- 000release-packages:SLES_SAP-release
-
n/a
- bash
-
- Add patch bsc1245199.patch
* Fix histfile missing timestamp for the oldest record (bsc#1245199)
- bind
-
- Security Fixes:
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379, bind-9.16-CVE-2025-40778.patch]
* Cache-poisoning due to weak pseudo-random number generator.
[CVE-2025-40780, bsc#1252380, bind-9.16-CVE-2025-40780.patch]
- binutils
-
- Update to current 2.45 branch at 94cb1c075 to include fix
for PR33584 (a problem related to LTO vs fortran COMMON
blocks).
- Amend binutils-compat-old-behaviour.diff to not enable
'-z gcs=implicit' on aarch64 for old codestreams.
- Update to version 2.45:
* New versioned release of libsframe.so.2
* s390: tools now support SFrame format 2; recognize "z17" as CPU
name [bsc#1247105, jsc#IBM-1485]
* sframe sections are now of ELF section type SHT_GNU_SFRAME.
* sframe secions generated by the assembler have
SFRAME_F_FDE_FUNC_START_PCREL set.
* riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0,
Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0,
ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0,
sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0,
zclsd v1.0, smrnmi v1.0;
vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
T-Head: xtheadvdot v1.0;
MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
* Support RISC-V privileged version 1.13, profiles 20/22/23, and
.bfloat16 directive.
* x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS,
AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
Drop support for AVX10.2 256 bit rounding.
* arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and
extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui',
'+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2',
'+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
* Predefined symbols "GAS(version)" and, on non-release builds, "GAS(date)"
are now being made available.
* Add .errif and .warnif directives.
* linker:
- Add --image-base=<ADDR> option to the ELF linker to behave the same
as -Ttext-segment for compatibility with LLD.
- Add support for mixed LTO and non-LTO codes in relocatable output.
- s390: linker generates .eh_frame and/or .sframe for linker
generated .plt sections by default (can be disabled
by --no-ld-generated-unwind-info).
- riscv: add new PLT formats, and GNU property merge rules for zicfiss
and zicfilp extensions.
- gold is no longer included
- Contains fixes for these non-CVEs (not security bugs per upstreams
SECURITY.md):
* bsc#1236632 aka CVE-2025-0840 aka PR32560
* bsc#1236977 aka CVE-2025-1149 aka PR32576
* bsc#1236978 aka CVE-2025-1148 aka PR32576
* bsc#1236999 aka CVE-2025-1176 aka PR32636
* bsc#1237000 aka CVE-2025-1153 aka PR32603
* bsc#1237001 aka CVE-2025-1152 aka PR32576
* bsc#1237003 aka CVE-2025-1151 aka PR32576
* bsc#1237005 aka CVE-2025-1150 aka PR32576
* bsc#1237018 aka CVE-2025-1178 aka PR32638
* bsc#1237019 aka CVE-2025-1181 aka PR32643
* bsc#1237020 aka CVE-2025-1180 aka PR32642
* bsc#1237021 aka CVE-2025-1179 aka PR32640
* bsc#1237042 aka CVE-2025-1182 aka PR32644
* bsc#1240870 aka CVE-2025-3198 aka PR32716
* bsc#1243756 aka CVE-2025-5244 aka PR32858
* bsc#1243760 aka CVE-2025-5245 aka PR32829
* bsc#1246481 aka CVE-2025-7545 aka PR33049
* bsc#1246486 aka CVE-2025-7546 aka PR33050
* bsc#1247114 aka CVE-2025-8224 aka PR32109
* bsc#1247117 aka CVE-2025-8225 no PR
- Add these backport patches:
* pr32556.diff for bsc#1236976 aka CVE-2025-1147 aka PR32556
* pr33457.diff for bsc#1250632 aka CVE-2025-11083 aka PR33457
* pr33452.diff for bsc#1251275 aka CVE-2025-11412 aka PR33452
* pr33456.diff and pr33456-2.diff for bsc#1251276 aka CVE-2025-11413
aka PR33456
* pr33450.diff for bsc#1251277 aka CVE-2025-11414 aka PR33450
* pr33499.diff for bsc#1251794 aka CVE-2025-11494 aka PR33499
* pr33502.diff for bsc#1251795 aka CVE-2025-11495 aka PR33502
- Adjust binutils-disable-code-arch-error.diff,
binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff,
binutils-revert-rela.diff, binutils-skip-rpaths.patch
- Remove pr33029.patch (upstreamed), enable-targets-gold.diff (obsolete),
binutils-2.43.tar.bz2.sig, binutils-2.43.tar.bz2,
binutils-2.43-branch.diff.gz
- Add binutils-2.45.tar.bz2.sig, binutils-2.45.tar.bz2,
binutils-2.45-branch.diff.gz
- Rename binutils-fix-branch.diff to binutils-fix-branch.diff.templ
as long as its empty.
- Skip PGO with %want_reproducible_builds (boo#1040589)
- pr33029.patch: Fix crash in assembler with -gdwarf-5
- Drop aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size
- Add -std=gnu17 to move gcc15 forward, as temporary measure until
the binutils version can be updated [bsc#1241916].
- Do not build binutils-gold for SLFO.
- Enable multitarget build on loongarch64
- Unset SUSE_ZNOW while running testsuite, many tests cannot cope
- chrony
-
- bsc#1246544: Fix racy socket creation
* Add chrony-unix-socket.patch
* Add chrony-remove-chmod.patch
- Use make quickcheck to speedup build.
- cifs-utils
-
- Add patches:
* 0001-cifs-utils-Skip-TGT-check-if-valid-service-ticket-is.patch (bsc#1248816)
* 0001-setcifsacl-fix-memory-allocation-for-struct-cifs_ace.patch
* 0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
* 0001-cifs-utils-avoid-using-mktemp-when-updating-mtab.patch
* 0001-cifs-utils-add-documentation-for-upcall_target.patch
* 0001-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch
- kernel-default
-
- scsi: storvsc: Prefer returning channel with the same CPU as
on the I/O issuing CPU (bsc#1252267).
- uio_hv_generic: Let userspace take care of interrupt mask
(CVE-2025-40048 bsc#1252862).
- commit 730af65
- sctp: Fix MAC comparison to be constant-time (CVE-2025-40204
bsc#1253436).
- commit 7866d14
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
(CVE-2025-40121 bsc#1253367).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
(CVE-2025-40154 bsc#1253431).
- commit 39cbf10
- Fix type signess in fbcon_set_font() (bsc#1252033)
The backport from bsc#1252033 failed because check_mul_overflow()
did not handle differences in type signs. Use unsigned types for
all calculations. Input arguments are unsigned anyway.
- commit e09ed3e
- scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676).
- commit 85b8224
- mm/ksm: fix flag-dropping behavior in ksm_madvise
(CVE-2025-40040 bsc#1252780).
- commit ef78c42
- KVM: arm64: Prevent access to vCPU events before init
(bsc#1252919 CVE-2025-40102).
- commit 760ca7b
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
(bsc#1252904 CVE-2025-40088).
- commit 438a073
- Fixup build warning
patches.suse/udf-fix-uninit-value-use-in-udf_get_fileshortad.patch.
Refresh
patches.suse/fs-udf-fix-OOB-read-in-lengthAllocDescs-handling.patch
- commit df1ebe7
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- commit 0f034b6
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1252785
CVE-2025-40044).
- commit 0ec48de
- fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785 CVE-2025-40044).
- commit 2bd18d3
- pnode: terminate at peers of source (CVE-2022-50280 bsc#1249806)
- commit e4cf85f
- Update
patches.suse/0032-blk-throttle-prevent-overflow-while-calculating-wait-time.patch
(git-fixes CVE-2022-50580 bsc#1252542).
- Update
patches.suse/0044-dm-thin-Fix-UAF-in-run_timer_softirq.patch
(git-fixes CVE-2022-50563 bsc#1252480).
- Update
patches.suse/ACPI-x86-s2idle-Catch-multiple-ACPI_TYPE_PACKAGE-obj.patch
(git-fixes CVE-2023-53708 bsc#1252537).
- Update
patches.suse/ASoC-audio-graph-card-fix-refcount-leak-of-cpu_ep-in.patch
(git-fixes CVE-2022-50572 bsc#1252526).
- Update patches.suse/NFS-Fix-a-potential-data-corruption.patch
(bsc#1211162 CVE-2023-53711 bsc#1252536).
- Update
patches.suse/USB-gadget-Fix-the-memory-leak-in-raw_gadget-driver.patch
(git-fixes CVE-2023-53693 bsc#1252489).
- Update
patches.suse/arm64-csum-Fix-OoB-access-in-IP-checksum-code-for-ne.patch
(git-fixes CVE-2023-53726 bsc#1252565).
- Update
patches.suse/arm64-ftrace-fix-module-PLTs-with-mcount.patch
(git-fixes CVE-2022-50579 bsc#1252521).
- Update
patches.suse/blk-iocost-use-spin_lock_irqsave-in-adjust_inuse_and.patch
(bsc#1214992 CVE-2023-53730 bsc#1252495).
- Update
patches.suse/class-fix-possible-memory-leak-in-__class_register.patch
(git-fixes CVE-2022-50578 bsc#1252519).
- Update
patches.suse/clk-imx-clk-imx8mp-improve-error-handling-in-imx8mp_.patch
(git-fixes CVE-2023-53704 bsc#1252490).
- Update
patches.suse/clk-imx-scu-fix-memleak-on-platform_device_add-fails.patch
(git-fixes CVE-2022-50559 bsc#1252535).
- Update
patches.suse/clocksource-drivers-cadence-ttc-Fix-memory-leak-in-t.patch
(git-fixes CVE-2023-53725 bsc#1252492).
- Update
patches.suse/drm-Fix-potential-null-ptr-deref-due-to-drmm_mode_co.patch
(git-fixes CVE-2022-50556 bsc#1252529).
- Update
patches.suse/drm-amdgpu-disable-sdma-ecc-irq-only-when-sdma-RAS-i.patch
(git-fixes CVE-2023-53723 bsc#1252634).
- Update
patches.suse/drm-meson-explicitly-remove-aggregate-driver-at-modu.patch
(git-fixes CVE-2022-50560 bsc#1252568).
- Update patches.suse/drm-omap-dss-Fix-refcount-leak-bugs.patch
(git-fixes CVE-2022-50574 bsc#1252516).
- Update
patches.suse/ext4-fix-use-after-free-read-in-ext4_find_extent-for.patch
(bsc#1213098 CVE-2023-53692 bsc#1252515).
- Update
patches.suse/fs-jfs-fix-shift-out-of-bounds-in-dbAllocAG.patch
(git-fixes CVE-2022-50567 bsc#1252486).
- Update patches.suse/hfs-fix-OOB-Read-in-__hfs_brec_find.patch
(git-fixes CVE-2022-50581 bsc#1252549).
- Update
patches.suse/iio-fix-memory-leak-in-iio_device_register_eventset.patch
(git-fixes CVE-2022-50561 bsc#1252474).
- Update
patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch
(git-fixes CVE-2023-53722 bsc#1252499).
- Update
patches.suse/media-max9286-Fix-memleak-in-max9286_v4l2_register.patch
(git-fixes CVE-2023-53700 bsc#1252522).
- Update
patches.suse/mfd-pcf50633-adc-Fix-potential-memleak-in-pcf50633_a.patch
(git-fixes CVE-2023-53724 bsc#1252497).
- Update
patches.suse/mtd-Fix-device-name-leak-when-register-device-failed.patch
(git-fixes CVE-2022-50566 bsc#1252484).
- Update
patches.suse/platform-chrome-fix-memory-corruption-in-ioctl.patch
(git-fixes CVE-2022-50570 bsc#1252475).
- Update
patches.suse/regulator-core-Prevent-integer-underflow.patch
(git-fixes CVE-2022-50582 bsc#1252476).
- Update
patches.suse/ring-buffer-Do-not-swap-cpu_buffer-during-resize-process.patch
(git-fixes CVE-2023-53718 bsc#1252564).
- Update
patches.suse/ring-buffer-Handle-race-between-rb_move_tail-and-rb_check_pages.patch
(git-fixes CVE-2023-53709 bsc#1252532).
- Update
patches.suse/s390-netiucv-Fix-return-type-of-netiucv_tx.patch
(git-fixes bsc#1211692 CVE-2022-50564 bsc#1252538).
- Update
patches.suse/scsi-qla2xxx-Fix-memory-leak-in-qla2x00_probe_one.patch
(git-fixes CVE-2023-53696 bsc#1252513).
- Update
patches.suse/scsi-ses-Fix-possible-addl_desc_ptr-out-of-bounds-accesses.patch
(git-fixes CVE-2023-7324 bsc#1252893).
- Update
patches.suse/serial-arc_uart-fix-of_iomap-leak-in-arc_serial_prob.patch
(git-fixes CVE-2023-53719 bsc#1252501).
- Update
patches.suse/serial-pch-Fix-PCI-device-refcount-leak-in-pch_reque.patch
(git-fixes CVE-2022-50576 bsc#1252508).
- Update
patches.suse/tpm-acpi-Call-acpi_put_table-to-fix-memory-leak.patch
(git-fixes CVE-2022-50562 bsc#1252528).
- Update
patches.suse/udf-Detect-system-inodes-linked-into-directory-hiera.patch
(bsc#1213114 CVE-2023-53695 bsc#1252539).
- Update
patches.suse/usb-gadget-f_hid-fix-f_hidg-lifetime-vs-cdev.patch
(git-fixes CVE-2022-50568 bsc#1252523).
- Update
patches.suse/wifi-ath9k-Fix-potential-stack-out-of-bounds-write-i.patch
(git-fixes CVE-2023-53717 bsc#1252560).
- Update
patches.suse/wifi-brcmfmac-cfg80211-Pass-the-PMK-in-binary-instea.patch
(git-fixes CVE-2023-53715 bsc#1252545).
- Update
patches.suse/xen-privcmd-Fix-a-possible-warning-in-privcmd_ioctl_.patch
(git-fixes CVE-2022-50575 bsc#1252509).
- Update
patches.suse/xfrm-xfrm_alloc_spi-shouldn-t-use-0-as-SPI.patch
(CVE-2025-39797 bsc#1249608 CVE-2025-39965 bsc#1251967).
- commit a20baaf
- cnic: Fix use-after-free bugs in cnic_delete_task
(CVE-2025-39945 bsc#1251230).
- commit cf588ad
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- commit 9b4c3c9
- fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033 CVE-2025-39967)
- commit 1b6fabe
- ipv6: Fix out-of-bounds access in ipv6_find_tlv()
(CVE-2023-53705 bsc#1252554).
- commit 687e17e
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
(CVE-2025-40018 bsc#1252688).
- commit c7af0e8
- i40e: add max boundary check for VF filters (CVE-2025-39968
bsc#1252047).
- i40e: add validation for ring_len param (CVE-2025-39973
bsc#1252035).
- commit 633f8e2
- Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898"
This reverts commit 379b618bf55370d4841c5198a0b5f351835122f9.
- commit e1cd1f0
- Revert "Refresh"
This reverts commit 9ad8cd50b6445581168619320b0c733a628c00ff.
- commit 329ba12
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
(CVE-2025-39978 bsc#1252069).
- commit 54a21ef
- ip_vti: fix potential slab-use-after-free in decode_session6
(CVE-2023-53559 bsc#1251052).
- commit 0ec7a1a
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
- commit 784eeba
- hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
(CVE-2022-50334 bsc#1249857).
- commit 706d0a6
- Refresh
patches.suse/e1000e-fix-heap-overflow-in-e1000_set_eeprom.patch.
Fix the following warning:
drivers/net/ethernet/intel/e1000e/ethtool.c: In function 'e1000_set_eeprom':
include/linux/overflow.h:61:15: warning: comparison of distinct pointer types lacks a cast
drivers/net/ethernet/intel/e1000e/ethtool.c:575:6: note: in expansion of macro 'check_add_overflow'
- commit 9ad8cd5
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in
commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d
("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards).
Update the documentation to reflect this change.
- commit f42ecf5
- ip6mr: Fix skb_under_panic in ip6mr_cache_report()
(CVE-2023-53365 bsc#1249988).
- commit fe685ad
- mm: avoid unnecessary page fault retires on shared memory types
(bsc#1251823).
- commit fe04619
- Update
patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-failur-80fc.patch
(git-fixes CVE-2023-53681 bsc#1251769).
- Update
patches.suse/dm-integrity-call-kmem_cache_destroy-in-dm_integrity-6b79.patch
(git-fixes CVE-2023-53604 bsc#1251210).
- Update
patches.suse/null_blk-Always-check-queue-mode-setting-from-config-63f8.patch
(git-fixes CVE-2023-53576 bsc#1251064).
- commit 073fcdc
- Update patches.suse/0046-dm-cache-Fix-UAF-in-destroy.patch
(git-fixes CVE-2022-50496 bsc#1251091).
- Update
patches.suse/0048-dm-thin-Fix-ABBA-deadlock-between-shrink_slab-and-dm_pool_abort_metadata.patch
(git-fixes CVE-2022-50549 bsc#1251550).
- Update
patches.suse/0052-dm-thin-Use-last-transaction-s-pmd-root-when-commit-failed.patch
(git-fixes CVE-2022-50534 bsc#1251292).
- Update
patches.suse/0053-block-bfq-fix-possible-uaf-for-bfqq-bic.patch
(git-fixes CVE-2022-50488 bsc#1251201).
- Update
patches.suse/ALSA-ac97-Fix-possible-NULL-dereference-in-snd_ac97_.patch
(git-fixes CVE-2023-53648 bsc#1251750).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-memory-leaks.patch
(git-fixes CVE-2022-50484 bsc#1251115).
- Update
patches.suse/ALSA-ymfpci-Fix-BUG_ON-in-probe-function.patch
(git-fixes CVE-2023-53607 bsc#1251136).
- Update
patches.suse/ARM-dts-exynos-Use-Exynos5420-compatible-for-the-MIP.patch
(git-fixes CVE-2023-53542 bsc#1251154).
- Update
patches.suse/ASoC-lpass-Fix-for-KASAN-use_after_free-out-of-bound.patch
(git-fixes CVE-2023-53640 bsc#1251327).
- Update
patches.suse/IB-mad-Don-t-call-to-function-that-might-sleep-while-in-atomic-context.patch
(git-fixes CVE-2022-50472 bsc#1251101).
- Update
patches.suse/Input-exc3000-properly-stop-timer-on-shutdown.patch
(git-fixes CVE-2023-53651 bsc#1251753).
- Update
patches.suse/Input-raspberrypi-ts-fix-refcount-leak-in-rpi_ts_pro.patch
(git-fixes CVE-2023-53533 bsc#1251080).
- Update
patches.suse/NFSD-Avoid-calling-OPDESC-with-ops-opnum-OP_ILLEGAL.patch
(git-fixes CVE-2023-53680 bsc#1251767).
- Update
patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv3-Rdir.patch
(bsc#1205128 CVE-2022-43945 CVE-2022-50487 bsc#1251208).
- Update
patches.suse/RDMA-core-Make-sure-ib_port-is-valid-when-access-sys.patch
(git-fixes CVE-2022-50475 bsc#1251104).
- Update
patches.suse/binfmt_misc-fix-shift-out-of-bounds-in-check_special.patch
(git-fixes CVE-2022-50497 bsc#1251223).
- Update
patches.suse/blk-mq-fix-null-pointer-dereference-in-blk_mq_clear_.patch
(bsc#1217366 CVE-2022-50530 bsc#1251299).
- Update
patches.suse/cifs-fix-mid-leak-during-reconnection-after-timeout-threshold.patch
(git-fixes CVE-2023-53597 bsc#1251159).
- Update
patches.suse/clk-Fix-memory-leak-in-devm_clk_notifier_register.patch
(git-fixes CVE-2023-53674 bsc#1251764).
- Update
patches.suse/clk-imx-scu-use-_safe-list-iterator-to-avoid-a-use-a.patch
(git-fixes CVE-2023-53572 bsc#1251027).
- Update
patches.suse/clk-rockchip-Fix-memory-leak-in-rockchip_clk_registe.patch
(git-fixes CVE-2022-50523 bsc#1251306).
- Update
patches.suse/dmaengine-ti-k3-udma-Reset-UDMA_CHAN_RT-byte-counter.patch
(git-fixes CVE-2022-50541 bsc#1251519).
- Update
patches.suse/driver-core-fix-resource-leak-in-device_add.patch
(git-fixes CVE-2023-53594 bsc#1251166).
- Update patches.suse/drm-amd-display-Fix-memory-leakage.patch
(git-fixes CVE-2023-53605 bsc#1251149).
- Update
patches.suse/drm-amd-display-Fix-potential-null-deref-in-dm_resum.patch
(git-fixes CVE-2022-50535 bsc#1251331).
- Update patches.suse/drm-amdkfd-Fix-memory-leakage.patch
(git-fixes CVE-2022-50528 bsc#1251303).
- Update
patches.suse/drm-i915-Make-intel_get_crtc_new_encoder-less-oopsy.patch
(git-fixes CVE-2023-53571 bsc#1251032).
- Update
patches.suse/drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch
(git-fixes CVE-2023-53625 bsc#1251324).
- Update
patches.suse/drm-i915-mark-requests-for-GuC-virtual-engines-to-av.patch
(git-fixes CVE-2023-53552 bsc#1251065).
- Update
patches.suse/drm-mediatek-mtk_drm_crtc-Add-checks-for-devm_kcallo.patch
(git-fixes CVE-2023-53534 bsc#1251082).
- Update
patches.suse/drm-mipi-dsi-Detach-devices-when-removing-the-host.patch
(git-fixes CVE-2022-50489 bsc#1251169).
- Update
patches.suse/drm-msm-fix-use-after-free-on-probe-deferral.patch
(git-fixes CVE-2022-50492 bsc#1251087).
- Update
patches.suse/drm-radeon-Fix-PCI-device-refcount-leak-in-radeon_at.patch
(git-fixes CVE-2022-50520 bsc#1251310).
- Update patches.suse/eth-alx-take-rtnl_lock-on-resume.patch
(git-fixes CVE-2022-50498 bsc#1251092).
- Update
patches.suse/ext4-add-EXT4_IGET_BAD-flag-to-prevent-unexpected-ba.patch
(bsc#1207619 CVE-2022-50485 bsc#1251197).
- Update
patches.suse/ext4-fix-memory-leaks-in-ext4_fname_-setup_filename-.patch
(bsc#1214954 CVE-2023-53662 bsc#1251282).
- Update
patches.suse/ext4-fix-possible-double-unlock-when-moving-a-direct.patch
(bsc#1210763 CVE-2023-53626 bsc#1251775).
- Update
patches.suse/ext4-fix-potential-memory-leak-in-ext4_fc_record_reg.patch
(bsc#1207612 CVE-2022-50512 bsc#1251296).
- Update
patches.suse/ext4-fix-uninititialized-value-in-ext4_evict_inode.patch
(bsc#1206893 CVE-2022-50546 bsc#1251723).
- Update
patches.suse/fbdev-omapfb-lcd_mipid-Fix-an-error-handling-path-in.patch
(git-fixes CVE-2023-53650 bsc#1251283).
- Update
patches.suse/firmware-raspberrypi-fix-possible-memory-leak-in-rpi.patch
(git-fixes CVE-2022-50537 bsc#1251294).
- Update
patches.suse/fs-hfsplus-remove-WARN_ON-from-hfsplus_cat_-read-write-_inode.patch
(git-fixes CVE-2023-53683 bsc#1251329).
- Update
patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_options.patch
(git-fixes CVE-2023-53622 bsc#1251777).
- Update patches.suse/gpio-mvebu-fix-irq-domain-leak.patch
(git-fixes CVE-2023-53579 bsc#1251170).
- Update
patches.suse/gpio-sifive-Fix-refcount-leak-in-sifive_gpio_probe.patch
(git-fixes CVE-2023-53592 bsc#1251147).
- Update
patches.suse/hwmon-coretemp-Simplify-platform-device-handling.patch
(git-fixes CVE-2023-53612 bsc#1251218).
- Update
patches.suse/iavf-Fix-out-of-bounds-when-setting-channels-on-remo.patch
(git-fixes CVE-2023-53659 bsc#1251247).
- Update patches.suse/iavf-Fix-use-after-free-in-free_netdev.patch
(git-fixes CVE-2023-53556 bsc#1251059).
- Update
patches.suse/iommu-amd-Fix-pci-device-refcount-leak-in-ppr_notifier
(git-fixes CVE-2022-50505 bsc#1251086).
- Update
patches.suse/iommu-fsl_pamu-Fix-resource-leak-in-fsl_pamu_probe
(git-fixes CVE-2022-50525 bsc#1251302).
- Update
patches.suse/iommu-vt-d-Clean-up-si_domain-in-the-init_dmars-error-path
(git-fixes CVE-2022-50482 bsc#1251133).
- Update patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch
(git-fixes CVE-2023-53611 bsc#1251123).
- Update
patches.suse/jfs-fix-invalid-free-of-JFS_IP-ipimap-i_imap-in-diUnmount.patch
(git-fixes CVE-2023-53616 bsc#1251215).
- Update
patches.suse/lib-fonts-fix-undefined-behavior-in-bit-shift-for-ge.patch
(git-fixes CVE-2022-50511 bsc#1251527).
- Update
patches.suse/media-coda-Add-check-for-dcoda_iram_alloc.patch
(git-fixes CVE-2022-50501 bsc#1251099).
- Update patches.suse/media-coda-Add-check-for-kmalloc.patch
(git-fixes CVE-2022-50509 bsc#1251522).
- Update
patches.suse/media-dvb-core-Fix-double-free-in-dvb_register_devic.patch
(git-fixes CVE-2022-50499 bsc#1251093).
- Update
patches.suse/media-i2c-ov772x-Fix-memleak-in-ov772x_probe.patch
(git-fixes CVE-2023-53637 bsc#1251326).
- Update patches.suse/media-radio-shark-Add-endpoint-checks.patch
(git-fixes CVE-2023-53644 bsc#1251736).
- Update
patches.suse/media-si470x-Fix-use-after-free-in-si470x_int_in_cal.patch
(git-fixes CVE-2022-50542 bsc#1251330).
- Update
patches.suse/memory-pl353-smc-Fix-refcount-leak-bug-in-pl353_smc_.patch
(git-fixes CVE-2022-50480 bsc#1251047).
- Update
patches.suse/msft-hv-2831-HID-hyperv-avoid-struct-memcpy-overrun-warning.patch
(git-fixes CVE-2023-53553 bsc#1251068).
- Update
patches.suse/mtd-lpddr2_nvm-Fix-possible-null-ptr-deref.patch
(git-fixes CVE-2022-50503 bsc#1251097).
- Update
patches.suse/mtd-rawnand-brcmnand-Fix-potential-out-of-bounds-acc.patch
(git-fixes CVE-2023-53541 bsc#1251043).
- Update
patches.suse/net-cdc_ncm-Deal-with-too-low-values-of-dwNtbOutMaxS.patch
(git-fixes CVE-2023-53667 bsc#1251761).
- Update
patches.suse/net-usbnet-Fix-WARNING-in-usbnet_start_xmit-usb_subm.patch
(git-fixes CVE-2023-53548 bsc#1251066).
- Update
patches.suse/netfilter-nft_set_rbtree-fix-null-deref-on-element-inserti.patch
(CVE-2023-52923 bsc#1236104 CVE-2023-53566 bsc#1251040).
- Update
patches.suse/nilfs2-fix-potential-UAF-of-struct-nilfs_sc_info-in-.patch
(git-fixes CVE-2023-53608 bsc#1251178).
- Update
patches.suse/nilfs2-fix-shift-out-of-bounds-overflow-in-nilfs_sb2.patch
(git-fixes CVE-2022-50478 bsc#1251200).
- Update
patches.suse/nilfs2-replace-WARN_ONs-by-nilfs_error-for-checkpoin.patch
(git-fixes CVE-2022-50519 bsc#1251295).
- Update patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch
(git-fixes CVE-2023-53670 bsc#1251762).
- Update
patches.suse/ocfs2-fix-defrag-path-triggering-jbd2-ASSERT.patch
(git-fixes CVE-2023-53564 bsc#1251072).
- Update
patches.suse/platform-x86-dell-sysman-Fix-reference-leak.patch
(git-fixes CVE-2023-53631 bsc#1251529).
- Update
patches.suse/platform-x86-mxm-wmi-fix-memleak-in-mxm_wmi_call_mx-.patch
(git-fixes CVE-2022-50521 bsc#1251312).
- Update
patches.suse/powerpc-rtas-avoid-scheduling-in-rtas_os_term.patch
(bsc#1065729 CVE-2022-50504 bsc#1251182).
- Update patches.suse/r6040-Fix-kmemleak-in-probe-and-remove.patch
(git-fixes CVE-2022-50545 bsc#1251285).
- Update
patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace_pipe.patch
(git-fixes CVE-2023-53668 bsc#1251286).
- Update
patches.suse/ring-buffer-Sync-IRQ-works-before-buffer-destruction.patch
(git-fixes CVE-2023-53587 bsc#1251128).
- Update
patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch
(git-fixes bsc#1215148 CVE-2023-53568 bsc#1251035).
- Update
patches.suse/scsi-mpt3sas-Fix-possible-resource-leaks-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2022-50532 bsc#1251300).
- Update
patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch
(bsc#1213747 CVE-2023-53603 bsc#1251180).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-when-I-O-abort-times-out.patch
(jsc#PED-568 CVE-2022-50493 bsc#1251088).
- Update
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch
(bsc#1213747 CVE-2023-53615 bsc#1251113).
- Update
patches.suse/scsi-ses-Fix-possible-desc_ptr-out-of-bounds-accesses.patch
(git-fixes CVE-2023-53675 bsc#1251325).
- Update
patches.suse/soc-aspeed-socinfo-Add-kfree-for-kstrdup.patch
(git-fixes CVE-2023-53617 bsc#1251268).
- Update
patches.suse/spi-bcm-qspi-return-error-if-neither-hif_mspi-nor-ms.patch
(git-fixes CVE-2023-53658 bsc#1251759).
- Update
patches.suse/spi-qup-Don-t-skip-cleanup-in-remove-s-error-path.patch
(git-fixes CVE-2023-53567 bsc#1251034).
- Update
patches.suse/staging-ks7010-potential-buffer-overflow-in-ks_wlan_.patch
(git-fixes CVE-2023-53554 bsc#1251057).
- Update
patches.suse/staging-rtl8723bs-fix-a-potential-memory-leak-in-rtw.patch
(git-fixes CVE-2022-50513 bsc#1251730).
- Update
patches.suse/test_firmware-fix-memory-leak-in-test_firmware_init.patch
(git-fixes CVE-2022-50529 bsc#1251298).
- Update
patches.suse/thermal-intel_powerclamp-Use-get_cpu-instead-of-smp_.patch
(git-fixes CVE-2022-50494 bsc#1251173).
- Update
patches.suse/tracing-hist-Fix-out-of-bound-write-on-action_data.var_ref_idx.patch
(git-fixes CVE-2022-50553 bsc#1251281).
- Update
patches.suse/tracing-histograms-Add-histograms-to-hist_vars-if-they-have-referenced-variables.patch
(git-fixes CVE-2023-53560 bsc#1251045).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c24xx_-832e231cff47.patch
(git-fixes CVE-2023-53687 bsc#1251772).
- Update
patches.suse/usb-gadget-f_hid-fix-refcount-leak-on-error-path.patch
(git-fixes CVE-2022-50514 bsc#1251737).
- Update
patches.suse/usb-gadget-u_serial-Add-null-pointer-check-in-gseria.patch
(git-fixes CVE-2023-53551 bsc#1251063).
- Update
patches.suse/usb-host-xhci-Fix-potential-memory-leak-in-xhci_allo.patch
(git-fixes CVE-2022-50544 bsc#1251725).
- Update
patches.suse/wifi-ath6kl-reduce-WARN-to-dev_dbg-in-callback.patch
(git-fixes CVE-2023-53639 bsc#1251521).
- Update
patches.suse/wifi-ath9k-hif_usb-fix-memory-leak-of-remain_skbs.patch
(git-fixes CVE-2023-53641 bsc#1251728).
- Update
patches.suse/wifi-brcmfmac-Fix-potential-shift-out-of-bounds-in-b.patch
(git-fixes CVE-2022-50551 bsc#1251322).
- Update
patches.suse/wifi-brcmfmac-ensure-CLM-version-is-null-terminated-.patch
(git-fixes CVE-2023-53582 bsc#1251061).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-trust-firmware-n_channels.patch
(git-fixes CVE-2023-53589 bsc#1251129).
- Update patches.suse/wifi-mt7601u-fix-an-integer-underflow.patch
(git-fixes CVE-2023-53679 bsc#1251785).
- Update patches.suse/xen-gntdev-Accommodate-VMA-splitting.patch
(git-fixes CVE-2022-50471 bsc#1251110).
- Update
patches.suse/xhci-Remove-device-endpoints-from-bandwidth-list-whe.patch
(git-fixes CVE-2022-50470 bsc#1251202).
- commit 043e2c3
- netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
(CVE-2023-53619 bsc#1251743).
- commit 7ac9023
- xfrm: fix slab-use-after-free in decode_session6 (CVE-2023-53500
bsc#1250816).
- commit a6d416d
- e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898
bsc#1250742).
- commit 379b618
- Refresh
patches.suse/netfilter-nf_tables-reject-duplicate-device-on-updates.patch.
Fix warning:
* unused-variable (nft_net) in ../net/netfilter/nf_tables_api.c in nf_tables_updchain
../net/netfilter/nf_tables_api.c: In function 'nf_tables_updchain':
../net/netfilter/nf_tables_api.c:2348:26: warning: unused variable 'nft_net' [-Wunused-variable]
- commit 2ca55c8
- fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741
CVE-2022-50516).
- commit 329a4e4
- Bluetooth: hci_event: call disconnect callback before deleting
conn (CVE-2023-53673 bsc#1251763).
- commit 0293ef5
- bpf: Propagate error from htab_lock_bucket() to userspace
(CVE-2022-50490 bsc#1251164).
- commit f2d82dc
- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (CVE-2022-50327 bsc#1249859)
- commit 2911a91
- containerd
-
- Update to containerd v1.7.29. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.29>
* CVE-2024-25621 bsc#1253126
* CVE-2025-64329 bsc#1253132
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.28. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.28>
- cups
-
- Adapted cups-2.2.7-CVE-2025-58436.patch according to
https://github.com/OpenPrinting/cups/pull/1439
"http.c: Fix infinite loop in GTK apps"
which fixes the regression boo#1254353
"Cups version 2.2.7-150000.3.77.1 will hang GTK applications"
https://github.com/OpenPrinting/cups/issues/1429
"CUPS 2.4.15 freezes apps requesting the GTK print dialog"
- cups-2.2.7-CVE-2025-61915.patch is based on
https://github.com/OpenPrinting/cups-ghsa-hxm8-vfpq-jrfc/pull/2
backported to CUPS 2.2.7 to fix CVE-2025-61915
"Local denial-of-service via cupsd.conf update
and related issues"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc
bsc#1253783
- cups-2.2.7-CVE-2025-58436.patch mitigates CVE-2025-58436
"Slow client communication leads to a possible DoS attack"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr
(bsc#1244057)
- cups-2.2.7-bsc1234225c76.patch is from
https://bugzilla.suse.com/show_bug.cgi?id=1234225#c76
to fix bsc#1234225 "cupsd stuck in poll() loop"
see also https://github.com/OpenPrinting/cups/issues/1264
- In general regarding CUPS security issues and/or DoS issues see
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- curl
-
- Security fix: [bsc#1253757, CVE-2025-11563]
* curl: wcurl path traversal with percent-encoded slashes
* Add curl-CVE-2025-11563.patch
- docker
-
- Enable SELinux in default daemon.json config (--selinux-enabled). This has no
practical impact on non-SELinux systems. bsc#1252290
- Update to Docker 28.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2851>
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Remove upstreamed patch:
- 0007-Add-back-vendor.sum.patch
- Update to Docker 28.5.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2850>
- Backport <https://github.com/moby/moby/pull/51091> to re-add vendor.sum,
fixing our builds.
+ 0007-Add-back-vendor.sum.patch
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Update to docker-buildx v0.29.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.29.0>
- Remove git-core recommends also on openSUSE: the below argument
is valid for those users too.
- Remove git-core recommends on SLE. Most SLE systems have
installRecommends=yes by default and thus end up installing git with Docker.
bsc#1250508
This feature is mostly intended for developers ("docker build git://") so
most users already have the dependency installed, and the error when git is
missing is fairly straightforward (so they can easily figure out what they
need to install).
- Update to docker-buildx v0.28.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.28.0>
- Update to Docker 28.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2840>
* Fixes a nil pointer panic in "docker push". bsc#1248373
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Update warnings and errors related to "docker buildx ..." so that they
reference our openSUSE docker-buildx packages.
+ cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
- Enable building docker-buildx for SLE15 systems with SUSEConnect secret
injection enabled. PED-12534 PED-8905 bsc#1247594
As docker-buildx does not support our SUSEConnect secret injection (and some
users depend "docker build" working transparently), patch the docker CLI so
that "docker build" will no longer automatically call "docker buildx build",
effectively making DOCKER_BUILDKIT=0 the default configuration. Users can
manually use "docker buildx ..." commands or set DOCKER_BUILDKIT=1 in order
to opt-in to using docker-buildx.
Users can silence the "docker build" warning by setting DOCKER_BUILDKIT=0
explicitly.
In order to inject SCC credentials with docker-buildx, users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
+ cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- elfutils
-
- Add elfutils-fix-large-alignment.diff and elfutils-pr28190.diff
to fix build/testsuite for more recent glibc and kernels.
- Add elfutils-fuzz-1.diff, elfutils-fuzz-2.diff,
elfutils-fuzz-3.diff, elfutils-fuzz-4.diff [bsc#1237236,
bsc#1237240, bsc#1237241, bsc#1237242].
- Add elfutils-fix-debuginfod-groom-race.diff to fix a testsuite
race in run-debuginfod-find.sh.
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2025-13601-1.patch, glib2-CVE-2025-13601-2.patch
(bsc#1254297 CVE-2025-13601 glgo#GNOME/glib#3827).
+ glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch,
glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087
glgo#GNOME/glib#3834).
+ glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512
glgo#GNOME/glib#3845).
- Add glib2-CVE-2025-7039.patch: fix computation of temporary file
name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716).
- gnutls
-
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
- gpg2
-
- Security fix: [bsc#1239119, CVE-2025-30258]
* gpg: Lookup key for merging/inserting only by primary key.
* gpg: Remove a signature check function wrapper.
* gpg2: verification DoS due to a malicious subkey in the keyring
* gpg: Fix regression for the recent malicious subkey
* gpg: Fix another regression due to the T7547 fix.
* gpg: Fix double free of internal data.
* Add patches:
- gnupg-CVE-2025-30258-Lookup-key-for-merging-inserting-only-by-primary-key.patch
- gnupg-CVE-2025-30258-Remove-a-signature-check-function-wrapper.patch
- gnupg-CVE-2025-30258-Fix-a-verification-DoS-due-to-a-malicious-subkey-in-the-keyring.patch
- gnupg-CVE-2025-30258-Fix-regression-for-the-recent-malicious-subkey-DoS-fix.patch
- gnupg-CVE-2025-30258-Fix-another-regression-due-to-the-T7547-fix.patch
- gnupg-CVE-2025-30258-Fix-double-free-of-internal-data.patch
* Remove unrecognized configure option: --enable-Werror
- grub2
-
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0002-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0003-normal-main-Unregister-commands-on-module-unload.patch
* 0004-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0005-commands-usbtest-Use-correct-string-length-field.patch
* 0006-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
- hdparm
-
- package LICENSE.TXT [bsc#1252151]
- kmod
-
- man: modprobe.d: document the config file order handling (bsc#1253741)
* man-modprobe.d-document-the-config-file-order-handling.patch
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0015-CVE-2025-3576.patch
- mozilla-nss
-
- Add bmo1990242.patch to move NSS DB password hash away from SHA-1
- update to NSS 3.112.2
* bmo#1970079 - Prevent leaks during pkcs12 decoding.
* bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
- Adding patch bmo1980465.patch to fix bug on s390x (bmo#1980465)
- Adding patch bmo1956754.patch to fix possible undefined behaviour (bmo#1956754)
- update to NSS 3.112.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
- freetype2
-
- package FTL.TXT and GPLv2.TXT as %license [bsc#1252148]
- pacemaker
-
- fencer: improve self-fencing logs (bsc#1249419)
* bsc#1249419-0002-Log-fencer-improve-self-fencing-logs.patch
- fenced: DC node fencing is unconditionally relayed. (bsc#1249419)
* bsc#1249419-0001-Mid-fenced-DC-node-fencing-is-unconditionally-relaye.patch
- libcrmservice: consider a monitor pending if LoadUnit receives no reply from systemd (bsc#1232276, gh#ClusterLabs/pacemaker#3880)
* bsc#1232276-0001-Fix-libcrmservice-consider-a-monitor-pending-if-Load.patch
- pciutils
-
- pciutils.spec: Add a strict dependency to libpci. [bsc#1252338]
Mixing different versions of pciutils and libpci could result in
a segmentation fault due to incompatible ABI.
- Synchronize SLE-12 and openSUSE:Factory [jsc#PED-4587].
The following patches are now obsolete in version 3.13.0:
* add-decoding-of-vendor-specific-vpd-fields.patch
* pciutils-3.1.7-fix-memory-leak-in-get_cache_name.patch
* pciutils-3.2.0_update-dist.patch
* pciutils-3.5.1-add-support-for-32-bit-pci-domains.patch
* pciutils-lspci-Correct-Root-Capabilities-CRS-Software-Visibil.patch
* show-gen4-speed-properly.patch
- Synchronize SLE-15 and openSUSE:Factory [jsc#PED-8393, bsc#1224138].
The following patches are now obsolete in version 3.13.0:
* lspci-Fixed-buffer-overflows-in-ls-tree.c.patch
* pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
* pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
* pciutils-Add-decoding-of-vendor-specific-VPD-fields.patch
* pciutils-VPD-Cleanup.patch
* pciutils-VPD-When-printing-item-IDs-escape-non-ASCII-characte.patch
- update to 3.13.0:
* lspci decodes CXL 1.1 device link status information.
* Further development of the pcilmr (the link margining
utility)
* Dump parsing supports 6-digit domain numbers.
* Bug fixes in PCIe link state reporting.
* Decode more fields in PCIe AER capability.
* Fixed build on Linux systems with musl libc.
* Updated pci.ids.
- update to 3.12.0:
* lspci decodes the IDE (Integrity & Data Encryption) and
TEE-IO extended capabilities.
* Optimization flags used for compiling individual object files
should be the same as optimization flags for linking the final
executable to make link-time optimization possible.
* no longer look up subsystems in the HWDB
* Updated pci.ids
- include changes from 3.11:
* update-pciids now supports XZ compression
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* various minor bug fixes and updated pci.ids.
- libpng12
-
- security update
- modified patches
* libpng-1.2.51-CVE-2013-7353.patch (-p1)
* libpng-1.2.51-CVE-2013-7354.patch (-p1)
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng12-CVE-2025-64505.patch
- libpng16
-
- security update
- added patches
CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite
* libpng16-CVE-2025-66293-1.patch
* libpng16-CVE-2025-66293-2.patch
- security update
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng16-CVE-2025-64505.patch
CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled
* libpng16-CVE-2025-64506.patch
CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
* libpng16-CVE-2025-64720.patch
CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
* libpng16-CVE-2025-65018.patch
- python311
-
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Readjusted patches:
- CVE-2023-52425-libexpat-2.6.0-backport.patch
- CVE-2023-52425-remove-reparse_deferral-tests.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file
(CVE-2025-8291, bsc#1251305).
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between </ and the tag name. E.g.
</ script> does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. </script/foo=">"/>.
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. <a
foo=bar/ //>.
* Multiple = between attribute name and value are no longer
collapsed. E.g. <a foo==bar> produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the <script> tag is not closed. Patch by Waylan Limberg.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130577: tarfile now validates archives to ensure member
offsets are non-negative. (Contributed by Alexander Enrique
Urieles Nieto in gh-130577.)
- gh-135374: Update the bundled copy of setuptools to 79.0.1.
- Drop upstreamed patches:
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- CVE-2025-6069-quad-complex-HTMLParser.patch
- Add gh139257-Support-docutils-0.22.patch to fix build with latest
docutils (>=0.22) gh#python/cpython#139257
- Drop AppStream buildrequires and don't run appstreamcli validate
as part of the build process: the appdata.xml is not updated by
source directly, so we have more contol. Having Appstream or the
deprecated appstream-glib result in a build cycle.
- Require AppStream to validate appdata file instead of deprecated
appstream-glib.
- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
- python3
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Skip test_curses on ppc64le (gh#python/cpython#141534)
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- F00251-change-user-install-location.patch
- doc-py38-to-py36.patch
- gh126985-mv-pyvenv.cfg2getpath.patch
- ruby2.5
-
- add limit-decompressed-name-length.patch
- fix ruby: denial of service (DoS) due to an insufficient check
on the length of a decompressed domain name within a DNS packet
in resolv gem
bsc#1246430 CVE-2025-24294
- libssh
-
- Security fix: [CVE-2025-8277, bsc#1249375]
* Memory Exhaustion via Repeated Key Exchange
* Add patches:
- libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
- libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
- libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch
- Security fix: [CVE-2025-8114, bsc#1246974]
* NULL pointer dereference when calculating session ID during KEX
* Add libssh-CVE-2025-8114.patch
- tiff
-
- security update:
* CVE-2025-9900 [bsc#1250413]
Fix Write-What-Where in libtiff via TIFFReadRGBAImageOriented
+ tiff-CVE-2025-9900.patch
- libxml2
-
- security update
- added patches
CVE-2025-9714 [bsc#1249076], Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
* libxml2-CVE-2025-9714.patch
- security update
- added patches
CVE-2025-8732 [bsc#1247850], infinite recursion in catalog parsing functions when processing malformed SGML catalog files
* libxml2-CVE-2025-8732.patch
- libxslt
-
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
- propagate test failure into build failure
- added sources
* libxslt-test-results.ref
- security update
- added patches
CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT
* libxslt-CVE-2025-10911.patch
- lifecycle-data-sle-module-live-patching
-
- Added data for 5_14_21-150400_24_167, 5_14_21-150400_24_170,
5_14_21-150400_24_173, 5_14_21-150400_24_176,
5_14_21-150400_24_179, 5_14_21-150500_55_110,
5_14_21-150500_55_113, 5_14_21-150500_55_116,
5_14_21-150500_55_121, 5_14_21-150500_55_124,
5_14_21-150500_55_130, 5_3_18-150300_59_207,
5_3_18-150300_59_211, 5_3_18-150300_59_215,
5_3_18-150300_59_218, 5_3_18-150300_59_221,
6_4_0-150600_23_53, 6_4_0-150600_23_60,
6_4_0-150600_23_65, 6_4_0-150600_23_70,
6_4_0-150600_23_73, 6_4_0-150700_51,
6_4_0-150700_53_11, 6_4_0-150700_53_16,
6_4_0-150700_53_19, 6_4_0-150700_53_22,
6_4_0-150700_53_3, 6_4_0-150700_53_6,
+kernel-livepatch-6_4_0-150600_10_39-rt,*,+kernel-livepatch-6_4_0-150600_10_44-rt,*,+kernel-livepatch-6_4_0-150600_10_49-rt,*,+kernel-livepatch-6_4_0-150600_10_55-rt,*,+kernel-livepatch-6_4_0-150600_10_58-rt,*,+kernel-livepatch-6_4_0-150700_5-rt,*,+kernel-livepatch-6_4_0-150700_7_13-rt,*,+kernel-livepatch-6_4_0-150700_7_16-rt,*,+kernel-livepatch-6_4_0-150700_7_19-rt,*,+kernel-livepatch-6_4_0-150700_7_22-rt,*,+kernel-livepatch-6_4_0-150700_7_25-rt,*,+kernel-livepatch-6_4_0-150700_7_3-rt,*,+kernel-livepatch-6_4_0-150700_7_8-rt,*. (bsc#1020320)
- Added data for 5_14_21-150400_24_167, 5_14_21-150400_24_170,
5_14_21-150400_24_173, 5_14_21-150400_24_176,
5_14_21-150500_55_110, 5_14_21-150500_55_113,
5_14_21-150500_55_116, 5_14_21-150500_55_121,
5_3_18-150300_59_207, 5_3_18-150300_59_211,
5_3_18-150300_59_215, 5_3_18-150300_59_218,
6_4_0-150600_23_53, 6_4_0-150600_23_60,
6_4_0-150600_23_65, 6_4_0-150600_23_70,
6_4_0-150700_53_11, 6_4_0-150700_53_16,
+kernel-livepatch-6_4_0-150600_10_39-rt,*,+kernel-livepatch-6_4_0-150600_10_44-rt,*,+kernel-livepatch-6_4_0-150600_10_49-rt,*,+kernel-livepatch-6_4_0-150700_7_13-rt,*,+kernel-livepatch-6_4_0-150700_7_16-rt,*. (bsc#1020320)
- mozilla-nspr
-
- update to NSPR 4.36.2
* Fixed a syntax error in test file parsetm.c,
which was introduced in 4.36.1
- update to NSPR 4.36.1
* Incorrect time value produced by PR_ParseTimeString and
PR_ParseTimeStringToExplodedTime if input string doesn't
specify seconds.
- openssh
-
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- Add openssh-cve-2025-61985-nul-url-encode.patch
(bsc#1251199, CVE-2025-61985).
- perl-HTML-Parser
-
- updated to 3.830.0 (3.83)
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.83 2024-07-30
- fix '$\/]' in HTML::Entities::encode_entities (GH#45) (mauke)
- updated to 3.82
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.82 2024-03-13
- "img lowsrc" and "body background" are not in the HTMLv5 spec (GH#43)
(Jess)
- Replace "FileHandle" with "IO::File" (GH#42) (James Raspass)
- Fix some minor typos (GH#41) (Yoshikazu Sawa)
- updated to 3.81
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.81 2023-01-30
- Stop depending on "Test" (GH#34) (James Raspass)
- fix test scripts after conversion to Test::More (GH#35) (Graham Knop)
- updated to 3.80
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.80 2022-11-01
* Fix compatibility with ancient perl by avoiding index in test (GH#33)
(Graham Knop)
- updated to 3.79
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.79 2022-10-12
* Modernise XS (GH#32) (James Raspass)
* Skip threads on older perl versions, as they often segfault (GH#31) (Graham
* Knop)
- updated to 3.78
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.78 2022-03-28
* Remove unused variable (GH#26) (Michal Josef Špaček)
- updated to 3.77
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.77 2022-03-14
* Update tests to remove HTML4 specific tags (GH#25) (Jess)
- updated to 3.76
see /usr/share/doc/packages/perl-HTML-Parser/Changes
3.76 2021-03-04
* Add a fix for a stack confusion error on `eof`. (GH#21) (Matthew Horsfall
and Chase Whitener)
- updated to 3.75
see /usr/share/doc/packages/perl-HTML-Parser/Changes
- updated to 3.73
see /usr/share/doc/packages/perl-HTML-Parser/Changes
- python-azure-agent
-
- Update to version 2.14.0.1 (bsc#1253001)
+ Drop - included upstream
~ agent-btrfs-use-f.patch included upstream
~ remove-mock.patch
+ FIPS 140-3 support
+ Block extensions disallowed by policy
+ Report ext policy errors in heartbeat
+ Implement signature validation helper functions
+ Prevent ssh public key override
+ Use proper filesystem creation flag for btrfs
+ Enable resource monitoring in cgroup v2 machines
+ Update agent cgroup cleanup
+ Add cgroupv2 distros to supported list
+ Clean old agent cgroup setup
+ Redact sas tokens in telemetry events and agent log
+ Add conf option to use hardcoded wireserver ip instead of dhcp request
to discover wireserver ip
+ Support for python 3.12
+ Update telemetry message for agent updates and send new telemetry for
ext resource governance
+ Disable rsm downgrade
+ Add community support for Chainguard OS
+ Swap out legacycrypt for crypt-r for Python 3.13+
+ Pin setuptools version
+ Set the agent config file path for FreeBSD
+ Handle errors importing crypt module
- From 2.13.1.1
+ Setup: Fix install_requires list syntax
+ Pickup latest goal state on tenant certificate rotation + Avoid
infinite loop when the tenant certificate is missing
+ Fix unsupported syntax in py2.6
+ Cgroup rewrite: uses systemctl for expressing desired configuration
instead drop-in files
+ Remove usages of tempfile.mktemp
+ Use random time for attempting new Agent update
+ Enable logcollector in v2 machines
+ Clean history files
+ Missing firewall rules reason
+ Add support for nftables (+ refactoring of firewall code)
+ Create walinuxagent nftable atomically
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-decorator
-
- Add python36-decorator provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-importlib-metadata
-
- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-ply
-
- Add python36-ply provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-python-dateutil
-
- Add python36-python-dateutil provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pytz
-
- Add python36-pytz provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- release-notes-ha
-
- 15.4.20251031 (tracked in bsc#933411)
- Fixed updated crm cluster commands (jsc#DOCTEAM-1261)
- Removed Geo Clustering for X reference (jsc#DOCTEAM-1087)
- Added note about removal of pssh (jsc#DOCTEAM-862)
- release-notes-sles-for-sap
-
- 15.4.20251031 (tracked in bsc#933411)
- Clarified support wording (bsc#1222560)
- rsync
-
- Security update (CVE-2025-10158, bsc#1254441): rsync: Out of
bounds array access via negative index
- Add rsync-CVE-2025-10158.patch
- rubygem-rack
-
- update to version 2.2.20 (bsc#1251936)
- CVE-2025-61919: application/x-www-form-urlencoded`, calling `rack.input.read(nil)`
without enforcing a length or cap (bsc#1251936)
- CVE-2025-61780: improper handling of headers in `Rack::Sendfile` allows for bypass
of proxy-level access restrictions (bsc#1253951)
- removed deprecated patches now included in current version:
- rubygem-rack-CVE-2020-8161.patch
- rubygem-rack-CVE-2020-8184.patch
- rubygem-rack-CVE-2022-30122.patch
- rubygem-rack-CVE-2022-30123.patch
- rubygem-rack-CVE-2022-44570.patch
- rubygem-rack-CVE-2022-44571.patch
- rubygem-rack-CVE-2022-44572.patch
- rubygem-rack-CVE-2023-27530.patch
- rubygem-rack-CVE-2023-27539.patch
- rubygem-rack-CVE-2024-25126.patch
- rubygem-rack-CVE-2024-26141.patch
- rubygem-rack-CVE-2024-26146.patch
- rubygem-rack-CVE-2025-25184.patch
- rubygem-rack-CVE-2025-27111.patch
- rubygem-rack-CVE-2025-27610.patch
- rubygem-rack-CVE-2025-32441.patch
- rubygem-rack-CVE-2025-46727.patch
- runc
-
- Update to runc v1.3.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
- Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
- Remove upstreamed patches for bsc#1252232:
- 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Backport patches for three CVEs. All three vulnerabilities ultimately allow
(through different methods) for full container breakouts by bypassing runc's
restrictions for writing to arbitrary /proc files. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
+ 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Update to runc v1.2.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.7>.
- Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
- Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
- Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11.
- Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
- saptune
-
- update package version of saptune to 3.2.1
* restore CPU performance settings on AWS and Google Cloud
(changes Note 2205917, 2684254 and 3577842)
(bsc#1250217)
* SAP Note 2993054 updated to Version 4
add parameter setting for net.ipv4.tcp_retries2
- 000release-packages:sle-ha-release
-
n/a
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-live-patching-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-sap-applications-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- supportutils-plugin-ha-sap
-
- Update to version 0.0.8+git.1761561174.0434cd5:
* fix typo in the definition of INSTANCE_TRACE_DIR
(gh#SUSE/supportutils-plugin-ha-sap#20)
* fix calling of getParameter.py
(gh#SUSE/supportutils-plugin-ha-sap#18)
* skip unused files from the collection of sudo files and sort
the result
(gh#SUSE/supportutils-plugin-ha-sap#17)
- vim
-
- Fix for bsc#1229750.
- nocompatible must be set before the syntax highlighting is turned on.
- xen
-
- bsc#1251271 - VUL-0: CVE-2025-58147,CVE-2025-58148: xen:
Incorrect input sanitisation in Viridian hypercalls (XSA-475)
xsa475-1.patch
xsa475-2.patch
- bsc#1248807 - VUL-0: CVE-2025-27466, CVE-2025-58142,
CVE-2025-58143: xen: Mutiple vulnerabilities in the Viridian
interface (XSA-472)
xsa472-1.patch
xsa472-2.patch
xsa472-3.patch
- xkbcomp
-
- 0001-xkbcomp-Don-t-crash-on-no-op-modmask-expressions.patch
(CVE-2018-15863, bsc#1105832)
- 0002-xkbcomp-Don-t-falsely-promise-from-ExprResolveLhs.patch
(CVE-2018-15861, bsc#1105832)
- 0003-Fail-expression-lookup-on-invalid-atoms.patch
(CVE-2018-15859, bsc#1105832)
- 0004-xkbcomp-fix-stack-overflow-when-evaluating-boolean-n.patch
(CVE-2018-15853, bsc#1105832)