracing-Fix-wild-memory-access-in-register_synth_event.patch
(git-fixes CVE-2022-49799 bsc#1242264).
- Update
patches.suse/tracing-kprobe-Fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch
(git-fixes CVE-2022-49891 bsc#1242456).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_array-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49796 bsc#1242305).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_event_file-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49797 bsc#1242320).
- Update
patches.suse/udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_e.patch
(bsc#1206649 CVE-2022-49846 bsc#1242716).
- Update
patches.suse/usb-dwc2-fix-a-devres-leak-in-hw_enable-upon-suspend.patch
(git-fixes CVE-2023-53054 bsc#1242226).
- Update
patches.suse/usb-gadget-u_audio-don-t-let-userspace-block-driver-.patch
(git-fixes CVE-2023-53045 bsc#1242756).
- Update
patches.suse/usb-ucsi-Fix-NULL-pointer-deref-in-ucsi_connector_ch.patch
(git-fixes CVE-2023-53049 bsc#1242244).
- Update
patches.suse/wifi-cfg80211-fix-memory-leak-in-query_regdb_file.patch
(git-fixes CVE-2022-49881 bsc#1242481).
- Update
patches.suse/x86-fpu-Drop-fpregs-lock-before-inheriting-FPU-permissions.patch
(bnc#1205282 CVE-2022-49783 bsc#1242312).
- commit b466a4e
- arm64: proton-pack: Add new CPUs 'k' values for branch
mitigation (bsc#1242778).
- commit 9eea847
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged
users (bsc#1242778).
- commit 8fea3ff
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
(bsc#1242778).
- commit 40fcf50
- arm64: proton-pack: Expose whether the branchy loop k value
(bsc#1242778).
- commit ec2de57
- arm64: proton-pack: Expose whether the platform is mitigated
by firmware (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- commit ae7bc9f
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 335bd7e
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- commit 19dfad0
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 15.4 anymore.
- commit 30c990a
- Refresh fixes for cBPF issue (bsc#1242778)
- Update metadata and put them into the sorted part of the series
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- Refresh
patches.suse/x86-bpf-add-IBHF-call-at-end-of-classic-BPF.patch.
- Refresh
patches.suse/x86-bpf-call-branch-history-clearing-sequence-on-exit.patch.
- commit 46d2b60
- mptcp: fix NULL pointer in can_accept_new_subflow
(CVE-2025-23145 bsc#1242596).
- mptcp: relax check on MPC passive fallback (CVE-2025-23145
bsc#1242596).
- mptcp: refine opt_mp_capable determination (CVE-2025-23145
bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
(CVE-2025-23145 bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
(CVE-2025-23145 bsc#1242596).
- mptcp: strict validation before using mp_opt->hmac
(CVE-2025-23145 bsc#1242596).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
(CVE-2025-23145 bsc#1242596).
- mptcp: Fix duplicated argument in protocol.h (CVE-2025-23145
bsc#1242596).
- mptcp: consolidate in_opt sub-options fields in a bitmask
(CVE-2025-23145 bsc#1242596).
- mptcp: better binary layout for mptcp_options_received
(CVE-2025-23145 bsc#1242596).
- mptcp: do not set unconditionally csum_reqd on incoming opt
(CVE-2025-23145 bsc#1242596).
- commit 3eef261
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (CVE-2025-21888 bsc#1240177)
- commit a053ba8
- net: make sock_inuse_add() available (CVE-2024-53168
bsc#1234887).
- commit a64cc81
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(CVE-2024-53168 bsc#1234887).
- commit 2087675
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit ba9a618
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- commit af6a7f8
- Refresh
patches.suse/ACPI-processor-idle-return-an-error-if-both-P_LVL-2-.patch.
The patch has meanwhile been merged upstream. Add it to the sorted section.
- commit 2243312
- nfsd: make sure exp active before svc_export_show
(CVE-2024-56558 bsc#1235100).
- commit 3fbc559
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
(CVE-2025-22056 bsc#1241525).
- commit ead34ea
- net: mvpp2: Prevent parser TCAM memory corruption
(CVE-2025-22060 bsc#1241526).
- net: mvpp2: parser fix QinQ (CVE-2025-22060 bsc#1241526).
- commit d211f59
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- commit fcdce73
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (CVE-2022-49775 bsc#1242245)
- commit 1480658
- ocfs2: fix the issue with discontiguous allocation in the
global_bitmap (git-fixes).
- commit 1773903
- Update
patches.suse/scsi-core-Fix-a-procfs-host-directory-removal-regression.patch
(git-fixes CVE-2023-53118 bsc#1242365).
updated meta-data, adding new CVE and bug references
- commit 87fcd7f
- proc: fix UAF in proc_get_inode() (bsc#1240802 CVE-2025-21999).
- commit 8fb7944
- net: openvswitch: fix nested key length validation in the set()
action (CVE-2025-37789 bsc#1242762).
- commit 52f7543
- netfilter: conntrack: revisit the gc initial rescheduling bias
(CVE-2022-49110 bsc#1237981).
- commit 7e1d902
- netfilter: conntrack: fix the gc rescheduling delay
(CVE-2022-49110 bsc#1237981).
- commit 9cc8bdd
- netfilter: conntrack: revisit gc autotuning (CVE-2022-49110
bsc#1237981).
- commit da48bfa
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032 CVE-2022-49139).
- commit 2031355
- watch_queue: fix pipe accounting mismatch (CVE-2025-23138 bsc#1241648).
- commit 789ef85
- 9p/trans_fd: always use O_NONBLOCK read/write (CVE-2022-49767 bsc#1242493).
- commit 9dce75d
- Update
patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch
(git-fixes CVE-2023-53051 bsc#1242284).
- commit 33b6152
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit
(bsc#1242778).
- commit bcd2c85
- Update
patches.suse/can-etas_es58x-es58x_rx_err_msg-fix-memory-leak-in-e.patch
(git-fixes stable-5.14.19 CVE-2021-47671 bsc#1241421).
- commit 855e2af
- Update
patches.suse/net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(bsc#1240195 CVE-2024-46784 bsc#1230771).
- commit b86bfe4
- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
This reverts commit b68bd5953c15c3c2b21e60fbd6d8a52b0bbb030c.
This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit d9d19c1
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit b68bd59
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
(CVE-2025-22045 bsc#1241433).
- commit c4ca325
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280 CVE-2025-22020).
- commit 0f74fae
- drm/vkms: Fix use after free and double free on init error
(CVE-2025-22097 bsc#1241541).
- commit 02fe040
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 15ff527
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit 889e26f
- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
bsc#1238471).
- commit 1d6ea68
- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch.
- commit 88b5c8e
- Update
patches.suse/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_pro.patch
(git-fixes CVE-2022-49741 bsc#1240747).
- commit 0c9a431
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- commit 6a0c1b0
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785 bsc#1238747)
- commit 2c96a9a
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit 50bbf71
- Delete
patches.suse/btrfs-defrag-don-t-use-merged-extent-map-for-their-generat.patch.
- Delete
patches.suse/btrfs-fix-defrag-not-merging-contiguous-extents-due-to-mer.patch.
- Delete
patches.suse/btrfs-fix-extent-map-merging-not-happening-for-adjacent-ex.patch.
Reverting ineffective changes for bsc#1239968 and closing it as WONTFIX.
- commit a1bc1ab
- padata: avoid UAF for reorder_work (CVE-2025-21726 bsc#1238865).
- commit bfab8c2
- libapparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- freetype2
-
- enable brotli support (jsc#PED-12258)
- icu
-
- Add icu-CVE-2025-5222.patch:
Backport 2c667e3 from upstream, ICU-22973 Fix buffer overflow by
using CharString.
(CVE-2025-5222, bsc#1243721)
- mozjs60
-
- Add libtheora-avoid-negative-shift.patch: avoid negative shift in
huffdec.c (bsc#1234837 CVE-2024-56431).
- Explicitly require libicu-devel, rather than using pkgconfig, to
avoid unintentionally building against icu 73.
- ncurses
-
- Modify patch ncurses-5.9-ibm327x.dif
* Backport sclp terminfo description entry if for s390 sclp terminal lines
* Add a further sclp entry for qemu s390 based systems
* Make use of dumb
- python311
-
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Use one core to build doc. This will make sphinx doc build
reproducible.
bsc#1243155
- Update to 3.11.13:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar")
to be bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
(gh#135034, bsc#1244061).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
according to RFC 3596, §2.5. Patch by Bénédikt Tran.
- bpo-43633: Improve the textual representation of
IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
in ipaddress. Patch by Oleksandr Pavliuk.
- Remove upstreamed patches:
- gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
- CVE-2025-4516-DecodeError-handler.patch
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- Use extended %autopatch.
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)
- Update to 3.11.12:
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject domain
names containing square brackets ([ and ]). Square brackets
are only valid for IPv6 and IPvFuture hosts according to RFC
3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
gh#python/cpython#105704).
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using a
carefully constructed encoded-word if the resulting rendered
email was transmitted or re-parsed.
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so that
it spanned more than one line, the surrounding quotes and
internal escapes would be omitted. This could theoretically
be used to spoof header lines using a carefully constructed
quoted string if the resulting rendered email was transmitted
or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On many
systems this is harmless as unused virtual memory is only
a mapping, but if this hit a virtual address size limit
it could lead to a MemoryError or other process crash. On
unusual systems or builds where all allocated memory is
touched and backed by actual ram or storage it could’ve
consumed resources doing so until similarly crashing.
- gh-127257: In ssl, system call failures that OpenSSL reports
using ERR_LIB_SYS are now raised as OSError.
- gh-121277: Writers of CPython’s documentation can now use
next as the version for the versionchanged, versionadded,
deprecated directives.
- gh-106883: Disable GC during the _PyThread_CurrentFrames()
and _PyThread_CurrentExceptions() calls to avoid the
interpreter to deadlock.
- Remove upstreamed patch:
- CVE-2025-0938-sq-brackets-domain-names.patch
- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
which makes test_ssl not to stop ThreadedEchoServer on OSError,
which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067,
gh#python/cpython!126572)
- librdkafka
-
- 0001-Fix-timespec-conversion-to-avoid-infinite-loop-2108-.patch:
avoid endless loops (bsc#1242842)
- ruby2.5
-
- update suse.patch to 736ea75f25d52fdebb88ed6583468bd7c21190f6
- fix ReDoS in CGI::Util#escapeElement
bsc#1237806 CVE-2025-27220
- fix denial of service in CGI::Cookie.parse
bsc#1237804 CVE-2025-27219
- update suse.patch to 6bf78da1fc4048a11a8612741216ebc47d9ebb41
- move the request smuggling patch to the correct place
actually fixes bsc#1230930 CVE-2024-47220 and now boo#1235773
- libsolv
-
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32
- Provide a symbol specific for the ruby-version
so yast does not break across updates (boo#1235598)
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- libxml2
-
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- libzypp
-
- Fix credential handling in HEAD requests (bsc#1244105)
- version 17.37.5 (35)
- RepoInfo: use pathNameSetTrailingSlash (fixes #643)
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- version 17.37.4 (35)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- version 17.37.3 (35)
- Add a note to service maintained .repo file entries (fixes #638)
- Support using %{url} variable in a RIS service's repo section.
- version 17.37.2 (35)
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- version 17.37.1 (35)
- Code16: Enable curl2 backend and parallel package download by
default. In Code15 it's optional.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks (fixes
openSUSE/zypper#605)
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- version 17.37.0 (35)
- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
libxml2 2.14 potentially reads the complete stream, so it may
have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
keeppackages, gpgkey, mirrorlist, and metalink with the same
semantic as in a .repo file.
- version 17.36.7 (35)
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
The default was true in Code12 (libzypp-16.x) and changed to
false with Code15 (libzypp-17.x). Unfortunately this was done by
shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
Ftp actually differs between absolute and relative URL paths.
Absolute path names begin with a double slash encoded as '/%2F'.
This must be preserved when manipulating the path.
- version 17.36.5 (35)
- Add a transaction package preloader (fixes openSUSE/zypper#104)
This patch adds a preloader that concurrently downloads files
during a transaction commit. It's not yet enabled per default.
To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
(fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- mozilla-nss
-
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.
- openssh
-
- Added openssh-bsc1241045-kexalgo-gt-256bits.patch (bsc#1241045)
from upstream, which allows KEX hashes greater than 256 bits.
Thanks to Ali Abdallah <ali.abdallah@suse.com>.
- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
This fixes an upstream logic error handling the DisableForwarding
option.
- Update openssh-7.6p1-audit_race_condition.patch (bsc#1232533),
fixing failures with very large MOTDs. Thanks to Ali Abdallah
<ali.abdallah@suse.com>.
- Updated openssh-8.1p1-audit.patch (bsc#1228634) with modification
from Jaroslav Jindrak (jjindrak@suse.com) to fix the hostname
being left out of the audit output.
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- pam
-
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- patterns-base
-
- add bpftool to patterns enhanced base. jsc#PED-8375
- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- python-azure-agent
-
- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf
(bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
using python2 in SLE 12 (bsc#1240385)
- python-instance-billing-flavor-check
-
- Update to version 1.0.1
+ Fix infinite loop (bsc#1242064)
+ Fix bug in update infrastructure request (bsc#1242064)
- python-psutil
-
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- python-pyzmq
-
- Prevent open files leak by closing sockets on timeout (bsc#1241624)
- Added:
* close-socket-on-timeout.patch
- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- python3-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- python-azure-appconfiguration
-
- New upstream release
+ Version 1.7.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 1.7.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-batch
-
- New upstream release
+ Version 14.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-batch
-
- New upstream release
+ Version 17.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-compute
-
- New upstream release
+ Version 33.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 33.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 30.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-containerservice
-
- New upstream release
+ Version 32.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 30.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-cosmosdb
-
- New upstream release
+ Version 9.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 9.5.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 9.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-rdbms
-
- New upstream release
+ Version 10.2.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b14
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-recoveryservicesbackup
-
- New upstream release
+ Version 9.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 9.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-recoveryservices
-
- New upstream release
+ Version 3.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redhatopenshift
-
- New upstream release
+ Version 1.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redis
-
- New upstream release
+ Version 14.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 14.4.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-resource
-
- New upstream release
+ Version 23.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 23.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 23.1.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove temporary version override
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-servicefabricmanagedclusters
-
- New upstream release
+ Version 2.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Remove temporary version override
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-servicelinker
-
- New upstream release
+ Version 1.2.0b3
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.2.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-signalr
-
- New upstream release
+ Version 2.0.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-sql
-
- New upstream release
+ Version 4.0.0b21
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b20
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b19
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 4.0.0b18
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-storage
-
- New upstream release
+ Version 21.2.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 21.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-multiapi-storage
-
- New upstream release
+ Version 1.4.0
+ For detailed information about changes see the
README.rst file provided with this package
- New upstream release
+ Version 1.3.0
+ For detailed information about changes see the
README.rst file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-synapse-artifacts
-
- New upstream release
+ Version 0.19.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-cryptography
-
- Update vendor tarball to fix CVE-2025-3416 (bsc#1242631)
- python-msal-extensions
-
- Update to version 1.3.1
* Do not install tests in site-packages by @musicinmybrain in (#139)
* Also dropped Python 3.7 and 3.8 since this release
- from version 1.3.0
* Fix a typo in README.md (persistance/persistence)
by @musicinmybrain in (#133)
* Maintenance by @rayluo in (#137)
* Allow portalocker version 3 by @musicinmybrain in (#136)
* Make portalocker optional (opt in by pip install
msal-extensions[portalocker]) by @rayluo in (#117)
- Drop me_relax-portalocker.patch, fixed upstream
- Add patch to relax python-portalocker version dependency in setup.py
+ me_relax-portalocker.patch
- Relax python-portalocker version dependency in BuildRequires and Requires
- Update to version 1.2.0
+ Remove mentions of Travis CI by @akx in (#126)
+ Set proper lower bound for portalocker dependency,
drop packaging dependency by @akx in (#125)
+ Switch to MSAL 1.29+'s TokenCache.search()
by @rayluo in (#131)
- Remove temporary version override
- Update BuildRequires and Requires from setup.py
- Update to version 1.2.0b1
+ MSAL Extensions has been updated to work with
MSAL Python 1.27.* and 1.28.* (#127, #128)
- Adjust upstream source name in spec file
- Override upstream version with 1.2.0~b1
- Update Requires from setup.py
- python-msal
-
- Update to version 1.32.3
* Fix a regression on Azure Arc / on-prem servers (#814, #815)
- from version 1.32.2
* Bugfix for Authentication Failed: MsalResponse object has no
attribute 'headers' (#812)
- from version 1.32.1
* Optimization on cache
- Update to version 1.32.0
* Refactor to allow adding new field into cache key
and/or content by @rayluo in (#751)
* Warning when obsolete msal-extensions is detected
by @rayluo in (#752)
* Add msal_cache.bin to .gitignore by @DharshanBJ in (#753)
* MSAL will use env var MSAL_FORCE_REGION by default
by @rayluo in (#756)
* Allow MI endpoint changing through environment variable
by @jimdigriz in (#754)
* Revert "allow MI endpoint changing through environment
variable" by @rayluo in (#769)
* Fix document for using SystemAssigned managed identity
by @jiasli in (#764)
* Suppress a false positive CodeQL alarm by @rayluo in (#783)
* Pass Sku and Ver to MsalRuntime by @Ugonnaak1 in (#786)
* Try to suppress another verify=False by @rayluo in (#788)
* Supports dSTS by ClientApplication(..., authority=
"https://...example.com/dstsv2/...") by @rayluo in (#772)
* Add test case to show that OBO supports SP by @rayluo in (#481)
* Enable Issue-Sentinel to scan for similar issues by @DharshanBJ in (#790)
* Support pod identity by @rayluo in (#795)
* Scope to resource by @rayluo in (#785)
- Update to version 1.31.2b1
* acquire_token_interactive(...) supports scope with the shape of
"GUID/.default" when running inside Cloud Shell (#784, #785)
- Override upstream version with 1.31.2~b1
- Update to version 1.31.1
* Bugfix: The Managed Identity detection logic on Arc (#731)
had a bug (#762), now fixed in PR (#763)
- Update to version 1.31.0
* Integration with Broker-on-Mac in (#596)
* Change Managed Identity detection logic on Arc in (#731)
* Managed Identity supports CAE in (#730)
* Support Managed Identity on Azure Container
Instance (ACI) with Resource id in (#741)
* Other refactoring in (#740)
- Update to version 1.30.0
* New feature: Support Subject Name/Issuer authentication when using
.pfx certificate file. Documentation available in one of the recent
purple boxes here. (#718)
* New feature: Automatically use SHA256 and PSS padding when using
.pfx certificate on non-ADFS, non-OIDC authorities. (#722)
* New feature: Expose refresh_on (if any) to fresh or cached response,
so that caller may choose to proactively call acquire_token_silent()
early. (#723)
* Bugfix for token cache search. MSAL 1.27+ customers please upgrade
to MSAL 1.30+. (#717)
- Update to version 1.29.0
* New feature: Supports Managed Identity for Azure VM, App Service
(including Azure Functions, Azure Automation), Service Fabric,
Azure Machine Learning, Arc, etc.. Comes with a sample, its
configuration via ENV VAR, and its API documentation.
(#58, #480, #634, #674)
* New feature: Support reading ConfidentialClientApplication's
cert from a pfx file (#684, #699)
* New feature: TokenCache class has a new search() method which will
return a generator of tokens. The old find() method still exists and
returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
* Change: Re-enable the username password flow to go through broker,
if available. (#712)
- from version 1.28.1
* Change: pip install msal[broker] will now pick up the latest PyMsalRuntime
0.16.x which contains a bugfix for being run as administrator. This release
fixes #707.
- Update to version 1.28.0
* New feature: PublicClientApplication and ConfidentialClientApplication
have a new oidc_authority parameter that can be used to specify authority
of any generic OpenID Connect authority, typically the customized domain
for CIAM. (#676, #678)
* Dropping Python 2.7
- from version 1.27.0
* New feature: remove_tokens_for_client() will remove tokens acquired
by acquire_token_for_client() (#640, #650, #666)
* Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
* Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
* Adjustment: Bump upstream broker dependency to 0.14.x
* Improvement: Better chance to remove accounts from broker (#651)
* Improvement: Cleaner console output when the http local server
is visited in https protocol (#546)
* Improvement: Reduce a bare except clause (#667)
- protobuf
-
- Add CVE-2025-4565.patch to fix parsing of untrusted Protocol Buffers
data containing an arbitrary number of recursive groups or messages
can lead to crash due to RecursionError (bsc#1244663, CVE-2025-4565)
- python-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- python-typing_extensions
-
- Drop fix-ann_module-import-path.patch, fixed upstream
- runc
-
- Update to runc v1.2.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.6>.
- Update to runc v1.2.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.5>.
- Update to runc v1.2.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.4>.
- Update runc.keyring to match upstream.
- Update to runc v1.2.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.3>.
- Update to runc v1.2.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.2>.
- Update to runc v1.2.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.1>.
- Update to runc v1.2.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0>.
- Remove upstreamed patches.
- 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
- 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
- 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310. bsc#1230092
- screen
-
- also use tty fd passing after a suspend (MSG_CONT)
new patch: sendfdcont.diff
- do not chmod the tty for multiattach, rely on tty fd passing
instead [bsc#1242269] [CVE-2025-46802]
new patch: nottychmod.diff
- fix resume after suspend in multiuser mode
new patch: multicont.diff
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- sudo
-
- Fix a possilbe local privilege escalation via the --host option
[bsc#1245274, CVE-2025-32462]
- vim
-
- Fix bsc#1228776 / CVE-2024-41965.
- Fix bsc#1239602 / CVE-2025-29768.
- Refresh patch:
vim-7.3-sh_is_bash.patch
- Update to 9.1.1406:
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- zypper
-
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the "metalink" attribute and reflect that the "url" elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
- version 1.14.90
- Updated translations (bsc#1230267)
- version 1.14.89
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88
- Package preloader that concurrently downloads files. It's not yet
enabled per default. To enable the preview set ZYPP_CURL2=1 and
ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires: libzypp-devel >= 17.36.4.
- version 1.14.87
- refresh: add --include-all-archs (fixes #598)
Future multi-arch repos may allow to download only those metadata
which refer to packages actually compatible with the systems
architecture. Some tools however want zypp to provide the full
metadata of a repository without filtering incompatible
architectures.
- info,search: add option to search and list Enhances
(bsc#1237949)
- version 1.14.86