- dracut
-
- Update to version 059+suse.543.g98d7f037:
* fix(dm): remove 59-persistent-storage-dm.rules (bsc#1232063)
- glib2
-
- Have the glib2-tools postun trigger exit normally if
glib2-compile-schemas can't be run. Fixes error when uninstalling
if libgio is uninstalled first (bsc#1231463).
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- glibc
-
- Remove nss-systemd from default nsswitch.conf (bsc#1233699)
- hwdata
-
- update to 0.389:
* Update pci and vendor ids
- update to 0.385:
* Update pci and vendor ids
- update to 0.383:
* Update pci and vendor ids
- update to 0.382:
* Update pci, usb and vendor ids
- avahi
-
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- ldb
-
- Update to 2.8.2
* libldb: fix performance issue with indexes; (bso#15590).
- nfs-utils
-
- nfsd: Revert "nfsd: Remove the ability to enable NFS v2."
(bsc#1230914)
- add 0005-Revert-nfsd-Remove-the-ability-to-enable-NFS-v2.patch
- mount.nfs: Revert "mount: Remove NFS v2 support from mount.nfs"
(bsc#1230914)
- add 0006-Revert-mount-Remove-NFS-v2-support-from-mount.nfs.patch
- python3
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- libsolv
-
- fix replaces_installed_package using the wrong solvable id
when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
- libuv
-
- Fixed CVE-2024-24806: libuv: Improper Domain Lookup that potentially
leads to SSRF attacks (bsc#1219724)
Added:
0001-fix-always-zero-terminate-idna-output.patch
0002-fix-reject-zero-length-idna-inputs.patch
0003-test-empty-strings-are-not-valid-IDNA.patch
- libzypp
-
- The 20MB download limit must not apply to non-metadata files like
package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)
- BuildCache: Don't try to retrieve missing raw metadata if no
permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
- openssh
-
- Use %{with ...} instead of 0%{with ...}
- Add a patch to fix a regression introduced in 9.6 that makes X11
forwarding very slow. Submitted to upstream in
https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
bsc#1229449:
* fix-x11-regression-bsc1229449.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.
- Several spec file fixes so the package builds and can be
installed in SLE 15 SP5 and SLE 12 SP5
- Drop most of openssh-6.6p1-keycat.patch (actually, it was just
commented out). The keycat binary isn't really installed nor
supported, so we can drop it, except for the code that is used
by other SELinux patches, which is what I kept from that patch
(boo#1229072).
- Add patch submitted to upstream to fix RFC4256 implementation
so that keyboard-interactive authentication method can send
instructions and sshd shows them to users even before a prompt
is requested. This fixes MFA push notifications (boo#1229010).
* 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
- Fix a dbus connection leaked in the logind patch that was
missing a sd_bus_unref call (found by Matthias Gerstner):
* logind_set_tty.patch
- Add a patch that fixes a small memory leak when parsing the
subsystem configuration option:
* fix-memleak-in-process_server_config_line_depth.patch
- samba
-
- Update to 4.19.9
* libldb: performance issue with indexes (ldb 2.8.2 is already
released); (bso#15590).
* DH reconnect error handling can lead to stale sharemode
entries; (bso#15624).
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when
truncated; (bso#15699).
* irpc_destructor may crash during shutdown; (bso#15280).
* Compound SMB2 requests don't return
NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses
MacOSX clients; (bso#15696).
* Crash when readlinkat fails; (bso#15700).
- Adjust spec to split out rpcd_* binaries into a separate
sub package; (bsc#1231414).
- shared-mime-info
-
- Uninstall silently if update-mime-database is not present
(bsc#1231463).
- socat
-
- Security fix for readline.sh: arbitrary file overwrite (bsc#1225462)
- add CVE-2024-54661.patch
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- wget
-
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- xen
-
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
66f2af41-x86-vLAPIC-undue-recursion-of-vlapic_error.patch
Drop xsa462.patch
- Upstream bug fixes (bsc#1027519)
66cf737b-x86-Dom0-disable-SMAP-for-PV-only.patch
66d6dca8-libxl-nul-termination-in-xen_console_read_line.patch
66d8690f-SUPPORT-split-XSM-from-Flask.patch
66e29480-x86-HVM-properly-reject-indirect-VRAM-writes.patch
66e44ae2-x86-ucode-AMD-buffer-underrun.patch
66f2fd92-x86-ucode-Intel-stricter-sanity-check.patch
- zypper
-
- Don't try to download missing raw metadata if cache is not
writable (bsc#1225451)
- man: Update 'search' command description.
Hint to "se -v" showing the matches within the packages metadata.
Explain that search strings starting with a "/" will implicitly
look into the filelist as well. Otherfise an explicit "-f" is
needed.
- version 1.14.78