suse-sles-15-sp5-chost-byos-v20241112-x86

curl

- Security fix: [bsc#1232528, CVE-2024-9681]
  * HSTS subdomain overwrites parent cache entry
  * Add curl-CVE-2024-9681.patch

lvm2

- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796)
  + bug-1231796_lvconvert-fix-lvconvert-m-0-for-in-sync-legs.patch

openssl-1_1

- Security fix: [bsc#1220262, CVE-2023-50782]
  * Implicit rejection in PKCS#1 v1.5
  * Add openssl-CVE-2023-50782.patch

python3

- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
  path names provided when creating a virtual environment
  (bsc#1232241, CVE-2024-9287)

- Drop .pyc files from docdir for reproducible builds
  (bsc#1230906).

libzypp

- PluginFrame: Send unescaped colons in header values
  (bsc#1231043)
  According to the STOMP protocol it would be correct to escape a
  colon in a header-value, but it breaks plugin receivers which do
  not expect this. The first colon separates header-name from
  header-value, so escaping in the header-value is not needed
  anyway.
  Escaping in the header-value affects especially the urlresolver
  plugins. The input URL is passed in a header, but sent back as
  raw data in the frames body. If the plugin receiver does not
  correctly unescape the URL we may get back a "https\c//" which is
  not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
  (fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)

shadow

- bsc#1230972: Add useradd warnings when requested UID is outside
  the default range
- add shadow-bsc1230972-useradd-warning.patch

- bsc#1228337: chage -d date vs passwd -S output is off by one
  Remove shadow-bsc1176006-chage-date.patch

shim

- Update shim-install to apply the missing fix for openSUSE Leap
  (bsc#1210382) fixed by Gary.
  * 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
  (bsc#1230316) fixed by Gary.
  * 433cc4e Always use the removable way for SL-Micro

000release-packages:sle-module-basesystem-release

n/a

000release-packages:sle-module-containers-release

n/a

000release-packages:sle-module-public-cloud-release

n/a

000release-packages:sle-module-server-applications-release

n/a

wget

- Update 0001-possibly-truncate-pathname-components.patch
  * Take the patch from savannah repository where the checking of the file
    length doesn't include path length.
  * [bsc#1204720, bsc#1231661]

wicked

- Update to version 0.6.77
  - compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
  - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
  - Inherit all, default and interface sysctl settings also for loopback,
    except for use_tempaddr and accept_dad.
  - Consider only interface specific accept_redirects sysctl settings.
  - Adopt ifsysctl(5) manual page with wicked specific behavior.
  - route: fix family and destination processing (bsc#1231060)
  - man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
  - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
  - team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
  - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
  - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
  - arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
  - dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
  - ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
  [- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]

xen

- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
  standard VGA handling (XSA-463)
  xsa463-01.patch
  xsa463-02.patch
  xsa463-03.patch
  xsa463-04.patch
  xsa463-05.patch
  xsa463-06.patch
  xsa463-07.patch
  xsa463-08.patch
  xsa463-09.patch
  xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
  guests via ACPI tables (XSA-464)
  xsa464.patch
- Drop the following patches
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  stdvga-cache.patch

- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin

- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
  vlapic_error() (XSA-462)
  66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
  Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
  66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
  66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
  66d8690f-SUPPORT-split-XSM-from-Flask.patch
  66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
  66e44ae2-x86-ucode-AMD-buffer-underrun.patch
  66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch