suse-sles-15-sp4-byos-v20250724-x86_64 Package Source Changes

coreutils

- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
  sort with key character offsets of SIZE_MAX, could induce
  a read of 1 byte before an allocated heap buffer.
  (CVE-2025-5278, bsc#1243767)

glib2

- Add glib2-CVE-2025-4373.patch: carefully handle gssize parameters
  (bsc#1242844 CVE-2025-4373 glgo#GNOME/glib#3677).

iputils

- Security fix [bsc#1243772, CVE-2025-48964]
  * Fix integer overflow in ping statistics via zero timestamp
  * Add iputils-CVE-2025-48964_01.patch
  * Add iputils-CVE-2025-48964_02.patch
  * Add iputils-CVE-2025-48964_03.patch
  * Add iputils-CVE-2025-48964_regression.patch

libgcrypt

- Security fix [bsc#1221107, CVE-2024-2236]
  * Add --enable-marvin-workaround to spec to enable workaround
  * Fix  timing based side-channel in RSA implementation ( Marvin attack )
  * Add libgcrypt-CVE-2024-2236_01.patch
  * Add libgcrypt-CVE-2024-2236_02.patch
  * Add libgcrypt-CVE-2024-2236_03.patch

python-psutil

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

salt

- Add `minion_legacy_req_warnings` option to avoid noisy warnings
- Require M2Crypto >= 0.44.0 for SUSE Family distros
- Added:
  * add-minion_legacy_req_warnings-option-to-avoid-noisy.patch

- Prevent tests failures when pygit2 is not present
- Several fixes for security issues
  (bsc#1244561, CVE-2024-38822)
  (bsc#1244564, CVE-2024-38823)
  (bsc#1244565, CVE-2024-38824)
  (bsc#1244566, CVE-2024-38825)
  (bsc#1244567, CVE-2025-22240)
  (bsc#1244568, CVE-2025-22236)
  (bsc#1244570, CVE-2025-22241)
  (bsc#1244571, CVE-2025-22237)
  (bsc#1244572, CVE-2025-22238)
  (bsc#1244574, CVE-2025-22239)
  (bsc#1244575, CVE-2025-22242)
  * Request server hardening
  * Prevent traversal in local_cache::save_minions
  * Add test and fix for file_recv cve
  * Fix traversal in gitfs find_file
  * Fix traversal in salt.utils.virt
  * Fix traversal in pub_ret
  * Reasonable failures when pillars timeout
  * Make send_req_async wait longer
  * Remove token to prevent decoding errors
  * Fix checking of non-url style git remotes
  * Allow subdirs in GitFS find_file check
- Add subsystem filter to udev.exportdb (bsc#1236621)
- tornado.httputil: raise errors instead of logging in
  multipart/form-data parsing (CVE-2025-47287, bsc#1243268)
- Fix Ubuntu 24.04 edge-case test failures
- Fix broken tests for Ubuntu 24.04
- Fix refresh of osrelease and related grains on Python 3.10+
- Make "salt" package to obsolete "python3-salt" package on SLE15SP7+
- Fix issue requiring proper Python flavor for dependencies and recommended package
- Added:
  * fix-tests-issues-in-salt-shaker-environments-721.patch
  * several-fixes-for-security-issues.patch
  * fix-of-cve-2025-47287-bsc-1243268-718.patch
  * add-subsystem-filter-to-udev.exportdb-bsc-1236621-71.patch
  * fix-ubuntu-24.04-specific-failures-716.patch
  * fix-debian-tests-715.patch
  * fix-refresh-of-osrelease-and-related-grains-on-pytho.patch

000release-packages:sle-module-basesystem-release

n/a

000release-packages:sle-module-containers-release

n/a

000release-packages:sle-module-desktop-applications-release

n/a

000release-packages:sle-module-development-tools-release

n/a

000release-packages:sle-module-public-cloud-release

n/a

000release-packages:sle-module-server-applications-release

n/a