- ca-certificates-mozilla
-
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
- remove-trustcor.patch: removed, now upstream
- do a versioned obsoletes of "openssl-certs".
- dmidecode
-
- Update to upstream version 3.6 (jsc#PED-8574):
* Support for SMBIOS 3.6.0. This includes new memory device types, new
processor upgrades, and Loongarch support.
* Support for SMBIOS 3.7.0. This includes new port types, new processor
upgrades, new slot characteristics and new fields for memory modules.
* Add bash completion.
* Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245.
* Implement options --list-strings and --list-types.
* Update HPE OEM records 203, 212, 216, 221, 233 and 236.
* Update Redfish support.
* Bug fixes:
Fix enabled slot characteristics not being printed
* Minor improvements:
Print slot width on its own line
Use standard strings for slot width
* Add a --no-quirks option.
* Drop the CPUID exception list.
* Obsoletes dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch,
dmidecode-fortify-entry-point-length-checks.patch,
dmidecode-split-table-fetching-from-decoding.patch,
dmidecode-write-the-whole-dump-file-at-once.patch,
dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch,
dmioem-hpe-oem-record-237-firmware-change.patch,
dmioem-typo-fix-virutal-virtual.patch,
ensure-dev-mem-is-a-character-device-file.patch,
news-fix-typo.patch and
use-read_file-to-read-from-dump.patch.
Update for HPE servers from upstream:
- dmioem-update-hpe-oem-type-238.patch: Decode PCI bus segment in
HPE type 238 records.
- dracut
-
- Update to version 059+suse.531.g48487c31:
* feat(systemd*): include systemd config files from /usr/lib/systemd (bsc#1228398)
* fix(convertfs): error in conditional expressions (bsc#1228847)
- grub2
-
- Fix btrfs subvolume for platform modules not mounting at runtime when the
default subvolume is the topmost root tree (bsc#1228124)
* grub2-btrfs-06-subvol-mount.patch
- Rediff
* 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Fix error in grub-install when root is on tmpfs (bsc#1226100)
* 0001-grub-install-bailout-root-device-probing.patch
- Fix input handling in ppc64le grub2 has high latency (bsc#1223535)
* 0001-net-drivers-ieee1275-ofnet-Remove-200-ms-timeout-in-.patch
- util-linux
-
- agetty: Prevent login cursor escape (bsc#1194818,
util-linux-agetty-prevent-cursor-escape.patch).
- Document unexpected side effects of lazy destruction
(bsc#1159034, util-linux-umount-losetup-lazy-destruction.patch,
util-linux-umount-losetup-lazy-destruction-generated.patch).
- Don't delete binaries not common for all architectures. Create an
util-linux-extra subpackage instead, so users of third party
tools can use them. (bsc#1222285)
- cryptsetup
-
- cryptsetup-fips140-3.patch: extend the password for PBKDF2 benchmarking
to be more than 20 chars to meet FIPS 140-3 requirements (bsc#1229975)
- ldb
-
- Update to 2.8.1
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances;
(bso#15625).
- nfs-utils
-
- Include source for libnfsidmap 0.26 and build that.
This is needed for compatability with SLE15-SP5 and earlier
(bsc#1228159)
Copied from old nfsidmap package:
libnfsidmap-0.26.tar.bz2
idmap-fix-prototype.patch
idmap-libnfsidmap-export-symbols.patch
idmap-0001-libnfsidmap-add-options-to-aid-id-mapping-in-multi-d.patch
idmap-0002-nss_gss_princ_to_ids-and-nss_gss_princ_to_grouplist-.patch
idmap-0001-Removed-some-unused-and-set-but-not-used-warnings.patch
idmap-0002-Handle-NULL-names-better.patch
idmap-0003-Strip-newlines-out-of-IDMAP_LOG-messages.patch
idmap-0004-onf_parse_line-Ignore-whitespace-at-the-beginning-of.patch
idmap-0005-nss.c-wrong-check-of-return-value.patch
idmap-0006-Fixed-a-memory-leak-nss_name_to_gid.patch
- openssl-1_1
-
- Build with no-afalgeng [bsc#1226463]
- Security fix: [bsc#1227138, CVE-2024-5535]
* SSL_select_next_proto buffer overread
* Add openssl-CVE-2024-5535.patch
- Fixed C99 violations in patches bsc1185319-FIPS-KAT-for-ECDSA.patch
(need to for explicity typecast) and
openssl-1_1-fips-list-only-approved-digest-and-pubkey-algorithms.patch
(missing include) to allow the package to build with GCC 14.
[boo#1225907]
- openssl-3
-
- Security fix: [bsc#1229465, CVE-2024-6119]
* possible denial of service in X.509 name checks
* openssl-CVE-2024-6119.patch
- pam
-
- Prevent cursor escape from the login prompt [bsc#1194818]
* Added: pam-bsc1194818-cursor-escape.patch
- permissions
-
- Update to version 20240826:
* permissions: remove outdated entries (bsc#1228968)
- Update to version 20240826:
* cockpit: revert path change (bsc#1229329)
- python-azure-agent
-
- Restart the agent (bsc#1227600)
+ The agent service gets restarted in post but may fail due to a missing
config file. config files were split into their own package previously.
When we detect that we have to restore a config file we also need
to restart the agent again.
- python-PyYAML
-
- reenable the cython yaml loader (bsc#1225641)
- python3-setuptools
-
- Add patch CVE-2024-6345-code-execution-via-download-funcs.patch:
* Sanitize any VCS URL we download. (CVE-2024-6345, bsc#1228105)
- rsyslog
-
- Upgrade to rsyslog 8.2406.0
-patches replaced by upgrade (see details in upgrade logs below)
0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
* 2023-11-29: Revert "Update omlibdbi.c"
* 2023-11-21: imkmsg: add params "readMode" and "expectedBootCompleteSeconds"
* 2023-11-10: testbench: fix "typo" in test case
* 2023-11-08: omazureeventhubs: Corrected handling of transport closed failures
* 2023-10-31: imkmsg: add module param parseKernelTimestamp
* 2023-11-03: imfile: remove state file on file delete fix
* 2023-10-30: imklog bugfix: keepKernelTimestamp=off config param did not work
* 2023-10-30: Netstreamdriver: deallocate certificate related resources
* 2023-10-20: TLS subsystem: add remote hostname to error reporting
* 2023-10-21: Fix forking issue do to close_range call
* 2023-10-23: replace debian sample systemd service file by readme
* 2023-10-20: testbench: bump zookeeper version to match current offering
* 2023-10-20: Update rsyslog.service sample unit to the latest version used in Debian Trixie
* 2023-10-20: Only keep a single rsyslog.service for Debian
* 2023-10-20: Remove no longer used --with-systemdsystemunitdir configure switch
* 2023-10-18: use logind instead of utmp for wall messages with systemd
* 2023-10-11: Typo fixes
* 2023-10-11: Drop CAP_IPC_LOCK capability
* 2023-10-04: Add CAP_NET_RAW capability due to the omudpspoof module
* 2023-10-03: Add new global config option "libcapng.enable"
* 2023-10-02: tcp net subsystem: handle data race gracefully
* 2023-08-31: Avoid crash on restart in imrelp SIGTTIN handler
- replaces 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
* 2023-09-26: fix startup issue on modern systemd systems
* 2023-09-14: Fix misspeling in message.
* 2023-09-13: tcpflood bugfix: plain tcp send error not properly reported
* 2023-09-12: omprog bugfix: Add CAP_DAC_OVERRIDE to the bounding set
* 2023-08-02: testbench: cleanup and improve some more imfile tests
* 2023-08-02: lookup tables: fix static analyzer issue
* 2023-08-02: lookup tables bugfix: reload on HUP did not work when backgrounded
* 2023-07-28: CI: fix and cleaup github workflow
* 2023-03-07: imjournal: Support input module
* 2023-07-28: testbench: make test more reliable
* 2023-07-28: tcpflood: add -A option to NOT abort when sending fails
* 2023-07-28: tcpflood: fix today's programming error
* 2023-07-28: openssl: Replaced depreceated method SSLv23_method with TLS_method
* 2023-07-27: testbench improvement: define state file directories for imfile tests
* 2023-07-28: testbench: cleanup a test and some nitfixes to it
* 2023-07-27: tcpflood bugfix: TCP sending was not implemented properly
* 2023-07-26: testbench: make waiting for HUP processing more reliable
* 2023-07-25: build system: make rsyslogd execute when --disable-inet is configured
* 2023-07-25: CI: update zookeper download to newer version
* 2023-07-10: ossl driver: Using newer INIT API for OpenSSL 1.1+ Versions
* 2023-07-11: ossl: Fix CRL File Expire from 1 day to 100 years.
* 2023-07-06: PR5175: Add TLS CRL Support for GnuTLS driver and OpenSSL 1.0.2+
* 2022-05-13: omazureeventhubs: Initial implementation of new output module
* 2023-07-03: TLS CRL Support Issue 5081
* 2023-06-29: action.resumeintervalmax: the parameter was not respected
* 2023-06-28: IMHIREDIS::FIXED:: Restore compatiblity with hiredis < v1.0.0
* 2023-05-15: Add the 'batchsize' parameter to imhiredis
* 2023-06-28: Clear undefined behavior in libgcry.c (GH #5167)
* 2023-06-22: Do not try to drop capabilities when we don't have any
* 2023-06-22: testbench: use newer zookeeper version in tests
* 2023-06-22: build system: more precise error message on too-old lib
* 2023-05-17: Fix quoting for omprog, improg, mmexternal
- samba
-
- Fix a crash when joining offline and 'kerberos method' includes
keytab; (bsc#1228732);
- Fix reading the password from STDIN or environment vars if it
was already given in the command line; (bsc#1228732);
- Update to 4.19.7
* ldb qsort might r/w out of bounds with an intransitive
compare function (ldb 2.8.1 is already released);
(bso#15569).
* Many qsort() comparison functions are non-transitive, which
can lead to out-of-bounds access in some circumstances (ldb
2.8.1 is already released); (bso#15625).
* Need to change gitlab-ci.yml tags in all branches to avoid CI
bill; (bso#15638).
* netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
SysvolReady=0; (bso#14981).
* Anonymous smb3 signing/encryption should be allowed (similar
to Windows Server 2022); (bso#15412).
* Panic in dreplsrv_op_pull_source_apply_changes_trigger;
(bso#15573).
* winbindd, net ads join and other things don't work on an ipv6
only host; (bso#15642).
* Smbcacls incorrectly propagates inheritance with Inherit-Only
flag; (bso#15636).
* http library doesn't support 'chunked transfer encoding';
(bso#15611).
- Update to 4.19.6
* fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close(); (bso#15527).
* samba-gpupdate: Correctly implement site support;
(bso#15588).
* libgpo: Segfault in python bindings; (bso#15599).
* Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580).
- supportutils
-
- Changes to version 3.2.8
+ Avoid getting duplicate kernel verifications in boot.text (pr#190)
+ lvm: suppress file descriptor leak warnings from lvm commands (pr#191)
+ docker_info: Add timestamps to container logs (pr#196)
+ Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198)
+ Update supportconfig get pam.d sorted (pr#199)
+ yast_files: Exclude .zcat (pr#201)
+ Sanitize grub bootloader (bsc#1227127, pr#203)
+ Sanitize regcodes (pr#204)
+ Improve product detection (pr#205)
+ Add read_values for s390x (bsc#1228265, pr#206)
+ hardware_info: Remove old alsa ver check (pr#209)
+ drbd_info: Fix incorrect escape of quotes (pr#210)
- suse-build-key
-
- extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339)
- gpg-pubkey-39db7c82-5f68629b.asc
+ gpg-pubkey-39db7c82-66c5d91a.asc
- xen
-
- Update to Xen 4.18.3 security bug fix release (bsc#1027519)
xen-4.18.3-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
- Dropped patches contained in new tarball
6627a4ee-vRTC-UIP-set-for-longer-than-expected.patch
6627a5fc-x86-MTRR-inverted-WC-check.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
663090fd-x86-gen-cpuid-syntax.patch
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
663a4f3e-x86-cpu-policy-migration-IceLake-to-CascadeLake.patch
663d05b5-x86-ucode-distinguish-up-to-date.patch
663eaa27-libxl-XenStore-error-handling-in-device-creation.patch
66450626-sched-set-all-sched_resource-data-inside-locked.patch
66450627-x86-respect-mapcache_domain_init-failing.patch
6646031f-x86-ucode-further-identify-already-up-to-date.patch
6666ba52-x86-irq-remove-offline-CPUs-from-old-CPU-mask-when.patch
666994ab-x86-SMP-no-shorthand-IPI-in-hotplug.patch
666994f0-x86-IRQ-limit-interrupt-movement-in-fixup_irqs.patch
666b07ee-x86-EPT-special-page-in-epte_get_entry_emt.patch
666b0819-x86-EPT-avoid-marking-np-ents-for-reconfig.patch
666b085a-x86-EPT-drop-questionable-mfn_valid-from-.patch
667187cc-x86-Intel-unlock-CPUID-earlier.patch
66718849-x86-IRQ-old_cpu_mask-in-fixup_irqs.patch
6671885e-x86-IRQ-handle-moving-in-_assign_irq_vector.patch
6672c846-x86-xstate-initialisation-of-XSS-cache.patch
6672c847-x86-CPUID-XSAVE-dynamic-leaves.patch
6673ffdc-x86-IRQ-forward-pending-to-new-dest-in-fixup_irqs.patch
xsa458.patch
- xfsprogs
-
- xfs_repair: allow symlinks with short remote targets (bsc#1229160)
- add xfsprogs-xfs_repair-allow-symlinks-with-short-remote-targets.patch