- sysstat
-
- Add missing patches related to CVE-2022-39377 and CVE-2023-33204
(bsc#1211507).
* Add sysstat-CVE-2022-39377.patch
* Add sysstat-CVE-2023-33204.patch
- python3
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- python36
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- iputils
-
- Bring back ifenslave binary bcs#1234224
* Add iputils-ifenslave.diff
* Rebase iputils-disable-rarpd-rdisc.patch
- Resolve jsc#PED-9524
- Bump version to version s20161105 (bsc#1221439)
- This version can use ICMP datagram sockets without CAP_NET_RAW capabilites.
- Added iputils-disable-rarpd-rdisc.patch
- disables building of rarpd and rdisc as they're provided by separate package (rarpd) in SLE12-SP5
Full changelog:
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add fix for ICMP datagram socket ping6-Fix-device-binding.patch
(bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927).
- Remove 2 old patches (iputils-sec-ping-unblock.diff, iputils-ping-interrupt.diff)
Although not documented, they both belong to bsc#674304. Fix from 2011 was
resolved upstream in commit 810dd7f ("ping,ping6: Unmask signals on
start-up.") [1], released in s20121112.
- Update iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
(backport 4471ac6 to add changes in header files)
- Use git format for iputils-ping-fix-pmtu-for-ipv6.patch (required by
%autosetup -p1)
- Use %autosetup -p1
- Backport license information from upstream (bnc#1082788):
iputils-add-license-info.diff
- Backport iputils-ping-fix-pmtu-for-ipv6.patch from upstream
to fix PMTU discovery in ping6. (bsc#1072460)
- Install rdisc as rdisc, do not use in.rdisc anymore (xinetd which
was using in.* names is obsolete anyways)
- iputils: remove man pages of unused binaries: ninfod, pg3, rdisc
(rdisc is in a separate package)
- Add systemd service for rarpd
- mark ping also verify not caps, as these are changed by the
permissions package. (bsc#1065835)
- Reintroduce rarpd as subpackage
- Explicitly list content in filelist as we have two subpackages
now
- Cleanup with spec-cleaner
- Update to version s20161105 (Changes taken from the RELNOTES file)
* ping: eliminate deadcode & simplify
* ping: do not allow oversized packets to root
* correctly initialize first hop
* ping: fix ping -6 -I
* arping,doc: fix documentation of -I
* ping: fix error message when getting EACCES from connect()
* renamed INSTALL to INSTALL.md
* (re)structured INSTALL.md and transformed into markdown; added hint that installation into prefix has to be done with DESTDIR make variable and that there's no prefix support in configure, close #21
* ping: Silence GCC warnings when building with -fstrict-aliasing
* tftpd: Drop supplementary groups for root
* libgcrypt: fix static linking
* doc: Inserted a missing word
* tracepath6: avoid redundant family variable
* tracepath: borrow everything good from tracepath6
* tracepath: switch to dual-stack operation
* tracepath: remove now redundant tracepath6
* docs: fix parallel build of manpages
* ping: remove assignments of values that are never read
* docs: remove references to ping6 and traceroute6
* ping: work with older kernels that don't support ping sockets
* Revert "ping_common.c: fix message flood when EPERM is encountered in ping"
* reorder -I option parsing (boo#1057664)
* ping: also bind the ICMP socket to the specific device
- tracepath6 is now symlink to tracepath.
- Add ping6 symlink (boo#1017616)
- do not install rarpd and rarpd.8 manpage (comes from rarpd rpm currently)
- Update to version s20160308 (Changes taken from the RELNOTES file)
* use syntax compatible with busybox date in Makefile
* 'admin prohibited' should print !X not !S.
* Makefile: use #define as in previous code changes
* doc/Makefile: require bash, because we use pushd and popd
* doc: don't timestamp manpages by default
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* ping: ICMP error replies while errno < 0 is a hard error
* ping: always use POSIX locale when parsing -i
* ping: link against libm
* made ping functions protocol independent
* ping: perform dual-stack ping by default
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* ping: fix defines and libs in Makefile
* ping: handle single protocol systems
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* Allow ping to use IPv6 addresses
* ping,ping6 doc: More description on CAP_NET_RAW usage.
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* tracepath,doc: fix corrupted tag
* doc: ping: add missing options and remove ping6
* ninfod: remove unused variables
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* Fix building with musl
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* remove IPV4_TARGETS and IPV6_TARGETS
* Use svg instead of png to get better image quality
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
- Refreshed patches
* iputils-ping-interrupt.diff
* iputils-sec-ping-unblock.diff
- Remove ifenslave.c. It has been removed in the linux kernel commit
b1098bbe1b24("bonding: remove ifenslave.c from kernel source").
bonding can be done via iproute (netlink)
- dropped iputils-ifenslave.diff
- Append our CFLAGS to the upstream ones instead of overriding them.
- Cleanup old make command since the upstream Makefile does things right
it seems.
- Use Provides: for old /{,s}bin utils to satisfy reverse dependencies.
- Install utilities to /bin and /sbin until reverse dependencies are
properly fixed.
- Do not install tftp and traceroute to avoid conflicts with the tftp and
traceroute packages. Stick to what iputils used to provide in the past.
- Remove iputils-traceroute6-stdint.diff patch since we are not building
the traceroute* utilities.
- Install tracepath to /usr/bin. (boo#795788)
- Update to version s20150815
* use syntax compatible with busybox date in Makefile
* Makefile: use #define as in previous code changes
* ping: status() now returns received/transmitted instead of trans/recv
* ping: don't mess with internals of struct msghdr
* tracepath,doc: fix corrupted tag
* made ping functions protocol independent
* Allow ping to use IPv6 addresses
* if IPv4 resolving fails fallback to ping6
* ping: in usage print the 'ping -6' options as well
* ping: allow option -4 which forces IPv4
* combine sock and errno into a single structure
* This patch allows running ping and ping6 without root privileges on
* use better names for socket variables
* travis.yml: install nettle-dev
* Allow using nettle instead of libgcrypt for MD5
* avoid compiler warning caused by snapshot.h
* make `getaddrinfo()` and `getnameinfo()` usage consistent
* enable IDN by default
* ping: perform dual-stack ping by default
* remove IPV4_TARGETS and IPV6_TARGETS
* ping: remove obsolete preprocessor directives
* ping: avoid name clashes between IPv4 and IPv6 code
* ping: merge all ping header files into a single one
* ping: merge `ping6` command into `ping`
* ping: refactor ping options
* ping: refactor ping socket code
* ping: merge IPv4 and IPv6 `pr_addr()`
* Use svg instead of png to get better image quality
* iputils ping/ping6: Add a function to check if a packet is ours
* ping: Add <linux/types.h> to fix compilation error.
* ping6: Use GNUTLS API directly for MD5. (v2)
* ping6: Use libgcrypt instead of gnutls for MD5.
* ninfod: Regenerate configure by autoconf-2.69.
* ninfod: libgcrypt support.
* spec: Configure before building ninfod.
* spec: Fix date in %changelog.
* make,spec: Add rpm target.
* ping,ping6 doc: More description on CAP_NET_RAW usage.
- Update patches
* iputils-s20101006-ping-interrupt.diff > iputils-ping-interrupt.diff
* iputils-s20101006-sec-ping-unblock.diff > iputils-sec-ping-unblock.diff
* iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- Update home project page and download Url
- Remove obsolete %clean section
- Remove UsrMerge process; it has been done for more than two
openSUSE releases now
- Fix a bogus kernel version check (boo#927831):
iputils-remove-bogus-check-required-for-2.4.9-kernels.patch
- python-requests
-
- Update CVE-2024-35195.patch to allow the usage of "verify" parameter
as a directory, bsc#1225912
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- pacemaker
-
- executor: avoid use-after-free upon shutdown (bsc#1232613, gh#ClusterLabs/pacemaker#3719)
* bsc#1232613-0001-Fix-executor-avoid-use-after-free-upon-shutdown.patch
- controld: leave xml-src attribute empty when no DC selected #2902 (bsc#1217259, bsc#1228781, jsc#PED-8311, gh#ClusterLabs/pacemaker#3702)
* bsc#1217259-0001-Fix-controld-leave-xml-src-attribute-empty-when-no-D.patch
- scheduler: Fixed memory leak when searching for unfencing devices. (gh#ClusterLabs/pacemaker#3678)
* pacemaker#3678-0001-Mid-scheduler-Fixed-memory-leak-when-searching-for-u.patch
- libcib: treat empty variant variables same as unset (gh#ClusterLabs/pacemaker#3658)
* pacemaker#3658-0001-Fix-libcib-treat-empty-variant-variables-same-as-uns.patch
- pacemaker-based: client name can be NULL (gh#ClusterLabs/pacemaker#3608)
* pacemaker#3608-0001-Log-pacemaker-based-client-name-can-be-NULL.patch
- expat
-
- security update
- added patches
fix CVE-2024-50602 [bsc#1232579], DoS via XML_ResumeParser
+ expat-CVE-2024-50602.patch
- python
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- python-pyOpenSSL
-
- Fix for bsc#1231700:
* 0001-Don-t-use-things-after-they-re-freed.duh-709.patch: Add
missing patch that introduced X509._from_raw_x509_ptr needed by
CVE-2018-1000807 fix.
gh#pyca/pyopenssl@4aa52c33d3ee
- Mesa-drivers
-
- u_mesa-CVE-2023-45913.patch
* NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId()
(CVE-2023-45913, bsc#1222040)
- u_mesa-CVE-2023-45919.patch
* buffer over-read in glXQueryServerString()
(CVE-2023-45919, bsc#1222041)
- u_mesa-CVE-2023-45922.patch
* segmentation violation in __glXGetDrawableAttribute()
(CVE-2023-45922, bsc#1222042)
- libpcap
-
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python-base
-
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config boo#1231795
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- OpenIPMI
-
- Fix bsc#1229910 CVE-2024-42934 by below 2 patches:
A lanserv-Check-some-bounds-on-incoming-messages.patch
A lanserv-Fix-an-issue-with-authorization-range-checking.patch
- Mesa
-
- u_mesa-CVE-2023-45913.patch
* NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId()
(CVE-2023-45913, bsc#1222040)
- u_mesa-CVE-2023-45919.patch
* buffer over-read in glXQueryServerString()
(CVE-2023-45919, bsc#1222041)
- u_mesa-CVE-2023-45922.patch
* segmentation violation in __glXGetDrawableAttribute()
(CVE-2023-45922, bsc#1222042)
- grep
-
- port-recent-fix-to-older-pcre-version.patch: Don't assume that
a pcre_exec that returns PCRE_ERROR_NOMATCH leaves its sub
argument alone. (bsc#1227099)
- openssl-1_1
-
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- avahi
-
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- kernel-default
-
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072 CVE-2024-53114).
- commit ace41bd
- Update
patches.suse/initramfs-avoid-filename-buffer-overrun.patch
(CVE-2024-53142 bsc#1232436).
- commit c12c103
- Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886
bsc#1223044).
- Bluetooth: Avoid potential use-after-free in hci_error_reset
(CVE-2024-26801 bsc#1222413).
- commit 0002c48
- dm cache: fix potential out-of-bounds access on the first resume
(bsc#1233467, CVE-2024-50278).
- dm cache: optimize dirty bit checking with find_next_bit when
resizing (bsc#1233467, CVE-2024-50278).
- commit 0b89286
- Update References: field,
patches.suse/dm-cache-fix-out-of-bounds-access-to-the-dirty-bitset-when-resizing.patch
(bsc#1233467, bsc#1233468, CVE-2024-50278, CVE-2024-50279).
- commit 3ad9690
- dm cache: fix flushing uninitialized delayed_work on cache_ctr
error (bsc#1233467, CVE-2024-50278).
- dm cache: correct the number of origin blocks to match the
target length (bsc#1233467, CVE-2024-50278).
- commit 4bc71b8
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()
(CVE-2024-46771 bsc#1230766).
- commit 491eb77
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- commit 8d46222
- sch/netem: fix use after free in netem_dequeue (CVE-2024-46800
bsc#1230827).
- can: bcm: Remove proc entry when dev is unregistered
(CVE-2024-46771 bsc#1230766).
- commit 4db26bc
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit 5e374e6
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5cba6cd
- usb: typec: altmode should keep reference to parent (CVE-2024-50150 bsc#1233051)
- commit 42ad9b3
- net: hns3: fix kernel crash when uninstalling driver (CVE-2024-50296 bsc#1233485)
- commit 184c4c0
- drm/vc4: Warn if some v3d code is run on BCM2711 (bsc#1233108)
Only take struct vc4file.dev for bsc#1233108. Leave out the commit's
tests and warnings.
- commit 7eeddbe
- net: relax socket state check at accept time (git-fixes).
- commit 4a31544
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
(CVE-2024-36905 bsc#1225742).
- commit 9ad4cc7
- drm/vc4: Stop the active perfmon before being destroyed (bsc#1233108 CVE-2024-50187)
- commit f0f44d8
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (CVE-2024-49938 bsc#1232552)
- commit 4092e67
- netfilter: nf_tables: prevent nf_skb_duplicated corruption (CVE-2024-49952 bsc#1232157)
- commit 0b60580
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit 6e6d2aa
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit 12a43db
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit a5eeed1
- nvme-pci: fix race condition between reset and
nvme_dev_disable() (bsc#1232888 CVE-2024-50135).
- commit d800691
- scsi: lpfc: Ensure DA_ID handling completion before deleting
an NPIV instance (bsc#1233130 CVE-2024-50183).
- commit 2341eee
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
Patch has been manually modified to apply.
- commit e2aba08
- nfs: Fix KMSAN warning in decode_getfattr_attrs()
(CVE-2024-53066 bsc#1233560).
- commit b4e2ec3
- btrfs: fix a NULL pointer dereference when failed to start a
new trasacntion (CVE-2024-49868 bsc#1232272).
- commit 28e08c8
- Reinstate some of "swiotlb: rework "fix info leak with
DMA_FROM_DEVICE"" (CVE-2022-48853 bsc#1228015).
- commit ddba53c
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 6bc7fd8
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit edf6fa0
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
SKB data (CVE-2024-53058 bsc#1233552).
- commit ebde361
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- Bluetooth: call sock_hold earlier in sco_conn_del
(CVE-2024-50125 bsc#1232928).
- commit 4838e6d
- Update
patches.suse/posix-clock-posix-clock-Fix-unbalanced-locking-in-pc.patch
(CVE-2024-50195 bsc#1233103 CVE-2024-50210 bsc#1233097).
- commit 4b1cf97
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
(CVE-2024-50228, bsc#1233204, git fixes (mm/shmem)).
- commit 84efe19
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit dede472
- media: av7110: fix a spectre vulnerability (CVE-2024-50289
bsc#1233478).
- commit 43a6f6e
- efi/memattr: Ignore table if the size is clearly bogus
(CVE-2024-49858 bsc#1232251 bsc#1231465).
- commit 3272541
- i40e: fix race condition by adding filter's intermediate sync
state (CVE-2024-53088 bsc#1233580).
- i40e: fix i40e_count_filters() to count only active/new filters
(CVE-2024-53088 bsc#1233580).
- commit c0c4369
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (bsc#1233454 CVE-2024-50265).
- commit 3e0d522
- net: hns3: fix a deadlock problem when config TC during
resetting (CVE-2024-44995 bsc#1230231).
- commit 398b1db
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 62f1f9b
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555
git-fixes CVE-2024-53085 bsc#1233577).
- commit 70d272c
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit 506c426
- Update
patches.suse/tipc-fix-a-possible-memleak-in-tipc_buf_append.patch
(bsc#1221977 CVE-2021-47162 bsc#1225764 CVE-2024-36954
CVE-2024-36886 bsc#1225730).
- commit 6b7c8a5
- net: netem: use a list in addition to rbtree
(git-fixes CVE-2024-45016 bsc#1230429).
- commit 2b0774f
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-48853
bsc#1228015).
- commit 56fe90d
- crypto: ecdh - explicitly zeroize private_key (CVE-2024-42098
bsc#1228779).
- commit ef82dbf
- crypto: aead,cipher - zeroize key buffer after use
(CVE-2024-42229 bsc#1228708).
- commit 1b83698
- btrfs: reinitialize delayed ref list after deleting it from
the list (bsc#1233462 CVE-2024-50273).
- commit 0901f0b
- Refresh
patches.suse/net-prevent-mss-overflow-in-skb_segment.patch.
Fix the following warning:
net/core/skbuff.c: In function 'skb_segment':
include/linux/kernel.h:795:16: warning: comparison of distinct pointer types lacks a cast [enabled by default]
include/linux/kernel.h:798:2: note: in expansion of macro '__min'
net/core/skbuff.c:3302:18: note: in expansion of macro 'min'
This is how the warning got silenced in upstream stable kernel
v4.19.321.
- commit 68ad1ea
- Refresh
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch.
Adjust the backport to match the old size of struct members. This
fixes the following warning:
../drivers/scsi/lpfc/lpfc_sli.c: In function 'lpfc_sli_flush_io_rings':
../drivers/scsi/lpfc/lpfc_sli.c:4436:5: warning: format '%lx' expects argument of type 'long unsigned int', but argument 5 has type 'int' [-Wformat=]
../drivers/scsi/lpfc/lpfc_sli.c:4436:5: warning: format '%lx' expects argument of type 'long unsigned int', but argument 6 has type 'uint32_t' [-Wformat=]
- commit dff4c6e
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit b1b7b65
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 41e678c
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (CVE-2024-50171 bsc#1233057)
- commit a8cf9c8
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CVE-2024-50148 bsc#1233063)
- commit cb3dc55
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073 bsc#1232520)
- commit 68babec
- Update
patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch
(git-fixes CVE-2024-50194 bsc#1233111).
- Update
patches.suse/arm64-probes-Remove-broken-LDR-literal-uprobe-support.patch
(git-fixes CVE-2024-50099 bsc#1232887).
- Update
patches.suse/ceph-remove-the-incorrect-Fw-reference-check-when-dir.patch
(bsc#1231184 CVE-2024-50179 bsc#1233123).
- commit c9a203b
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
(bsc#1233191 CVE-2024-50218).
- commit cc4dbc4
- Update tags in
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- commit dcc8f26
- Fix compiler warnings introduced in
patches.suse/udf-Avoid-excessive-partition-lengths.patch.
- commit fc54634
- mm: shmem: fix data-race in shmem_getattr() (CVE-2024-50228,
bsc#1233204, git fixes (mm/shmem)).
- commit e71d93b
- driver core: bus: Fix double free in driver API bus_register()
(bsc#1232329 CVE-2024-50055).
- commit 0448963
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 0050d80
- drm/amd: Guard against bad data for ATIF ACPI method (bsc#1232897 CVE-2024-50117)
- commit 97c9929
- wifi: mac80211: do not pass a stopped vif to the driver in
.get_txpower (CVE-2024-50237 bsc#1233216).
- commit 6d8f0b7
- wifi: ath10k: Fix memory leak in management tx (CVE-2024-50236
bsc#1233212).
- commit 0b6cbda
- wifi: iwlegacy: Clear stale interrupts before resuming device
(CVE-2024-50234 bsc#1233211).
- commit 01cb9ce
- drm/amd/display: Check null pointers before used (bsc#1232371 CVE-2024-49921)
- commit e8deeae
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit a88491e
- Update tags
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-42131 bsc#1228650).
- commit 3f14d21
- RDMA/mad: Improve handling of timed out WRs of mad agent (bsc#1232873 CVE-2024-50095)
- commit 2d90f41
- IB/mad: Issue complete whenever decrements agent refcount (bsc#1232873 CVE-2024-50095)
- commit 27da1c4
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167
bsc#1233049).
- commit 4f25cff
- cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations
(CVE-2024-27051 bsc#1223769).
- commit 6437a99
- driver core: Fix error return code in really_probe()
(bsc#1232224 CVE-2024-49925).
- commit 7264309
- parport: Proper fix for array out-of-bounds access (CVE-2024-50074 bsc#1232507)
- commit ee8e094
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's
return value (CVE-2024-27051 bsc#1223769).
- commit e56562b
- vfs: fix race between evice_inodes() and find_inode()&iput()
(bsc#1231930 CVE-2024-47679).
- commit ebf12b1
- ext4: avoid OOB when system.data xattr changes underneath the
filesystem (bsc#1231920 CVE-2024-47701).
- commit 06b6d21
- ext4: explicitly exit when ext4_find_inline_entry returns an
error (bsc#1231920 CVE-2024-47701).
- commit 76db0bc
- ext4: return error on ext4_find_inline_entry (bsc#1231920
CVE-2024-47701).
- commit 3ce9700
- ext4: ext4_search_dir should return a proper error (bsc#1231920
CVE-2024-47701).
- commit 35d9543
- wifi: cfg80211: check A-MSDU format more carefully (stable-fixes
CVE-2024-35937 bsc#1224526).
- blacklist.conf: remove the entry that we're just adding
- commit efe6631
- driver core: kABI workaround for dev_groups in device_driver
(bsc#1232224 CVE-2024-49925).
- commit 993ec78
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 7ae8606
- driver core: add dev_groups to all drivers (bsc#1232224
CVE-2024-49925).
- commit d16dce7
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit bff3087
- NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304 CVE-2022-48967)
- commit 5a26fef
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e5b93cf
- kabi/severities: ignore amdgpu symbols
amdkfd symbols are exported but they are supposed to be used only
by amdgpu, so they are local symbols that can be ignored.
- commit 381c434
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit fea62f0
- scsi: lpfc: Validate hdwq pointers before dereferencing in
reset/errata paths (bsc#1232218 CVE-2024-49891).
- commit b5db475
- SLE12-SP5 turned LTSS (Extended Security) - maintainership goes to L3
- commit 6e14d1d
- Bluetooth: RFCOMM: FIX possible deadlock in
rfcomm_sk_state_change (CVE-2024-50044 bsc#1231904).
- commit e681821
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit ba288b6
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 2fa13cf
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit ce009ae
- Remove duplicate CVE references
Update patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
Update patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
Update patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
- commit 2663e32
- mm: split critical region in remap_file_pages() and invoke
LSMs in between (CVE-2024-47745 bsc#1232135 git-fix).
- commit 661d796
- nfs: fix memory leak in error path of nfs4_do_reclaim
(git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least
30 seconds (git-fixes).
- commit 05c4d99
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/RDMA-cxgb4-Added-NULL-check-for-lookup_atid.patch
(git-fixes CVE-2024-47749 bsc#1232180).
- Update
patches.suse/RDMA-iwcm-Fix-WARNING-at_kernel-workqueue.c-check_fl.patch
(git-fixes CVE-2024-47696 bsc#1231864).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- Update
patches.suse/ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
(git-fixes CVE-2024-49957 bsc#1232152).
- Update
patches.suse/ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
(git-fixes CVE-2024-49877 bsc#1232339).
- Update
patches.suse/ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
(git-fixes CVE-2024-49965 bsc#1232142).
- commit d1259c0
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(bsc#1219125 CVE-2023-46343 CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- commit 9477732
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(bsc#1082555 CVE-2022-48997 bsc#1232035).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(git-fixes CVE-2022-48949 bsc#1231897).
- Update
patches.suse/net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(bsc#1229154 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/nvme-fix-a-possible-use-after-free-in-controller-res.patch
(bsc#1227941 (CVE-2022-48790) CVE-2022-48790).
- Update
patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch
(bsc#1227952 (CVE-2022-48788) CVE-2022-48788).
- Update
patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch
(bsc#1228000 (CVE-2022-48789) CVE-2022-48789).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit c8e7e6a
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
bsc#1225336 CVE-2021-47416 bsc#1225189).
- commit 9036983
- smb: client: fix UAF in async decryption (bsc#1232418,
CVE-2024-50047).
- commit f679375
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (CVE-2024-49894 bsc#1232354)
- commit b558147
- drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (CVE-2024-49901 bsc#1232305)
- commit 9c2561f
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006 bsc#1232442)
- commit 8639f10
- ALSA: asihpi: Fix potential OOB array access (CVE-2024-50007 bsc#1232394)
- commit 013518a
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959 bsc#1232149)
- commit 284567a
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit aede924
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit bc2150c
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 1df90ba
- khugepaged: retract_page_tables() remember to test exit
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit f4a1619
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881 bsc#1232201)
- commit b5dc210
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- commit 693aa17
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info()
in walk_down_proc() (CVE-2024-46841 bsc#1231094).
- commit 6d306f6
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883 bsc#1232199)
- commit ec16b20
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929 bsc#1232253)
- commit 84425bf
- net: fix a memleak when uncloning an skb dst and its metadata
(CVE-2022-48809 bsc#1227947).
- commit 2bf5e2a
- tpm: Clean up TPM space after command failure (CVE-2024-49851
bsc#1232134).
- commit 7bbb5a1
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058 bsc#1232285).
- commit 41b7884
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (CVE-2024-49962 bsc#1232314)
- commit 4df8d00
- drm/amd/display: Check stream before comparing them (CVE-2024-49896 bsc#1232221)
- commit b1fe975
- drm/amd/pm: ensure the fw_info is not null before using it (CVE-2024-49890 bsc#1232217)
- commit c3be196
- ASoC: ops: Correct bounds check for second channel on SX controls (CVE-2022-48951 bsc#1231929)
- commit bf654bc
- firmware_loader: Block path traversal (CVE-2024-47742 bsc#1232126)
- commit 7af5448
- ASoC: soc-pcm: Add NULL check in BE reparenting (CVE-2022-48992 bsc#1232071)
- commit 70e6117
- media: pci: cx23885: check cx23885_vdev_init() return (CVE-2023-52918 bsc#1232047)
- commit 713adf4
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (CVE-2022-48951 bsc#1231929)
- commit 26bb290
- btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840 bsc#1231105)
- commit 61febb6
- drm/amd/display: Check null pointers before multiple uses (bsc#1232313 CVE-2024-49920)
- commit 2448039
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
(bsc#1232123 CVE-2022-49000).
- commit 02b654b
- net: mvneta: Fix an out of bounds check (CVE-2022-48966
bsc#1232191).
- commit 0317c39
- iommu/vt-d: Fix PCI device refcount leak in
dmar_dev_scope_init() (bsc#1232133 CVE-2022-49002).
- commit 5c0b5c2
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit fc49b9f
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035
bsc#1232392).
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949 bsc#1232160).
- net: mvneta: Prevent out of bounds read in mvneta_config_rss()
(CVE-2022-48966 bsc#1232191).
- net/9p: Fix a potential socket leak in p9_socket_open
(CVE-2022-49020 bsc#1232175).
- commit 2c23eba
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
(bsc#1232006 CVE-2022-49011).
- hwmon: (coretemp) Check for null before removing sysfs attrs
(bsc#1232172 CVE-2022-49010).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
fails (bsc#1231995 CVE-2022-49029).
- commit 71880ba
- Update
patches.suse/0001-x86-kaslr-Expose-and-use-the-end-of-the-physical-mem.patch
(bsc#1230405, bsc#1232236).
- commit a8a279f
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
(CVE-2024-47745 bsc#1232135).
- commit ed0f269
- Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950
bsc#1232159).
- commit 30ab1b9
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- commit 3e6f9a6
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- commit a1137d7
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- commit e35a346
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- commit 03723c2
- ext4: fix double brelse() the buffer of the extents path
(bsc#1232200 CVE-2024-49882).
- ext4: no need to continue when the number of entries is 1
(bsc#1232140 CVE-2024-49967).
- commit fc369f8
- ethernet: aeroflex: fix potential skb leak in greth_init_rings()
(CVE-2022-48958 bsc#1231889).
- e100: Fix possible use after free in e100_xmit_prepare
(CVE-2022-49026 bsc#1231997).
- iavf: Fix error handling in iavf_init_module() (CVE-2022-49027
bsc#1232007).
- ixgbevf: Fix resource leak in ixgbevf_init_module()
(CVE-2022-49028 bsc#1231996).
- net: phy: fix null-ptr-deref while probe() failed
(CVE-2022-49021 bsc#1231939).
- commit ed7ba02
- net: usb: usbnet: fix name regression (get-fixes).
- commit 505fee4
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 38ee0dd
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- drbd: Add NULL check for net_conf to prevent dereference in
state validation (git-fixes).
- commit 8ea7f3b
- gpio: amd8111: Fix PCI device reference count leak (CVE-2022-48973 bsc#1232039)
- commit cbd0482
- Bluetooth: Fix not cleanup led when bt_init fails (CVE-2022-48971 bsc#1232037)
- commit ce6c97c
- cifs: Fix buffer overflow when parsing NFS reparse points
(bsc#1232089, CVE-2024-49996).
- commit 009c8ed
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685 bsc#1231998)
- commit 6b03439
- net: Fix an unsafe loop on the list (CVE-2024-50024 bsc#1231954)
- commit b3d8cae
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707 bsc#1231935)
- commit 4b59ef3
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (CVE-2022-48972 bsc#1232025)
- commit 0168947
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978 bsc#1232038)
- commit 7a79be0
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045 bsc#1231903)
- commit 2c7a2ef
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c8fc3bd
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 3560609
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 6ebc760
- ocfs2: cancel dqi_sync_work before freeing oinfo (bsc#1232141
CVE-2024-49966).
- commit b3c314a
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (bsc#1232111 CVE-2024-47735)
- commit 78adc47
- ocfs2: reserve space for inline xattr before attaching reflink
tree (bsc#1232151 CVE-2024-49958).
- commit 75ba1c4
- wifi: mac80211: use two-phase skb reclamation in
ieee80211_do_stop() (CVE-2024-47713 bsc#1232016).
- commit 6ae0d21
- nfsd: call cache_put if xdr_reserve_space returns NULL
(bsc#1232056 CVE-2024-47737).
- commit 629ef18
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit 3727547
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033 bsc#1231914).
- net: tun: Fix use-after-free in tun_detach() (CVE-2022-49014
bsc#1231890).
- commit c68baf4
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (bsc#1227437, CVE-2024-39476).
- Delete the following patch, it is replaced by the above one,
patches.suse/Revert-md-raid5-Wait-for-MD_SB_CHANGE_PENDING-in-rai.patch.
- commit e9834f3
- net/ipv6: prevent use after free in ip6_route_mpath_notify
(CVE-2024-26852 bsc#1223057 bsc#1230784).
- Update
patches.suse/net-ipv6-avoid-possible-UAF-in-ip6_route_mpath_notif.patch
(CVE-2024-26852 bsc#1223057 bsc#1230784).
- commit 7d060a6
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds
write error (bsc#1231858 CVE-2024-47697).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds
write error (bsc#1231859 CVE-2024-47698).
- commit d62c304
- ethtool: fail closed if we can't get max channel used in
indirection tables (CVE-2024-46834 bsc#1231096).
- commit bddfacf
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes CVE-2024-44931
bsc#1229837).
- commit 664410d
- gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
(stable-fixes CVE-2024-42253 bsc#1229005).
- commit 966ef70
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit b85f7d9
- udf: Avoid excessive partition lengths (bsc#1230773
CVE-2024-46777).
- fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439
CVE-2024-47660).
- commit 1cf833b
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- net: netem: fix use after free and double free with packet
corruption (git-fixes CVE-2024-45016 bsc#1230429).
- net: netem: correct the parent's backlog when corrupted packet
was dropped (git-fixes CVE-2024-45016 bsc#1230429).
- net: netem: fix error path for corrupted GSO frames (git-fixes
CVE-2024-45016 bsc#1230429).
- net: netem: fix backlog accounting for corrupted GSO frames
(git-fixes CVE-2024-45016 bsc#1230429).
- commit 8535e0c
- perf/x86/intel: Limit the period on Haswell (bsc#1231072,
CVE-2024-46848).
- commit ddcb55d
- Update
patches.suse/ocfs2-add-bounds-checking-to-ocfs2_xattr_find_entry.patch
(bsc#1228410 CVE-2024-41016 CVE-2024-47670 bsc#1231537).
- commit 3c9794f
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(CVE-2024-47673 bsc#1231539).
- commit ec71cef
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672 bsc#1231540).
- commit bf00ca5
- sched/smt: Fix unbalance sched_smt_present dec/inc
(CVE-2024-44958 bsc#1230179).
- commit d76ce7a
- add bug reference for a mana change (bsc#1229769).
- commit 365e607
- nfc: fix segfault in nfc_genl_dump_devices_done (CVE-2021-47612 bsc#1226585)
- commit 04d816c
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit 9a97d1d
- xhci: Fix null pointer dereference when host dies
(CVE-2023-52898 bsc#1229568).
- commit 8083a37
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit 8169915
- wifi: mwifiex: Do not return unused priv in
mwifiex_get_priv_by_id() (bsc#1230802 CVE-2024-46755).
- commit 3faac0d
- Delete some more obsolete scripts
- commit c036565
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit fce3225
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (bsc#1230725 CVE-2024-46724)
- commit a6d26f5
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit 6cd35ce
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- Update kabi files from rpm-4.12.14-122.228
Some nvme symbols are listed as exported from vmlinux while the driver
is modular. This is because the symvers files were not updated after
making the driver modular.
- commit 00d2c7f
- ELF: fix kernel.randomize_va_space double read (CVE-2024-46826 bsc#1231115)
Dropped const and split declaration and assignment to avoid warning of
mixing declarations and statements.
- commit 8b66569
- drm/amd/display: added NULL check at start of dc_validate_stream (CVE-2024-46802 bsc#1231111)
- commit a598fc3
- Revert "Merge branch 'users/dwagner/SLE12-SP5/for-next' into SLE12-SP5"
This reverts commit aa4c39a920ecb484add5aa1733bbaa0fb81c7d46, reversing
changes made to 4527634da2625f9c0c83176368afe9fe8acb3ffc.
- --
Following breaks kABI:
commit 72d636029eff5515a118fd98f44689c4421a836e
Author: Daniel Wagner <dwagner@suse.de>
Date: Mon Sep 30 15:48:52 2024 +0200
kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- --
As designed the path match does not match symbols exported from vmlinux
(built-in), those have to be listed explicitly.
Listing the offending symbols should make this change work. It's
possible that more of the nvme support is modular on later kernels or
the kABI brekage is not as widespread compared to 4.12.
- ---
- commit 5f0ddca
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- net: core: Specify skb_pad()/skb_put_padto() SKB freeing
(CVE-2024-46854 bsc#1231084).
- commit 8314902
- usbnet: fix cyclical race on disconnect with work queue
(git-fixes).
- Refresh
patches.kabi/move-new-members-of-struct-usbnet-to-end.patch.
- Refresh
patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit d5af998
- powerpc/imc-pmu: Revert nest_init_lock to being a mutex
(bsc#1065729).
- commit 9d9f624
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
(bsc#1065729).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section
(bsc#1054914 fate#322448 git-fixes).
- powerpc/iommu: Annotate nested lock for lockdep (bsc#1065729).
- commit 1b7c467
- Fix bsc#1054914 reference.
- commit 4b9db88
- nvme: avoid double free special payload (bsc#1228635
CVE-2024-41073).
- commit 50941e4
- ceph: remove the incorrect Fw reference check when dirtying
pages (bsc#1231184).
- commit 4527634
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- nvmet: always initialize cqe.result (bsc#1228615
CVE-2024-41079).
- commit 0c4e344
- kabi/severities: Ignore ppc instruction emulation (bsc#1230826 ltc#205848)
These are lowlevel functions not used outside of exception handling and
kernel debugging facilities.
- commit abc513a
- drm/amd/display: Check BIOS images before it is used (CVE-2024-46809 bsc#1231148).
- commit 006eae3
- platform/x86: panasonic-laptop: Fix SINF array out of bounds
accesses (CVE-2024-46859 bsc#1231089).
- commit 59d5c89
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug
(CVE-2024-46853 bsc#1231083).
- commit bb10262
- media: vivid: fix compose size exceed boundary (CVE-2022-48945
bsc#1230398).
- commit 9b78931
- kthread: Fix task state in kthread worker if being frozen
(bsc#1231146).
- commit acf39f7
- kabi: ignore all nvme kabi breakages
Streamline sle12sp5 with the other code stream where we ignore
all symbol changes inside the nvme subsystem.
Delete:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- patches.kabi/kabi-Fix-nvmet-error-log-definitions.patch
- patches.kabi/kabi-nvme-fix-fast_io_fail_tmo.patch
- commit 72d6360
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.kabi/kabi-Fix-nvme-fabrics_q.patch
- nvme-fabrics: use reserved tag for reg read/write command
(bsc#1228620 CVE-2024-41082).
- nvme: change __nvme_submit_sync_cmd() calling conventions
(bsc#1228620 CVE-2024-41082).
- nvme: remove unused timeout parameter (bsc#1228620
CVE-2024-41082).
- nvme: split nvme_alloc_request() (bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- nvme: centralize setting the timeout in nvme_alloc_request
(bsc#1228620 CVE-2024-41082).
Refresh:
- patches.suse/lightnvm-remove-lightnvm-implemenation.patch
- commit 1db4029
- tracing: Avoid possible softlockup in tracing_iter_reset()
(git-fixes).
- commit 6f4c555
- arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120 CVE-2024-46822)
- commit cd9816b
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (bsc#1231120 CVE-2024-46822)
- commit 0c95f6d
- tracing: Fix overflow in get_free_elt() (git-fixes
CVE-2024-43890 bsc#1229764).
- commit 2519a16
- drm/amd/pm: fix the Out-of-bounds read warning (bsc#1230709 CVE-2024-46731)
- commit 1b11b68
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- commit 7b2aa7b
- drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722 bsc#1230712)
- commit 7ff2284
- i2c: lpi2c: Avoid calling clk_get_rate during transfer
(bsc#1227885 CVE-2024-40965).
- commit 115f782
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229457 CVE-2024-44947 bsc#1229456).
- Update
patches.suse/msft-hv-3046-uio_hv_generic-Fix-kernel-NULL-pointer-dereference-i.patch
(git-fixes CVE-2024-46739 bsc#1230732).
- Update
patches.suse/msft-hv-3048-net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(git-fixes CVE-2024-46784 bsc#1230771).
- Update
patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch
(git-fixes CVE-2024-46737 bsc#1230730).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- commit ad5a546
- userfaultfd: fix checks for huge PMDs (CVE-2024-46787
bsc#1230815).
- commit a5d0a66
- PCI: xilinx-nwl: Clean up clock on probe failure/removal
(git-fixes).
- commit ace75db
- net: ip_tunnel: prevent perpetual headroom growth
(CVE-2024-26804 bsc#1222629).
- commit 7a0d3d3
- net: tunnels: annotate lockless accesses to dev->needed_headroom
(CVE-2024-26804 bsc#1222629).
- Refresh
patches.kabi/kabi-preserve-struct-header_ops-after-bsc-1176081-fi.patch.
- commit 4908ccc
- kabi: add __nf_queue_get_refs() for kabi compliance
(bsc#1229633,CVE-2022-48911).
- commit ffffe4c
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit c9290c8
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- commit a4946ef
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- commit 4ef1336
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- commit 7580f3e
- kABI fix for tipc: wait and exit until all work queues are done
(CVE-2021-47163 bsc#1221980).
- commit 685278e
- tipc: wait and exit until all work queues are done
(CVE-2021-47163 bsc#1221980).
- commit 60b5a40
- btrfs: handle errors from btrfs_dec_ref() properly (CVE-2024-46753 bsc#1230796)
- commit ab888f1
- net: bridge: xmit: make sure we have at least eth header len
bytes (CVE-2024-38538 bsc#1226606).
- commit 37ef8fc
- x86/kaslr: Expose and use the end of the physical memory
address space (bsc#1230405).
- commit 151c0a3
- Delete
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch.
This patch should have been only in kernel v5.11+, which is when
the double free issue was introduced.
- commit 92bb491
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (CVE-2024-46761 bsc#1230761)
- commit 0c20c64
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759 bsc#1230814)
- commit 8ed41b4
- Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745 bsc#1230748)
- commit 9508651
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738 bsc#1230731)
- commit 98e87d9
- tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783 bsc#1230810)
- commit f6705ba
- Update references in patches.suse/nvmet-tcp-fix-kernel-crash-if-commands-allocation-fa.patch (CVE-2024-46737 bsc#1230730)
- commit 91952f9
- nvmet: Identify-Active Namespace ID List command should reject
invalid nsid (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails
(git-fixes).
- commit 07a5a05
- net: fix use-after-free in tw_timer_handler (CVE-2021-46936
bsc#1220439).
- commit b2028df
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (CVE-2024-44982 bsc#1230204).
- commit 4f660ab
- drm/amdgpu: fix ucode out-of-bounds read warning (bsc#1230702 CVE-2024-46723)
- commit ff45869
- Update
patches.suse/nfc-nci-Fix-uninit-value-in-nci_rx_work.patch
(git-fixes CVE-2024-38381 bsc#1226878).
- Update
patches.suse/vfio-pci-fix-potential-memory-leak-in-vfio_intx_enab.patch
(git-fixes CVE-2024-38632 bsc#1226860).
Add CVE references.
- commit bd6ac3f
- PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750
bsc#1230783).
- commit 6d64b3d
- Squashfs: sanity check symbolic link size (bsc#1230747 CVE-2024-46744)
- commit 067cd70
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
(git-fixes).
- commit 36cf250
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks
(git-fixes).
- commit 13d7dfe
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- commit 4386caf
- powerpc/ppc-opcode: Add divde and divdeu opcodes (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add XER bits introduced in POWER ISA v3.0
(bsc#1230826 ltc#205848).
- commit 4de0867
- of/irq: Prevent device address out-of-bounds read in interrupt
map walk (CVE-2024-46743 bsc#1230756).
- commit 8403759
- driver: iio: add missing checks on iio_info's callback access
(CVE-2024-46715 bsc#1230700).
- commit f7336e3
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (CVE-2024-46685 bsc#1230515)
- commit e892b22
- usb: dwc3: core: Prevent USB core invalid event buffer address access (CVE-2024-46675 bsc#1230533)
- commit 9657973
- thunderbolt: Mark XDomain as unplugged when router is removed (CVE-2024-46702 bsc#1230589)
- commit 74749bb
- smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (CVE-2024-46686 bsc#1230517)
- commit 9cca3e0
- scsi: aacraid: Fix double-free on probe failure (CVE-2024-46673 bsc#1230506)
- commit b132ff0
- apparmor: fix possible NULL pointer dereference (CVE-2024-46721 bsc#1230710)
- commit 2b27b0b
- gtp: fix a potential NULL pointer dereference (CVE-2024-46677 bsc#1230549)
- commit b3221e1
- nfc: pn533: Add poll mod list filling check (CVE-2024-46676 bsc#1230535)
- commit 0ff9f28
- ethtool: check device is present when getting link settings (CVE-2024-46679 bsc#1230556).
- commit 34a40a8
- powerpc/sstep: Fix darn emulation (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix incorrect return from analyze_instr()
(bsc#1230826 ltc#205848).
- commit be8f831
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: fix 'ptesync' build error (bsc#1230826
ltc#205848).
- powerpc/sstep: Check instruction validity against ISA version
before emulation (bsc#1230826 ltc#205848).
- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1230826
ltc#205848).
- Refresh patches.suse/powerpc-Don-t-clobber-f0-vs0-during-fp-altivec-regis.patch
- powerpc/sstep: Add support for divde[.] and
divdeu[.] instructions (bsc#1230826 ltc#205848).
- powerpc/lib: fix redundant inclusion of quad.o (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for modsd, modud instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for modsw, moduw instructions
(bsc#1230826 ltc#205848).
- powerpc sstep: Add support for extswsli instruction (bsc#1230826
ltc#205848).
- powerpc sstep: Add support for cnttzw, cnttzd instructions
(bsc#1230826 ltc#205848).
- powerpc: sstep: Add support for darn instruction (bsc#1230826
ltc#205848).
- powerpc: sstep: Add support for maddhd, maddhdu, maddld
instructions (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-bpf-use-unsigned-division-instruction-for-64.patch
- powerpc/sstep: Fix kernel crash if VSX is not present
(bsc#1230826 ltc#205848).
- powerpc/sstep: Introduce GETTYPE macro (bsc#1230826 ltc#205848).
- powerpc/lib: Fix "integer constant is too large" build failure
(bsc#1230826 ltc#205848).
- powerpc/32: Move the inline keyword at the beginning of function
declaration (bsc#1230826 ltc#205848).
- powerpc/kprobes: Blacklist emulate_update_regs() from kprobes
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point shift instructions that
set CA32 (bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Fix fixed-point arithmetic instructions
that set CA32 (bsc#1230826 ltc#205848).
- powerpc/kprobes: Update optprobes to use emulate_update_regs()
(bsc#1230826 ltc#205848).
- powerpc: Fix handling of alignment interrupt on dcbz instruction
(bsc#1230826 ltc#205848).
- powerpc: Fix kernel crash in emulation of vector loads and
stores (bsc#1230826 ltc#205848).
- commit 41c7998
- md/raid5: avoid BUG_ON() while continue reshape after
reassembling (bsc#1229790, CVE-2024-43914).
- commit 2925547
- powerpc/lib/sstep: Fix count leading zeros instructions
(bsc#1230826 ltc#205848).
- powerpc/sstep: mullw should calculate a 64 bit signed result
(bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with mcrf (bsc#1230826 ltc#205848).
- powerpc/sstep: Fix issues with set_cr0() (bsc#1230826
ltc#205848).
- powerpc/sstep: Avoid used uninitialized error (bsc#1230826
ltc#205848).
- powerpc: Wrap register number correctly for string load/store
instructions (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating point as integer word
instructions (bsc#1230826 ltc#205848).
- powerpc: Use instruction emulation infrastructure to handle
alignment faults (bsc#1230826 ltc#205848).
- Refresh patches.suse/powerpc-Fix-check-for-copy-paste-instructions-in-ali.patch
- Update config files.
- powerpc: Separate out load/store emulation into its own function
(bsc#1230826 ltc#205848).
- powerpc: Handle opposite-endian processes in emulation code
(bsc#1230826 ltc#205848).
- powerpc: Set regs->dar if memory access fails in emulate_step()
(bsc#1230826 ltc#205848).
- powerpc: Emulate the dcbz instruction (bsc#1230826 ltc#205848).
- powerpc: Emulate load/store floating double pair instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate vector element load/store instructions
(bsc#1230826 ltc#205848).
- powerpc: Emulate FP/vector/VSX loads/stores correctly when
regs not live (bsc#1230826 ltc#205848).
- powerpc: Make load/store emulation use larger memory accesses
(bsc#1230826 ltc#205848).
- powerpc: Add emulation for the addpcis instruction (bsc#1230826
ltc#205848).
- powerpc: Don't update CR0 in emulation of popcnt, prty, bpermd
instructions (bsc#1230826 ltc#205848).
- powerpc: Fix emulation of the isel instruction (bsc#1230826
ltc#205848).
- powerpc/64: Fix update forms of loads and stores to write
64-bit EA (bsc#1230826 ltc#205848).
- powerpc: Handle most loads and stores in instruction emulation
code (bsc#1230826 ltc#205848).
- powerpc: Don't check MSR FP/VMX/VSX enable bits in
analyse_instr() (bsc#1230826 ltc#205848).
- powerpc: Change analyse_instr so it doesn't modify *regs
(bsc#1230826 ltc#205848).
- powerpc/lib/sstep: Add isel instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add prty instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add bpermd instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add popcnt instruction emulation (bsc#1230826
ltc#205848).
- powerpc/lib/sstep: Add cmpb instruction emulation (bsc#1230826
ltc#205848).
- commit 10b1c67
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 7a83511
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit a7c5ad6
- KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
(CVE-2024-46707 bsc#1230582).
- commit a6e55a2
- perf: Fix list corruption in perf_cgroup_switch() (bsc#1227953
CVE-2022-48799).
- commit 7c98d1e
- nvme-tcp: fix possible use-after-free in transport
error_recovery work (bsc#1228000 (CVE-2022-48789)).
- nvme: fix a possible use-after-free in controller reset during
load (bsc#1227941 (CVE-2022-48790)).
- commit 699f243
- x86/mtrr: Check if fixed MTRRs exist before saving them (bsc#1230174 CVE-2024-44948).
- commit c14b9b5
- nvme-rdma: fix possible use-after-free in transport
error_recovery work (bsc#1227952 (CVE-2022-48788)).
- commit 0f2b472
- Input: MT - limit max slots (CVE-2024-45008 bsc#1230248).
- commit 18c0fe4
- Refresh
patches.suse/media-cec-core-avoid-confusing-transmit-timed-out-me.patch.
Moved into sorted section to avoid false positives of the checker
- commit 6e68152
- media: vivid: avoid integer overflow (git-fixes).
- commit 2e17cad
- netlink: extend policy range validation
(prerequisite CVE-2024-42114 bsc#1228564).
- Refresh patches.kabi/netlink-nla_policy-kabi-workaround.patch.
- commit 1f2aeb8
- media: vivid: dev->bitmap_cap wasn't freed in all cases
(git-fixes).
- commit 249a367
- media: vivid: s_fbuf: add more sanity checks (git-fixes).
- commit de48b55
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- commit 0c654cd
- ipv6: prevent UAF in ip6_send_skb() (CVE-2024-44987 bsc#1230185)
- commit a6345f7
- gtp: pull network headers in gtp_dev_xmit() (CVE-2024-44999 bsc#1230233)
- commit 6133ce9
- powerpc: Remove support for PowerPC 601 (Remove unused and
malformed assembly causing build error).
- commit a186115
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
(git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in
hv_uio_rescind (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (git-fixes).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response
(git-fixes).
- commit 2c432a7
- profiling: fix shift too large makes kernel panic (git-fixes).
- commit 92e9109
- KVM: x86/mmu: make apf token non-zero to fix bug (CVE-2022-48943
bsc#1229645).
- commit 20aabb8
- media: dvb-usb-v2: af9035: fix missing unlock (CVE-2023-52915
bsc#1230270).
- commit 48622c6
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (CVE-2023-52915 bsc#1230270).
- commit a6997db
- usbnet: modern method to get random MAC (git-fixes).
- commit 26fa49e
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit f6a8914
- ACPI: EC: Avoid printing confusing messages in acpi_ec_setup()
(git-fixes).
- ACPI: EC: tweak naming in preparation for GpioInt support
(git-fixes).
- ACPI / EC: Clean up EC GPE mask flag (git-fixes).
- ACPI: EC: Fix an EC event IRQ storming issue (git-fixes).
- commit 9e80cf5
- Bluetooth: hci_core: Fix leaking sent_cmd skb (CVE-2022-48844 bsc#1228068)
- commit 33c7b67
- wifi: nl80211: disallow setting special AP channel widths (CVE-2024-43912 bsc#1229830)
- commit 3f6faef
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (CVE-2022-48791 bsc#1228002)
- commit 0f736ca
- scsi: pm80xx: Fix TMF task completion race condition (CVE-2022-48791 bsc#1228002)
- commit 47ce134
- ext4: sanity check for NULL pointer after ext4_force_shutdown
(bsc#1229753 CVE-2024-43898).
- commit d2ce48d
- udf: Avoid using corrupted block bitmap buffer (bsc#1229362
CVE-2024-42306).
- commit e9fe84a
- ext4: check dot and dotdot of dx_root before making dir indexed
(bsc#1229363 CVE-2024-42305).
- commit 1e9d591
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- commit 126ef02
- ACPI: video: Add new hw_changes_brightness quirk, set it on
PB Easynote MZ35 (git-fixes).
- ACPI: blacklist: fix clang warning for unused DMI table
(git-fixes).
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
(git-fixes).
- ACPI: SPCR: Consider baud rate 0 as preconfigured state
(git-fixes).
- ACPI: SPCR: work around clock issue on xgene UART (git-fixes).
- commit 18ef221
- ACPI: SPCR: Workaround for APM X-Gene 8250 UART 32-alignment
errata (git-fixes).
- Refresh
patches.suse/0001-tty-pl011-fix-initialization-order-of-QDF2400-E44.patch.
- commit 0985189
- serial: sc16is7xx: fix invalid FIFO access with special register
set (CVE-2024-44950 bsc#1230180).
- commit b162aad
- kabi fix for proc/mounts: add cursor (bsc#1207341).
- commit 1fada3d
- proc/mounts: add cursor (bsc#1207341).
- autofs4: use wait_event_killable (bsc#1207341).
- commit 1adc77e
- ALSA: line6: Fix racy access to midibuf (CVE-2024-44954
bsc#1230176).
- commit 899798d
- atm: idt77252: prevent use after free in dequeue_rx()
(CVE-2024-44998 bsc#1230171).
- driver core: Fix uevent_show() vs driver detach race
(CVE-2024-44952 bsc#1230178).
- commit c758c1a
- cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory (CVE-2021-47387 bsc#1225316)
- commit ce3e04b
- s390/sclp: Prevent release of buffer in I/O (bsc#1230200
CVE-2024-44969 git-fixes).
- commit 495f327
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
(CVE-2024-42114 bsc#1228564).
Refresh patches.kabi/netlink-nla_policy-kabi-workaround.patch.
- commit 9abf38c
- fuse: use unsigned type for getxattr/listxattr size truncation
(bsc#1230151).
- commit 3543834
- libzypp
-
- Url: queryparams without value should not have a trailing "=".
- version 16.22.15 (0)
- Url query part: `=` is a safe char in value (bsc#1234304)
Some CDN auth token implementations require a `=` within the
query parameters value not to be %-encoded.
- version 16.22.14 (0)
- python3-base
-
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-7592-quad-complex-cookies.patch (bsc#1229596,
CVE-2024-7592), which fixes quadratic complexity in parsing
"-quoted cookie values with backslashes by http.cookies.
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- ipvsadm
-
- fixed systemd service file to restore correct config file at
start (/etc/ipvsadm.rules) and do not break boot-time config
at stop (bsc#1013581).
- curl
-
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- ruby2.1
-
- Add CVE-2024-47220.patch (CVE-2024-47220) Fix HTTP request
smuggling (boo#1230930)
- vim
-
- Fix for bsc#1231373 / CVE-2024-47814.
- Fix for bsc#1229238 / CVE-2024-43374.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- Remove patch to fix bsc#1220618:
* vim-8.2.3607-revert-gtk3-code-removal.patch
- This patch introduced this bug that caused Vim to use significantly more CPU.
- yast2-network
-
- Honor the AutoYaST profile allowing to disable the IP check
(bsc#1216859).
- 3.4.12
- cloud-regionsrv-client
-
- Update to 10.3.7 (bsc#1232770)
+ Fix the product triplet for LTSS, it is always SLES-LTSS, not
$BASEPRODUCT-LTSS
- Update to 10.3.6 (jsc#PCT-471, bsc#1230615)
+ Fix sudo setup
~ permissions cloudguestregistryauth
~ directory ownership /etc/sudoers.d
+ spec file
~ Remove traces of registry related entries on SLE 12
+ Forward port
~ fix-for-sles12-disable-registry.patch
~ fix-for-sles12-no-trans_update.patch
+ Deregister non free extensions at registercloudguest --clean
+ Fix registry cleanup at registercloudguest --clean, don't remove files
+ Prevent duplicate search entries in registry setup
- Update EC2 plugin to 1.0.5
+ Switch to using the region endpoint from IMDS to determine the region
instead of deriving the data from the availability zone
- Update to 10.3.5
+ Update spec file to build in all code streams,
SLE 12, SLE 15, ALP, and SLFO and have proper dependencies
- apparmor
-
- Add apparmor-fix-ping6-denied.patch to allow ping to use
IPv6 RAW sockets ( bsc#1230541 ).
- release-notes-sles
-
- 12.5.20241206 (tracked in bsc#933411)
- Added note about openJDK 11 support status (bsc#1233970)
- 12.5.20241014 (tracked in bsc#933411)
- Added note about openSSH 8.4 (bsc#1222298)
- Added note about unsupported hibernate/suspend on Xen (bsc#1214405)
- Added note about chrony 4.1 (jsc#SLE-22248)
- Added note about adcli --dont-expire-password (jsc#SLE-21223)
- Added note about sudo -U -l restriction (jsc#SLE-22569)
- Added note about nodejs16 addition (jsc#SLE-21234)
- Added note about rsyslog 8.2106 (jsc#SLE-21522)
- Added note about tcl 8.6.12 (jsc#SLE-21015)
- Added note about sudo 1.8.27 update (jsc#SLE-17083)
- Added note about unsupported modules (jsc#PED-8089)
- sudo
-
- Fix a regression in -P handling cased by fix for CVE-2021-3156
Fix provided by Brahmajit Das [bsc#1234371]
* sudo-CVE-2021-3156.patch updated
- gcc13
-
- Add gcc13-pr116657.patch to fix for parsing tzdata 2024b [gcc#116657]
- resource-agents
-
- Python2-incompatible code in resource-agents (azure-events-az.in)
(bsc#1233026)
Adapt upstream patch:
0001-azure-events-az-update-to-API-versions-add-retry-fun.patch
- glib2
-
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).