suse-sles-15-sp5-chost-byos-v20241112-arm64 Package Source Changes

curl

- Security fix: [bsc#1232528, CVE-2024-9681]
  * HSTS subdomain overwrites parent cache entry
  * Add curl-CVE-2024-9681.patch

lvm2

- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
  + bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch

openssl-1_1

- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch

python3

- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

libzypp

- PluginFrame: Send unescaped colons in header values
  (bsc#1231043)
  According to the STOMP protocol it would be correct to escape a
  colon in a header-value, but it breaks plugin receivers which do
  not expect this. The first colon separates header-name from
  header-value, so escaping in the header-value is not needed
  anyway.
  Escaping in the header-value affects especially the urlresolver
  plugins. The input URL is passed in a header, but sent back as
  raw data in the frames body. If the plugin receiver does not
  correctly unescape the URL we may get back a "https\c//" which is
  not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
  (fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)

shadow

- bsc#1230972: Add useradd warnings when requested UID is outside
  the default range
- add shadow-bsc1230972-useradd-warning.patch

- bsc#1228337: chage -d date vs passwd -S output is off by one
  Remove shadow-bsc1176006-chage-date.patch

000release-packages:sle-module-basesystem-release

n/a

000release-packages:sle-module-containers-release

n/a

000release-packages:sle-module-public-cloud-release

n/a

000release-packages:sle-module-server-applications-release

n/a

wget

- Update 0001-possibly-truncate-pathname-components.patch
  * Take the patch from savannah repository where the checking of the file
    length doesn't include path length.
  * [bsc#1204720, bsc#1231661]

wicked

- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
  - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
  - Inherit all, default and interface sysctl settings also for loopback,
    except for use_tempaddr and accept_dad.
  - Consider only interface specific accept_redirects sysctl settings.
  - Adopt ifsysctl(5) manual page with wicked specific behavior.
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
  - team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
  - arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
  - dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
  - ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
  [- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]