- bind
-
- dnssec-keygen can no longer generate HMAC keys.
Use tsig-keygen instead.
modified genDDNSkey script to reflect this.
[vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
negotiation can be targeted by a buffer overflow attack
[bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
- docker
-
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- drbd-utils
-
- bsc#1182361, pacemaker2 compat issue for crm-fence-peer.9
use --xml format of crm_mon
Add patch crm-fence-peer-pacemaker2-format.patch
Add patch crm-fence-peer-pacemaker2-use-xml.patch
- bsc#1176065, fail to get master id from cib xml in fence handler
Add patch crm-fence-peer-pacemaker2-issue2.patch
- fence-agents
-
- bsc#1180518 [15sp3 FEAT] Product-HA / High Availability Extension:
Add IBM Z LPAR fence agent fence_ibmz to Pacemaker (kvm) (fence-agents)
- gcc7
-
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- add gcc7-pr81942.patch [bsc#1181618]
- glibc
-
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
(CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
/sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
- golang-github-docker-libnetwork
-
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
the patch entirely. bsc#1180401 bsc#1182168
- boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- grub2
-
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
* 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
* 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
* 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
* 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
* 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
* 0033-util-mkimage-Improve-data_size-value-calculation.patch
* 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
* 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
* 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
* 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
* 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
* 0022-kern-parser-Fix-a-memory-leak.patch
* 0023-kern-parser-Introduce-process_char-helper.patch
* 0024-kern-parser-Introduce-terminate_arg-helper.patch
* 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
* 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
* 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
* 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
* 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
* 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
* 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
* 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
* 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
* 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
* 0005-efi-Add-secure-boot-detection.patch
* 0006-kern-Add-lockdown-support.patch
* 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
* 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
* 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
* 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
* 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
* 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
* 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
* 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
* 0015-gdb-Restrict-GDB-access-when-locked-down.patch
* 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
* 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
* 0038-squash-grub2-efi-chainload-harder.patch
* 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
* 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
* 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
* grub2.spec
- hawk2
-
- Update to version 2.6.0:
* Use fullpath of binary (bsc#1181436)
* remove %x (bsc#1182163)
- java-1_8_0-ibm
-
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
[bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
* CVE-2020-27221: Potential for a stack-based buffer overflow
when the virtual machine or JNI natives are converting from
UTF-8 characters to platform encoding.
* CVE-2020-14803: Unauthenticated attacker with network access
via multiple protocols allows to compromise Java SE.
- lifecycle-data-sle-module-live-patching
-
- Added data for 4_12_14-150_66, 4_12_14-197_78, 5_3_18-24_46, 5_3_18-24_49. (bsc#1020320)
- openssh
-
- Update openssh-7.6p1-audit.patch (bsc#1180501). This fixes
occasional crashes on connection termination caused by accessing
freed memory.
- python-Jinja2
-
- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
been called with untrusted user data (bsc#1181944).
Added CVE-2020-28493.patch
- python-cffi
-
- add cc2546f3388b6eeb8b18bdbe82a8c3a4c7b48ceb.patch (bsc#1182471):
Restore compatibility with Python 2.7 update
- python-cryptography
-
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
* Using the Fernet class to symmetrically encrypt multi gigabyte values
could result in an integer overflow and buffer overflow.
- python-distro
-
- %python3_only -> %python_alternative
- Update to 1.5.0:
* Backward Compatibility:
+ Keep output as native string so we can compatible with python2 interface
* Bug Fixes:
+ Fix detection of RHEL 6 ComputeNode [#255]
+ Fix Oracle 4/5 lsb_release id and names [#250]
+ Ignore /etc/plesk-release file while parsing distribution
- Update to version 1.4.0:
* Backward Compatibility:
* Prefer the VERSION_CODENAME field of os-release to parsing it from VERSION [[#230](https://github.com/nir0s/distro/pull/230)]
* Bug Fixes:
* Return _uname_info from the uname_info() method [[#233](https://github.com/nir0s/distro/pull/233)]
* Fixed CloudLinux id discovery [[#234](https://github.com/nir0s/distro/pull/234)]
* Update Oracle matching [[#224](https://github.com/nir0s/distro/pull/224)]
* Docs:
* Distro is the recommended replacement for platform.linux_distribution [[#220](https://github.com/nir0s/distro/pull/220)]
* Release:
* Use Markdown for long description in setup.py [[#219](https://github.com/nir0s/distro/pull/219)]
- Drop useless BuildRequires of python-flake8 and python-pytest-cov
- Add assert_locale.patch to warn about wrong locale.
- Enable tests properly (this is pytest, not unittest),
it is necessary to explicitly set locale to an Unicode one
(https://github.com/nir0s/distro/issues/223)
- update to version 1.3.0:
* improvements for other operating systems
* documentation:
* Add Ansible reference implementation and fix arch-linux link (#213)
* Add facter reference implementation (#213)
- python3
-
- Resync with python36 Factory package.
- Make this %primary_interpreter
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Change setuptools and pip version numbers according to new
wheels (bsc#1179756).
- screen
-
- Fix double width combining char handling that could lead
to a segfault [bnc#1182092] [CVE-2021-26937]
new patch: combchar.diff
- tcl
-
- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.