- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.16-CVE-2024-11187.patch]
- cloud-init
-
- Add cloud-init-wait-for-net.patch (bsc#1227237)
+ Wait for udev once if we cannot find the expected MAC
- remove dependency on /usr/bin/python3 via using the macros (bsc#1212476)
- curl
-
- Security fix: [bsc#1236590, CVE-2025-0725]
* content_encoding: drop support for zlib before 1.2.0.4
* content_encoding: put the decomp buffers into the writer structs
* Add curl-CVE-2025-0725.patch
- Security fix: [bsc#1236588, CVE-2025-0167]
* netrc: 'default' with no credentials is not a match
* Add curl-CVE-2025-0167.patch
- krb5
-
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0012-Prevent-overflow-when-calculating-ulog-block-size.patch
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- libxml2
-
- security update
- added patches
fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
+ libxml2-CVE-2022-49043.patch
- libzypp
-
- Create '.keep_packages' in the package cache dir to enforce
keeping downloaded packages of all repos cahed there (bsc#1232458)
- version 17.35.19 (35)
- Fix missing UID checks in repomanager workflow (fixes #603)
- version 17.35.18 (35)
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
- Fix 'zypper ps' when running in incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- version 17.35.17 (35)
- python-instance-billing-flavor-check
-
- Version 0.1.2 (bsc#1234444)
+ Improve detection of IPv4 and IPv6 network setup and use appropriate
IP version for access the update servers
+ Improve reliability of flavor detection. Try an update server multiple
times to get an answer, if we hit timeouts return the value flavor
value from a cahce file.
- Version 0.1.1 (bsc#1235991, bsc#1235992)
+ Add time stamp to log
- From version 0.1.0
+ Doc improvements clarifying exit staus codes
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- wget
-
- If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
[bsc#1185551, wget-do-not-propagate-credentials.patch,
bsc#1230795, CVE-2021-31879]
- zypper
-
- lr: show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- version 1.14.81
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
- version 1.14.80