- HANA-Firewall
-
- HANA-Firewall built without PIE
(bsc#1239943)
- 000release-packages:SLES_SAP-release
-
n/a
- apparmor
-
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- azure-cli-core
-
- Add patch to fix improper neutralization of special elements
used in a command which allows an unauthorized attacker to
elevate privileges locally
+ CVE-2025-24049.patch (bsc#1239460, CVE-2025-24049)
- Prefer %patch and %setup to allow individual patch strip levels
- azure-cli
-
- Add patch to fix elevation of privilege vulnerability
+ CVE-2024-43591.patch (bsc#1231971, CVE-2024-43591)
- ca-certificates-mozilla
-
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- kernel-default
-
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(CVE-2022-49080 bsc#1238033).
- commit ee261e8
- KVM: VMX: Bury Intel PT virtualization (guest/host mode)
behind CONFIG_BROKEN (CVE-2024-53135 bsc#1234154).
- commit c33dbae
- kabi: hide adding RCU head into struct netdev_name_node
(bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: fix removing a namespace with conflicting altnames
(bsc#1233749).
- net: do not send a MOVE event when netdev changes netns
(bsc#1233749).
- net: Fix undefined behavior in netdev name allocation
(bsc#1233749).
- net: remove else after return in dev_prep_valid_name()
(bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name()
(bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name()
(bsc#1233749).
- net: don't use input buffer of __dev_alloc_name() as a scratch
space (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns
(bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: introduce a function to check if a netdev name is in use
(bsc#1233749).
- commit b7b1c0b
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- commit 5e81510
- x86/xen: allow larger contiguous memory regions in PV guests
(bsc#1236951).
- commit ae8b3dd
- xen/swiotlb: relax alignment requirements (bsc#1236951).
- commit 5a1b514
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- commit e70ee83
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
(git-fixes).
- commit 2ad21f6
- idpf: call set_real_num_queues in idpf_open (bsc#1236661
bsc#1237316).
- commit 97881c4
- Update References for CVE-2024-53226 and bsc#1236576
Patch:
patches.suse/RDMA-hns-Fix-NULL-pointer-derefernce-in-hns_roce_map.patch
- commit 990ce5d
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
(bsc#1237139 CVE-2025-21699).
- commit 94ceb50
- cpufreq/amd-pstate: Only print supported EPP values for
performance governor (bsc#1236777).
- commit 6568154
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
service (bsc#1237025 CVE-2025-21690).
- commit 57c2742
- NFSD: use explicit lock/unlock for directory ops (bsc#1234650
bsc#1233701 bsc#1232472).
- blacklist.conf: Remove this commit - we do need some of it.
- commit dfa4cb2
- sched: sch_cake: add bounds checks to host bulk flow fairness
counts (CVE-2025-21647 bsc#1236133).
- commit e9841a3
- Update
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
(bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
Move to the sorted section.
- commit bb08640
- net: sched: fix ets qdisc OOB Indexing (bsc#1237028
CVE-2025-21692).
- commit 947f160
- scsi: storvsc: Set correct data length for sending SCSI command
without payload (git-fixes).
- commit f05636e
- net: mana: Cleanup "mana" debugfs dir after cleanup of all
children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Add get_link and get_link_ksettings in ethtool
(bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit 7db536d
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
(CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
(bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
(CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit c3c2bf8
- mac802154: check local interfaces before deleting sdata list
(CVE-2024-57948 bsc#1236677).
- commit 4de21f7
- corosync
-
- Add a patch to fix CVE-2025-30472 (bsc#1239987)
* bsc-1239987-check-size-of-orf_token-msg.patch
- crmsh
-
- Update to version 4.5.1+20250207.2c89797:
* Fix: bootstrap: Local joining node should be included when merging known_hosts (bsc#1229419)
* Dev: bootstrap: more robust implementation for ssh_merge (bsc#1230530)
- docker
-
- Don't use the new container-selinux conditional requires on SLE-12, as the
RPM version there doesn't support it. Arguably the change itself is a bit
suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
+ 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
+ 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)
- Update to Docker 27.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.20.1. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.20.1>
- Update to Docker 27.4.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.19.3. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.3>
- Update to Docker 27.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#274>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- gnutls
-
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-CVE-2024-12243.patch
- grub2
-
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
* 0001-autofs-Ignore-zfs-not-found.patch
- hawk2
-
- Update to version 2.6.6+git.1742310530.bfcd0e2c:
* Dev: proof code from injections (bsc#1182162,bsc#1182164)
* Fix: enable colocation linking
* Dev: make sprockets-4.2 compatible
* Dev: enable rails-8.0
* Test: test_check_cluster_configuration: relax required resource options
* remove patch
- relax-test-cluster-conf.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#152
- avoid reporting of spurious usb storage devices (bsc#1223330)
- 21.87
- merge gh#openSUSE/hwinfo#151
- do not overdo usb device de-duplication (bsc#1239663)
- 21.86
- kdump
-
- dracut: fix filtering ro keys in kdump_bond_config (bsc#1233137)
- libX11
-
- U_CVE-2025-26597-0001-xkb-Fix-buffer-overflow-in-XkbChangeTypesOfKey.patch
* Buffer overflow in XkbChangeTypesOfKey()
(CVE-2025-26597, bsc#1237431)
- libapparmor
-
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- mozilla-nss
-
- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
bad targetKeyLength parameters when checking for FIPS approval
after keygen. This was causing false rejections.
- Updated nss-fips-approved-crypto-non-ec.patch to approve
RSA signature verification mechanisms with PKCS padding and
legacy moduli (bsc#1222834).
- freetype2
-
- Added patch:
* CVE-2025-27363.patch
+ fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
attempting to parse font subglyph structures related to
TrueType GX and variable font files
- python311
-
- Allow to disable PGO
- Skip PGO with %want_reproducible_builds (bsc#1239210)
- python3
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- libxkbfile
-
- U_CVE-2025-26595-0001-xkb-Fix-buffer-overflow-in-XkbVModMaskText.patch
* Buffer overflow in XkbVModMaskText() (CVE-2025-26595, bsc#1237429)
- libxml2
-
- security update
- added patches
fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
+ libxml2-CVE-2024-56171.patch
fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
+ libxml2-CVE-2025-24928.patch
fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
+ libxml2-CVE-2025-27113.patch
- libxslt
-
- Security fixes:
* Fix use-after-free of XPath context node [bsc#1239625, CVE-2025-24855]
* Fix UAF related to excluded namespaces [bsc#1239637, CVE-2024-55549]
* Make generate-id() deterministic [bsc#1238591, CVE-2023-40403]
Just adding the reference here as this CVE was already fixed
in 0009-Make-generate-id-deterministic.patch
* Rebase patches to use autosetup:
- libxslt-1.1.24-no-net-autobuild.patch
- libxslt-config-fixes.patch
* Add patches:
- libxslt-CVE-2024-55549.patch
- libxslt-CVE-2025-24855.patch
- libzypp
-
- Disable zypp.conf:download.use_deltarpm by default (fixes #620)
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- version 17.36.3 (35)
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- version 17.36.2 (35)
- lifecycle-data-sle-module-live-patching
-
- Added data for 5_14_21-150400_24_147, 5_14_21-150400_24_150,
5_14_21-150500_55_91, 5_14_21-150500_55_94,
5_3_18-150300_59_188, 5_3_18-150300_59_191,
5_3_18-150300_59_195, 6_4_0-150600_23_33,
6_4_0-150600_23_38, 6_4_0-19, 6_4_0-20,
+kernel-livepatch-5_14_21-150500_13_79-rt,*,+kernel-livepatch-6_4_0-10-rt,*,+kernel-livepatch-6_4_0-11-rt,*,+kernel-livepatch-6_4_0-150600_10_20-rt,*,+kernel-livepatch-6_4_0-150600_10_23-rt,*,+kernel-livepatch-6_4_0-150600_10_26-rt,*. (bsc#1020320)
- python-azure-agent
-
- Add a new version of paa_force_py3_sle15.patch to compensate for
missing Python RPM macros in older distros
- Update to version 2.12.04 (bsc#1235140)
+ Remove agent-no-auto-update.patch handeled by config file specialization
sub-packages
+ Remove paa_force_py3_sle15.patch handled by RPM macro
+ Remove agent-micro-is-sles.patch included upstream
+ Forward port paa_12_sp5_rdma_no_ext_driver.patch
+ Forward port remove-mock.patch
+ Add paa_direct_exec_in_service.patch
~ The waagent script is executable and we set the proper interpreter
using the macro for multibuild python. Do prefix the execution in the
service file wit the interpreter
+ Fix install_requires list syntax
+ Update spec file
~ Remove conditions for distros no longer maintained
~ Simplify build and install conditionals using macros
+ Enable GA versioning #3082 #3184 #3189
+ Cgroups api refactor for v2 #3096 #3135 #3188 #3196
+ Fix JIT for FIPS 140-3 #3190
+ reset network service unit file if python version changes #3058
+ Recognize SLE-Micro as a SLE based distribution #3048
+ Add distutils/version.py to azurelinuxagent #3063
+ Use legacycrypt instead of crypt on Python >= 3.13 #3070
+ Fix osutil/default route_add to pass string array. #3072
+ Fix argument to GoalState.init #3073
+ Add lock around access to fast_track.json #3076
+ Add DistroVersion class to compare distro versions #3078
+ LogCollector should skip and log warning for files that don't exist #3098
+ check for unexpected process in agent cgroups before cgroups enabled #3103
+ [Redo with correct source/target]: Remove check for "ibXX" interface
format and rework mac-address regex to expand support #3150
+ Fix Ubuntu version codename for 24.04 #3159
+ Update test certificate data #3166
+ move setupslice after cgroupsv2 check, remove unit file for
log collector and remove fiirewall daemon-reload #3223
+ Address pylint warning deprecated-method #3059
+ Run pylint on Python 3.11 #3067
+ Run unit tests with pytest on Python >= 3.10
+ Log logcollector cgroups if process is found in unexpected slice #3107
+ remove secret and use cert for aad app in e2e pipeline #3116
+ suppress pylint warn contextmanager-generator-missing-cleanup #3138
+ Switching to SNI based authentication for aad app #3137
+ updated PR template #3144
+ Avoiding mocked exception from being lost on test when using
python 3.12: complete mocked info #3149
+ Add more useful logging statement for agent unit properties #3154
+ Remove wireserver fallback for imds calls #3152
+ Remove unused import #3155
+ Add support for Azure Linux 3 #3183
+ Fix pytest warnings #3084
+ Allow use of node 16 #3160
+ Send controller/cgroup path telemetry #3231
From 2.13.0.2
+ #3221 Add support for nftables (+ refactoring of firewall code)
+ #3239 Create walinuxagent nftable atomically
+ Features in progress (Verify extension signature/Policy Enforcement)
+ #3200 Parse encodedSignature property from EGS
+ #3187 Add Regorus policy engine framework
+ #3222 Remove Regorus and platform check for policy enforcement
+ #3242 Telemetry (update logcollector telemetry with common properties)
+ #3208 Handle non-boolean when parsing extension manifests
+ #3211 Fix unicode type check when parsing extension manifests
+ #3133 Telemetry: high-priority events
+ #3240 Telemetry: report apparent dead code
+ #3210 Cleanup: remove AMA extension services cgroups tracking code
+ #3197 Accommodate the new behavior in OpenSSL 3.2.2 when given an
empty input
From 2.11.1.12
+ Remove multi config extension status only on extension delete #3172
From 2.111.1.4
+ General Improvements
+ Improvements in telemetry for firewall settings #3110, #3124
From 2.10.0.8
+ GA versioning #2810 #2850 #2860 #2881 #2974 #3004 #3015 #3033
+ Disabled GA versioning #2909 #2917 #3044
+ Add regular expression to match logs from very old agents #2839
+ Remove empty "distro" module #2854
+ Enable Python 2.7 for unit tests #2856
+ Add check for noexec on Permission denied errors #2859
+ Reorganize file structure of unit tests #2894
+ Report useful message when extension processing is disabled #2895
+ Add log and telemetry event for extension disabled #2897
+ Cleanup common directory #2902
+ Fix agent memory usage check #2903
+ enable rhel/centos agent-cgroups #2922
+ Add support for EC certificates #2936
+ Add Cpu Arch in local logs and telemetry events #2938
+ Clarify support status of installing from source. #2941
+ Gathering Guest ProxyAgent Log Files #2975
+ Remove debug info from waagent.status.json #2971
+ Handle errors when adding logs to the archive #2982
+ Update supported Ubuntu versions #2980
+ Fix pylint warning #2988
+ Add information about HTTP proxies #2985
+ update the proxy agenet log folder for logcollector #3028
+ Add config parameter to wait for cloud-init
(Extensions.WaitForCloudInit) #3031 [Added in 2.10.0.8]
+ Adding AutoUpdate.UpdateToLatestVersion new flag support #3020 #3027
[Added in 2.10.0.8]
+ Check certificates only if certificates are included in goal state #2803
+ Redact access tokens from extension's output #2811
+ Fix name of single IB device when provisioning RDMA #2814
+ Port NSBSD system to the latest version of waagent #2828
+ fix daemon version #2874
+ fix version checking in setup.py #2920
+ fix(ubuntu): Point to correct dhcp lease files #2979
+ Download certs on FT GS after check_certificates only when missing
from disk #2907
+ Add support for EC certificates (#2936) #2943 [Added in 2.10.0.5]
+ Fix for "local variable _COLLECT_NOEXEC_ERRORS referenced before
assignment" (#2935) #2944 [Added in 2.10.0.5]
+ Cache daemon version #2942 #2946 [Added in 2.10.0.5]
+ undo get daemon version change #2951 [Added in 2.10.0.5]
+ fix self-update frequency to spread over 24 hrs for regular type
and 4 hrs for hotfix #2948 [Added in 2.10.0.5]
+ ignore dependencies from extensions that do not have settings #2957
[Added in 2.10.0.6]
+ Do not reset the mode of a extension's log directory #3014
[Added in 2.10.0.8]
+ skip cgroup monitoring if log collector doesn't start by the agent.
[#2939] [Added in 2.10.0.8]
+ NM should not be restarted during hostname publish if NM_CONTROLLED=y
[#3008] [Added in 2.10.0.8]
+ Daemon should remove stale published_hostname file and log
useful warning #3016 [Added in 2.10.0.8]
+ Revert changes to publish_hostname in RedhatOSModernUtil #3032
[Added in 2.10.0.8]
+ Recover primary nic if down after publishing hostname in
RedhatOSUtil #3024 [Added in 2.10.0.8]
- fix a few typos in the spec file and use proper macros where
applicable
- remove python3 requires
- python-instance-billing-flavor-check
-
- Update to version 1.0.0 (jsc#PCT-531)
+ API incompatibility: The check_payg_byos function no longer exits, it now
returns a tuple of (flavor, exit_code). This makes the function reusable.
+ Update the build setup to work with the system interpreter of
upcoming SLE releases. SLE 12 stays with the Python 3.4 interpreter
and SLE 15 with the Python 3.6 interpreter.
- python-Jinja2
-
- Add security patch CVE-2025-27516.patch (bsc#1238879)
- python3-M2Crypto
-
- Change macro to %{?sle15allpythons} so we build both Python 3.6
and Python 3.11 on SLE-15.
- Fix spelling of BSD-2-Clause license.
- Add rpmlintrc … overflow of ignorable rpmlint warnings caused
me not to see the previous problem.
- Update to 0.44.0:
- fix(rsa): introduce internal cache for rsa.check_key()
(bsc#1236664, srht#mcepl/m2crypto#369)
- fix[authcookie]: modernize the module
- fix(_lib): add missing #include for windows
- ci: relax fedora crypto policy to legacy.
- enhance setup.py for macos compatibility
- prefer packaging.version over distutils.version
- fix segfault with openssl 3.4.0
- fix[ec]: raise ioerror instead when load_key_bio() cannot read
the file.
- doc: update installation instructions for windows.
- fix setting x509.verify_* variables
- fix building against openssl in non-standard location
- test_x509: use only x509_version_1 (0) as version for csr.
- The real license is BSD 2-Clause, not MIT.
- Update to 0.43.0:
- feat[m2]: add m2.time_t_bits to checking for 32bitness.
- fix[tests]: Use only X509_VERSION_1 (0) as version for CSR.
- fix[EC]: raise ValueError when load_key_bio() cannot read the
file (bsc#1231589).
- ci: use -mpip wheel instead of -mbuild
- fix: use PyMem_Malloc() instead of malloc()
- fix[hints]: more work on conversion of type hints to the py3k ones
- fix: make the package build even on Python 3.6
- ci[local]: skip freezing local tests
- fix[hints]: remove AnyStr type
- test: add suggested test for RSA.{get,set}_ex_data
- fix: implement interfaces for RSA_{get,set}_ex_new_{data,index}
- fix: generate src/SWIG/x509_v_flag.h to overcome weaknesses of
swig
- fix: replace literal enumeration of all VERIFY_ constants by a
cycle
- test: unify various test cases in test_ssl related to ftpslib
- fix: replace deprecated url keyword in setup.cfg with complete
project_urls map
- Update 0.42.0:
- allow ASN1_{Integer,String} be initialized directly
- minimal infrastructure for type hints for a C extension and
some type hints for some basic modules
- time_t on 32bit Linux is 32bit (integer) not 64bit (long)
- EOS for CentOS 7
- correct checking for OpenSSL version number on Windows
- make compatible with Python 3.13 (replace PyEval_CallObject
with PyObject_CallObject)
- fix typo in extern function signature (and proper type of
engine_ctrl_cmd_string())
- move the package to Sorucehut
- setup CI to use Sourcehut CI
- setup CI on GitLab for Windows as well (remove Appveyor)
- initial draft of documentation for migration to
pyca/cryptography
- fix Read the Docs configuration (contributed kindly by Facundo
Tuesca)
- Remove upstreamed 32bit_ASN1_Time.patch
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
- Build for modern python stack on SLE/Leap
- zypp-plugin
-
- version 0.6.5
- Build package for multiple Python flavors on the SLE15 family
(fixes #4)
- rsync
-
- Fix bsc#1237187 - broken rsyncd
* Lists digests available in greeting line
* Add rsync-fix-daemon-proto-32.patch
- rubygem-rack
-
- security update
- added patches
fix CVE-2025-27610 [bsc#1239298], improper sanitization of user-supplied paths
+ rubygem-rack-CVE-2025-27610.patch
- security update
- added patches
fix CVE-2025-25184 [bsc#1237141], Rack::CommonLogger can be exploited by crafting input
+ rubygem-rack-CVE-2025-25184.patch
fix CVE-2025-27111 [bsc#1238607], Escape Sequence Injection vulnerability in Rack lead to Possible Log Injection
+ rubygem-rack-CVE-2025-27111.patch
- saptune
-
- update package version of saptune to 3.1.5
* on Azure cloud create a saptune service drop-in file to start
saptune after cloud-final.service
(bsc#1235824, jsc#SAPSOL-523)
* fix NVMe device detection and update man page saptune-note.5
(bsc#1233126)
* fix wrong error handling, if system limits.conf file is missing
and skip reading system limits.conf file on SLES 16 as it can
not contain customer changes
(bsc#1236232)
* fix value for grub transparent_hugepage entries in Note 2684254
(bsc#1235579)
- 000release-packages:sle-ha-release
-
n/a
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-live-patching-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-sap-applications-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- suse-build-key
-
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
- timezone
-
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
* Fixes testsuite failures for other packages
- vim
-
- Introduce patch to fix bsc#1235751 (regression).
* vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
* 9.1.1176: wrong indent when expanding multiple lines
* 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
* 9.1.1174: tests: Test_complete_cmdline() may fail
* 9.1.1173: filetype: ABNF files are not detected
* 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
* 9.1.1171: tests: wrong arguments passed to assert_equal()
* 9.1.1170: wildmenu highlighting in popup can be improved
* 9.1.1169: using global variable for get_insert()/get_lambda_name()
* 9.1.1168: wrong flags passed down to nextwild()
* 9.1.1167: mark '] wrong after copying text object
* 9.1.1166: command-line auto-completion hard with wildmenu
* 9.1.1165: diff: regression with multi-file diff blocks
* 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
* 9.1.1163: $MYVIMDIR is set too late
* 9.1.1162: completion popup not cleared in cmdline
* 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
* 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
* 9.1.1159: $MYVIMDIR may not always be set
* 9.1.1158: :verbose set has wrong file name with :compiler!
* 9.1.1157: command completion wrong for input()
* 9.1.1156: tests: No test for what patch 9.1.1152 fixes
* 9.1.1155: Mode message not cleared after :silent message
* 9.1.1154: Vim9: not able to use autoload class accross scripts
* 9.1.1153: build error on Haiku
* 9.1.1152: Patch v9.1.1151 causes problems
* 9.1.1151: too many strlen() calls in getchar.c
* 9.1.1150: :hi completion may complete to wrong value
* 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
* 9.1.1148: Vim9: finding imported scripts can be further improved
* 9.1.1147: preview-window does not scroll correctly
* 9.1.1146: Vim9: wrong context being used when evaluating class member
* 9.1.1145: multi-line completion has wrong indentation for last line
* 9.1.1144: no way to create raw strings from a blob
* 9.1.1143: illegal memory access when putting a register
* 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
* 9.1.1141: Misplaced comment in readfile()
* 9.1.1140: filetype: m17ndb files are not detected
* 9.1.1139: [fifo] is not displayed when editing a fifo
* 9.1.1138: cmdline completion for :hi is too simplistic
* 9.1.1137: ins_str() is inefficient by calling STRLEN()
* 9.1.1136: Match highlighting marks a buffer region as changed
* 9.1.1135: 'suffixesadd' doesn't work with multiple items
* 9.1.1134: filetype: Guile init file not recognized
* 9.1.1133: filetype: xkb files not recognized everywhere
* 9.1.1132: Mark positions wrong after triggering multiline completion
* 9.1.1131: potential out-of-memory issue in search.c
* 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
* 9.1.1129: missing out-of-memory test in buf_write()
* 9.1.1128: patch 9.1.1119 caused a regression with imports
* 9.1.1127: preinsert text is not cleaned up correctly
* 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
* 9.1.1125: cannot loop through pum menu with multiline items
* 9.1.1124: No test for 'listchars' "precedes" with double-width char
* 9.1.1123: popup hi groups not falling back to defaults
* 9.1.1122: too many strlen() calls in findfile.c
* 9.1.1121: Enter does not insert newline with "noselect"
* 9.1.1120: tests: Test_registers fails
* 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
* 9.1.1118: tests: test_termcodes fails
* 9.1.1117: there are a few minor style issues
* 9.1.1116: Vim9: super not supported in lambda expressions
* 9.1.1115: [security]: use-after-free in str_to_reg()
* 9.1.1114: enabling termguicolors automatically confuses users
* 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
* 9.1.1112: Inconsistencies in get_next_or_prev_match()
* 9.1.1111: Vim9: variable not found in transitive import
* 9.1.1110: Vim tests are slow and flaky
* 9.1.1109: cmdexpand.c hard to read
* 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
* 9.1.1107: cannot loop through completion menu with fuzzy
* 9.1.1106: tests: Test_log_nonexistent() causes asan failure
* 9.1.1105: Vim9: no support for protected new() method
* 9.1.1104: CI: using Ubuntu 22.04 Github runners
* 9.1.1103: if_perl: still some compile errors with Perl 5.38
* 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
- zypper
-
- Annonunce --root in commands not launching a Target
(bsc#1237044)
- BuildRequires: libzypp-devel >= 17.36.3.
- version 1.14.85