- apparmor
-
- apparmor-profiles-samba4.15.diff: Update samba profiles for
samba 4.15 (jsc#SLE-23330);
- ca-certificates
-
- p11-kit 0.23.1 supports pem-directory-hash. Add patch
0001-p11-kit-0.23.1-supports-pem-directory-hash-now.patch
(jsc#SLE-23330)
- cloud-regionsrv-client
-
- Update -addon-azure to 1.0.2 (bsc#1196305)
+ The is-registered() function expects a string of the update server FQDN.
The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
+ Lower case the region hint to reduce issues with Azure region name
case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
+ Refactor removes check_registration() function in utils implementation
+ Only start the registration service for PAYG images
- addon-azure sub-package to version 1.0.1
- Follow up changes to (jsc#PCT-130, bsc#1182026)
+ Fix executable name for AHB service/timer
+ Update manpage for BYOS instance registration
- coreutils
-
- Add coreutils-du-fts-xfs-noleaf.patch to remove problematic
special leaf optimization cases for XFS that can lead to du
crashes. (bsc#1190354)
- cyrus-sasl
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- cyrus-sasl-saslauthd
-
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
in plugins/sql.c (bsc#1196036)
o add upstream patch:
0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- expat
-
- Security fixes:
* (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
attackers to insert namespace-separator characters into
namespace URIs
- Added expat-CVE-2022-25236.patch
* (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
2.4.5 does not check whether a UTF-8 character is valid in a
certain context.
- Added expat-CVE-2022-25235.patch
* (CVE-2022-25313, bsc#1196168) Stack exhaustion in
build_model() via uncontrolled recursion
- Added expat-CVE-2022-25313.patch
- The fix upstream introduced a regression that was later
amended in 2.4.6 version
+ Added expat-CVE-2022-25313-fix-regression.patch
* (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
- Added expat-CVE-2022-25314-before.patch
- Added expat-CVE-2022-25314.patch
* (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
- Added expat-CVE-2022-25315.patch
- Security fix (CVE-2022-23852, bsc#1195054)
* Expat (aka libexpat) before 2.4.4 has a signed integer overflow
in XML_GetBuffer, for configurations with a nonzero
XML_CONTEXT_BYTES
* Add tests for CVE-2022-23852.
* Added expat-CVE-2022-23852.patch
- Security fix (CVE-2022-23990, bsc#1195217)
* Fix unsigned integer overflow in function doProlog triggered
by large content in element type declarations when there is
an element declaration handler present (from a prior call to
XML_SetElementDeclHandler).
* Add expat-CVE-2022-23990.patch
* Added expat-CVE-2022-22827.patch
- glibc
-
- clnt-create-unix-overflow.patch: Buffer overflow in sunrpc clnt_create
for "/unix"/ (CVE-2022-23219, bsc#1194768, BZ #22542)
- svcunix-create-overflow.patch: Buffer overflow in sunrpc svcunix_create
(CVE-2022-23218, bsc#1194770, BZ #28768)
- getcwd-erange.patch: getcwd: Set errno to ERANGE for size == 1
(CVE-2021-3999, bsc#1194640, BZ #28769)
- hton-identity.patch: Make endian-conversion macros always return correct
types (bsc#1193478, BZ #16458)
- dl-sort-maps.patch, dlopen-filter-object.patch: Allow dlopen of filter
object to work (bsc#1192620, BZ #16272)
- cancelable-syscall-stack-align.patch: x86: fix stack alignment in
cancelable syscall stub (bsc#1191835)
- gnutls
-
- Security fix: [bsc#1196167, CVE-2021-4209]
* Null pointer dereference in MD_UPDATE
* Add gnutls-CVE-2021-4209.patch
- Require libp11-kit0 >= 0.23.1 in libgnutls30 [bsc#1195583]
- renamed the libname-devel packages to libnameMAJOR-devel
to avoid overlaps with system gnutls
- Update to version 3.4.17: [jsc#SLE-23330]
* SONAME bump to gnutls30
* Add gnutls-CVE-2020-11501.patch [bsc#1168345, CVE-2020-11501]
* Rebased patches:
- 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch
- 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
- 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
- 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
* Remove gnutls-CVE-2017-10790.patch fixed in the update
- jasper
-
- bsc#1188437 CVE-2021-27845: Fix divide-by-zery in cp_create()
Add jasper-CVE-2021-27845.patch
- kernel-default
-
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
(bsc#1196584).
- commit 589ad87
- x86/speculation: Use generic retpoline by default on AMD
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 2229053
- ibmvnic: Update driver return codes (bsc#1196516 ltc#196391).
- commit 6184b3b
- ibmvnic: Allow queueing resets during probe (bsc#1196516
ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
ltc#196391).
- commit 5dd4d04
- tracing: Have traceon and traceoff trigger honor the instance
(git-fixes).
- commit a93e3c2
- tracing: Dump stacktrace trigger to the corresponding instance
(git-fixes).
- commit f5d1861
- x86/speculation: Include unprivileged eBPF status in Spectre v2
mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch.
- commit 902686b
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- commit 6c7745b
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh patches.suse/IBRS-forbid-shooting-in-foot.patch.
- commit 45191e7
- s390/hypfs: include z/VM guests with access control group set
(bsc#1195638 LTC#196354).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
bit (bsc#1195080 LTC#196090).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
(bsc#1195080 LTC#196090).
- commit 6490f46
- scsi: zfcp: Fix failed recovery on gone remote port with
non-NPIV FCP devices (bsc#1195377 LTC#196245).
- commit 53028f3
- crypto: af_alg - get_page upon reassignment to TX SGL
(bsc#1195840).
- commit f9977fb
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- commit 9f1d160
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
ltc#195815).
- commit ec1fbc9
- Refresh
patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete patches.suse/do-not-default-to-ibrs-on-skl.patch.
Remove a statement which cancels itself out with the following patch
which removes it anyway.
- commit d8a59c7
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
(bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bf75cfa
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
CVE-2022-0617).
- commit 2533a5b
- udf: Fix NULL ptr deref when converting from inline format
(bsc#1196079 CVE-2022-0617).
- commit 87d491f
- x86/speculation: Merge one test in
spectre_v2_user_select_mitigation() (bsc#1191580 CVE-2022-0001
CVE-2022-0002).
- commit c1dcbbf
- cpu/SMT: create and export cpu_smt_possible() (bsc#1191580
CVE-2022-0001 CVE-2022-0002).
- commit 2f54b88
- kabi: Hide changes to s390/AP structures (jsc#SLE-20809).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20809).
- s390/ap: rework crypto config info and default domain code
(jsc#SLE-20809).
- commit 8315837
- Refresh sorted patches
- commit edafc9f
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 4656612
- net/ibmvnic: Cleanup workaround doing an EOI after partition
migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit a49ae38
- NFSv4.x: by default serialize open/close operations (bsc#1114893 bsc#1195934).
Make this work-around optional
- commit 188b38c
- blacklist.conf: added two duplicates
- commit c74dc0a
- powerpc/pseries: read the lpar name from the firmware
(bsc#1187716 ltc#193451).
- commit 6691bc3
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit b8f15d4
- powerpc: add link stack flush mitigation status in debugfs
(bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
bsc#1157923 ltc#182612 git-fixes).
- commit d196896
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 1808416
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
(bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
(bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
(bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
(bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
(bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
(bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
(bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
(bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
(bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit 94d7f50
- Bluetooth: bfusb: fix division by zero in send path (git-fixes).
- commit 615915b
- gve: Recording rx queue before sending to napi (bsc#1191655).
- ixgbevf: Require large buffers for build_skb on 82599VF
(bsc#1101674 FATE#325150 FATE#325151).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
(bsc#1114685 FATE#325854).
- gve: fix the wrong AdminQ buffer queue index check
(bsc#1191655).
- gve: Fix GFP flags when allocing pages (bsc#1191655).
- i40e: Increase delay to 1 s after global EMP reset (bsc#1101816
FATE#325147 FATE#325149).
- phylib: fix potential use-after-free (bsc#1119113 FATE#326472).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
(bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
(bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- iavf: Fix limit of total number of queues to active queues of VF
(bsc#1111981 FATE#326312 FATE#326313).
- i40e: Fix for displaying message regarding NVM version
(jsc#SLE-4797).
- net: ena: Fix error handling when calculating max IO queues
number (bsc#1174852).
- net: ena: Fix undefined state when tx request id is out of
bounds (bsc#1174852).
- igb: Fix removal of unicast MAC filters of VFs (bsc#1117495).
- ice: ignore dropped packets during init (bsc#1118661
FATE#325277).
- i40e: Fix pre-set max number of queues for VF (bsc#1111981
FATE#326312 FATE#326313).
- gve: fix for null pointer dereference (bsc#1191655).
- net: marvell: mvpp2: Fix the computation of shared CPUs
(bsc#1119113 FATE#326472).
- RDMA/netlink: Add __maybe_unused to static inline in C file
(bsc#1046306 FATE#322942).
- i40e: Fix display error code in dmesg (bsc#1109837 bsc#1111981
FATE#326312).
- i40e: Fix creation of first queue by omitting it if is not
power of two (bsc#1101816 FATE#325147 FATE#325149).
- i40e: Fix ping is lost after configuring ADq on VF
(bsc#1094978).
- i40e: Fix changing previously set num_queue_pairs for PFs
(bsc#1094978).
- i40e: Fix correct max_pkt_size on VF RX queue (bsc#1101816
FATE#325147 FATE#325149).
- iavf: prevent accidental free of filter structure (bsc#1111981
FATE#326312 FATE#326313).
- cxgb4: fix eeprom len when diagnostics not implemented
(bsc#1097585 bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583
bsc#1097584).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- RDMA/bnxt_re: Fix query SRQ failure (bsc#1050244 FATE#322915).
- net: phylink: avoid mvneta warning when setting pause parameters
(bsc#1119113 FATE#326472).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Track RX buffer allocation failures (bsc#1191655).
- gve: Allow pageflips on larger pages (bsc#1191655).
- gve: Add netif_set_xps_queue call (bsc#1191655).
- gve: Do lazy cleanup in TX path (bsc#1191655).
- gve: Add rx buffer pagecnt bias (bsc#1191655).
- gve: Switch to use napi_complete_done (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: DQO: avoid unused variable warnings (bsc#1191655).
- ice: Delete always true check of PF pointer (bsc#1118661
FATE#325277).
- net: Prevent infinite while loop in skb_tx_hash() (bsc#1109837).
- RDMA/mlx5: Set user priority for DCT (bsc#1103991 FATE#326007).
- e1000e: Fix packet loss on Tiger Lake and later (bsc#1158533).
- mqprio: Correct stats in mqprio_dump_class_stats()
(bsc#1109837).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
call (bsc#1112374).
- i40e: Fix freeing of uninitialized misc IRQ vector (bsc#1101816
FATE#325147 FATE#325149).
- gve: report 64bit tx_bytes counter from
gve_handle_report_stats() (bsc#1191655).
- gve: fix gve_get_stats() (bsc#1191655).
- gve: Properly handle errors in gve_assign_qpl (bsc#1191655).
- gve: Avoid freeing NULL pointer (bsc#1191655).
- gve: Correct available tx qpl check (bsc#1191655).
- qed: rdma - don't wait for resources under hw error recovery
flow (bsc#1136460 jsc#SLE-4691 bsc#1136461 jsc#SLE-4692).
- qed: Handle management FW error (git-fixes).
- commit 287122e
- blacklist.conf: logging only
- commit d52bed3
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA
controller (git-fixes).
- commit 99c4459
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- commit f3b4a43
- rndis_host: support Hytera digital radios (git-fixes).
- commit 409a861
- blacklist.conf: optimization, not a bug fix
- commit 8686052
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit af87ae6
- f2fs: fix to do sanity check on inode type during garbage
collection (CVE-2021-44879 bsc#1195987).
- commit e8b60dc
- Update
patches.suse/0001-PCI-hv-Use-expected-affinity-when-unmasking-IRQ.patch
(bsc#1185973, bsc#1195536).
- commit b3ac9c4
- tipc: improve size validations for received domain records
(bsc#1195254, CVE-2022-0435).
- commit daaae48
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
bsc#1195897).
- commit 2b51111
- EDAC/xgene: Fix deferred probing (bsc#1114648).
- commit cfd65af
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
(bsc#1194516 CVE-2022-0487).
- commit b3ff0d9
- sunrpc/auth_gss: support timeout on gss upcalls (bsc#1193857).
- commit 69bbdfa
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1195795).
- commit 60fd4d3
- ext4: avoid trim error on fs with small groups (bsc#1191271).
- commit 00cdce0
- scsi: bnx2fc: Flush destroy_work queue before calling
bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
(git-fixes).
- scsi: ufs: Fix race conditions related to driver data
(git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
(git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- commit 4931645
- Added git-fix commmit to blacklist: too pervasive
- commit eaa0f49
- cgroup-v1: Require capabilities to set release_agent
(bsc#1195543 CVE-2022-0492).
- commit 25a96a7
- NFSv4: Handle case where the lookup of a directory fails
(bsc#1195612 CVE-2022-24448).
- commit fe40712
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- commit f38a194
- usb: typec: tcpm: Do not disconnect while receiving VBUS off
(git-fixes).
- commit 5916f0b
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
file (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails
(git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- NFSv42: Don't fail clone() unless the OP_CLONE operation failed
(git-fixes).
- commit ecc4580
- blacklist.conf: add unneeded commit
- commit 8b757b2
- blacklist.conf: irrelevant in our kernel config
- commit b5c4448
- blacklist.conf: this is an optimization, not a fix
- commit a07f81d
- blacklist.conf: for a compiler option we don't use
- commit 8631da6
- Update
patches.suse/net-tipc-validate-domain-record-count-on-input.patch
(bsc#1195254 CVE-2022-0435).
- commit 0369cb6
- net: allow retransmitting a TCP packet if original is still
in queue (bsc#1188605 bsc#1187428).
- commit 8ae7229
- Update patch reference for BT fix (CVE-2021-3564 bsc#1186207)
- commit ea7857c
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- commit 9b1f0b0
- Update patch reference for BT fix (CVE-2021-3564 bsc#1186207)
- commit b2df5e2
- Update patch reference for vgacon patch (CVE-2020-28097 bsc#1187723 jsc#SLE-23486)
- commit 8272c66
- net: tipc: validate domain record count on input (bsc#1195254).
- commit eff4836
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194965).
- commit 3996412
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- commit afd5597
- crypto: qat - fix undetected PFVF timeout in ACK loop
(git-fixes).
- commit 22ebc8e
- s390/cio: make ccw_device_dma_* more robust (bsc#1193242).
- commit 8bea447
- kABI fixup after adding vcpu_idx to struct kvm_cpu
(bsc#1190973).
- KVM: remember position in kvm->vcpus array (bsc#1190973).
- commit 768c666
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1190973).
- commit 67bbbe2
- phonet: refcount leak in pep_sock_accep (bsc#1193867,
CVE-2021-45095).
- commit 413134f
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- Delete
patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch.
which caused a regression (bsc#1194048).
- Replace with an alternative fix for bsc#1185377
- commit 3800186
- Refresh
patches.suse/ibmvnic-Allow-extra-failures-before-disabling.patch.
- Refresh patches.suse/ibmvnic-don-t-spin-in-tasklet.patch.
- Refresh patches.suse/ibmvnic-init-running_cap_crqs-early.patch.
- Refresh
patches.suse/ibmvnic-remove-unused-wait_capability.patch.
- commit d68e92d
- ext4: set csum seed in tmp inode while migrating to extents
(bsc#1195272).
- commit 294d77e
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
Refresh:
- patches.kabi/kabi-nvme-multipath-fix-iopolicy.patch.
- patches.suse/nvme-multipath-disable-native-NVMe-multipath-per-def.patch.
- commit f17ae54
- drm/vmwgfx: Fix stale file descriptors on failed usercopy
(CVE-2022-22942 bsc#1195065).
- commit 136a4b2
- s390/pci: add s390_iommu_aperture kernel parameter
(bsc#1193234).
- virtio: write back F_VERSION_1 before validate (bsc#1193235).
- commit a307e0d
- bpf: Verifer, adjust_scalar_min_max_vals to always call
update_reg_bounds() (bsc#1194227).
- commit c098fc7
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
callback (bsc#1193864 CVE-2021-39657).
- commit 39c5f8e
- net: mana: Add RX fencing (bsc#1193507).
- net: mana: Add XDP support (bsc#1193507).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193507).
- net, xdp: Introduce xdp_prepare_buff utility routine
(bsc#1193507).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193507).
- commit c70ed8e
- usb: gadget: configfs: Fix use-after-free issue with udc_name
(bsc#1193861 CVE-2021-39648).
- commit 9ec119b
- fget: clarify and improve __fget_files() implementation
(bsc#1193727).
- commit 3ce5a50
- ibmvnic: remove unused ->wait_capability (bsc#1195073
ltc#195713).
- ibmvnic: don't spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: Allow extra failures before disabling (bsc#1195073
ltc#195713).
- commit 3d370d2
- tee: handle lookup of shm with reference count 0 (bsc#1193767
CVE-2021-44733).
- commit 10b0db6
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit 20f1914
- drm/i915: Flush TLBs before releasing backing store
(CVE-2022-0330 bsc#1194880).
- commit bd11976
- kabi/severities: Add a kabi exception for drivers/tee/tee
According to the partner modules database, the structs of this driver
are not used by anything external so make a kABI exception for them.
Do that on purpose so that any external module using this fails to load
instead of causing a potential memory corruption due to a kabi
workaround which would use the same offset but for a different thing:
- struct dma_buf *dmabuf;
+ refcount_t refcount;
See upstream commit
dfd0743f1d9e ("/tee: handle lookup of shm with reference count 0"/)
- commit ac7feb6
- sctp: account stream padding length for reconf chunk
(bsc#1194985 CVE-2022-0322).
- commit f5ee3ee
- of: Fix cpu node iterator to not ignore disabled cpu nodes
(bsc#1065729).
- commit d8d9d32
- Refresh
patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch.
- Refresh
patches.suse/scsi-lpfc-Add-additional-debugfs-support-for-CMF.patch.
- Refresh
patches.suse/scsi-lpfc-Adjust-CMF-total-bytes-and-rxmonitor.patch.
- Refresh patches.suse/scsi-lpfc-Cap-CMF-read-bytes-to-MBPI.patch.
- Refresh
patches.suse/scsi-lpfc-Change-return-code-on-I-Os-received-during.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-NPIV-port-deletion-crash.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-leaked-lpfc_dmabuf-mbox-allocations-wi.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-lpfc_force_rscn-ndlp-kref-imbalance.patch.
- Refresh
patches.suse/scsi-lpfc-Trigger-SLI4-firmware-dump-before-doing-dr.patch.
- Refresh
patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.4.patch.
- commit f21e440
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- commit b248150
- powerpc/pseries/mobility: ignore ibm, platform-facilities
updates (bsc#1065729).
- commit 965bacc
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc: add interrupt_cond_local_irq_enable helper
(bsc#1065729).
- commit 4a386a2
- blacklist.conf: Add a2308836880b powerpc: Fix arch_stack_walk() to have
running function as first entry
The stacktrace interface in this kernel version does not provide the
parameters used to implement the fix.
- commit 21795fd
- blacklist.conf: Add 79ca6f74dae0 tpm: fix Atmel TPM crash caused by too frequent queries
Breaks kABI, there is no report of this problem affecting users, likely
broken old TPM firmware.
- commit 8a8da53
- tpm: Check for integer overflow in tpm2_map_response_body()
(bsc#1082555).
- commit efacd25
- tpm: add request_locality before write TPM_INT_ENABLE
(bsc#1082555).
- commit 8057fac
- moxart: fix potential use-after-free on remove path
(bsc#1194516).
- commit 5a3dfcb
- memstick: rtsx_usb_ms: fix UAF (bsc#1194516).
- commit 9692e25
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- commit e59d06e
- of: add node name compare helper functions (bsc#1065729).
- commit 5ef3ecd
- of: Fix property name in of_node_get_device_type (bsc#1065729).
- of: Add device_type access helper functions (bsc#1065729).
- commit fd75973
- of: Add cpu node iterator for_each_of_cpu_node() (bsc#1065729).
- commit e0452f1
- powerpc/prom_init: Fix improper check of prom_getprop()
(bsc#1065729).
- commit 1a169ee
- powerpc/pseries/cpuhp: delete add/remove_by_count code
(bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- commit ab66a06
- powerpc/perf: Fix data source encodings for L2.1 and L3.1
accesses (bsc#1065729).
- commit 532dbbd
- tpm: fix potential NULL pointer access in tpm_del_char_device
(bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634).
- commit c218b13
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe
(git-fixes).
- commit 38d905a
- blacklist.conf: 77360f9bbc7e ("/tracing: Add test for user space strings when filtering on string pointers"/)
The code in question was heavily modified by 80765597bc58 ("/tracing:
Rewrite filter logic to be simpler and faster"/) which is not present in
SLE12-SP5. The reproducer does not work and the logic is different, so
the existing code seems to be safe.
- commit 4313ee6
- blacklist.conf: 3e2a56e6f639 ("/tracing: Have syscall trace events use trace_event_buffer_lock_reserve()"/)
Optimization only.
- commit 856add1
- mm/hwpoison: do not lock page again when me_huge_page()
successfully recovers (bsc#1194814).
- commit 5a48d23
- nfs: don't dirty kernel pages read by direct-io (bsc#1194410).
- commit 80f1a10
- select: Fix indefinitely sleeping task in
poll_schedule_timeout() (bsc#1194027).
- commit 1e8594d
- x86/platform/uv: Add more to secondary CPU kdump info
(bsc#1194493).
- commit 303a333
- blacklist.conf: f28439db470c ("/tracing: Tag trace_percpu_buffer as a percpu pointer"/)
It fixes a sparse warning only.
- commit c384e17
- tracing: Fix check for trace_percpu_buffer validity in
get_trace_buf() (git-fixes).
- commit 1ad63e6
- cgroup: Use open-time credentials for process migraton perm
checks (bsc#1194302 CVE-2021-4197).
- commit b76ad03
- NFC: add NCI_UNREG flag to eliminate the race (CVE-2021-4202
bsc#1194529).
- NFC: reorder the logic in nfc_{un,}register_device
(CVE-2021-4202 bsc#1194529).
- NFC: reorganize the functions in nci_request (CVE-2021-4202
bsc#1194529).
- commit 68b4b42
- Update patches.suse/tcp-fix-a-race-in-inet_diag_dump_icsk.patch
(networking-stable-19_01_04 bsc#1186222).
Fix bsc#1186222 by using proper atomic helper.
- commit bd29e90
- fget: check that the fd still exists after getting a ref to it
(bsc#1193727 CVE-2021-4083).
- commit 5441599
- kprobes: Limit max data_size of the kretprobe instances
(bsc#1193669).
- commit 3600b27
- btrfs: unlock newly allocated extent buffer after error (bsc#1194001, CVE-2021-4149).
- commit 0a8af05
- netdevsim: Zero-initialize memory for new map's value in
function nsim_bpf_map_alloc (bsc#1193927 CVE-2021-4135).
- commit 1d46c55
- USB: serial: option: add Telit FN990 compositions (git-fixes).
- commit 20a8f2b
- usb: core: config: fix validation of wMaxPacketValue entries
(git-fixes).
- commit 650dbdc
- blacklist.conf: Add 7ee285395b21 cgroup: Make rebind_subsystems() disable v2 controllers all at once
- commit 8237a58
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- commit 8f95759
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
(git-fixes).
- commit 7655e21
- blacklist.conf: cosmetics for clang
- commit a46466a
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- commit a1b9e9d
- usbnet: sanity check for maxpacket (git-fixes).
- commit 97566d2
- nvme: return BLK_STS_TRANSPORT unless DNR for
NVME_SC_NS_NOT_READY (bsc#1163405).
- commit a71cfce
- SUNRPC: Optimise transport balancing code (bnc#1192729).
- SUNRPC: Fix initialisation of struct rpc_xprt_switch
(bnc#1192729).
- SUNRPC: Skip zero-refcount transports (bnc#1192729).
- SUNRPC: Replace division by multiplication in calculation of
queue length (bnc#1192729).
- SUNRPC: Add basic load balancing to the transport switch - kabi fix.
(bnc#1192729).
- commit 54dcd98
- SUNRPC: Add basic load balancing to the transport switch.
(bnc#1192729)
- commit 6b24397
- Revert "/net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)"/
This reverts commit 1c59b584ef0cc166f6f5c9f8ed6f47e2e811e1c0.
With the backport of the upstream fix for bsc#1183405 race, this workaround
is no longer needed.
- commit 0bfd1f2
- kabi: mask new member "/empty"/ of struct Qdisc (bsc#1183405).
- kabi: revert drop of Qdisc::atomic_qlen (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless
qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless
qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue
(bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation
(bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc
(bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in
qdisc_replace (bsc#1183405).
- net: sch_generic: aviod concurrent reset and enqueue op for
lockless qdisc (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset()
(bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times
(bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- Revert "/net: dev: introduce support for sch BYPASS for lockless
qdisc"/ (bsc#1183405).
- net/sched: annotate lockless accesses to qdisc->empty
(bsc#1183405).
- net: sched: Avoid using yield() in a busy waiting loop
(bsc#1183405).
- net/sched: fix race between deactivation and dequeue for NOLOCK
qdisc (bsc#1183405).
- net/sched: pfifo_fast: fix wrong dereference in
pfifo_fast_enqueue (bsc#1183405).
- net/sched: pfifo_fast: fix wrong dereference when qdisc is reset
(bsc#1183405).
- Revert: "/net: sched: put back q.qlen into a single location"/
(bsc#1183405).
- net: sched: when clearing NOLOCK, clear TCQ_F_CPUSTATS, too
(bsc#1183405).
- net: sched: always do stats accounting according to
TCQ_F_CPUSTATS (bsc#1183405).
- net: sched: prefer qdisc_is_empty() over direct qlen access
(bsc#1183405).
- net: caif: avoid using qdisc_qlen() (bsc#1183405).
- net: dev: introduce support for sch BYPASS for lockless qdisc
(bsc#1183405).
- net: sched: add empty status flag for NOLOCK qdisc
(bsc#1183405).
- commit 53153a5
- libnettle
-
- Update to version 3.1: (jsc#SLE-23330)
* SONAME bumps libnettle5, libhogweed3
* Rebased patches:
- CVE-2015-8805.patch
- libnettle-CVE-2021-20305.patch
- libnettle-CVE-2021-3580.patch
- nettle-CVE-2016-6489.patch
- libpwquality
-
- Replace %make_build with "/make -O %{?_smp_mflags}"/ for pre-SLE15
builds.
[jsc#SLE-22490, libpwquality.spec]
- update to 1.4.4
* e11f2bd Fix regression with enabling cracklib check
* 02e6728 Use make macros in rpm spec file
* xxxxxxx Translated using Weblate (Polish, Turkish, Ukrainian)
- update to 1.4.3
* 1213d33 Update translation files
* a951fbe Add --disable-cracklib-check configure parameter
* 6a8845b fixup static compilation
* 92c6066 python: Add missing getters/setters for newly added settings
* bfef79d Add usersubstr check
* 09a2e65 pam_pwquality: Add debug message for the local_users_only option
* a6f7705 Fix some gcc warnings
* 8c8a260 pwmake: Properly validate the bits parameter.
* 7be4797 we use Fedora Weblate now
* xxxxxxx Translated using Weblate (Azerbaijani, Bulgarian,
Chinese (Simplified), Czech, French, Friulian, Hungarian, Italian,
Japanese, Norwegian Bokmål, Persian, Russian, Spanish, Turkish)
- update to 1.4.2:
* Fix regression in handling retry, enforce_for_root, and
local_users_only options introduced with the previous
release.
- Register with pam-config in %post(un)
- Add baselibs.conf
- Update to version 1.4.1:
+ Minor bugfix update of the library.
- Drop libpwquality-pythons.patch: Fixed upstream. Following this,
drop autoconf, automake and libtool BuildRequires and autoreconf
call.
- Use modern macros.
- Do not recommend lang package. The lang package already has a
supplements.
- Modernize spec-file by calling spec-cleaner
- Update RPM groups and summaries.
- Switch url to https://github.com/libpwquality/libpwquality/
- Update to release 1.4.0:
* Fix possible buffer overflow with data from /dev/urandom
in pwquality_generate().
* Do not try to check presence of too short username in password.
(thanks to Nikos Mavrogiannopoulos)
* Make the user name check optional (via usercheck option).
* Add an 'enforcing' option to make the checks to be warning-only
in PAM.
* The difok = 0 setting will disable all old password similarity
checks except new and old passwords being identical.
* Updated translations from Zanata.
- Add patch libpwquality-pythons.patch to avoid duping pythondir
- Make python3 default and enable py2 only when needed
- Build python3 version of bindings as well
- libqb
-
- Add libqb-fix-linker-hack.patch to fix incomplete check for
needing a work-around, which is wrong for newer binutils. (bsc#1192470)
Related to [bsc#1075418].
- log: callsite symbols of main object are also handled in initializer (bsc#1075418)
* bsc#1075418-libqb-log_register_one.patch
- IPC: server: avoid temporary channel priority loss, up to deadlock-worth (gh#ClusterLabs/libqb#352, rh#1718773, bsc#1188212)
* bsc#1188212-0001-IPC-server-avoid-temporary-channel-priority-loss-up-.patch
- mdadm
-
- Incremental: Remove redundant spare movement logic
(bsc#1190376)
0036-Incremental-Remove-redundant-spare-movement-logic.patch
- nfs-utils
-
- Add 0200-mountd-Initialize-logging-early.patch
If an error or warning message is produced before
closeall() is called, mountd gets confused and doesn't work.
(bsc#1194661)
- 0191-mount-don-t-bind-a-socket-needlessly.patch
Don't bind() a non-priv socket immediately before connecting,
as this wastes port numbers.
(bsc#1187922)
- openldap2
-
- bsc#1193296 - Resolve double free in sssvlv overlay
* 0223-ITS-8592-Fix-double-free-in-sssvlv-overlay.patch
- p11-kit
-
- Update to 0.23.2; (jsc#SLE-23330);
* Fix forking issues with libffi
* Fix various crashes in corner cases
* Updated translations
* Build fixes
- Make building more verbose
- Enable tests
- Small spec file cleanup with spec-cleaner
- Fix multiple integer overflows in rpc code (bsc#1180064
CVE-2020-29361):
* 0001-common-Use-reallocarray-instead-of-realloc-as-approp.patch
* 0001-Check-for-arithmetic-overflows-before-allocating.patch
* 0001-Follow-up-to-arithmetic-overflow-fix.patch
- Rebased patches:
* 0001-Fix-a-typo-in-x-cetrificate-value-see-also-https-bug.patch
* 0001-Support-loading-new-NSS-attribute-CKA_NSS_MOZILLA_CA.patch
- Drop patches fixed in the update:
* 0001-trust-Allow-BEGIN-PUBLIC-KEY-PEM-blocks-in-.p11-kit-.patch
* 0001-trust-allow-to-also-add-openssl-style-hashes-to-pem-d.diff
* trust-Fix-segfaults-in-expand_homedir-when-pw_dir-NULL.patch
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993,
0001-trust-Support-CKA_NSS_-SERVER-EMAIL-_DISTRUST_AFTER.patch)
- add bcond to spec file to enable debug easily
- Also build documentation (boo#1013125)
- Use %license instead of %doc [bsc#1082318]
- 32-bit compatibility fixes:
* Add PKCS11 module to p11-kit-32bit (bsc#996047#c39)
* Add p11-kit-nss-trust-32bit NSS module
* Fix potential bi-arch issue with private binaries
(fdo#98817, p11-kit-biarch.patch)
- polkit
-
- CVE-2021-4115: fixed a denial of service via file descriptor leak (bsc#1195542)
added CVE-2021-4115.patch
- psmisc
-
* Determine the namespace of a process only once to speed
up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
- release-notes-sles
-
- 12.5.20220202 (tracked in bsc#933411)
- Added kernel parameter change (bsc#1195107)
- Added note about deprecating XFS V4 (jsc#SLE-22661)
- Updated note about unixODBC drivers in production (jsc#SLE-20553)
- resource-agents
-
- RA reports "/string indices must be integers"/ to stderr after
"/WARNING: Failed to reach the server: Gone"/ (bsc#1194502)
Add upstream patch:
0001-azure-events-report-error-if-jsondata-not-received.patch
- salt
-
- Fix inspector module export function (bsc#1097531)
- Wipe NOTIFY_SOCKET from env in cmdmod (bsc#1193357)
- Fix possible traceback on ip6_interface grain (bsc#1193565)
- Don't check for cached pillar errors on state.apply (bsc#1190781)
- Added:
* vendor-stateresult.patch
* fix-possible-traceback-on-ip6_interface-grain-bsc-11.patch
* state.apply-don-t-check-for-cached-pillar-errors.patch
* wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
* fix-inspector-module-export-function-bsc-1097531-478.patch
- Simplify "/transactional_update"/ module to not use SSH wrapper and allow more flexible execution
- Add "/--no-return-event"/ option to salt-call to prevent sending return event back to master.
- Make "/state.highstate"/ to acts on concurrent flag.
- Added:
* refactor-and-improvements-for-transactional-updates-.patch
- samba
-
- Fix ntlm authentications with "/winbind use default domain = yes"/;
(bso#13126); (bsc#1173429); (bsc#1196308).
- Update spec file to do not provide nor require the bundled talloc,
tdb, tevent and ldb libraries; (bsc#1195510);
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
- Update to version 4.15.4; (jsc#SLE-23330);
+ CVE-2021-43566: Symlink race error can allow directory creation
outside of the exported share; (bso#13979); (bsc#1139519);
+ CVE-2021-20316: Symlink race error can allow metadata read and
modify outside of the exported share; (bso#14842); (bsc#1191227);
- Build samba with embedded talloc, pytalloc, pytalloc-util, tdb,
pytdb, tevent, pytevent, ldb, pyldb and pyldb-util libraries.
The tdb and ldb tools are installed in /usr/lib[64]/samba/bin and
their manpages in /usr/lib[64]/samba/man
- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "/client max protocol"/ to NT1 before
calling the "/Reconnecting with SMB1 for workgroup listing"/
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "/smbd --build-options"/ no longer works without an smb.conf file;
(bso#14945);
- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
- sudo
-
- Add support in the LDAP filter for negated users, patch taken
from upstream (jsc#20068)
* Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
to run commands as that user (bsc#1181703, jsc#SLE-22569)
* feature-upstream-restrict-sudo-U-other-l.patch
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
+ Include cloud-init logs whenever they are present
+ Update the packages we track in AWS, Azure, and Google
+ Include the ecs logs for AWS ECS instances
- sysstat
-
- Fix possible segfault in read_task_stats() [bsc#1194679]
- Add sysstat-fix-segfault-in-read_task_stats.patch
- tcl
-
- New version 8.6.12:
* (bug)[d43f96] [string trim*] broken for Emoji
* (bug)[22324b] [string reverse] broken for Emoji
* (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
* (bug)[8419c5] Unix tty channels tolerate EINTR
* ** POTENTIAL INCOMPATIBILITY ***
* (bug)[4c591f] [string compare] EIAS violation
* (bug)[266494] [concat foo [list #]] EIAS violation
* (bug)[24b918] Save IO buffers from modern optimizers
* (new) support for POSIX error EILSEQ
* (bug)[688fcc] segfault during traced delete of alias
* (bug)[ccc448] segfault in ensemble rewrite machinery
* (new) Update to Unicode-14
* (bug)[a8579d] failed proc argument spec processing
* Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
* Add tcltest::(Setup|Eval|Cleanup|)Test
* Update to Unicode-13
* Add 3 libtommath functions to stub table
* Many more bug fixes
- Potentially incompatible changes:
* (bug)[ffeb20] [binary decode base64] ignore invalid chars
* (bug)[b8e82d] some -maxlen values break uuencode round trip
* (bug)[085913] Tcl_DStringAppendElement # quoting precision
* (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
* (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
* (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
* (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
* (new) force -eofchar 032 when evaluating library scripts
* (new)[48898a] improve error message consistency
* (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- New version: 8.6.10:
* (bug)[7a9dc5] [file normalize ~/~foo] segfault
* (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
* (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
obsoletes tcl-expand-regression.patch.
* (bug)[e3f481] tests var-1.2[01]
* (new) Update to Unicode 12.0
* (new)[TIP 527] New command [timerate]
* (bug)[39fed4] [package require] memory validity
* (new) New command tcl::unsupported::corotype
* (bug) memlink when namespace deletion kills linked var
* (new) README file converted to README.md in Markdown
* (bug)[8b9854] [info level 0] regression with ensembles
* (bug)[6bdadf] crash multi-arg write-traced [lappend]
* (bug)[f8a33c] crash Tcl_Exit before init
* (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
* (bug)[fec0c1] C stack overflow compiling bytecode
* tzdata updated to Olson's tzdata2019c
* (bug)[16768d] Fix [info hostname] on NetBSD
* (new) libtommath updated to release 1.2.0
* (bug)[bcd100] bad fs cache when system encoding changes
* (bug)[135804] segfault in [next] after destroy
* (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
propagation
- Use FAT LTO objects in order to provide proper static
library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
(tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
* NR-enable [package require]
* (bug)[9fd5c6] crash in object deletion, test oo-11.5
* (bug)[3c32a3] crash deleting object with class mixed in
* (platform) stop using -lieee, removed from glibc-2.27
(bsc#1179615, bsc#1181840).
* (bug)[8e6a9a] bad binary [string match], test string-11.55
* (bug)[1873ea] repair multi-thread std channel init
* (bug)[db36fa] broken bytecode for index values
* (bug) broken compiled [string replace], test string-14.19
* (bug) [string trim*] engine crashed on invalid UTF
* (bug) missing trace in compiled [array set], test var-20.11
* (bug)[46a241] crash in unset array with search, var-13.[23]
* (bug)[27b682] race made [file delete] raise "/no such file"/
* (bug)[925643] 32/64 cleanup of filesystem DIR operations
* (bug) leaks in TclSetEnv and env cache
* (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
* (bug)[270f78] race in [file mkdir]
* (bug)[3f7af0] [file delete] raised "/permission denied"/
* (bug)[d051b7] overflow crash in [format]
* revised quoting of [exec] args in generated command line
* HTTP Keep-Alive with pipelined requests
* (new)[TIP 505] [lreplace] accepts all out of range indices
* (bug) Prevent crash from NULL keyName in the registry package
* Update tcltest package for Travis support
* (bug)[35a8f1] overlong string length of some lists
* (bug)[00d04c] Repair [binary encode base64]
- handle s390 like s390x (bnc#1085480)
- Version 8.6.8:
* [array names -regexp] supports backrefs
* Fix gcc build failures due to #pragma placement
* (bug)[b50fb2] exec redir append stdout and stderr to file
* (bug)[2a9465] http state 100 continue handling broken
* (bug)[0e4d88] replace command, delete trace kills namespace
* (bug)[1a5655] [info * methods] includes mixins
* (bug)[fc1409] segfault in method cloning, oo-15.15
* (bug)[3298012] Stop crash when hash tables overflow 32 bits
* (bug)[5d6de6] Close failing case of [package prefer stable]
* (bug)[4f6a1e] Crash when ensemble map and list are same
* (bug)[ce3a21] file normalize failure when tail is empty
* (new)[TIP 477] nmake build system reform
* (bug)[586e71] EvalObjv exception handling at level #0
- adapt check section for rpm-4.14.0
- Add more tests in Whitelist as bypass boo#1072657
identified following tests failed on PowerPC
interp-34.9 interp-34.13 http-3.25 timer-2.1 thread-20.9
- Whitelist known-failing tests. Further investigation needed.
- tcpdump
-
- Security fix: [bsc#1195825, CVE-2018-16301]
* Fix segfault when handling large files
* Add tcpdump-CVE-2018-16301.patch
- tiff
-
- security update: Fix buffer overwrite
* CVE-2019-17546[bsc#1154365]
+ tiff-CVE-2019-17546.patch
- security update: Fix heap based buffer overflow in pal2rgb
* CVE-2017-17095[bsc#1071031]
+ tiff-CVE-2017-17095.patch
- security update: Fix OOB in _TIFFmemcpy
* CVE-2022-22844[bsc#1194539]
+ tiff-CVE-2022-22844.patch
- security update: Fix memory allocation failure in tif_read.c
* CVE-2020-35521[bsc#1182808] CVE-2020-35522[bsc#1182809]
+ tiff-CVE-2020-35521,CVE-2020-35522.patch
- security update: Fix DOS via invertImage()
* CVE-2020-19131[bsc#1190312]
+ tiff-CVE-2020-19131.patch
- security update: Fix heap-based buffer overflow in TIFF2PDF tool
* CVE-2020-35524[bsc#1182812]
+ tiff-CVE-2020-35524.patch
- security update: Fix integer overflow in tif_getimage
* CVE-2020-35523 [bsc#1182811]
+ tiff-CVE-2020-35523.patch
- wicked
-
- fsm: fix device rename via yast (bsc#1194392)
Reset worker config instead to reject a NULL/empty config
xml node -- introduced in wicked 0.6.67 by commit c2a0385.
[+ 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
- version 0.6.68
- sysctl: process sysctl.d directories as in sysctl --system
- sysctl: fix sysctl values for loopback device (bsc#1181163, bsc#1178357)
- dhcp4: add option to set route pref-src to dhcp IP (bsc#1192353)
- cleanup: warnings, time calculations and dhcp fixes (bsc#1188019)
- wireless: reconnect on unexpected wpa_supplicant restart (bsc#1183495)
- tuntap: avoid sysfs attr read error (bsc#1192311)
- ifstatus: fix warning of unexpected interface flag combination (bsc#1192164)
- dbus: config files in /usr shouldn't be marked as config in spec
- version 0.6.67
- dbus: install bus config in /usr (bsc#1183407,jsc#SLE-9750)
- logging: log reaped sub-process command and as debug, not error
- ifstatus: Don't show link as "/up"/ without RUNNING flag set
- firewalld: Make the zone assignment permanent (boo#1189560)
- fsm: cleanup and improve ifconfig and ifpolicy access utils
- dbus: cleanup the dbus-service.h file and unused property makros
- cleanup: applied code-spell run typo corrections
- dracut: initial fixes and improved option handling (boo#1182227)
- version 0.6.66
- wireless: migrate to wpa-supplicant v1 DBus interface (bsc#1156920)
- support multiple networks configurations per interface
- show connection status and scan-results (bsc#1160654)
- corrected eap-tls,ttls cetificate handling and open vs. shared
wep,open,psk,eap-tls,ttls,peap parsing from ifcfg (bsc#1057592)
- cleanups and several other improvements, see changes
- updated man ifcfg-wireless manual pages
- nanny: fix identify node owner exit condition
- schema: several xml-schema and dbus/property improvements
- utils: format/parse bitmap to array and string alternatives
- client: expose ethtool --get-permanent-address option
- removed sle15-sp3 patches included in the master sources (bsc#1181812)
[- 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
[- 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- dhcp4: discover on reboot timeout after start-delay (bsc#1181812)
[+ 0001-dhcp4-discover-on-reboot-timeout-after-start-delay.1181812.patch]
- dhcp6: request nis options on sle15 by default (bsc#1181812)
[+ 0002-dhcp6-request-nis-options-on-sle15-by-default.1181812.patch]
- version 0.6.65
- ifconfig: differentiate if to re-trigger dad on address updates (bsc#1177215)
- client: parse sysctl files in the correct order (bsc#1181186)
- ifup: fix for set up with unenslave from unconfigured master (boo#954329)
- rpm: prepare for new builds using usrmerged rpm macro (boo#1029961)
- rpm: Let wicked-service also provide service(network)
- cleanup: remove obsolete use-nanny=false (gh#openSUSE/wicked#815)
- dbus: add variant container, generic object-path and uint32 array macros
- yast2-samba-client
-
- With latest versions of samba (>=4.15.0) calling 'net ads lookup'
with '-U%' fails; (boo#1193533).
- yast-samba-client fails to join if /etc/samba/smb.conf or
/etc/krb5.conf don't exist; (bsc#1089938)
- Do not stop nmbd while nmbstatus is running, it is not necessary
anymore; (bsc#1158916);
- 3.1.23
- zsh
-
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Add CVE-2018-1100.patch: it fixes buffer overflow in utils.c:checkmailpath()
can lead to local arbitrary code execution (CVE-2018-1100 bsc#1089030)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
could be exploited through e.g. VCS_Info to execute arbitrary shell
commands (CVE-2021-45444 bsc#1196435)