From sle-container-updates at lists.suse.com Tue Apr 2 07:03:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Apr 2024 09:03:10 +0200 (CEST) Subject: SUSE-CU-2024:1213-1: Recommended update of bci/bci-init Message-ID: <20240402070310.32158FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1213-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.15.1 , bci/bci-init:latest Container Release : 15.1 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:sles15-image-15.0.0-36.11.17 updated From sle-container-updates at lists.suse.com Tue Apr 2 07:05:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Apr 2024 09:05:16 +0200 (CEST) Subject: SUSE-CU-2024:1219-1: Recommended update of bci/php-apache Message-ID: <20240402070516.0E2E9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1219-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.34 Container Release : 12.34 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:sles15-image-15.0.0-36.11.17 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:04:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:04:23 +0200 (CEST) Subject: SUSE-CU-2024:1229-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240403070423.B8CC4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1229-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.18 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.18 Container Release : 3.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - libimaevm3-1.4-150400.3.2.1 added - rpm-ndb-4.14.3-150400.59.10.1 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:09:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:09:50 +0200 (CEST) Subject: SUSE-CU-2024:1245-1: Security update of bci/bci-minimal Message-ID: <20240403070950.AAF92FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1245-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.18.3 , bci/bci-minimal:latest Container Release : 18.3 Severity : important Type : security References : 1201627 1202870 1207534 1207789 1211430 1213487 1213517 1213853 1215215 1216922 1219243 CVE-2022-4304 CVE-2023-2650 CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 CVE-2024-0727 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2796-1 Released: Fri Aug 12 14:34:31 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: This update for jitterentropy fixes the following issues: jitterentropy is included in version 3.4.0 (jsc#SLE-24941): This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3328-1 Released: Wed Sep 21 12:48:56 2022 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1202870 This update for jitterentropy fixes the following issues: - Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2965-1 Released: Tue Jul 25 12:30:22 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213487,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3102-1 Released: Tue Aug 1 14:11:53 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1213517 This update for openssl-1_1 fixes the following issues: - Dont pass zero length input to EVP_Cipher (bsc#1213517) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3242-1 Released: Tue Aug 8 18:19:40 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4105-1 Released: Wed Oct 18 08:15:40 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4518-1 Released: Tue Nov 21 17:35:30 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - libimaevm3-1.4-150400.3.2.1 added - libjitterentropy3-3.4.0-150000.1.9.1 added - libopenssl1_1-1.1.1l-150500.17.25.1 added - rpm-ndb-4.14.3-150400.59.10.1 updated - container:micro-image-15.5.0-17.1 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:10:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:10:59 +0200 (CEST) Subject: SUSE-CU-2024:1249-1: Recommended update of bci/openjdk-devel Message-ID: <20240403071059.736B8FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1249-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.77 Container Release : 14.77 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:bci-openjdk-11-15.5.11-15.34 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:14:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:14:18 +0200 (CEST) Subject: SUSE-CU-2024:1259-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240403071418.5DF72FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1259-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.8.1 , bci/bci-sle15-kernel-module-devel:latest Container Release : 8.1 Severity : important Type : recommended References : 1221218 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - sed-4.4-150300.13.3.1 updated - container:sles15-image-15.0.0-36.11.17 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:14:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:14:18 +0200 (CEST) Subject: SUSE-CU-2024:1260-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240403071418.D4FF9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1260-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.8.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 8.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - dwz-0.12-150000.3.4.1 updated - rpm-build-4.14.3-150400.59.10.1 updated - container:sles15-image-15.0.0-36.11.18 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:14:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:14:39 +0200 (CEST) Subject: SUSE-CU-2024:1261-1: Recommended update of suse/sle15 Message-ID: <20240403071439.56718FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1261-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.18 , suse/sle15:15.5 , suse/sle15:15.5.36.11.18 Container Release : 36.11.18 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - libimaevm3-1.4-150400.3.2.1 added - rpm-ndb-4.14.3-150400.59.10.1 updated From sle-container-updates at lists.suse.com Wed Apr 3 07:15:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Apr 2024 09:15:01 +0200 (CEST) Subject: SUSE-CU-2024:1262-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240403071501.F33A9FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1262-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.21 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.21 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - python3-rpm-4.14.3-150400.59.10.1 updated From sle-container-updates at lists.suse.com Thu Apr 4 07:01:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Apr 2024 09:01:53 +0200 (CEST) Subject: SUSE-CU-2024:1263-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240404070153.BF5A8FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1263-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.1 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.1 Severity : critical Type : security References : 1029961 1044232 1105435 1107342 1114407 1119496 1124223 1125410 1126377 1131060 1131686 1138731 1138731 1154247 1157960 1158830 1166334 1170347 1170347 1173474 1173475 1174673 1176006 1176759 1177864 1181994 1186791 1186827 1188006 1188307 1190858 1194845 1196494 1196495 1197293 1198504 1199079 1200441 1200441 1202868 1203823 1204397 1204690 1204706 1206134 1206212 1206346 1206346 1206346 1206622 1206798 1208270 1208271 1208272 1208529 1209030 1209122 1211188 1211190 1211886 1212160 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1214248 1215294 1215377 1215434 1215496 1215698 1216410 1216412 1216752 1217000 1217215 1217593 1217873 1218126 1218186 1218209 1218232 1218291 1218475 1218571 1218571 1218782 1218831 1219123 1219123 1219189 1219189 1219238 1219243 1219321 1219442 1219576 1220117 1220385 1220770 1220771 1221218 CVE-2018-1000654 CVE-2019-3880 CVE-2021-46848 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-1667 CVE-2023-2283 CVE-2023-24532 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 CVE-2023-7207 CVE-2023-7207 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:207-1 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1119496 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2095-1 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:122-1 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731,1154247,1157960 This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3834-1 Released: Wed Sep 27 19:18:33 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4728-1 Released: Tue Dec 12 13:11:26 2023 Summary: Initial shipment of package sles-ltss-release Type: recommended Severity: important References: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP4 customers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:88-1 Released: Thu Jan 11 10:08:20 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:139-1 Released: Thu Jan 18 11:33:54 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - ca-certificates-mozilla-2.62-150200.30.1 added - ca-certificates-2+git20210309.21162a6-2.1 added - container-suseconnect-2.4.0-150000.4.50.2 added - coreutils-8.32-150400.9.3.1 updated - cpio-2.13-150400.3.6.1 updated - curl-8.0.1-150400.5.41.1 added - filesystem-15.0-150400.1.1 updated - glibc-2.31-150300.68.1 updated - krb5-1.19.2-150400.3.9.1 updated - kubic-locale-archive-2.31-10.36 added - libaudit1-3.0.6-150400.4.16.1 updated - libblkid1-2.37.2-150400.8.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libimaevm3-1.4-150400.3.2.1 added - libmount1-2.37.2-150400.8.26.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.63.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libp11-kit0-0.23.22-150400.1.10 added - libprocps8-3.3.17-150000.7.37.1 added - libsmartcols1-2.37.2-150400.8.26.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libsystemd0-249.17-150400.8.40.1 updated - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - libudev1-249.17-150400.8.40.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libzypp-17.31.31-150400.3.52.2 updated - login_defs-4.8.1-150400.10.15.1 updated - netcfg-11.6-150000.3.6.1 added - openssl-1_1-1.1.1l-150400.7.63.1 updated - p11-kit-tools-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - pam-1.3.0-150000.6.66.1 updated - procps-3.3.17-150000.7.37.1 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - skelcd-EULA-sles-2022.05.10-150400.2.1 added - sles-ltss-release-15.4-150400.13.5.3 added - sles-release-15.4-150400.58.7.3 added - suse-build-key-12.0-150000.8.43.1 added - timezone-2024a-150000.75.28.1 updated - util-linux-2.37.2-150400.8.26.1 updated - zypper-1.14.68-150400.3.40.2 updated - container:sles15-image-15.0.0-27.14.130 removed From sle-container-updates at lists.suse.com Thu Apr 4 07:02:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Apr 2024 09:02:23 +0200 (CEST) Subject: SUSE-CU-2024:1264-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240404070223.97718FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1264-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.1 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.1 Severity : critical Type : security References : 1029961 1044232 1105435 1107342 1114407 1119496 1124223 1125410 1126377 1131060 1131686 1138731 1138731 1154247 1157960 1158830 1166334 1170347 1170347 1173474 1173475 1174673 1176759 1177864 1181994 1186791 1186827 1188006 1190858 1194845 1196494 1196495 1197293 1198504 1199079 1199232 1199235 1200441 1200441 1202868 1204397 1204690 1204706 1206134 1206212 1206346 1206346 1206346 1206622 1206798 1208270 1208271 1208272 1208529 1209030 1209122 1211188 1211190 1211886 1212160 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1213514 1214248 1215294 1215377 1215434 1215496 1215698 1216410 1216412 1216752 1217000 1217215 1217593 1217873 1218126 1218186 1218209 1218232 1218291 1218475 1218571 1218571 1218782 1218831 1219123 1219123 1219189 1219189 1219238 1219243 1219321 1219442 1219576 1220117 1220385 1220770 1220771 1221218 CVE-2018-1000654 CVE-2019-3880 CVE-2021-46848 CVE-2022-1586 CVE-2022-1587 CVE-2022-41409 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-1667 CVE-2023-2283 CVE-2023-24532 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 CVE-2023-7207 CVE-2023-7207 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:207-1 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1119496 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2095-1 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:122-1 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731,1154247,1157960 This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3834-1 Released: Wed Sep 27 19:18:33 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4728-1 Released: Tue Dec 12 13:11:26 2023 Summary: Initial shipment of package sles-ltss-release Type: recommended Severity: important References: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP4 customers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:88-1 Released: Thu Jan 11 10:08:20 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:139-1 Released: Thu Jan 18 11:33:54 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:140-1 Released: Thu Jan 18 11:34:58 2024 Summary: Security update for libssh Type: security Severity: important References: 1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:238-1 Released: Fri Jan 26 10:56:41 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - ca-certificates-mozilla-2.62-150200.30.1 added - ca-certificates-2+git20210309.21162a6-2.1 added - container-suseconnect-2.4.0-150000.4.50.2 added - coreutils-8.32-150400.9.3.1 updated - cpio-2.13-150400.3.6.1 updated - curl-8.0.1-150400.5.41.1 added - filesystem-15.0-150400.1.1 updated - glibc-2.31-150300.68.1 updated - krb5-1.19.2-150400.3.9.1 updated - kubic-locale-archive-2.31-10.36 added - libaudit1-3.0.6-150400.4.16.1 updated - libblkid1-2.37.2-150400.8.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libfdisk1-2.37.2-150400.8.26.1 updated - libimaevm3-1.4-150400.3.2.1 added - libmount1-2.37.2-150400.8.26.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.63.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - libp11-kit0-0.23.22-150400.1.10 added - libpcre2-8-0-10.39-150400.4.9.1 added - libprocps8-3.3.17-150000.7.37.1 added - libselinux1-3.4-150400.1.8 updated - libsemanage-conf-3.4-150400.1.8 added - libsemanage2-3.4-150400.1.8 added - libsepol2-3.4-150400.1.11 added - libsmartcols1-2.37.2-150400.8.26.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libsystemd0-249.17-150400.8.40.1 updated - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - libudev1-249.17-150400.8.40.1 updated - libuuid1-2.37.2-150400.8.26.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libzypp-17.31.31-150400.3.52.2 updated - login_defs-4.8.1-150400.3.6.1 updated - netcfg-11.6-150000.3.6.1 added - openssl-1_1-1.1.1l-150400.7.63.1 updated - p11-kit-tools-0.23.22-150400.1.10 added - p11-kit-0.23.22-150400.1.10 added - pam-1.3.0-150000.6.66.1 updated - procps-3.3.17-150000.7.37.1 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150400.3.6.1 updated - skelcd-EULA-sles-2022.05.10-150400.2.1 added - sles-ltss-release-15.4-150400.13.5.3 added - sles-release-15.4-150400.58.7.3 added - suse-build-key-12.0-150000.8.43.1 added - timezone-2024a-150000.75.28.1 updated - util-linux-2.37.2-150400.8.26.1 updated - zypper-1.14.68-150400.3.40.2 updated - container:sles15-image-15.0.0-27.14.130 removed From sle-container-updates at lists.suse.com Thu Apr 4 07:06:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Apr 2024 09:06:14 +0200 (CEST) Subject: SUSE-CU-2024:1275-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240404070614.4B537FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1275-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.1 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.1 Severity : critical Type : security References : 1013125 1044232 1105435 1107342 1114407 1119496 1124223 1125410 1126377 1131060 1131686 1138731 1138731 1154247 1154871 1157960 1158095 1166334 1168699 1170347 1170347 1173474 1173475 1174673 1174713 1176759 1177864 1180064 1180065 1181994 1186791 1186827 1187993 1188006 1189608 1190858 1194845 1196494 1196495 1197293 1198504 1199079 1199915 1200441 1200441 1202868 1204397 1204690 1204706 1206134 1206212 1206346 1206346 1206346 1206622 1208270 1208271 1208272 1209030 1211188 1211190 1211886 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1214248 1215434 1215496 1215698 1216410 1217000 1217215 1218126 1218186 1218209 1218232 1218475 1218571 1218782 1218831 1219123 1219123 1219189 1219189 1219238 1219243 1219442 1219576 1220770 1220771 1221218 CVE-2018-1000654 CVE-2019-14889 CVE-2019-3880 CVE-2020-16135 CVE-2020-1730 CVE-2020-29361 CVE-2020-29362 CVE-2021-3634 CVE-2021-46848 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-1667 CVE-2023-2283 CVE-2023-24532 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 CVE-2023-7207 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:207-1 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1119496 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2095-1 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:122-1 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731,1154247,1157960 This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1988-1 Released: Wed Jun 16 15:31:57 2021 Summary: Optional update for skelcd Type: optional Severity: low References: This update for skelcd fixes the following issues: - add Czech EULA translation (jsc#SLE-17925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2332-1 Released: Thu Jul 7 22:54:56 2022 Summary: Recommended update for dracut Type: recommended Severity: low References: 1199915 This update for skelcd fixes the following issues: - Ship skelcd-EULA-bci to SLE-Module-Development-Tools-OBS_15-SP3 (bsc#1199915) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4448-1 Released: Tue Dec 13 10:16:48 2022 Summary: Initial shipment of package sles-ltss-release Type: recommended Severity: important References: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP3 customers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3834-1 Released: Wed Sep 27 19:18:33 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:139-1 Released: Thu Jan 18 11:33:54 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:461-1 Released: Tue Feb 13 15:30:06 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:475-1 Released: Wed Feb 14 19:08:44 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:525-1 Released: Mon Feb 19 08:03:59 2024 Summary: Security update for libssh Type: security Severity: important References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - ca-certificates-mozilla-2.62-150200.30.1 added - ca-certificates-2+git20210309.21162a6-2.1 added - container-suseconnect-2.4.0-150000.4.50.2 added - cpio-2.12-150000.3.12.1 updated - curl-7.66.0-150200.4.66.1 added - glibc-2.31-150300.68.1 updated - krb5-1.19.2-150300.16.1 updated - kubic-locale-archive-2.31-10.36 added - libblkid1-2.36.2-150300.4.38.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libfdisk1-2.36.2-150300.4.38.1 updated - libmount1-2.36.2-150300.4.38.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.85.1 updated - libopenssl1_1-1.1.1d-150200.11.85.1 updated - libp11-kit0-0.23.2-150000.4.16.1 added - libsmartcols1-2.36.2-150300.4.38.1 updated - libsolv-tools-0.7.28-150200.26.1 updated - libssh-config-0.9.8-150200.13.3.1 added - libssh4-0.9.8-150200.13.3.1 updated - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - libuuid1-2.36.2-150300.4.38.1 updated - libxml2-2-2.9.7-150000.3.66.1 updated - libzypp-17.31.31-150200.87.1 updated - netcfg-11.6-150000.3.6.1 added - openssl-1_1-1.1.1d-150200.11.85.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 added - p11-kit-0.23.2-150000.4.16.1 added - pam-1.3.0-150000.6.66.1 updated - sed-4.4-150300.13.3.1 updated - skelcd-EULA-sles-2021.05.14-150300.4.8.1 added - sles-ltss-release-15.3-150300.10.3.1 added - suse-build-key-12.0-150000.8.43.1 added - timezone-2024a-150000.75.28.1 updated - util-linux-2.36.2-150300.4.38.1 updated - container:sles15-image-15.0.0-17.20.233 removed From sle-container-updates at lists.suse.com Thu Apr 4 07:06:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Apr 2024 09:06:43 +0200 (CEST) Subject: SUSE-CU-2024:1276-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240404070643.1E318FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1276-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.1 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.1 Severity : critical Type : security References : 1013125 1044232 1099521 1105435 1107342 1114407 1119496 1124223 1125410 1126377 1131060 1131686 1138731 1138731 1154247 1154871 1157960 1158095 1166334 1168699 1170347 1170347 1173474 1173475 1174673 1174713 1176759 1177864 1180064 1180065 1181994 1186791 1186827 1187993 1188006 1189608 1190858 1194845 1196494 1196495 1197293 1198504 1199079 1199915 1200441 1200441 1202868 1204397 1204690 1204706 1206134 1206212 1206346 1206346 1206346 1206622 1208270 1208271 1208272 1209030 1211188 1211190 1211886 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1212475 1214248 1215434 1215496 1215698 1216410 1217000 1217215 1218126 1218186 1218209 1218232 1218475 1218571 1218782 1218831 1219123 1219123 1219189 1219189 1219238 1219243 1219442 1219576 1220770 1220771 1221218 CVE-2018-1000654 CVE-2019-14889 CVE-2019-3880 CVE-2020-16135 CVE-2020-1730 CVE-2020-29361 CVE-2020-29362 CVE-2021-3634 CVE-2021-46848 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-1667 CVE-2023-2283 CVE-2023-24532 CVE-2023-48795 CVE-2023-6004 CVE-2023-6918 CVE-2023-7207 CVE-2024-0727 CVE-2024-22365 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:82-1 Released: Fri Jan 11 17:16:48 2019 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1044232 This update for suse-build-key fixes the following issues: - Include the SUSE PTF GPG key in the key directory to avoid it being stripped via %doc stripping in CAASP. (bsc#1044232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:207-1 Released: Tue Jan 29 20:20:24 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1119496 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.0.0 (bsc#1119496): - Added command line interface - Added `ADDITIONAL_MODULES` capability to enable further extension modules during image build and run - Added documentation about how to build docker images on non SLE distributions - Improve documentation to clarify how container-suseconnect works in a Dockerfile - Improve error handling on non SLE hosts - Fix bug which makes container-suseconnect work on SLE15 based distributions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1040-1 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Type: security Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1372-1 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Type: security Severity: moderate References: 1105435,CVE-2018-1000654 This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2095-1 Released: Fri Aug 9 06:56:48 2019 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.1.0 (bsc#1138731), fixing interacting with SCC behind proxy and SMT. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:3240-1 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Type: recommended Severity: moderate References: 1154871 This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:122-1 Released: Fri Jan 17 10:56:07 2020 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1138731,1154247,1157960 This update for container-suseconnect fixes the following issues: - Fix usage with RMT and SMT. (bsc#1157960) - Parse the /etc/products.d/*.prod files. - Fix function comments based on best practices from Effective Go. (bsc#1138731) - Implement interacting with SCC behind proxy and SMT. (bsc#1154247) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:279-1 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Type: recommended Severity: moderate References: 1013125 This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:690-1 Released: Fri Mar 13 17:09:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1166334 This update for suse-build-key fixes the following issues: - created a new security at suse.de communication key (bsc#1166334) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1112-1 Released: Fri Apr 24 16:44:20 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347 This update for suse-build-key fixes the following issues: - add a /usr/share/container-keys/ directory for GPG based Container verification. - Add the SUSE build key as 'suse-container-key.asc'. (PM-1845 bsc#1170347) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2126-1 Released: Wed Aug 5 09:26:46 2020 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: moderate References: 1173474,1173475 This update for cloud-regionsrv-client fixes the following issues: - Introduce containerbuild-regionsrv service to allow container building tools to access required data for accessing Public Cloud RMTs (bsc#1173474, bsc#1173475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2148-1 Released: Thu Aug 6 13:36:17 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1174673 This update for ca-certificates-mozilla fixes the following issues: Update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2825-1 Released: Fri Oct 2 08:44:28 2020 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1170347,1176759 This update for suse-build-key fixes the following issues: - The SUSE Notary Container key is different from the build signing key, include this key instead as suse-container-key. (PM-1845 bsc#1170347) - The SUSE build key for SUSE Linux Enterprise 12 and 15 is extended by 4 more years. (bsc#1176759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3157-1 Released: Wed Nov 4 15:37:05 2020 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1177864 This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1988-1 Released: Wed Jun 16 15:31:57 2021 Summary: Optional update for skelcd Type: optional Severity: low References: This update for skelcd fixes the following issues: - add Czech EULA translation (jsc#SLE-17925) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2191-1 Released: Mon Jun 28 18:38:12 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1186791 This update for patterns-microos provides the following fix: - Add zypper-migration-plugin to the default pattern. (bsc#1186791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2399-1 Released: Mon Jul 19 19:06:22 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:792-1 Released: Thu Mar 10 11:58:18 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1194845,1196494,1196495 This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1843-1 Released: Wed May 25 15:25:44 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1198504 This update for suse-build-key fixes the following issues: - still ship the old ptf key in the documentation directory (bsc#1198504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2332-1 Released: Thu Jul 7 22:54:56 2022 Summary: Recommended update for dracut Type: recommended Severity: low References: 1199915 This update for skelcd fixes the following issues: - Ship skelcd-EULA-bci to SLE-Module-Development-Tools-OBS_15-SP3 (bsc#1199915) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate References: 1180065,CVE-2020-29362 This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3395-1 Released: Mon Sep 26 16:35:18 2022 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: 1181994,1188006,1199079,1202868 This update for ca-certificates-mozilla fixes the following issues: Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) - Added: - Certainly Root E1 - Certainly Root R1 - DigiCert SMIME ECC P384 Root G5 - DigiCert SMIME RSA4096 Root G5 - DigiCert TLS ECC P384 Root G5 - DigiCert TLS RSA4096 Root G5 - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Removed: - Hellenic Academic and Research Institutions RootCA 2011 Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) - Added: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - D-TRUST BR Root CA 1 2020 - D-TRUST EV Root CA 1 2020 - GlobalSign ECC Root CA R4 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 - HiPKI Root CA - G1 - ISRG Root X2 - Telia Root CA v2 - vTrus ECC Root CA - vTrus Root CA - Removed: - Cybertrust Global Root - DST Root CA X3 - DigiNotar PKIoverheid CA Organisatie - G2 - GlobalSign ECC Root CA R4 - GlobalSign Root CA R2 - GTS Root R1 - GTS Root R2 - GTS Root R3 - GTS Root R4 Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) - Added: - HARICA Client ECC Root CA 2021 - HARICA Client RSA Root CA 2021 - HARICA TLS ECC Root CA 2021 - HARICA TLS RSA Root CA 2021 - TunTrust Root CA Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CAs: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3781-1 Released: Wed Oct 26 17:50:44 2022 Summary: Security update for container-suseconnect Type: security Severity: moderate References: 1204397 This update of container-suseconnect is a rebuilt of the previous sources against the current security updated go compiler. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical References: 1204690,CVE-2021-46848 This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4412-1 Released: Tue Dec 13 04:47:03 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1204706 This update for suse-build-key fixes the following issues: - added /usr/share/pki/containers directory for container pem keys (cosign/sigstore style), put the SUSE Container signing PEM key there too (bsc#1204706) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4448-1 Released: Tue Dec 13 10:16:48 2022 Summary: Initial shipment of package sles-ltss-release Type: recommended Severity: important References: This patch ships the sles-ltss-release package to SUSE Linux Enterprise Server 15 SP3 customers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4458-1 Released: Tue Dec 13 13:16:04 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: 1186827 This update for container-suseconnect fixes the following issues: container-suseconnect was updated to 2.4.0 (jsc#PED-1710): * Fix docker build example for non-SLE hosts * Minor fixes to --help and README * Improve documentation when building with podman on non-SLE host * Add flag --log-credentials-errors * Update capture to the 1.0.0 release * Use URL.Redacted() to avoid security scanner warning * Regcode fix - strip binaries (removes 4MB/25% of the uncompressed size) (bsc#1186827) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2923-1 Released: Thu Jul 20 19:34:50 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3264-1 Released: Thu Aug 10 16:05:20 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3539-1 Released: Tue Sep 5 16:41:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3834-1 Released: Wed Sep 27 19:18:33 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4125-1 Released: Thu Oct 19 09:34:58 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4309-1 Released: Tue Oct 31 14:09:03 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4511-1 Released: Tue Nov 21 16:43:08 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4807-1 Released: Wed Dec 13 18:07:37 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1212475 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:139-1 Released: Thu Jan 18 11:33:54 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:461-1 Released: Tue Feb 13 15:30:06 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:475-1 Released: Wed Feb 14 19:08:44 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:525-1 Released: Mon Feb 19 08:03:59 2024 Summary: Security update for libssh Type: security Severity: important References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:734-1 Released: Thu Feb 29 13:16:38 2024 Summary: Recommended update for go1.21 Type: recommended Severity: moderate References: 1212475 This update for go1.21 fixes the following issues: go1.21.7 (released 2024-02-06) includes fixes to the compiler, the go command, the runtime, and the crypto/x509 package. (bsc#1212475 go1.21 release tracking) * go#63209 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21 * go#63768 runtime: pinner.Pin doesn't panic when it says it will * go#64497 cmd/go: flag modcacherw does not take effect in the target package * go#64761 staticlockranking builders failing on release branches on LUCI * go#64935 runtime: 'traceback: unexpected SPWRITE function runtime.systemstack' * go#65023 x/tools/go/analysis/unitchecker,slices: TestVetStdlib failing due to vet errors in panic tests * go#65053 cmd/compile: //go:build file version ignored when calling generic fn which has related type params * go#65323 crypto: rollback BoringCrypto fips-20220613 update * go#65351 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65380 crypto/x509: TestIssue51759 consistently failing on gotip-darwin-amd64_10.15 LUCI builder * go#65449 runtime/trace: frame pointer unwinding crash on arm64 during async preemption ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - ca-certificates-mozilla-2.62-150200.30.1 added - ca-certificates-2+git20210309.21162a6-2.1 added - container-suseconnect-2.4.0-150000.4.50.2 added - cpio-2.12-150000.3.12.1 updated - curl-7.66.0-150200.4.66.1 added - filesystem-15.0-5.1 updated - glibc-2.31-150300.68.1 updated - krb5-1.19.2-150300.16.1 updated - kubic-locale-archive-2.31-10.36 added - libblkid1-2.36.2-150300.4.38.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libfdisk1-2.36.2-150300.4.38.1 updated - libmount1-2.36.2-150300.4.38.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.85.1 updated - libopenssl1_1-1.1.1d-150200.11.85.1 updated - libp11-kit0-0.23.2-150000.4.16.1 added - libselinux1-3.1-150300.5.14 updated - libsemanage1-3.1-150300.4.12 updated - libsepol1-3.1-150300.2.20 updated - libsmartcols1-2.36.2-150300.4.38.1 updated - libsolv-tools-0.7.28-150200.26.1 updated - libssh-config-0.9.8-150200.13.3.1 added - libssh4-0.9.8-150200.13.3.1 updated - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - libuuid1-2.36.2-150300.4.38.1 updated - libxml2-2-2.9.7-150000.3.66.1 updated - libzypp-17.31.31-150200.87.1 updated - netcfg-11.6-150000.3.6.1 added - openssl-1_1-1.1.1d-150200.11.85.1 updated - p11-kit-tools-0.23.2-150000.4.16.1 added - p11-kit-0.23.2-150000.4.16.1 added - pam-1.3.0-150000.6.66.1 updated - sed-4.4-150300.13.3.1 updated - skelcd-EULA-sles-2021.05.14-150300.4.8.1 added - sles-ltss-release-15.3-150300.10.3.1 added - sles-release-15.3-55.4.1 added - suse-build-key-12.0-150000.8.43.1 added - timezone-2024a-150000.75.28.1 updated - util-linux-2.36.2-150300.4.38.1 updated - container:sles15-image-15.0.0-17.20.233 removed From sle-container-updates at lists.suse.com Tue Apr 9 07:05:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:05:03 +0200 (CEST) Subject: SUSE-CU-2024:1284-1: Security update of bci/dotnet-runtime Message-ID: <20240409070503.97625FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1284-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-24.8 , bci/dotnet-runtime:6.0.28 , bci/dotnet-runtime:6.0.28-24.8 Container Release : 24.8 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:05:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:05:14 +0200 (CEST) Subject: SUSE-CU-2024:1285-1: Security update of suse/postgres Message-ID: <20240409070514.C2624FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1285-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.37 , suse/postgres:16.2 , suse/postgres:16.2-6.37 , suse/postgres:latest Container Release : 6.37 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:05:37 +0200 (CEST) Subject: SUSE-CU-2024:1286-1: Security update of bci/python Message-ID: <20240409070537.EBE1DFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1286-1 Container Tags : bci/python:3 , bci/python:3-17.38 , bci/python:3.11 , bci/python:3.11-17.38 , bci/python:latest Container Release : 17.38 Severity : important Type : security References : 1219559 1220061 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - curl-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:06:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:06:01 +0200 (CEST) Subject: SUSE-CU-2024:1287-1: Security update of bci/python Message-ID: <20240409070601.C4D2FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1287-1 Container Tags : bci/python:3 , bci/python:3-18.39 , bci/python:3.6 , bci/python:3.6-18.39 Container Release : 18.39 Severity : important Type : security References : 1219559 1220061 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - curl-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:06:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:06:23 +0200 (CEST) Subject: SUSE-CU-2024:1288-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240409070623.5BB64FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1288-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.22 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.22 Severity : important Type : security References : 1219559 1221289 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) The following package changes have been done: - libexpat1-2.4.4-150400.3.17.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:06:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:06:36 +0200 (CEST) Subject: SUSE-CU-2024:1289-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240409070636.14B84FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1289-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.11 , suse/manager/4.3/proxy-salt-broker:4.3.11.9.39.23 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.39.23 Severity : important Type : security References : 1219559 1221289 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) The following package changes have been done: - libexpat1-2.4.4-150400.3.17.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:06:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:06:49 +0200 (CEST) Subject: SUSE-CU-2024:1290-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240409070649.4A3B2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1290-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.11 , suse/manager/4.3/proxy-ssh:4.3.11.9.39.17 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.39.17 Severity : important Type : security References : 1219559 1221289 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) The following package changes have been done: - libexpat1-2.4.4-150400.3.17.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:07:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:07:03 +0200 (CEST) Subject: SUSE-CU-2024:1291-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240409070703.1FCAEFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1291-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.11 , suse/manager/4.3/proxy-tftpd:4.3.11.9.39.15 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.39.15 Severity : important Type : security References : 1219559 1221289 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) The following package changes have been done: - libexpat1-2.4.4-150400.3.17.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:01:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:01:09 +0200 (CEST) Subject: SUSE-IU-2024:317-1: Security update of suse-sles-15-sp5-chost-byos-v20240403-x86_64-gen2 Message-ID: <20240409070109.7173AFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240403-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:317-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240403-x86_64-gen2:20240403 Image Release : Severity : important Type : security References : 1027519 1027519 1176006 1181762 1188307 1190495 1192051 1194869 1198533 1200731 1203823 1206453 1209412 1213456 1214169 1214691 1214713 1215377 1215692 1216594 1216598 1216776 1217083 1217445 1217589 1217927 1217964 1218195 1218216 1218232 1218450 1218527 1218632 1218663 1218812 1218814 1218842 1218851 1218866 1218915 1218926 1218927 1218952 1219080 1219126 1219127 1219141 1219146 1219241 1219248 1219265 1219295 1219321 1219443 1219639 1219653 1219666 1219751 1219767 1219827 1219835 1219839 1219840 1219841 1219885 1219885 1219934 1220003 1220009 1220021 1220030 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220392 1220393 1220398 1220409 1220444 1220457 1220459 1220485 1220649 1220679 1220770 1220771 1220772 1220796 1220825 1221050 1221134 1221151 1221218 1221332 1221334 1221470 1221675 1221779 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2022-48566 CVE-2023-28746 CVE-2023-28746 CVE-2023-38469 CVE-2023-38471 CVE-2023-42465 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46841 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-6597 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-2193 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-25744 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240403-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:830-1 Released: Mon Mar 11 09:38:33 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1218851,1219080,1219885,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851). - CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080). - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:876-1 Released: Wed Mar 13 15:45:34 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:878-1 Released: Thu Mar 14 08:22:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1181762,1219248 This update for grub2 fixes the following issues: - Fix grub.xen memdisk script looking for /boot/grub/grub.cfg (bsc#1219248, bsc#1181762) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:895-1 Released: Thu Mar 14 15:54:25 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:943-1 Released: Wed Mar 20 09:15:24 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1013-1 Released: Wed Mar 27 17:49:06 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221779 This update for grub2 fixes the following issues: - Fix memdisk becomes the default boot entry, fixes no graphic display device error in guest vnc console (bsc#1221779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1014-1 Released: Wed Mar 27 18:33:55 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:44 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1102-1 Released: Wed Apr 3 14:10:17 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219885,1221332,1221334,CVE-2023-28746,CVE-2023-46841,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) - CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - audit-3.0.6-150400.4.16.1 updated - cloud-init-config-suse-23.3-150100.8.74.7 updated - cloud-init-23.3-150100.8.74.7 updated - containerd-ctr-1.7.10-150000.108.1 updated - containerd-1.7.10-150000.108.1 updated - coreutils-8.32-150400.9.3.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-24.0.7_ce-150000.198.2 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - glibc-2.31-150300.68.1 updated - grub2-i386-pc-2.06-150500.29.22.2 updated - grub2-x86_64-efi-2.06-150500.29.22.2 updated - grub2-2.06-150500.29.22.2 updated - kernel-default-5.14.21-150500.55.52.1 updated - krb5-1.20.1-150500.3.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libauparse0-3.0.6-150400.4.16.1 updated - libavahi-client3-0.8-150400.7.16.1 updated - libavahi-common3-0.8-150400.7.16.1 updated - libimaevm3-1.4-150400.3.2.1 added - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - libuv1-1.44.2-150500.3.2.1 updated - login_defs-4.8.1-150400.10.15.1 updated - pam-config-1.1-150200.3.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 updated - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.57.1 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - runc-1.1.12-150000.64.1 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - sudo-1.9.12p1-150500.7.10.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - suseconnect-ng-1.8.0-150500.3.18.1 updated - system-group-audit-3.0.6-150400.4.16.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150500.3.15.1 updated - wicked-0.6.74-150500.3.15.1 updated - xen-libs-4.17.3_08-150500.3.27.1 updated - xfsprogs-5.13.0-150400.3.5.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:01:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:01:14 +0200 (CEST) Subject: SUSE-IU-2024:318-1: Security update of suse-sles-15-sp5-chost-byos-v20240403-hvm-ssd-x86_64 Message-ID: <20240409070114.A077DFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240403-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:318-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240403-hvm-ssd-x86_64:20240403 Image Release : Severity : important Type : security References : 1027519 1027519 1176006 1181762 1188307 1190495 1192051 1194869 1198533 1200731 1203823 1206453 1209412 1213456 1214169 1214691 1214713 1215377 1215692 1216594 1216598 1216776 1217083 1217445 1217589 1217927 1217964 1218195 1218216 1218232 1218450 1218527 1218632 1218663 1218812 1218814 1218842 1218851 1218866 1218915 1218926 1218927 1218952 1219080 1219126 1219127 1219141 1219146 1219241 1219248 1219265 1219295 1219321 1219443 1219639 1219653 1219666 1219751 1219767 1219827 1219835 1219839 1219840 1219841 1219885 1219885 1219934 1220003 1220009 1220021 1220030 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220392 1220393 1220398 1220409 1220444 1220457 1220459 1220485 1220649 1220679 1220770 1220771 1220772 1220796 1220825 1221050 1221134 1221151 1221218 1221332 1221334 1221470 1221675 1221779 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2022-48566 CVE-2023-28746 CVE-2023-28746 CVE-2023-38469 CVE-2023-38471 CVE-2023-42465 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46841 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-6597 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-2193 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-25744 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240403-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:830-1 Released: Mon Mar 11 09:38:33 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1218851,1219080,1219885,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851). - CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080). - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:876-1 Released: Wed Mar 13 15:45:34 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:878-1 Released: Thu Mar 14 08:22:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1181762,1219248 This update for grub2 fixes the following issues: - Fix grub.xen memdisk script looking for /boot/grub/grub.cfg (bsc#1219248, bsc#1181762) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:895-1 Released: Thu Mar 14 15:54:25 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:943-1 Released: Wed Mar 20 09:15:24 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1013-1 Released: Wed Mar 27 17:49:06 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221779 This update for grub2 fixes the following issues: - Fix memdisk becomes the default boot entry, fixes no graphic display device error in guest vnc console (bsc#1221779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1014-1 Released: Wed Mar 27 18:33:55 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:44 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1102-1 Released: Wed Apr 3 14:10:17 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219885,1221332,1221334,CVE-2023-28746,CVE-2023-46841,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) - CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - audit-3.0.6-150400.4.16.1 updated - cloud-init-config-suse-23.3-150100.8.74.7 updated - cloud-init-23.3-150100.8.74.7 updated - containerd-ctr-1.7.10-150000.108.1 updated - containerd-1.7.10-150000.108.1 updated - coreutils-8.32-150400.9.3.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-24.0.7_ce-150000.198.2 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - glibc-2.31-150300.68.1 updated - grub2-i386-pc-2.06-150500.29.22.2 updated - grub2-x86_64-efi-2.06-150500.29.22.2 updated - grub2-x86_64-xen-2.06-150500.29.22.2 updated - grub2-2.06-150500.29.22.2 updated - kernel-default-5.14.21-150500.55.52.1 updated - krb5-1.20.1-150500.3.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libauparse0-3.0.6-150400.4.16.1 updated - libavahi-client3-0.8-150400.7.16.1 updated - libavahi-common3-0.8-150400.7.16.1 updated - libimaevm3-1.4-150400.3.2.1 added - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - libuv1-1.44.2-150500.3.2.1 updated - login_defs-4.8.1-150400.10.15.1 updated - pam-config-1.1-150200.3.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 updated - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.57.1 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - runc-1.1.12-150000.64.1 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - sudo-1.9.12p1-150500.7.10.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - suseconnect-ng-1.8.0-150500.3.18.1 updated - system-group-audit-3.0.6-150400.4.16.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150500.3.15.1 updated - wicked-0.6.74-150500.3.15.1 updated - xen-libs-4.17.3_08-150500.3.27.1 updated - xen-tools-domU-4.17.3_08-150500.3.27.1 updated - xfsprogs-5.13.0-150400.3.5.1 updated From sle-container-updates at lists.suse.com Tue Apr 9 07:01:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Apr 2024 09:01:24 +0200 (CEST) Subject: SUSE-IU-2024:319-1: Security update of sles-15-sp5-chost-byos-v20240403-arm64 Message-ID: <20240409070124.8E0B7FCEF@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240403-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:319-1 Image Tags : sles-15-sp5-chost-byos-v20240403-arm64:20240403 Image Release : Severity : important Type : security References : 1027519 1027519 1176006 1181762 1188307 1190495 1192051 1194869 1198533 1200731 1203823 1206453 1209412 1213456 1214169 1214691 1214713 1215377 1215692 1216594 1216598 1216776 1217083 1217445 1217589 1217927 1217964 1218195 1218216 1218232 1218450 1218527 1218632 1218663 1218812 1218814 1218842 1218851 1218866 1218915 1218926 1218927 1218952 1219080 1219126 1219127 1219141 1219146 1219241 1219248 1219265 1219295 1219321 1219443 1219639 1219653 1219666 1219751 1219767 1219827 1219835 1219839 1219840 1219841 1219885 1219885 1219934 1219941 1220003 1220009 1220021 1220030 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220392 1220393 1220398 1220409 1220444 1220457 1220459 1220485 1220649 1220679 1220770 1220771 1220772 1220796 1220825 1221050 1221134 1221151 1221218 1221332 1221334 1221470 1221675 1221779 CVE-2019-25162 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2022-48566 CVE-2023-28746 CVE-2023-28746 CVE-2023-38469 CVE-2023-38471 CVE-2023-42465 CVE-2023-46839 CVE-2023-46840 CVE-2023-46841 CVE-2023-46841 CVE-2023-5197 CVE-2023-52340 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-6597 CVE-2023-6817 CVE-2024-0607 CVE-2024-1151 CVE-2024-2193 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-25744 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240403-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:830-1 Released: Mon Mar 11 09:38:33 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1218851,1219080,1219885,CVE-2023-46839,CVE-2023-46840,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851). - CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080). - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:876-1 Released: Wed Mar 13 15:45:34 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:878-1 Released: Thu Mar 14 08:22:03 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1181762,1219248 This update for grub2 fixes the following issues: - Fix grub.xen memdisk script looking for /boot/grub/grub.cfg (bsc#1219248, bsc#1181762) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:895-1 Released: Thu Mar 14 15:54:25 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265,1219751 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:914-1 Released: Mon Mar 18 06:39:03 2024 Summary: Recommended update for shadow Type: recommended Severity: important References: 1176006,1188307,1203823 This update for shadow fixes the following issues: - Fix chage date miscalculation (bsc#1176006) - Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307 - Remove pam_keyinit from PAM config files (bsc#1203823) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:943-1 Released: Wed Mar 20 09:15:24 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:949-1 Released: Wed Mar 20 20:00:11 2024 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: moderate References: 1219941 This update for growpart-rootgrow fixes the following issues: - Update to version 1.0.7 - Support root to be in a btrfs snapshot (bsc#1219941) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1013-1 Released: Wed Mar 27 17:49:06 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1221779 This update for grub2 fixes the following issues: - Fix memdisk becomes the default boot entry, fixes no graphic display device error in guest vnc console (bsc#1221779) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1014-1 Released: Wed Mar 27 18:33:55 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:44 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1102-1 Released: Wed Apr 3 14:10:17 2024 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1219885,1221332,1221334,CVE-2023-28746,CVE-2023-46841,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) - CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - audit-3.0.6-150400.4.16.1 updated - containerd-ctr-1.7.10-150000.108.1 updated - containerd-1.7.10-150000.108.1 updated - coreutils-8.32-150400.9.3.1 updated - docker-24.0.7_ce-150000.198.2 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - glibc-locale-base-2.31-150300.68.1 updated - glibc-locale-2.31-150300.68.1 updated - glibc-2.31-150300.68.1 updated - growpart-rootgrow-1.0.7-150000.1.12.1 updated - grub2-i386-pc-2.06-150500.29.22.2 updated - grub2-x86_64-efi-2.06-150500.29.22.2 updated - grub2-2.06-150500.29.22.2 updated - kernel-default-5.14.21-150500.55.52.1 updated - krb5-1.20.1-150500.3.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libauparse0-3.0.6-150400.4.16.1 updated - libavahi-client3-0.8-150400.7.16.1 updated - libavahi-common3-0.8-150400.7.16.1 updated - libimaevm3-1.4-150400.3.2.1 added - libmaxminddb0-1.4.3-150000.1.8.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libpython3_6m1_0-3.6.15-150300.10.57.1 updated - libuv1-1.44.2-150500.3.2.1 updated - login_defs-4.8.1-150400.10.15.1 updated - pam-config-1.1-150200.3.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - python3-base-3.6.15-150300.10.57.1 updated - python3-3.6.15-150300.10.57.1 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - runc-1.1.12-150000.64.1 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150400.10.15.1 updated - sudo-1.9.12p1-150500.7.10.1 updated - supportutils-3.1.29-150300.7.35.27.1 updated - suseconnect-ng-1.8.0-150500.3.18.1 updated - system-group-audit-3.0.6-150400.4.16.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - wget-1.20.3-150000.3.17.1 updated - wicked-service-0.6.74-150500.3.15.1 updated - wicked-0.6.74-150500.3.15.1 updated - xen-libs-4.17.3_08-150500.3.27.1 updated - xfsprogs-5.13.0-150400.3.5.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:03:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:03:26 +0200 (CEST) Subject: SUSE-CU-2024:1294-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240410070326.3002BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1294-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.5 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.5 Severity : important Type : security References : 1219559 1220061 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-8.0.1-150400.5.44.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:03:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:03:26 +0200 (CEST) Subject: SUSE-CU-2024:1295-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240410070326.CAC53FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1295-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.6 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.6 Severity : important Type : security References : 1207987 1220117 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1169-1 Released: Tue Apr 9 09:50:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1220117,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.37.2-150400.8.29.1 updated - libfdisk1-2.37.2-150400.8.29.1 updated - libmount1-2.37.2-150400.8.29.1 updated - libsmartcols1-2.37.2-150400.8.29.1 updated - libuuid1-2.37.2-150400.8.29.1 updated - util-linux-2.37.2-150400.8.29.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:05:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:05:00 +0200 (CEST) Subject: SUSE-CU-2024:1297-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240410070500.4E7FCFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1297-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.5 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.5 Severity : important Type : security References : 1219559 1220061 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-8.0.1-150400.5.44.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:05:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:05:00 +0200 (CEST) Subject: SUSE-CU-2024:1298-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240410070500.E6C5CFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1298-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.6 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.6 Severity : important Type : security References : 1207987 1220117 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1169-1 Released: Tue Apr 9 09:50:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1220117,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.37.2-150400.8.29.1 updated - libfdisk1-2.37.2-150400.8.29.1 updated - libmount1-2.37.2-150400.8.29.1 updated - libsmartcols1-2.37.2-150400.8.29.1 updated - libuuid1-2.37.2-150400.8.29.1 updated - util-linux-2.37.2-150400.8.29.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:05:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:05:28 +0200 (CEST) Subject: SUSE-CU-2024:1299-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240410070528.63F07FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1299-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.197 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.197 Severity : important Type : security References : 1219559 1221289 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) The following package changes have been done: - libexpat1-2.4.4-150400.3.17.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:05:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:05:29 +0200 (CEST) Subject: SUSE-CU-2024:1300-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240410070529.06B31FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1300-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.198 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.198 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libcurl4-8.0.1-150400.5.44.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:07:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:07:12 +0200 (CEST) Subject: SUSE-CU-2024:1301-1: Security update of suse/sles12sp5 Message-ID: <20240410070712.3B57EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1301-1 Container Tags : suse/sles12sp5:6.5.581 , suse/sles12sp5:latest Container Release : 6.5.581 Severity : important Type : security References : 1220061 1220770 1220771 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-26458 CVE-2024-26461 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1132-1 Released: Mon Apr 8 11:28:25 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1148-1 Released: Mon Apr 8 11:35:26 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed a memory leak in pmap_rmt.c (bsc#1220770) - CVE-2024-26461: Fixed a memory leak in k5sealv3.c (bsc#1220771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1150-1 Released: Mon Apr 8 11:35:53 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1156-1 Released: Mon Apr 8 13:21:47 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - krb5-1.16.3-46.6.1 updated - libcurl4-8.0.1-11.86.2 updated - libncurses5-5.9-88.1 updated - libncurses6-5.9-88.1 updated - libnghttp2-14-1.39.2-3.18.1 updated - ncurses-utils-5.9-88.1 updated - terminfo-base-5.9-88.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:09:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:09:16 +0200 (CEST) Subject: SUSE-CU-2024:1302-1: Security update of suse/sle15 Message-ID: <20240410070916.665F2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1302-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.432 Container Release : 9.5.432 Severity : important Type : security References : 1194642 1207987 1220061 1221399 1221665 1221667 1221831 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1106-1 Released: Wed Apr 3 15:33:00 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194642,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) - Prevent error message if `/var/lib/libuuid/clock.txt` does not exist (bsc#1194642) - Fixed performance degradation (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libblkid1-2.33.2-150100.4.45.1 updated - libcurl4-7.66.0-150200.4.69.1 updated - libfdisk1-2.33.2-150100.4.45.1 updated - libmount1-2.33.2-150100.4.45.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libsmartcols1-2.33.2-150100.4.45.1 updated - libuuid1-2.33.2-150100.4.45.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - util-linux-2.33.2-150100.4.45.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:09:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:09:24 +0200 (CEST) Subject: SUSE-CU-2024:1303-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240410070924.F22D6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1303-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.33 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.33 Container Release : 4.33 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-7.66.0-150200.4.69.1 updated - libcurl4-7.66.0-150200.4.69.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:09:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:09:36 +0200 (CEST) Subject: SUSE-CU-2024:1304-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240410070936.66420FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1304-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.21 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.21 Container Release : 3.21 Severity : important Type : security References : 1207987 1220061 1220117 1221399 1221665 1221667 1221831 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1169-1 Released: Tue Apr 9 09:50:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1220117,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - curl-8.0.1-150400.5.44.1 updated - libblkid1-2.37.2-150400.8.29.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libfdisk1-2.37.2-150400.8.29.1 updated - libmount1-2.37.2-150400.8.29.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libsmartcols1-2.37.2-150400.8.29.1 updated - libuuid1-2.37.2-150400.8.29.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - util-linux-2.37.2-150400.8.29.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:10:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:10:04 +0200 (CEST) Subject: SUSE-CU-2024:1305-1: Security update of suse/389-ds Message-ID: <20240410071004.6B3E0FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1305-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.47 , suse/389-ds:latest Container Release : 20.47 Severity : important Type : security References : 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:10:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:10:35 +0200 (CEST) Subject: SUSE-CU-2024:1306-1: Security update of bci/dotnet-aspnet Message-ID: <20240410071035.16322FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1306-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-25.10 , bci/dotnet-aspnet:6.0.28 , bci/dotnet-aspnet:6.0.28-25.10 Container Release : 25.10 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:11:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:11:04 +0200 (CEST) Subject: SUSE-CU-2024:1307-1: Security update of bci/dotnet-aspnet Message-ID: <20240410071104.46BF5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1307-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-25.10 , bci/dotnet-aspnet:7.0.17 , bci/dotnet-aspnet:7.0.17-25.10 Container Release : 25.10 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:11:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:11:11 +0200 (CEST) Subject: SUSE-CU-2024:1308-1: Security update of bci/dotnet-aspnet Message-ID: <20240410071111.56A1EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1308-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-7.9 , bci/dotnet-aspnet:8.0.3 , bci/dotnet-aspnet:8.0.3-7.9 , bci/dotnet-aspnet:latest Container Release : 7.9 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:11:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:11:56 +0200 (CEST) Subject: SUSE-CU-2024:1310-1: Security update of bci/dotnet-sdk Message-ID: <20240410071156.7F709FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1310-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.9 , bci/dotnet-sdk:6.0.28 , bci/dotnet-sdk:6.0.28-24.9 Container Release : 24.9 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:12:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:12:32 +0200 (CEST) Subject: SUSE-CU-2024:1311-1: Security update of bci/dotnet-sdk Message-ID: <20240410071232.BF999FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1311-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-26.9 , bci/dotnet-sdk:7.0.17 , bci/dotnet-sdk:7.0.17-26.9 Container Release : 26.9 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:13:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:13:09 +0200 (CEST) Subject: SUSE-CU-2024:1313-1: Security update of bci/dotnet-runtime Message-ID: <20240410071309.82F07FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1313-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-7.10 , bci/dotnet-runtime:8.0.3 , bci/dotnet-runtime:8.0.3-7.10 , bci/dotnet-runtime:latest Container Release : 7.10 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:13:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:13:19 +0200 (CEST) Subject: SUSE-CU-2024:1314-1: Security update of suse/git Message-ID: <20240410071319.B7A3BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1314-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.15 , suse/git:latest Container Release : 9.15 Severity : important Type : security References : 1219559 1220061 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:micro-image-15.5.0-18.2 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:13:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:13:28 +0200 (CEST) Subject: SUSE-CU-2024:1315-1: Security update of suse/helm Message-ID: <20240410071328.E67A7FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1315-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-8.12 , suse/helm:latest Container Release : 8.12 Severity : moderate Type : security References : 1219969 1220061 1220207 CVE-2023-45918 CVE-2024-25620 CVE-2024-26147 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1137-1 Released: Mon Apr 8 11:30:49 2024 Summary: Security update for helm Type: security Severity: moderate References: 1219969,1220207,CVE-2024-25620,CVE-2024-26147 This update for helm fixes the following issues: - CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969). - CVE-2024-26147: Fixed uninitialized variable in yaml parsing (bsc#1220207). The following package changes have been done: - helm-3.13.3-150000.1.32.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:micro-image-15.5.0-18.2 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:13:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:13:37 +0200 (CEST) Subject: SUSE-CU-2024:1316-1: Security update of bci/bci-micro Message-ID: <20240410071337.1E01CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1316-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.18.2 , bci/bci-micro:latest Container Release : 18.2 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 07:13:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 09:13:47 +0200 (CEST) Subject: SUSE-CU-2024:1317-1: Security update of bci/bci-minimal Message-ID: <20240410071347.86312FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1317-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.19.5 , bci/bci-minimal:latest Container Release : 19.5 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:micro-image-15.5.0-18.2 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:02:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:02:35 +0200 (CEST) Subject: SUSE-CU-2024:1318-1: Security update of suse/sles12sp5 Message-ID: <20240410090235.75697FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1318-1 Container Tags : suse/sles12sp5:6.5.582 , suse/sles12sp5:latest Container Release : 6.5.582 Severity : important Type : security References : 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1171-1 Released: Tue Apr 9 09:51:49 2024 Summary: Security update for util-linux Type: security Severity: important References: 1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.33.2-4.36.1 updated - libfdisk1-2.33.2-4.36.1 updated - libmount1-2.33.2-4.36.1 updated - libsmartcols1-2.33.2-4.36.1 updated - libuuid1-2.33.2-4.36.1 updated - util-linux-2.33.2-4.36.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:03:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:03:10 +0200 (CEST) Subject: SUSE-CU-2024:1319-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240410090310.B1513FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1319-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.34 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.34 Container Release : 4.34 Severity : important Type : security References : 1194038 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.36.2-150300.4.41.1 updated - libfdisk1-2.36.2-150300.4.41.1 updated - libmount1-2.36.2-150300.4.41.1 updated - libsmartcols1-2.36.2-150300.4.41.1 updated - libuuid1-2.36.2-150300.4.41.1 updated - util-linux-2.36.2-150300.4.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:03:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:03:31 +0200 (CEST) Subject: SUSE-CU-2024:1320-1: Security update of suse/registry Message-ID: <20240410090331.ABB78FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1320-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-21.6 , suse/registry:latest Container Release : 21.6 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - terminfo-base-6.1-150000.5.24.1 updated - util-linux-2.37.4-150500.9.6.1 updated - container:micro-image-15.5.0-18.2 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:03:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:03:55 +0200 (CEST) Subject: SUSE-CU-2024:1321-1: Security update of bci/bci-init Message-ID: <20240410090355.8B887FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1321-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.15.8 , bci/bci-init:latest Container Release : 15.8 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:04:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:04:04 +0200 (CEST) Subject: SUSE-CU-2024:1317-1: Security update of bci/bci-minimal Message-ID: <20240410090404.A1191FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1317-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.19.5 , bci/bci-minimal:latest Container Release : 19.5 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:micro-image-15.5.0-18.2 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:04:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:04:24 +0200 (CEST) Subject: SUSE-CU-2024:1322-1: Security update of suse/nginx Message-ID: <20240410090424.2D4B9FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1322-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-10.45 , suse/nginx:latest Container Release : 10.45 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:04:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:04:48 +0200 (CEST) Subject: SUSE-CU-2024:1323-1: Security update of bci/nodejs Message-ID: <20240410090448.D93E0FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1323-1 Container Tags : bci/node:18 , bci/node:18-16.44 , bci/nodejs:18 , bci/nodejs:18-16.44 Container Release : 16.44 Severity : important Type : security References : 1219559 1220061 1220279 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-25629 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:05:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:05:00 +0200 (CEST) Subject: SUSE-CU-2024:1324-1: Security update of bci/nodejs Message-ID: <20240410090500.F3C5EFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1324-1 Container Tags : bci/node:20 , bci/node:20-6.45 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.45 , bci/nodejs:latest Container Release : 6.45 Severity : important Type : security References : 1219559 1220061 1220279 1221289 1221399 1221665 1221667 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-25629 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:05:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:05:25 +0200 (CEST) Subject: SUSE-CU-2024:1325-1: Security update of bci/openjdk Message-ID: <20240410090525.A970DFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1325-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.39 , bci/openjdk:latest Container Release : 16.39 Severity : important Type : security References : 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:05:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:05:58 +0200 (CEST) Subject: SUSE-CU-2024:1326-1: Security update of suse/pcp Message-ID: <20240410090558.6F14DFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1326-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.82 , suse/pcp:5.2 , suse/pcp:5.2-22.82 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.82 , suse/pcp:latest Container Release : 22.82 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - container:bci-bci-init-15.5-15.5-15.8 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:06:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:06:22 +0200 (CEST) Subject: SUSE-CU-2024:1327-1: Security update of bci/php-fpm Message-ID: <20240410090622.00A1BFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1327-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.38 Container Release : 12.38 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:06:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:06:45 +0200 (CEST) Subject: SUSE-CU-2024:1328-1: Security update of suse/postgres Message-ID: <20240410090645.97D7CFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1328-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.37 , suse/postgres:15.6 , suse/postgres:15.6-17.37 Container Release : 17.37 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:01 +0200 (CEST) Subject: SUSE-CU-2024:1330-1: Security update of suse/rmt-mariadb-client Message-ID: <20240410090701.96337FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1330-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.35 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.35 , suse/rmt-mariadb-client:latest Container Release : 15.35 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:08 +0200 (CEST) Subject: SUSE-CU-2024:1331-1: Security update of suse/rmt-mariadb Message-ID: <20240410090708.3C510FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1331-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-20.8 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-20.8 , suse/rmt-mariadb:latest Container Release : 20.8 Severity : important Type : security References : 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:08 +0200 (CEST) Subject: SUSE-CU-2024:1332-1: Security update of suse/rmt-mariadb Message-ID: <20240410090708.C9A64FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1332-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-20.9 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-20.9 , suse/rmt-mariadb:latest Container Release : 20.9 Severity : important Type : security References : 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:23 +0200 (CEST) Subject: SUSE-CU-2024:1333-1: Security update of suse/rmt-server Message-ID: <20240410090723.B28EFFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1333-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-15.36 , suse/rmt-server:latest Container Release : 15.36 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.20 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:24 +0200 (CEST) Subject: SUSE-CU-2024:1334-1: Security update of suse/rmt-server Message-ID: <20240410090724.32ACEFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1334-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-15.37 , suse/rmt-server:latest Container Release : 15.37 Severity : important Type : security References : 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:07:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:07:55 +0200 (CEST) Subject: SUSE-CU-2024:1335-1: Security update of bci/rust Message-ID: <20240410090755.EE2E4FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1335-1 Container Tags : bci/rust:1.75 , bci/rust:1.75-2.2.24 , bci/rust:oldstable , bci/rust:oldstable-2.2.24 Container Release : 2.24 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:08:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:08:20 +0200 (CEST) Subject: SUSE-CU-2024:1336-1: Security update of bci/rust Message-ID: <20240410090820.9C489FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1336-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-1.2.24 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.24 Container Release : 2.24 Severity : important Type : security References : 1220061 1221399 1221665 1221667 1222047 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1173-1 Released: Tue Apr 9 10:00:08 2024 Summary: Recommended update for rust1.76 Type: recommended Severity: moderate References: 1222047 This update for rust1.76 fixes the following issues: - Update gcc minimum version to 13 for SLE (bsc#1222047) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libhwasan0-13.2.1+git7813-150000.1.6.1 added - cpp13-13.2.1+git7813-150000.1.6.1 added - gcc13-13.2.1+git7813-150000.1.6.1 added - rust1.76-1.76.0-150500.11.6.1 updated - cargo1.76-1.76.0-150500.11.6.1 updated - container:sles15-image-15.0.0-36.11.21 updated - cpp12-12.3.0+git1204-150000.1.16.1 removed - gcc12-12.3.0+git1204-150000.1.16.1 removed From sle-container-updates at lists.suse.com Wed Apr 10 09:08:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:08:30 +0200 (CEST) Subject: SUSE-CU-2024:1337-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240410090830.0F3B6FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1337-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.8.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 8.7 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:08:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:08:50 +0200 (CEST) Subject: SUSE-CU-2024:1338-1: Security update of suse/sle15 Message-ID: <20240410090850.5F4ABFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1338-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.20 , suse/sle15:15.5 , suse/sle15:15.5.36.11.20 Container Release : 36.11.20 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-8.0.1-150400.5.44.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:16:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:16:28 +0200 (CEST) Subject: SUSE-CU-2024:1338-1: Security update of suse/sle15 Message-ID: <20240410091628.23647FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1338-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.20 , suse/sle15:15.5 , suse/sle15:15.5.36.11.20 Container Release : 36.11.20 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-8.0.1-150400.5.44.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:16:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:16:28 +0200 (CEST) Subject: SUSE-CU-2024:1339-1: Security update of suse/sle15 Message-ID: <20240410091628.9BCE0FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1339-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.21 , suse/sle15:15.5 , suse/sle15:15.5.36.11.21 Container Release : 36.11.21 Severity : important Type : security References : 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:17:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:17:22 +0200 (CEST) Subject: SUSE-CU-2024:1361-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240410091722.6D4D1FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1361-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.23 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids The following package changes have been done: - hwdata-0.380-150000.3.68.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:17:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:17:57 +0200 (CEST) Subject: SUSE-CU-2024:1362-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240410091757.2A838FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1362-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.6 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.6 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-7.66.0-150200.4.69.1 updated - libcurl4-7.66.0-150200.4.69.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:18:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:18:37 +0200 (CEST) Subject: SUSE-CU-2024:1363-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240410091837.1073DFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1363-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.6 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.6 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - curl-7.66.0-150200.4.69.1 updated - libcurl4-7.66.0-150200.4.69.1 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 09:18:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 11:18:37 +0200 (CEST) Subject: SUSE-CU-2024:1364-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240410091837.A8D12FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1364-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.7 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.7 Severity : important Type : security References : 1194038 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libblkid1-2.36.2-150300.4.41.1 updated - libfdisk1-2.36.2-150300.4.41.1 updated - libmount1-2.36.2-150300.4.41.1 updated - libsmartcols1-2.36.2-150300.4.41.1 updated - libuuid1-2.36.2-150300.4.41.1 updated - util-linux-2.36.2-150300.4.41.1 updated From sle-container-updates at lists.suse.com Wed Apr 10 12:13:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 14:13:41 +0200 (CEST) Subject: SUSE-CU-2024:1365-1: Security update of bci/openjdk Message-ID: <20240410121341.83EF9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1365-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.40 Container Release : 15.40 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-28085 CVE-2024-28757 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 12:14:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 14:14:14 +0200 (CEST) Subject: SUSE-CU-2024:1366-1: Security update of bci/openjdk Message-ID: <20240410121414.49CB8FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1366-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.40 , bci/openjdk:latest Container Release : 16.40 Severity : important Type : security References : 1207987 1221831 CVE-2024-28085 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 12:14:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 14:14:42 +0200 (CEST) Subject: SUSE-CU-2024:1367-1: Security update of bci/php-apache Message-ID: <20240410121442.6A6E0FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1367-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.40 Container Release : 12.40 Severity : important Type : security References : 1207987 1219559 1220061 1221289 1221399 1221665 1221667 1221831 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Wed Apr 10 12:15:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Apr 2024 14:15:12 +0200 (CEST) Subject: SUSE-CU-2024:1368-1: Security update of bci/php Message-ID: <20240410121512.2A2DFFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1368-1 Container Tags : bci/php:8 , bci/php:8-12.40 Container Release : 12.40 Severity : important Type : security References : 1220061 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:03:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:03:32 +0200 (CEST) Subject: SUSE-CU-2024:1370-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240411070332.396C5FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1370-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.7 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.7 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:05:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:05:12 +0200 (CEST) Subject: SUSE-CU-2024:1372-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240411070513.02F69FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1372-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.7 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.7 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:05:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:05:41 +0200 (CEST) Subject: SUSE-CU-2024:1373-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240411070541.A3947FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1373-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.200 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.200 Severity : important Type : security References : 1207987 1219901 1221831 CVE-2022-48624 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:06:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:06:21 +0200 (CEST) Subject: SUSE-CU-2024:1374-1: Security update of bci/dotnet-sdk Message-ID: <20240411070621.A844BFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1374-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-9.1 , bci/dotnet-sdk:8.0.4 , bci/dotnet-sdk:8.0.4-9.1 , bci/dotnet-sdk:latest Container Release : 9.1 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:06:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:06:50 +0200 (CEST) Subject: SUSE-CU-2024:1375-1: Security update of bci/dotnet-runtime Message-ID: <20240411070650.B824DFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1375-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-26.10 , bci/dotnet-runtime:7.0.17 , bci/dotnet-runtime:7.0.17-26.10 Container Release : 26.10 Severity : moderate Type : security References : 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:07:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:07:00 +0200 (CEST) Subject: SUSE-CU-2024:1376-1: Security update of suse/git Message-ID: <20240411070700.9FFBCFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1376-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.16 , suse/git:latest Container Release : 9.16 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:07:23 +0200 (CEST) Subject: SUSE-CU-2024:1377-1: Security update of bci/golang Message-ID: <20240411070723.A1F91FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1377-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.46 , bci/golang:oldstable , bci/golang:oldstable-2.2.46 Container Release : 2.46 Severity : important Type : security References : 1212475 1219559 1219901 1220061 1221289 1221399 1221400 1221665 1221667 CVE-2022-48624 CVE-2023-45288 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1122-1 Released: Fri Apr 5 20:20:52 2024 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1221400,CVE-2023-45288 This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400) Other changes: - go minor release upgrade to 1.21.9 (bsc#1212475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - go1.21-doc-1.21.9-150000.1.30.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - go1.21-1.21.9-150000.1.30.1 updated - go1.21-race-1.21.9-150000.1.30.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:07:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:07:41 +0200 (CEST) Subject: SUSE-CU-2024:1378-1: Security update of bci/golang Message-ID: <20240411070741.B6FACFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1378-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.42 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.42 Container Release : 12.42 Severity : important Type : security References : 1219559 1219901 1220061 1221289 1221399 1221665 1221667 CVE-2022-48624 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:08:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:08:03 +0200 (CEST) Subject: SUSE-CU-2024:1379-1: Security update of bci/golang Message-ID: <20240411070803.D95F4FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1379-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.43 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.43 Container Release : 12.43 Severity : important Type : security References : 1219559 1219901 1220061 1221289 1221399 1221665 1221667 CVE-2022-48624 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:08:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:08:34 +0200 (CEST) Subject: SUSE-CU-2024:1380-1: Security update of bci/nodejs Message-ID: <20240411070834.472B2FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1380-1 Container Tags : bci/node:18 , bci/node:18-16.45 , bci/nodejs:18 , bci/nodejs:18-16.45 Container Release : 16.45 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:08:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:08:48 +0200 (CEST) Subject: SUSE-CU-2024:1381-1: Security update of bci/nodejs Message-ID: <20240411070848.524A3FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1381-1 Container Tags : bci/node:20 , bci/node:20-6.46 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.46 , bci/nodejs:latest Container Release : 6.46 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:09:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:09:25 +0200 (CEST) Subject: SUSE-CU-2024:1382-1: Security update of bci/openjdk-devel Message-ID: <20240411070925.541FAFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1382-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.90 Container Release : 14.90 Severity : important Type : security References : 1207987 1219559 1219901 1220061 1221289 1221399 1221665 1221667 1221831 CVE-2022-48624 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - util-linux-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - container:bci-openjdk-11-15.5.11-15.40 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:09:56 +0200 (CEST) Subject: SUSE-CU-2024:1383-1: Security update of bci/openjdk-devel Message-ID: <20240411070956.DACDBFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1383-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.90 , bci/openjdk-devel:latest Container Release : 16.90 Severity : important Type : security References : 1207987 1219559 1219901 1220061 1221289 1221399 1221665 1221667 1221831 CVE-2022-48624 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - util-linux-2.37.4-150500.9.6.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - container:bci-openjdk-17-15.5.17-16.40 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:10:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:10:48 +0200 (CEST) Subject: SUSE-CU-2024:1385-1: Security update of bci/python Message-ID: <20240411071048.A8AB7FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1385-1 Container Tags : bci/python:3 , bci/python:3-17.40 , bci/python:3.11 , bci/python:3.11-17.40 , bci/python:latest Container Release : 17.40 Severity : important Type : security References : 1207987 1219901 1221831 CVE-2022-48624 CVE-2024-28085 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - less-590-150400.3.6.2 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:11:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:11:15 +0200 (CEST) Subject: SUSE-CU-2024:1386-1: Security update of bci/python Message-ID: <20240411071115.4CEBDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1386-1 Container Tags : bci/python:3 , bci/python:3-18.41 , bci/python:3.6 , bci/python:3.6-18.41 Container Release : 18.41 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-590-150400.3.6.2 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:11:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:11:42 +0200 (CEST) Subject: SUSE-CU-2024:1387-1: Security update of bci/ruby Message-ID: <20240411071142.3D805FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1387-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.38 , bci/ruby:2.5 , bci/ruby:2.5-16.38 , bci/ruby:latest Container Release : 16.38 Severity : important Type : security References : 1207987 1219559 1219901 1220061 1221289 1221399 1221665 1221667 1221831 CVE-2022-48624 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libmount1-2.37.4-150500.9.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - util-linux-2.37.4-150500.9.6.1 updated - curl-8.0.1-150400.5.44.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:12:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:12:08 +0200 (CEST) Subject: SUSE-CU-2024:1388-1: Recommended update of bci/rust Message-ID: <20240411071208.7E3C9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1388-1 Container Tags : bci/rust:1.77 , bci/rust:1.77-1.2.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.1 Container Release : 2.1 Severity : moderate Type : recommended References : 1222047 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1159-1 Released: Mon Apr 8 13:27:12 2024 Summary: Recommended update for rust, rust1.77 Type: recommended Severity: moderate References: 1222047 This update for rust, rust1.77 fixes the following issues: Changes in rust1.77: - update gcc minimum to 13 for SLE (bsc#1222047) Version 1.77.0 (2024-03-21) ========================== Language -------- - Reveal opaque types within the defining body for exhaustiveness checking. - Stabilize C-string literals. - Stabilize THIR unsafeck. - Add lint `static_mut_refs` to warn on references to mutable statics. - Support async recursive calls (as long as they have indirection). - Undeprecate lint `unstable_features` and make use of it in the compiler. - Make inductive cycles in coherence ambiguous always. - Get rid of type-driven traversal in const-eval interning only as a [future compatiblity lint - Deny braced macro invocations in let-else. Compiler -------- - Include lint `soft_unstable` in future breakage reports. - Make `i128` and `u128` 16-byte aligned on x86-based targets. - Use `--verbose` in diagnostic output. - Improve spacing between printed tokens. - Merge the `unused_tuple_struct_fields` lint into `dead_code`. - Error on incorrect implied bounds in well-formedness check with a temporary exception for Bevy. - Fix coverage instrumentation/reports for non-ASCII source code. - Fix `fn`/`const` items implied bounds and well-formedness check. - Promote `riscv32{im|imafc}-unknown-none-elf` targets to tier 2. Libraries --------- - Implement `From<&[T; N]>` for `Cow<[T]>`. - Remove special-case handling of `vec.split_off(0)`. Stabilized APIs --------------- - `array::each_ref` https://doc.rust-lang.org/stable/std/primitive.array.html#method.each_ref - `array::each_mut` https://doc.rust-lang.org/stable/std/primitive.array.html#method.each_mut - `core::net` https://doc.rust-lang.org/stable/core/net/index.html - `f32::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.round_ties_even - `f64::round_ties_even` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.round_ties_even - `mem::offset_of!` https://doc.rust-lang.org/stable/std/mem/macro.offset_of.html - `slice::first_chunk` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.first_chunk - `slice::first_chunk_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.first_chunk_mut - `slice::split_first_chunk` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.split_first_chunk - `slice::split_first_chunk_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.split_first_chunk_mut - `slice::last_chunk` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.last_chunk - `slice::last_chunk_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.last_chunk_mut - `slice::split_last_chunk` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.split_last_chunk - `slice::split_last_chunk_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.split_last_chunk_mut - `slice::chunk_by` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.chunk_by - `slice::chunk_by_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.chunk_by_mut - `Bound::map` https://doc.rust-lang.org/stable/std/ops/enum.Bound.html#method.map - `File::create_new` https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.create_new - `Mutex::clear_poison` https://doc.rust-lang.org/stable/std/sync/struct.Mutex.html#method.clear_poison - `RwLock::clear_poison` https://doc.rust-lang.org/stable/std/sync/struct.RwLock.html#method.clear_poison Cargo ----- - Extend the build directive syntax with `cargo::`. - Stabilize metadata `id` format as `PackageIDSpec`. - Pull out `cargo-util-schemas` as a crate. - Strip all debuginfo when debuginfo is not requested. - Inherit jobserver from env for all kinds of runners. - Deprecate rustc plugin support in cargo. Rustdoc ----- - Allows links in markdown headings. - Search for tuples and unit by type with `()`. - Clean up the source sidebar's hide button. - Prevent JS injection from `localStorage`. Misc ---- - Recommend version-sorting for all sorting in style guide. The following package changes have been done: - rust1.77-1.77.0-150500.11.3.1 added - cargo1.77-1.77.0-150500.11.3.1 added - cargo1.76-1.76.0-150500.11.6.1 removed - rust1.76-1.76.0-150500.11.6.1 removed From sle-container-updates at lists.suse.com Thu Apr 11 07:12:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:12:51 +0200 (CEST) Subject: SUSE-CU-2024:1389-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240411071251.6304AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1389-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.9 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.9 Severity : important Type : security References : 1194038 1207987 1219901 1221831 CVE-2022-48624 CVE-2024-28085 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1190-1 Released: Wed Apr 10 03:28:33 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-530-150000.3.6.2 updated - libblkid1-2.36.2-150300.4.41.1 updated - libfdisk1-2.36.2-150300.4.41.1 updated - libmount1-2.36.2-150300.4.41.1 updated - libsmartcols1-2.36.2-150300.4.41.1 updated - libuuid1-2.36.2-150300.4.41.1 updated - util-linux-2.36.2-150300.4.41.1 updated From sle-container-updates at lists.suse.com Thu Apr 11 07:14:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 09:14:50 +0200 (CEST) Subject: SUSE-CU-2024:1391-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240411071450.BEDC7FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1391-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.9 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.9 Severity : important Type : security References : 1219901 CVE-2022-48624 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1190-1 Released: Wed Apr 10 03:28:33 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - less-530-150000.3.6.2 updated From sle-container-updates at lists.suse.com Thu Apr 11 13:44:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Apr 2024 15:44:01 +0200 (CEST) Subject: SUSE-CU-2024:1392-1: Security update of bci/golang Message-ID: <20240411134401.191F9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1392-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.43 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.43 Container Release : 2.43 Severity : important Type : security References : 1218424 1219559 1219901 1220061 1221289 1221399 1221400 1221665 1221667 CVE-2022-48624 CVE-2023-45288 CVE-2023-45918 CVE-2023-52425 CVE-2024-2004 CVE-2024-2398 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1121-1 Released: Fri Apr 5 17:31:35 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1221400,CVE-2023-45288 This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400) Other changes: - go minor release upgrade to 1.22.2 (bsc#1218424) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). The following package changes have been done: - libnghttp2-14-1.40.0-150200.17.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - go1.22-doc-1.22.2-150000.1.12.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - less-590-150400.3.6.2 updated - go1.22-1.22.2-150000.1.12.1 updated - go1.22-race-1.22.2-150000.1.12.1 updated - container:sles15-image-15.0.0-36.11.21 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:05:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:05:53 +0200 (CEST) Subject: SUSE-CU-2024:1395-1: Recommended update of suse/sle15 Message-ID: <20240412070553.11806FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1395-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.434 Container Release : 9.5.434 Severity : moderate Type : recommended References : 1175678 1218171 1218544 1221525 CVE-2024-0217 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:34 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) The following package changes have been done: - libzypp-17.32.2-150200.92.3 updated - zypper-1.14.69-150200.73.7 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:06:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:06:05 +0200 (CEST) Subject: SUSE-CU-2024:1396-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240412070605.1B2FBFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1396-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.23 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.23 Container Release : 3.23 Severity : moderate Type : recommended References : 1220441 1222259 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - libimaevm3-1.4-150400.3.2.1 removed From sle-container-updates at lists.suse.com Fri Apr 12 07:06:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:06:34 +0200 (CEST) Subject: SUSE-CU-2024:1397-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240412070634.B7177FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1397-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-25.13 , bci/dotnet-aspnet:6.0.28 , bci/dotnet-aspnet:6.0.28-25.13 Container Release : 25.13 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:07:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:07:02 +0200 (CEST) Subject: SUSE-CU-2024:1398-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240412070702.E400FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1398-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-25.13 , bci/dotnet-aspnet:7.0.17 , bci/dotnet-aspnet:7.0.17-25.13 Container Release : 25.13 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:07:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:07:09 +0200 (CEST) Subject: SUSE-CU-2024:1399-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240412070709.D1AF5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1399-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-7.12 , bci/dotnet-aspnet:8.0.3 , bci/dotnet-aspnet:8.0.3-7.12 , bci/dotnet-aspnet:latest Container Release : 7.12 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:07:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:07:42 +0200 (CEST) Subject: SUSE-CU-2024:1400-1: Recommended update of bci/dotnet-sdk Message-ID: <20240412070742.512E0FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1400-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-26.12 , bci/dotnet-sdk:7.0.17 , bci/dotnet-sdk:7.0.17-26.12 Container Release : 26.12 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:07:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:07:51 +0200 (CEST) Subject: SUSE-CU-2024:1401-1: Recommended update of bci/dotnet-sdk Message-ID: <20240412070751.DAEDEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1401-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-9.4 , bci/dotnet-sdk:8.0.4 , bci/dotnet-sdk:8.0.4-9.4 , bci/dotnet-sdk:latest Container Release : 9.4 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:08:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:08:20 +0200 (CEST) Subject: SUSE-CU-2024:1402-1: Recommended update of bci/dotnet-runtime Message-ID: <20240412070820.3BC9CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1402-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-24.12 , bci/dotnet-runtime:6.0.28 , bci/dotnet-runtime:6.0.28-24.12 Container Release : 24.12 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:08:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:08:46 +0200 (CEST) Subject: SUSE-CU-2024:1403-1: Recommended update of bci/dotnet-runtime Message-ID: <20240412070846.46336FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1403-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-26.13 , bci/dotnet-runtime:7.0.17 , bci/dotnet-runtime:7.0.17-26.13 Container Release : 26.13 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:08:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:08:52 +0200 (CEST) Subject: SUSE-CU-2024:1404-1: Recommended update of bci/dotnet-runtime Message-ID: <20240412070852.EC44AFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1404-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-7.13 , bci/dotnet-runtime:8.0.3 , bci/dotnet-runtime:8.0.3-7.13 , bci/dotnet-runtime:latest Container Release : 7.13 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:09:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:09:10 +0200 (CEST) Subject: SUSE-CU-2024:1405-1: Recommended update of bci/golang Message-ID: <20240412070910.EC952FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1405-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.45 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.45 Container Release : 12.45 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - glibc-devel-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:09:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:09:29 +0200 (CEST) Subject: SUSE-CU-2024:1406-1: Recommended update of bci/golang Message-ID: <20240412070929.611CBFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1406-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.46 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.46 Container Release : 12.46 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - glibc-devel-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:09:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:09:55 +0200 (CEST) Subject: SUSE-CU-2024:1407-1: Recommended update of bci/bci-init Message-ID: <20240412070955.3E51EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1407-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.15.12 , bci/bci-init:latest Container Release : 15.12 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:10:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:10:04 +0200 (CEST) Subject: SUSE-CU-2024:1408-1: Recommended update of bci/bci-micro Message-ID: <20240412071004.5839AFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1408-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.18.3 , bci/bci-micro:latest Container Release : 18.3 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:10:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:10:14 +0200 (CEST) Subject: SUSE-CU-2024:1409-1: Recommended update of bci/bci-minimal Message-ID: <20240412071014.B7F4BFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1409-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.19.8 , bci/bci-minimal:latest Container Release : 19.8 Severity : moderate Type : recommended References : 1220441 1222259 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - container:micro-image-15.5.0-18.3 updated - libimaevm3-1.4-150400.3.2.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libopenssl1_1-1.1.1l-150500.17.25.1 removed From sle-container-updates at lists.suse.com Fri Apr 12 07:10:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:10:39 +0200 (CEST) Subject: SUSE-CU-2024:1410-1: Recommended update of bci/nodejs Message-ID: <20240412071039.79884FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1410-1 Container Tags : bci/node:18 , bci/node:18-16.49 , bci/nodejs:18 , bci/nodejs:18-16.49 Container Release : 16.49 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:10:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:10:52 +0200 (CEST) Subject: SUSE-CU-2024:1411-1: Recommended update of bci/nodejs Message-ID: <20240412071052.CA0BDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1411-1 Container Tags : bci/node:20 , bci/node:20-6.49 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.49 , bci/nodejs:latest Container Release : 6.49 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:11:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:11:18 +0200 (CEST) Subject: SUSE-CU-2024:1412-1: Recommended update of bci/openjdk Message-ID: <20240412071118.E7C2AFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1412-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.44 Container Release : 15.44 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:11:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:11:50 +0200 (CEST) Subject: SUSE-CU-2024:1413-1: Recommended update of bci/openjdk-devel Message-ID: <20240412071150.35601FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1413-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.98 , bci/openjdk-devel:latest Container Release : 16.98 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:bci-openjdk-17-15.5.17-16.43 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:12:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:12:16 +0200 (CEST) Subject: SUSE-CU-2024:1414-1: Recommended update of bci/php-apache Message-ID: <20240412071216.3FDA5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1414-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.44 Container Release : 12.44 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Fri Apr 12 07:12:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Apr 2024 09:12:40 +0200 (CEST) Subject: SUSE-CU-2024:1415-1: Recommended update of bci/php Message-ID: <20240412071240.62FC5FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1415-1 Container Tags : bci/php:8 , bci/php:8-12.44 Container Release : 12.44 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:03:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:03:05 +0200 (CEST) Subject: SUSE-CU-2024:1417-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240413070305.8084DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1417-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.10 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.10 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1222259 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - libimaevm3-1.4-150400.3.2.1 removed From sle-container-updates at lists.suse.com Sat Apr 13 07:04:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:04:26 +0200 (CEST) Subject: SUSE-CU-2024:1419-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240413070426.D3AA1FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1419-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.10 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.10 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1222259 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - libimaevm3-1.4-150400.3.2.1 removed From sle-container-updates at lists.suse.com Sat Apr 13 07:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:04:50 +0200 (CEST) Subject: SUSE-CU-2024:1420-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240413070450.DBD5CFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1420-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.204 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.204 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:06:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:06:29 +0200 (CEST) Subject: SUSE-CU-2024:1421-1: Recommended update of suse/sle15 Message-ID: <20240413070629.4AA82FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1421-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.435 Container Release : 9.5.435 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:06:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:06:36 +0200 (CEST) Subject: SUSE-CU-2024:1422-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240413070636.E3216FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1422-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.38 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.38 Container Release : 4.38 Severity : moderate Type : recommended References : 1175678 1210959 1214934 1217450 1217667 1218171 1218492 1218544 1219031 1219520 1220441 1220724 1221239 1221525 CVE-2024-0217 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:34 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libzypp-17.32.2-150200.92.3 updated - zypper-1.14.69-150200.73.7 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:06:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:06:46 +0200 (CEST) Subject: SUSE-CU-2024:1423-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240413070646.3117AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1423-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.24 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.24 Container Release : 3.24 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:06:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:06:53 +0200 (CEST) Subject: SUSE-CU-2024:1424-1: Recommended update of bci/bci-busybox Message-ID: <20240413070653.AB0F3FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1424-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.19.2 , bci/bci-busybox:latest Container Release : 19.2 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:07:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:07:01 +0200 (CEST) Subject: SUSE-CU-2024:1425-1: Recommended update of bci/dotnet-sdk Message-ID: <20240413070701.EB841FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1425-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-9.5 , bci/dotnet-sdk:8.0.4 , bci/dotnet-sdk:8.0.4-9.5 , bci/dotnet-sdk:latest Container Release : 9.5 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:07:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:07:10 +0200 (CEST) Subject: SUSE-CU-2024:1426-1: Recommended update of suse/git Message-ID: <20240413070710.815C2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1426-1 Container Tags : suse/git:2.35 , suse/git:2.35-9.21 , suse/git:latest Container Release : 9.21 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:micro-image-15.5.0-18.4 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:07:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:07:25 +0200 (CEST) Subject: SUSE-CU-2024:1427-1: Recommended update of bci/golang Message-ID: <20240413070725.4D36EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1427-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-12.48 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-12.48 Container Release : 12.48 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:07:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:07:32 +0200 (CEST) Subject: SUSE-CU-2024:1428-1: Recommended update of bci/bci-micro Message-ID: <20240413070732.AEFCDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1428-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.18.4 , bci/bci-micro:latest Container Release : 18.4 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:07:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:07:52 +0200 (CEST) Subject: SUSE-CU-2024:1429-1: Recommended update of bci/nodejs Message-ID: <20240413070752.EE5F3FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1429-1 Container Tags : bci/node:18 , bci/node:18-16.51 , bci/nodejs:18 , bci/nodejs:18-16.51 Container Release : 16.51 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:08:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:08:42 +0200 (CEST) Subject: SUSE-CU-2024:1431-1: Recommended update of bci/python Message-ID: <20240413070842.01D50FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1431-1 Container Tags : bci/python:3 , bci/python:3-18.44 , bci/python:3.6 , bci/python:3.6-18.44 Container Release : 18.44 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:03 +0200 (CEST) Subject: SUSE-CU-2024:1432-1: Recommended update of bci/ruby Message-ID: <20240413070903.54AD2FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1432-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.41 , bci/ruby:2.5 , bci/ruby:2.5-16.41 , bci/ruby:latest Container Release : 16.41 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - glibc-devel-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:29 +0200 (CEST) Subject: SUSE-CU-2024:1434-1: Recommended update of suse/sle15 Message-ID: <20240413070929.BD20AFD11@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1434-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.23 , suse/sle15:15.5 , suse/sle15:15.5.36.11.23 Container Release : 36.11.23 Severity : moderate Type : recommended References : 1220441 1222259 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - libimaevm3-1.4-150400.3.2.1 removed From sle-container-updates at lists.suse.com Sat Apr 13 07:08:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:08:22 +0200 (CEST) Subject: SUSE-CU-2024:1415-1: Recommended update of bci/php Message-ID: <20240413070822.4D1F0FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1415-1 Container Tags : bci/php:8 , bci/php:8-12.44 Container Release : 12.44 Severity : moderate Type : recommended References : 1220441 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:30 +0200 (CEST) Subject: SUSE-CU-2024:1435-1: Recommended update of suse/sle15 Message-ID: <20240413070930.35A9AFD11@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1435-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.24 , suse/sle15:15.5 , suse/sle15:15.5.36.11.24 Container Release : 36.11.24 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:12 +0200 (CEST) Subject: SUSE-CU-2024:1433-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240413070912.41819FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1433-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.8.11 , bci/bci-sle15-kernel-module-devel:latest Container Release : 8.11 Severity : moderate Type : recommended References : 1220441 1222259 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) The following package changes have been done: - glibc-2.31-150300.71.1 updated - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-devel-2.31-150300.71.1 updated - rpm-build-4.14.3-150400.59.13.1 updated - container:sles15-image-15.0.0-36.11.23 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:08:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:08:03 +0200 (CEST) Subject: SUSE-CU-2024:1430-1: Recommended update of bci/nodejs Message-ID: <20240413070803.58F52FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1430-1 Container Tags : bci/node:20 , bci/node:20-6.51 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-6.51 , bci/nodejs:latest Container Release : 6.51 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:36 +0200 (CEST) Subject: SUSE-CU-2024:1438-1: Security update of bci/bci-micro Message-ID: <20240413070936.324A8FD21@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1438-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.8.3 Container Release : 8.3 Severity : moderate Type : security References : 1219321 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - glibc-2.38-150600.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - sles-release-15.6-150600.31.3 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Sat Apr 13 07:09:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 13 Apr 2024 09:09:34 +0200 (CEST) Subject: SUSE-CU-2024:1437-1: Security update of bci/bci-init Message-ID: <20240413070934.83992FD1B@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1437-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.7.20 Container Release : 7.20 Severity : important Type : security References : 1219321 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - glibc-2.38-150600.9.1 updated - libgcrypt20-1.10.3-150600.1.16 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.13 updated - libsystemd0-254.9-150600.2.19 updated - libopenssl-3-fips-provider-3.1.4-150600.2.13 updated - coreutils-8.32-150400.9.3.1 updated - sles-release-15.6-150600.31.3 updated - systemd-254.9-150600.2.19 updated - container:sles15-image-15.0.0-46.2.3 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:01:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:01:58 +0200 (CEST) Subject: SUSE-CU-2024:1439-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240414070158.150C7FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1439-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.11 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.11 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:02:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:02:37 +0200 (CEST) Subject: SUSE-CU-2024:1440-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240414070237.6671EFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1440-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.11 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.11 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:03:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:03:03 +0200 (CEST) Subject: SUSE-CU-2024:1441-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240414070303.CCA44FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1441-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.205 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.205 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1222109 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - python3-base-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:03:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:03:57 +0200 (CEST) Subject: SUSE-CU-2024:1442-1: Recommended update of suse/389-ds Message-ID: <20240414070357.7438AFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1442-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-20.56 , suse/389-ds:latest Container Release : 20.56 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1222109 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - python3-base-3.6.15-150300.10.60.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:04:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:04:21 +0200 (CEST) Subject: SUSE-CU-2024:1443-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240414070421.C174BFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1443-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-26.1 , bci/dotnet-aspnet:6.0.29 , bci/dotnet-aspnet:6.0.29-26.1 Container Release : 26.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:04:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:04:47 +0200 (CEST) Subject: SUSE-CU-2024:1444-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240414070447.D6D51FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1444-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-26.1 , bci/dotnet-aspnet:7.0.18 , bci/dotnet-aspnet:7.0.18-26.1 Container Release : 26.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:04:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:04:54 +0200 (CEST) Subject: SUSE-CU-2024:1445-1: Recommended update of bci/dotnet-aspnet Message-ID: <20240414070454.1C95DFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1445-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-8.1 , bci/dotnet-aspnet:8.0.4 , bci/dotnet-aspnet:8.0.4-8.1 , bci/dotnet-aspnet:latest Container Release : 8.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:05:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:05:10 +0200 (CEST) Subject: SUSE-CU-2024:1446-1: Recommended update of suse/registry Message-ID: <20240414070510.8C55AFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1446-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-21.10 , suse/registry:latest Container Release : 21.10 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:micro-image-15.5.0-18.4 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:05:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:05:44 +0200 (CEST) Subject: SUSE-CU-2024:1447-1: Recommended update of bci/dotnet-sdk Message-ID: <20240414070544.935DBFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1447-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-25.1 , bci/dotnet-sdk:6.0.29 , bci/dotnet-sdk:6.0.29-25.1 Container Release : 25.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:06:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:06:13 +0200 (CEST) Subject: SUSE-CU-2024:1448-1: Recommended update of bci/dotnet-sdk Message-ID: <20240414070613.99CA4FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1448-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-27.1 , bci/dotnet-sdk:7.0.18 , bci/dotnet-sdk:7.0.18-27.1 Container Release : 27.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:06:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:06:40 +0200 (CEST) Subject: SUSE-CU-2024:1449-1: Recommended update of bci/dotnet-runtime Message-ID: <20240414070640.EB6A1FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1449-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-25.1 , bci/dotnet-runtime:6.0.29 , bci/dotnet-runtime:6.0.29-25.1 Container Release : 25.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:07:08 +0200 (CEST) Subject: SUSE-CU-2024:1450-1: Recommended update of bci/dotnet-runtime Message-ID: <20240414070708.A0C08FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1450-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-27.1 , bci/dotnet-runtime:7.0.18 , bci/dotnet-runtime:7.0.18-27.1 Container Release : 27.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:07:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:07:14 +0200 (CEST) Subject: SUSE-CU-2024:1451-1: Recommended update of bci/dotnet-runtime Message-ID: <20240414070714.C9147FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1451-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-8.1 , bci/dotnet-runtime:8.0.4 , bci/dotnet-runtime:8.0.4-8.1 , bci/dotnet-runtime:latest Container Release : 8.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:07:35 +0200 (CEST) Subject: SUSE-CU-2024:1452-1: Recommended update of bci/golang Message-ID: <20240414070735.4C9A7FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1452-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.2.51 , bci/golang:oldstable , bci/golang:oldstable-2.2.51 Container Release : 2.51 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - glibc-devel-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:07:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:07:50 +0200 (CEST) Subject: SUSE-CU-2024:1453-1: Recommended update of bci/golang Message-ID: <20240414070750.79FF6FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1453-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-12.47 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-12.47 Container Release : 12.47 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:08:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:08:06 +0200 (CEST) Subject: SUSE-CU-2024:1454-1: Recommended update of suse/nginx Message-ID: <20240414070806.F0792FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1454-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-10.49 , suse/nginx:latest Container Release : 10.49 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:08:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:08:40 +0200 (CEST) Subject: SUSE-CU-2024:1455-1: Recommended update of bci/openjdk-devel Message-ID: <20240414070840.A5021FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1455-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.101 Container Release : 14.101 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:bci-openjdk-11-15.5.11-15.45 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:09:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:09:06 +0200 (CEST) Subject: SUSE-CU-2024:1456-1: Recommended update of bci/openjdk Message-ID: <20240414070906.2314CFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1456-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.45 Container Release : 15.45 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:09:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:09:33 +0200 (CEST) Subject: SUSE-CU-2024:1457-1: Recommended update of bci/openjdk-devel Message-ID: <20240414070933.B0EFCFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1457-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-16.101 , bci/openjdk-devel:latest Container Release : 16.101 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:bci-openjdk-17-15.5.17-16.44 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:09:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:09:57 +0200 (CEST) Subject: SUSE-CU-2024:1458-1: Recommended update of bci/openjdk Message-ID: <20240414070957.C5528FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1458-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-16.44 , bci/openjdk:latest Container Release : 16.44 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Sun Apr 14 07:10:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 14 Apr 2024 09:10:28 +0200 (CEST) Subject: SUSE-CU-2024:1459-1: Recommended update of suse/pcp Message-ID: <20240414071028.B2188FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1459-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.92 , suse/pcp:5.2 , suse/pcp:5.2-22.92 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.92 , suse/pcp:latest Container Release : 22.92 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:bci-bci-init-15.5-15.5-15.14 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:02:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:02:21 +0200 (CEST) Subject: SUSE-CU-2024:1459-1: Recommended update of suse/pcp Message-ID: <20240415070221.5C6F8FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1459-1 Container Tags : suse/pcp:5 , suse/pcp:5-22.92 , suse/pcp:5.2 , suse/pcp:5.2-22.92 , suse/pcp:5.2.5 , suse/pcp:5.2.5-22.92 , suse/pcp:latest Container Release : 22.92 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:bci-bci-init-15.5-15.5-15.14 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:02:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:02:49 +0200 (CEST) Subject: SUSE-CU-2024:1460-1: Security update of bci/php-apache Message-ID: <20240415070249.7D4E4FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1460-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-12.46 Container Release : 12.46 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1221242 1221746 1221747 CVE-2024-28834 CVE-2024-28835 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libgnutls30-hmac-3.7.3-150400.4.44.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:03:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:03:13 +0200 (CEST) Subject: SUSE-CU-2024:1461-1: Security update of bci/php-fpm Message-ID: <20240415070313.D51AEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1461-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-12.44 Container Release : 12.44 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1221242 1221746 1221747 CVE-2024-28834 CVE-2024-28835 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libgnutls30-hmac-3.7.3-150400.4.44.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:03:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:03:40 +0200 (CEST) Subject: SUSE-CU-2024:1462-1: Security update of bci/php Message-ID: <20240415070340.48138FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1462-1 Container Tags : bci/php:8 , bci/php:8-12.46 Container Release : 12.46 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1221242 1221746 1221747 CVE-2024-28834 CVE-2024-28835 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1271-1 Released: Fri Apr 12 15:35:55 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1221242,1221746,1221747,CVE-2024-28834,CVE-2024-28835 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libgnutls30-3.7.3-150400.4.44.1 updated - libgnutls30-hmac-3.7.3-150400.4.44.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:04:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:04:05 +0200 (CEST) Subject: SUSE-CU-2024:1463-1: Recommended update of suse/postgres Message-ID: <20240415070405.53F78FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1463-1 Container Tags : suse/postgres:15 , suse/postgres:15-17.41 , suse/postgres:15.6 , suse/postgres:15.6-17.41 Container Release : 17.41 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:04:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:04:16 +0200 (CEST) Subject: SUSE-CU-2024:1464-1: Recommended update of suse/postgres Message-ID: <20240415070416.3DB0DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1464-1 Container Tags : suse/postgres:16 , suse/postgres:16-6.42 , suse/postgres:16.2 , suse/postgres:16.2-6.42 , suse/postgres:latest Container Release : 6.42 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:04:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:04:41 +0200 (CEST) Subject: SUSE-CU-2024:1465-1: Recommended update of bci/python Message-ID: <20240415070441.47254FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1465-1 Container Tags : bci/python:3 , bci/python:3-17.44 , bci/python:3.11 , bci/python:3.11-17.44 , bci/python:latest Container Release : 17.44 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:05:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:05:08 +0200 (CEST) Subject: SUSE-CU-2024:1466-1: Recommended update of bci/python Message-ID: <20240415070508.110E8FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1466-1 Container Tags : bci/python:3 , bci/python:3-18.46 , bci/python:3.6 , bci/python:3.6-18.46 Container Release : 18.46 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1222109 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - python3-devel-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:05:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:05:16 +0200 (CEST) Subject: SUSE-CU-2024:1467-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240415070516.26478FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1467-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-15.39 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-15.39 , suse/rmt-mariadb-client:latest Container Release : 15.39 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:05:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:05:25 +0200 (CEST) Subject: SUSE-CU-2024:1468-1: Recommended update of suse/rmt-mariadb Message-ID: <20240415070525.352E3FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1468-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-20.14 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-20.14 , suse/rmt-mariadb:latest Container Release : 20.14 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1222109 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:05:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:05:42 +0200 (CEST) Subject: SUSE-CU-2024:1469-1: Recommended update of suse/rmt-server Message-ID: <20240415070542.39FACFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1469-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-15.41 , suse/rmt-server:latest Container Release : 15.41 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:08 +0200 (CEST) Subject: SUSE-CU-2024:1470-1: Recommended update of bci/ruby Message-ID: <20240415070608.AED7FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1470-1 Container Tags : bci/ruby:2 , bci/ruby:2-16.42 , bci/ruby:2.5 , bci/ruby:2.5-16.42 , bci/ruby:latest Container Release : 16.42 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:33 +0200 (CEST) Subject: SUSE-CU-2024:1471-1: Recommended update of bci/rust Message-ID: <20240415070633.AA537FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1471-1 Container Tags : bci/rust:1.77 , bci/rust:1.77-1.3.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.2 Container Release : 3.2 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libasan8-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libhwasan0-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - libtsan2-13.2.1+git8285-150000.1.9.1 updated - libubsan1-13.2.1+git8285-150000.1.9.1 updated - cpp13-13.2.1+git8285-150000.1.9.1 updated - glibc-devel-2.31-150300.71.1 updated - gcc13-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:36 +0200 (CEST) Subject: SUSE-CU-2024:1438-1: Security update of bci/bci-micro Message-ID: <20240415070636.A0749FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1438-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.8.3 Container Release : 8.3 Severity : moderate Type : security References : 1219321 1220061 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - glibc-2.38-150600.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - sles-release-15.6-150600.31.3 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:37 +0200 (CEST) Subject: SUSE-CU-2024:1472-1: Security update of bci/openjdk Message-ID: <20240415070637.F359FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1472-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-5.23 Container Release : 5.23 Severity : important Type : security References : 1219321 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - glibc-2.38-150600.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.13 updated - libopenssl-3-fips-provider-3.1.4-150600.2.13 updated - coreutils-8.32-150400.9.3.1 updated - openssl-3-3.1.4-150600.2.13 updated - java-21-openjdk-headless-21.0.2.0-150600.2.26 updated - java-21-openjdk-21.0.2.0-150600.2.26 updated - container:sles15-image-15.0.0-46.2.3 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:39 +0200 (CEST) Subject: SUSE-CU-2024:1473-1: Security update of bci/python Message-ID: <20240415070639.89B86FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1473-1 Container Tags : bci/python:3 , bci/python:3-5.26 , bci/python:3.12 , bci/python:3.12-5.26 Container Release : 5.26 Severity : important Type : security References : 1219321 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - libldap-data-2.4.46-150600.23.12 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.1 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.13 updated - libopenssl-3-fips-provider-3.1.4-150600.2.13 updated - libldap-2_4-2-2.4.46-150600.23.12 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - openssl-3-3.1.4-150600.2.13 updated - libpython3_12-1_0-3.12.1-150600.1.24 updated - python312-base-3.12.1-150600.1.24 updated - python312-devel-3.12.1-150600.1.24 updated - less-643-150600.1.31 updated - container:sles15-image-15.0.0-46.2.3 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:06:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:06:45 +0200 (CEST) Subject: SUSE-CU-2024:1474-1: Security update of suse/sle15 Message-ID: <20240415070645.2ECCFFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1474-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.46.2.3 , suse/sle15:15.6 , suse/sle15:15.6.46.2.3 Container Release : 46.2.3 Severity : important Type : security References : 1219321 1219559 1220061 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - glibc-2.38-150600.9.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libgcrypt20-1.10.3-150600.1.16 updated - libgpgme11-1.23.0-150600.1.31 updated - libimaevm3-1.4-150600.7.2 added - libldap-2_4-2-2.4.46-150600.23.12 updated - libldap-data-2.4.46-150600.23.12 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libopenssl-3-fips-provider-3.1.4-150600.2.13 updated - libopenssl3-3.1.4-150600.2.13 updated - libssh-config-0.9.8-150600.9.1 updated - libssh4-0.9.8-150600.9.1 updated - libsystemd0-254.9-150600.2.19 updated - libudev1-254.9-150600.2.19 updated - ncurses-utils-6.1-150000.5.24.1 updated - openssl-3-3.1.4-150600.2.13 updated - rpm-ndb-4.14.3-150400.59.10.1 updated - sle-module-basesystem-release-15.6-150600.31.4 updated - sle-module-python3-release-15.6-150600.31.4 updated - sle-module-server-applications-release-15.6-150600.31.4 updated - sles-release-15.6-150600.31.3 updated - terminfo-base-6.1-150000.5.24.1 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:1475-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240415070706.5F7A4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1475-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.24 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.24 Severity : moderate Type : recommended References : 1222259 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] The following package changes have been done: - python3-rpm-4.14.3-150400.59.13.1 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:1476-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240415070706.E8190FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1476-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.26 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.26 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - python3-base-3.6.15-150300.10.60.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:07:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:07:19 +0200 (CEST) Subject: SUSE-CU-2024:1477-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240415070719.BBBA6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1477-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.11 , suse/manager/4.3/proxy-salt-broker:4.3.11.9.39.27 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.39.27 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Mon Apr 15 07:07:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Apr 2024 09:07:32 +0200 (CEST) Subject: SUSE-CU-2024:1478-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240415070732.78EB5FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1478-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.11 , suse/manager/4.3/proxy-ssh:4.3.11.9.39.20 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.39.20 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:01:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:01:46 +0200 (CEST) Subject: SUSE-CU-2024:1479-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240416070146.13BBEFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1479-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.207 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.207 Severity : important Type : security References : 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1219581 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2024-22667 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). The following package changes have been done: - vim-data-common-9.1.0111-150500.20.9.1 updated - vim-9.1.0111-150500.20.9.1 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:03:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:03:57 +0200 (CEST) Subject: SUSE-CU-2024:1485-1: Recommended update of bci/golang Message-ID: <20240416070357.19425FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1485-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.2.48 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.2.48 Container Release : 2.48 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - glibc-devel-2.31-150300.71.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:04:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:04:22 +0200 (CEST) Subject: SUSE-CU-2024:1488-1: Recommended update of suse/helm Message-ID: <20240416070422.AFFB2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1488-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-8.16 , suse/helm:latest Container Release : 8.16 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:micro-image-15.5.0-18.4 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:04:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:04:47 +0200 (CEST) Subject: SUSE-CU-2024:1490-1: Recommended update of bci/bci-init Message-ID: <20240416070447.1CC35FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1490-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.15.14 , bci/bci-init:latest Container Release : 15.14 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:05:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:05:07 +0200 (CEST) Subject: SUSE-CU-2024:1493-1: Recommended update of bci/bci-minimal Message-ID: <20240416070507.68BA9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1493-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.19.10 , bci/bci-minimal:latest Container Release : 19.10 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - container:micro-image-15.5.0-18.4 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:12:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:12:21 +0200 (CEST) Subject: SUSE-CU-2024:1513-1: Recommended update of bci/rust Message-ID: <20240416071221.C5641FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1513-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-2.4.1 , bci/rust:oldstable , bci/rust:oldstable-2.4.1 Container Release : 4.1 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220441 1220724 1221239 1222047 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:582-1 Released: Wed Feb 21 21:04:00 2024 Summary: Recommended update for rust Type: recommended Severity: moderate References: This update for rust fixes the following issues: - Update to version 1.76.0 - for details see the rust1.76 package Version 1.76.0 (2024-02-08) ========================== Language -------- - Document Rust ABI compatibility between various types - Also: guarantee that char and u32 are ABI-compatible - Warn against ambiguous wide pointer comparisons - Add lint `ambiguous_wide_pointer_comparisons` that supersedes `clippy::vtable_address_comparisons` Compiler -------- - Lint pinned `#[must_use]` pointers (in particular, `Box` where `T` is `#[must_use]`) in `unused_must_use`. - Soundness fix: fix computing the offset of an unsized field in a packed struct - Soundness fix: fix dynamic size/align computation logic for packed types with dyn Trait tail - Add `$message_type` field to distinguish json diagnostic outputs - Enable Rust to use the EHCont security feature of Windows - Add tier 3 {x86_64,i686}-win7-windows-msvc targets - Add tier 3 aarch64-apple-watchos target - Add tier 3 arm64e-apple-ios & arm64e-apple-darwin targets Refer to Rust's [platform support page for more information on Rust's tiered platform support. Libraries --------- - Add a column number to `dbg!()` - Add `std::hash::{DefaultHasher, RandomState}` exports - Fix rounding issue with exponents in fmt - Add T: ?Sized to `RwLockReadGuard` and `RwLockWriteGuard`'s Debug impls. - Windows: Allow `File::create` to work on hidden files Stabilized APIs --------------- - `Arc::unwrap_or_clone` (https://doc.rust-lang.org/stable/std/sync/struct.Arc.html#method.unwrap_or_clone) - `Rc::unwrap_or_clone` (https://doc.rust-lang.org/stable/std/rc/struct.Rc.html#method.unwrap_or_clone) - `Result::inspect` (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.inspect) - `Result::inspect_err` (https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.inspect_err) - `Option::inspect` (https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.inspect) - `type_name_of_val` (https://doc.rust-lang.org/stable/std/any/fn.type_name_of_val.html) - `std::hash::{DefaultHasher, RandomState}` (https://doc.rust-lang.org/stable/std/hash/index.html#structs) These were previously available only through `std::collections::hash_map`. - `ptr::{from_ref, from_mut}` (https://doc.rust-lang.org/stable/std/ptr/fn.from_ref.html) - `ptr::addr_eq` (https://doc.rust-lang.org/stable/std/ptr/fn.addr_eq.html) Cargo ----- See Cargo release notes at https://github.com/rust-lang/cargo/blob/master/CHANGELOG.md#cargo-176-2024-02-08 . Rustdoc ------- - Don't merge cfg and doc(cfg) attributes for re-exports - rustdoc: allow resizing the sidebar / hiding the top bar - rustdoc-search: add support for traits and associated types - rustdoc: Add highlighting for comments in items declaration ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1173-1 Released: Tue Apr 9 10:00:08 2024 Summary: Recommended update for rust1.76 Type: recommended Severity: moderate References: 1222047 This update for rust1.76 fixes the following issues: - Update gcc minimum version to 13 for SLE (bsc#1222047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libasan8-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libhwasan0-13.2.1+git8285-150000.1.9.1 added - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - libtsan2-13.2.1+git8285-150000.1.9.1 updated - libubsan1-13.2.1+git8285-150000.1.9.1 updated - cpp13-13.2.1+git8285-150000.1.9.1 added - glibc-devel-2.31-150300.71.1 updated - gcc13-13.2.1+git8285-150000.1.9.1 added - rust1.76-1.76.0-150500.11.6.1 added - cargo1.76-1.76.0-150500.11.6.1 added - container:sles15-image-15.0.0-36.11.24 updated - cargo1.75-1.75.0-150500.11.3.1 removed - cpp12-12.3.0+git1204-150000.1.16.1 removed - gcc12-12.3.0+git1204-150000.1.16.1 removed - rust1.75-1.75.0-150500.11.3.1 removed From sle-container-updates at lists.suse.com Tue Apr 16 07:12:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:12:58 +0200 (CEST) Subject: SUSE-CU-2024:1515-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240416071258.494FAFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1515-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.8.13 , bci/bci-sle15-kernel-module-devel:latest Container Release : 8.13 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1222109 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - python3-base-3.6.15-150300.10.60.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-36.11.24 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:04 +0200 (CEST) Subject: SUSE-CU-2024:1518-1: Recommended update of bci/bci-init Message-ID: <20240416071304.51EBEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1518-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.7.33 Container Release : 7.33 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libsystemd0-254.10-150600.1.1 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - sles-release-15.6-150600.32.2 updated - systemd-254.10-150600.1.1 updated - container:sles15-image-15.0.0-46.2.6 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:07 +0200 (CEST) Subject: SUSE-CU-2024:1519-1: Recommended update of bci/bci-micro Message-ID: <20240416071307.019D0FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1519-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.8.7 Container Release : 8.7 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - sles-release-15.6-150600.32.2 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:09 +0200 (CEST) Subject: SUSE-CU-2024:1521-1: Security update of bci/bci-minimal Message-ID: <20240416071309.86771FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1521-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.9.12 Container Release : 9.12 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 1222259 CVE-2023-45918 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - coreutils-8.32-150400.9.3.1 updated - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libncurses6-6.1-150000.5.24.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - sles-release-15.6-150600.32.2 updated - terminfo-base-6.1-150000.5.24.1 updated - container:micro-image-15.6.0-8.7 updated - libpcre1-8.45-150000.20.13.1 removed From sle-container-updates at lists.suse.com Tue Apr 16 07:13:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:11 +0200 (CEST) Subject: SUSE-CU-2024:1523-1: Recommended update of bci/openjdk Message-ID: <20240416071311.E8D6EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1523-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-5.36 Container Release : 5.36 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - openssl-3-3.1.4-150600.2.17 updated - java-21-openjdk-headless-21.0.2.0-150600.2.28 updated - java-21-openjdk-21.0.2.0-150600.2.28 updated - container:sles15-image-15.0.0-46.2.6 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:14 +0200 (CEST) Subject: SUSE-CU-2024:1525-1: Recommended update of bci/python Message-ID: <20240416071314.029CEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1525-1 Container Tags : bci/python:3 , bci/python:3-5.39 , bci/python:3.12 , bci/python:3.12-5.39 Container Release : 5.39 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - openssl-3-3.1.4-150600.2.17 updated - libpython3_12-1_0-3.12.1-150600.1.25 updated - python312-base-3.12.1-150600.1.25 updated - python312-devel-3.12.1-150600.1.25 updated - less-643-150600.1.32 updated - container:sles15-image-15.0.0-46.2.6 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:20 +0200 (CEST) Subject: SUSE-CU-2024:1527-1: Recommended update of suse/sle15 Message-ID: <20240416071320.CD568FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1527-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.46.2.6 , suse/sle15:15.6 , suse/sle15:15.6.46.2.6 Container Release : 46.2.6 Severity : moderate Type : recommended References : 1210959 1214934 1217450 1217667 1218492 1219031 1219520 1220724 1221239 1222259 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libabsl2401_0_0-20240116.1-150600.17.1 added - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgpgme11-1.23.0-150600.1.33 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libldap-data-2.4.46-150600.23.14 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libopenssl3-3.1.4-150600.2.17 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libsystemd0-254.10-150600.1.1 updated - libudev1-254.10-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - openssl-3-3.1.4-150600.2.17 updated - rpm-ndb-4.14.3-150400.59.13.1 updated - sle-module-basesystem-release-15.6-150600.32.1 updated - sle-module-python3-release-15.6-150600.32.1 updated - sle-module-server-applications-release-15.6-150600.32.1 updated - sles-release-15.6-150600.32.2 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - libimaevm3-1.4-150600.7.2 removed From sle-container-updates at lists.suse.com Tue Apr 16 07:13:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:36 +0200 (CEST) Subject: SUSE-CU-2024:1478-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240416071336.3919FFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1478-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.11 , suse/manager/4.3/proxy-ssh:4.3.11.9.39.20 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.39.20 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:13:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:13:51 +0200 (CEST) Subject: SUSE-CU-2024:1528-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20240416071351.9A152FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1528-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.11 , suse/manager/4.3/proxy-tftpd:4.3.11.9.39.18 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.39.18 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:14:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:14:38 +0200 (CEST) Subject: SUSE-CU-2024:1529-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240416071438.CE89DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1529-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.13 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.13 Severity : moderate Type : recommended References : 1175678 1210959 1214934 1217450 1217667 1218171 1218492 1218544 1219031 1219520 1220441 1220724 1221239 1221525 1222109 CVE-2024-0217 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:34 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libzypp-17.32.2-150200.92.3 updated - python3-base-3.6.15-150300.10.60.1 updated - zypper-1.14.69-150200.73.7 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:16:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:16:41 +0200 (CEST) Subject: SUSE-CU-2024:1533-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240416071641.69F2CFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1533-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.12 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.12 Severity : moderate Type : recommended References : 1175678 1210959 1214934 1217450 1217667 1218171 1218492 1218544 1219031 1219520 1220441 1220724 1221239 1221525 CVE-2024-0217 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:34 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-locale-base-2.31-150300.71.1 updated - glibc-locale-2.31-150300.71.1 updated - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libzypp-17.32.2-150200.92.3 updated - zypper-1.14.69-150200.73.7 updated From sle-container-updates at lists.suse.com Tue Apr 16 07:16:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Apr 2024 09:16:42 +0200 (CEST) Subject: SUSE-CU-2024:1534-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240416071642.1B39DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1534-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.13 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.13 Severity : moderate Type : recommended References : 1222109 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated From sle-container-updates at lists.suse.com Wed Apr 17 07:02:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 09:02:52 +0200 (CEST) Subject: SUSE-CU-2024:1536-1: Security update of bci/nodejs Message-ID: <20240417070252.7DE76FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1536-1 Container Tags : bci/node:18 , bci/node:18-17.2 , bci/nodejs:18 , bci/nodejs:18-17.2 Container Release : 17.2 Severity : important Type : security References : 1220053 1222244 1222384 1222530 1222603 CVE-2024-24806 CVE-2024-27982 CVE-2024-27983 CVE-2024-30260 CVE-2024-30261 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1309-1 Released: Tue Apr 16 11:32:57 2024 Summary: Security update for nodejs18 Type: security Severity: important References: 1220053,1222244,1222384,1222530,1222603,CVE-2024-24806,CVE-2024-27982,CVE-2024-27983,CVE-2024-30260,CVE-2024-30261 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053) The following package changes have been done: - nodejs18-18.20.1-150400.9.21.3 updated - npm18-18.20.1-150400.9.21.3 updated From sle-container-updates at lists.suse.com Wed Apr 17 07:03:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 09:03:11 +0200 (CEST) Subject: SUSE-CU-2024:1537-1: Security update of bci/nodejs Message-ID: <20240417070311.AE864FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1537-1 Container Tags : bci/node:20 , bci/node:20-7.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-7.2 , bci/nodejs:latest Container Release : 7.2 Severity : important Type : security References : 1220053 1222244 1222384 1222530 1222603 CVE-2024-24806 CVE-2024-27982 CVE-2024-27983 CVE-2024-30260 CVE-2024-30261 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1301-1 Released: Tue Apr 16 03:33:31 2024 Summary: Security update for nodejs20 Type: security Severity: important References: 1220053,1222244,1222384,1222530,1222603,CVE-2024-24806,CVE-2024-27982,CVE-2024-27983,CVE-2024-30260,CVE-2024-30261 This update for nodejs20 fixes the following issues: Update to 20.12.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053) The following package changes have been done: - nodejs20-20.12.1-150500.11.9.2 updated - npm20-20.12.1-150500.11.9.2 updated From sle-container-updates at lists.suse.com Wed Apr 17 12:38:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:28 +0200 (CEST) Subject: SUSE-IU-2024:322-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240417123828.0AFC5FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:322-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-4.2.51 , suse/sle-micro/base-5.5:latest Image Release : 4.2.51 Severity : important Type : security References : 1107342 1207987 1210959 1211886 1214934 1215377 1215434 1215698 1217445 1217450 1217589 1217667 1218232 1218492 1218571 1218782 1218831 1218866 1219031 1219238 1219243 1219321 1219442 1219520 1219576 1220061 1220385 1220441 1220724 1220770 1220771 1220772 1221218 1221239 1221399 1221665 1221667 1221831 CVE-2023-45918 CVE-2023-7207 CVE-2024-0727 CVE-2024-2004 CVE-2024-2398 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28085 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:480-1 Released: Thu Feb 15 12:35:51 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - glibc-2.31-150300.71.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - login_defs-4.8.1-150400.10.15.1 updated - cpio-2.13-150400.3.6.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated - libmount1-2.37.4-150500.9.6.1 updated - krb5-1.20.1-150500.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - coreutils-8.32-150400.9.3.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - sed-4.4-150300.13.3.1 updated - libsolv-tools-0.7.28-150400.3.16.2 updated - libzypp-17.31.31-150400.3.52.2 updated - shadow-4.8.1-150400.10.15.1 updated - util-linux-2.37.4-150500.9.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.0.1-150400.5.44.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:36 +0200 (CEST) Subject: SUSE-CU-2024:1543-1: Security update of rancher/elemental-channel Message-ID: <20240417123836.46D9AFCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1543-1 Container Tags : rancher/elemental-channel:1.4.3 , rancher/elemental-channel:1.4.3-3.2.162 , rancher/elemental-channel:latest Container Release : 3.2.162 Severity : moderate Type : security References : 1217445 1217589 1218866 1220441 ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1272-1 Released: Fri Apr 12 16:24:28 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image contains the following fixes: - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy The following package changes have been done: - glibc-2.31-150300.71.1 updated - elemental-register-1.4.3-150500.3.3.3 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - cni-1.1.2-150500.3.2.1 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.3.3.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - dbus-1-1.12.2-150400.18.8.1 removed - diffutils-3.6-4.3.1 removed - file-5.32-7.14.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - gawk-4.2.1-150000.3.3.1 removed - gettext-runtime-0.20.2-1.43 removed - glibc-locale-base-2.31-150300.63.1 removed - gpg2-2.2.27-150300.3.8.1 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - hostname-3.16-2.22 removed - info-6.5-4.17 removed - iproute2-5.14-150400.1.8 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - krb5-1.20.1-150500.3.3.1 removed - libacl1-2.2.52-4.3.1 removed - libapparmor1-3.0.4-150500.11.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libassuan0-2.5.5-150000.4.5.2 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.3.3.1 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcontainers-common-20230214-150500.4.6.1 removed - libcontainers-sles-mounts-20230214-150500.4.6.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-13.2.1+git7813-150000.1.6.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgdbm4-1.12-1.418 removed - libglib-2_0-0-2.70.5-150400.3.8.1 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libgpgme11-1.16.0-150400.1.80 removed - libidn2-0-2.2.0-3.6.1 removed - libip4tc2-1.8.7-1.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libjson-c3-0.13-3.3.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libkmod2-29-4.15.1 removed - libksba8-1.3.5-150000.4.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - libltdl7-2.4.6-3.4.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmnl0-1.0.4-1.25 removed - libmount1-2.37.4-150500.9.3.1 removed - libmspack0-0.6-3.14.1 removed - libncurses6-6.1-150000.5.20.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnpth0-1.5-2.11 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.22.1 removed - libp11-kit0-0.23.22-150500.8.3.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpcre2-8-0-10.39-150400.4.9.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.28-150500.1.1 removed - libseccomp2-2.5.3-150400.2.4 removed - libselinux1-3.4-150500.1.12 removed - libsemanage-conf-3.4-150500.1.12 removed - libsemanage2-3.4-150500.1.12 removed - libsepol2-3.4-150500.1.18 removed - libslirp0-4.7.0+44-150500.2.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - libssh-config-0.9.8-150400.3.3.1 removed - libssh4-0.9.8-150400.3.3.1 removed - libstdc++6-13.2.1+git7813-150000.1.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtextstyle0-0.20.2-1.43 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libudev1-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.11.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - libxtables12-1.8.7-1.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150500.1.10 removed - ncurses-utils-6.1-150000.5.20.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.66.1 removed - pam-config-1.1-3.3.1 removed - perl-5.26.1-150300.17.14.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - pinentry-1.1.0-4.3.1 removed - pkg-config-0.29.2-1.436 removed - rpm-4.14.3-150400.59.3.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - runc-1.1.10-150000.55.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150500.1.10 removed - slirp4netns-1.2.0-150500.1.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - systemd-249.17-150400.8.40.1 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-common-SUSE-15-150500.20.3.1 removed - systemd-rpm-macros-14-150000.7.36.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - terminfo-base-6.1-150000.5.20.1 removed - timezone-2023c-150000.75.23.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed - util-linux-2.37.4-150500.9.3.1 removed - which-2.21-2.20 removed - xz-5.2.3-150000.4.7.1 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:37 +0200 (CEST) Subject: SUSE-CU-2024:1544-1: Security update of rancher/elemental-rt-channel Message-ID: <20240417123837.4AA60FCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1544-1 Container Tags : rancher/elemental-rt-channel:1.4.3 , rancher/elemental-rt-channel:1.4.3-2.2.122 , rancher/elemental-rt-channel:latest Container Release : 2.2.122 Severity : moderate Type : security References : 1217445 1217589 1218866 1220441 ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1272-1 Released: Fri Apr 12 16:24:28 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image contains the following fixes: - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy The following package changes have been done: - glibc-2.31-150300.71.1 updated - elemental-register-1.4.3-150500.3.3.3 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 removed - bash-4.4-150400.25.22 removed - bash-sh-4.4-150400.25.22 removed - cni-1.1.2-150500.3.2.1 removed - coreutils-8.32-150400.7.5 removed - cpio-2.13-150400.3.3.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - dbus-1-1.12.2-150400.18.8.1 removed - diffutils-3.6-4.3.1 removed - file-5.32-7.14.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - findutils-4.8.0-1.20 removed - gawk-4.2.1-150000.3.3.1 removed - gettext-runtime-0.20.2-1.43 removed - glibc-locale-base-2.31-150300.63.1 removed - gpg2-2.2.27-150300.3.8.1 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - hostname-3.16-2.22 removed - info-6.5-4.17 removed - iproute2-5.14-150400.1.8 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - krb5-1.20.1-150500.3.3.1 removed - libacl1-2.2.52-4.3.1 removed - libapparmor1-3.0.4-150500.11.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libassuan0-2.5.5-150000.4.5.2 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.3.3.1 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcontainers-common-20230214-150500.4.6.1 removed - libcontainers-sles-mounts-20230214-150500.4.6.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libexpat1-2.4.4-150400.3.12.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libffi7-3.2.1.git259-10.8 removed - libgcc_s1-13.2.1+git7813-150000.1.6.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgdbm4-1.12-1.418 removed - libglib-2_0-0-2.70.5-150400.3.8.1 removed - libgmp10-6.1.2-4.9.1 removed - libgpg-error0-1.42-150400.1.101 removed - libgpgme11-1.16.0-150400.1.80 removed - libidn2-0-2.2.0-3.6.1 removed - libip4tc2-1.8.7-1.1 removed - libjitterentropy3-3.4.0-150000.1.9.1 removed - libjson-c3-0.13-3.3.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libkmod2-29-4.15.1 removed - libksba8-1.3.5-150000.4.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - libltdl7-2.4.6-3.4.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - libmagic1-5.32-7.14.1 removed - libmnl0-1.0.4-1.25 removed - libmount1-2.37.4-150500.9.3.1 removed - libmspack0-0.6-3.14.1 removed - libncurses6-6.1-150000.5.20.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnpth0-1.5-2.11 removed - libnsl2-1.2.0-2.44 removed - libopenssl1_1-1.1.1l-150500.17.22.1 removed - libp11-kit0-0.23.22-150500.8.3.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpcre2-8-0-10.39-150400.4.9.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libreadline7-7.0-150400.25.22 removed - libsasl2-3-2.1.28-150500.1.1 removed - libseccomp2-2.5.3-150400.2.4 removed - libselinux1-3.4-150500.1.12 removed - libsemanage-conf-3.4-150500.1.12 removed - libsemanage2-3.4-150500.1.12 removed - libsepol2-3.4-150500.1.18 removed - libslirp0-4.7.0+44-150500.2.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - libssh-config-0.9.8-150400.3.3.1 removed - libssh4-0.9.8-150400.3.3.1 removed - libstdc++6-13.2.1+git7813-150000.1.6.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtextstyle0-0.20.2-1.43 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libudev1-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.11.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - libxtables12-1.8.7-1.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150500.1.10 removed - ncurses-utils-6.1-150000.5.20.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.66.1 removed - pam-config-1.1-3.3.1 removed - perl-5.26.1-150300.17.14.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - pinentry-1.1.0-4.3.1 removed - pkg-config-0.29.2-1.436 removed - rpm-4.14.3-150400.59.3.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - runc-1.1.10-150000.55.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150500.1.10 removed - slirp4netns-1.2.0-150500.1.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - systemd-249.17-150400.8.40.1 removed - systemd-default-settings-0.7-3.2.1 removed - systemd-default-settings-branding-SLE-0.7-3.2.1 removed - systemd-presets-common-SUSE-15-150500.20.3.1 removed - systemd-rpm-macros-14-150000.7.36.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - terminfo-base-6.1-150000.5.20.1 removed - timezone-2023c-150000.75.23.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed - util-linux-2.37.4-150500.9.3.1 removed - which-2.21-2.20 removed - xz-5.2.3-150000.4.7.1 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:39 +0200 (CEST) Subject: SUSE-CU-2024:1545-1: Security update of rancher/elemental-operator Message-ID: <20240417123839.EC614FCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1545-1 Container Tags : rancher/elemental-operator:1.4.3 , rancher/elemental-operator:1.4.3-4.5.3 , rancher/elemental-operator:latest Container Release : 4.5.3 Severity : moderate Type : security References : 1210959 1214934 1217445 1217450 1217589 1217667 1218492 1218866 1219031 1219243 1219321 1219520 1220061 1220441 1220724 1221239 CVE-2023-45918 CVE-2024-0727 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.31-150300.71.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated - coreutils-8.32-150400.9.3.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 removed - cpio-2.13-150400.3.3.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - gpg2-2.2.27-150300.3.8.1 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - krb5-1.20.1-150500.3.3.1 removed - libassuan0-2.5.5-150000.4.5.2 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcom_err2-1.46.4-150400.3.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcurl4-8.0.1-150400.5.41.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libglib-2_0-0-2.70.5-150400.3.8.1 removed - libgpg-error0-1.42-150400.1.101 removed - libgpgme11-1.16.0-150400.1.80 removed - libidn2-0-2.2.0-3.6.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libksba8-1.3.5-150000.4.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnghttp2-14-1.40.0-150200.12.1 removed - libnpth0-1.5-2.11 removed - libnsl2-1.2.0-2.44 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - libssh-config-0.9.8-150400.3.3.1 removed - libssh4-0.9.8-150400.3.3.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libudev1-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libverto1-0.2.6-3.20 removed - libxml2-2-2.10.3-150500.5.11.1 removed - libzstd1-1.5.0-150400.3.3.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - pinentry-1.1.0-4.3.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:42 +0200 (CEST) Subject: SUSE-CU-2024:1546-1: Security update of rancher/seedimage-builder Message-ID: <20240417123842.946F8FCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1546-1 Container Tags : rancher/seedimage-builder:1.4.3 , rancher/seedimage-builder:1.4.3-3.2.35 , rancher/seedimage-builder:latest Container Release : 3.2.35 Severity : important Type : security References : 1210959 1214934 1217445 1217450 1217589 1217667 1218492 1218866 1219031 1219243 1219321 1219520 1220061 1220385 1220441 1220724 1220770 1220771 1220772 1221239 1221399 1221665 1221667 CVE-2023-45918 CVE-2024-0727 CVE-2024-2004 CVE-2024-2398 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28182 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - glibc-2.31-150300.71.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.25.1 updated - krb5-1.20.1-150500.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - coreutils-8.32-150400.9.3.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - curl-8.0.1-150400.5.44.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.6.2 removed - cpio-2.13-150400.3.3.1 removed - cracklib-2.9.7-11.6.1 removed - cracklib-dict-small-2.9.7-11.6.1 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - gpg2-2.2.27-150300.3.8.1 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libassuan0-2.5.5-150000.4.5.2 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.37.4-150500.9.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.37.4-150500.9.3.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgcrypt20-hmac-1.9.4-150500.10.19 removed - libglib-2_0-0-2.70.5-150400.3.8.1 removed - libgpg-error0-1.42-150400.1.101 removed - libgpgme11-1.16.0-150400.1.80 removed - libksba8-1.3.5-150000.4.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.37.4-150500.9.3.1 removed - libnpth0-1.5-2.11 removed - libnsl2-1.2.0-2.44 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libsmartcols1-2.37.4-150500.9.3.1 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libudev1-249.17-150400.8.40.1 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.3.1 removed - libxml2-2-2.10.3-150500.5.11.1 removed - login_defs-4.8.1-150400.10.12.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - netcfg-11.6-3.3.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - pinentry-1.1.0-4.3.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sed-4.4-11.6 removed - shadow-4.8.1-150400.10.12.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.37.4-150500.9.3.1 removed From sle-container-updates at lists.suse.com Fri Apr 19 07:11:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Apr 2024 09:11:34 +0200 (CEST) Subject: SUSE-CU-2024:1572-1: Recommended update of suse/pcp Message-ID: <20240419071134.A3A9CFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1572-1 Container Tags : suse/pcp:5 , suse/pcp:5-23.4 , suse/pcp:5.2 , suse/pcp:5.2-23.4 , suse/pcp:5.2.5 , suse/pcp:5.2.5-23.4 , suse/pcp:latest Container Release : 23.4 Severity : important Type : recommended References : 1222121 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1327-1 Released: Wed Apr 17 11:05:35 2024 Summary: Recommended update for pcp Type: recommended Severity: important References: 1222121 This update for pcp fixes the following issue: - Adding fix for redis server backend exposure (bsc#1222121) The following package changes have been done: - pcp-conf-5.2.5-150400.5.6.3 updated - libpcp3-5.2.5-150400.5.6.3 updated - libpcp_web1-5.2.5-150400.5.6.3 updated - libpcp_trace2-5.2.5-150400.5.6.3 updated - libpcp_mmv1-5.2.5-150400.5.6.3 updated - libpcp_import1-5.2.5-150400.5.6.3 updated - libpcp_gui2-5.2.5-150400.5.6.3 updated - pcp-5.2.5-150400.5.6.3 updated From sle-container-updates at lists.suse.com Fri Apr 19 07:12:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Apr 2024 09:12:53 +0200 (CEST) Subject: SUSE-CU-2024:1582-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240419071253.A6925FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1582-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.27 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.27 Severity : moderate Type : recommended References : 1215520 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1341-1 Released: Thu Apr 18 15:29:45 2024 Summary: Recommended update for tftp Type: recommended Severity: moderate References: 1215520 This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) The following package changes have been done: - tftp-5.2-150000.5.6.2 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Fri Apr 19 13:23:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Apr 2024 15:23:10 +0200 (CEST) Subject: SUSE-CU-2024:1601-1: Recommended update of suse/rmt-mariadb Message-ID: <20240419132310.1CD31FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1601-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-21.3 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-21.3 , suse/rmt-mariadb:latest Container Release : 21.3 Severity : moderate Type : recommended References : 1221622 1221941 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1342-1 Released: Thu Apr 18 16:35:49 2024 Summary: Recommended update for unixODBC, libtool and libssh2_org Type: recommended Severity: moderate References: 1221622,1221941 This update for unixODBC, libtool and libssh2_org fixes the following issue: - Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941). - Fix an issue with Encrypt-then-MAC family. (bsc#1221622) The following package changes have been done: - libltdl7-2.4.6-150000.3.6.2 updated - libodbc2-2.3.9-150400.16.5.3 updated - container:sles15-image-15.0.0-36.11.25 updated From sle-container-updates at lists.suse.com Wed Apr 17 12:38:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:29 +0200 (CEST) Subject: SUSE-IU-2024:323-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240417123829.5FD18FCFA@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:323-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.2 , suse/sle-micro/kvm-5.5:2.0.2-2.2.85 , suse/sle-micro/kvm-5.5:latest Image Release : 2.2.85 Severity : important Type : security References : 1065729 1107342 1108281 1141539 1144060 1174649 1176006 1181674 1188307 1190495 1190495 1193285 1194869 1194869 1200731 1203823 1205316 1205502 1206453 1206627 1207987 1209412 1209554 1209834 1210443 1210507 1210959 1211515 1211886 1212091 1213189 1213418 1213456 1214377 1214806 1214934 1215275 1215377 1215434 1215885 1216198 1216441 1216559 1216702 1216752 1216776 1217083 1217445 1217450 1217589 1217667 1217895 1217927 1217964 1217987 1217988 1217989 1218005 1218195 1218216 1218232 1218447 1218450 1218484 1218492 1218527 1218527 1218571 1218659 1218663 1218689 1218713 1218723 1218730 1218752 1218757 1218768 1218778 1218779 1218804 1218832 1218836 1218842 1218866 1218915 1218916 1218948 1218958 1218968 1218997 1219006 1219012 1219013 1219014 1219031 1219053 1219067 1219120 1219126 1219127 1219128 1219136 1219141 1219146 1219238 1219243 1219285 1219295 1219321 1219349 1219412 1219429 1219434 1219443 1219490 1219512 1219520 1219559 1219568 1219576 1219582 1219608 1219653 1219767 1219827 1219835 1219839 1219840 1219841 1219934 1219975 1220003 1220009 1220021 1220030 1220061 1220062 1220065 1220106 1220134 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220385 1220392 1220393 1220398 1220409 1220441 1220444 1220457 1220459 1220485 1220649 1220724 1220770 1220771 1220772 1220796 1220825 1221218 1221239 1221289 1221399 1221470 1221665 1221667 1221675 1221831 1222259 CVE-2019-25162 CVE-2021-33631 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2023-1544 CVE-2023-28746 CVE-2023-29383 CVE-2023-45918 CVE-2023-4641 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-51042 CVE-2023-51043 CVE-2023-51780 CVE-2023-51782 CVE-2023-5197 CVE-2023-52160 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-5388 CVE-2023-6040 CVE-2023-6356 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6693 CVE-2023-6817 CVE-2023-6915 CVE-2023-7207 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-1151 CVE-2024-2004 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-2398 CVE-2024-24474 CVE-2024-24860 CVE-2024-25062 CVE-2024-25744 CVE-2024-26327 CVE-2024-26328 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:516-1 Released: Thu Feb 15 16:04:34 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1108281,1141539,1174649,1181674,1193285,1194869,1209834,1210443,1211515,1212091,1214377,1215275,1215885,1216441,1216559,1216702,1217895,1217987,1217988,1217989,1218005,1218447,1218527,1218659,1218689,1218713,1218723,1218730,1218752,1218757,1218768,1218778,1218779,1218804,1218832,1218836,1218916,1218948,1218958,1218968,1218997,1219006,1219012,1219013,1219014,1219053,1219067,1219120,1219128,1219136,1219285,1219349,1219412,1219429,1219434,1219490,1219512,1219568,1219582,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Documentation: RAS: Add index and address translation section (jsc#PED-7618). - ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes). - ACPI: LPSS: Fix the fractional clock divider flags (git-fixes). - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes). - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377) - ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377) - ACPI: video: check for error while searching for backlight device parent (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes). - Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes). - Documentation: Begin a RAS section (jsc#PED-7622). - EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618). - EDAC/amd64: Add context struct (jsc#PED-7615). - EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615). - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - EDAC/amd64: Remove module version string (jsc#PED-7615). - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618). - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes). - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes). - IB/iser: Prevent invalidating wrong MR (git-fixes) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes). - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PM: hibernate: Enforce ordering during image compression/decompression (git-fixes). - RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618). - RAS/AMD/ATL: Add MI300 support (jsc#PED-7618). - RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618). - RAS: Introduce AMD Address Translation Library (jsc#PED-7618). - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - RDMA/irdma: Do not modify to SQD on error (git-fixes) - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - USB: xhci: workaround for grace period (git-fixes). - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - Update patch reference for ax88179 fix (bsc#1218948) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - aio: fix mremap after fork null-deref (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729) - arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV. - arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - arm64: module: move find_section to header (jsc#PED-4729) - arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729) - arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729) - arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729) - asix: Add check for usbnet_get_endpoints (git-fixes). - attr: block mode changes of symlinks (git-fixes). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes). - clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - clk: samsung: Fix kernel-doc comments (git-fixes). - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes). - crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes). - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes). - crypto: sahara - do not resize req->src when doing hash operations (git-fixes). - crypto: sahara - fix ahash reqsize (git-fixes). - crypto: sahara - fix ahash selftest failure (git-fixes). - crypto: sahara - fix cbc selftest failure (git-fixes). - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes). - crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes). - crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes). - crypto: sahara - handle zero-length aes requests (git-fixes). - crypto: sahara - improve error handling in sahara_sha_process() (git-fixes). - crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes). - crypto: scomp - fix req->dst buffer overflow (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - doc/README.KSYMS: Add to repo. - docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes). - drivers: clk: zynqmp: calculate closest mux rate (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm/amd/display: add nv12 bounding box (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes). - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes). - drm/amd/pm: fix a double-free in si_dpm_init (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes). - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes). - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - drm/bridge: Fix typo in post_disable() description (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes). - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes). - drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/bridge: tc358767: Fix return value on error case (git-fixes). - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/drv: propagate errors from drm_modeset_register_all() (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes). - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dpu: Set input_sel bit for INTF (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes). - drm/msm/mdp4: flush vblank event on disable (git-fixes). - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes). - drm/panel: nt35510: fix typo (git-fixes). - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes). - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes). - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes). - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes). - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes). - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes). - drm/radeon: check return value of radeon_ring_lock() (git-fixes). - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Fix atomic_flush check (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tilcdc: Fix irq free on unload (git-fixes). - drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes). - eventfd: prevent underflow for eventfd semaphores (git-fixes). - exfat: fix reporting fs error when reading dir beyond EOF (git-fixes). - exfat: support handle zero-size directory (git-fixes). - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes). - fbdev: Only disable sysfb on the primary device (bsc#1216441) - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - fbdev: flush deferred IO before closing (git-fixes). - fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes). - fbdev: imxfb: fix left margin setting (git-fixes). - fbdev: mmp: Fix typo and wording in code comment (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes). - fjes: fix memleaks in fjes_hw_setup (git-fixes). - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - fs: Move notify_change permission checks into may_setattr (git-fixes). - fs: do not audit the capability check in simple_xattr_list() (git-fixes). - fs: drop peer group ids under namespace lock (git-fixes). - fs: indicate request originates from old mount API (git-fixes). - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - gfs2: Always check inode size of inline inodes (git-fixes). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes). - gfs2: Disable page faults during lockless buffered reads (git-fixes). - gfs2: Eliminate ip->i_gh (git-fixes). - gfs2: Eliminate vestigial HIF_FIRST (git-fixes). - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes). - gfs2: Introduce flag for glock holder auto-demotion (git-fixes). - gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes). - gfs2: Remove redundant check from gfs2_glock_dq (git-fixes). - gfs2: Switch to wait_event in gfs2_logd (git-fixes). - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - gfs2: low-memory forced flush fixes (git-fixes). - gfs2: release iopen glock early in evict (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes). - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: do not ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - ipmi: Use regspacings passed as a module parameter (git-fixes). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - kernel-doc: handle a void function without producing a warning (git-fixes). - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes). - media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes). - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes). - media: imx355: Enable runtime PM before registering async sub-device (git-fixes). - media: ov9734: Enable runtime PM before registering async sub-device (git-fixes). - media: pvrusb2: fix use after free on context disconnection (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - media: videobuf2-dma-sg: fix vmap callback (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes). - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes). - mtd: rawnand: pl353: Fix kernel doc (git-fixes). - mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes). - mtd: rawnand: rockchip: Rename a structure (git-fixes). - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes). - nsfs: add compat ioctl handler (git-fixes). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - of: Fix double free in of_parse_phandle_with_args_map (git-fixes). - of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - pci: Drop PCI vmd patches that caused a regression (bsc#1218005) - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes). - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869). - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869). - powerpc/xive: Fix endian conversion size (bsc#1194869). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes). - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - s390/dasd: fix double module refcount decrement (bsc#1141539). - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scripts/kernel-doc: restore warning for Excess struct/union (git-fixes). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes). - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: mpt3sas: Fix loop logic (bsc#1219067). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes). - serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - series.conf: the patch is not in git and breaks series_insert.py - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes). - swiotlb-xen: provide the 'max_mapping_size' method (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - tracing: Add size check when printing trace_marker output (git-fixes). - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - tracing: Increase trace array ref count on enable and filter files (bsc#1219490). - ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes). - ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes). - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: otg numberpad exception (bsc#1218527). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usr/Kconfig: fix typos of 'its' (git-fixes). - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes). - virtio-mmio: fix memory leak of vm_dev (git-fixes). - virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes). - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes). - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes). - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes). - watchdog: set cdev owner before adding (git-fixes). - wifi: ath11k: Defer on rproc_get failure (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes). - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - wifi: libertas: stop selecting wext (git-fixes). - wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes). - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes). - wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes). - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes). - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes). - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes). - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes). - xen/events: fix delayed eoi list handling (git-fixes). - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:597-1 Released: Thu Feb 22 20:07:11 2024 Summary: Security update for mozilla-nss Type: security Severity: important References: 1216198,CVE-2023-5388 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:764-1 Released: Tue Mar 5 13:46:25 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:858-1 Released: Wed Mar 13 01:09:39 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1007-1 Released: Wed Mar 27 10:51:42 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,1214806,CVE-2023-29383,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). - CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1103-1 Released: Wed Apr 3 14:11:06 2024 Summary: Security update for qemu Type: security Severity: important References: 1205316,1209554,1218484,1220062,1220065,1220134,CVE-2023-1544,CVE-2023-6693,CVE-2024-24474,CVE-2024-26327,CVE-2024-26328 This update for qemu fixes the following issues: - CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062). - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134). - CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484). - CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554). - CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065). The following non-security bug was fixed: - Removing in-use mediated device should fail with error message instead of hang (bsc#1205316). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1272-1 Released: Fri Apr 12 16:24:28 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image contains the following fixes: - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy The following package changes have been done: - glibc-2.31-150300.71.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - krb5-1.20.1-150500.3.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - login_defs-4.8.1-150500.3.3.1 updated - cpio-2.13-150400.3.6.1 updated - coreutils-8.32-150400.9.3.1 updated - sed-4.4-150300.13.3.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - netcfg-11.6-150000.3.6.1 updated - rpm-4.14.3-150400.59.13.1 updated - shadow-4.8.1-150500.3.3.1 updated - pam-config-1.1-150200.3.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - kernel-default-base-5.14.21-150500.55.52.1.150500.6.23.1 updated - qemu-guest-agent-7.1.0-150500.49.12.1 updated - libfreebl3-3.90.2-150400.3.39.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - mozilla-nss-certs-3.90.2-150400.3.39.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - mozilla-nss-3.90.2-150400.3.39.1 updated - libsoftokn3-3.90.2-150400.3.39.1 updated - wpa_supplicant-2.10-150500.3.3.1 updated - elemental-register-1.4.3-150500.3.3.3 updated - elemental-support-1.4.3-150500.3.3.3 updated - glibc-locale-base-2.31-150300.71.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.51 updated - gettext-runtime-0.20.2-1.43 removed - gpg2-2.2.27-150300.3.8.1 removed - iproute2-5.14-150400.1.8 removed - libassuan0-2.5.5-150000.4.5.2 removed - libgpgme11-1.16.0-150400.1.80 removed - libksba8-1.3.5-150000.4.6.1 removed - libmnl0-1.0.4-1.25 removed - libnpth0-1.5-2.11 removed - libtextstyle0-0.20.2-1.43 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libxtables12-1.8.7-1.1 removed - pinentry-1.1.0-4.3.1 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:30 +0200 (CEST) Subject: SUSE-IU-2024:324-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240417123830.885D3FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:324-1 Image Tags : suse/sle-micro/rt-5.5:2.0.2 , suse/sle-micro/rt-5.5:2.0.2-3.2.86 , suse/sle-micro/rt-5.5:latest Image Release : 3.2.86 Severity : important Type : security References : 1065729 1107342 1108281 1141539 1144060 1174649 1176006 1181674 1188307 1190495 1190495 1193285 1194869 1194869 1200731 1203823 1205502 1206453 1206627 1207987 1209412 1209834 1210443 1210507 1210959 1211515 1211886 1212091 1213189 1213418 1213456 1214377 1214806 1214934 1215275 1215377 1215434 1215885 1216198 1216441 1216559 1216702 1216752 1216776 1217083 1217445 1217450 1217589 1217667 1217895 1217927 1217964 1217987 1217988 1217989 1218005 1218195 1218216 1218232 1218447 1218450 1218492 1218527 1218527 1218571 1218659 1218663 1218713 1218723 1218730 1218738 1218752 1218757 1218768 1218778 1218779 1218804 1218832 1218836 1218842 1218866 1218915 1218916 1218948 1218958 1218968 1218997 1219006 1219012 1219013 1219014 1219031 1219053 1219067 1219120 1219126 1219127 1219128 1219136 1219141 1219146 1219238 1219243 1219285 1219295 1219321 1219349 1219412 1219429 1219434 1219443 1219490 1219512 1219520 1219559 1219568 1219576 1219582 1219653 1219767 1219827 1219835 1219839 1219840 1219841 1219934 1219975 1220003 1220009 1220021 1220030 1220061 1220106 1220140 1220187 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220267 1220277 1220317 1220326 1220328 1220330 1220335 1220344 1220348 1220350 1220364 1220385 1220392 1220393 1220398 1220409 1220441 1220444 1220457 1220459 1220485 1220649 1220724 1220770 1220771 1220772 1220796 1220825 1221218 1221239 1221289 1221399 1221470 1221665 1221667 1221675 1221831 1222259 CVE-2019-25162 CVE-2021-33631 CVE-2021-46923 CVE-2021-46924 CVE-2021-46932 CVE-2023-28746 CVE-2023-29383 CVE-2023-45918 CVE-2023-4641 CVE-2023-46838 CVE-2023-47233 CVE-2023-4921 CVE-2023-51042 CVE-2023-51043 CVE-2023-51780 CVE-2023-51782 CVE-2023-5197 CVE-2023-52160 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52452 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52475 CVE-2023-52478 CVE-2023-5388 CVE-2023-6040 CVE-2023-6356 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-6817 CVE-2023-6915 CVE-2023-7207 CVE-2024-0565 CVE-2024-0607 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-1151 CVE-2024-2004 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-2398 CVE-2024-25062 CVE-2024-25744 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26602 CVE-2024-26603 CVE-2024-26622 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:469-1 Released: Wed Feb 14 13:19:31 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1108281,1141539,1174649,1181674,1193285,1194869,1209834,1210443,1211515,1212091,1214377,1215275,1215885,1216441,1216559,1216702,1217895,1217987,1217988,1217989,1218005,1218447,1218527,1218659,1218713,1218723,1218730,1218738,1218752,1218757,1218768,1218778,1218779,1218804,1218832,1218836,1218916,1218948,1218958,1218968,1218997,1219006,1219012,1219013,1219014,1219053,1219067,1219120,1219128,1219136,1219285,1219349,1219412,1219429,1219434,1219490,1219512,1219568,1219582,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes). - ACPI: LPSS: Fix the fractional clock divider flags (git-fixes). - ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377) - ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes). - ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377) - ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes). - ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377) - ACPI: video: check for error while searching for backlight device parent (git-fixes). - ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes). - ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes). - ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes). - ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes). - ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes). - ALSA: hda: Refer to correct stream index at loops (git-fixes). - ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes). - ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes). - ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes). - ASoC: Intel: Skylake: mem leak in skl register function (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes). - ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes). - ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136). - ASoC: amd: Add check for acp config flags (bsc#1219136). - ASoC: amd: Add new dmi entries to config entry (bsc#1219136). - ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136). - ASoC: amd: Drop empty platform remove function (bsc#1219136). - ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136). - ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes). - ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136). - ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136). - ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136). - ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136). - ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136). - ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes). - ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136). - ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136). - ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136). - ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136). - ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136). - ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136). - ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136). - ASoC: amd: acp: Refactor bit width calculation (bsc#1219136). - ASoC: amd: acp: Refactor dai format implementation (bsc#1219136). - ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136). - ASoC: amd: acp: add a label to make error path more clean (bsc#1219136). - ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136). - ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136). - ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136). - ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136). - ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136). - ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136). - ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136). - ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136). - ASoC: amd: acp: move pdm macros to common header file (bsc#1219136). - ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136). - ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136). - ASoC: amd: acp: remove acp poweroff function (bsc#1219136). - ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136). - ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136). - ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136). - ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136). - ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136). - ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136). - ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136). - ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136). - ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136). - ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136). - ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136). - ASoC: amd: add acp6.2 irq handler (bsc#1219136). - ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136). - ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136). - ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136). - ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136). - ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136). - ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136). - ASoC: amd: fix ACP version typo mistake (bsc#1219136). - ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136). - ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136). - ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136). - ASoC: amd: ps: Update copyright notice (bsc#1219136). - ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136). - ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136). - ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136). - ASoC: amd: ps: move irq handler registration (bsc#1219136). - ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136). - ASoC: amd: ps: refactor platform device creation logic (bsc#1219136). - ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136). - ASoC: amd: ps: remove unused variable (bsc#1219136). - ASoC: amd: ps: update dev index value in irq handler (bsc#1219136). - ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136). - ASoC: amd: ps: update the acp clock source (bsc#1219136). - ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136). - ASoC: amd: ps: use static function (bsc#1219136). - ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: update pm_runtime enable sequence (bsc#1219136). - ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136). - ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136). - ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136). - ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136). - ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136). - ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136). - ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136). - ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136). - ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136). - ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136). - ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136). - ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136). - ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136). - ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136). - ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136). - ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136). - ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136). - ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136). - ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136). - ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes). - ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes). - ASoC: codecs: wcd938x: handle deferred probe (git-fixes). - ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes). - ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes). - ASoC: cs43130: Fix the position of const qualifier (git-fixes). - ASoC: da7219: Support low DC impedance headset (git-fixes). - ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes). - ASoC: ops: add correct range check for limiting volume (git-fixes). - ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes). - ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes). - ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes). - ASoC: wm8974: Correct boost mixer inputs (git-fixes). - Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136). - Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes). - Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes). - Documentation: Begin a RAS section (jsc#PED-7622). - EDAC/amd64: Add context struct (jsc#PED-7615). - EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615). - EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616). - EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615). - EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622). - EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615). - EDAC/amd64: Cache and use GPU node map (jsc#PED-7616). - EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615). - EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616). - EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615). - EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615). - EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615). - EDAC/amd64: Remove early_channel_count() (jsc#PED-7615). - EDAC/amd64: Remove module version string (jsc#PED-7615). - EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615). - EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615). - EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615). - EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615). - EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615). - EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615). - EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615). - EDAC/mc: Add new HBM2 memory type (jsc#PED-7616). - EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622). - EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622). - EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes). - Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738) - HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes). - HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes). - IB/iser: Prevent invalidating wrong MR (git-fixes) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes). - Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes). - Input: atkbd - use ab83 as id when skipping the getid command (git-fixes). - Input: bcm5974 - check endpoint type before starting traffic (git-fixes). - Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes). - Input: xpad - add Razer Wolverine V2 support (git-fixes). - KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes). - KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - PCI/AER: Configure ECRC only if AER is native (bsc#1218778) - PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes). - PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes). - PCI: keystone: Fix race condition when initializing PHYs (git-fixes). - PM: hibernate: Enforce ordering during image compression/decompression (git-fixes). - RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes) - RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes) - RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes) - RDMA/irdma: Add wait for suspend on SQD (git-fixes) - RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes) - RDMA/irdma: Do not modify to SQD on error (git-fixes) - RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes) - RDMA/irdma: Refactor error handling in create CQP (git-fixes) - RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes) - RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes) - RDMA/rtrs-clt: Start hb after path_up (git-fixes) - RDMA/rtrs-srv: Check return values while processing info request (git-fixes) - RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes) - RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes) - RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes) - RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes) - USB: xhci: workaround for grace period (git-fixes). - Update config files: enable ASoC AMD PS drivers (bsc#1219136) - Update patch reference for ax88179 fix (bsc#1218948) - acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes). - aio: fix mremap after fork null-deref (git-fixes). - apparmor: avoid crash when parsed profile name is empty (git-fixes). - arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729) - arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV. - arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729) - arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes) - arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes) - arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes) - arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes) - arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes) - arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes) - arm64: module: move find_section to header (jsc#PED-4729) - arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729) - arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729) - arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729) - asix: Add check for usbnet_get_endpoints (git-fixes). - attr: block mode changes of symlinks (git-fixes). - badblocks: add helper routines for badblock ranges handling (bsc#1174649). - badblocks: add more helper structure and routines in badblocks.h (bsc#1174649). - badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649). - badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649). - badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649). - badblocks: switch to the improved badblock handling code (bsc#1174649). - bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes). - bus: mhi: host: Add alignment check for event ring read pointer (git-fixes). - bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes). - bus: mhi: host: Drop chan lock before queuing buffers (git-fixes). - ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568). - clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes). - clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes). - clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes). - clk: samsung: Fix kernel-doc comments (git-fixes). - clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes). - clk: zynqmp: Add a check for NULL pointer (git-fixes). - clk: zynqmp: make bestdiv unsigned (git-fixes). - clocksource: Skip watchdog check for large watchdog intervals (git-fixes). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - coresight: etm4x: Add ACPI support in platform driver (bsc#1218779) - coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779) - coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779) - coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779) - coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779) - coresight: platform: acpi: Ignore the absence of graph (bsc#1218779) - crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes). - crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes). - crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes). - crypto: sahara - do not resize req->src when doing hash operations (git-fixes). - crypto: sahara - fix ahash reqsize (git-fixes). - crypto: sahara - fix ahash selftest failure (git-fixes). - crypto: sahara - fix cbc selftest failure (git-fixes). - crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes). - crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes). - crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes). - crypto: sahara - handle zero-length aes requests (git-fixes). - crypto: sahara - improve error handling in sahara_sha_process() (git-fixes). - crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes). - crypto: scomp - fix req->dst buffer overflow (git-fixes). - dma-debug: fix kernel-doc warnings (git-fixes). - dmaengine: fix NULL pointer in channel unregistration function (git-fixes). - dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes). - dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes). - dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes). - dmaengine: ti: k3-udma: Report short packet errors (git-fixes). - doc/README.KSYMS: Add to repo. - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes). - drivers: clk: zynqmp: calculate closest mux rate (git-fixes). - drivers: clk: zynqmp: update divider round rate logic (git-fixes). - drm/amd/display: Fix tiled display misalignment (git-fixes). - drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes). - drm/amd/display: add nv12 bounding box (git-fixes). - drm/amd/display: get dprefclk ss info from integration info table (git-fixes). - drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes). - drm/amd/display: pbn_div need be updated for hotplug event (git-fixes). - drm/amd/display: update dcn315 lpddr pstate latency (git-fixes). - drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes). - drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes). - drm/amd/pm: fix a double-free in si_dpm_init (git-fixes). - drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes). - drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes). - drm/amdgpu/pm: Fix the power source flag error (git-fixes). - drm/amdgpu: Add NULL checks for function pointers (git-fixes). - drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes). - drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes). - drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes). - drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes). - drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes). - drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes). - drm/amdgpu: Let KFD sync with VM fences (git-fixes). - drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes). - drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes). - drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes). - drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes). - drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes). - drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes). - drm/amdkfd: Fix lock dependency warning (git-fixes). - drm/amdkfd: Fix lock dependency warning with srcu (git-fixes). - drm/amdkfd: Use resource_size() helper function (git-fixes). - drm/amdkfd: fixes for HMM mem allocation (git-fixes). - drm/bridge: Fix typo in post_disable() description (git-fixes). - drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes). - drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes). - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes). - drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes). - drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes). - drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes). - drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes). - drm/bridge: tc358767: Fix return value on error case (git-fixes). - drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes). - drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes). - drm/crtc: fix uninitialized variable use (git-fixes). - drm/drv: propagate errors from drm_modeset_register_all() (git-fixes). - drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes). - drm/exynos: fix a potential error pointer dereference (git-fixes). - drm/exynos: fix a wrong error checking (git-fixes). - drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes). - drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes). - drm/framebuffer: Fix use of uninitialized variable (git-fixes). - drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes). - drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes). - drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes). - drm/msm/dpu: Set input_sel bit for INTF (git-fixes). - drm/msm/dpu: fix writeback programming for YUV cases (git-fixes). - drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes). - drm/msm/dsi: Enable runtime PM (git-fixes). - drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes). - drm/msm/mdp4: flush vblank event on disable (git-fixes). - drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes). - drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes). - drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes). - drm/panel: nt35510: fix typo (git-fixes). - drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes). - drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes). - drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes). - drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes). - drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes). - drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes). - drm/radeon: check return value of radeon_ring_lock() (git-fixes). - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes). - drm/tidss: Check for K2G in in dispc_softreset() (git-fixes). - drm/tidss: Fix atomic_flush check (git-fixes). - drm/tidss: Fix dss reset (git-fixes). - drm/tidss: Move reset to the end of dispc_init() (git-fixes). - drm/tidss: Return error value from from softreset (git-fixes). - drm/tilcdc: Fix irq free on unload (git-fixes). - drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes). - drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes). - drm: using mul_u32_u32() requires linux/math64.h (git-fixes). - dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694) - efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes). - eventfd: prevent underflow for eventfd semaphores (git-fixes). - exfat: fix reporting fs error when reading dir beyond EOF (git-fixes). - exfat: support handle zero-size directory (git-fixes). - exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes). - fbdev: Only disable sysfb on the primary device (bsc#1216441) - fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441. - fbdev: flush deferred IO before closing (git-fixes). - fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes). - fbdev: imxfb: fix left margin setting (git-fixes). - fbdev: mmp: Fix typo and wording in code comment (git-fixes). - firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes). - firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes). - firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes). - fjes: fix memleaks in fjes_hw_setup (git-fixes). - fs/mount_setattr: always cleanup mount_kattr (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes). - fs: Move notify_change permission checks into may_setattr (git-fixes). - fs: do not audit the capability check in simple_xattr_list() (git-fixes). - fs: drop peer group ids under namespace lock (git-fixes). - fs: indicate request originates from old mount API (git-fixes). - fs: sendfile handles O_NONBLOCK of out_fd (git-fixes). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - gfs2: Always check inode size of inline inodes (git-fixes). - gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes). - gfs2: Disable page faults during lockless buffered reads (git-fixes). - gfs2: Eliminate ip->i_gh (git-fixes). - gfs2: Eliminate vestigial HIF_FIRST (git-fixes). - gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes). - gfs2: Introduce flag for glock holder auto-demotion (git-fixes). - gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes). - gfs2: Remove redundant check from gfs2_glock_dq (git-fixes). - gfs2: Switch to wait_event in gfs2_logd (git-fixes). - gfs2: assign rgrp glock before compute_bitstructs (git-fixes). - gfs2: low-memory forced flush fixes (git-fixes). - gfs2: release iopen glock early in evict (git-fixes). - gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes). - gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes). - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - hwmon: (corsair-psu) Fix probe when built-in (git-fixes). - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes). - i2c: rk3x: fix potential spinlock recursion on poll (git-fixes). - i2c: s3c24xx: fix read transfers in polling mode (git-fixes). - i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes). - iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes). - iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes). - iio: adc: ad9467: do not ignore error codes (git-fixes). - iio: adc: ad9467: fix reset gpio handling (git-fixes). - ipmi: Use regspacings passed as a module parameter (git-fixes). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136) - kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported - kdb: Fix a potential buffer overflow in kdb_local() (git-fixes). - kernel-doc: handle a void function without producing a warning (git-fixes). - kernel-source: Fix description typo - kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes). - leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes). - leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes). - libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes). - md: fix bi_status reporting in md_end_clone_io (bsc#1210443). - media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes). - media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes). - media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes). - media: imx355: Enable runtime PM before registering async sub-device (git-fixes). - media: ov9734: Enable runtime PM before registering async sub-device (git-fixes). - media: pvrusb2: fix use after free on context disconnection (git-fixes). - media: rkisp1: Disable runtime PM in probe error path (git-fixes). - media: rkisp1: Fix media device memory leak (git-fixes). - media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes). - media: videobuf2-dma-sg: fix vmap callback (git-fixes). - mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes). - misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes). - mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases. - mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec. - mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes). - mmc: core: Cancel delayed work before releasing host (git-fixes). - modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes). - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes). - mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes). - mtd: rawnand: pl353: Fix kernel doc (git-fixes). - mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes). - mtd: rawnand: rockchip: Rename a structure (git-fixes). - net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes). - net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948). - net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948). - net: usb: ax88179_178a: move priv to driver_priv (git-fixes). - net: usb: ax88179_178a: remove redundant init code (git-fixes). - net: usb: ax88179_178a: restore state on resume (bsc#1218948). - nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nouveau/tu102: flush all pdbs on vmm flush (git-fixes). - nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes). - nsfs: add compat ioctl handler (git-fixes). - nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515). - nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes). - nvme-pci: fix sleeping function called from interrupt context (git-fixes). - nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes). - nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515). - nvme: fix max_discard_sectors calculation (git-fixes). - nvme: introduce helper function to get ctrl state (git-fixes). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: start keep-alive after admin queue setup (bsc#1211515). - nvme: trace: avoid memcpy overflow warning (git-fixes). - nvmet: re-fix tracing strncpy() warning (git-fixes). - of: Fix double free in of_parse_phandle_with_args_map (git-fixes). - of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes). - parport: parport_serial: Add Brainboxes BAR details (git-fixes). - parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes). - perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958). - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958). - perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512). - phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes). - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes). - pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes). - platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620). - platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620). - platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620). - platform/x86/amd/hsmp: improve the error log (jsc#PED-7620). - platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285). - platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620). - power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes). - power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes). - powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729). - powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869). - powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869). - powerpc/xive: Fix endian conversion size (bsc#1194869). - pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes). - pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes). - pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes). - pwm: stm32: Fix enable count for clk in .probe() (git-fixes). - pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes). - pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes). - r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes). - ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes). - ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes). - s390/dasd: fix double module refcount decrement (bsc#1141539). - s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006). - s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012). - s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014). - s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013). - s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723). - s390: vfio-ap: tighten the NIB validity check (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes). - scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes). - scsi: core: Always send batch on reset or error handling command (git-fixes). - scsi: fnic: Return error if vmalloc() failed (git-fixes). - scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes). - scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes). - scsi: hisi_sas: Fix warnings detected by sparse (git-fixes). - scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes). - scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes). - scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes). - scsi: hisi_sas: Replace with standard error code return value (git-fixes). - scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes). - scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes). - scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes). - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes). - scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582). - scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582). - scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582). - scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582). - scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes). - scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes). - scsi: mpt3sas: Fix an outdated comment (git-fixes). - scsi: mpt3sas: Fix in error path (git-fixes). - scsi: mpt3sas: Fix loop logic (bsc#1219067). - scsi: mpt3sas: Fix loop logic (git-fixes). - scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes). - scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes). - scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes). - selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes). - serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: imx: Correct clock error message in function probe() (git-fixes). - serial: imx: fix tx statemachine deadlock (git-fixes). - serial: max310x: fail probe if clock crystal is unstable (git-fixes). - serial: max310x: improve crystal stable clock detection (git-fixes). - serial: max310x: set default value when reading clock ready bit (git-fixes). - serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes). - serial: sc16is7xx: set safe default SPI clock frequency (git-fixes). - serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes). - shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes). - software node: Let args be NULL in software_node_get_reference_args (git-fixes). - spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes). - swiotlb-xen: provide the 'max_mapping_size' method (git-fixes). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes). - tracing: Add size check when printing trace_marker output (git-fixes). - tracing: Ensure visibility when inserting an element into tracing_map (git-fixes). - tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes). - tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes). - ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes). - ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes). - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes). - uio: Fix use-after-free in uio_open (git-fixes). - usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes). - usb: cdns3: fix uvc failure work since sg support enabled (git-fixes). - usb: chipidea: wait controller resume finished for wakeup irq (git-fixes). - usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes). - usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes). - usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes). - usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes). - usb: otg numberpad exception (bsc#1218527). - usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes). - usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes). - usb: ucsi: Add missing ppm_lock (git-fixes). - usb: ucsi_acpi: Fix command completion handling (git-fixes). - usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes). - usr/Kconfig: fix typos of 'its' (git-fixes). - vfs: make freeze_super abort when sync_filesystem returns error (git-fixes). - vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes). - virtio-mmio: fix memory leak of vm_dev (git-fixes). - virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes). - watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes). - watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes). - watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes). - watchdog: set cdev owner before adding (git-fixes). - wifi: ath11k: Defer on rproc_get failure (git-fixes). - wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes). - wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes). - wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes). - wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes). - wifi: libertas: stop selecting wext (git-fixes). - wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes). - wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes). - wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes). - wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes). - wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes). - wifi: rtlwifi: add calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes). - wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes). - x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616). - x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622). - x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623). - x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622). - x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616). - x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615). - x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes). - x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes). - x86/mce: Cleanup mce_usable_address() (jsc#PED-7623). - x86/mce: Define amd_mce_usable_address() (jsc#PED-7623). - xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes). - xen/events: fix delayed eoi list handling (git-fixes). - xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes). - xhci: cleanup xhci_hub_control port references (git-fixes). - xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes). - xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:597-1 Released: Thu Feb 22 20:07:11 2024 Summary: Security update for mozilla-nss Type: security Severity: important References: 1216198,CVE-2023-5388 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:764-1 Released: Tue Mar 5 13:46:25 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:910-1 Released: Fri Mar 15 13:42:59 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1206453,1209412,1213456,1216776,1217927,1218195,1218216,1218450,1218527,1218663,1218915,1219126,1219127,1219141,1219146,1219295,1219443,1219653,1219827,1219835,1219839,1219840,1219934,1220003,1220009,1220021,1220030,1220106,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220267,1220277,1220317,1220326,1220328,1220330,1220335,1220344,1220348,1220350,1220364,1220392,1220393,1220398,1220409,1220444,1220457,1220459,1220649,1220796,1220825,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52475,CVE-2023-52478,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE-2024-23851,CVE-2024-25744,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-2659 1,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26622 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes). - acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes). - acpi: extlog: fix null pointer dereference check (git-fixes). - acpi: resource: add asus model s5402za to quirks (git-fixes). - acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes). - acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes). - acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes). - acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes). - acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes). - add reference to recently released cve - afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes). - afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes). - afs: hide silly-rename files from userspace (git-fixes). - afs: increase buffer size in afs_update_volume_status() (git-fixes). - ahci: asm1166: correct count of reported ports (git-fixes). - alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes). - alsa: firewire-lib: fix to check cycle continuity (git-fixes). - alsa: hda/conexant: add quirk for sws js201d (git-fixes). - alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes). - alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes). - alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes). - alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes). - alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes). - alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes). - alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes). - alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes). - alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes). - alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes). - alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes). - alsa: usb-audio: check presence of valid altsetting control (git-fixes). - alsa: usb-audio: ignore clock selector errors for single connection (git-fixes). - alsa: usb-audio: more relaxed check of midi jack names (git-fixes). - alsa: usb-audio: sort quirk table entries (git-fixes). - arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443) - arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443) - arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443) - arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround. - arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break. - arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break - arm64: irq: set the correct node for shadow call stack (git-fixes) - arm64: irq: set the correct node for vmap stack (git-fixes) - arm64: rename arm64_workaround_2966298 (bsc#1219443) - arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes) - asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes). - asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes). - asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes). - asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes). - atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes). - bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes). - bluetooth: enforce validation on max value of connection interval (git-fixes). - bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes). - bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes). - bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes). - bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes). - bluetooth: l2cap: fix possible multiple reject send (git-fixes). - bluetooth: qca: fix wrong event type for patch config command (git-fixes). - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - bpf: minor logging improvement (bsc#1220257). - bus: moxtet: add spi device table (git-fixes). - cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267). - can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes). - crypto: api - disallow identical driver names (git-fixes). - crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes). - crypto: octeontx2 - fix cptvf driver cleanup (git-fixes). - crypto: stm32/crc32 - fix parsing list of devices (git-fixes). - dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes). - dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes). - dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes). - dmaengine: fsl-qdma: init irq after reg initialization (git-fixes). - dmaengine: ptdma: use consistent dma masks (git-fixes). - dmaengine: shdma: increase size of 'dev_id' (git-fixes). - dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes). - driver core: fix device_link_flag_is_sync_state_only() (git-fixes). - drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes). - drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes). - drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes). - drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes). - drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes). - drm/amd/display: preserve original aspect ratio in create stream (git-fixes). - drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes). - drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes). - drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes). - drm/buddy: fix range bias (git-fixes). - drm/crtc: fix uninitialized variable use even harder (git-fixes). - drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes). - drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes). - drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes). - drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes). - drm/prime: support page array >= 4gb (git-fixes). - drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes). - drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes). - drop bcm5974 input patch causing a regression (bsc#1220030) - efi/capsule-loader: fix incorrect allocation size (git-fixes). - efi: do not add memblocks for soft-reserved memory (git-fixes). - efi: runtime: fix potential overflow of soft-reserved region size (git-fixes). - fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes). - fbdev: savage: error out if pixclock equals zero (git-fixes). - fbdev: sis: error out if pixclock equals zero (git-fixes). - firewire: core: send bus reset promptly on gap count error (git-fixes). - fs: dlm: fix build with config_ipv6 disabled (git-fixes). - fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes). - gpio: 74x164: enable output pins after registers are reset (git-fixes). - gpio: fix resource unwinding order in error path (git-fixes). - gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes). - gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes). - hid: apple: add 2021 magic keyboard fn key mapping (git-fixes). - hid: apple: add support for the 2021 magic keyboard (git-fixes). - hid: wacom: do not register input devices until after hid_hw_start (git-fixes). - hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes). - hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes). - hwmon: (coretemp) enlarge per package core count limit (git-fixes). - hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes). - hwmon: (coretemp) fix out-of-bounds memory access (git-fixes). - i2c: i801: fix block process call transactions (git-fixes). - i2c: i801: remove i801_set_block_buffer_mode (git-fixes). - i2c: imx: add timer for handling the stop condition (git-fixes). - i2c: imx: when being a target, mark the last read as processed (git-fixes). - i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes). - ib/hfi1: fix a memleak in init_credit_return (git-fixes) - ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes) - iio: accel: bma400: fix a compilation problem (git-fixes). - iio: adc: ad7091r: set alert bit in config register (git-fixes). - iio: core: fix memleak in iio_device_register_sysfs (git-fixes). - iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes). - iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes). - input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes). - input: xpad - add lenovo legion go controllers (git-fixes). - irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes). - jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes). - jfs: fix array-index-out-of-bounds in dinewext (git-fixes). - jfs: fix slab-out-of-bounds read in dtsearch (git-fixes). - jfs: fix uaf in jfs_evict_inode (git-fixes). - kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes). - kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839). - kvm: s390: fix setting of fpc register (git-fixes bsc#1220392). - kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393). - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes). - leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes). - lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423). - lib/stackdepot: add refcount for records (jsc-ped#7423). - lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423). - lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423). - libsubcmd: fix memory leak in uniq() (git-fixes). - media: ddbridge: fix an error code problem in ddb_probe (git-fixes). - media: ir_toy: fix a memleak in irtoy_tx (git-fixes). - media: rc: bpf attach/detach requires write permission (git-fixes). - media: rockchip: rga: fix swizzling for rgb formats (git-fixes). - media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes). - mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes). - mm,page_owner: display all stacks and their count (jsc-ped#7423). - mm,page_owner: filter out stacks by a threshold (jsc-ped#7423). - mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423). - mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423). - mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423). - mm/hwpoison: fix unpoison_memory() (bsc#1218663). - mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663). - mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663). - mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes). - mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes). - mmc: core: use mrq.sbc in close-ended ffu (git-fixes). - mmc: mmc_spi: remove custom dma mapped buffers (git-fixes). - mmc: sdhci-xenon: add timeout for phy init complete (git-fixes). - mmc: sdhci-xenon: fix phy init clock stability (git-fixes). - mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes). - modpost: trim leading spaces when processing source files list (git-fixes). - mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes). - net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes). - netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003). - nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes). - nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes). - nouveau/svm: fix kvcalloc() argument order (git-fixes). - nouveau: fix function cast warnings (git-fixes). - ntfs: check overflow when iterating attr_records (git-fixes). - ntfs: fix use-after-free in ntfs_attr_find() (git-fixes). - nvme-fabrics: fix i/o connect error handling (git-fixes). - nvme-host: fix the updating of the firmware version (git-fixes). - pci/aer: decode requester id when no error info found (git-fixes). - pci: add no pm reset quirk for nvidia spectrum devices (git-fixes). - pci: add pci_header_type_mfd definition (bsc#1220021). - pci: fix 64gt/s effective data rate calculation (git-fixes). - pci: only override amd usb controller if required (git-fixes). - pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes). - platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes). - platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes). - platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes). - pm: core: remove unnecessary (void *) conversions (git-fixes). - pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes). - pnp: acpi: fix fortify warning (git-fixes). - power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes). - powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869). - powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869). - powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348). - powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869). - powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348). - powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869). - powerpc/watchpoints: annotate atomic context in more places (bsc#1194869). - powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869). - powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869). - powerpc: do not include lppaca.h in paca.h (bsc#1194869). - pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes). - ras/amd/atl: add mi300 row retirement support (jsc#ped-7618). - ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes). - ras: introduce a fru memory poison manager (jsc#ped-7618). - rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes) - rdma/bnxt_re: return error for srq resize (git-fixes) - rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934). - rdma/core: get ib width and speed from netdev (bsc#1219934). - rdma/irdma: add ae for too many rnrs (git-fixes) - rdma/irdma: fix kasan issue with tasklet (git-fixes) - rdma/irdma: set the cq read threshold for gen 1 (git-fixes) - rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes) - rdma/qedr: fix qedr_create_user_qp error flow (git-fixes) - rdma/srpt: fix function pointer cast warnings (git-fixes) - rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes) - refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277) - regulator: core: only increment use_count when enable_count changes (git-fixes). - regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes). - revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes). - revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes). - revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes). - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840). - s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317). - sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes). - scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes). - scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes). - scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141). - scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes). - scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106). - scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106). - scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes). - scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021). - scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021). - scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021). - scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021). - scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021). - scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021). - scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021). - scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021). - scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021). - scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021). - scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021). - scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021). - scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021). - scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021). - scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021). - scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021). - scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021). - scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021). - scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes). - scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141). - serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes). - spi-mxs: fix chipselect glitch (git-fixes). - spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes). - spi: ppc4xx: drop write-only variable (git-fixes). - spi: sh-msiof: avoid integer overflow in constants (git-fixes). - staging: iio: ad5933: fix type mismatch regression (git-fixes). - supported.conf: remove external flag from ibm supported modules. (bsc#1209412) - tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450). - tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes). - topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618). - topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618). - tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes). - ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes). - usb: cdns3: fix memory double free when handle zero packet (git-fixes). - usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes). - usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes). - usb: cdns3: put the cdns set active part outside the spin lock (git-fixes). - usb: cdns: readd old api (git-fixes). - usb: cdnsp: blocked some cdns3 specific code (git-fixes). - usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes). - usb: dwc3: gadget: do not disconnect if not started (git-fixes). - usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes). - usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes). - usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes). - usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes). - usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes). - usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes). - usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes). - usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes). - usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes). - usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes). - usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes). - usb: gadget: f_hid: fix report descriptor allocation (git-fixes). - usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes). - usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes). - usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes). - usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes). - usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes). - usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes). - usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes). - usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527). - usb: hub: replace hardcoded quirk value with bit() macro (git-fixes). - usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes). - usb: roles: fix null pointer issue when put module's reference (git-fixes). - usb: serial: cp210x: add id for imst im871a-usb (git-fixes). - usb: serial: option: add fibocom fm101-gl variant (git-fixes). - usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes). - watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes). - wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes). - wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes). - wifi: cfg80211: fix missing interfaces when dumping (git-fixes). - wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes). - wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes). - wifi: iwlwifi: fix some error codes (git-fixes). - wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes). - wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes). - wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes). - wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes). - wifi: nl80211: reject iftype change with mesh id change (git-fixes). - wifi: rt2x00: restart beacon queue when hardware reset (git-fixes). - wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes). - wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes). - wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes). - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk. - x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618). - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: add verw just before userspace transition (git-fixes). - x86/mm: fix memory encryption features advertisement (bsc#1206453). - xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes). - xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1007-1 Released: Wed Mar 27 10:51:42 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,1214806,CVE-2023-29383,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). - CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1272-1 Released: Fri Apr 12 16:24:28 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image contains the following fixes: - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy The following package changes have been done: - glibc-2.31-150300.71.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - krb5-1.20.1-150500.3.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - login_defs-4.8.1-150500.3.3.1 updated - cpio-2.13-150400.3.6.1 updated - coreutils-8.32-150400.9.3.1 updated - sed-4.4-150300.13.3.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - netcfg-11.6-150000.3.6.1 updated - rpm-4.14.3-150400.59.13.1 updated - shadow-4.8.1-150500.3.3.1 updated - pam-config-1.1-150200.3.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - libfreebl3-3.90.2-150400.3.39.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - mozilla-nss-certs-3.90.2-150400.3.39.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - mozilla-nss-3.90.2-150400.3.39.1 updated - libsoftokn3-3.90.2-150400.3.39.1 updated - wpa_supplicant-2.10-150500.3.3.1 updated - elemental-register-1.4.3-150500.3.3.3 updated - elemental-support-1.4.3-150500.3.3.3 updated - glibc-locale-base-2.31-150300.71.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - kernel-rt-5.14.21-150500.13.38.1 updated - container:suse-sle-micro-5.5-latest-2.0.2-4.2.70 updated - cni-1.1.2-150500.3.2.1 removed - gettext-runtime-0.20.2-1.43 removed - gpg2-2.2.27-150300.3.8.1 removed - hostname-3.16-2.22 removed - iproute2-5.14-150400.1.8 removed - libassuan0-2.5.5-150000.4.5.2 removed - libcontainers-common-20230214-150500.4.6.1 removed - libcontainers-sles-mounts-20230214-150500.4.6.1 removed - libgpgme11-1.16.0-150400.1.80 removed - libksba8-1.3.5-150000.4.6.1 removed - libltdl7-2.4.6-3.4.1 removed - libmnl0-1.0.4-1.25 removed - libmspack0-0.6-3.14.1 removed - libnpth0-1.5-2.11 removed - libslirp0-4.7.0+44-150500.2.1 removed - libtextstyle0-0.20.2-1.43 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - libxtables12-1.8.7-1.1 removed - pinentry-1.1.0-4.3.1 removed - runc-1.1.10-150000.55.1 removed - slirp4netns-1.2.0-150500.1.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - which-2.21-2.20 removed From sle-container-updates at lists.suse.com Wed Apr 17 12:38:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Apr 2024 14:38:31 +0200 (CEST) Subject: SUSE-IU-2024:325-1: Security update of suse/sle-micro/5.5 Message-ID: <20240417123831.BE1C0FCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:325-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.70 , suse/sle-micro/5.5:latest Image Release : 4.2.70 Severity : important Type : security References : 1107342 1144060 1176006 1188307 1190495 1190495 1192051 1200731 1203823 1205502 1206627 1207987 1210507 1210959 1211886 1212440 1213189 1213418 1213809 1214806 1214934 1215005 1215377 1215434 1215806 1216198 1216594 1216598 1216752 1217083 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217445 1217450 1217589 1217667 1217773 1217828 1217964 1218215 1218232 1218492 1218571 1218866 1218894 1218894 1219026 1219031 1219142 1219238 1219243 1219321 1219520 1219559 1219576 1219581 1219767 1219841 1219901 1219975 1220061 1220361 1220374 1220385 1220389 1220441 1220485 1220724 1220770 1220771 1220772 1221050 1221134 1221151 1221218 1221239 1221289 1221399 1221665 1221667 1221675 1221677 1221831 1222259 CVE-2022-48624 CVE-2023-29383 CVE-2023-38469 CVE-2023-38471 CVE-2023-42465 CVE-2023-42465 CVE-2023-45918 CVE-2023-4641 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-51385 CVE-2023-52160 CVE-2023-52425 CVE-2023-5388 CVE-2023-7207 CVE-2024-0727 CVE-2024-1753 CVE-2024-2004 CVE-2024-21626 CVE-2024-21626 CVE-2024-22667 CVE-2024-2398 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:408-1 Released: Wed Feb 7 11:06:37 2024 Summary: Recommended update for podman Type: recommended Severity: moderate References: 1217828 This update for podman fixes the following issues: - Update to version 4.8.3: * Update RELEASE_NOTES.md * update module golang.org/x/crypto [security] * Error on HyperV VM start when gvproxy has failed to start - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available - Update to version 4.8.2: * Update RELEASE_NOTES.md * Kube Play - set ReportWriter when building an image * Fix user-mode net init flag on first time install - Default to the new networking backend, netavark, on openSUSE (bsc#1217828) - Update to version 4.8.1: * Handle symlinks when checking DB vs runtime configs * libpod: Detect whether we have a private UTS namespace on FreeBSD * pkg/bindings: add new APIVersionError error type * fix podman-remote exec regression with v4.8 * sqlite: fix issue in ValidateDBConfig() * sqlite: fix missing Commit() in RemovePodContainers() * sqlite: set busy timeout to 100s * Fix locking error in WSL machine rm -f * Gating test fixes * If API calls for kube play --replace, then replace pod * Fix wsl.conf generation when user-mode-networking is disabled - Update to version 4.8.0: * Bump to Buildah v1.33.2 * [CI:DOCS] Update release notes * machine applehv: create better error on start failure * Cirrus: Update operating branch * rootless_tutorial: modernize * Update to libhvee 0.5.0 * vmtypes names cannot be used as machine names * Add support for --compat-auth-file in login/logout * Update tests for a c/common error message change * Update c/image and c/common to latest, c/buildah to main * CI: test overlay and vfs * [CI:DOCS] Add link to podman py docs * Test fixes for debian * pasta tests: remove some skips * VM images: bump to 2023-11-16 * fix(deps): update module k8s.io/kubernetes to v1.28.4 [security] * [CI:DOCS] Machine test timeout env var * Quadlet - add support for UID and GID Mapping * Quadlet - Allow using symlink on the base search paths * [skip-ci] Update dessant/lock-threads action to v5 * Avoid empty SSH keys on applehv * qemu,parseUSB: minor refactor * fix(deps): update module github.com/gorilla/handlers to v1.5.2 * docs: fix relabeling command * Pass secrets from the host down to internal podman containers * (Temporary) Emergency CI fix: quay search is broken * Update podman-stats.1.md.in * [CI:BUILD] packit: handle builds for RC releases * Quadlet test - add case for multi = sign in mount * set RLIMIT_NOFILE soft limit to match the hard limit on mac * rootless: use functionalities from c/storage * CI: e2e: fix a smattering of test bugs that slipped in * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1 * vendor: update c/storage * Improve the documentation of quadlet * Fix socket mapping socket mapping nits * fix(deps): update module golang.org/x/tools to v0.15.0 * fix(deps): update github.com/containers/libhvee digest to 9651e31 * [skip-ci] Update github/issue-labeler action to v3.3 * Document --userns=auto behaviour for rootless users * machine: qemu: add usb host passthrough * fix(deps): update module golang.org/x/net to v0.18.0 * fix(deps): update module github.com/onsi/gomega to v1.30.0 * Refactor Ignition configuration for virt providers * [CI:BUILD] rpm: disable GOPROXY * Automatic code cleanups [JetBrains] * Refactor key machine objects * systests: add [NNN] prefix in logs, NNN = filename * systests: add a last-minute check for db backend * applehv: allow virtiofs to mount to root * Run codespell on podman * update completion scripts for cobra v1.8.0 * Fix man page display of podman-kube-generate * Try to fix the broken formatting of man podman-kube-apply(1). * fix(deps): update module golang.org/x/text to v0.14.0 * docs: make CNI removal explicit * fix(deps): update module github.com/gorilla/mux to v1.8.1 * fix(deps): update module github.com/spf13/cobra to v1.8.0 * fix(deps): update module golang.org/x/sync to v0.5.0 * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18 * Podman push --help should reveal default compression * Update container-device-interface (CDI) to v0.6.2 * fix: adjust helper string in machine_common * fix: adjust helper string in machine_common * remote,test: remove .dockerignore which is a symlink * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 * fix: adjust helper string in machine_common * vendor: update github.com/coreos/go-systemd/v22 to latest main * CI: default to sqlite * vendor: update c/common * check system connections before machine init * Consume OCI images for machine image * freebsd: drop dead code * libpod: make removePodCgroup linux specific * containers: drop special handling for ErrCgroupV1Rootless * compose: fix compose provider debug message * image: replace GetStoreImage with ResolveReference * vendor: bump c/image to 373c52a9466f * Refactor machine socket mapping * AppleHV: Fix machine rm error message * Add status messages to podman --remote commit * End-of-Life policy for github issues * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10 * Support passing of Ulimits as -1 to mean max * fix(deps): update github.com/docker/go-connections digest to 0b8c1f4 * fix(deps): update github.com/crc-org/vfkit digest to f3c783d * Log gvproxy and server9 to file on log-level=debug * Change to using gopsutil for cross-OS process ops * Initial addition of 9p code to Podman * libpod: fix /etc/hostname with --uts=host * systests: stty test: retry once on flake * systests: pasta: avoid hangs * Fix secrets scanning GHA Workflow * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0 * docs: clarify systemd cgroup mount * podman build --remote URI Dockerfile shoud not be treated as file * Small fixes for wacko CI environments * Do not add powercap mask if no paths are masked * compose: try all possible providers before throwing an error * podman kube play --replace should force removal of pods and containers * Sort kube options alphabetically * container.conf: support attributed string slices * CI: podman farm tests cleanup * Mask /sys/devices/virtual/powercap * Update module github.com/google/uuid to v1.4.0 * fix(deps): update module github.com/docker/docker to v24.0.7+incompatible * fix(deps): update module go.etcd.io/bbolt to v1.3.8 * CI: systest: safer random_rfc1918_subnet * CI: e2e: safer GetPort() * Fix broken code block markup in Introduction.rst * chore(deps): update module google.golang.org/grpc to v1.57.1 [security] * chore: remove npipe const and use vmtype const for checking * Update module github.com/onsi/gomega to v1.29.0 * CI: try to fix more networking flakes * fix: check wsl npipe when executing podman compose * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1 * Quadlet - explicit support for read-only-tmpfs * compat API: fix image-prune --all * Makefile - allow more control over Ginkgo parameters * Add e2e tests for farm build * vendor c/{buildah,common}: appendable containers.conf strings, Part 1 * Add podman farm build command * Add emulation package * Use buildah default isolation when working with podman play kube * docs(API): Fix compat network (dis-)connect * test/e2e: do not import buildah * pkg/specgen: remove config_unsupported.go * pkg/parallel/ctr: add !remote tag * pkg/domain/filters: add !remote tag * pkg/ps: add !remote tag * pkg/systemd/generate: add !remote tag * libpod: add !remote tag * pkg/autoupdate: add !remote tag * vendor latest c/common * libpod: remove build support non linux/freebsd * Fix typo * test/apiv2: adapt apiv2 test on cgroups v1 environment * ginkgo setup: retry cache pulls * Support size option when creating tmpfs volumes * not mounted layers should be reported as info not error * CI: stop using registry.k8s.io * fix(deps): update module github.com/vbatts/git-validation to v1.2.1 * test fixes for c/common tag chnages * vendor latest c/common * hyperV: Update lastUp time * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0 * lint: disable testifylint * lint: fix warnings found by perfsprint * lint: fix warnings found by inamedparam * lint: fix warnings found by protogetter * libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon * Use node hostname in kube play when hostNetwork=true * cirrus setup: special-case perl unicode * network: document ports and macvlan interaction * quadlet: document cgroupv2 requirement * [skip-ci] Update actions/checkout digest to b4ffde6 * Revert 'Emergency workaround for CI breakage' * remote: exec: do not leak session IDs on errors * fix(deps): update github.com/containers/storage digest to 79aa304 * fix(deps): update module k8s.io/kubernetes to v1.28.3 * System tests: fix broken silence127 * Add TERM iff TERM not defined in container when podman exec -t * Emergency workaround for CI breakage * Kill gvproxy when machine rm -f * Fix path for omvf vars on Darwin/arm64 * Allow systemd specifiers in User and Group Quadlet keys * libpod: rename confusing import name * use FindInitBinary() for init binary * vendor latest c/common * exec: do not leak session IDs on errors * systests: cp test: lots of cleanup * Define better error message for container name conflicts with external storage. * Quadlet - support ImageName for .image files * test/system: ignore 127 if it is the expected rc * test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1 * image history: fix walking layers * fix(api): Ensure compatibality for network connect * [CI:DOCS] Add cross-build target info. * machine set: document --rootful better * libpod: restart+userns cleanup netns correctly * Minor log and doc fixes * Quadlet man page - discuss volume removal explicitly * Quadlet - add support for KubeDownForce * System Test - Quadlet kube oneshot * Fix output of podman --remote top * buildah-bud: test relative TMPDIR * Fix handling of --read-only-tmpfs flag * Vendor common and buildah main * remote,build: wire unsetlabels * test: build with TMPDIR as relative * docs: add unsetlabel * vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85 * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2 * fix: pull error response docker rest api compatibility * Show client info even if remote connection fails * fix(deps): update github.com/containers/libhvee digest to e51be96 * Run codespell * SetLock for all virt providers * Machine: Teardown on init failure * healthcheck: make sure to always show health_status events * Apply suggestions from code review * [CI:DOCS]rtd: implement v2 build file * Quadlet - support oneshot .kube files * libpod: fix deadlock while parallel container create * fix(deps): update module golang.org/x/net to v0.17.0 * api: add `compatMode` paramenter to libpod's pull endpoint * api: break out compat image pull * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3 * use sqlite as default database * vendor latest c/common * fix(deps): update module github.com/nxadm/tail to v1.4.11 * Check for image with /libpod/containers/create * container: always check if mountpoint is mounted * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0 * vendor: update c/storage * api: drop debug statement * Quadlet - add support for global arguments * Add system test * fix(deps): update module golang.org/x/tools to v0.14.0 * Don't ignore containerfiles outside of build context * fix(deps): update github.com/containers/libhvee digest to fcf1cc2 * fix(deps): update module golang.org/x/term to v0.13.0 * Update module golang.org/x/sys to v0.13.0 * [CI:DOCS] Add updating version on podman.io to release process * containers.conf: add `privileged` field to containers table * Implement secrets/credential scanning * Cirrus: Execute Windows podman-machine e2e tests * vendor: bump c/storage * Update module golang.org/x/sync to v0.4.0 * [CI:DOCS] update swagger version on docs.podman.io * Create Qemu command wrapper * Adjust to path name change for resolved unit * Revert 'Fix WSL systemd detection' * [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL * [CI:DOCS] update kube play delete endpoint docs * [CI:DOCS] Remove dead link from README * test/system: --env-file test fixes * Revert 'feat(env): support multiline in env-file' * Revert 'docs(env-file): improve document description' * Revert 'fix(env): parsing --env incorrect in cli' * Filter health_check and exec events for logging in console * inspect: ignore ENOENT during device lookup * test, manifest: test push retry * Fix locale issues with WSL version detection * vendor: update module github.com/docker/distribution to v2.8.3+incompatible * vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509 * Update github.com/containers/libhvee digest to e9b1811 * windows: Use prebuilt gvproxy/win-sshproxy binaries * Volume create - fast exit when ignore is set and volume exists * Update golang.org/x/exp digest to 9212866 * Update github.com/opencontainers/runtime-spec digest to c0e9043 * remove selinux tag as not needed anymore * [skip-ci] Improve podmansh(1) * Build applehv for Intel Macs * Revert 'GHA Workflow: Faster discussion-locking' * update vfkit vendored code * Add DefaultMode to kube play * Fix broken podman images filters * Remove `c.ExtraFiles` line in machine * podman: run --replace prints only the new container id * New machines should show Never as LastUp * podman machine: disable zincati update service * Revert 'cirrus setup: install en_US.UTF-8 locale' * Cirrus: CI VM images w/ newer automation-library * CI VMs: bump to f39 + f38 * [CI:DOCS] Update podman load doc * Update mac installer to latest gvproxy release * Fix WSL systemd detection * Add documentation for the vrf option on netavark * fix(deps): update github.com/containers/common digest to 9342cdd * fix: typos in links, path and code example * e2e: ExitCleanly(): manual special cases * e2e: ExitCleanly(): the final fron^Wcommit * [CI:DOCS] Add win-sshproxy target to winmake * wsl: enable machine init tests * Update docs/source/markdown/options/rdt-class.md * move IntelRdtClosID to HostConfig * use default when user does not provide rdt-class * Add documentation for Intel RDT support * Add test for Intel RDT support * Add Intel RDT support * [CI:DOCS] Fix podman form update --help examples * Quadlet container mount - support non key=val options * test/e2e: default to netavark * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0 * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1 * fix(deps): update github.com/containers/common digest to 4619314 * applehv: enable machine tests for start * applehv: machine tests for stop and rm * Update machine tests README * Add podman socket info to machine inspect * Fix podman machine info test for hyperV * libpod: pass entire environment to conmon * e2e: ExitCleanly(): manual fixes to get tests working * e2e: ExitCleanly(): a few more * FCOS+podman-next: correct GHA conditional syntax * pkg/machine/e2e: wsl stop * wsl: machine tests for inspect * wsl: machine tests for ssh * fix(deps): update github.com/containers/common digest to e18cda8 * wsl: machine start test * wsl machine tests: set * wsl: machine tests * Skip proxy test for hyperV * Enable machine e2e test for applehv * hyperV: Respect rootful option on machine init * [CI:BUILD] FCOS image: enable nightly build * e2e: use safe fedora-minimal image * hyperv: machine e2e tests for set command * podman build: correct default pull policy * fix handling of static/volume dir * unbreak CI: useradd not found * hyperv: set more realistic starting state * hyperv: use StopWithForce with remove * Fix all ports exposed by kube play * Fix setting timezone on HyperV * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6 * Fix farm update to check for connections * Adjust machine CPU tests * Bump version on main * [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds * Vendor c/common * pod rm: do not log error if anonymous volume is still used * e2e: ExitCleanly(): manual fixes to get tests passing * e2e: ExitCleanly(): a few more * fixes for pkg/machine/e2e on hyperv * test: fix rootless propagation test * [CI:BUILD] packit: tag @containers/packit-build team on copr build failures * Enable disk resizing for applehv * Various updates for hyperv and machine e2e tests * test: update fedoraMinimal version * specgen, rootless: fix mount of cgroup without a netns * Automatically remove anonymous volumes when removing a container * Use ActiveServiceDestination in ssh remoteConnectionUsername * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405 * e2e: ExitCleanly(): generate_kube_test.go * e2e: generate kube -> kube generate * e2e: ExitCleanly(): generate_kube_test.go * windows cannot 'do' extra files * e2e: ExitCleanly(): Fixes for breaking tests * play kube -> kube play * e2e: ExitCleanly(): play_kube_test.go * introduce pkg/strongunits * Makefile equiv Powershell script * pass --syslog to the cleanup process * vendor of containers/common * fix --authfile auto-update test * compat API: speed up network list * Change priority for cli-flags for remotely operating Podman * libpod: remove unused ContainerState() fucntion * [CI:BUILD] Packit: Enable failure notifications for cockpit tests * e2e: ExitCleanly(): more low-hanging fruit * e2e: ExitCleanly(): more low-hanging fruit * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1 * Enable machine e2e tests for WSL * systests: tighter checks for unwanted warnings * GHA Workflow: Faster discussion-locking * [CI:BUILD] FCOS + podman-next image: pull in wasm * [CI:BUILD] rpm: remove gvproxy subpackage * [CI:DOCS] Tweak podman to Podman in a few farm man pages * Docs on sig-proxy are wrong, we support TTY * e2e: ExitCleanly(): low-hanging fruit, part 2 * e2e: ExitCleanly(): low-hanging fruit, part 1 * Buildtag out unix commands for common OS files * systests: clean up after tests; fix missing path in logs * [CI:BUILD] followup PR for fcos with podman-next * Implement gvproxy networking using cmdline wrapper * fix, test: rmi should work with images w/o layers * vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282 * Quadlet Image test - rearrange test function * e2e: continuing ExitCleanly() work: manual tweaks * e2e: continuing ExitCleanly() work * [CI:DOCS] Improve podman-tag man page * [CI:DOCS] Improve podman-build man page * [CI:DOCS] Include precheck to release process * [CI:DOCS] consistentize filter options in man pages * Quadlet - add support for .image units * --env-host: use default from containers.conf * error when --module is specified on the command level * man page crossrefs: add --filter autocompletes * Fix specification of unix:///run * Add label! filter and tests to containers and pods * Add test for legacy address without two slashes * Use url with scheme and path for the unix address - Use crun only on selected archs ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:527-1 Released: Mon Feb 19 10:03:27 2024 Summary: Recommended update for conmon Type: recommended Severity: moderate References: 1215806,1217773 This update for conmon fixes the following issues: - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock * logging: Respect log-size-max immediately after open - New upstream release 2.1.9 Bug fixes: * fix some issues flagged by SAST scan * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command Features: * Forward more messages on the sd-notify socket * logging: -l passthrough accepts TTYs * [bsc#1215806] Update to version 2.1.8: * stdio: ignore EIO for terminals (bsc#1217773) * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:549-1 Released: Tue Feb 20 17:05:52 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:555-1 Released: Tue Feb 20 17:22:17 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:597-1 Released: Thu Feb 22 20:07:11 2024 Summary: Security update for mozilla-nss Type: security Severity: important References: 1216198,CVE-2023-5388 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:614-1 Released: Mon Feb 26 11:31:18 2024 Summary: Recommended update for rpm Type: recommended Severity: important References: 1216752 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:764-1 Released: Tue Mar 5 13:46:25 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:794-1 Released: Thu Mar 7 10:33:17 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:846-1 Released: Tue Mar 12 13:31:27 2024 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1220361 This update for selinux-policy fixes the following issues: * Don't audit getty and plymouth the checkpoint_restore capability (bsc#1220361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:876-1 Released: Wed Mar 13 15:45:34 2024 Summary: Security update for sudo Type: security Severity: important References: 1221134,1221151,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:903-1 Released: Fri Mar 15 06:57:36 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731) - Support both the old and new service to avoid complex version interdependency ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1007-1 Released: Wed Mar 27 10:51:42 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,1214806,CVE-2023-29383,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). - CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1014-1 Released: Wed Mar 27 18:33:55 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1081-1 Released: Tue Apr 2 06:50:44 2024 Summary: Recommended update for dracut Type: recommended Severity: important References: 1217083,1219841,1220485,1221675 This update for dracut fixes the following issues: - Update to version 055+suse.382.g80b55af2: * Fix regression with multiple `rd.break=` options (bsc#1221675) * Do not call `strcmp` if the `value` argument is NULL (bsc#1219841) * Correct shellcheck regression when parsing ccw args (bsc#1220485) * Skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1146-1 Released: Mon Apr 8 11:34:54 2024 Summary: Security update for podman Type: security Severity: important References: 1221677,CVE-2024-1753 This update for podman fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1172-1 Released: Tue Apr 9 09:52:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1175-1 Released: Tue Apr 9 10:06:40 2024 Summary: Recommended update for multipath-tools Type: recommended Severity: moderate References: 1212440,1213809,1219142,1220374 This update for multipath-tools fixes the following issues: - Fixed activation of LVM volume groups during coldplug (bsc#1219142) - Avoid changing SCSI timeouts in 'multipath -d' (bsc#1213809) - Fixed dev_loss_tmo even if not set in configuration (bsc#1212440) - Backport of upstream bug fixes (bsc#1220374): * Avoid setting queue_if_no_path on multipath maps for which the no_path_retry timeout has expired * Fixed memory and error handling for code using aio (marginal path code, directio path checker) * libmultipath: fixed max_sectors_kb on adding path * Fixed warnings reported by udevadm verify * libmultipath: use directio checker for LIO targets * multipathd.service: remove 'Also=multipathd.socket' * libmultipathd: avoid parsing errors due to unsupported designators * libmultipath: return 'pending' state when port is in transition * multipath.rules: fixed 'smart' bug with failed valid path check * libmpathpersist: fixed resource leak in update_map_pr() * libmultipath: keep renames from stopping other multipath actions ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1272-1 Released: Fri Apr 12 16:24:28 2024 Summary: Recommended update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image Type: recommended Severity: moderate References: This update for elemental-operator, elemental-operator-crds-helm, elemental-operator-helm, operator-image contains the following fixes: - Update to version 1.4.3: * registration: allow dots in machineInventory names * registration: decouple replacing data-labels from sanitizing strings * registration: move sanitize code in sanitizeString() * V1.4.x fix channel synchronization (#683) * linter: fix copyright dates * Make linter happy ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). The following package changes have been done: - glibc-2.31-150300.71.1 updated - libuuid1-2.37.4-150500.9.6.1 updated - libsmartcols1-2.37.4-150500.9.6.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libblkid1-2.37.4-150500.9.6.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libxml2-2-2.10.3-150500.5.14.1 updated - libopenssl1_1-1.1.1l-150500.17.25.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libfdisk1-2.37.4-150500.9.6.1 updated - libmount1-2.37.4-150500.9.6.1 updated - krb5-1.20.1-150500.3.6.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - login_defs-4.8.1-150500.3.3.1 updated - cpio-2.13-150400.3.6.1 updated - coreutils-8.32-150400.9.3.1 updated - sed-4.4-150300.13.3.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - systemd-presets-common-SUSE-15-150500.20.6.1 updated - openssl-1_1-1.1.1l-150500.17.25.1 updated - netcfg-11.6-150000.3.6.1 updated - rpm-4.14.3-150400.59.13.1 updated - shadow-4.8.1-150500.3.3.1 updated - pam-config-1.1-150200.3.6.1 updated - util-linux-2.37.4-150500.9.6.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - util-linux-systemd-2.37.4-150500.9.6.1 updated - dracut-055+suse.382.g80b55af2-150500.3.18.1 updated - libfreebl3-3.90.2-150400.3.39.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libssh-config-0.9.8-150400.3.6.1 updated - libssh4-0.9.8-150400.3.6.1 updated - mozilla-nss-certs-3.90.2-150400.3.39.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - mozilla-nss-3.90.2-150400.3.39.1 updated - libsoftokn3-3.90.2-150400.3.39.1 updated - wpa_supplicant-2.10-150500.3.3.1 updated - elemental-register-1.4.3-150500.3.3.3 updated - elemental-support-1.4.3-150500.3.3.3 updated - glibc-locale-base-2.31-150300.71.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - conmon-2.1.10-150500.9.9.1 updated - kpartx-0.9.4+117+suse.87f2634-150500.3.9.1 updated - libavahi-common3-0.8-150400.7.16.1 updated - libduktape206-2.6.0-150500.4.5.1 updated - openssh-common-8.4p1-150300.3.30.1 updated - runc-1.1.12-150000.64.1 updated - sudo-1.9.12p1-150500.7.10.1 updated - timezone-2024a-150000.75.28.1 updated - vim-data-common-9.1.0111-150500.20.9.1 updated - libavahi-core7-0.8-150400.7.16.1 updated - fuse-overlayfs-1.1.2-150100.3.11.1 updated - vim-small-9.1.0111-150500.20.9.1 updated - less-590-150400.3.6.2 updated - avahi-0.8-150400.7.16.1 updated - openssh-server-8.4p1-150300.3.30.1 updated - openssh-clients-8.4p1-150300.3.30.1 updated - libmpath0-0.9.4+117+suse.87f2634-150500.3.9.1 updated - multipath-tools-0.9.4+117+suse.87f2634-150500.3.9.1 updated - selinux-policy-20230511+git15.bdc96df2-150500.3.15.1 updated - selinux-policy-targeted-20230511+git15.bdc96df2-150500.3.15.1 updated - openssh-8.4p1-150300.3.30.1 updated - podman-4.8.3-150500.3.9.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.51 updated - gettext-runtime-0.20.2-1.43 removed - iproute2-5.14-150400.1.8 removed - libtextstyle0-0.20.2-1.43 removed From sle-container-updates at lists.suse.com Fri Apr 19 13:15:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Apr 2024 15:15:33 +0200 (CEST) Subject: SUSE-CU-2024:1585-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240419131533.7A8DBFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1585-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.14 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.14 Severity : moderate Type : security References : 1133277 1175678 1182659 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221525 1222086 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) The following package changes have been done: - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Fri Apr 19 13:16:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 19 Apr 2024 15:16:22 +0200 (CEST) Subject: SUSE-CU-2024:1586-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240419131622.B93E0FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1586-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.14 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.14 Severity : moderate Type : security References : 1133277 1175678 1182659 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221525 1222086 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) The following package changes have been done: - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Apr 23 07:04:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:04:04 +0200 (CEST) Subject: SUSE-CU-2024:1620-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240423070404.D8F49FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1620-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.43 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.43 Container Release : 4.43 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:04:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:04:39 +0200 (CEST) Subject: SUSE-CU-2024:1622-1: Security update of suse/389-ds Message-ID: <20240423070439.5C125FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1622-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-21.5 , suse/389-ds:latest Container Release : 21.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:05:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:05:28 +0200 (CEST) Subject: SUSE-CU-2024:1624-1: Security update of bci/dotnet-aspnet Message-ID: <20240423070528.917CBFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1624-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-26.4 , bci/dotnet-aspnet:7.0.18 , bci/dotnet-aspnet:7.0.18-26.4 Container Release : 26.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:05:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:05:35 +0200 (CEST) Subject: SUSE-CU-2024:1625-1: Security update of bci/dotnet-aspnet Message-ID: <20240423070535.84BEEFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1625-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-8.4 , bci/dotnet-aspnet:8.0.4 , bci/dotnet-aspnet:8.0.4-8.4 , bci/dotnet-aspnet:latest Container Release : 8.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:05:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:05:43 +0200 (CEST) Subject: SUSE-CU-2024:1626-1: Security update of bci/bci-busybox Message-ID: <20240423070543.B783DFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1626-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.21.2 , bci/bci-busybox:latest Container Release : 21.2 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:06:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:06:29 +0200 (CEST) Subject: SUSE-CU-2024:1629-1: Security update of bci/dotnet-sdk Message-ID: <20240423070629.C9997FCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1629-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-25.4 , bci/dotnet-sdk:6.0.29 , bci/dotnet-sdk:6.0.29-25.4 Container Release : 25.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:07:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:07:09 +0200 (CEST) Subject: SUSE-CU-2024:1631-1: Security update of bci/dotnet-sdk Message-ID: <20240423070709.AD88EFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1631-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-9.8 , bci/dotnet-sdk:8.0.4 , bci/dotnet-sdk:8.0.4-9.8 , bci/dotnet-sdk:latest Container Release : 9.8 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:07:35 +0200 (CEST) Subject: SUSE-CU-2024:1632-1: Security update of bci/dotnet-runtime Message-ID: <20240423070735.81A7EFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1632-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-25.4 , bci/dotnet-runtime:6.0.29 , bci/dotnet-runtime:6.0.29-25.4 Container Release : 25.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:08:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:08:00 +0200 (CEST) Subject: SUSE-CU-2024:1633-1: Security update of bci/dotnet-runtime Message-ID: <20240423070800.47643FD11@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1633-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-27.4 , bci/dotnet-runtime:7.0.18 , bci/dotnet-runtime:7.0.18-27.4 Container Release : 27.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:08:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:08:06 +0200 (CEST) Subject: SUSE-CU-2024:1634-1: Security update of bci/dotnet-runtime Message-ID: <20240423070806.8F781FD11@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1634-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-8.4 , bci/dotnet-runtime:8.0.4 , bci/dotnet-runtime:8.0.4-8.4 , bci/dotnet-runtime:latest Container Release : 8.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:08:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:08:16 +0200 (CEST) Subject: SUSE-CU-2024:1635-1: Security update of suse/git Message-ID: <20240423070816.D7671FD11@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1635-1 Container Tags : suse/git:2.35 , suse/git:2.35-11.7 , suse/git:latest Container Release : 11.7 Severity : important Type : security References : 1216474 1218871 1221123 1222831 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - container:micro-image-15.5.0-20.2 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:08:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:08:36 +0200 (CEST) Subject: SUSE-CU-2024:1636-1: Security update of bci/golang Message-ID: <20240423070836.90B1BFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1636-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.4.4 , bci/golang:oldstable , bci/golang:oldstable-2.4.4 Container Release : 4.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:08:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:08:54 +0200 (CEST) Subject: SUSE-CU-2024:1637-1: Security update of bci/golang Message-ID: <20240423070854.EE32BFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1637-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-14.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-14.4 Container Release : 14.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:09:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:09:17 +0200 (CEST) Subject: SUSE-CU-2024:1638-1: Security update of bci/golang Message-ID: <20240423070917.A13AEFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1638-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.4.4 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.4 Container Release : 4.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:09:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:09:33 +0200 (CEST) Subject: SUSE-CU-2024:1639-1: Security update of bci/golang Message-ID: <20240423070933.DDC6FFD11@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1639-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-14.4 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-14.4 Container Release : 14.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:09:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:09:42 +0200 (CEST) Subject: SUSE-CU-2024:1640-1: Security update of suse/helm Message-ID: <20240423070942.B97EDFD11@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1640-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-10.5 , suse/helm:latest Container Release : 10.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:micro-image-15.5.0-20.2 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:10:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:10:06 +0200 (CEST) Subject: SUSE-CU-2024:1641-1: Security update of bci/bci-init Message-ID: <20240423071006.DEC86FD11@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1641-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.16.4 , bci/bci-init:latest Container Release : 16.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:05:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:05:58 +0200 (CEST) Subject: SUSE-CU-2024:1628-1: Security update of suse/registry Message-ID: <20240423070558.37504FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1628-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-23.5 , suse/registry:latest Container Release : 23.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:micro-image-15.5.0-20.2 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:07:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:07:01 +0200 (CEST) Subject: SUSE-CU-2024:1630-1: Security update of bci/dotnet-sdk Message-ID: <20240423070701.469DCFCFE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1630-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-27.4 , bci/dotnet-sdk:7.0.18 , bci/dotnet-sdk:7.0.18-27.4 Container Release : 27.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Tue Apr 23 07:05:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:05:03 +0200 (CEST) Subject: SUSE-CU-2024:1623-1: Security update of bci/dotnet-aspnet Message-ID: <20240423070503.B0BAEFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1623-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-26.4 , bci/dotnet-aspnet:6.0.29 , bci/dotnet-aspnet:6.0.29-26.4 Container Release : 26.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:03:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:03:30 +0200 (CEST) Subject: SUSE-CU-2024:1643-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240424070330.4FD99FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1643-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.17 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.17 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:05:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:05:03 +0200 (CEST) Subject: SUSE-CU-2024:1645-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240424070503.9D44EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1645-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.17 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.17 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:07:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:07:19 +0200 (CEST) Subject: SUSE-CU-2024:1647-1: Recommended update of suse/sles12sp5 Message-ID: <20240424070719.F07F2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1647-1 Container Tags : suse/sles12sp5:6.5.586 , suse/sles12sp5:latest Container Release : 6.5.586 Severity : important Type : recommended References : 1220285 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1399-1 Released: Tue Apr 23 13:59:37 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1220285 This update for systemd fixes the following issues: - util: improve comments why we ignore EACCES and EPERM - util: bind_remount_recursive_with_mountinfo(): ignore submounts which cannot be accessed - namespace: don't fail on masked mounts (bsc#1220285) - man: Document ranges for distributions config files and local config files - Recommend drop-ins over modifications to the main config file - man: reword the description of 'main conf file' - man: rework section about configuration file precedence - man: document paths under /usr/local in standard-conf.xml The following package changes have been done: - libsystemd0-228-157.60.1 updated - libudev1-228-157.60.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:08:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:08:17 +0200 (CEST) Subject: SUSE-CU-2024:1641-1: Security update of bci/bci-init Message-ID: <20240424070817.6E089FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1641-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.16.4 , bci/bci-init:latest Container Release : 16.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:08:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:08:18 +0200 (CEST) Subject: SUSE-CU-2024:1648-1: Recommended update of bci/bci-init Message-ID: <20240424070818.1C742FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1648-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.16.5 , bci/bci-init:latest Container Release : 16.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:08:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:08:29 +0200 (CEST) Subject: SUSE-CU-2024:1650-1: Security update of bci/bci-micro Message-ID: <20240424070829.20598FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1650-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.20.2 , bci/bci-micro:latest Container Release : 20.2 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:08:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:08:41 +0200 (CEST) Subject: SUSE-CU-2024:1651-1: Security update of bci/bci-minimal Message-ID: <20240424070841.1B526FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1651-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.21.6 , bci/bci-minimal:latest Container Release : 21.6 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:micro-image-15.5.0-20.2 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:09:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:09:03 +0200 (CEST) Subject: SUSE-CU-2024:1652-1: Security update of suse/nginx Message-ID: <20240424070903.D21DFFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1652-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-11.5 , suse/nginx:latest Container Release : 11.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:09:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:09:34 +0200 (CEST) Subject: SUSE-CU-2024:1653-1: Security update of bci/nodejs Message-ID: <20240424070934.ED08CFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1653-1 Container Tags : bci/node:18 , bci/node:18-17.6 , bci/nodejs:18 , bci/nodejs:18-17.6 Container Release : 17.6 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:09:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:09:51 +0200 (CEST) Subject: SUSE-CU-2024:1654-1: Security update of bci/nodejs Message-ID: <20240424070951.A5552FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1654-1 Container Tags : bci/node:20 , bci/node:20-7.6 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-7.6 , bci/nodejs:latest Container Release : 7.6 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:10:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:10:28 +0200 (CEST) Subject: SUSE-CU-2024:1655-1: Security update of bci/openjdk-devel Message-ID: <20240424071028.366D7FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1655-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.8 Container Release : 15.8 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:bci-openjdk-11-15.5.11-16.4 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:10:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:10:58 +0200 (CEST) Subject: SUSE-CU-2024:1656-1: Security update of bci/openjdk Message-ID: <20240424071058.EEF8FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1656-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-16.4 Container Release : 16.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:11:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:11:34 +0200 (CEST) Subject: SUSE-CU-2024:1657-1: Security update of bci/openjdk-devel Message-ID: <20240424071134.07483FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1657-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-17.9 , bci/openjdk-devel:latest Container Release : 17.9 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:bci-openjdk-17-15.5.17-17.5 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:12:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:12:03 +0200 (CEST) Subject: SUSE-CU-2024:1658-1: Security update of bci/openjdk Message-ID: <20240424071203.A9695FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1658-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-17.5 , bci/openjdk:latest Container Release : 17.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:12:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:12:39 +0200 (CEST) Subject: SUSE-CU-2024:1659-1: Security update of suse/pcp Message-ID: <20240424071239.6205EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1659-1 Container Tags : suse/pcp:5 , suse/pcp:5-23.8 , suse/pcp:5.2 , suse/pcp:5.2-23.8 , suse/pcp:5.2.5 , suse/pcp:5.2.5-23.8 , suse/pcp:latest Container Release : 23.8 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:bci-bci-init-15.5-15.5-16.4 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:12:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:12:40 +0200 (CEST) Subject: SUSE-CU-2024:1660-1: Recommended update of suse/pcp Message-ID: <20240424071240.18DB6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1660-1 Container Tags : suse/pcp:5 , suse/pcp:5-23.10 , suse/pcp:5.2 , suse/pcp:5.2-23.10 , suse/pcp:5.2.5 , suse/pcp:5.2.5-23.10 , suse/pcp:latest Container Release : 23.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - container:bci-bci-init-15.5-15.5-16.5 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:13:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:13:10 +0200 (CEST) Subject: SUSE-CU-2024:1661-1: Security update of bci/php-apache Message-ID: <20240424071310.8FD08FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1661-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-13.5 Container Release : 13.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:13:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:13:39 +0200 (CEST) Subject: SUSE-CU-2024:1662-1: Security update of bci/php-fpm Message-ID: <20240424071339.A5530FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1662-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-13.5 Container Release : 13.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:14:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:14:08 +0200 (CEST) Subject: SUSE-CU-2024:1663-1: Security update of bci/php Message-ID: <20240424071408.384FEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1663-1 Container Tags : bci/php:8 , bci/php:8-13.4 Container Release : 13.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 07:14:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:14:33 +0200 (CEST) Subject: SUSE-CU-2024:1664-1: Security update of suse/postgres Message-ID: <20240424071433.A8018FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1664-1 Container Tags : suse/postgres:15 , suse/postgres:15-18.4 , suse/postgres:15.6 , suse/postgres:15.6-18.4 Container Release : 18.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:26:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:26:25 +0200 (CEST) Subject: SUSE-CU-2024:1664-1: Security update of suse/postgres Message-ID: <20240424092625.54FA8FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1664-1 Container Tags : suse/postgres:15 , suse/postgres:15-18.4 , suse/postgres:15.6 , suse/postgres:15.6-18.4 Container Release : 18.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:26:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:26:40 +0200 (CEST) Subject: SUSE-CU-2024:1665-1: Security update of suse/postgres Message-ID: <20240424092640.6899FFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1665-1 Container Tags : suse/postgres:16 , suse/postgres:16-7.4 , suse/postgres:16.2 , suse/postgres:16.2-7.4 , suse/postgres:latest Container Release : 7.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:27:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:27:10 +0200 (CEST) Subject: SUSE-CU-2024:1666-1: Security update of bci/python Message-ID: <20240424092710.EB0D1FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1666-1 Container Tags : bci/python:3 , bci/python:3-18.4 , bci/python:3.11 , bci/python:3.11-18.4 , bci/python:latest Container Release : 18.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:27:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:27:37 +0200 (CEST) Subject: SUSE-CU-2024:1667-1: Security update of bci/python Message-ID: <20240424092737.B35A3FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1667-1 Container Tags : bci/python:3 , bci/python:3-19.5 , bci/python:3.6 , bci/python:3.6-19.5 Container Release : 19.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:27:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:27:48 +0200 (CEST) Subject: SUSE-CU-2024:1668-1: Security update of suse/rmt-mariadb-client Message-ID: <20240424092748.1C9F4FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1668-1 Container Tags : suse/mariadb-client:10.6 , suse/mariadb-client:10.6-16.4 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.6 , suse/rmt-mariadb-client:10.6-16.4 , suse/rmt-mariadb-client:latest Container Release : 16.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:27:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:27:57 +0200 (CEST) Subject: SUSE-CU-2024:1669-1: Security update of suse/rmt-mariadb Message-ID: <20240424092757.DF99BFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1669-1 Container Tags : suse/mariadb:10.6 , suse/mariadb:10.6-21.5 , suse/mariadb:latest , suse/rmt-mariadb:10.6 , suse/rmt-mariadb:10.6-21.5 , suse/rmt-mariadb:latest Container Release : 21.5 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:28:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:28:18 +0200 (CEST) Subject: SUSE-CU-2024:1670-1: Security update of suse/rmt-server Message-ID: <20240424092818.9395BFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1670-1 Container Tags : suse/rmt-server:2.15 , suse/rmt-server:2.15-16.4 , suse/rmt-server:latest Container Release : 16.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:28:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:28:51 +0200 (CEST) Subject: SUSE-CU-2024:1671-1: Security update of bci/ruby Message-ID: <20240424092851.27B94FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1671-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.4 , bci/ruby:2.5 , bci/ruby:2.5-17.4 , bci/ruby:latest Container Release : 17.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:29:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:29:25 +0200 (CEST) Subject: SUSE-CU-2024:1672-1: Security update of bci/rust Message-ID: <20240424092925.D8767FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1672-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-2.4.4 , bci/rust:oldstable , bci/rust:oldstable-2.4.4 Container Release : 4.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:29:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:29:54 +0200 (CEST) Subject: SUSE-CU-2024:1673-1: Security update of bci/rust Message-ID: <20240424092954.B832FFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1673-1 Container Tags : bci/rust:1.77 , bci/rust:1.77-1.4.4 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.4 Container Release : 4.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:30:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:30:07 +0200 (CEST) Subject: SUSE-CU-2024:1674-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240424093007.2BB47FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1674-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.9.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 9.4 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-devel-2.31-150300.74.1 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:31:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:24 +0200 (CEST) Subject: SUSE-CU-2024:1682-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240424093124.59046FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1682-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.11 , suse/manager/4.3/proxy-ssh:4.3.11.9.39.22 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.39.22 Severity : moderate Type : recommended References : 1216474 1218871 1221123 1222831 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). The following package changes have been done: - openssh-common-8.4p1-150300.3.37.1 updated - openssh-fips-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:31:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:26 +0200 (CEST) Subject: SUSE-CU-2024:1683-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240424093126.EA1A1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1683-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-httpd:5.0.0-beta2.3.41 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 3.41 Severity : important Type : security References : 1198533 1201817 1210959 1211886 1214169 1214691 1214934 1215377 1216296 1216541 1217450 1217667 1218232 1218492 1218952 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 1222259 CVE-2022-48566 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libabsl2401_0_0-20240116.1-150600.17.3 added - libgobject-2_0-0-2.78.3-150600.1.6 updated - libopenssl3-3.1.4-150600.2.18 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - shared-mime-info-2.4-150600.1.2 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.35 updated - shadow-4.8.1-150600.15.44 updated - gio-branding-SLE-15-150600.33.2 updated - libgio-2_0-0-2.78.3-150600.1.6 updated - glib2-tools-2.78.3-150600.1.6 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.6.0-150600.2.1 updated - girepository-1_0-1.78.1-150600.2.2 updated - libgirepository-1_0-1-1.78.1-150600.2.2 updated - libapparmor1-3.1.7-150600.3.1 updated - libjansson4-2.14-150000.3.5.1 added - libkmod2-29-150600.11.3 updated - pam-config-1.1-150600.14.2 updated - release-notes-susemanager-proxy-5.0.0~beta2-150600.12.1 updated - selinux-tools-3.5-150600.1.45 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - xz-5.4.1-150600.1.1 updated - zstd-1.5.5-150600.1.2 updated - libapr-util1-1.6.1-150600.25.2 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - policycoreutils-3.5-150600.1.42 updated - uyuni-base-common-5.0.2-150600.1.15.1 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - hwdata-0.380-150000.3.68.1 updated - apache2-prefork-2.4.58-150600.3.1 updated - python3-base-3.6.15-150300.10.60.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - systemd-254.10-150600.1.3 updated - python3-3.6.15-150300.10.60.1 updated - python3-rpm-4.14.3-150400.59.13.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - apache2-2.4.58-150600.3.1 updated - python3-dbus-python-1.2.16-150600.3.2 updated - spacewalk-backend-5.0.5-150600.3.41.7 updated - python3-spacewalk-client-tools-5.0.4-150600.3.88.11 updated - spacewalk-client-tools-5.0.4-150600.3.88.11 updated - container:sles15-image-15.0.0-45.12 updated - apache2-utils-2.4.51-150600.12.2 removed - gzip-1.10-150200.10.1 removed - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - which-2.21-2.20 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:28 +0200 (CEST) Subject: SUSE-CU-2024:1684-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240424093128.1495BFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1684-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0-beta2.3.40 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 3.40 Severity : important Type : security References : 1087072 1195654 1199944 1204111 1204112 1204113 1210959 1211886 1212126 1214691 1214934 1215377 1216296 1217450 1217667 1218232 1218492 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 CVE-2022-1664 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-48566 CVE-2023-34969 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3806-1 Released: Thu Oct 27 17:21:11 2022 Summary: Security update for dbus-1 Type: security Severity: important References: 1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012 This update for dbus-1 fixes the following issues: - CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113). Bugfixes: - Disable asserts (bsc#1087072). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low References: 1199944,CVE-2022-1664 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2877-1 Released: Wed Jul 19 09:43:42 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgmodule-2_0-0-2.78.3-150600.1.6 added - update-alternatives-1.19.0.4-150000.4.4.1 added - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libabsl2401_0_0-20240116.1-150600.17.3 added - libgobject-2_0-0-2.78.3-150600.1.6 added - libopenssl3-3.1.4-150600.2.18 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - libdbus-1-3-1.12.2-150400.18.8.1 added - coreutils-8.32-150400.9.3.1 updated - shared-mime-info-2.4-150600.1.2 added - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.35 updated - shadow-4.8.1-150600.15.44 updated - dbus-1-1.12.2-150400.18.8.1 added - gio-branding-SLE-15-150600.33.2 added - libgio-2_0-0-2.78.3-150600.1.6 added - glib2-tools-2.78.3-150600.1.6 added - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - netcfg-11.6-150000.3.6.1 updated - curl-8.6.0-150600.2.1 updated - openssl-3.1.4-150600.2.1 updated - openssl-3-3.1.4-150600.2.18 updated - timezone-2024a-150600.89.1 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-45.12 updated - gzip-1.10-150200.10.1 removed - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - tar-1.34-150000.3.34.1 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:29 +0200 (CEST) Subject: SUSE-CU-2024:1685-1: Security update of suse/manager/5.0/x86_64/proxy-squid Message-ID: <20240424093129.A27CAFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1685-1 Container Tags : suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-squid:5.0.0-beta2.3.32 , suse/manager/5.0/x86_64/proxy-squid:latest Container Release : 3.32 Severity : important Type : security References : 1196025 1196026 1196168 1196169 1196171 1196784 1203438 1204708 1210959 1214934 1215377 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1220061 1220724 1221239 1221289 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-40674 CVE-2022-43680 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2294-1 Released: Wed Jul 6 13:34:15 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3489-1 Released: Sat Oct 1 13:35:24 2022 Summary: Security update for expat Type: security Severity: important References: 1203438,CVE-2022-40674 This update for expat fixes the following issues: - CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3884-1 Released: Mon Nov 7 10:59:26 2022 Summary: Security update for expat Type: security Severity: important References: 1204708,CVE-2022-43680 This update for expat fixes the following issues: - CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - glibc-2.38-150600.9.2 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - liblzma5-5.4.1-150600.1.1 updated - libcom_err2-1.47.0-150600.2.25 updated - libselinux1-3.5-150600.1.45 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 added - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libsemanage2-3.5-150600.1.48 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - shadow-4.8.1-150600.15.44 updated - container:sles15-image-15.0.0-45.12 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.39.3-150600.1.14 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150600.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.39.3-150600.1.14 removed - libgcrypt20-1.10.3-150600.1.7 removed - libgpg-error0-1.47-150600.1.1 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.4-150600.1.2 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.39.3-150600.1.14 removed - libnghttp2-14-1.40.0-150600.22.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.39.3-150600.1.14 removed - libssh-config-0.9.8-150600.8.1 removed - libssh4-0.9.8-150600.8.1 removed - libsystemd0-254.9-150600.2.4 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.39.3-150600.1.14 removed - libzstd1-1.5.5-150600.1.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sles-release-15.6-150600.26.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.39.3-150600.1.14 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:31 +0200 (CEST) Subject: SUSE-CU-2024:1686-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20240424093131.A9BEBFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1686-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-ssh:5.0.0-beta2.3.56 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 3.56 Severity : important Type : security References : 1210959 1214691 1214934 1215377 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 CVE-2022-48566 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libsemanage-conf-3.5-150600.1.48 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libsepol2-3.5-150600.1.48 updated - libpcre2-8-0-10.42-150600.1.25 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libselinux1-3.5-150600.1.45 updated - libgcrypt20-1.10.3-150600.1.18 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - shadow-4.8.1-150600.15.44 updated - openssh-common-9.6p1-150600.2.2 updated - libfido2-1-1.13.0-150600.10.2 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - openssh-fips-9.6p1-150600.2.2 updated - openssh-server-9.6p1-150600.2.2 updated - openssh-clients-9.6p1-150600.2.2 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - openssh-9.6p1-150600.2.2 updated - container:sles15-image-15.0.0-45.12 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.39.3-150600.1.14 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150600.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.39.3-150600.1.14 removed - libidn2-0-2.2.0-3.6.1 removed - libldap-2_4-2-2.4.46-150600.23.4 removed - libldap-data-2.4.46-150600.23.4 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.39.3-150600.1.14 removed - libnghttp2-14-1.40.0-150600.22.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150600.5.1 removed - libsmartcols1-2.39.3-150600.1.14 removed - libssh-config-0.9.8-150600.8.1 removed - libssh4-0.9.8-150600.8.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.39.3-150600.1.14 removed - libxml2-2-2.10.3-150500.5.14.1 removed - ncurses-utils-6.1-150000.5.20.1 removed - perl-base-5.26.1-150300.17.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sed-4.9-150600.1.2 removed - sles-release-15.6-150600.26.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.39.3-150600.1.14 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:33 +0200 (CEST) Subject: SUSE-CU-2024:1687-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240424093133.757CBFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1687-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-beta2 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.0-beta2.3.38 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 3.38 Severity : important Type : security References : 1210959 1214691 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 CVE-2022-48566 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - crypto-policies-20230920.570ea89-150600.1.9 updated - glibc-2.38-150600.9.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - liblzma5-5.4.1-150600.1.1 updated - libcom_err2-1.47.0-150600.2.25 updated - libselinux1-3.5-150600.1.45 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - coreutils-8.32-150400.9.3.1 updated - openssl-3.1.4-150600.2.1 updated - openssl-3-3.1.4-150600.2.18 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - container:sles15-image-15.0.0-45.12 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - cpio-2.13-150400.3.6.1 removed - cracklib-2.9.11-150600.1.88 removed - cracklib-dict-small-2.9.11-150600.1.88 removed - diffutils-3.6-4.3.1 removed - file-magic-5.32-7.14.1 removed - fillup-1.42-2.18 removed - grep-3.1-150000.4.6.1 removed - gzip-1.10-150200.10.1 removed - libaudit1-3.0.6-150400.4.13.1 removed - libblkid1-2.39.3-150600.1.14 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcrack2-2.9.11-150600.1.88 removed - libcurl4-8.0.1-150600.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.39.3-150600.1.14 removed - libgcrypt20-1.10.3-150600.1.7 removed - libgpg-error0-1.47-150600.1.1 removed - libidn2-0-2.2.0-3.6.1 removed - libldap-2_4-2-2.4.46-150600.23.4 removed - libldap-data-2.4.46-150600.23.4 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.4-150600.1.2 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.39.3-150600.1.14 removed - libnghttp2-14-1.40.0-150600.22.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsasl2-3-2.1.28-150600.5.1 removed - libsemanage-conf-3.5-150600.1.47 removed - libsemanage2-3.5-150600.1.47 removed - libsepol2-3.5-150600.1.47 removed - libsmartcols1-2.39.3-150600.1.14 removed - libssh-config-0.9.8-150600.8.1 removed - libssh4-0.9.8-150600.8.1 removed - libsystemd0-254.9-150600.2.4 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.39.3-150600.1.14 removed - libxml2-2-2.10.3-150500.5.14.1 removed - libzstd1-1.5.5-150600.1.1 removed - login_defs-4.8.1-150600.15.43 removed - ncurses-utils-6.1-150000.5.20.1 removed - pam-1.3.0-150000.6.66.1 removed - perl-base-5.26.1-150300.17.14.1 removed - permissions-20201225-150400.5.16.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sed-4.9-150600.1.2 removed - shadow-4.8.1-150600.15.43 removed - sles-release-15.6-150600.26.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed - util-linux-2.39.3-150600.1.14 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:35 +0200 (CEST) Subject: SUSE-CU-2024:1689-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20240424093135.1806EFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1689-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0-beta2 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0-beta2.2.39 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 2.39 Severity : important Type : security References : 1210959 1211886 1214934 1215377 1217450 1217667 1218232 1218492 1219031 1219321 1219520 1219559 1220061 1220724 1221239 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - shadow-4.8.1-150600.15.44 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - netcfg-11.6-150000.3.6.1 updated - libapparmor1-3.1.7-150600.3.1 updated - libkmod2-29-150600.11.3 updated - librdkafka1-0.11.6-150600.14.2 updated - pam-config-1.1-150600.14.2 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - xz-5.4.1-150600.1.1 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - systemd-254.10-150600.1.3 updated - util-linux-systemd-2.39.3-150600.1.9 updated - wicked-0.6.74-150600.9.1 updated - wicked-service-0.6.74-150600.9.1 updated - rsyslog-8.2306.0-150600.10.5 updated - hub-xmlrpc-api-0.7-150600.1.10 updated - container:sles15-image-15.0.0-45.12 updated - gzip-1.10-150200.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libffi7-3.2.1.git259-10.8 removed - liblua5_3-5-5.3.6-3.6.1 removed - libxml2-2-2.10.3-150500.5.14.1 removed - rpm-config-SUSE-1-150400.14.3.1 removed - tar-1.34-150000.3.34.1 removed - timezone-2023c-150000.75.23.1 removed From sle-container-updates at lists.suse.com Tue Apr 23 07:04:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Apr 2024 09:04:15 +0200 (CEST) Subject: SUSE-CU-2024:1621-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240423070415.3B89FFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1621-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.26 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.26 Container Release : 3.26 Severity : important Type : security References : 1133277 1175678 1182659 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221525 1222086 1222992 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2024-2961 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Wed Apr 24 07:05:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 09:05:30 +0200 (CEST) Subject: SUSE-CU-2024:1646-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240424070530.6E4ADFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1646-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.213 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.213 Severity : important Type : security References : 1133277 1175678 1182659 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221525 1222086 1222992 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - container:sles15-image-15.0.0-36.11.26 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:30:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:30:30 +0200 (CEST) Subject: SUSE-CU-2024:1675-1: Security update of suse/sle15 Message-ID: <20240424093030.D86A8FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1675-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.26 , suse/sle15:15.5 , suse/sle15:15.5.36.11.26 Container Release : 36.11.26 Severity : important Type : security References : 1133277 1175678 1182659 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221525 1222086 1222992 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-2.31-150300.74.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:36 +0200 (CEST) Subject: SUSE-CU-2024:1690-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240424093136.8F5B1FCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1690-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.0-beta2 , suse/manager/5.0/x86_64/server:5.0.0-beta2.3.64 , suse/manager/5.0/x86_64/server:latest Container Release : 3.64 Severity : critical Type : security References : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012 1183051 1186282 1187332 1190495 1198533 1198880 1200551 1208079 1210959 1211272 1213418 1214169 1214691 1214934 1215005 1215377 1216296 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217390 1217432 1217450 1217608 1217667 1217964 1218232 1218252 1218492 1218952 1219031 1219321 1219520 1219530 1219559 1219581 1219666 1220061 1220068 1220070 1220644 1220724 1221239 1221289 1221813 1222045 1222109 1222259 CVE-2021-40633 CVE-2022-28506 CVE-2022-48566 CVE-2023-45918 CVE-2023-4750 CVE-2023-48161 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-52425 CVE-2023-6597 CVE-2024-1597 CVE-2024-22667 CVE-2024-25710 CVE-2024-26308 CVE-2024-28757 CVE-2024-29025 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2735-1 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1173034 This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2782-1 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: important References: 1176932 This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3795-1 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Type: optional Severity: low References: 1059627,1178481,1179020 This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:707-1 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1177039 This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:795-1 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1182661,1183012,1183051 This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2899-1 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1186282,1187332 This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4009-1 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:353-1 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:561-1 Released: Wed Feb 21 05:35:13 2024 Summary: Recommended update for openblas Type: recommended Severity: important References: 1217608 This update for openblas contains the following fixes: - Added `libopenblas_pthreads0` to Package Hub SLE-15-SP5 for architecture s390 (no source changes) (bsc#1217608) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:726-1 Released: Thu Feb 29 12:12:44 2024 Summary: Security update for Java Type: security Severity: important References: 1220068,1220070,CVE-2024-25710,CVE-2024-26308 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all   in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc 'the old fashioned way' after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter 'stylesheet' + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in 'Copying xresources' info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:737-1 Released: Fri Mar 1 09:04:30 2024 Summary: Recommended update for system-user-prometheus Type: recommended Severity: important References: 1218252 This update for system-user-prometheus contains the following fixes: - Added `system-user-prometheus` to Package Hub SLE-15-SP5 to resolve dependency issue with prometheus (bsc#1218252) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:773-1 Released: Tue Mar 5 20:33:45 2024 Summary: Security update for postgresql-jdbc Type: security Severity: critical References: 1220644,CVE-2024-1597 This update for postgresql-jdbc fixes the following issues: - CVE-2024-1597: Fixed SQL Injection via line comment generation (bsc#1220644). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:827-1 Released: Mon Mar 11 03:55:54 2024 Summary: Recommended update for tomcat Type: recommended Severity: moderate References: 1219530 This update for tomcat fixes the following issues: - Added dependencies on tomcat `user` and `group`, required by RPM 4.19 (bsc#1219530) - Link ecj.jar into the install instead of copying it ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:1075-1 Released: Mon Apr 1 10:50:53 2024 Summary: Feature update for openblas Type: feature Severity: important References: 1221813 This update for openblas fixes the following issues: openblas was updated from version 0.3.21 to version 0.3.25 (jsc#PED-7926, jsc#PED-7927, bsc#1221813): - Changes in version 0.3.25: * General: + Improved the error message shown on exceeding the maximum thread count + Improved the code to add supplementary thread buffers in case of overflow + Fixed a potential division by zero in `?ROTG` + Improved the `?MATCOPY` functions to accept zero-sized rows or columns + Corrected empty prototypes in function declarations + cleaned up unused declarations in the f2c-converted versions of the LAPACK sources + Improved link line rewriting to avoid mixed libgomp/libomp builds with clang&gfortran + imported the following changes from the upcoming release 3.12 of Reference-LAPACK: LAPACK PR 900, LAPACK PR 904, LAPACK PR 907, LAPACK PR 909, LAPACK PR 926, LAPACK PR 927, LAPACK PR 928 & 930 * Architecture x86-64: + Fixed capability-based fallback selection for unknown cpus in `DYNAMIC_ARCH` + Added AVX512 optimizations for `?ASUM` on Intel Sapphire Rapids and Cooper Lake * Architecture ARM64: + Fixed building with XCODE 15 + Fixed building on A64FX and Cortex A710/X1/X2 + increased the default buffer size for recent arm server cpus * Architecture POWER PC: + Added support for `DYNAMIC_ARCH` builds with clang + Fixed union declaration in the `BFLOAT16` test case - Changes in version 0.3.24: * General: + Declared the arguments of `cblas_xerbla` as `const` (in accordance with the reference implementation and others, the previous discrepancy appears to have dated back to GotoBLAS) + Fixed the implementation of `?GEMMT` that was added in 0.3.23 + made cpu-specific `SWITCH_RATIO` parameters for GEMM available to `DYNAMIC_ARCH` builds + Fixed missing `SSYCONVF` function in the shared library + Fixed parallel build logic used with gmake + Fixed several issues with the handling of runtime limits on the number of OPENMP threads + Corrected the error code returned by `SGEADD`/`DGEADD` when LDA is too small + Corrected the error code returned by `IMATCOPY` when LDB is too small + Updated `?NRM2` to support negative increment values (as introduced in release 3.10.0 of the Reference BLAS) + Updated `?ROTG` to use the safe scaling algorithm introduced in release 3.10.0 of the Reference BLAS + Fixed OpenMP builds with CLANG for the case where libomp is not in a standard location + Fixed a potential overwrite of unrelated memory during thread initialisation on startup + Fixed a potential integer overflow in the multithreading threshold for `?SYMM`/`?SYRK` + Fixed build of the LAPACKE interfaces for the LAPACK 3.11.0 `?TRSYL` functions added in 0.3.22 + Applied additions and corrections from the development branch of Reference-LAPACK: - Fixed actual arguments passed to a number of LAPACK functions (from Reference-LAPACK PR 885) - Fixed workspace query results in LAPACK `?SYTRF`/`?TRECV3` (from Reference-LAPACK PR 883) - Fixed derivation of the UPLO parameter in `LAPACKE_?larfb` (from Reference-LAPACK PR 878) - Fixed a crash in LAPACK `?GELSDD` on `NRHS=0` (from Reference-LAPACK PR 876) - Added new LAPACK utility functions `CRSCL` and `ZRSCL` (from Reference-LAPACK PR 839) - Corrected the order of eigenvalues for 2x2 matrices in `?STEMR` (Reference-LAPACK PR 867) - Removed spurious reference to OpenMP variables outside OpenMP contexts (Reference-LAPACK PR 860) - Updated file comments on use of `LAMBDA` variable in LAPACK (Reference-LAPACK PR 852) - Fixed documentation of LAPACK `SLASD0`/`DLASD0` (Reference-LAPACK PR 855) - Fixed confusing use of 'minor' in LAPACK documentation (Reference-LAPACK PR 849) - Added new LAPACK functions ?GEDMD for dynamic mode decomposition (Reference-LAPACK PR 736) - Fixed potential stack overflows in the `EIG` part of the LAPACK testsuite (Reference-LAPACK PR 854) - Applied small improvements to the variants of Cholesky and QR functions (Reference-LAPACK PR 847) - Removed unused variables from LAPACK `?BDSQR` (Reference-LAPACK PR 832) - Fixed a potential crash on allocation failure in LAPACKE `SGEESX`/`DGEESX` (Reference-LAPACK PR 836) - Added a quick return from `SLARUV`/`DLARUV` for N < 1 (Reference-LAPACK PR 837) - Updated function descriptions in LAPACK `?GEGS`/`?GEGV` (Reference-LAPACK PR 831) - Improved algorithm description in `?GELSY` (Reference-LAPACK PR 833) - Fixed scaling in LAPACK `STGSNA`/`DTGSNA` (Reference-LAPACK PR 830) - Fixed crash in `LAPACKE_?geqrt` with row-major data (Reference-LAPACK PR 768) - Added LAPACKE interfaces for `C/ZUNHR_COL` and `S/DORHR_COL` (Reference-LAPACK PR 827) - Added error exit tests for `SYSV`/`SYTD2`/`GEHD2` to the testsuite (Reference-LAPACK PR 795) - Fixed typos in LAPACK source and comments (Reference-LAPACK PRs 809,811,812,814,820) - Adopt refactored `?GEBAL` implementation (Reference-LAPACK PR 808) * Architecture x86_64: + Added cpu model autodetection for Intel Alder Lake N + Added activation of the AMX tile to the Sapphire Rapids `SBGEMM` kernel + worked around miscompilations of GEMV/SYMV kernels by gcc's tree-vectorizer + Fixed runtime detection of Cooperlake and Sapphire Rapids in `DYNAMIC_ARCH` + Fixed feature-based cputype fallback in `DYNAMIC_ARCH` + Corrected `ZAXPY` result on old pre-AVX hardware for the `INCX=0` case + Fixed a potential use of uninitialized variables in ZTRSM * Architecture ARMV8: + implemented SWITCH_RATIO parameter for improved GEMM performance on Neoverse + activated SVE SGEMM and DGEMM kernels for Neoverse V1 + Improved performance of the SVE CGEMM and ZGEMM kernels on Neoverse V1 + Improved kernel selection for the ARMV8SVE target and added it to `DYNAMIC_ARCH` + Fixed runtime check for SVE availability in `DYNAMIC_ARCH` builds to take OS or container restrictions into account + Fixed a potential use of uninitialized variables in ZTRSM * Architecture POWER PC: + Fixed compiler warnings in the POWER10 SBGEMM kernel - Changes in version 0.3.23: * General: + Fixed a serious regression in `GETRF`/`GETF2` and `ZGETRF`/`ZGETF2` where subnormal but nonzero data elements triggered the singularity flag + Fixed a long-standing bug in `CSPR`/`ZSPR` in single-threaded operation + for cases where elements of the X vector are real numbers (or complex with only the real part zero) * Architecture x86_64: + Added further CPUID values for Intel Raptor Lake - Changes in version 0.3.22: * General: + Updated the included LAPACK to Reference-LAPACK release 3.11.0 plus post-release corrections and improvements + Added a threshold for multithreading in `SYMM`, `SYMV` and `SYR2K` + Increased the threshold for multithreading in `SYRK` + OpenBLAS no longer decreases the global `OMP_NUM_THREADS` when it exceeds the maximum thread count the library was compiled for. + Fixed `?GETF2` potentially returning `NaN` with tiny matrix elements + Fixed `openblas_set_num_threads` to work in `USE_OPENMP` builds. + Fixed cpu core counting in `USE_OPENMP` builds returning the number of OMP 'places' rather than cores + Fixed stride calculation in the optimized small-matrix path of complex `SYR` + Fixed building of Reference-LAPACK with recent gfortran + Added new environment variable `OPENBLAS_DEFAULT_NUM_THREADS` + Added a GEMV-based implementation of `GEMMT` * Architecture x86_64: + Added autodetection of Intel Raptor Lake cpu models + Added SSCAL microkernels for Haswell and newer targets + Improved the performance of the Haswell DSCAL microkernel + Added CSCAL and ZSCAL microkernels for SkylakeX targets + Fixed detection of gfortran and Cray CCE compilers + Fixed runtime selection of COOPERLAKE in `DYNAMIC_ARCH` builds + Worked around gcc/llvm using risky FMA operations in CSCAL/ZSCAL * Architecture ARMV8: + Fixed cross-compilation to CortexA53 with CMAKE + Fixed compilation with CMAKE and 'Arm Compiler for Linux 22.1' + Added cpu autodetection for Cortex X3 and A715 + Fixed conditional compilation of SVE-capable targets in `DYNAMIC_ARCH` + sped up SVE kernels by removing unnecessary prefetches + Improved the GEMM performance of Neoverse V1 + Added SVE kernels for SDOT and DDOT + Added an SBGEMM kernel for Neoverse N2 + Improved cpu-specific compiler option selection for Neoverse cpus + Added support for setting `CONSISTENT_FPCSR` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1079-1 Released: Tue Apr 2 05:52:07 2024 Summary: Security update for netty, netty-tcnative Type: security Severity: important References: 1222045,CVE-2024-29025 This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libabsl2401_0_0-20240116.1-150600.17.3 added - libgobject-2_0-0-2.78.3-150600.1.6 updated - libopenssl3-3.1.4-150600.2.18 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - shared-mime-info-2.4-150600.1.2 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.35 updated - shadow-4.8.1-150600.15.44 updated - gio-branding-SLE-15-150600.33.2 updated - libgio-2_0-0-2.78.3-150600.1.6 updated - glib2-tools-2.78.3-150600.1.6 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - curl-8.6.0-150600.2.1 updated - openssl-3.1.4-150600.2.1 updated - openssl-3-3.1.4-150600.2.18 updated - timezone-2024a-150600.89.1 updated - libapparmor1-3.1.7-150600.3.1 updated - libkmod2-29-150600.11.3 updated - pam-config-1.1-150600.14.2 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - systemd-254.10-150600.1.3 updated - augeas-lenses-1.14.1-150600.1.2 updated - augeas-1.14.1-150600.1.2 updated - dwz-0.12-150000.3.4.1 updated - girepository-1_0-1.78.1-150600.2.2 updated - libgirepository-1_0-1-1.78.1-150600.2.2 updated - glibc-locale-base-2.38-150600.9.2 updated - image-sync-formula-0.1.1711646883.4a44375-150600.1.1 updated - jose4j-0.9.5-150600.1.1 updated - libX11-data-1.8.7-150600.1.2 updated - libarchive13-3.7.2-150600.1.6 updated - libargon2-1-20190702-150600.1.3 updated - libasound2-1.2.10-150600.2.3 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libburn4-1.5.6-150600.1.5 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.2 updated - libgif7-5.2.2-150000.4.13.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libgraphite2-3-1.3.14-150600.1.4 updated - libisofs6-1.5.6-150600.1.5 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - libjpeg8-8.2.2-150600.22.4 updated - libjson-c5-0.16-150600.1.4 updated - liblcms2-2-2.15-150600.1.4 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - libmaxminddb0-1.4.3-150000.1.8.1 updated - libnettle8-3.9.1-150600.1.41 updated - libpng16-16-1.6.40-150600.1.2 updated - libpq5-16.2-150600.14.10 updated - libprotobuf-c1-1.5.0-150600.1.3 updated - libquadmath0-13.2.1+git8285-150000.1.9.1 updated - librdkafka1-0.11.6-150600.14.2 updated - libsgutils2-1_48-2-1.48+10.1532339-150600.1.2 updated - libssh2-1-1.11.0-150600.18.1 updated - libtextstyle0-0.21.1-150600.1.6 updated - libuv1-1.44.2-150500.3.2.1 updated - linux-glibc-devel-6.4-150600.2.17 updated - lsof-4.99.0-150600.1.12 updated - openslp-2.0.0-150600.19.4 updated - openssh-common-9.6p1-150600.2.2 updated - perl-Bootloader-1.8.1-150600.1.1 updated - release-notes-susemanager-5.0.0~beta2-150600.12.2 updated - selinux-tools-3.5-150600.1.45 updated - sitemesh-2.1-0.150600.8.55 updated - skelcd-EULA-suse-manager-server-container-2023.03.06-150600.8.1 added - snmp-mibs-5.9.4-150600.22.3 updated - sudo-1.9.15p5-150600.1.1 updated - susemanager-schema-utility-5.0.6-150600.1.8 updated - system-user-prometheus-1.0.0-150000.12.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - util-linux-systemd-2.39.3-150600.1.9 updated - uyuni-config-modules-5.0.6-150600.1.1 updated - vim-data-common-9.1.0111-150500.20.9.1 updated - woodstox-4.4.2-150600.1.81 updated - xz-5.4.1-150600.1.1 updated - yast2-logs-4.6.7-150600.1.2 updated - zstd-1.5.5-150600.1.2 updated - suseconnect-ng-1.8.0-150600.1.2 updated - mtools-4.0.43-150600.1.5 updated - glibc-locale-2.38-150600.9.2 updated - libdevmapper-event1_03-2.03.22_1.02.196-150600.1.2 updated - mokutil-0.5.0-150600.8.2 updated - ipmitool-1.8.18.238.gb7adc1d-150600.8.2 updated - libapr-util1-1.6.1-150600.25.2 updated - cyrus-sasl-2.1.28-150600.5.2 updated - libfido2-1-1.13.0-150600.10.2 updated - libisoburn1-1.5.6-150600.1.5 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - libcryptsetup12-2.7.0-150600.1.3 updated - libipset13-7.21-150600.1.2 updated - libhogweed6-3.9.1-150600.1.41 updated - postgresql-16-150600.15.19 updated - postgresql14-14.11-150600.14.3 updated - sg3_utils-1.48+10.1532339-150600.1.2 updated - gettext-runtime-0.21.1-150600.1.6 updated - bind-utils-9.18.24-150600.1.4 updated - glibc-devel-2.38-150600.9.2 updated - openssh-fips-9.6p1-150600.2.2 updated - susemanager-docs_en-5.0-150600.2.1 updated - policycoreutils-3.5-150600.1.42 updated - susemanager-branding-oss-5.0.4-150600.1.1 updated - spacewalk-java-lib-5.0.6-150600.1.12 updated - uyuni-reportdb-schema-5.0.4-150600.1.40 updated - uyuni-base-common-5.0.2-150600.1.15.1 updated - suse-module-tools-15.6.7-150600.1.24 updated - kmod-29-150600.11.3 updated - less-643-150600.1.33 updated - reprepro-5.4.0-150600.1.6 updated - libsuseconnect-1.8.0-150600.1.2 updated - libX11-6-1.8.7-150600.1.2 updated - device-mapper-2.03.22_1.02.196-150600.1.2 updated - yast2-core-4.6.0-150600.1.6 updated - vim-9.1.0111-150500.20.9.1 updated - perl-Term-Size-0.207-150600.1.3 updated - libsnmp40-5.9.4-150600.22.3 updated - hwdata-0.380-150000.3.68.1 updated - apache2-prefork-2.4.58-150600.3.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.2 updated - openssh-server-9.6p1-150600.2.2 updated - openssh-clients-9.6p1-150600.2.2 updated - xorriso-1.5.6-150600.1.5 updated - libtcnative-1-0-1.2.38-150600.14.2 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - python3-curses-3.6.15-150300.10.60.1 updated - ipset-7.21-150600.1.2 updated - libgnutls30-3.8.3-150600.2.7 updated - wicked-0.6.74-150600.9.1 updated - wicked-service-0.6.74-150600.9.1 updated - libharfbuzz0-8.3.0-150600.1.2 updated - fontconfig-2.14.2-150600.1.2 updated - libfontconfig1-2.14.2-150600.1.2 updated - postgresql-server-16-150600.15.19 updated - postgresql14-server-14.11-150600.14.3 updated - libopenblas_pthreads0-0.3.25-150500.4.5.2 updated - gettext-tools-0.21.1-150600.1.6 updated - supportutils-3.1.30-150600.1.1 updated - postfix-3.8.4-150600.1.4 updated - libcreaterepo_c0-0.16.0-150600.12.3 updated - susemanager-docs_en-pdf-5.0-150600.2.1 updated - susemanager-schema-5.0.6-150600.1.8 updated - susemanager-sync-data-5.0.3-150600.1.1 updated - udev-254.10-150600.1.3 updated - rsync-3.2.7-150600.1.4 updated - openslp-server-2.0.0-150600.19.4 updated - suseconnect-ruby-bindings-1.8.0-150600.1.2 updated - yast2-ycp-ui-bindings-4.6.0-150600.1.5 updated - yast2-xml-4.6.0-150600.1.5 updated - yast2-pkg-bindings-4.6.5-150600.1.2 updated - perl-DBD-Pg-3.10.4-150600.12.2 updated - perl-SNMP-5.9.4-150600.22.3 updated - net-snmp-5.9.4-150600.22.3 updated - apache2-2.4.58-150600.3.1 updated - openssh-9.6p1-150600.2.2 updated - grub2-2.12-150600.6.6 updated - grub2-i386-pc-2.12-150600.6.6 updated - smdba-1.7.13-0.150600.1.1 updated - python3-rpm-4.14.3-150400.59.13.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-M2Crypto-0.38.0-150600.17.2 updated - libvirt-libs-10.0.0-150600.6.1 updated - rsyslog-8.2306.0-150600.10.5 updated - postgresql-contrib-16-150600.15.19 updated - postgresql14-contrib-14.11-150600.14.3 updated - createrepo_c-0.16.0-150600.12.3 updated - libnm0-1.44.2-150600.1.6 updated - libstorage-ng1-4.5.201-150600.1.1 updated - yast2-perl-bindings-4.6.0-150600.1.5 updated - susemanager-build-keys-15.5.1-150600.2.1 updated - apache2-mod_xsendfile-0.12-150600.1.2 updated - grub2-x86_64-efi-2.12-150600.6.6 updated - yast2-ruby-bindings-4.6.2-150600.1.5 updated - python3-cheroot-6.5.5-150600.1.2 updated - python3-dbus-python-1.2.16-150600.3.2 updated - python3-libvirt-python-10.0.0-150600.1.2 updated - inter-server-sync-0.3.2-150600.1.8 updated - spacewalk-backend-sql-postgresql-5.0.5-150600.3.41.7 updated - typelib-1_0-NM-1_0-1.44.2-150600.1.6 updated - tomcat-servlet-4_0-api-9.0.85-150200.60.1 updated - tomcat-el-3_0-api-9.0.85-150200.60.1 updated - jctools-3.3.0-150200.3.6.1 updated - glassfish-activation-1.2.0-150200.5.3.4 added - apache-commons-io-2.15.1-150200.3.12.1 updated - libstorage-ng-ruby-4.5.201-150600.1.1 updated - spacewalk-base-minimal-5.0.6-150600.1.11 updated - susemanager-build-keys-web-15.5.1-150600.2.1 updated - spacewalk-config-5.0.2-150600.1.1 updated - yast2-transfer-4.6.0-150600.1.5 updated - yast2-hardware-detection-4.6.0-150600.1.5 updated - yast2-country-data-4.6.6-150600.1.2 updated - spacecmd-5.0.5-150600.3.115.1 updated - rpm-build-4.14.3-150400.59.13.1 updated - python3-firewall-2.0.1-150600.1.3 updated - tomcat-jsp-2_3-api-9.0.85-150200.60.1 updated - byte-buddy-dep-1.11.12-150600.1.5 updated - netty-4.1.108-150200.4.23.1 updated - apache-commons-compress-1.26.0-150200.3.16.1 updated - tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.78 updated - quartz-2.3.0-150600.1.81 updated - protobuf-java-25.1-150600.14.1 updated - prometheus-client-java-0.3.0-150600.1.77 updated - mvel2-2.2.6.Final-150600.1.79 updated - lucene-2.4.1-150600.1.81 updated - kie-soup-7.17.0.Final-150600.1.72 updated - kie-api-7.17.0-150600.1.71 updated - ical4j-3.0.18-150600.1.67 updated - hibernate-commons-annotations-5.0.4-150600.1.78 updated - ehcache-2.10.1-150600.1.82 updated - drools-7.17.0-150600.1.68 updated - apache-commons-codec-1.16.1-150200.3.9.1 updated - spacewalk-base-minimal-config-5.0.6-150600.1.11 updated - yast2-4.6.7-150600.1.2 updated - firewalld-2.0.1-150600.1.3 updated - tomcat-lib-9.0.85-150200.60.1 updated - byte-buddy-1.11.12-150600.1.5 updated - pgjdbc-ng-0.8.7-150600.1.74 updated - optaplanner-7.17.0-150600.1.69 updated - yast2-slp-4.6.0-150600.1.5 updated - yast2-services-manager-4.6.1-150600.1.2 updated - yast2-proxy-4.6.0-150600.1.2 updated - yast2-pam-4.6.0-150600.1.2 updated - yast2-packager-4.6.9-150600.1.1 updated - yast2-storage-ng-4.6.17-150600.1.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - hibernate-types-2.16.2-150600.1.3 updated - xmlsec-2.0.7-150600.1.73 updated - statistics-1.0.2-150600.1.77 updated - spark-core-2.9.3-150600.1.105 updated - jade4j-1.2.7-150600.2.1 updated - yast2-network-4.6.9-150600.1.1 updated - yast2-country-4.6.6-150600.1.2 updated - yast2-bootloader-4.6.7-150600.1.1 updated - postgresql-jdbc-42.2.25-150400.3.12.1 updated - tomcat-9.0.85-150200.60.1 updated - spacewalk-search-5.0.2-150600.1.1 updated - subscription-matcher-0.36-150600.1.1 updated - spark-template-jade-2.7.1-150600.1.3 updated - jakarta-commons-validator-1.1.4-21.150600.19.92 updated - salt-netapi-client-0.21.0-150600.1.3 updated - yast2-ntp-client-4.6.0-150600.1.3 updated - yast2-ldap-4.6.0-150600.1.5 updated - yast2-security-4.6.0-150600.1.2 updated - spacewalk-backend-5.0.5-150600.3.41.7 updated - python3-spacewalk-client-tools-5.0.4-150600.3.88.11 updated - spacewalk-client-tools-5.0.4-150600.3.88.11 updated - spacewalk-base-5.0.6-150600.1.11 updated - spacewalk-java-postgresql-5.0.6-150600.1.12 updated - spacewalk-branding-5.0.2-150600.1.1 updated - hibernate5-core-5.3.25-150600.1.64 updated - yast2-users-4.6.4-150600.1.5 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.1.2 updated - spacewalk-backend-sql-5.0.5-150600.3.41.7 updated - spacewalk-admin-5.0.5-150600.1.1 updated - spacewalk-html-5.0.6-150600.1.11 updated - hibernate5-ehcache-5.3.25-150600.1.64 updated - hibernate5-c3p0-5.3.25-150600.1.64 updated - yast2-installation-4.6.12-150600.1.1 updated - yast2-update-4.6.3-150600.1.2 updated - autoyast2-installation-4.6.6-150600.1.2 updated - yast2-add-on-4.6.2-150600.1.2 updated - uyuni-base-server-5.0.2-150600.1.15.1 updated - cobbler-3.3.3-150600.2.1 updated - spacewalk-backend-server-5.0.5-150600.3.41.7 updated - susemanager-sls-5.0.6-150600.1.1 updated - yast2-registration-4.6.1-150600.1.1 updated - spacewalk-java-config-5.0.6-150600.1.12 updated - spacewalk-backend-xmlrpc-5.0.5-150600.3.41.7 updated - spacewalk-backend-xml-export-libs-5.0.5-150600.3.41.7 updated - spacewalk-backend-package-push-server-5.0.5-150600.3.41.7 updated - spacewalk-backend-iss-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-common-5.0.5-150600.3.41.7 updated - spacewalk-backend-applet-5.0.5-150600.3.41.7 updated - spacewalk-backend-app-5.0.5-150600.3.41.7 updated - yast2-migration-4.6.0-150600.1.2 updated - spacewalk-taskomatic-5.0.6-150600.1.12 updated - spacewalk-java-5.0.6-150600.1.12 updated - spacewalk-backend-iss-export-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-tool-5.0.5-150600.3.41.7 updated - patterns-suma_retail-5.0-150600.4.1 updated - susemanager-tools-5.0.5-150600.1.1 updated - spacewalk-backend-tools-5.0.5-150600.3.41.7 updated - spacewalk-setup-5.0.4-150600.1.1 updated - spacewalk-utils-5.0.3-150600.1.1 updated - spacewalk-utils-extras-5.0.3-150600.1.1 updated - susemanager-5.0.5-150600.1.1 updated - patterns-suma_server-5.0-150600.4.1 updated - container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 added - apache-commons-lang-2.6-12.26 removed - apache2-utils-2.4.51-150600.12.2 removed - container:suse-manager-5.0-init-latest-5.0.0-beta1-2.177 removed - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - python3-blinker-1.4-3.4.1 removed - python3-cachetools-4.1.0-150200.3.4.1 removed - python3-google-auth-1.21.2-150300.3.6.1 removed - python3-kubernetes-26.1.0-150400.16.2 removed - python3-oauthlib-2.0.6-3.4.1 removed - python3-requests-oauthlib-0.8.0-3.4.1 removed - python3-rsa-3.4.2-150000.3.7.1 removed - python3-websocket-client-1.3.2-150100.6.10.5 removed - virtual-host-gatherer-Kubernetes-1.0.26-150600.7.6.1 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:37:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:37:48 +0200 (CEST) Subject: SUSE-CU-2024:1691-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20240424093748.2615CFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1691-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.0-beta2 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.0-beta2.3.103 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 3.103 Severity : important Type : security References : 1210959 1214691 1214934 1215377 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1219666 1220061 1220724 1221239 1221289 1222109 CVE-2022-48566 CVE-2023-45918 CVE-2023-52425 CVE-2023-6597 CVE-2024-28757 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libselinux1-3.5-150600.1.45 updated - libgcrypt20-1.10.3-150600.1.18 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libopenssl3-3.1.4-150600.2.18 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - coreutils-8.32-150400.9.3.1 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - shadow-4.8.1-150600.15.44 updated - timezone-2024a-150600.89.1 updated - glibc-locale-base-2.38-150600.9.2 updated - libpq5-16.2-150600.14.10 updated - glibc-locale-2.38-150600.9.2 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - postgresql-16-150600.15.19 updated - postgresql14-14.11-150600.14.3 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - postgresql16-16.2-150600.14.10 updated - postgresql-server-16-150600.15.19 updated - postgresql14-server-14.11-150600.14.3 updated - postgresql16-server-16.2-150600.14.10 updated - postgresql16-contrib-16.2-150600.14.10 updated - postgresql-contrib-16-150600.15.19 updated - postgresql14-contrib-14.11-150600.14.3 updated - container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 added - aaa_base-84.87+git20180409.04c9dae-150300.10.9.1 removed - container:suse-manager-5.0-init-latest-5.0.0-beta1-2.177 removed - cpio-2.13-150400.3.6.1 removed - file-magic-5.32-7.14.1 removed - findutils-4.8.0-1.20 removed - gzip-1.10-150200.10.1 removed - libblkid1-2.39.3-150600.1.14 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libcap-ng0-0.7.9-4.37 removed - libcurl4-8.0.1-150600.10.1 removed - libdw1-0.185-150400.5.3.1 removed - libelf1-0.185-150400.5.3.1 removed - libfdisk1-2.39.3-150600.1.14 removed - libidn2-0-2.2.0-3.6.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - libmagic1-5.32-7.14.1 removed - libmount1-2.39.3-150600.1.14 removed - libnghttp2-14-1.40.0-150600.22.1 removed - libpopt0-1.16-3.22 removed - libpsl5-0.20.1-150000.3.3.1 removed - libsmartcols1-2.39.3-150600.1.14 removed - libssh-config-0.9.8-150600.8.1 removed - libssh4-0.9.8-150600.8.1 removed - libunistring2-0.9.10-1.1 removed - libutempter0-1.1.6-3.42 removed - ncurses-utils-6.1-150000.5.20.1 removed - pkg-config-0.29.2-1.436 removed - rpm-config-SUSE-1-150400.14.3.1 removed - sed-4.9-150600.1.2 removed - sles-release-15.6-150600.26.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - util-linux-2.39.3-150600.1.14 removed From sle-container-updates at lists.suse.com Wed Apr 24 09:31:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:31:10 +0200 (CEST) Subject: SUSE-CU-2024:1681-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240424093110.ED62CFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1681-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.29 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.29 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:38:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:38:32 +0200 (CEST) Subject: SUSE-CU-2024:1692-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240424093832.1527EFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1692-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.18 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.18 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:40:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:40:54 +0200 (CEST) Subject: SUSE-CU-2024:1695-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240424094054.9A405FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1695-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.18 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.18 Severity : important Type : security References : 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) The following package changes have been done: - glibc-locale-base-2.31-150300.74.1 updated - glibc-locale-2.31-150300.74.1 updated - glibc-2.31-150300.74.1 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:01:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:01:20 +0200 (CEST) Subject: SUSE-CU-2024:1698-1: Security update of rancher/elemental-teal/5.4 Message-ID: <20240425070120.70DB7FCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1698-1 Container Tags : rancher/elemental-teal/5.4:1.2.3 , rancher/elemental-teal/5.4:1.2.3-3.2.153 , rancher/elemental-teal/5.4:latest Container Release : 3.2.153 Severity : important Type : security References : 1107342 1144060 1176006 1188307 1190495 1190495 1192051 1203823 1205502 1206627 1207987 1210507 1210959 1211886 1213189 1213418 1214934 1215377 1215434 1216198 1217445 1217450 1217589 1217667 1217964 1218232 1218492 1218571 1218842 1218866 1218894 1219031 1219238 1219243 1219321 1219520 1219559 1219563 1219576 1219767 1219975 1220061 1220117 1220117 1220385 1220441 1220568 1220724 1220770 1220771 1221050 1221218 1221239 1221289 1221399 1221470 1221665 1221667 1221677 1221677 1221831 CVE-2023-29383 CVE-2023-45918 CVE-2023-52160 CVE-2023-52425 CVE-2023-5388 CVE-2023-7207 CVE-2024-0727 CVE-2024-1753 CVE-2024-1753 CVE-2024-2004 CVE-2024-21626 CVE-2024-2398 CVE-2024-25062 CVE-2024-26458 CVE-2024-26461 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container rancher/elemental-teal/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:597-1 Released: Thu Feb 22 20:07:11 2024 Summary: Security update for mozilla-nss Type: security Severity: important References: 1216198,CVE-2023-5388 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:819-1 Released: Fri Mar 8 12:05:12 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:939-1 Released: Wed Mar 20 09:03:37 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1058-1 Released: Thu Mar 28 14:50:41 2024 Summary: Security update for podman Type: security Severity: important References: 1221677,CVE-2024-1753 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1144-1 Released: Mon Apr 8 11:33:47 2024 Summary: Security update for buildah Type: security Severity: important References: 1219563,1220568,1221677,CVE-2024-1753 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1169-1 Released: Tue Apr 9 09:50:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1220117,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - glibc-2.31-150300.71.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libuuid1-2.37.2-150400.8.29.1 updated - libsmartcols1-2.37.2-150400.8.29.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libblkid1-2.37.2-150400.8.29.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libfdisk1-2.37.2-150400.8.29.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - catatonit-0.1.7-150300.10.5.2 updated - mozilla-nss-certs-3.90.2-150400.3.39.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libfreebl3-3.90.2-150400.3.39.1 updated - libmount1-2.37.2-150400.8.29.1 updated - libsoftokn3-3.90.2-150400.3.39.1 updated - mozilla-nss-3.90.2-150400.3.39.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - coreutils-8.32-150400.9.3.1 updated - timezone-2024a-150000.75.28.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - netcfg-11.6-150000.3.6.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - glibc-locale-base-2.31-150300.71.1 updated - login_defs-4.8.1-150400.3.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - cpio-2.13-150400.3.6.1 updated - sed-4.4-150300.13.3.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - krb5-1.19.2-150400.3.9.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - pam-config-1.1-150200.3.6.1 updated - shadow-4.8.1-150400.3.6.1 updated - util-linux-2.37.2-150400.8.29.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - util-linux-systemd-2.37.2-150400.8.29.1 updated - wpa_supplicant-2.9-150000.4.39.1 updated - runc-1.1.12-150000.64.1 updated - cni-0.7.1-150100.3.18.1 updated - cni-plugins-0.8.6-150100.3.22.3 updated - fuse-overlayfs-1.1.2-150100.3.11.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - slirp4netns-1.2.0-150300.8.7.1 updated - podman-4.4.4-150400.4.22.1 updated - hostname-3.16-2.22 removed - iproute2-5.14-150400.1.8 removed - libltdl7-2.4.6-3.4.1 removed - libmspack0-0.6-3.14.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - which-2.21-2.20 removed From sle-container-updates at lists.suse.com Thu Apr 25 07:03:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:03:26 +0200 (CEST) Subject: SUSE-CU-2024:1704-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240425070326.3FDF4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1704-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.18 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.18 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:04:50 +0200 (CEST) Subject: SUSE-CU-2024:1706-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240425070450.16E73FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1706-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.18 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.18 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:26 +0200 (CEST) Subject: SUSE-CU-2024:1707-1: Security update of suse/sles/15.6/cdi-apiserver Message-ID: <20240425070526.AEC40FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1707-1 Container Tags : suse/sles/15.6/cdi-apiserver:1.58.0 , suse/sles/15.6/cdi-apiserver:1.58.0-150600.1.47 , suse/sles/15.6/cdi-apiserver:1.58.0.22.327 Container Release : 22.327 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - containerized-data-importer-api-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:28 +0200 (CEST) Subject: SUSE-CU-2024:1708-1: Security update of suse/sles/15.6/cdi-cloner Message-ID: <20240425070528.6CE91FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1708-1 Container Tags : suse/sles/15.6/cdi-cloner:1.58.0 , suse/sles/15.6/cdi-cloner:1.58.0-150600.1.47 , suse/sles/15.6/cdi-cloner:1.58.0.23.333 Container Release : 23.333 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - containerized-data-importer-cloner-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:30 +0200 (CEST) Subject: SUSE-CU-2024:1709-1: Security update of suse/sles/15.6/cdi-controller Message-ID: <20240425070530.2BCF9FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1709-1 Container Tags : suse/sles/15.6/cdi-controller:1.58.0 , suse/sles/15.6/cdi-controller:1.58.0-150600.1.47 , suse/sles/15.6/cdi-controller:1.58.0.22.327 Container Release : 22.327 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - containerized-data-importer-controller-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:31 +0200 (CEST) Subject: SUSE-CU-2024:1710-1: Security update of suse/sles/15.6/cdi-importer Message-ID: <20240425070531.E892CFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1710-1 Container Tags : suse/sles/15.6/cdi-importer:1.58.0 , suse/sles/15.6/cdi-importer:1.58.0-150600.1.47 , suse/sles/15.6/cdi-importer:1.58.0.23.413 Container Release : 23.413 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - libnettle8-3.9.1-150600.1.40 updated - libhogweed6-3.9.1-150600.1.40 updated - libgnutls30-3.8.3-150600.2.6 updated - qemu-img-8.2.1-150600.3.25 updated - containerized-data-importer-importer-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:33 +0200 (CEST) Subject: SUSE-CU-2024:1711-1: Security update of suse/sles/15.6/cdi-operator Message-ID: <20240425070533.ACE15FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1711-1 Container Tags : suse/sles/15.6/cdi-operator:1.58.0 , suse/sles/15.6/cdi-operator:1.58.0-150600.1.47 , suse/sles/15.6/cdi-operator:1.58.0.22.327 Container Release : 22.327 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - containerized-data-importer-operator-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:35 +0200 (CEST) Subject: SUSE-CU-2024:1712-1: Security update of suse/sles/15.6/cdi-uploadproxy Message-ID: <20240425070535.7463EFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1712-1 Container Tags : suse/sles/15.6/cdi-uploadproxy:1.58.0 , suse/sles/15.6/cdi-uploadproxy:1.58.0-150600.1.47 , suse/sles/15.6/cdi-uploadproxy:1.58.0.22.328 Container Release : 22.328 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - containerized-data-importer-uploadproxy-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:37 +0200 (CEST) Subject: SUSE-CU-2024:1713-1: Security update of suse/sles/15.6/cdi-uploadserver Message-ID: <20240425070537.1E780FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1713-1 Container Tags : suse/sles/15.6/cdi-uploadserver:1.58.0 , suse/sles/15.6/cdi-uploadserver:1.58.0-150600.1.47 , suse/sles/15.6/cdi-uploadserver:1.58.0.23.333 Container Release : 23.333 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - libnettle8-3.9.1-150600.1.40 updated - libhogweed6-3.9.1-150600.1.40 updated - libgnutls30-3.8.3-150600.2.6 updated - qemu-img-8.2.1-150600.3.25 updated - containerized-data-importer-uploadserver-1.58.0-150600.1.47 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:44 +0200 (CEST) Subject: SUSE-CU-2024:1715-1: Security update of suse/sles/15.6/virt-api Message-ID: <20240425070544.CAAD4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1715-1 Container Tags : suse/sles/15.6/virt-api:1.1.1 , suse/sles/15.6/virt-api:1.1.1-150600.2.5 , suse/sles/15.6/virt-api:1.1.1.22.346 Container Release : 22.346 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-virt-api-1.1.1-150600.2.5 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:46 +0200 (CEST) Subject: SUSE-CU-2024:1716-1: Security update of suse/sles/15.6/virt-controller Message-ID: <20240425070546.9B519FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1716-1 Container Tags : suse/sles/15.6/virt-controller:1.1.1 , suse/sles/15.6/virt-controller:1.1.1-150600.2.5 , suse/sles/15.6/virt-controller:1.1.1.22.345 Container Release : 22.345 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-virt-controller-1.1.1-150600.2.5 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:1717-1: Security update of suse/sles/15.6/virt-exportproxy Message-ID: <20240425070548.3B168FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1717-1 Container Tags : suse/sles/15.6/virt-exportproxy:1.1.1 , suse/sles/15.6/virt-exportproxy:1.1.1-150600.2.5 , suse/sles/15.6/virt-exportproxy:1.1.1.6.346 Container Release : 6.346 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-virt-exportproxy-1.1.1-150600.2.5 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:49 +0200 (CEST) Subject: SUSE-CU-2024:1718-1: Security update of suse/sles/15.6/virt-exportserver Message-ID: <20240425070549.EB4D6FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1718-1 Container Tags : suse/sles/15.6/virt-exportserver:1.1.1 , suse/sles/15.6/virt-exportserver:1.1.1-150600.2.5 , suse/sles/15.6/virt-exportserver:1.1.1.7.347 Container Release : 7.347 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-virt-exportserver-1.1.1-150600.2.5 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:51 +0200 (CEST) Subject: SUSE-CU-2024:1719-1: Security update of suse/sles/15.6/virt-handler Message-ID: <20240425070551.AEB07FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1719-1 Container Tags : suse/sles/15.6/virt-handler:1.1.1 , suse/sles/15.6/virt-handler:1.1.1-150600.2.5 , suse/sles/15.6/virt-handler:1.1.1.24.417 Container Release : 24.417 Severity : important Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1219559 1220061 1220724 1221239 1221289 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sles/15.6/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libudev1-254.10-150600.1.2 updated - libsystemd0-254.10-150600.1.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - sles-release-15.6-150600.33.1 updated - kubevirt-container-disk-1.1.1-150600.2.5 updated - kubevirt-virt-handler-1.1.1-150600.2.5 updated - libnettle8-3.9.1-150600.1.40 updated - libhogweed6-3.9.1-150600.1.40 updated - libgnutls30-3.8.3-150600.2.6 updated - systemd-254.10-150600.1.2 updated - qemu-img-8.2.1-150600.3.25 updated - util-linux-systemd-2.39.3-150600.1.9 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:53 +0200 (CEST) Subject: SUSE-CU-2024:1720-1: Security update of suse/sles/15.6/virt-launcher Message-ID: <20240425070553.6B7FEFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1720-1 Container Tags : suse/sles/15.6/virt-launcher:1.1.1 , suse/sles/15.6/virt-launcher:1.1.1-150600.2.5 , suse/sles/15.6/virt-launcher:1.1.1.28.21 Container Release : 28.21 Severity : important Type : security References : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012 1183051 1186282 1187332 1201590 1208079 1210959 1211272 1214934 1215005 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217432 1217450 1217667 1217964 1218492 1219031 1219321 1219520 1219559 1219581 1220061 1220724 1221239 1221289 CVE-2023-45918 CVE-2023-4750 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-52425 CVE-2024-22667 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sles/15.6/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2735-1 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1173034 This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2782-1 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: important References: 1176932 This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3795-1 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Type: optional Severity: low References: 1059627,1178481,1179020 This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:707-1 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1177039 This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:795-1 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1182661,1183012,1183051 This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2899-1 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1186282,1187332 This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4009-1 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:353-1 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4062-1 Released: Fri Nov 18 09:05:07 2022 Summary: Recommended update for libusb-1_0 Type: recommended Severity: moderate References: 1201590 This update for libusb-1_0 fixes the following issues: - Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libudev1-254.10-150600.1.2 updated - libsystemd0-254.10-150600.1.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - libusb-1_0-0-1.0.24-150400.3.3.1 added - coreutils-8.32-150400.9.3.1 updated - sles-release-15.6-150600.33.1 updated - kubevirt-container-disk-1.1.1-150600.2.5 updated - libnettle8-3.9.1-150600.1.40 updated - libssh2-1-1.11.0-150600.18.1 updated - qemu-accel-tcg-x86-8.2.1-150600.3.25 updated - qemu-hw-usb-host-8.2.1-150600.3.25 added - qemu-ipxe-8.2.1-150600.3.25 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated - systemd-rpm-macros-15-150000.7.39.1 updated - vim-data-common-9.1.0111-150500.20.9.1 updated - libhogweed6-3.9.1-150600.1.40 updated - virtiofsd-1.10.1-150600.2.4 updated - qemu-hw-usb-redirect-8.2.1-150600.3.25 updated - vim-small-9.1.0111-150500.20.9.1 updated - libgnutls30-3.8.3-150600.2.6 updated - xen-libs-4.18.2_02-150600.1.3 updated - systemd-254.10-150600.1.2 updated - qemu-img-8.2.1-150600.3.25 updated - libvirt-libs-10.0.0-150600.6.1 updated - gnutls-3.8.3-150600.2.6 updated - udev-254.10-150600.1.2 updated - systemd-container-254.10-150600.1.2 updated - libvirt-daemon-log-10.0.0-150600.6.1 updated - kubevirt-virt-launcher-1.1.1-150600.2.5 updated - libvirt-client-10.0.0-150600.6.1 updated - libvirt-daemon-common-10.0.0-150600.6.1 updated - qemu-ovmf-x86_64-202308-150600.2.2 updated - qemu-x86-8.2.1-150600.3.25 updated - qemu-8.2.1-150600.3.25 updated - libvirt-daemon-driver-qemu-10.0.0-150600.6.1 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:55 +0200 (CEST) Subject: SUSE-CU-2024:1721-1: Security update of suse/sles/15.6/libguestfs-tools Message-ID: <20240425070555.44790FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1721-1 Container Tags : suse/sles/15.6/libguestfs-tools:1.1.1 , suse/sles/15.6/libguestfs-tools:1.1.1-150600.2.5 , suse/sles/15.6/libguestfs-tools:1.1.1.23.303 Container Release : 23.303 Severity : important Type : security References : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012 1183051 1186282 1187332 1208079 1210959 1211272 1214934 1217450 1217667 1217964 1218492 1219031 1219321 1219520 1219559 1220061 1220724 1221239 1221289 1222109 CVE-2023-45918 CVE-2023-52425 CVE-2024-28757 ----------------------------------------------------------------- The container suse/sles/15.6/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2735-1 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1173034 This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2782-1 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: important References: 1176932 This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3795-1 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Type: optional Severity: low References: 1059627,1178481,1179020 This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:707-1 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1177039 This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:795-1 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1182661,1183012,1183051 This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2899-1 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1186282,1187332 This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4009-1 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:353-1 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) The following package changes have been done: - libldap-data-2.4.46-150600.23.14 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libnghttp2-14-1.40.0-150600.23.1 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libabsl2401_0_0-20240116.1-150600.17.2 added - libopenssl3-3.1.4-150600.2.17 updated - libudev1-254.10-150600.1.2 updated - libsystemd0-254.10-150600.1.2 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - libldap-2_4-2-2.4.46-150600.23.14 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - sles-release-15.6-150600.33.1 updated - libgpgme11-1.23.0-150600.1.34 updated - libzypp-17.31.31-150600.8.7 updated - libguestfs-1.52.0-150600.1.17 updated - libguestfs-winsupport-1.52.0-150600.1.17 updated - libkcapi-tools-0.13.0-150600.15.20 updated - libnettle8-3.9.1-150600.1.40 updated - libssh2-1-1.11.0-150600.18.1 updated - mdadm-4.3-150600.1.20 updated - qemu-accel-tcg-x86-8.2.1-150600.3.25 updated - qemu-ipxe-8.2.1-150600.3.25 updated - qemu-seabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated - qemu-vgabios-8.2.11.16.3_3_ga95067eb-150600.3.25 updated - systemd-rpm-macros-15-150000.7.39.1 updated - libopenssl1_1-1.1.1w-150600.2.10 updated - libhogweed6-3.9.1-150600.1.40 updated - virtiofsd-1.10.1-150600.2.4 updated - libmpath0-0.9.8+88+suse.d504d83-150600.1.1 updated - hwdata-0.380-150000.3.68.1 updated - python3-base-3.6.15-150300.10.60.1 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - libgnutls30-3.8.3-150600.2.6 updated - xen-libs-4.18.2_02-150600.1.3 updated - systemd-254.10-150600.1.2 updated - qemu-pr-helper-8.2.1-150600.3.25 updated - qemu-img-8.2.1-150600.3.25 updated - libvirt-libs-10.0.0-150600.6.1 updated - util-linux-systemd-2.39.3-150600.1.9 updated - qemu-tools-8.2.1-150600.3.25 updated - wicked-0.6.74-150600.9.1 updated - wicked-service-0.6.74-150600.9.1 updated - udev-254.10-150600.1.2 updated - dracut-059+suse.515.g83296e6f-150600.1.10 updated - supermin-5.3.3-150600.1.7 updated - dracut-fips-059+suse.515.g83296e6f-150600.1.10 updated - qemu-x86-8.2.1-150600.3.25 updated - qemu-8.2.1-150600.3.25 updated - qemu-ovmf-x86_64-202308-150600.2.2 updated - libguestfs0-1.52.0-150600.1.17 updated - libguestfs-devel-1.52.0-150600.1.17 updated - libguestfs-appliance-1.52.0-150600.1.17 updated - container:sles15-image-15.0.0-45.10 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed From sle-container-updates at lists.suse.com Thu Apr 25 07:05:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:57 +0200 (CEST) Subject: SUSE-CU-2024:1722-1: Security update of suse/sles/15.6/virt-operator Message-ID: <20240425070557.03349FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1722-1 Container Tags : suse/sles/15.6/virt-operator:1.1.1 , suse/sles/15.6/virt-operator:1.1.1-150600.2.5 , suse/sles/15.6/virt-operator:1.1.1.22.346 Container Release : 22.346 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-virt-operator-1.1.1-150600.2.5 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Thu Apr 25 07:05:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:05:58 +0200 (CEST) Subject: SUSE-CU-2024:1723-1: Security update of suse/sles/15.6/pr-helper Message-ID: <20240425070558.AFB4DFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.6/pr-helper ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1723-1 Container Tags : suse/sles/15.6/pr-helper:1.1.1 , suse/sles/15.6/pr-helper:1.1.1-150600.2.5 , suse/sles/15.6/pr-helper:1.1.1.16.451 Container Release : 16.451 Severity : moderate Type : security References : 1210959 1214934 1217450 1217667 1218492 1219031 1219321 1219520 1220061 1220724 1221239 CVE-2023-45918 ----------------------------------------------------------------- The container suse/sles/15.6/pr-helper was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] The following package changes have been done: - glibc-2.38-150600.9.2 updated - libgcrypt20-1.10.3-150600.1.17 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - libopenssl3-3.1.4-150600.2.17 updated - libudev1-254.10-150600.1.2 updated - libsystemd0-254.10-150600.1.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.17 updated - coreutils-8.32-150400.9.3.1 updated - kubevirt-pr-helper-conf-1.1.1-150600.2.5 updated - libnettle8-3.9.1-150600.1.40 updated - libhogweed6-3.9.1-150600.1.40 updated - libmpath0-0.9.8+88+suse.d504d83-150600.1.1 updated - libgnutls30-3.8.3-150600.2.6 updated - qemu-pr-helper-8.2.1-150600.3.25 updated - container:sles15-image-15.0.0-45.10 updated From sle-container-updates at lists.suse.com Wed Apr 24 09:37:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Apr 2024 11:37:47 +0200 (CEST) Subject: SUSE-CU-2024:1690-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240424093747.2811DFCFE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1690-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.0-beta2 , suse/manager/5.0/x86_64/server:5.0.0-beta2.3.64 , suse/manager/5.0/x86_64/server:latest Container Release : 3.64 Severity : critical Type : security References : 1059627 1173034 1176932 1177039 1178481 1179020 1182661 1183012 1183051 1186282 1187332 1190495 1198533 1198880 1200551 1208079 1210959 1211272 1213418 1214169 1214691 1214934 1215005 1215377 1216296 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217390 1217432 1217450 1217608 1217667 1217964 1218232 1218252 1218492 1218952 1219031 1219321 1219520 1219530 1219559 1219581 1219666 1220061 1220068 1220070 1220644 1220724 1221239 1221289 1221813 1222045 1222109 1222259 CVE-2021-40633 CVE-2022-28506 CVE-2022-48566 CVE-2023-45918 CVE-2023-4750 CVE-2023-48161 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-52425 CVE-2023-6597 CVE-2024-1597 CVE-2024-22667 CVE-2024-25710 CVE-2024-26308 CVE-2024-28757 CVE-2024-29025 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2735-1 Released: Thu Sep 24 13:32:25 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1173034 This update for systemd-rpm-macros fixes the following issues: - Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2782-1 Released: Tue Sep 29 11:40:22 2020 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: important References: 1176932 This update for systemd-rpm-macros fixes the following issues: - Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir - Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3795-1 Released: Mon Dec 14 17:43:26 2020 Summary: Optional update for systemd-rpm-macros Type: optional Severity: low References: 1059627,1178481,1179020 This update for systemd-rpm-macros fixes the following issues: - Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart - Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun(). - Does no longer apply presets when migrating from a disabled initscript (bsc#1178481) - Fix importing of %{_unitdir} ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:707-1 Released: Thu Mar 4 09:19:36 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1177039 This update for systemd-rpm-macros fixes the following issues: - Bump to version 6 - Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM. - Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:795-1 Released: Tue Mar 16 10:28:02 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1182661,1183012,1183051 This update for systemd-rpm-macros fixes the following issues: - Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012) - Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2899-1 Released: Wed Sep 1 08:30:58 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1186282,1187332 This update for systemd-rpm-macros fixes the following issues: - Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332) - Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead. - %sysusers_create_inline: use here-docs instead of echo (bsc#1186282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4009-1 Released: Mon Dec 13 11:24:43 2021 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: This update for systemd-rpm-macros fixes the following issues: - Introduce rpm macro %_systemd_util_dir ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:353-1 Released: Tue Feb 8 17:41:48 2022 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Bump version to 10 - %sysusers_create_inline was wrongly marked as deprecated - %sysusers_create can be useful in certain cases and won't go away until we'll move to file triggers. So don't mark it as deprecated too ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1880-1 Released: Tue Apr 18 11:11:27 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: low References: 1208079 This update for systemd-rpm-macros fixes the following issue: - Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not present as it's expected (bsc#1208079). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4138-1 Released: Thu Oct 19 17:15:38 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: This update for systemd-rpm-macros fixes the following issues: - Switch to `systemd-hwdb` tool when updating the HW database. It's been introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4973-1 Released: Tue Dec 26 04:44:10 2023 Summary: Recommended update for duktape Type: recommended Severity: moderate References: 1216296 This update of duktape fixes the following issue: - duktape-devel is shipped to Basesystem module (bsc#1216296). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:561-1 Released: Wed Feb 21 05:35:13 2024 Summary: Recommended update for openblas Type: recommended Severity: important References: 1217608 This update for openblas contains the following fixes: - Added `libopenblas_pthreads0` to Package Hub SLE-15-SP5 for architecture s390 (no source changes) (bsc#1217608) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:637-1 Released: Tue Feb 27 10:06:55 2024 Summary: Recommended update for duktape Type: recommended Severity: moderate References: This update for duktape fixes the following issues: - Ship libduktape206-32bit: needed by libproxy since version 0.5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:726-1 Released: Thu Feb 29 12:12:44 2024 Summary: Security update for Java Type: security Severity: important References: 1220068,1220070,CVE-2024-25710,CVE-2024-26308 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all   in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc 'the old fashioned way' after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter 'stylesheet' + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in 'Copying xresources' info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:737-1 Released: Fri Mar 1 09:04:30 2024 Summary: Recommended update for system-user-prometheus Type: recommended Severity: important References: 1218252 This update for system-user-prometheus contains the following fixes: - Added `system-user-prometheus` to Package Hub SLE-15-SP5 to resolve dependency issue with prometheus (bsc#1218252) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:773-1 Released: Tue Mar 5 20:33:45 2024 Summary: Security update for postgresql-jdbc Type: security Severity: critical References: 1220644,CVE-2024-1597 This update for postgresql-jdbc fixes the following issues: - CVE-2024-1597: Fixed SQL Injection via line comment generation (bsc#1220644). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:786-1 Released: Wed Mar 6 21:07:20 2024 Summary: Security update for giflib Type: security Severity: important References: 1198880,1200551,1217390,CVE-2021-40633,CVE-2022-28506,CVE-2023-48161 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in 'LZW image data' page ('110_2 = 4_10') * #140: Typo in 'LZW image data' page ('LWZ') * #141: Typo in 'Bits and bytes' page ('filed') * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:827-1 Released: Mon Mar 11 03:55:54 2024 Summary: Recommended update for tomcat Type: recommended Severity: moderate References: 1219530 This update for tomcat fixes the following issues: - Added dependencies on tomcat `user` and `group`, required by RPM 4.19 (bsc#1219530) - Link ecj.jar into the install instead of copying it ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:03 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:1075-1 Released: Mon Apr 1 10:50:53 2024 Summary: Feature update for openblas Type: feature Severity: important References: 1221813 This update for openblas fixes the following issues: openblas was updated from version 0.3.21 to version 0.3.25 (jsc#PED-7926, jsc#PED-7927, bsc#1221813): - Changes in version 0.3.25: * General: + Improved the error message shown on exceeding the maximum thread count + Improved the code to add supplementary thread buffers in case of overflow + Fixed a potential division by zero in `?ROTG` + Improved the `?MATCOPY` functions to accept zero-sized rows or columns + Corrected empty prototypes in function declarations + cleaned up unused declarations in the f2c-converted versions of the LAPACK sources + Improved link line rewriting to avoid mixed libgomp/libomp builds with clang&gfortran + imported the following changes from the upcoming release 3.12 of Reference-LAPACK: LAPACK PR 900, LAPACK PR 904, LAPACK PR 907, LAPACK PR 909, LAPACK PR 926, LAPACK PR 927, LAPACK PR 928 & 930 * Architecture x86-64: + Fixed capability-based fallback selection for unknown cpus in `DYNAMIC_ARCH` + Added AVX512 optimizations for `?ASUM` on Intel Sapphire Rapids and Cooper Lake * Architecture ARM64: + Fixed building with XCODE 15 + Fixed building on A64FX and Cortex A710/X1/X2 + increased the default buffer size for recent arm server cpus * Architecture POWER PC: + Added support for `DYNAMIC_ARCH` builds with clang + Fixed union declaration in the `BFLOAT16` test case - Changes in version 0.3.24: * General: + Declared the arguments of `cblas_xerbla` as `const` (in accordance with the reference implementation and others, the previous discrepancy appears to have dated back to GotoBLAS) + Fixed the implementation of `?GEMMT` that was added in 0.3.23 + made cpu-specific `SWITCH_RATIO` parameters for GEMM available to `DYNAMIC_ARCH` builds + Fixed missing `SSYCONVF` function in the shared library + Fixed parallel build logic used with gmake + Fixed several issues with the handling of runtime limits on the number of OPENMP threads + Corrected the error code returned by `SGEADD`/`DGEADD` when LDA is too small + Corrected the error code returned by `IMATCOPY` when LDB is too small + Updated `?NRM2` to support negative increment values (as introduced in release 3.10.0 of the Reference BLAS) + Updated `?ROTG` to use the safe scaling algorithm introduced in release 3.10.0 of the Reference BLAS + Fixed OpenMP builds with CLANG for the case where libomp is not in a standard location + Fixed a potential overwrite of unrelated memory during thread initialisation on startup + Fixed a potential integer overflow in the multithreading threshold for `?SYMM`/`?SYRK` + Fixed build of the LAPACKE interfaces for the LAPACK 3.11.0 `?TRSYL` functions added in 0.3.22 + Applied additions and corrections from the development branch of Reference-LAPACK: - Fixed actual arguments passed to a number of LAPACK functions (from Reference-LAPACK PR 885) - Fixed workspace query results in LAPACK `?SYTRF`/`?TRECV3` (from Reference-LAPACK PR 883) - Fixed derivation of the UPLO parameter in `LAPACKE_?larfb` (from Reference-LAPACK PR 878) - Fixed a crash in LAPACK `?GELSDD` on `NRHS=0` (from Reference-LAPACK PR 876) - Added new LAPACK utility functions `CRSCL` and `ZRSCL` (from Reference-LAPACK PR 839) - Corrected the order of eigenvalues for 2x2 matrices in `?STEMR` (Reference-LAPACK PR 867) - Removed spurious reference to OpenMP variables outside OpenMP contexts (Reference-LAPACK PR 860) - Updated file comments on use of `LAMBDA` variable in LAPACK (Reference-LAPACK PR 852) - Fixed documentation of LAPACK `SLASD0`/`DLASD0` (Reference-LAPACK PR 855) - Fixed confusing use of 'minor' in LAPACK documentation (Reference-LAPACK PR 849) - Added new LAPACK functions ?GEDMD for dynamic mode decomposition (Reference-LAPACK PR 736) - Fixed potential stack overflows in the `EIG` part of the LAPACK testsuite (Reference-LAPACK PR 854) - Applied small improvements to the variants of Cholesky and QR functions (Reference-LAPACK PR 847) - Removed unused variables from LAPACK `?BDSQR` (Reference-LAPACK PR 832) - Fixed a potential crash on allocation failure in LAPACKE `SGEESX`/`DGEESX` (Reference-LAPACK PR 836) - Added a quick return from `SLARUV`/`DLARUV` for N < 1 (Reference-LAPACK PR 837) - Updated function descriptions in LAPACK `?GEGS`/`?GEGV` (Reference-LAPACK PR 831) - Improved algorithm description in `?GELSY` (Reference-LAPACK PR 833) - Fixed scaling in LAPACK `STGSNA`/`DTGSNA` (Reference-LAPACK PR 830) - Fixed crash in `LAPACKE_?geqrt` with row-major data (Reference-LAPACK PR 768) - Added LAPACKE interfaces for `C/ZUNHR_COL` and `S/DORHR_COL` (Reference-LAPACK PR 827) - Added error exit tests for `SYSV`/`SYTD2`/`GEHD2` to the testsuite (Reference-LAPACK PR 795) - Fixed typos in LAPACK source and comments (Reference-LAPACK PRs 809,811,812,814,820) - Adopt refactored `?GEBAL` implementation (Reference-LAPACK PR 808) * Architecture x86_64: + Added cpu model autodetection for Intel Alder Lake N + Added activation of the AMX tile to the Sapphire Rapids `SBGEMM` kernel + worked around miscompilations of GEMV/SYMV kernels by gcc's tree-vectorizer + Fixed runtime detection of Cooperlake and Sapphire Rapids in `DYNAMIC_ARCH` + Fixed feature-based cputype fallback in `DYNAMIC_ARCH` + Corrected `ZAXPY` result on old pre-AVX hardware for the `INCX=0` case + Fixed a potential use of uninitialized variables in ZTRSM * Architecture ARMV8: + implemented SWITCH_RATIO parameter for improved GEMM performance on Neoverse + activated SVE SGEMM and DGEMM kernels for Neoverse V1 + Improved performance of the SVE CGEMM and ZGEMM kernels on Neoverse V1 + Improved kernel selection for the ARMV8SVE target and added it to `DYNAMIC_ARCH` + Fixed runtime check for SVE availability in `DYNAMIC_ARCH` builds to take OS or container restrictions into account + Fixed a potential use of uninitialized variables in ZTRSM * Architecture POWER PC: + Fixed compiler warnings in the POWER10 SBGEMM kernel - Changes in version 0.3.23: * General: + Fixed a serious regression in `GETRF`/`GETF2` and `ZGETRF`/`ZGETF2` where subnormal but nonzero data elements triggered the singularity flag + Fixed a long-standing bug in `CSPR`/`ZSPR` in single-threaded operation + for cases where elements of the X vector are real numbers (or complex with only the real part zero) * Architecture x86_64: + Added further CPUID values for Intel Raptor Lake - Changes in version 0.3.22: * General: + Updated the included LAPACK to Reference-LAPACK release 3.11.0 plus post-release corrections and improvements + Added a threshold for multithreading in `SYMM`, `SYMV` and `SYR2K` + Increased the threshold for multithreading in `SYRK` + OpenBLAS no longer decreases the global `OMP_NUM_THREADS` when it exceeds the maximum thread count the library was compiled for. + Fixed `?GETF2` potentially returning `NaN` with tiny matrix elements + Fixed `openblas_set_num_threads` to work in `USE_OPENMP` builds. + Fixed cpu core counting in `USE_OPENMP` builds returning the number of OMP 'places' rather than cores + Fixed stride calculation in the optimized small-matrix path of complex `SYR` + Fixed building of Reference-LAPACK with recent gfortran + Added new environment variable `OPENBLAS_DEFAULT_NUM_THREADS` + Added a GEMV-based implementation of `GEMMT` * Architecture x86_64: + Added autodetection of Intel Raptor Lake cpu models + Added SSCAL microkernels for Haswell and newer targets + Improved the performance of the Haswell DSCAL microkernel + Added CSCAL and ZSCAL microkernels for SkylakeX targets + Fixed detection of gfortran and Cray CCE compilers + Fixed runtime selection of COOPERLAKE in `DYNAMIC_ARCH` builds + Worked around gcc/llvm using risky FMA operations in CSCAL/ZSCAL * Architecture ARMV8: + Fixed cross-compilation to CortexA53 with CMAKE + Fixed compilation with CMAKE and 'Arm Compiler for Linux 22.1' + Added cpu autodetection for Cortex X3 and A715 + Fixed conditional compilation of SVE-capable targets in `DYNAMIC_ARCH` + sped up SVE kernels by removing unnecessary prefetches + Improved the GEMM performance of Neoverse V1 + Added SVE kernels for SDOT and DDOT + Added an SBGEMM kernel for Neoverse N2 + Improved cpu-specific compiler option selection for Neoverse cpus + Added support for setting `CONSISTENT_FPCSR` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1079-1 Released: Tue Apr 2 05:52:07 2024 Summary: Security update for netty, netty-tcnative Type: security Severity: important References: 1222045,CVE-2024-29025 This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1091-1 Released: Tue Apr 2 12:18:46 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1206-1 Released: Thu Apr 11 12:56:24 2024 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1222259 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1287-1 Released: Mon Apr 15 15:03:40 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: Updated to version 9.1.0111, fixes the following security problems - CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: overflow with count for :s command (bsc#1217321). - CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235). - CVE-2023-48236: overflow in get_number (bsc#1217329). - CVE-2023-48237: overflow in shift_line (bsc#1217330). - CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - cracklib-dict-small-2.9.11-150600.1.89 updated - crypto-policies-20230920.570ea89-150600.1.9 updated - libldap-data-2.4.46-150600.23.15 updated - libsemanage-conf-3.5-150600.1.48 updated - libssh-config-0.9.8-150600.9.1 updated - glibc-2.38-150600.9.2 updated - libzstd1-1.5.5-150600.1.2 updated - libuuid1-2.39.3-150600.1.15 updated - libsmartcols1-2.39.3-150600.1.15 updated - libsepol2-3.5-150600.1.48 updated - libsasl2-3-2.1.28-150600.5.2 updated - libpcre2-8-0-10.42-150600.1.25 updated - libnghttp2-14-1.40.0-150600.23.1 updated - liblzma5-5.4.1-150600.1.1 updated - liblz4-1-1.9.4-150600.1.3 updated - libgpg-error0-1.47-150600.1.2 updated - libfa1-1.14.1-150600.1.2 updated - libcom_err2-1.47.0-150600.2.25 updated - libblkid1-2.39.3-150600.1.15 updated - libselinux1-3.5-150600.1.45 updated - libglib-2_0-0-2.78.3-150600.1.6 updated - libksba8-1.6.4-150600.1.2 updated - libgcrypt20-1.10.3-150600.1.18 updated - libfdisk1-2.39.3-150600.1.15 updated - libmount1-2.39.3-150600.1.15 updated - libgmodule-2_0-0-2.78.3-150600.1.6 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - libduktape206-2.6.0-150500.4.5.1 added - libexpat1-2.4.4-150400.3.17.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libsigc-2_0-0-2.12.1-150600.1.2 updated - libabsl2401_0_0-20240116.1-150600.17.3 added - libgobject-2_0-0-2.78.3-150600.1.6 updated - libopenssl3-3.1.4-150600.2.18 updated - libaugeas0-1.14.1-150600.1.2 updated - libudev1-254.10-150600.1.3 updated - libsystemd0-254.10-150600.1.3 updated - libsemanage2-3.5-150600.1.48 updated - libprotobuf-lite25_1_0-25.1-150600.14.1 updated - libzck1-1.1.16-150600.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.2.18 updated - libldap-2_4-2-2.4.46-150600.23.15 updated - krb5-1.20.1-150600.9.1 updated - patterns-base-fips-20200124-150600.29.2 updated - libssh4-0.9.8-150600.9.1 updated - coreutils-8.32-150400.9.3.1 updated - shared-mime-info-2.4-150600.1.2 updated - login_defs-4.8.1-150600.15.44 updated - libcrack2-2.9.11-150600.1.89 updated - cracklib-2.9.11-150600.1.89 updated - sed-4.9-150600.1.3 updated - libcurl4-8.6.0-150600.2.1 updated - sles-release-15.6-150600.33.2 updated - gpg2-2.4.4-150600.1.3 updated - libgpgme11-1.23.0-150600.1.35 updated - shadow-4.8.1-150600.15.44 updated - gio-branding-SLE-15-150600.33.2 updated - libgio-2_0-0-2.78.3-150600.1.6 updated - glib2-tools-2.78.3-150600.1.6 updated - libpxbackend-1_0-0.5.3-150600.1.1 added - libproxy1-0.5.3-150600.1.1 updated - libzypp-17.31.31-150600.8.7 updated - util-linux-2.39.3-150600.1.15 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - curl-8.6.0-150600.2.1 updated - openssl-3.1.4-150600.2.1 updated - openssl-3-3.1.4-150600.2.18 updated - timezone-2024a-150600.89.1 updated - libapparmor1-3.1.7-150600.3.1 updated - libkmod2-29-150600.11.3 updated - pam-config-1.1-150600.14.2 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-presets-common-SUSE-15-150600.25.2 updated - systemd-presets-branding-SLE-15.1-150600.32.2 updated - systemd-254.10-150600.1.3 updated - augeas-lenses-1.14.1-150600.1.2 updated - augeas-1.14.1-150600.1.2 updated - dwz-0.12-150000.3.4.1 updated - girepository-1_0-1.78.1-150600.2.2 updated - libgirepository-1_0-1-1.78.1-150600.2.2 updated - glibc-locale-base-2.38-150600.9.2 updated - image-sync-formula-0.1.1711646883.4a44375-150600.1.1 updated - jose4j-0.9.5-150600.1.1 updated - libX11-data-1.8.7-150600.1.2 updated - libarchive13-3.7.2-150600.1.6 updated - libargon2-1-20190702-150600.1.3 updated - libasound2-1.2.10-150600.2.3 updated - libatomic1-13.2.1+git8285-150000.1.9.1 updated - libburn4-1.5.6-150600.1.5 updated - libdevmapper1_03-2.03.22_1.02.196-150600.1.2 updated - libgif7-5.2.2-150000.4.13.1 updated - libgomp1-13.2.1+git8285-150000.1.9.1 updated - libgraphite2-3-1.3.14-150600.1.4 updated - libisofs6-1.5.6-150600.1.5 updated - libitm1-13.2.1+git8285-150000.1.9.1 updated - libjpeg8-8.2.2-150600.22.4 updated - libjson-c5-0.16-150600.1.4 updated - liblcms2-2-2.15-150600.1.4 updated - liblsan0-13.2.1+git8285-150000.1.9.1 updated - libmaxminddb0-1.4.3-150000.1.8.1 updated - libnettle8-3.9.1-150600.1.41 updated - libpng16-16-1.6.40-150600.1.2 updated - libpq5-16.2-150600.14.10 updated - libprotobuf-c1-1.5.0-150600.1.3 updated - libquadmath0-13.2.1+git8285-150000.1.9.1 updated - librdkafka1-0.11.6-150600.14.2 updated - libsgutils2-1_48-2-1.48+10.1532339-150600.1.2 updated - libssh2-1-1.11.0-150600.18.1 updated - libtextstyle0-0.21.1-150600.1.6 updated - libuv1-1.44.2-150500.3.2.1 updated - linux-glibc-devel-6.4-150600.2.17 updated - lsof-4.99.0-150600.1.12 updated - openslp-2.0.0-150600.19.4 updated - openssh-common-9.6p1-150600.2.2 updated - perl-Bootloader-1.8.1-150600.1.1 updated - release-notes-susemanager-5.0.0~beta2-150600.12.2 updated - selinux-tools-3.5-150600.1.45 updated - sitemesh-2.1-0.150600.8.55 updated - skelcd-EULA-suse-manager-server-container-2023.03.06-150600.8.1 added - snmp-mibs-5.9.4-150600.22.3 updated - sudo-1.9.15p5-150600.1.1 updated - susemanager-schema-utility-5.0.6-150600.1.8 updated - system-user-prometheus-1.0.0-150000.12.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - util-linux-systemd-2.39.3-150600.1.9 updated - uyuni-config-modules-5.0.6-150600.1.1 updated - vim-data-common-9.1.0111-150500.20.9.1 updated - woodstox-4.4.2-150600.1.81 updated - xz-5.4.1-150600.1.1 updated - yast2-logs-4.6.7-150600.1.2 updated - zstd-1.5.5-150600.1.2 updated - suseconnect-ng-1.8.0-150600.1.2 updated - mtools-4.0.43-150600.1.5 updated - glibc-locale-2.38-150600.9.2 updated - libdevmapper-event1_03-2.03.22_1.02.196-150600.1.2 updated - mokutil-0.5.0-150600.8.2 updated - ipmitool-1.8.18.238.gb7adc1d-150600.8.2 updated - libapr-util1-1.6.1-150600.25.2 updated - cyrus-sasl-2.1.28-150600.5.2 updated - libfido2-1-1.13.0-150600.10.2 updated - libisoburn1-1.5.6-150600.1.5 updated - libopenssl1_1-1.1.1w-150600.2.11 updated - libcryptsetup12-2.7.0-150600.1.3 updated - libipset13-7.21-150600.1.2 updated - libhogweed6-3.9.1-150600.1.41 updated - postgresql-16-150600.15.19 updated - postgresql14-14.11-150600.14.3 updated - sg3_utils-1.48+10.1532339-150600.1.2 updated - gettext-runtime-0.21.1-150600.1.6 updated - bind-utils-9.18.24-150600.1.4 updated - glibc-devel-2.38-150600.9.2 updated - openssh-fips-9.6p1-150600.2.2 updated - susemanager-docs_en-5.0-150600.2.1 updated - policycoreutils-3.5-150600.1.42 updated - susemanager-branding-oss-5.0.4-150600.1.1 updated - spacewalk-java-lib-5.0.6-150600.1.12 updated - uyuni-reportdb-schema-5.0.4-150600.1.40 updated - uyuni-base-common-5.0.2-150600.1.15.1 updated - suse-module-tools-15.6.7-150600.1.24 updated - kmod-29-150600.11.3 updated - less-643-150600.1.33 updated - reprepro-5.4.0-150600.1.6 updated - libsuseconnect-1.8.0-150600.1.2 updated - libX11-6-1.8.7-150600.1.2 updated - device-mapper-2.03.22_1.02.196-150600.1.2 updated - yast2-core-4.6.0-150600.1.6 updated - vim-9.1.0111-150500.20.9.1 updated - perl-Term-Size-0.207-150600.1.3 updated - libsnmp40-5.9.4-150600.22.3 updated - hwdata-0.380-150000.3.68.1 updated - apache2-prefork-2.4.58-150600.3.1 updated - cyrus-sasl-digestmd5-2.1.28-150600.5.2 updated - openssh-server-9.6p1-150600.2.2 updated - openssh-clients-9.6p1-150600.2.2 updated - xorriso-1.5.6-150600.1.5 updated - libtcnative-1-0-1.2.38-150600.14.2 updated - libpython3_6m1_0-3.6.15-150300.10.60.1 updated - python3-base-3.6.15-150300.10.60.1 updated - python3-3.6.15-150300.10.60.1 updated - python3-curses-3.6.15-150300.10.60.1 updated - ipset-7.21-150600.1.2 updated - libgnutls30-3.8.3-150600.2.7 updated - wicked-0.6.74-150600.9.1 updated - wicked-service-0.6.74-150600.9.1 updated - libharfbuzz0-8.3.0-150600.1.2 updated - fontconfig-2.14.2-150600.1.2 updated - libfontconfig1-2.14.2-150600.1.2 updated - postgresql-server-16-150600.15.19 updated - postgresql14-server-14.11-150600.14.3 updated - libopenblas_pthreads0-0.3.25-150500.4.5.2 updated - gettext-tools-0.21.1-150600.1.6 updated - supportutils-3.1.30-150600.1.1 updated - postfix-3.8.4-150600.1.4 updated - libcreaterepo_c0-0.16.0-150600.12.3 updated - susemanager-docs_en-pdf-5.0-150600.2.1 updated - susemanager-schema-5.0.6-150600.1.8 updated - susemanager-sync-data-5.0.3-150600.1.1 updated - udev-254.10-150600.1.3 updated - rsync-3.2.7-150600.1.4 updated - openslp-server-2.0.0-150600.19.4 updated - suseconnect-ruby-bindings-1.8.0-150600.1.2 updated - yast2-ycp-ui-bindings-4.6.0-150600.1.5 updated - yast2-xml-4.6.0-150600.1.5 updated - yast2-pkg-bindings-4.6.5-150600.1.2 updated - perl-DBD-Pg-3.10.4-150600.12.2 updated - perl-SNMP-5.9.4-150600.22.3 updated - net-snmp-5.9.4-150600.22.3 updated - apache2-2.4.58-150600.3.1 updated - openssh-9.6p1-150600.2.2 updated - grub2-2.12-150600.6.6 updated - grub2-i386-pc-2.12-150600.6.6 updated - smdba-1.7.13-0.150600.1.1 updated - python3-rpm-4.14.3-150400.59.13.1 updated - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-more-itertools-8.10.0-150400.7.1 updated - python3-M2Crypto-0.38.0-150600.17.2 updated - libvirt-libs-10.0.0-150600.6.1 updated - rsyslog-8.2306.0-150600.10.5 updated - postgresql-contrib-16-150600.15.19 updated - postgresql14-contrib-14.11-150600.14.3 updated - createrepo_c-0.16.0-150600.12.3 updated - libnm0-1.44.2-150600.1.6 updated - libstorage-ng1-4.5.201-150600.1.1 updated - yast2-perl-bindings-4.6.0-150600.1.5 updated - susemanager-build-keys-15.5.1-150600.2.1 updated - apache2-mod_xsendfile-0.12-150600.1.2 updated - grub2-x86_64-efi-2.12-150600.6.6 updated - yast2-ruby-bindings-4.6.2-150600.1.5 updated - python3-cheroot-6.5.5-150600.1.2 updated - python3-dbus-python-1.2.16-150600.3.2 updated - python3-libvirt-python-10.0.0-150600.1.2 updated - inter-server-sync-0.3.2-150600.1.8 updated - spacewalk-backend-sql-postgresql-5.0.5-150600.3.41.7 updated - typelib-1_0-NM-1_0-1.44.2-150600.1.6 updated - tomcat-servlet-4_0-api-9.0.85-150200.60.1 updated - tomcat-el-3_0-api-9.0.85-150200.60.1 updated - jctools-3.3.0-150200.3.6.1 updated - glassfish-activation-1.2.0-150200.5.3.4 added - apache-commons-io-2.15.1-150200.3.12.1 updated - libstorage-ng-ruby-4.5.201-150600.1.1 updated - spacewalk-base-minimal-5.0.6-150600.1.11 updated - susemanager-build-keys-web-15.5.1-150600.2.1 updated - spacewalk-config-5.0.2-150600.1.1 updated - yast2-transfer-4.6.0-150600.1.5 updated - yast2-hardware-detection-4.6.0-150600.1.5 updated - yast2-country-data-4.6.6-150600.1.2 updated - spacecmd-5.0.5-150600.3.115.1 updated - rpm-build-4.14.3-150400.59.13.1 updated - python3-firewall-2.0.1-150600.1.3 updated - tomcat-jsp-2_3-api-9.0.85-150200.60.1 updated - byte-buddy-dep-1.11.12-150600.1.5 updated - netty-4.1.108-150200.4.23.1 updated - apache-commons-compress-1.26.0-150200.3.16.1 updated - tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.78 updated - quartz-2.3.0-150600.1.81 updated - protobuf-java-25.1-150600.14.1 updated - prometheus-client-java-0.3.0-150600.1.77 updated - mvel2-2.2.6.Final-150600.1.79 updated - lucene-2.4.1-150600.1.81 updated - kie-soup-7.17.0.Final-150600.1.72 updated - kie-api-7.17.0-150600.1.71 updated - ical4j-3.0.18-150600.1.67 updated - hibernate-commons-annotations-5.0.4-150600.1.78 updated - ehcache-2.10.1-150600.1.82 updated - drools-7.17.0-150600.1.68 updated - apache-commons-codec-1.16.1-150200.3.9.1 updated - spacewalk-base-minimal-config-5.0.6-150600.1.11 updated - yast2-4.6.7-150600.1.2 updated - firewalld-2.0.1-150600.1.3 updated - tomcat-lib-9.0.85-150200.60.1 updated - byte-buddy-1.11.12-150600.1.5 updated - pgjdbc-ng-0.8.7-150600.1.74 updated - optaplanner-7.17.0-150600.1.69 updated - yast2-slp-4.6.0-150600.1.5 updated - yast2-services-manager-4.6.1-150600.1.2 updated - yast2-proxy-4.6.0-150600.1.2 updated - yast2-pam-4.6.0-150600.1.2 updated - yast2-packager-4.6.9-150600.1.1 updated - yast2-storage-ng-4.6.17-150600.1.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - hibernate-types-2.16.2-150600.1.3 updated - xmlsec-2.0.7-150600.1.73 updated - statistics-1.0.2-150600.1.77 updated - spark-core-2.9.3-150600.1.105 updated - jade4j-1.2.7-150600.2.1 updated - yast2-network-4.6.9-150600.1.1 updated - yast2-country-4.6.6-150600.1.2 updated - yast2-bootloader-4.6.7-150600.1.1 updated - postgresql-jdbc-42.2.25-150400.3.12.1 updated - tomcat-9.0.85-150200.60.1 updated - spacewalk-search-5.0.2-150600.1.1 updated - subscription-matcher-0.36-150600.1.1 updated - spark-template-jade-2.7.1-150600.1.3 updated - jakarta-commons-validator-1.1.4-21.150600.19.92 updated - salt-netapi-client-0.21.0-150600.1.3 updated - yast2-ntp-client-4.6.0-150600.1.3 updated - yast2-ldap-4.6.0-150600.1.5 updated - yast2-security-4.6.0-150600.1.2 updated - spacewalk-backend-5.0.5-150600.3.41.7 updated - python3-spacewalk-client-tools-5.0.4-150600.3.88.11 updated - spacewalk-client-tools-5.0.4-150600.3.88.11 updated - spacewalk-base-5.0.6-150600.1.11 updated - spacewalk-java-postgresql-5.0.6-150600.1.12 updated - spacewalk-branding-5.0.2-150600.1.1 updated - hibernate5-core-5.3.25-150600.1.64 updated - yast2-users-4.6.4-150600.1.5 updated - fence-agents-4.13.1+git.1704296072.32469f29-150600.1.2 updated - spacewalk-backend-sql-5.0.5-150600.3.41.7 updated - spacewalk-admin-5.0.5-150600.1.1 updated - spacewalk-html-5.0.6-150600.1.11 updated - hibernate5-ehcache-5.3.25-150600.1.64 updated - hibernate5-c3p0-5.3.25-150600.1.64 updated - yast2-installation-4.6.12-150600.1.1 updated - yast2-update-4.6.3-150600.1.2 updated - autoyast2-installation-4.6.6-150600.1.2 updated - yast2-add-on-4.6.2-150600.1.2 updated - uyuni-base-server-5.0.2-150600.1.15.1 updated - cobbler-3.3.3-150600.2.1 updated - spacewalk-backend-server-5.0.5-150600.3.41.7 updated - susemanager-sls-5.0.6-150600.1.1 updated - yast2-registration-4.6.1-150600.1.1 updated - spacewalk-java-config-5.0.6-150600.1.12 updated - spacewalk-backend-xmlrpc-5.0.5-150600.3.41.7 updated - spacewalk-backend-xml-export-libs-5.0.5-150600.3.41.7 updated - spacewalk-backend-package-push-server-5.0.5-150600.3.41.7 updated - spacewalk-backend-iss-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-common-5.0.5-150600.3.41.7 updated - spacewalk-backend-applet-5.0.5-150600.3.41.7 updated - spacewalk-backend-app-5.0.5-150600.3.41.7 updated - yast2-migration-4.6.0-150600.1.2 updated - spacewalk-taskomatic-5.0.6-150600.1.12 updated - spacewalk-java-5.0.6-150600.1.12 updated - spacewalk-backend-iss-export-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-5.0.5-150600.3.41.7 updated - spacewalk-backend-config-files-tool-5.0.5-150600.3.41.7 updated - patterns-suma_retail-5.0-150600.4.1 updated - susemanager-tools-5.0.5-150600.1.1 updated - spacewalk-backend-tools-5.0.5-150600.3.41.7 updated - spacewalk-setup-5.0.4-150600.1.1 updated - spacewalk-utils-5.0.3-150600.1.1 updated - spacewalk-utils-extras-5.0.3-150600.1.1 updated - susemanager-5.0.5-150600.1.1 updated - patterns-suma_server-5.0-150600.4.1 updated - container:suse-manager-5.0-init-5.0.0-beta2-5.0.0-beta2-3.74 added - apache-commons-lang-2.6-12.26 removed - apache2-utils-2.4.51-150600.12.2 removed - container:suse-manager-5.0-init-latest-5.0.0-beta1-2.177 removed - libabsl2308_0_0-20230802.1-150400.10.4.1 removed - python3-blinker-1.4-3.4.1 removed - python3-cachetools-4.1.0-150200.3.4.1 removed - python3-google-auth-1.21.2-150300.3.6.1 removed - python3-kubernetes-26.1.0-150400.16.2 removed - python3-oauthlib-2.0.6-3.4.1 removed - python3-requests-oauthlib-0.8.0-3.4.1 removed - python3-rsa-3.4.2-150000.3.7.1 removed - python3-websocket-client-1.3.2-150100.6.10.5 removed - virtual-host-gatherer-Kubernetes-1.0.26-150600.7.6.1 removed From sle-container-updates at lists.suse.com Thu Apr 25 07:01:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 09:01:18 +0200 (CEST) Subject: SUSE-CU-2024:1697-1: Security update of rancher/elemental-teal-rt/5.4 Message-ID: <20240425070118.96571FCEF@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-teal-rt/5.4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1697-1 Container Tags : rancher/elemental-teal-rt/5.4:1.2.3 , rancher/elemental-teal-rt/5.4:1.2.3-2.2.132 , rancher/elemental-teal-rt/5.4:latest Container Release : 2.2.132 Severity : important Type : security References : 1107342 1108281 1144060 1176006 1177529 1188307 1190495 1190495 1192051 1203823 1205502 1206627 1207987 1209834 1210507 1210959 1211515 1211886 1212091 1212514 1213189 1213418 1213456 1214064 1214934 1215377 1215434 1215885 1216016 1216198 1216702 1217217 1217445 1217450 1217589 1217667 1217670 1217895 1217964 1217987 1217988 1217989 1218195 1218216 1218232 1218492 1218562 1218571 1218689 1218713 1218730 1218752 1218757 1218768 1218804 1218832 1218836 1218842 1218866 1218894 1218915 1218916 1218929 1218930 1218968 1219031 1219053 1219073 1219120 1219126 1219127 1219128 1219146 1219238 1219243 1219295 1219321 1219349 1219412 1219429 1219434 1219490 1219520 1219559 1219563 1219576 1219608 1219633 1219653 1219767 1219827 1219835 1219975 1220009 1220061 1220117 1220117 1220140 1220187 1220237 1220238 1220240 1220241 1220243 1220250 1220251 1220253 1220254 1220255 1220257 1220320 1220326 1220328 1220330 1220335 1220340 1220344 1220350 1220364 1220366 1220385 1220398 1220409 1220411 1220413 1220433 1220439 1220441 1220443 1220444 1220445 1220457 1220459 1220466 1220469 1220478 1220482 1220484 1220486 1220487 1220568 1220649 1220724 1220735 1220736 1220770 1220771 1220790 1220796 1220797 1220825 1220831 1220833 1220836 1220839 1220840 1220843 1220845 1220870 1220871 1220872 1220878 1220879 1220885 1220898 1220917 1220918 1220920 1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933 1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965 1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986 1220987 1220989 1220990 1221009 1221012 1221015 1221022 1221039 1221040 1221048 1221050 1221055 1221058 1221077 1221218 1221239 1221276 1221289 1221399 1221470 1221551 1221553 1221665 1221667 1221677 1221677 1221725 1221831 1222073 1222619 CVE-2019-25162 CVE-2021-33631 CVE-2021-46923 CVE-2021-46924 CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-48626 CVE-2022-48627 CVE-2022-48629 CVE-2022-48630 CVE-2023-28746 CVE-2023-29383 CVE-2023-35827 CVE-2023-45918 CVE-2023-46838 CVE-2023-47233 CVE-2023-51042 CVE-2023-51043 CVE-2023-51780 CVE-2023-51782 CVE-2023-5197 CVE-2023-52160 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448 CVE-2023-52449 CVE-2023-52450 CVE-2023-52451 CVE-2023-52452 CVE-2023-52454 CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475 CVE-2023-52477 CVE-2023-52478 CVE-2023-52482 CVE-2023-52484 CVE-2023-52492 CVE-2023-52497 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52559 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52597 CVE-2023-52605 CVE-2023-52621 CVE-2023-5388 CVE-2023-6040 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6817 CVE-2023-6915 CVE-2023-7207 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085 CVE-2024-1086 CVE-2024-1151 CVE-2024-1753 CVE-2024-1753 CVE-2024-2004 CVE-2024-21626 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-2398 CVE-2024-24860 CVE-2024-25062 CVE-2024-25742 CVE-2024-26458 CVE-2024-26461 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593 CVE-2024-26595 CVE-2024-26598 CVE-2024-26600 CVE-2024-26602 CVE-2024-26603 CVE-2024-26607 CVE-2024-26622 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757 ----------------------------------------------------------------- The container rancher/elemental-teal-rt/5.4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:476-1 Released: Wed Feb 14 19:35:24 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1177529,1209834,1212091,1215885,1216016,1216702,1217217,1217670,1217895,1217987,1217988,1217989,1218689,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1218916,1218929,1218930,1218968,1219053,1219120,1219128,1219349,1219412,1219429,1219434,1219490,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - kernel-source: Fix description typo - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:597-1 Released: Thu Feb 22 20:07:11 2024 Summary: Security update for mozilla-nss Type: security Severity: important References: 1216198,CVE-2023-5388 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:613-1 Released: Mon Feb 26 11:21:43 2024 Summary: Security update for libxml2 Type: security Severity: moderate References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:766-1 Released: Tue Mar 5 13:50:28 2024 Summary: Recommended update for libssh Type: recommended Severity: important References: 1220385 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:819-1 Released: Fri Mar 8 12:05:12 2024 Summary: Security update for wpa_supplicant Type: security Severity: important References: 1219975,CVE-2023-52160 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:833-1 Released: Mon Mar 11 10:31:14 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:305-1 Released: Mon Mar 11 14:15:37 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:838-1 Released: Tue Mar 12 06:46:28 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1220117 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:907-1 Released: Fri Mar 15 08:57:38 2024 Summary: Recommended update for audit Type: recommended Severity: moderate References: 1215377 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:929-1 Released: Tue Mar 19 06:36:24 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1219321 This update for coreutils fixes the following issues: - tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:939-1 Released: Wed Mar 20 09:03:37 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). The following non-security bugs were fixed: - bsc#1176006: Fix chage date miscalculation - bsc#1188307: Fix passwd segfault - bsc#1203823: Remove pam_keyinit from PAM config files - bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions - bsc#1206627: Add --prefix support to passwd, chpasswd and chage - bsc#1205502: useradd audit event user id field cannot be interpretedd ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:977-1 Released: Fri Mar 22 15:33:40 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1211515,1213456,1214064,1218195,1218216,1218562,1218915,1219073,1219126,1219127,1219146,1219295,1219633,1219653,1219827,1219835,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220326,1220328,1220330,1220335,1220344,1220350,1220364,1220398,1220409,1220433,1220444,1220457,1220459,1220469,1220649,1220735,1220736,1220796,1220797,1220825,1220845,1220917,1220930,1220931,1220933,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2021-46934,CVE-2021-47083,CVE-2022-48627,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52467,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52484,CVE-2023-52530,CVE-2023-52531,CVE-2023-52559,CVE-2023-6270,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE -2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26591,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26607,CVE-2024-26622 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). The following non-security bugs were fixed: - bpf: fix verification of indirect var-off stack access (git-fixes). - bpf: guard stack limits against 32bit overflow (git-fixes). - drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073 - fix unresolved hunks in readme.branch - kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes). - kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064). - nvme: start keep-alive after admin queue setup (bsc#1211515). - readme.branch: use correct mail for roy - rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created. - x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: add asm helpers for executing verw (git-fixes). - x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk. - x86/entry_32: add verw just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:982-1 Released: Mon Mar 25 12:56:33 2024 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1217964 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1006-1 Released: Wed Mar 27 10:48:38 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1010-1 Released: Wed Mar 27 16:07:37 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: important References: 1218842,1221470 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1058-1 Released: Thu Mar 28 14:50:41 2024 Summary: Security update for podman Type: security Severity: important References: 1221677,CVE-2024-1753 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1080-1 Released: Tue Apr 2 06:50:10 2024 Summary: Recommended update for xfsprogs-scrub Type: recommended Severity: low References: 1190495 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:58 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1129-1 Released: Mon Apr 8 09:12:08 2024 Summary: Security update for expat Type: security Severity: important References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1144-1 Released: Mon Apr 8 11:33:47 2024 Summary: Security update for buildah Type: security Severity: important References: 1219563,1220568,1221677,CVE-2024-1753 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1169-1 Released: Tue Apr 9 09:50:32 2024 Summary: Security update for util-linux Type: security Severity: important References: 1207987,1220117,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1201-1 Released: Thu Apr 11 10:47:59 2024 Summary: Recommended update for xfsprogs-scrub and jctools Type: recommended Severity: low References: 1190495,1213418 This update for xfsprogs-scrub fixes the following issues: - Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495) - Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1320-1 Released: Tue Apr 16 18:04:04 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1212514,1220237,1220320,1220340,1220366,1220411,1220413,1220439,1220443,1220445,1220466,1220478,1220482,1220484,1220486,1220487,1220790,1220831,1220833,1220836,1220839,1220840,1220843,1220870,1220871,1220872,1220878,1220879,1220885,1220898,1220918,1220920,1220921,1220926,1220927,1220929,1220932,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221048,1221055,1221058,1221077,1221276,1221551,1221553,1221725,1222073,1222619,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46936,CVE-2021-47082,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-48626,CVE-2022-48629,CVE- 2022-48630,CVE-2023-35827,CVE-2023-52450,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52477,CVE-2023-52492,CVE-2023-52497,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52532,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52597,CVE-2023-52605,CVE-2023-52621,CVE-2024-25742,CVE-2024-26600 The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). The following non-security bugs were fixed: - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - group-source-files.pl: Quote filenames (boo#1221077). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 updated - glibc-2.31-150300.71.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libuuid1-2.37.2-150400.8.29.1 updated - libsmartcols1-2.37.2-150400.8.29.1 updated - libexpat1-2.4.4-150400.3.17.1 updated - libblkid1-2.37.2-150400.8.29.1 updated - libaudit1-3.0.6-150400.4.16.1 updated - libfdisk1-2.37.2-150400.8.29.1 updated - libgcc_s1-13.2.1+git8285-150000.1.9.1 updated - catatonit-0.1.7-150300.10.5.2 updated - mozilla-nss-certs-3.90.2-150400.3.39.1 updated - libxml2-2-2.9.14-150400.5.28.1 updated - libfreebl3-3.90.2-150400.3.39.1 updated - libmount1-2.37.2-150400.8.29.1 updated - libsoftokn3-3.90.2-150400.3.39.1 updated - mozilla-nss-3.90.2-150400.3.39.1 updated - libstdc++6-13.2.1+git8285-150000.1.9.1 updated - libncurses6-6.1-150000.5.24.1 updated - terminfo-base-6.1-150000.5.24.1 updated - coreutils-8.32-150400.9.3.1 updated - timezone-2024a-150000.75.28.1 updated - systemd-rpm-macros-15-150000.7.39.1 updated - netcfg-11.6-150000.3.6.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - glibc-locale-base-2.31-150300.71.1 updated - login_defs-4.8.1-150400.3.6.1 updated - perl-Bootloader-0.947-150400.3.12.1 updated - cpio-2.13-150400.3.6.1 updated - sed-4.4-150300.13.3.1 updated - libopenssl1_1-1.1.1l-150400.7.63.1 updated - krb5-1.19.2-150400.3.9.1 updated - libssh4-0.9.8-150400.3.6.1 updated - libcurl4-8.0.1-150400.5.44.1 updated - pam-config-1.1-150200.3.6.1 updated - shadow-4.8.1-150400.3.6.1 updated - util-linux-2.37.2-150400.8.29.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated - util-linux-systemd-2.37.2-150400.8.29.1 updated - runc-1.1.12-150000.64.1 updated - cni-0.7.1-150100.3.18.1 updated - cni-plugins-0.8.6-150100.3.22.3 updated - fuse-overlayfs-1.1.2-150100.3.11.1 updated - xfsprogs-5.13.0-150400.3.7.1 updated - slirp4netns-1.2.0-150300.8.7.1 updated - podman-4.4.4-150400.4.22.1 updated - wpa_supplicant-2.9-150000.4.39.1 updated - kernel-rt-5.14.21-150400.15.76.1 updated - hostname-3.16-2.22 removed - iproute2-5.14-150400.1.8 removed - libltdl7-2.4.6-3.4.1 removed - libmspack0-0.6-3.14.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - tar-1.34-150000.3.34.1 removed - which-2.21-2.20 removed From sle-container-updates at lists.suse.com Thu Apr 25 12:17:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 14:17:31 +0200 (CEST) Subject: SUSE-CU-2024:1735-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240425121731.BBDB2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1735-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.20 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.20 Severity : moderate Type : recommended References : 1188500 1221184 1221525 1221963 1222086 1222398 1223094 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libzypp-17.32.5-150200.99.1 updated - zypper-1.14.71-150200.76.3 updated From sle-container-updates at lists.suse.com Thu Apr 25 12:18:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 25 Apr 2024 14:18:16 +0200 (CEST) Subject: SUSE-CU-2024:1736-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240425121816.CA58FFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1736-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.20 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.20 Severity : moderate Type : recommended References : 1188500 1221184 1221525 1221963 1222086 1222398 1223094 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libzypp-17.32.5-150200.99.1 updated - zypper-1.14.71-150200.76.3 updated From sle-container-updates at lists.suse.com Fri Apr 26 07:02:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 26 Apr 2024 09:02:53 +0200 (CEST) Subject: SUSE-CU-2024:1737-1: Recommended update of suse/sle15 Message-ID: <20240426070253.41A35FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1737-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.443 Container Release : 9.5.443 Severity : moderate Type : recommended References : 1221525 1221963 1222086 1222398 1223094 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) The following package changes have been done: - libzypp-17.32.5-150200.99.1 updated - zypper-1.14.71-150200.76.3 updated From sle-container-updates at lists.suse.com Fri Apr 26 07:03:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 26 Apr 2024 09:03:17 +0200 (CEST) Subject: SUSE-CU-2024:1738-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240426070317.A246FFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1738-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.30 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.49.30 Severity : moderate Type : recommended References : 1200731 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1434-1 Released: Thu Apr 25 09:11:03 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. The following package changes have been done: - systemd-presets-common-SUSE-15-150100.8.23.1 updated From sle-container-updates at lists.suse.com Fri Apr 26 07:03:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 26 Apr 2024 09:03:29 +0200 (CEST) Subject: SUSE-CU-2024:1739-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240426070329.C66B4FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1739-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.11 , suse/manager/4.3/proxy-tftpd:4.3.11.9.39.21 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.39.21 Severity : moderate Type : security References : 1222842 CVE-2024-3651 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). The following package changes have been done: - python3-idna-2.6-150000.3.3.1 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:02:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:02:56 +0200 (CEST) Subject: SUSE-CU-2024:1742-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240427070256.3BC1AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1742-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.45 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.45 Container Release : 4.45 Severity : moderate Type : recommended References : 1188500 1221184 1221525 1221963 1222086 1222398 1223094 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libzypp-17.32.5-150200.99.1 updated - zypper-1.14.71-150200.76.3 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:03:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:03:11 +0200 (CEST) Subject: SUSE-CU-2024:1743-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240427070311.34FD2FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1743-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.27 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.27 Container Release : 3.27 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:04:11 +0200 (CEST) Subject: SUSE-CU-2024:1745-1: Recommended update of suse/registry Message-ID: <20240427070411.CCC9BFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1745-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-23.6 , suse/registry:latest Container Release : 23.6 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:04:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:04:34 +0200 (CEST) Subject: SUSE-CU-2024:1746-1: Recommended update of bci/golang Message-ID: <20240427070434.E31F2FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1746-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.4.6 , bci/golang:oldstable , bci/golang:oldstable-2.4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:05:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:05:02 +0200 (CEST) Subject: SUSE-CU-2024:1747-1: Recommended update of bci/golang Message-ID: <20240427070502.AF169FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1747-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-14.6 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-14.6 Container Release : 14.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:05:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:05:26 +0200 (CEST) Subject: SUSE-CU-2024:1748-1: Recommended update of bci/golang Message-ID: <20240427070527.002FEFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1748-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-14.6 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-14.6 Container Release : 14.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:05:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:05:39 +0200 (CEST) Subject: SUSE-CU-2024:1749-1: Recommended update of suse/helm Message-ID: <20240427070539.0B024FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1749-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-10.6 , suse/helm:latest Container Release : 10.6 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:08:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:08:05 +0200 (CEST) Subject: SUSE-CU-2024:1754-1: Security update of bci/php-fpm Message-ID: <20240427070805.B9C25FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1754-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-14.2 Container Release : 14.2 Severity : moderate Type : security References : 1222857 1222858 CVE-2024-2756 CVE-2024-3096 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1446-1 Released: Fri Apr 26 09:27:03 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1222857,1222858,CVE-2024-2756,CVE-2024-3096 This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857) - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858) The following package changes have been done: - php8-cli-8.0.30-150400.4.40.1 updated - php8-8.0.30-150400.4.40.1 updated - php8-fpm-8.0.30-150400.4.40.1 updated - php8-openssl-8.0.30-150400.4.40.1 updated - php8-mbstring-8.0.30-150400.4.40.1 updated - php8-zlib-8.0.30-150400.4.40.1 updated - php8-zip-8.0.30-150400.4.40.1 updated - php8-curl-8.0.30-150400.4.40.1 updated - php8-phar-8.0.30-150400.4.40.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:08:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:08:31 +0200 (CEST) Subject: SUSE-CU-2024:1755-1: Security update of bci/php Message-ID: <20240427070831.2E513FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1755-1 Container Tags : bci/php:8 , bci/php:8-14.2 Container Release : 14.2 Severity : moderate Type : security References : 1222857 1222858 CVE-2024-2756 CVE-2024-3096 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1446-1 Released: Fri Apr 26 09:27:03 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1222857,1222858,CVE-2024-2756,CVE-2024-3096 This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857) - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858) The following package changes have been done: - php8-cli-8.0.30-150400.4.40.1 updated - php8-8.0.30-150400.4.40.1 updated - php8-openssl-8.0.30-150400.4.40.1 updated - php8-mbstring-8.0.30-150400.4.40.1 updated - php8-zlib-8.0.30-150400.4.40.1 updated - php8-curl-8.0.30-150400.4.40.1 updated - php8-zip-8.0.30-150400.4.40.1 updated - php8-phar-8.0.30-150400.4.40.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:09:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:09:47 +0200 (CEST) Subject: SUSE-CU-2024:1758-1: Recommended update of bci/python Message-ID: <20240427070947.A257EFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1758-1 Container Tags : bci/python:3 , bci/python:3-18.7 , bci/python:3.11 , bci/python:3.11-18.7 , bci/python:latest Container Release : 18.7 Severity : moderate Type : recommended References : 1188500 1221184 1222046 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:10:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:10:27 +0200 (CEST) Subject: SUSE-CU-2024:1759-1: Recommended update of bci/python Message-ID: <20240427071027.DE85BFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1759-1 Container Tags : bci/python:3 , bci/python:3-19.8 , bci/python:3.6 , bci/python:3.6-19.8 Container Release : 19.8 Severity : moderate Type : recommended References : 1188500 1221184 1222046 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:11:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:11:57 +0200 (CEST) Subject: SUSE-CU-2024:1764-1: Recommended update of bci/rust Message-ID: <20240427071157.7141DFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1764-1 Container Tags : bci/rust:1.76 , bci/rust:1.76-2.4.6 , bci/rust:oldstable , bci/rust:oldstable-2.4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:12:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:12:24 +0200 (CEST) Subject: SUSE-CU-2024:1765-1: Recommended update of bci/rust Message-ID: <20240427071224.B3142FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1765-1 Container Tags : bci/rust:1.77 , bci/rust:1.77-1.4.6 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:13:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:13:00 +0200 (CEST) Subject: SUSE-CU-2024:1767-1: Recommended update of suse/sle15 Message-ID: <20240427071300.76F2AFCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1767-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.11.27 , suse/sle15:15.5 , suse/sle15:15.5.36.11.27 Container Release : 36.11.27 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:13:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:13:08 +0200 (CEST) Subject: SUSE-CU-2024:1769-1: Recommended update of bci/bci-init Message-ID: <20240427071308.924DFFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1769-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.8.19 Container Release : 8.19 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones The following package changes have been done: - libgcrypt20-1.10.3-150600.1.19 updated - libopenssl3-3.1.4-150600.2.19 updated - libsystemd0-254.10-150600.1.4 updated - libopenssl-3-fips-provider-3.1.4-150600.2.19 updated - sles-release-15.6-150600.33.3 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-254.10-150600.1.4 updated - container:sles15-image-15.0.0-46.2.10 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:13:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:13:21 +0200 (CEST) Subject: SUSE-CU-2024:1772-1: Recommended update of bci/openjdk Message-ID: <20240427071321.6705FFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1772-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-6.17 Container Release : 6.17 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - libopenssl3-3.1.4-150600.2.19 updated - libopenssl-3-fips-provider-3.1.4-150600.2.19 updated - openssl-3-3.1.4-150600.2.19 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - java-21-openjdk-headless-21.0.2.0-150600.2.31 updated - java-21-openjdk-21.0.2.0-150600.2.31 updated - container:sles15-image-15.0.0-46.2.10 updated From sle-container-updates at lists.suse.com Sat Apr 27 07:13:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Apr 2024 09:13:23 +0200 (CEST) Subject: SUSE-CU-2024:1773-1: Recommended update of bci/python Message-ID: <20240427071323.CBCE3FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1773-1 Container Tags : bci/python:3 , bci/python:3-6.16 , bci/python:3.12 , bci/python:3.12-6.16 Container Release : 6.16 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - libldap-data-2.4.46-150600.23.16 updated - libopenssl3-3.1.4-150600.2.19 updated - libopenssl-3-fips-provider-3.1.4-150600.2.19 updated - libldap-2_4-2-2.4.46-150600.23.16 updated - openssl-3-3.1.4-150600.2.19 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libpython3_12-1_0-3.12.1-150600.1.27 updated - python312-base-3.12.1-150600.1.27 updated - python312-devel-3.12.1-150600.1.27 updated - less-643-150600.1.33 updated - container:sles15-image-15.0.0-46.2.10 updated From sle-container-updates at lists.suse.com Mon Apr 29 07:02:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 29 Apr 2024 09:02:14 +0200 (CEST) Subject: SUSE-CU-2024:1775-1: Recommended update of bci/golang Message-ID: <20240429070214.2267DFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1775-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.4.6 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.4.6 Container Release : 4.6 Severity : moderate Type : recommended References : 1222046 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1449-1 Released: Fri Apr 26 11:55:45 2024 Summary: Recommended update for lifecycle-data-sle-module-development-tools Type: recommended Severity: moderate References: 1222046 This update for lifecycle-data-sle-module-development-tools fixes the following issues: - added go1.19 eol dates (bsc#1222046) - added rust1.73, 74 and 75 EOL dates (rust1.n+2 release + 1 week) (bsc#1222046) - also added for cargo1.7x The following package changes have been done: - lifecycle-data-sle-module-development-tools-1-150200.3.27.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Mon Apr 29 07:03:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 29 Apr 2024 09:03:15 +0200 (CEST) Subject: SUSE-CU-2024:1777-1: Recommended update of bci/openjdk-devel Message-ID: <20240429070315.E61BDFCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1777-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.12 Container Release : 15.12 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:bci-openjdk-11-15.5.11-16.6 updated From sle-container-updates at lists.suse.com Mon Apr 29 07:03:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 29 Apr 2024 09:03:40 +0200 (CEST) Subject: SUSE-CU-2024:1778-1: Recommended update of bci/openjdk Message-ID: <20240429070340.729B9FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1778-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-16.6 Container Release : 16.6 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Mon Apr 29 07:04:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 29 Apr 2024 09:04:07 +0200 (CEST) Subject: SUSE-CU-2024:1779-1: Recommended update of bci/openjdk-devel Message-ID: <20240429070407.AEFD7FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1779-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-17.13 , bci/openjdk-devel:latest Container Release : 17.13 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:bci-openjdk-17-15.5.17-17.7 updated From sle-container-updates at lists.suse.com Mon Apr 29 07:04:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 29 Apr 2024 09:04:31 +0200 (CEST) Subject: SUSE-CU-2024:1780-1: Recommended update of bci/openjdk Message-ID: <20240429070431.E2FC0FCEF@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1780-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-17.7 , bci/openjdk:latest Container Release : 17.7 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:01:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:01:17 +0200 (CEST) Subject: SUSE-IU-2024:353-1: Security update of suse/sle-micro/5.5 Message-ID: <20240430070117.BFBB9FCF4@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:353-1 Image Tags : suse/sle-micro/5.5:2.0.2 , suse/sle-micro/5.5:2.0.2-4.2.85 , suse/sle-micro/5.5:latest Image Release : 4.2.85 Severity : important Type : security References : 1209282 1216474 1218871 1220763 1221123 1221622 1221941 1222831 1222992 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1342-1 Released: Thu Apr 18 16:35:49 2024 Summary: Recommended update for unixODBC, libtool and libssh2_org Type: recommended Severity: moderate References: 1221622,1221941 This update for unixODBC, libtool and libssh2_org fixes the following issue: - Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941). - Fix an issue with Encrypt-then-MAC family. (bsc#1221622) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1376-1 Released: Mon Apr 22 16:13:38 2024 Summary: Security update for polkit Type: security Severity: low References: 1209282 This update for polkit fixes the following issues: - Change permissions for rules folders (bsc#1209282) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - glibc-2.31-150300.74.1 updated - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - glibc-locale-base-2.31-150300.74.1 updated - libltdl7-2.4.6-150000.3.6.2 updated - openssh-common-8.4p1-150300.3.37.1 updated - vim-data-common-9.1.0330-150500.20.12.1 updated - libpolkit-gobject-1-0-121-150500.3.3.1 updated - libpolkit-agent-1-0-121-150500.3.3.1 updated - polkit-121-150500.3.3.1 updated - vim-small-9.1.0330-150500.20.12.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.2-4.2.60 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:03:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:03:17 +0200 (CEST) Subject: SUSE-CU-2024:1782-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240430070317.61A02FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1782-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.8.19 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.8.19 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:04:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:04:46 +0200 (CEST) Subject: SUSE-CU-2024:1784-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240430070446.C99A6FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1784-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.15.19 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.15.19 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:05:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:05:12 +0200 (CEST) Subject: SUSE-CU-2024:1785-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240430070512.8BCE7FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1785-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-2.2.216 , suse/sle-micro/5.5/toolbox:latest Container Release : 2.2.216 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1458-1 Released: Mon Apr 29 07:47:34 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - vim-data-common-9.1.0330-150500.20.12.1 updated - vim-9.1.0330-150500.20.12.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:06:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:06:49 +0200 (CEST) Subject: SUSE-CU-2024:1786-1: Recommended update of suse/sles12sp5 Message-ID: <20240430070649.CCF3BFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1786-1 Container Tags : suse/sles12sp5:6.5.587 , suse/sles12sp5:latest Container Release : 6.5.587 Severity : important Type : recommended References : 1223122 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1456-1 Released: Mon Apr 29 07:45:59 2024 Summary: Recommended update for krb5 Type: recommended Severity: important References: 1223122 This update for krb5 fixes the following issues: - Fix warning executing %postun scriptlet (bsc#1223122) The following package changes have been done: - krb5-1.16.3-46.9.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:07:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:07:46 +0200 (CEST) Subject: SUSE-CU-2024:1787-1: Security update of bci/php-apache Message-ID: <20240430070746.3463CFCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1787-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-14.1 Container Release : 14.1 Severity : moderate Type : security References : 1222857 1222858 CVE-2024-2756 CVE-2024-3096 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1446-1 Released: Fri Apr 26 09:27:03 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1222857,1222858,CVE-2024-2756,CVE-2024-3096 This update for php8 fixes the following issues: - CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857) - CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858) The following package changes have been done: - php8-cli-8.0.30-150400.4.40.1 updated - php8-8.0.30-150400.4.40.1 updated - apache2-mod_php8-8.0.30-150400.4.40.1 updated - php8-openssl-8.0.30-150400.4.40.1 updated - php8-mbstring-8.0.30-150400.4.40.1 updated - php8-zlib-8.0.30-150400.4.40.1 updated - php8-zip-8.0.30-150400.4.40.1 updated - php8-curl-8.0.30-150400.4.40.1 updated - php8-phar-8.0.30-150400.4.40.1 updated - container:sles15-image-15.0.0-36.11.27 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:07:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:07:54 +0200 (CEST) Subject: SUSE-CU-2024:1788-1: Recommended update of suse/sle15 Message-ID: <20240430070754.9B2E0FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1788-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.46.2.10 , suse/sle15:15.6 , suse/sle15:15.6.46.2.10 Container Release : 46.2.10 Severity : moderate Type : recommended References : 1188500 1221184 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libabsl2401_0_0-20240116.1-150600.17.3 updated - libgcrypt20-1.10.3-150600.1.19 updated - libgpgme11-1.23.0-150600.1.35 updated - libldap-2_4-2-2.4.46-150600.23.16 updated - libldap-data-2.4.46-150600.23.16 updated - libopenssl-3-fips-provider-3.1.4-150600.2.19 updated - libopenssl3-3.1.4-150600.2.19 updated - libsystemd0-254.10-150600.1.4 updated - libudev1-254.10-150600.1.4 updated - libzypp-17.32.4-150600.1.1 updated - openssl-3-3.1.4-150600.2.19 updated - sle-module-basesystem-release-15.6-150600.33.2 updated - sle-module-python3-release-15.6-150600.33.2 updated - sle-module-server-applications-release-15.6-150600.33.2 updated - sles-release-15.6-150600.33.3 updated - zypper-1.14.71-150600.8.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:08:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:08:39 +0200 (CEST) Subject: SUSE-CU-2024:1789-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240430070839.8EB08FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1789-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.8.21 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.8.21 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:10:42 +0200 (CEST) Subject: SUSE-CU-2024:1791-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240430071042.88774FCEF@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:1791-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.8.21 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.8.21 Severity : moderate Type : recommended References : 1220763 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) The following package changes have been done: - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated From sle-container-updates at lists.suse.com Tue Apr 30 07:01:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Apr 2024 09:01:16 +0200 (CEST) Subject: SUSE-IU-2024:352-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240430070116.6F92AFCEF@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:352-1 Image Tags : suse/sle-micro/base-5.5:2.0.2 , suse/sle-micro/base-5.5:2.0.2-4.2.60 , suse/sle-micro/base-5.5:latest Image Release : 4.2.60 Severity : important Type : security References : 1133277 1175678 1182659 1188500 1203378 1208794 1212180 1212182 1214148 1215334 1218171 1221184 1221525 1222086 1222992 CVE-2023-32731 CVE-2023-32732 CVE-2023-33953 CVE-2023-44487 CVE-2023-4785 CVE-2024-2961 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:573-1 Released: Wed Feb 21 09:36:59 2024 Summary: Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 Type: security Severity: moderate References: 1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). * Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java ??? (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)??? - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1344-1 Released: Thu Apr 18 18:50:37 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1175678,1218171,1221525,1222086 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed The following package changes have been done: - glibc-2.31-150300.74.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 added - libprotobuf-lite25_1_0-25.1-150400.9.3.1 added - libzypp-17.32.4-150400.3.61.1 updated - zypper-1.14.71-150400.3.45.2 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed