- 000release-packages:SLES_SAP-release
-
n/a
- azure-cli-core
-
- Refresh CVE-2025-24049.patch
- azure-cli
-
- Add azure-storage-azcopy to Recommends (bsc#1245160, jsc#PED-13198)
- Drop CVE-2024-43591.patch, fixed upstream
- Fix testsuite evaluation logic
- bind
-
- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
* bind-ensure-file-descriptors-0-2-are-in-use-before-using-.patch
- boost
-
- CVE-2016-9840: fixed out-of-bounds pointer arithmetic in zlib in beast
(bsc#1245936)
- adds patch boost-zlib.patch
- branding-SLE
-
- Update plymouth theme to fix splash screen element placement issue.
(bsc#1236818)
- cloud-regionsrv-client
-
- Update version to 10.5.2 (bsc#1247539)
+ When an instance fails verification server side the default credentials
were left behind requireing manual intervantion prior to the next
registration attempt.
+ Fix issue triggered when using instance-billing-flavor-check due to
IP address handling as object rather than string introduced 10.5.0
- Update version to 10.5.1
+ Fix issue with picking up configured server names from the
regionsrv config file. Previously only IP addresses were collected
+ Update scriptlet for package uninstall to avoid issues in the
build service
- Update version to 10.5.0
+ Use region server IP addresses to determine Internet access rather
than a generic address. Region server IP addresses may not be blocked
in the network construct. (bsc#1245305)
- cluster-glue
-
- ibmhmc stonith needs to be aware of HMC version - ref:_00D1igLOd._5005qAMc5b:ref
(bsc#1203635)
* Add upstream patch:
38.patch
- stonith/external/ec2: Get EC2 instance ID from local file and add
ec2_retry function to query IMDS and AWSCLI (bsc#1247543)
Add upstream patch:
47.patch
- kernel-default
-
- Revert selinux patches that caused regressions (bsc#1249353)
Deleted:
patches.suse/security-lsm-Introduce-security_mptcp_add_subflow.patch
patches.suse/selinux-Implement-mptcp_add_subflow-hook.patch
- commit 1be528b
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
(CVE-2022-49980 bsc#1245110).
- commit b9c8803
- wifi: mac80211: reject TDLS operations when station is not
associated (CVE-2025-38644 bsc#1248748).
- commit a8c476b
- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
CVE-2025-38618).
- commit 33452e8
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(CVE-2022-49980 bsc#1245110).
- commit 25d2f46
- usb: gadget: core: do not try to disconnect gadget if it is
not connected (CVE-2022-49980 bsc#1245110).
- commit a760fdc
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit 9365d7a
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(CVE-2022-49980 bsc#1245110).
- commit dffc69a
- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
bsc#1248223).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(CVE-2025-38460 bsc#1247143).
- tls: stop recv() if initial process_rx_list gave us non-DATA
(CVE-2024-58239 bsc#1248614).
- tls: rx: drop pointless else after goto (CVE-2024-58239
bsc#1248614).
- commit 47416a2
- x86/sev: Evict cache lines during SNP memory validation
(CVE-2025-38560 bsc#1248312).
- commit 766631f
- selftests/perf_events: Add a mmap() correctness test
(CVE-2025-38563 bsc#1248306 selftest).
- commit b58bec8
- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
bsc#1248306).
- commit 30b2db8
- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
bsc#1248306 dependency).
- commit 037df8e
- perf/core: Don't leak AUX buffer refcount on allocation failure
(CVE-2025-38563 bsc#1248306 dependency).
- commit 4273af9
- bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
in ktls (bsc#1248338 CVE-2025-38608).
- commit 43a92df
- usb: gadget : fix use-after-free in composite_dev_cleanup()
(CVE-2025-38555 bsc#1248297).
- commit d29d36a
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit 767ab57
- net/packet: fix a race in packet_set_ring() and
packet_notifier() (CVE-2025-38617 bsc#1248621).
- commit a477bef
- Update config files. Disable N_GSM (jsc#PED-8240, bsc#1244824, CVE-2022-50116)
- commit 98bb21f
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- security, lsm: Introduce security_mptcp_add_subflow()
(bsc#1240375).
- commit 2547a6d
- nvme-multipath: defer partition scanning (bsc#122824 git-fixes
CVE-2024-53093 bsc#1233640).
- commit 7846c6e
- NFSv4.1: fix backchannel max_resp_sz verification check
(bsc#1247518).
- commit 3b06caf
- smb: prevent use-after-free due to open_cached_dir error paths
(bsc#1234896, CVE-2024-53177).
- commit 99ad7d6
- posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- commit 5c74715
- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit 16fc04a
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_
revocation (bsc#1246211).
- commit 6f389a0
- NFSv4: fairly test all delegations on a SEQ4_ revocation
(bsc#1246211).
- Refresh
patches.kabi/kabi-fix-for-NFSv4-Prevent-NULL-pointer-dereference-in.patch.
- Refresh
patches.suse/NFS-Avoid-unnecessary-rescanning-of-the-per-server-delegation-list.patch.
- Refresh
patches.suse/NFSv4-Prevent-NULL-pointer-dereference-in-nfs42_complete_copies.patch.
- commit 10bdb9b
- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- commit d88adbc
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
(bsc#1229334 CVE-2024-42265).
- fs: prevent out-of-bounds array speculation when closing a
file descriptor (CVE-2023-53117 bsc#1242780).
- commit 832757a
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
context in qfq_delete_class (CVE-2025-38477 bsc#1247314).
- net/sched: Return NULL when htb_lookup_leaf encounters an
empty rbtree (CVE-2025-38468 bsc#1247437).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
(CVE-2025-38477 bsc#1247314).
- net/sched: Always pass notifications when child class becomes
empty (CVE-2025-38350 bsc#1246781).
- commit 03528bf
- net_sched: Prevent creation of classes with TC_H_ROOT
(CVE-2025-21971 bsc#1240799).
- commit c846a50
- Update
patches.suse/netfilter-nf_set_pipapo_avx2-fix-initial-map-fill.patch
(git-fixes CVE-2024-57947 bsc#1236333 CVE-2025-38120
bsc#1245711).
- Update
patches.suse/powerpc-powernv-memtrace-Fix-out-of-bounds-issue-in-.patch
(bsc#1244309 ltc#213790 CVE-2025-38088 bsc#1245506).
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit c5b1aff
- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
bsc#1247349).
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (CVE-2025-38495 bsc#1247348).
- commit 8b00261
- net: avoid race between device unregistration and ethnl ops
(CVE-2025-21701 bsc#1237164).
- commit ef7f4cc
- usb: gadget: configfs: Fix OOB read on empty string write
(CVE-2025-38497 bsc#1247347).
- commit 2908061
- netfilter: nf_tables: mark set as dead when unbinding anonymous
set with timeout (CVE-2024-26643 bsc#1221829).
- commit 4daa764
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit b3f811c
- netfilter: nf_tables: split async and sync catchall in two
functions (CVE-2023-52923 bsc#1236104).
- Refresh
patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 11c8f5d
- netfilter: nft_set_hash: unaligned atomic read on struct
nft_set_ext (CVE-2023-52923 bsc#1236104).
- commit 81059b2
- netfilter: nft_set_rbtree: skip end interval element from gc
(CVE-2023-52923 bsc#1236104).
- commit f47327b
- netfilter: nf_tables: remove catchall element in GC sync path
(CVE-2023-52923 bsc#1236104).
- Refresh
patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 9970986
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion
failure (CVE-2023-52923 bsc#1236104).
- commit e63b022
- netfilter: nft_set_hash: skip duplicated elements pending gc
run (CVE-2023-52923 bsc#1236104).
- commit 828ecf9
- netfilter: nft_set_pipapo: prefer gfp_kernel allocation
(CVE-2023-52923 bsc#1236104).
- commit 65fa0d6
- netfilter: nft_set_hash: try later when GC hits EAGAIN on
iteration (CVE-2023-52923 bsc#1236104).
- commit 10f2b11
- net: usb: usbnet: restore usb%d name exception for local mac
addresses (bsc#1234480 bsc#1246555).
- commit acb1d49
- netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync()
in catchall GC (CVE-2023-52923 bsc#1236104).
- Refresh
patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 01a51e7
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath
contention (CVE-2023-52923 bsc#1236104).
- commit 3a9efbc
- netfilter: nft_set_rbtree: skip sync GC for new elements in
this transaction (CVE-2023-52923 bsc#1236104).
- commit 20a6d45
- netfilter: nf_tables: defer gc run if previous batch is still
pending (CVE-2023-52923 bsc#1236104).
- commit 8c98aa6
- netfilter: nf_tables: adapt set backend to use GC transaction
API (CVE-2023-52923 bsc#1236104).
- Refresh
patches.suse/netfilter-nf_tables-check-if-catch-all-set-element-i.patch.
- Refresh
patches.suse/netfilter-nf_tables-don-t-fail-inserts-if-duplicate-has-ex.patch.
- Refresh
patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch.
- Refresh
patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 84a46c0
- netfilter: nft_set_rbtree: fix overlap expiration walk
(CVE-2023-52923 bsc#1236104).
- commit 314088b
- netfilter: nft_set_rbtree: fix null deref on element insertion
(CVE-2023-52923 bsc#1236104).
- commit 5658720
- netfilter: nft_set_rbtree: skip elements in transaction from
garbage collection (CVE-2023-52923 bsc#1236104).
- commit da32326
- netfilter: nft_set_rbtree: Switch to node list walk for overlap
detection (CVE-2023-52923 bsc#1236104).
- Refresh
patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit fb97724
- netfilter: nft_set_rbtree: overlap detection with element
re-addition after deletion (CVE-2023-52923 bsc#1236104).
- commit 043eda8
- net: sched: fix ordering of qlen adjustment (CVE-2024-53164 bsc#1234863)
- commit 40219c0
- scsi: lpfc: Avoid potential ndlp use-after-free in
dev_loss_tmo_callbk (CVE-2025-38289 bsc#1246287).
- commit 7088af6
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit d87772b
- s390/pkey: Prevent overflow in size calculation for
memdup_user() (git-fixes CVE-2025-38257 bsc#1246186).
- commit 95d7e4c
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- commit 1f55e7a
- Revert "hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431)."
This reverts commit 42d0bfa0c264cdd972320d70cf30244e83ed6d45.
Fix requires more work.
- commit bd9ff6c
- Revert "mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race"
This reverts commit 5ac7828c47ade79e31bb3a63af46f7ba40385d3c.
Fix requires more work.
Conflicts:
series.conf
- commit b735458
- Revert "mm/hugetlb: unshare page tables during VMA split, not before"
This reverts commit 16c03c20551418e44e64746e1adb153a94eb8624.
Fix requires more work.
Conflicts:
series.conf
- commit 6f94b5c
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(CVE-2025-38181 bsc#1246000).
- commit 84f7580
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(CVE-2025-38213 bsc#1246037).
- commit 8cddace
- exfat: fix double free in delayed_free (bsc#1246073
CVE-2025-38206).
- commit e34f200
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1238160 CVE-2022-49138).
- commit 5955361
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1238160 CVE-2022-49138).
- commit bf7f8a7
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1238160 CVE-2022-49138).
- commit fa787ad
- crypto: algif_hash - fix double free in hash_accept
(CVE-2025-38079 bsc#1245217).
- commit 6c6cb3d
- net_sched: hfsc: Fix a UAF vulnerability in class handling
(CVE-2025-37797 bsc#1242417).
- commit 3ddb4b2
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit 1066e4f
- netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes
CVE-2024-57947 bsc#1236333).
- commit 1758014
- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
bsc#1236333).
- commit 233ce6a
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit 509c9eb
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest
memory accesses (bsc#1242782 CVE-2025-23141).
- commit c01b303
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
(bsc#1245431).
- commit 5ac7828
- mm/hugetlb: unshare page tables during VMA split, not before
(bsc#1245431).
- commit 16c03c2
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- commit 42d0bfa
- Update
patches.suse/0081-drm-meson-Fix-refcount-leak-in-meson_encoder_hdmi_in.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50188 bsc#1244892).
- Update
patches.suse/0155-drm-meson-encoder_cvbs-Fix-refcount-leak-in-meson_en.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50183 bsc#1244893).
- Update
patches.suse/0156-drm-meson-encoder_hdmi-Fix-refcount-leak-in-meson_en.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50184 bsc#1244898).
- Update
patches.suse/0365-drm-fb-helper-Fix-out-of-bounds-access.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50221 bsc#1244858).
- Update
patches.suse/1392-drm-i915-ttm-don-t-leak-the-ccs-state.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50037 bsc#1244953).
- Update
patches.suse/1454-drm-amd-pm-Fix-a-potential-gpu_metrics_table-memory-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49971 bsc#1245070).
- Update
patches.suse/1461-drm-amd-pm-add-missing-fini_xxxx-interfaces-for-some.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49965 bsc#1245063).
- Update
patches.suse/1496-drm-amdgpu-Fix-use-after-free-on-amdgpu_bo_list-mute.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50035 bsc#1244955).
- Update patches.suse/1535-drm-i915-ttm-fix-CCS-handling.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49963 bsc#1244914).
- Update
patches.suse/1541-dma-buf-dma-resv-check-if-the-new-fence-is-really-la.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49935 bsc#1245052).
- Update
patches.suse/ASoC-DPCM-Don-t-pick-up-BE-without-substream.patch
(jsc#PED-850 CVE-2022-50049 bsc#1244973).
- Update
patches.suse/ASoC-Intel-avs-Fix-potential-buffer-overflow-by-snpr.patch
(jsc#PED-850 CVE-2022-50052 bsc#1245048).
- Update
patches.suse/ASoC-SOF-Intel-cnl-Do-not-process-IPC-reply-before-f.patch
(jsc#PED-850 CVE-2022-50016 bsc#1245340).
- Update
patches.suse/ASoC-SOF-Intel-hda-Fix-potential-buffer-overflow-by-.patch
(jsc#PED-850 CVE-2022-50050 bsc#1244987).
- Update
patches.suse/ASoC-SOF-Intel-hda-ipc-Do-not-process-IPC-reply-befo.patch
(jsc#PED-850 CVE-2022-50015 bsc#1245094).
- Update
patches.suse/ASoC-SOF-ipc3-topology-Prevent-double-freeing-of-ipc.patch
(jsc#PED-850 CVE-2022-50115 bsc#1244827).
- Update
patches.suse/Bluetooth-Fix-race-condition-in-hci_cmd_sync_clear.patch
(git-fixes CVE-2023-53046 bsc#1244180).
- Update
patches.suse/Bluetooth-When-HCI-work-queue-is-drained-only-queue-.patch
(jsc#PED-1407 CVE-2022-50166 bsc#1244772).
- Update
patches.suse/RDMA-rxe-Fix-BUG-KASAN-null-ptr-deref-in-rxe_qp_do_c.patch
(jsc#PED-1111 CVE-2022-50135 bsc#1244805).
- Update
patches.suse/Revert-usb-typec-ucsi-add-a-common-function-ucsi_unr.patch
(git-fixes CVE-2022-49944 bsc#1244905).
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(git-fixes CVE-2022-49943 bsc#1244904).
- Update
patches.suse/USB-gadget-Fix-use-after-free-Read-in-usb_udc_uevent.patch
(git-fixes CVE-2022-49980 bsc#1245111).
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/ath11k-fix-missing-skb-drop-on-htc_tx_completion-err.patch
(bsc#1206451 CVE-2022-50186 bsc#1244888).
- Update
patches.suse/block-don-t-allow-the-same-type-rq_qos-add-more-than-once-14a6.patch
(git-fixes CVE-2022-50086 bsc#1245116).
- Update
patches.suse/firmware_loader-Fix-memory-leak-in-firmware-upload.patch
(jsc#PED-1263 CVE-2022-49949 bsc#1244928).
- Update
patches.suse/firmware_loader-Fix-use-after-free-during-unregister.patch
(jsc#PED-1263 CVE-2022-49951 bsc#1244940).
- Update
patches.suse/iavf-Fix-NULL-pointer-dereference-in-iavf_get_link_k.patch
(jsc#PED-835 CVE-2022-50054 bsc#1245040).
- Update
patches.suse/ice-Fix-call-trace-with-null-VSI-during-VF-reset.patch
(jsc#PED-376 CVE-2022-50041 bsc#1244957).
- Update
patches.suse/ice-xsk-prohibit-usage-of-non-balanced-queue-id.patch
(jsc#PED-376 CVE-2022-50003 bsc#1245015).
- Update
patches.suse/net-mlx5-LAG-fix-logic-over-MLX5_LAG_FLAG_NDEVS_READ.patch
(jsc#PED-1549 CVE-2022-50002 bsc#1245023).
- Update
patches.suse/net-qrtr-start-MHI-channel-after-endpoit-creation.patch
(git-fixes CVE-2022-50044 bsc#1244961).
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-incorrectly-marks-MMIO-r.patch
(bsc#1218470 ltc#204531 CVE-2024-57999 bsc#1238526).
- Update
patches.suse/soundwire-revisit-driver-bind-unbind-and-callbacks.patch
(jsc#PED-850 CVE-2022-50144 bsc#1244791).
- Update
patches.suse/usb-xhci_plat_remove-avoid-NULL-dereference.patch
(git-fixes CVE-2022-50133 bsc#1244806).
- Update
patches.suse/vfio-Split-migration-ops-from-main-device-ops
(bsc#1205701 CVE-2022-50117 bsc#1244826).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-in-remove-if-xHC-h.patch
(git-fixes CVE-2022-49962 bsc#1244912).
- Update
patches.suse/xsk-Fix-corrupted-packets-for-XDP_SHARED_UMEM.patch
(git-fixes CVE-2022-49972 bsc#1244960).
- commit dbcd12d
- Update
patches.suse/0012-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0023-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0024-dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
(git-fixes CVE-2022-50085 bsc#1245147).
- Update
patches.suse/0027-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/ALSA-bcd2000-Fix-a-UAF-bug-on-the-error-path-of-prob.patch
(git-fixes CVE-2022-50229 bsc#1244856).
- Update
patches.suse/ARM-OMAP2-Fix-refcount-leak-in-omap3xxx_prm_late_ini.patch
(git-fixes CVE-2022-50198 bsc#1244872).
- Update
patches.suse/ARM-OMAP2-Fix-refcount-leak-in-omapdss_init_of.patch
(git-fixes CVE-2022-50199 bsc#1244873).
- Update
patches.suse/ARM-OMAP2-display-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50203 bsc#1245189).
- Update
patches.suse/ARM-OMAP2-pdata-quirks-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50204 bsc#1245191).
- Update
patches.suse/ARM-bcm-Fix-refcount-leak-in-bcm_kona_smc_init.patch
(git-fixes CVE-2022-50207 bsc#1244871).
- Update
patches.suse/ASoC-SOF-debug-Fix-potential-buffer-overflow-by-snpr.patch
(git-fixes CVE-2022-50051 bsc#1245041).
- Update
patches.suse/ASoC-cros_ec_codec-Fix-refcount-leak-in-cros_ec_code.patch
(git-fixes CVE-2022-50125 bsc#1244814).
- Update patches.suse/ASoC-mt6359-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50111 bsc#1244831).
- Update
patches.suse/ASoC-mt6797-mt6351-Fix-refcount-leak-in-mt6797_mt635.patch
(git-fixes CVE-2022-50124 bsc#1244816).
- Update
patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch
(git-fixes CVE-2022-50156 bsc#1244782).
- Update
patches.suse/HID-hidraw-fix-memory-leak-in-hidraw_release.patch
(git-fixes CVE-2022-49981 bsc#1245072).
- Update
patches.suse/HID-mcp2221-prevent-a-buffer-overflow-in-mcp_smbus_w.patch
(git-fixes CVE-2022-50131 bsc#1244807).
- Update
patches.suse/HID-steam-Prevent-NULL-pointer-dereference-in-steam_.patch
(git-fies CVE-2022-49984 bsc#1244950).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/KVM-SVM-Don-t-BUG-if-userspace-injects-an-interrupt-.patch
(git-fixes CVE-2022-50228 bsc#1244854).
- Update
patches.suse/NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch
(git-fixes CVE-2022-50072 bsc#1244979).
- Update
patches.suse/NFSv4.2-fix-problems-with-__nfs42_ssc_open.patch
(git-fixes CVE-2022-50006 bsc#1245018).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/PCI-mediatek-gen3-Fix-refcount-leak-in-mtk_pcie_init.patch
(git-fixes CVE-2022-50154 bsc#1244784).
- Update
patches.suse/PCI-microchip-Fix-refcount-leak-in-mc_pcie_init_irq_.patch
(git-fixes CVE-2022-50157 bsc#1244780).
- Update
patches.suse/PM-hibernate-defer-device-probing-when-resuming-from.patch
(git-fixes CVE-2022-50202 bsc#1245154).
- Update
patches.suse/RDMA-hfi1-fix-potential-memory-leak-in-setup_base_ct.patch
(git-fixes CVE-2022-50134 bsc#1244802).
- Update
patches.suse/RDMA-irdma-Fix-a-window-for-use-after-free.patch
(git-fixes CVE-2022-50137 bsc#1244800).
- Update
patches.suse/RDMA-qedr-Fix-potential-memory-leak-in-__qedr_alloc_.patch
(git-fixes CVE-2022-50138 bsc#1244797).
- Update
patches.suse/RDMA-rxe-Fix-error-unwind-in-rxe_create_qp.patch
(git-fixes CVE-2022-50127 bsc#1244815).
- Update
patches.suse/RDMA-siw-Fix-duplicated-reported-IW_CM_EVENT_CONNECT.patch
(git-fixes CVE-2022-50136 bsc#1244804).
- Update patches.suse/RDMA-srpt-Fix-a-use-after-free.patch
(git-fixes CVE-2022-50129 bsc#1244811).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(git-fixes bsc#1206664 CVE-2022-4662 CVE-2022-49936
bsc#1244984).
- Update
patches.suse/apparmor-Fix-memleak-in-aa_simple_write_to_buffer.patch
(git-fixes CVE-2022-50074 bsc#1244965).
- Update
patches.suse/apparmor-fix-reference-count-leak-in-aa_pivotroot.patch
(git-fixes CVE-2022-50077 bsc#1244977).
- Update
patches.suse/arm64-cacheinfo-Fix-incorrect-assignment-of-signed-error-value-to-unsigned-fw_level.patch
(git-fixes CVE-2022-49964 bsc#1245064).
- Update
patches.suse/arm64-fix-oops-in-concurrently-setting-insn_emulatio.patch
(git-fixes CVE-2022-50206 bsc#1245152).
- Update patches.suse/ath11k-fix-netdev-open-race.patch (git-fixes
CVE-2022-50187 bsc#1244890).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/bpf-Adjust-insufficient-default-bpf_jit_limit.patch
(bsc#1218234 git-fixes CVE-2023-53076 bsc#1242221).
- Update
patches.suse/bpf-Don-t-use-tnum_range-on-array-range-checking-for.patch
(bsc#1202564 bsc#1202860 CVE-2022-2905 CVE-2022-49985
bsc#1244956).
- Update
patches.suse/btrfs-fix-space-cache-corruption-and-potential-doubl.patch
(bsc#1203361 CVE-2022-49999 bsc#1245019).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/ceph-don-t-leak-snap_rwsem-in-handle_cap_grant.patch
(bsc#1202823 CVE-2022-50059 bsc#1245031).
- Update
patches.suse/cifs-Fix-memory-leak-on-the-deferred-close.patch
(bsc#1193629 CVE-2022-50076 bsc#1244983).
- Update
patches.suse/cifs-fix-small-mempool-leak-in-SMB2_negotiate-.patch
(bsc#1193629 CVE-2022-49938 bsc#1244820).
- Update
patches.suse/clk-bcm-rpi-Prevent-out-of-bounds-access.patch
(git-fixes CVE-2022-49946 bsc#1244944).
- Update
patches.suse/clk-qcom-ipq8074-dont-disable-gcc_sleep_clk_src.patch
(git-fixes CVE-2022-50029 bsc#1245146).
- Update
patches.suse/cpufreq-zynq-Fix-refcount-leak-in-zynq_get_revision.patch
(git-fixes CVE-2022-50197 bsc#1244876).
- Update
patches.suse/crypto-arm64-poly1305-fix-a-read-out-of-bound.patch
(git-fixes CVE-2022-50231 bsc#1244853).
- Update
patches.suse/crypto-ccp-Use-kzalloc-for-sev-ioctl-interfaces-to-p.patch
(git-fixes CVE-2022-50226 bsc#1244860).
- Update
patches.suse/crypto-hisilicon-sec-don-t-sleep-when-in-softirq.patch
(git-fixes CVE-2022-50171 bsc#1244765).
- Update
patches.suse/dmaengine-dw-axi-dmac-do-not-print-NULL-LLI-during-e.patch
(git-fixes CVE-2022-50024 bsc#1245133).
- Update
patches.suse/dmaengine-dw-axi-dmac-ignore-interrupt-if-no-descrip.patch
(git-fixes CVE-2022-50023 bsc#1245134).
- Update
patches.suse/dmaengine-sf-pdma-Add-multithread-support-for-a-DMA-.patch
(git-fixes CVE-2022-50145 bsc#1244787).
- Update
patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch
(git-fixes CVE-2022-50149 bsc#1244883).
- Update
patches.suse/drm-amd-display-Check-correct-bounds-for-stream-enco.patch
(git-fixes CVE-2022-50079 bsc#1244970).
- Update
patches.suse/drm-amd-display-clear-optc-underflow-before-turn-off.patch
(git-fixes CVE-2022-49969 bsc#1245060).
- Update
patches.suse/drm-amd-pm-add-missing-fini_microcode-interface-for-.patch
(git-fixes CVE-2022-49966 bsc#1245062).
- Update patches.suse/drm-i915-fix-null-pointer-dereference.patch
(git-fixes CVE-2022-49960 bsc#1244911).
- Update
patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch
(git-fixes CVE-2022-50176 bsc#1244902).
- Update
patches.suse/drm-meson-Fix-refcount-bugs-in-meson_vpu_has_availab.patch
(git-fixes CVE-2022-50038 bsc#1244943).
- Update
patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(git-fixes CVE-2022-50173 bsc#1244992).
- Update
patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch
(git-fixes CVE-2022-50185 bsc#1244887).
- Update
patches.suse/drm-sun4i-dsi-Prevent-underflow-when-computing-packe.patch
(git-fixes CVE-2022-50036 bsc#1244941).
- Update
patches.suse/drm-ttm-Fix-dummy-res-NULL-ptr-deref-bug.patch
(git-fixes CVE-2022-50068 bsc#1245142).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/ext4-block-range-must-be-validated-before-use-in-ext.patch
(bsc#1213090 CVE-2022-50021 bsc#1245180).
- Update
patches.suse/fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(git-fixes CVE-2022-49978 bsc#1245195).
- Update
patches.suse/firmware-arm_scpi-Ensure-scpi_info-is-not-assigned-i.patch
(git-fixes CVE-2022-50087 bsc#1245119).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update patches.suse/gadgetfs-ep_io-wait-until-IRQ-finishes.patch
(git-fixes CVE-2022-50028 bsc#1245135).
- Update
patches.suse/habanalabs-gaudi-fix-shift-out-of-bounds.patch
(git-fixes CVE-2022-50026 bsc#1245088).
- Update
patches.suse/hwmon-gpio-fan-Fix-array-out-of-bounds-access.patch
(git-fixes CVE-2022-49945 bsc#1244908).
- Update patches.suse/iavf-Fix-adminq-error-handling.patch
(git-fixes CVE-2022-50055 bsc#1245039).
- Update patches.suse/iavf-Fix-reset-error-handling.patch
(git-fixes CVE-2022-50053 bsc#1245038).
- Update
patches.suse/ieee802154-adf7242-defer-destroy_workqueue-call.patch
(git-fixes CVE-2022-49968 bsc#1244959).
- Update
patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch
(git-fixes CVE-2022-50218 bsc#1244861).
- Update
patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch
(git-fixes CVE-2022-50143 bsc#1244790).
- Update patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch
(git-fixes CVE-2022-50142 bsc#1244796).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update patches.suse/kcm-fix-strp_init-order-and-cleanup.patch
(git-fies CVE-2022-49957 bsc#1244966).
- Update
patches.suse/kprobes-don-t-call-disarm_kprobe-for-disabled-kprobes.patch
(git-fixes CVE-2022-50008 bsc#1245009).
- Update
patches.suse/loop-Check-for-overflow-while-configuring-loop.patch
(git-fies CVE-2022-49993 bsc#1245121).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/media-pvrusb2-fix-memory-leak-in-pvr_probe.patch
(git-fixes CVE-2022-49982 bsc#1245069).
- Update
patches.suse/media-tw686x-Fix-memory-leak-in-tw686x_video_init.patch
(git-fixes CVE-2022-50175 bsc#1244903).
- Update patches.suse/memstick-ms_block-Fix-a-memory-leak.patch
(git-fixes CVE-2022-50140 bsc#1244793).
- Update
patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch
(git-fixes CVE-2022-50209 bsc#1244868).
- Update
patches.suse/mfd-max77620-Fix-refcount-leak-in-max77620_initialis.patch
(git-fixes CVE-2022-50108 bsc#1244834).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-open.patch
(git-fixes CVE-2022-49950 bsc#1244958).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-probe.patch
(git-fixes CVE-2022-49952 bsc#1244945).
- Update
patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch
(git-fixes CVE-2022-50141 bsc#1244794).
- Update
patches.suse/mptcp-use-OPTION_MPTCP_MPJ_SYNACK-in-subflow_finish_.patch
(CVE-2025-23145 bsc#1242596 CVE-2024-35840 bsc#1224597).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch
(git-fixes CVE-2022-50172 bsc#1244764).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-ap_flash_init.patch
(git-fixes CVE-2022-50160 bsc#1244776).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-of_flash_probe_versati.patch
(git-fixes CVE-2022-50161 bsc#1244774).
- Update
patches.suse/mtd-parsers-ofpart-Fix-refcount-leak-in-bcm4908_part.patch
(git-fixes CVE-2022-50155 bsc#1244781).
- Update
patches.suse/mtd-partitions-Fix-refcount-leak-in-parse_redboot_of.patch
(git-fixes CVE-2022-50158 bsc#1244779).
- Update
patches.suse/net-atlantic-fix-aq_vec-index-out-of-range-error.patch
(git-fixes CVE-2022-50066 bsc#1244985).
- Update
patches.suse/net-bgmac-Fix-a-BUG-triggered-by-wrong-bytes_compl.patch
(git-fixes CVE-2022-50062 bsc#1245028).
- Update
patches.suse/net-dsa-mv88e6060-prevent-crash-on-an-unused-port.patch
(git-fixes CVE-2022-50047 bsc#1244993).
- Update
patches.suse/net-dsa-sja1105-fix-buffer-overflow-in-sja1105_setup.patch
(git-fixes CVE-2022-50040 bsc#1244949).
- Update
patches.suse/net-sched-fix-netdevice-reference-leaks-in-attach_de.patch
(git-fixes CVE-2022-49958 bsc#1244974).
- Update
patches.suse/net-sunrpc-fix-potential-memory-leaks-in-rpc_sysfs_x.patch
(git-fixes CVE-2022-50046 bsc#1244991).
- Update
patches.suse/net-tap-NULL-pointer-derefence-in-dev_parse_header_p.patch
(git-fixes CVE-2022-50073 bsc#1244978).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-CHAIN_ID-to-refer-t.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50212 bsc#1244869).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50213 bsc#1244867).
- Update
patches.suse/nfc-pn533-Fix-use-after-free-bugs-caused-by-pn532_cm.patch
(git-fixes CVE-2022-50005 bsc#1245011).
- Update
patches.suse/octeontx2-af-Fix-mcam-entry-resource-leak.patch
(git-fixes CVE-2022-50060 bsc#1245032).
- Update
patches.suse/pinctrl-nomadik-Fix-refcount-leak-in-nmk_pinctrl_dt_.patch
(git-fixes CVE-2022-50061 bsc#1245033).
- Update
patches.suse/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch
(CVE-2022-2585 bsc#1202094 CVE-2022-50095 bsc#1244846).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update
patches.suse/powerpc-iommu-fix-memory-leak-with-using-debugfs_loo.patch
(bsc#1194869 CVE-2023-53097 bsc#1244114).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-perf-Optimize-clearing-the-pending-PMI-and-r.patch
(bsc#1156395 CVE-2022-50118 bsc#1244825).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch
(git-fixes CVE-2022-50191 bsc#1244899).
- Update
patches.suse/remoteproc-imx_rproc-Fix-refcount-leak-in-imx_rproc_.patch
(git-fixes CVE-2022-50120 bsc#1244819).
- Update
patches.suse/remoteproc-k3-r5-Fix-refcount-leak-in-k3_r5_cluster_.patch
(git-fixes CVE-2022-50121 bsc#1244823).
- Update
patches.suse/rpmsg-qcom_smd-Fix-refcount-leak-in-qcom_smd_parse_e.patch
(git-fixes CVE-2022-50112 bsc#1244832).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(bsc#1203197 LTC#199895 CVE-2022-49990 bsc#1245006).
- Update patches.suse/sch_htb-make-htb_deactivate-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37953 bsc#1243543).
- Update
patches.suse/sch_htb-make-htb_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37932 bsc#1243627).
- Update
patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch
(bnc#1199356 CVE-2022-50100 bsc#1244843).
- Update
patches.suse/sched-cpuset-Fix-dl_cpu_busy-panic-due-to-empty-cs-c.patch
(git-fixes CVE-2022-50103 bsc#1244840).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes CVE-2024-26935 bsc#1223675).
- Update
patches.suse/scsi-iscsi-Fix-HW-conn-removal-use-after-free.patch
(bsc#1198410 CVE-2022-50031 bsc#1245118).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch
(bsc#1201956 CVE-2022-50027 bsc#1245073).
- Update
patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch
(bsc#1201956 CVE-2022-50030 bsc#1245265).
- Update
patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch
(bsc#1201160 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/selinux-Add-boundary-check-in-put_entry.patch
(git-fixes CVE-2022-50200 bsc#1245149).
- Update
patches.suse/selinux-fix-memleak-in-security_read_state_kernel.patch
(git-fixes CVE-2022-50201 bsc#1245197).
- Update
patches.suse/soc-amlogic-Fix-refcount-leak-in-meson-secure-pwrc.c.patch
(git-fixes CVE-2022-50208 bsc#1244870).
- Update
patches.suse/soc-qcom-aoss-Fix-refcount-leak-in-qmp_cooling_devic.patch
(git-fixes CVE-2022-50194 bsc#1244878).
- Update
patches.suse/soc-qcom-ocmem-Fix-refcount-leak-in-of_get_ocmem.patch
(git-fixes CVE-2022-50196 bsc#1244875).
- Update
patches.suse/spi-Fix-simplification-of-devm_spi_register_controll.patch
(git-fixes CVE-2022-50190 bsc#1244895).
- Update
patches.suse/spi-tegra20-slink-fix-UAF-in-tegra_slink_remove.patch
(git-fixes CVE-2022-50192 bsc#1244879).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- Update
patches.suse/stmmac-intel-Add-a-missing-clk_disable_unprepare-cal.patch
(git-fixes CVE-2022-50039 bsc#1244942).
- Update
patches.suse/tty-n_gsm-add-sanity-check-for-gsm-receive-in-gsm_re.patch
(git-fixes CVE-2022-49940 bsc#1244866).
- Update
patches.suse/tty-n_gsm-fix-deadlock-and-link-starvation-in-outgoi.patch
(git-fixes CVE-2022-50116 bsc#1244824).
- Update
patches.suse/tty-serial-Fix-refcount-leak-bug-in-ucc_uart.c.patch
(git-fixes CVE-2022-50019 bsc#1245098).
- Update
patches.suse/tty-vt-initialize-unicode-screen-buffer.patch
(git-fixes CVE-2022-50222 bsc#1245136).
- Update
patches.suse/udmabuf-Set-the-DMA-mask-for-the-udmabuf-device-v2.patch
(git-fixes CVE-2022-49983 bsc#1245092).
- Update
patches.suse/usb-aspeed-vhub-Fix-refcount-leak-bug-in-ast_vhub_in.patch
(git-fixes CVE-2022-50139 bsc#1244798).
- Update
patches.suse/usb-cdns3-change-place-of-priv_ep-assignment-in-cdns.patch
(git-fixes CVE-2022-50132 bsc#1244808).
- Update
patches.suse/usb-cdns3-fix-random-warning-message-when-driver-loa.patch
(git-fixes CVE-2022-50151 bsc#1245093).
- Update
patches.suse/usb-cdns3-fix-use-after-free-at-workaround-2.patch
(git-fixes CVE-2022-50034 bsc#1245089).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-host-ohci-ppc-of-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50033 bsc#1245139).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update patches.suse/usb-renesas-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50032 bsc#1245103).
- Update
patches.suse/usb-typec-tcpm-fix-warning-when-handle-discover_iden.patch
(git-fixes CVE-2023-53048 bsc#1244179).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/venus-pm_helpers-Fix-warning-in-OPP-during-probe.patch
(git-fixes CVE-2022-50011 bsc#1244915).
- Update
patches.suse/video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(git-fixes CVE-2022-50109 bsc#1244884).
- Update
patches.suse/video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(git-fixes CVE-2022-50099 bsc#1244842).
- Update
patches.suse/video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(git-fixes CVE-2022-50102 bsc#1244838).
- Update
patches.suse/video-fbdev-i740fb-Check-the-argument-of-i740_calc_v.patch
(git-fixes CVE-2022-50010 bsc#1245122).
- Update
patches.suse/video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(git-fixes CVE-2022-50097 bsc#1244845).
- Update
patches.suse/video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(git-fixes CVE-2022-50101 bsc#1244839).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- Update
patches.suse/vt-Clear-selection-before-changing-the-font.patch
(git-fixes CVE-2022-49948 bsc#1245058).
- Update
patches.suse/watchdog-sp5100_tco-Fix-a-memory-leak-of-EFCH-MMIO-r.patch
(git-fixes CVE-2022-50110 bsc#1244830).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch
(git-fixes CVE-2022-50164 bsc#1244770).
- Update
patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch
(git-fixes CVE-2022-50162 bsc#1244773).
- Update
patches.suse/wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch
(git-fixes CVE-2022-49942 bsc#1244881).
- Update
patches.suse/wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch
(git-fixes CVE-2022-49934 bsc#1245051).
- Update
patches.suse/wifi-rtw89-8852a-rfk-fix-div-0-exception.patch
(git-fixes CVE-2022-50178 bsc#1244900).
- Update
patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch
(git-fixes CVE-2022-50169 bsc#1244767).
- Update
patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch
(git-fixes CVE-2022-50165 bsc#1244771).
- Update
patches.suse/writeback-avoid-use-after-free-after-removing-device.patch
(bsc#1207638 CVE-2022-49995 bsc#1245012).
- Update
patches.suse/xen-privcmd-fix-error-exit-of-privcmd_ioctl_dm_op.patch
(git-fixes CVE-2022-49989 bsc#1245007).
- commit 7202356
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips
(bsc#1244523).
- commit 51237f2
- bpf: abort verification if env->cur_state->loop_entry != NULL
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch.
- commit 7231f0c
- bpf: copy_verifier_state() should copy 'loop_entry' field
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch.
- commit 5ab8be4
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 2221c2d
- dmaengine: idxd: Refactor remove call with idxd_cleanup()
helper (CVE-2025-38014 bsc#1244732).
- commit c97ce5d
- Refresh patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
The gc path is async therefore it shouldn't use the timestamp but the
current time instead.
- commit 7fca653
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- samba
-
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
- cups
-
- cups-2.2.7-CVE-2024-47175.patch is based on
https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477
backported to CUPS 2.2.7 to fix CVE-2024-47175
"lack of input sanitization in _ppdCreateFromIPP()"
(bsc#1230932 and bsc#1246533)
- In general regarding CUPS and cups-browsed security issues see
https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
- cups-2.2.7-CVE-2025-58364.patch is derived
from the upstream patch to fix CVE-2025-58364
"Remote DoS via null dereference"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4
bsc#1249128
- cups-2.2.7-CVE-2025-58060.patch is derived
from the upstream patch against CUPS 2.4
to fix CVE-2025-58060
"Authentication bypass with AuthType Negotiate"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
bsc#1249049
- Removed the obsoleted cups-2.1.0-cups-systemd-socket.patch
see the below entry dated "Fri Jun 2 10:32:33 CEST 2017"
- curl
-
- tool_operate: fix return code when --retry is used but not
triggered [bsc#1249367]
* Add curl-tool_operate-fix-return-code-when-retry-is-used.patch
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- Fix the --ftp-pasv option in curl v8.14.1 [bsc#1246197]
* tool_getparam: fix --ftp-pasv [5f805ee]
* Add curl-fix--ftp-pasv.patch
- Update to 8.14.1: [jsc#PED-13055, jsc#PED-13056]
* Add _multibuild
* Rebase patches:
- curl-disabled-redirect-protocol-message.patch
- curl-secure-getenv.patch
- dont-mess-with-rpmoptflags.patch
- libcurl-ocloexec.patch
* Remove patches fixed in the update:
- curl-CVE-2023-28319.patch
- curl-CVE-2023-28320.patch
- curl-CVE-2023-28321.patch
- curl-CVE-2023-28322.patch
- curl-CVE-2023-32001.patch
- curl-CVE-2023-38039.patch
- curl-CVE-2023-38545.patch
- curl-CVE-2023-38546.patch
- curl-CVE-2023-46218.patch
- curl-CVE-2023-46219.patch
- curl-CVE-2024-11053.patch
- curl-CVE-2024-2004.patch
- curl-CVE-2024-2398.patch
- curl-CVE-2024-7264.patch
- curl-CVE-2024-8096.patch
- curl-CVE-2024-9681.patch
- curl-CVE-2025-0167.patch
- curl-CVE-2025-0725.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-libssh_Implement_SFTP_packet_size_limit.patch
- Sync spec file with SLE codestreams: [jsc#PED-13055, jsc#PED-13056]
* Add curl-mini.rpmlintrc to avoid rpmlint shlib-policy-name-error
when building the curl-mini package in SLE.
* Add libssh minimum version requirements.
* Use ldconfig_scriptlets when available.
* Remove unused option --disable-ntlm-wb.
- docker
-
- Update to Docker 28.3.3-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2833>
CVE-2025-54388 bsc#1247367
- Update to docker-buildx v0.26.1. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.1>
- Update to docker-buildx v0.26.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.26.0>
- Update to Go 1.24 for builds, to match upstream.
- Update to Docker 28.3.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2832>
- Update to Docker 28.3.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2831>
- Update to Docker 28.3.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2830>
bsc#1246556
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2822>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- dracut
-
- Update to version 055+suse.398.g8f75016e:
* fix(dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
* fix(rngd): adjust license to match the license of the whole project
- gdk-pixbuf
-
- Add gdk-pixbuf-jpeg-icc-data.patch: be more careful with icc data
(bsc#1246114 CVE-2025-7345 glgo@GNOME/gdk-pixbuf!217).
- Add gdk-pixbuf-fix-decoder-written-bytes-reporting.patch: Fix
memory leak caused by wrong written bytes reported by decoder
(CVE-2025-6199, glgo#GNOME/gdk-pixbuf#257, bsc#1245227).
- glib2
-
- Add glib2-CVE-2025-4373.patch: carefully handle gssize parameters
(bsc#1242844 CVE-2025-4373 glgo#GNOME/glib#3677).
- gnutls
-
- Fix heap buffer overread when handling the CT SCT extension during X.509
certificate parsing [bsc#1246233, CVE-2025-32989]
* Add patch gnutls-CVE-2025-32989.patch
- Fix double-free due to incorrect ownership handling in the export logic of
SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
* Add patch gnutls-CVE-2025-32988.patch
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- Fix NULL pointer dereference when 2nd Client Hello omits PSK
[bsc#1246299, CVE-2025-6395]
* Add patch gnutls-CVE-2025-6395.patch
- grub2
-
- Skip mount point in grub_find_device function (bsc#1246231)
* 0001-getroot-Skip-mount-points-in-grub_find_device.patch
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#168
- fix usb network card detection (bsc#1245950)
- 21.89
- hyper-v
-
- fcopy: Fix irregularities with size of ring buffer (a4131a50)
- fcopy: Fix incorrect file path conversion (0d86a8d6)
- Enable debug logs for hv_kvp_daemon (a9c0b33e) (bsc#1244154)
- update route parsing in kvp daemon (9bbb8a07)
- reduce resource usage in hv_kvp_daemon (175c71c2)
- reduce resouce usage in hv_get_dns_info helper (a4d024fe)
- hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (07dfa6e8)
- terminate fcopy daemon if read from uio fails (a9640fcd)
- change permissions of NetworkManager configuration file (91ae69c7)
- Fix a complier warning in the fcopy uio daemon (cb1b78f1)
- remove obsolete kvptest.ps1.txt which failed since a decade
- remove obsolete rpm postinstall code for SLE11SP2
- Add memory allocation check in hv_fcopy_start (94e86b17)
- suppress the invalid warning for packed member alignment (207e03b0)
- Add new fcopy application based on uio driver (82b0945c)
- Add vmbus_bufring (45bab4d7)
- kvp: Handle IPv4 and Ipv6 combination for keyfile format (f971f6dd)
- kvp: Some small fixes for handling NM keyfiles (c3803203)
- kvp: Support for keyfile based connection profile (42999c90)
- kvp: remove unnecessary (void*) conversions (22589542)
- Remove an extraneous "the" (f15f39fa)
- change http to https in hv_kvp_daemon.c (fa52a4b2)
- replace the copy of include/linux/hyperv.h with include/uapi/linux/hyperv.h (6de74d10)
- merge individual udev rules files into a single rules file
- package only files, not directories already owned by filesystem.rpm
- remove braces from rpm spec macros
- remove obsolete Group tag
- replace RPM_BUILD_ROOT with buildroot
- use a meaningful name for the UAPI include file
- use a meaningful variable name for ifcfg in hv_set_ifconfig.sh
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang macro, [bsc#1212476]
- Use %patch -P N instead of deprecated %patchN.
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
* Add iputils-CVE-2025-48964_03.patch
* Add iputils-CVE-2025-48964_04.patch
* Add iputils-CVE-2025-48964_regression.patch
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0013-CVE-2025-3576.patch
- gcc14
-
- Exclude shared objects present for link editing in the GCC specific
subdirectory from provides processing via __provides_exclude_from.
[bsc#1244050][bsc#1243991]
- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
variant conflict with the unversioned cross-*-gcc package.
- Disable build of glibc cross to loongarch64 and hppa in SLFO
and SLE15.
- Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Remove gcc14-pr120061.patch which is now included upstream.
- Add gcc14-pr120061.patch to fix the PR108900 fix instead of
reverting it.
- Remove gcc14-pr108900.patch
- Add gcc14-pr108900.patch to revert it, fixing libqt6webengine build.
- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
* Remove gcc14-pr118780.patch now on the upstream branch
- Fix build on s390x [bsc#1241549]
- Make sure link editing is done against our own shared library
copy rather than the installed system runtime. [bsc#1240788]
- Add gcc14-pr119680.patch to fix cross-compiler builds with
- -enable-host-pie.
- avahi
-
- Add avahi-CVE-2024-52615.patch:
Backport 4e2e1ea from upstream, Resolve fixed source ports for
wide-area DNS queries cause DNS responses be injected.
(CVE-2024-52615, bsc#1233421)
- cairo
-
- Add cairo-CVE-2025-50422.patch:
Backport from William Bader's request 621, Fix NULL access
in active_edges_to_traps().
https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621/diffs
https://gitlab.freedesktop.org/williamb/cairo/-/commit/b5752618
(CVE-2025-50422, bsc#1247589)
- Add cairo-CVE-2019-6461.patch: avoid assert when drawing arcs
with NaN angles (bsc#1122338 CVE_2019-6461 glfo@cairo/cairo#352).
- mozilla-nss
-
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_02.patch
* Add libgcrypt-CVE-2024-2236_03.patch
- openssl-1_1
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- python311
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Use one core to build doc. This will make sphinx doc build
reproducible.
bsc#1243155
- python3
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
The backported fixes do not contain changes for ntpath.py and
related tests, because the support for symlinks and junctions
were added later in Python 3.9, and it does not make sense to
backport them to 3.6 here.
The patch is contains the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration, bsc#1233012
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
_PyBytes_DecodeEscape signature.
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- ruby2.5
-
- update suse.patch to 3f3682bf07fcd4f2fa875958853d3843ee7dcdb9
- fix remote DoS via YAML manifest
bsc#1225905 CVE-2024-35221
- update suse.patch to c76fb820676cfded16c697a62281a3bfeb8e4bb1
- fix webrick: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
bsc#1245254 CVE-2025-6442
- update suse.patch to 5d79fc609c5761864aec47e1ae4796b93db99104
- fix ruby: userinfo leakage in URI#join, URI#merge and URI#+
bsc#1237805 CVE-2025-27221
- libsolv
-
- add support for product-obsoletes() provides in the product
autopackage generation code
- bump version to 0.7.34
- improve transaction ordering by allowing more uninst->uninst
edges [bsc#1243457]
- implement color filtering when adding update targets
- support orderwithrequires dependencies in susedata.xml
- bump version to 0.7.33
- sqlite3
-
- Backpatch the URLs in sqlite3.n from https to http to avoid a
file conflict with the tcl package on SLE-15-GA up to SP2. In
SP3 and onwards the Tcl package does not contain the sqlite
extension anymore.
- Sync version 3.50.2 from Factory:
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Add subpackage for the lemon parser generator.
+ sqlite-3.49.0-fix-lemon-missing-cflags.patch
+ sqlite-3.6.23-lemon-system-template.patch
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- systemd
-
- Start the systemd-coredump.socket unit on systemd-coredump package
installation.
- Restore the kernel default values of the coredump sysctl settings on
systemd-coredump package removal.
- Import commit 6b9681f9bb313728baa3ff0c16814eb33516cd54
a474df9866 coredump: get rid of a bogus assertion
d4546562f8 coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
a5784c2856 coredump: get rid of _META_MANDATORY_MAX
dbaa7bc4bd coredump: restore compatibility with older patterns
32b6cd311f basic/macro: add macro to iterate variadic args
- Apply coredump sysctl settings on systemd-coredump updates/removals
- tiff
-
- security update:
* CVE-2025-8961 [bsc#1248117]
Fix segmentation fault via main function of tiffcrop utility
+ tiff-CVE-2025-8961.patch
- security update:
* CVE-2025-8534 [bsc#1247582]
Fix null pointer dereference in function PS_Lvl2page
+ tiff-CVE-2025-8534.patch
* CVE-2025-9165 [bsc#1248330]
Fix local execution manipulation can lead to memory leak
+ tiff-CVE-2025-9165.patch
- security update:
* CVE-2025-8176 [bsc#1247108]
Fix heap use-after-free in tools/tiffmedian.c
+ tiff-CVE-2025-8176.patch
* CVE-2025-8177 [bsc#1247106]
Fix possible buffer overflow in tools/thumbnail.c:setrow()
+ tiff-CVE-2025-8177.patch
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
CVE-2025-49795 [bsc#1244555], null pointer dereference may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49795.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- libzypp
-
- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
(fixes #667)
- version 17.37.16 (35)
- Append RepoInfo::path() to the mirror URLs in Preloader
(bsc#1247054)
- version 17.37.15 (35)
- During installation indicate the backend being used (bsc#1246038)
If some package actually needs to know, it should test for
ZYPP_CLASSIC_RPMTRANS being set in the environment.
Otherwise the transaction is driven by librpm.
- version 17.37.14 (35)
- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires: cmake >= 3.17.
- version 17.37.13 (35)
- Allow explicit request to probe an added repo's URL
(bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661)
- version 17.37.12 (35)
- Add runtime check for a broken rpm-4.18.0 --runpostrans
(bsc#1246149)
- Add regression test for bsc#1245220 and some other filesize
related tests.
- version 17.37.11 (35)
- BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
Newer rpm versions no longer allow a ':' in rpm package names or
obsoletes. So injecting an
Obsoletes: product:oldproductname < oldproductversion
into the -release package to indicate a product rename is no longer
possible.
Since libsolv-0.7.34 you can and should use:
Provides: product-obsoletes(oldproductname) < oldproductversion
in the -release package. libsolv will then inject the appropriate
Obsoletes into the Product.
- version 17.37.10 (35)
- Ignore DeltaRpm download errors (bsc#1245672)
DeltaRpms are in fact optional resources. In case of a failure
the full rpm is downloaded.
- Improve fix for incorrect filesize handling (bsc#1245220)
- version 17.37.9 (35)
- Do not trigger download data exceeded errors on HTTP non data
responses (bsc#1245220)
In some cases a HTTP 401 or 407 did trigger a "filesize exceeded"
error, because the response payload size was compared against the
expected filesize. This patch adds some checks if the response
code is in the success range and only then takes expected
filesize into account. Otherwise the response content-length is
used or a fallback of 2Mb if no content-length is known.
- version 17.37.8 (35)
- Fix SEGV in MediaDISK handler (bsc#1245452)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
DownloadAsNeeded can not be combined with the rpm singletrans
installer backend because a rpm transaction requires all package
headers to be available the the beginning of the transaction. So
explicitly selecting this mode also turns on the classic_rpmtrans
backend.
- Fix evaluation of libproxy results (bsc#1244710)
- version 17.37.7 (35)
- Enhancements regarding mirror handling during repo refresh.
Added means to disable the use of mirrors when downloading
security relevant files. Requires updaing zypper to 1.14.91.
- Fix autotestcase writer if ZYPP_FULLLOG=1 (bsc#1244042)
If ZYPP_FULLLOG=1 a solver testcase to
"/var/log/YaST2/autoTestcase" should be written for each solver
run. There was no testcase written for the very first solver run.
This is now fixed.
- Pass $1==2 to %posttrans script if it's an update (bsc#1243279)
- version 17.37.6 (35)
- lifecycle-data-sle-module-live-patching
-
- Added data for 5_14_21-150400_24_167, 5_14_21-150400_24_170,
5_14_21-150500_55_110, 5_14_21-150500_55_113,
5_14_21-150500_55_116, 5_3_18-150300_59_207,
5_3_18-150300_59_211, 6_4_0-150600_23_53,
6_4_0-150600_23_60, 6_4_0-150700_51,
6_4_0-150700_53_3, 6_4_0-150700_53_6,
+kernel-livepatch-6_4_0-150600_10_39-rt,*,+kernel-livepatch-6_4_0-150600_10_44-rt,*,+kernel-livepatch-6_4_0-150700_5-rt,*,+kernel-livepatch-6_4_0-150700_7_3-rt,*,+kernel-livepatch-6_4_0-150700_7_8-rt,*. (bsc#1020320)
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- net-tools
-
- Drop 0002-Do-not-warn-about-interface-socket-not-binded.patch. It
worked around a net-tools-1.60 specific problem, that does not
happen in net-tools-2.10. It is more harmful than useful, as it
can hide real problems. (bsc#430864#c15,
https://github.com/ecki/net-tools/issues/32#issuecomment-3265471116).
- Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It
was net-tools-1.60 specific leak fix and breaks netrom in
net-tools-2.10 (bnc#544339#c2).
- Drop old Fedora patch 0006-Allow-interface-stacking.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased
bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
[bsc#1246221, CVE-2024-10041,
+ libpam-introduce-secure-memory-erasure-helpers.patch
+ pam_modutil_get-overwrite-password-at-free.patch
- passverify-always-run-the-helper-to-obtain-shadow_pwd.patch]
- permissions
-
- Update to version 20201225:
* permissions: remove unnecessary static dirs and devices (bsc#1235873)
- Update to version 20201225:
* nvidia-modprobe: SLE-15-SP4 backport (bsc#1246776)
- python-azure-agent
-
- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf
(bsc#1244933)
- Fix %suse_version conditional in spec file so package is built
using python2 in SLE 12 (bsc#1240385)
- python-appdirs
-
- Add python36-appdirs provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-asn1crypto
-
- Add python36-asn1crypto provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-certifi
-
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python3-cryptography
-
- Add python36-cryptography provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- Skipping failing test
- python-decorator
-
- Add python36-decorator provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-idna
-
- Add python36-idna provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-importlib-metadata
-
- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python3-more-itertools
-
- Add python36-more-itertools provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-packaging
-
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-ply
-
- Add python36-ply provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python3-pyOpenSSL
-
- Add python36-pyOpenSSL provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyasn1
-
- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pycparser
-
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pyparsing
-
- Add python36-pyparsing provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-python-dateutil
-
- Add python36-python-dateutil provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-pytz
-
- Add python36-pytz provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-py
-
- Add python36-py provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-requests
-
- Add python36- provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python3-setuptools
-
- Add python36-setuptools provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-six
-
- Add python36-six provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- Add python36-urllib3 provides/obsoletes to enable SLE-12 ->
SLE-15 migration, bsc#1233012
- python-aiohttp
-
- Add CVE-2025-53643.patch to fix CVE-2025-53643 (bsc#1246517)
- python-azure-appconfiguration
-
- New upstream release
+ Version 1.7.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 1.7.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-batch
-
- New upstream release
+ Version 14.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-batch
-
- New upstream release
+ Version 17.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-compute
-
- New upstream release
+ Version 33.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 33.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 30.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-containerservice
-
- New upstream release
+ Version 32.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 32.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- New upstream release
+ Version 31.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 30.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-cosmosdb
-
- New upstream release
+ Version 9.6.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 9.5.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 9.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-rdbms
-
- New upstream release
+ Version 10.2.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 10.2.0b14
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-recoveryservicesbackup
-
- New upstream release
+ Version 9.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 9.1.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-azure-mgmt-recoveryservices
-
- New upstream release
+ Version 3.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redhatopenshift
-
- New upstream release
+ Version 1.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-redis
-
- New upstream release
+ Version 14.5.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 14.4.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-resource
-
- New upstream release
+ Version 23.3.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 23.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 23.1.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove temporary version override
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-servicefabricmanagedclusters
-
- New upstream release
+ Version 2.0.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Remove temporary version override
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-servicelinker
-
- New upstream release
+ Version 1.2.0b3
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- New upstream release
+ Version 1.2.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Remove unzip package from BuildRequires
- Switch source archive format to TAR.GZ
- Update Requires from setup.py
- python-azure-mgmt-signalr
-
- New upstream release
+ Version 2.0.0b2
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-mgmt-sql
-
- New upstream release
+ Version 4.0.0b21
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b20
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b19
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Adjust upstream source name in spec file
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- Update Requires from setup.py
- New upstream release
+ Version 4.0.0b18
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b17
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 4.0.0b16
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-mgmt-storage
-
- New upstream release
+ Version 21.2.1
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- New upstream release
+ Version 21.2.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- Update Requires from setup.py
- python-azure-multiapi-storage
-
- Downgrade upstream version to 1.3.0 to address compatibility
issues with azure-cli 2.66.0 in SLE-15-SP4 (bsc#1247261)
- Override upstream version with 1.4.0.really.1.3.0
- New upstream release
+ Version 1.4.0
+ For detailed information about changes see the
README.rst file provided with this package
- New upstream release
+ Version 1.3.0
+ For detailed information about changes see the
README.rst file provided with this package
- Drop extra LICENSE.txt as upstream now ships its own
- Rename LICENSE.txt to LICENSE in %files section
- python-azure-synapse-artifacts
-
- New upstream release
+ Version 0.19.0
+ For detailed information about changes see the
CHANGELOG.md file provided with this package
- python-msal-extensions
-
- Update to version 1.3.1
* Do not install tests in site-packages by @musicinmybrain in (#139)
* Also dropped Python 3.7 and 3.8 since this release
- from version 1.3.0
* Fix a typo in README.md (persistance/persistence)
by @musicinmybrain in (#133)
* Maintenance by @rayluo in (#137)
* Allow portalocker version 3 by @musicinmybrain in (#136)
* Make portalocker optional (opt in by pip install
msal-extensions[portalocker]) by @rayluo in (#117)
- Drop me_relax-portalocker.patch, fixed upstream
- Add patch to relax python-portalocker version dependency in setup.py
+ me_relax-portalocker.patch
- Relax python-portalocker version dependency in BuildRequires and Requires
- Update to version 1.2.0
+ Remove mentions of Travis CI by @akx in (#126)
+ Set proper lower bound for portalocker dependency,
drop packaging dependency by @akx in (#125)
+ Switch to MSAL 1.29+'s TokenCache.search()
by @rayluo in (#131)
- Remove temporary version override
- Update BuildRequires and Requires from setup.py
- Update to version 1.2.0b1
+ MSAL Extensions has been updated to work with
MSAL Python 1.27.* and 1.28.* (#127, #128)
- Adjust upstream source name in spec file
- Override upstream version with 1.2.0~b1
- Update Requires from setup.py
- python-msal
-
- Update to version 1.32.3
* Fix a regression on Azure Arc / on-prem servers (#814, #815)
- from version 1.32.2
* Bugfix for Authentication Failed: MsalResponse object has no
attribute 'headers' (#812)
- from version 1.32.1
* Optimization on cache
- Update to version 1.32.0
* Refactor to allow adding new field into cache key
and/or content by @rayluo in (#751)
* Warning when obsolete msal-extensions is detected
by @rayluo in (#752)
* Add msal_cache.bin to .gitignore by @DharshanBJ in (#753)
* MSAL will use env var MSAL_FORCE_REGION by default
by @rayluo in (#756)
* Allow MI endpoint changing through environment variable
by @jimdigriz in (#754)
* Revert "allow MI endpoint changing through environment
variable" by @rayluo in (#769)
* Fix document for using SystemAssigned managed identity
by @jiasli in (#764)
* Suppress a false positive CodeQL alarm by @rayluo in (#783)
* Pass Sku and Ver to MsalRuntime by @Ugonnaak1 in (#786)
* Try to suppress another verify=False by @rayluo in (#788)
* Supports dSTS by ClientApplication(..., authority=
"https://...example.com/dstsv2/...") by @rayluo in (#772)
* Add test case to show that OBO supports SP by @rayluo in (#481)
* Enable Issue-Sentinel to scan for similar issues by @DharshanBJ in (#790)
* Support pod identity by @rayluo in (#795)
* Scope to resource by @rayluo in (#785)
- Update to version 1.31.2b1
* acquire_token_interactive(...) supports scope with the shape of
"GUID/.default" when running inside Cloud Shell (#784, #785)
- Override upstream version with 1.31.2~b1
- Update to version 1.31.1
* Bugfix: The Managed Identity detection logic on Arc (#731)
had a bug (#762), now fixed in PR (#763)
- Update to version 1.31.0
* Integration with Broker-on-Mac in (#596)
* Change Managed Identity detection logic on Arc in (#731)
* Managed Identity supports CAE in (#730)
* Support Managed Identity on Azure Container
Instance (ACI) with Resource id in (#741)
* Other refactoring in (#740)
- Update to version 1.30.0
* New feature: Support Subject Name/Issuer authentication when using
.pfx certificate file. Documentation available in one of the recent
purple boxes here. (#718)
* New feature: Automatically use SHA256 and PSS padding when using
.pfx certificate on non-ADFS, non-OIDC authorities. (#722)
* New feature: Expose refresh_on (if any) to fresh or cached response,
so that caller may choose to proactively call acquire_token_silent()
early. (#723)
* Bugfix for token cache search. MSAL 1.27+ customers please upgrade
to MSAL 1.30+. (#717)
- Update to version 1.29.0
* New feature: Supports Managed Identity for Azure VM, App Service
(including Azure Functions, Azure Automation), Service Fabric,
Azure Machine Learning, Arc, etc.. Comes with a sample, its
configuration via ENV VAR, and its API documentation.
(#58, #480, #634, #674)
* New feature: Support reading ConfidentialClientApplication's
cert from a pfx file (#684, #699)
* New feature: TokenCache class has a new search() method which will
return a generator of tokens. The old find() method still exists and
returns a list, but MSAL 1.27+ will not call find() anymore. (#693, #644)
* Change: Re-enable the username password flow to go through broker,
if available. (#712)
- from version 1.28.1
* Change: pip install msal[broker] will now pick up the latest PyMsalRuntime
0.16.x which contains a bugfix for being run as administrator. This release
fixes #707.
- Update to version 1.28.0
* New feature: PublicClientApplication and ConfidentialClientApplication
have a new oidc_authority parameter that can be used to specify authority
of any generic OpenID Connect authority, typically the customized domain
for CIAM. (#676, #678)
* Dropping Python 2.7
- from version 1.27.0
* New feature: remove_tokens_for_client() will remove tokens acquired
by acquire_token_for_client() (#640, #650, #666)
* Performance: Throughput of token-cache-hit happy path is roughly 2x faster (#644)
* Adjustment: MSAL no longer attempts to validate an ID token's time (#656, #657)
* Adjustment: Bump upstream broker dependency to 0.14.x
* Improvement: Better chance to remove accounts from broker (#651)
* Improvement: Cleaner console output when the http local server
is visited in https protocol (#546)
* Improvement: Reduce a bare except clause (#667)
- protobuf
-
- Add CVE-2025-4565.patch to fix parsing of untrusted Protocol Buffers
data containing an arbitrary number of recursive groups or messages
can lead to crash due to RecursionError (bsc#1244663, CVE-2025-4565)
- python-typing_extensions
-
- Drop fix-ann_module-import-path.patch, fixed upstream
- python-xmltodict
-
- Cherry-pick security-fix-prereqs.patch to allow backport of CVE fix
- Cherry-pick CVE-2025-9375.patch to fix multiple XML Injection
vulnerabilities in XML parser (bsc#1249036, CVE-2025-9375)
- regionServiceClientConfigAzure
-
- Update to version 3.0.0 (bsc#1246995)
+ SLE 16 python-requests requiers SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in SLE 16
(bsc#1243419)
- rubygem-puma
-
- update to version 5.6.9 (bsc#1218638)
This update includes fixed for CVE-2024-21647
as well as for CVE-2024-45614, CVE-2024-21647, CVE-2023-40175
- Remove CVE-2024-45614.patch
- Remove CVE-2024-21647.patch
- Remove CVE-2023-40175.patch
- saptune
-
- Fix missing build parameter for saptune 3.2.0, was removed by
accident
(bsc#1246999)
- update package version of saptune to 3.2.0
* saptune version 3.2
new features and SLE16 support
(jsc#PED-8163)
* SLE16 - Optimized out-of-the-box experience for SAP workloads
SLES for SAP Applications should have by default all tunings
enabled and packages started that are common for SAP workloads.
(jsc#PED-10984)
* SLE16 - Tune common values for SAP workloads per default
(jsc#PED-10072)
* SLE16 - OS tuning for SAP with saptune on SLE 16
(jsc#SAPSOL-526)
* SLE16 - preparing a SAP Solution 'SAP_Base' with one
Note '1275776' to support base tuning on SLES and SLES4SAP 16.
(jsc#SAPSOL-530)
* SLE16 - implement new start behavior for saptune on 16.
If the saptune package gets installed (by pattern or manually)
it calls 'saptune solution apply SAP_Base' to initiate the
base tuning.
A customer can change this base tuning after package
installation by 'saptune solution change <New_Solution>' or by
'saptune revert all' and 'saptune solution apply <New_Sol>'
See man page saptune(7) for details
(jsc#SAPSOL-533)
* SLE16 - remove saptune-migrate man page
(jsc#SAPSOL-347)
* SLE16 - remove saptune daemon commands
(jsc#SAPSOL-343)
* SLE16 - remove saptune simulate commands
(jsc#SAPSOL-345)
* SLE16 - remove support for setting PAM limits
(jsc#TEAM-10049, jsc#TEAM-8744)
* SLE16 - Support dot releases for os tags and rpm version check
(jsc#SAPSOL-568)
* SLE16 - remove support for the v1 Custom Note name format
(jsc#SAPSOL-532)
* SLE16 - remove support for the comment-style version header
format in vendor/custom Notes
(jsc#SAPSOL-604)
* SLE16 - drop support for the comment-style version headers
(jsc#SAPSOL-605)
* SLE16 - adapt saptune_check script to the new main
configuration file location
(bsc#1244077)
* Enhanced the saptune supportconfig plugin,
added 'saptune status', 'saptune note verify', /var/log/zypp,
'saptune note list', 'saptune solution list',
'saptune --format json saptune check',
'saptune --format json note list',
'saptune --format json solution list',
'saptune --format json status' and
'saptune --format json note verify'
(jsc#SAPSOL-169)
* Refresh changed Note parameter.
This action is currently in state 'experimental'
(jsc#TEAM-3943)
* Add detection of offline CPUs when setting/verify governor or
force_latency settings
(bsc#1221020, jsc#TEAM-8427)
* Enhance CPU handling with additional warnings and skip governor
settings, if intel_idle and intel_pstate are disabled
(jsc#TEAM-3759, jsc#TEAM-8427)
* Set energy perf bias (EPB) even if secure boot is enabled, if
the used cpupower command supports the operation.
(bsc#1224801)
* Fix Nvme disk detection
(bsc#1233126)
* Fix an index error in the rpm section code and explain the
compliance/uncompliance state of a rpm version in the man page
(bsc#1239841)
* Check if orphaned overwrites exist.
If an override file exists in /etc/saptune/override, but no
related Note definition file or solution definition can be
found in the working area /var/lib/saptune/working/ or in the
custom/vendor directory /etc/saptune/extra, a warning message
is printed and logged.
Additional a line about orphaned overrides is added to the
bottom of the 'saptune status' output.
(jsc#TEAM-6598)
* saptune alternatives should not listed as non-compliant
(jsc#TEAM-8719)
* Remove '(no change)' leftover for 'saptune note verify'
(jsc#TEAM-9136)
* Add json support to 'saptune check'
Enhance json schema and update to version 1.1
(jsc#TEAM-8959)
* Force colored output by using the global option '--force-color'
With that it will be possible to override the color-suppressing,
if a pipe has been detected as there are use cases
(e.g. piping into less) where the color codes can be useful.
(jsc#TEAM-9205)
* Add new command 'saptune configure <parameter> <value>' to
change values in the saptune config file.
(jsc#TEAM-8703)
* Add new command 'saptune configure reset' to reset the saptune
configuration.
This will revert the tuning (revert all) and reset the saptune
configuration file back to the installation default.
(jsc#SAPSOL-331)
* Add new command 'saptune configure TrentoASDP <value>' to
configure the discovery interval for saptune on Trento.
(jsc#SAPSOL-117)
* Tag handling clarification in the man page.
The same tag cannot be used multiple times with different
values in one section of a Note definition file, because all
tags of a section are concatenated by AND (and not OR).
(jsc#TEAM-9243)
* Add new tag 'pmu_name' for CPU platform selection.
May be helpful for special FORCE_LATENCY settings depending on
the used CPU platform to get optimal performance.
As the values are taken from /sys/devices/cpu/caps/pmu_name,
it's an Intel CPU only feature for now.
(jsc#TEAM-7073)
* Add new tag 'virt' for virtualization type selection.
Valid values are 'vm', 'chroot' and 'container' as reported by
'/usr/bin/systemd-detect-virt -v|-c|-r'
(jsc#TEAM-6070)
* Add IBM Cloud VPC (not IBM Cloud Classic) detection used for
tag 'csp'
(jsc#SAPSOL-224)
* Add additional actions for 'verify'
'saptune note verify applied' and 'saptune verify applied'
(jsc#TEAM-9204)
* For internal used calculations increase the logging information
for the used parameters, values and results
(jsc#SAPSOL-168)
* Adjust return code from 1 to 128 if a wrong saptune version is
detected.
(jsc#SAPSOL-209)
* Add systemd hardening to the saptune systemd service file
starting 15SP4
(jsc#TEAM-7425)
* Add new global option '--fun'. If set, the 'yes', 'no' in the
compliant column of 'saptune note verify' is replaced by a
smiley.
(jsc#SAPSOL-236)
* start reducing duplicate warning and info messages
(jsc#SAPSOL-669)
* Adapt man page and help output for global option '--fun'
(jsc#SAPSOL-272)
* Add list of exit codes to man page saptune(8)
(jsc#TEAM-9836)
* man pages - add warning about race condition of systemd units
during system boot.
saptune-note.5 already contained a description, now saptune.8
was enhanced as well.
(bsc#1190508)
* Add new man page saptune-solution(5)
(jsc#TEAM-9870)
* Add new man page saptune(7) describing the new tuning behavior
during package installation
(jsc#SAPSOL-533)
* SLE16 - add new SAP Note 3565382 and 3577842
* SLE16 - add Note 3577842 to all HANA related solutions
(bsc#1240598)
* SLE16 - remove Note 1771258
(jsc#TEAM-10049)
* SLE16 - remove ASE Solution and Notes 1680803 and 1805750
(jsc#SAPSOL-531)
* SLE12/15 - deprecate Notes 1680803,1805750 and Solution SAP-ASE
The Note and the Solution might get removed in a future saptune
version
(jsc#SAPSOL-419)
* SLE12/15 - deprecate Note 1771258
(jsc#TEAM-8744)
* SAP Note 2684254 and 2205917
Intel architecture related settings (currently section 'cpu'
and 'grub') are now tagged with 'arch=x86_64' in the Note
definition file to no longer confuse customers on other
architectures with 'useless' warnings and footnotes.
And by adding the additional tag 'virt=bare-metal' users of
virtual machines will also no longer be confused by these
footnotes and warnings.
(jsc#TEAM-9235)
* SAP Note 1984787 updated to Version 43
SAP Note 2578899 updated to Version 53
SAP Note 3024346 updated to Version 14
but without parameter value changes, only house keeping of the
version section and comment updates
- add obsoletes/provides for sapconf to support the update/move
from sapconf to saptune on plain SLES
- change Requires: /usr/bin/cpupower to Requires: cpupower
and Requires: /usr/bin/md5sum to Requires: coreutils
(jsc#TEAM-8743)
- add support for SLE16
Installation and activation of SAP base tuning
Update to SLE16
- scap-security-guide
-
- buildrequire cmake3 on older SLES versions for build
- updated to 0.1.77 (jsc#ECO-3319)
- Introduce Architecture Decisions Records
- Move stablization to the third Monday of the second month
- Remove CCI References
- Remove macOS content
- removed ssg-fix-python.patch: upstream
- Added support for tencentos4
- ssg-fix-python.patch: fix build with older python3.
- Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4
- Remove Group: declarations, no longer used
- 000release-packages:sle-ha-release
-
n/a
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-live-patching-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-sap-applications-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- suse-build-key
-
- adjust UID (name + email) of SLES16 signing key with official
names. (bsc#1245223)
- suse-module-tools
-
- Update to version 15.5.7:
* add blacklist entry for reiserfs (jsc#PED-6167)
* Add more modules to file system blacklist (jsc#PED-6167)
* Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632)
- Update to version 15.5.6:
* udevrules: activate CPUs on hotplug for s390, too (bsc#1224400)
- sysconfig
-
- version 0.85.10
* codespell run for all repository files and changes file
* spec: define permissions for ghost file attrs to avoid
rpm --restore resets them to 0 (bsc#1237595).
* spec: fix name-repeated-in-summary rpmlint warning
- sysstat
-
- Still related to bsc#1244553, removal of broken symlinks
during the post-install phase.
- rename services to allow preset in systemd-presets-branding-SLE to work
[bsc#1244553], [bsc#1246835]
- fix argument order of find [bsc#1246852]
- modified patches
% sysstat-PED-12914.patch (amended)
- added patches (bsc#1244553)
% sysstat-bsc-1244553.patch
- deleted sources
- 90-sysstat.preset (not needed)
- Automatically enable systemd timers upon installation.
- Fix bsc#1244553.
- Fix for PED#12914.
* Add sysstat-PED-12914.patch.
- systemd-presets-branding-SLE
-
- enable sysstat_collect.timer and sysstat_summary.timer [bsc#1244553]
and [bsc#1246835]
- modified sources
% default-SLE.preset
- systemd-rpm-macros
-
- Bump version to 16
- Introduce %udev_trigger_with_reload() for packages that need to trigger events
in theirs scriplets. The new macro automatically triggers a reload of the udev
rule files as this step is often overlooked by packages (bsc#1237143).
- vim
-
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
- xen
-
- bsc#1246112, bsc#1238896 - VUL-0: xen: More AMD transient
execution attack (CVE-2024-36350, CVE-2024-36357, XSA-471)
xsa471-01.patch
xsa471-02.patch
xsa471-03.patch
xsa471-04.patch
xsa471-05.patch
xsa471-06.patch
xsa471-07.patch
xsa471-08.patch
xsa471-09.patch
xsa471-10.patch
xsa471-11.patch
xsa471-12.patch
xsa471-13.patch
xsa471-14.patch
xsa471-15.patch
xsa471-16.patch
xsa471-17.patch
xsa471-18.patch
xsa471-19.patch
xsa471-20.patch
xsa471-21.patch
xsa471-22.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
xsa470.patch
- zypper
-
- Fix addrepo to handle explicit --check and --no-check requests
(bsc#1246466)
- Accept "show" as alias for "info" (bsc#1245985)
- version 1.14.93
- sh: Reset solver options after command (bsc#1245496)
- Explicitly selecting DownloadAsNeeded also selects the
classic_rpmtrans backend.
- version 1.14.92
- BuildRequires: libzypp-devel >= 17.37.6.
Enhancements regarding mirror handling during repo refresh. Adapt
to libzypp API changes. (bsc#1230267)
- version 1.14.91