SUSE-CU-2024:5719-1: Security update of suse/manager/5.0/x86_64/server
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Mon Nov 18 16:17:04 UTC 2024
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5719-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.2 , suse/manager/5.0/x86_64/server:5.0.2.7.8.1 , suse/manager/5.0/x86_64/server:latest
Container Release : 7.8.1
Severity : critical
Type : security
References : 1148184 1174994 1175709 1177860 1179529 1181453 1181541 1181731
1185090 1185093 1185627 1185643 1186236 1188441 1190940 1199282
1205990 1210382 1210959 1214915 1219031 1219041 1220262 1220262
1220357 1220724 1221601 1221714 1224258 1224260 1224264 1224265
1224266 1224267 1224268 1224269 1224270 1224271 1224272 1224273
1224275 1224465 1225972 1226141 1226414 1226724 1226724 1226731
1226733 1227100 1227216 1227233 1227378 1227642 1227669 1227670
1227671 1227807 1227999 1228091 1228097 1228223 1228618 1228619
1228623 1228647 1228780 1228809 1228945 1229028 1229077 1229109
1229518 1229539 1229555 1229555 1229596 1229684 1229745 1229783
1229923 1230070 1230111 1230135 1230145 1230166 1230227 1230255
1230263 1230267 1230316 1230322 1230353 1230423 1230516 1230536
1230638 1230698 1230778 1230840 1230906 1230911 1230912 1230972
1230984 1231043 1231051 1231060 1231332 1231544 1231568 1231624
1231702 1231702 1231711 1231711 1231716 1231716 1231719 1231719
1231793 1231796 1231833 1231852 1231900 1231922 1232241 1232528
CVE-2022-34169 CVE-2022-45153 CVE-2023-29483 CVE-2023-49582 CVE-2023-50782
CVE-2023-50782 CVE-2024-20697 CVE-2024-21208 CVE-2024-21208 CVE-2024-21210
CVE-2024-21210 CVE-2024-21217 CVE-2024-21217 CVE-2024-21235 CVE-2024-21235
CVE-2024-40725 CVE-2024-41996 CVE-2024-47533 CVE-2024-48957 CVE-2024-48958
CVE-2024-49502 CVE-2024-49503 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923
CVE-2024-7254 CVE-2024-7592 CVE-2024-9287 CVE-2024-9681
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3004-1
Released: Thu Oct 22 17:44:31 2020
Summary: Recommended update for python-shaptools, salt-shaptools, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula
Type: recommended
Severity: moderate
References: 1174994,1175709
python-shaptools:
- Fix how HANA database is started and stopped to work in multi host environment.
sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
- Fix issue when secondary registration fails after a successful 'SSFS' files copy process. (bsc#1175709)
Now the registration return code will be checked in the new call.
salt-shaptools:
- Fix how HANA database is started and stopped to work in multi host environment.
sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
habootstrap-formula:
- Update the prevalidation logic to check for valid sbd entries (jsc#SLE-4047)
- Improve Formula with form description (jsc#SLE-4047)
- Update the SUMA form.yml file and prevalidation state with latest changes in project
- Include the pillar example file in package. (bsc#1174994)
- Fix how HANA database is started and stopped to work in multi host environment.
sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
saphanabootstrap-formula:
- Update the package version after SUMA form update and extraction logic update (jsc#SLE-4047)
- Fix the hana media extraction and installation logics when using exe archives
- Update the SUMA hana form metadata, to show hana form under SAP deployment group
- Update SUMA form.yml file and prevalidation state with latest changes in formula
- Change the default 'hana_extract_dir' hana media extraction location
- Remove copy of config files for exporters since we use /usr/etc
- Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047)
- Add hana active/active resources to the cluster template
- Change `route_table` by `route_name` to make the variable usage more meaningful
- Add support to extract zip,rar,exe,sar hana media
- This change in non backward compatible. The variable hdbserver_extract_dir is replaced by hana_extract_dir
- Fix provisioning of hanadb_exporter in SLE12, where python3-pip must be always installed.
- Fix how HANA database is started and stopped to work in multi host environment.
sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
sapnwbootstrap-formula:
- Create SUMA form based on latest pillar and formula data (jsc#SLE-4047)
- Implement the differences between ENSA1 and ENSA2 versions
- Add the keepalive configuration changes
- Include the pillar example file in package. (bsc#1174994, jsc#SLE-4047)
- Add support to extract nw media archives. This change is non backward compatible.
- Remove default swpm installer extract directory and add nw_extract_dir variable to store all extracted NW media
- Fix how HANA database is started and stopped to work in multi host environment.
sapcontrol commands are used instead of HDB now. (jsc#SLE-4047)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3708-1
Released: Tue Dec 8 10:22:36 2020
Summary: Recommended update for python-shaptools, salt-shaptools
Type: recommended
Severity: moderate
References:
This update for python-shaptools, salt-shaptools fixes the following issues:
python-shaptools:
Update from version 0.3.10+git.1600699158.46fca28 to version 0.3.11+git.1605798399.b036435
- Retrieve the currently installed ENSA version for Netweaver (only for ASCS and ERS instances). (jsc#SLE-4047)
salt-shaptools:
Update from version 0.3.10+git.1600699854.f5950bc to version 0.3.11+git.1605797958.ae2f08a
- Improve extract_pydbapi to check recursively in subfolders (jsc#SLE-4047)
- Implement a new state to set the ENSA version grains data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:450-1
Released: Fri Feb 12 11:38:29 2021
Summary: Recommended update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula
Type: recommended
Severity: moderate
References: 1177860,1181453
This update for drbd-formula, habootstrap-formula, saphanabootstrap-formula, sapnwbootstrap-formula fixes the following issues:
habootstrap-formula:
- Version 0.4.1
- Improved handling of sshkeys entry in pillar file (bsc#1181453)
- Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)
- Remove lock states as this is done in `crmsh` now
- Fix ssh keys management to run them once the first node is initialized
- Remove `--no-overwrite-sshkey` option from the formula
- `qdevice` support: it can be created when initializing a cluster when multiple nodes are joining in parallel
saphanabootstrap-formula:
- Version 0.7.0
- Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)
- Start the `saptune` daemon service
- Add requisite of HANA installation to subsequent salt states
- Add support to extract and install HANA Client `sar` packages
- Set the native fence mechanism usage for `CSP` as optional (jsc#SLE-4047)
- Fix the HANA media extraction and installation logics when using `exe` archives
- Update the SUSE Manager HANA form metadata, to show HANA form under SAP deployment group
- Update SUSE Manager `form.yml` file and prevalidation state with latest changes in formula
sapnwbootstrap-formula:
- Version 0.6.0
- Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)
- Add requisites of `netweaver` installation to subsequent salt states
- Start the `saptune` systemd service
- Fix `additional_dvds` variable usage when salt uses python 2.
- The variable is filtered by `tojson` option to avoid `u` prefix in lists
- Set the native fence mechanism usage for `CSP` as optional
- Add instance name suffix to `socat` resources
- Remove meta `resource-stickness` to the `ERS` resources group
- Update the db installation template to use correctly the schema names for S/4HANA
- Update the default `nw_extract_dir` `SWPM` media extraction location
drbd-formula:
- Version 0.4.0
- Change `salt-formulas-configuration` requirement in SLE12 codestream to a recommendation (bsc#1177860)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1662-1
Released: Wed May 19 22:24:31 2021
Summary: Recommended update for saphanabootstrap-formula
Type: recommended
Severity: moderate
References: 1185090
This update for saphanabootstrap-formula fixes the following issues:
- Fix the HANA sidadm usage to transform to lowercase some states managing the sudoers file in ha_cluster.sls state file. (bsc#1185090)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:1663-1
Released: Wed May 19 22:25:14 2021
Summary: Recommended update for drbd-formula
Type: recommended
Severity: moderate
References: 1179529
This update for drbd-formula fixes the following issues:
- Support different backing device per node. (bsc#1179529)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2960-1
Released: Mon Sep 6 13:35:58 2021
Summary: Recommended update for habootstrap-formula
Type: recommended
Severity: moderate
References: 1181731
This update for habootstrap-formula fixes the following issue:
- Fix SUSE Manager integration. (bsc#1181731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3188-1
Released: Wed Sep 22 15:45:22 2021
Summary: Recommended update for sapnwbootstrap-formula
Type: recommended
Severity: moderate
References: 1181541,1185093,1185627,1186236
This update for sapnwbootstrap-formula fixes the following issues:
Update to version 0.6.4+git.1621842068.a86c37c:
- Set the default empty dictionary for 'virtual_addresses'. (bsc#1185627)
- This also ensures that a dictionary is obtained if the value is None (needed by SUSE Manager)
- Fix issue when 'azure-lb' resource for 'ASCS/ERS' is not added in the corresponding Resource Group (bsc#1186236)
- Set the virtual ip addresses as permanent, except for HA scenarios,
to have them even after a reboot of the machine. (bsc#1185093)
- Give the option to mount '/sapmnt' folder locally without using a 'NFS' share.
- Make '/sapmnt' path configurable using 'sapmnt_path' pillar variable
- Update PAS and AAS templates to use HANA sid and instance number to create the configuration file
- Fix error about missing instance installation requisite when monitoring is enabled. (bsc#1181541)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3471-1
Released: Wed Oct 20 08:39:41 2021
Summary: Recommended update for habootstrap-formula
Type: recommended
Severity: moderate
References: 1190940
This update for habootstrap-formula fixes the following issues:
Update to version 0.4.4
- Wait for cluster startup after a 'corosync' restart. (bsc#1190940)
- Add support for The Oracle Cluster File System v2 (OCFS2)
- Enable native fencing for 'microsoft-azure'
- Add documentation on how to enable native fencing
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:9-1
Released: Mon Jan 2 11:42:16 2023
Summary: Security update for saphanabootstrap-formula
Type: security
Severity: important
References: 1185643,1205990,CVE-2022-45153
This update for saphanabootstrap-formula fixes the following issues:
- Version bump 0.13.1
* revert changes to spec file to re-enable SLES RPM builds
* CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)
- Version bump 0.13.0
* pass sid to sudoers in a SLES12 compatible way
* add location constraint to gcp_stonith
- Version bump 0.12.1
* moved templates dir into hana dir in repository to be gitfs compatible
- Version bump 0.12.0
* add SAPHanaSR takeover blocker
- Version bump 0.11.0
* use check_cmd instead of tmp sudoers file
* make sudoers rules more secure
* migrate sudoers to template file
- Version bump 0.10.1
* fix hook removal conditions
* fix majority_maker code on case grain is empty
- Version bump 0.10.0
* allow to disable shared HANA basepath and rework add_hosts code
(enables HANA scale-out on AWS)
* do not edit global.ini directly (if not needed)
- Version bump 0.9.1
* fix majority_maker code on case grain is empty
- Version bump 0.9.0
* define vip_mechanism for every provider and reorder resources
(same schema for all SAP related formulas)
- Version bump 0.8.1
* use multi-target Hook on HANA scale-out
- Version bump 0.8.0
* add HANA scale-out support
* add idempotence to not affect a running HANA and cluster
- Version bump 0.7.2
* add native fencing for microsoft-azure
- fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703
- removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory
- fixes execution order of srTakeover/srCostOptMemConfig hook
- renames and updates hook srTakeover to srCostOptMemConfig
- Changing exporter stickiness to => 0 and adjusting the colocation
score from +inf to -inf and changing the colocation from Master to Slave.
This change fix the impact of a failed exporter in regards to the HANA DB.
- Document extra_parameters in pillar.example (bsc#1185643)
- Change hanadb_exporter default timeout value to 30 seconds
- Set correct stickiness for the azure-lb resource
The azure-lb resource receives an stickiness=0 to not influence on
transitions calculations as the HANA resources have more priority
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:726-1
Released: Tue Mar 14 15:40:56 2023
Summary: Recommended update for python-shaptools
Type: recommended
Severity: moderate
References:
This update for python-shaptools and salt-shaptools fixes the following issues:
- python-shaptools Version 0.3.13:
Add HANA add_hosts feature
Forces Instance nr always with 2 positions filled with 0
Forces right formatting on HANA OS admin user.
- salt-shaptools Version 0.3.17:
Add HANA add_hosts feature
Workaround to detect aws cloud_provider
Do not raise exception on empty HANA query results
Add module query to HANA
Fix typo to fix uninstalled state
Add cluster init support for OCFS2 device
qdevice support: it can be created when initializing a cluster
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3331-1
Released: Wed Aug 16 09:04:24 2023
Summary: Recommended update for salt-shaptools
Type: recommended
Severity: moderate
References:
This update for salt-shaptools fixes the following issues:
- Version 0.3.18
* Salt no longer vendors six (>=salt-3006.0)
https://github.com/saltstack/salt/issues/63874
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3298-1
Released: Wed Sep 18 12:59:04 2024
Summary: Security update for python-dnspython
Type: security
Severity: moderate
References: 1230353,CVE-2023-29483
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3300-1
Released: Wed Sep 18 14:27:53 2024
Summary: Recommended update for ncurses
Type: recommended
Severity: moderate
References: 1229028
This update for ncurses fixes the following issues:
- Allow the terminal description based on static fallback entries to be freed (bsc#1229028)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3346-1
Released: Thu Sep 19 17:20:06 2024
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1228647,1230267
This update for libzypp, zypper fixes the following issues:
- API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3359-1
Released: Fri Sep 20 17:31:14 2024
Summary: Recommended update for pgaudit, postgresql
Type: recommended
Severity: moderate
References: 1230423
This update for pgaudit, postgresql fixes the following issues:
- Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases. (bsc#1230423)
pgaudit is rebuilt with updated postgresql requires.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3428-1
Released: Tue Sep 24 18:46:11 2024
Summary: Security update for apr
Type: security
Severity: moderate
References: 1229783,CVE-2023-49582
This update for apr fixes the following issues:
- CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3450-1
Released: Thu Sep 26 09:09:16 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1227216
This update for pam-config fixes the following issues:
- Improved check for existence of modules (bsc#1227216)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3466-1
Released: Fri Sep 27 08:18:07 2024
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: moderate
References: 1230070
This update for perl-Bootloader fixes the following issues:
- Handle missing grub_installdevice on PowerPC (bsc#1230070)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3470-1
Released: Fri Sep 27 14:34:46 2024
Summary: Security update for python3
Type: security
Severity: important
References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3472-1
Released: Fri Sep 27 14:51:53 2024
Summary: Recommended update for libsodium
Type: recommended
Severity: important
References: 1148184,1199282
This update for libsodium fixes the following issues:
libsodium:
- Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
* Emscripten: print and printErr functions are overridden to send errors to the console, if there is one
* Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated
* Libsodium version detection has been fixed in the CMake recipe
* Generic hashing got a 10% speedup on AVX2.
* New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh)
* New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random()
* crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication
* Support for the Ristretto group has been implemented for interoperability with wasm-crypto
* Improvements have been made to the test suite
* Portability improvements have been made
* 'randombytes_salsa20' has been 'renamed to randombytes_internal'
* Support for NativeClient has been removed
* Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL.
* The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds
* For the full list of changes please consult the packaged ChangeLog
- Disable LTO to bypass build failures on Power PC architecture (bsc#1148184)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3487-1
Released: Fri Sep 27 19:56:02 2024
Summary: Recommended update for logrotate
Type: recommended
Severity: moderate
References:
This update for logrotate fixes the following issues:
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3496-1
Released: Mon Sep 30 09:19:26 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1230984
This update for rsyslog fixes the following issue:
- restart daemon after update at the end of the transaction
(bsc#1230984).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3501-1
Released: Tue Oct 1 16:03:34 2024
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1230698,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3504-1
Released: Tue Oct 1 16:22:27 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1230638
This update for glibc fixes the following issue:
- Use nss-systemd by default also in SLE (bsc#1230638).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3512-1
Released: Wed Oct 2 18:14:56 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1226414,1228091,1228223,1228809,1229518
This update for systemd fixes the following issues:
- Determine the effective user limits in a systemd setup (jsc#PED-5659)
- Don't try to restart the udev socket units anymore. (bsc#1228809).
- Add systemd.rules rework (bsc#1229518).
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091).
- upstream commit (bsc#1226414).
- Make the 32bit version of libudev.so available again (bsc#1228223).
- policykit-1 renamed to polkitd
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3528-1
Released: Fri Oct 4 15:31:43 2024
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1230145
This update for e2fsprogs fixes the following issue:
- resize2fs: Check number of group descriptors only if meta_bg is disabled
(bsc#1230145).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3583-1
Released: Thu Oct 10 08:56:24 2024
Summary: Recommended update for wicked
Type: recommended
Severity: moderate
References: 1229555
This update for wicked fixes the following issues:
- compat-suse: fix dummy interfaces configuration with
`INTERFACETYPE=dummy` (bsc#1229555).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3597-1
Released: Fri Oct 11 10:39:52 2024
Summary: Recommended update for bash
Type: recommended
Severity: moderate
References: 1227807
This update for bash fixes the following issues:
- Load completion file eveh if a brace expansion is in the
command line included (bsc#1227807).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3602-1
Released: Fri Oct 11 13:02:10 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1224465,1230263,1230840
This update for grub2 fixes the following issues:
- Fix OOM (out of memory) error in loading loopback file (bsc#1230840).
- Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263).
- Fix grub screen is filled with artifects from earlier post menu (bsc#1224465).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3609-1
Released: Mon Oct 14 11:39:13 2024
Summary: Recommended update for SLES-release
Type: recommended
Severity: moderate
References: 1227100,1230135
This update for SLES-release fixes the following issues:
- update codestream end date (bsc#1227100)
- added weakremover(libsemanage1) (bsc#1230135)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3616-1
Released: Mon Oct 14 13:03:56 2024
Summary: Recommended update for libnettle
Type: recommended
Severity: moderate
References: 1221714,1226724
This update for libnettle fixes the following issue:
- FIPS integrity checksums were not correct on s390x (bsc#1221714)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3659-1
Released: Wed Oct 16 15:12:47 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1188441,1210959,1214915,1219031,1220724,1221601
This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc14 compilers use:
- install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
- override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.
For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html
- Add libquadmath0-devel-gcc14 sub-package to allow installing
quadmath.h and SO link without installing the fortran frontend
- Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
- Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
- Revert libgccjit dependency change. [bsc#1220724]
- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Re-enable AutoReqProv for cross packages but filter files processed
via __requires_exclude_from and __provides_exclude_from.
[bsc#1219031]
- Package m2rte.so plugin in the gcc14-m2 sub-package rather than
in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs
are linked against libstdc++6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3675-1
Released: Wed Oct 16 19:33:31 2024
Summary: Security update for libarchive
Type: security
Severity: important
References: 1231544,CVE-2024-48957
This update for libarchive fixes the following issues:
- CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3681-1
Released: Wed Oct 16 19:34:35 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: important
References: 1230912,1231043
This update for libzypp fixes the following issues:
- Send unescaped colons in header values. According to the STOMP protocol, it
would be correct to escape colon here but the practice broke plugin receivers
that didn't expect this. The incompatiblity affected customers who were
running spacewalk-repo-sync and experienced issues when accessing the cloud
URL. [bsc#1231043]
- Fix hang in curl code with no network connection. [bsc#1230912]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3712-1
Released: Thu Oct 17 15:00:54 2024
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1229684
This update for samba fixes the following issues:
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
(bsc#1229684).
- Version update
* Invalid client warning about command line passwords.
* program version string is truncated in manpages.
* --version-* options reject tilde characters.
* We have added new options --vendor-name and --vendor-patch-
revision arguments to ./configure to allow distributions and
packagers to put their name in the Samba version string so that
when debugging Samba the source of the binary is obvious.
* Unable to log on to a Windows computer when user account
need to change their own password.
* Fix clock skew error message and memory cache clock skew
recovery.
* Dynamic DNS updates with the internal DNS are not working.
* 'client use kerberos' and --use-kerberos is ignored for the machine
account.
* Regression DFS not working with widelinks=true.
* ntlm_auth make logs more consistent with length check.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released: Fri Oct 18 11:56:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1231051
This update for glibc fixes the following issue:
- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:3739-1
Released: Mon Oct 21 13:28:32 2024
Summary: Optional update for sssd, adcli
Type: optional
Severity: moderate
References:
This update for sssd, adcli has the following feature:
- Ship sssd-ad and adcli to SLE Micro 5.5
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3742-1
Released: Mon Oct 21 15:58:25 2024
Summary: Security update for apache2
Type: security
Severity: important
References: 1228097,CVE-2024-40725
This update for apache2 fixes the following issues:
- CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3745-1
Released: Tue Oct 22 15:39:35 2024
Summary: Security update for protobuf
Type: security
Severity: important
References: 1230778,CVE-2024-7254
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3812-1
Released: Wed Oct 30 16:34:31 2024
Summary: Recommended update for protobuf
Type: recommended
Severity: moderate
References:
This update for protobuf fixes the following issues:
- Build the java part with maven, so that we create artifacts
that correspond to upstream distributed ones.
- Add maven artifact metadata to the protoc binary
- Package also the bom and pom artifacts
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3846-1
Released: Thu Oct 31 11:07:10 2024
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1226724,1226731,1226733,1227642,1227669,1227670,1227671,1230166
This update for gnutls fixes the following issues:
- FIPS: Do not allow curve P-192 for signature or keypair verification [bsc#1227669]
- FIPS: Allow to perform the integrity check with the hmac provided by each library [bsc#1226724]
- FIPS: Mark gnutls_hash_fast operations as approved in SLI. [bsc#1230166]
- FIPS: Run pairwise consistency test only in FIPS mode. [bsc#1226733]
- FIPS: Use full hash+sign operations, not low level primitives in PCT test. [bsc#1226733]
- FIPS: Mark SHA1 as not allowed for signature verification in both RSA and ECDSA sigVer. [bsc#1227642]
- FIPS: Allow RSA signature verification with min of 2048 bit modulus. [bsc#1227670]
- FIPS: Remove not needed DSA in selfchecks in FIPS mode. [bsc#1227671, bsc#1226731]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3875-1
Released: Fri Nov 1 16:27:47 2024
Summary: Security update for java-11-openjdk
Type: security
Severity: moderate
References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235
This update for java-11-openjdk fixes the following issues:
Updated to version 11.0.25+9 (October 2024 CPU):
- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702)
- CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711)
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3879-1
Released: Fri Nov 1 17:04:25 2024
Summary: Security update for python3
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3887-1
Released: Mon Nov 4 09:22:45 2024
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1231796
This update for lvm2 fixes the following issue:
- LVM2 mirror attached to another node couldn't be converted into linear LV (bsc#1231796).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3896-1
Released: Mon Nov 4 12:08:29 2024
Summary: Recommended update for shadow
Type: recommended
Severity: moderate
References: 1230972
This update for shadow fixes the following issues:
- Add useradd warnings when requested UID is outside the default range (bsc#1230972)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3902-1
Released: Mon Nov 4 13:15:51 2024
Summary: Recommended update for shim
Type: recommended
Severity: moderate
References: 1210382,1230316
This update for shim fixes the following issues:
- Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382)
- Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3905-1
Released: Mon Nov 4 13:39:01 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1220262,1224258,1224260,1224264,1224265,1224266,1224267,1224268,1224269,1224270,1224271,1224272,1224273,1224275,1228618,1228619,1228623,CVE-2023-50782
This update for openssl-1_1 fixes the following issues:
Security fixes:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
Other fixes:
- FIPS: AES GCM external IV implementation (bsc#1228618)
- FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623)
- FIPS: Enforce KDF in FIPS style (bsc#1224270)
- FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619)
- FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269)
- FIPS: Differentiate the PSS length requirements (bsc#1224275)
- FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272)
- FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271)
- FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266)
- FIPS: DH FIPS selftest and safe prime group (bsc#1224264)
- FIPS: Remove not needed FIPS DRBG files (bsc#1224268)
- FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265)
- FIPS: Disallow non-approved KDF types (bsc#1224267)
- FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273)
- FIPS: DRBG component chaining (bsc#1224258)
- FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3935-1
Released: Thu Nov 7 06:12:39 2024
Summary: Recommended update for wicked
Type: recommended
Severity: important
References: 1229555,1229745,1230911,1231060
This update for wicked fixes the following issues:
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad
- Consider only interface specific accept_redirects sysctl settings
- Adopt ifsysctl(5) manual page with wicked specific behavior
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option
- team: set arp link watcher interval default to 1s
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (bsc#1229555)
- arp: don't set target broadcast hardware address
- dbus: don't memcpy empty/NULL array value
- ethtool: fix leak and free pause data in ethtool_free
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3940-1
Released: Thu Nov 7 11:09:06 2024
Summary: Security update for libarchive
Type: security
Severity: important
References: 1225972,1231624,CVE-2024-20697,CVE-2024-48958
This update for libarchive fixes the following issues:
- CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (bsc#1225972).
- CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in execute_filter_delta function (bsc#1231624).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3953-1
Released: Fri Nov 8 10:28:16 2024
Summary: Recommended update for firewalld
Type: recommended
Severity: moderate
References: 1231793
This update for firewalld fixes the following issues:
- Add firewalld-zsh-completion and firewalld-bash-completion to Basesystem_15-SP6 (bsc#1231793)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3963-1
Released: Sat Nov 9 17:39:08 2024
Summary: Security update for java-17-openjdk
Type: security
Severity: moderate
References: 1231702,1231711,1231716,1231719,CVE-2024-21208,CVE-2024-21210,CVE-2024-21217,CVE-2024-21235
This update for java-17-openjdk fixes the following issues:
- Update to upstream tag jdk-17.0.13+11 (October 2024 CPU)
* Security fixes
+ JDK-8307383: Enhance DTLS connections
+ JDK-8290367, JDK-8332643: Update default value and extend the
scope of com.sun.jndi.ldap.object.trustSerialData system property
+ JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
+ JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support
+ JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations
+ JDK-8335713: Enhance vectorization analysis
* Other changes
+ JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/
/ReadLongZipFileName.java leaks files if it fails
+ JDK-7026262: HttpServer: improve handling of finished HTTP exchanges
+ JDK-7124313: [macosx] Swing Popups should overlap taskbar
+ JDK-8005885: enhance PrintCodeCache to print more data
+ JDK-8051959: Add thread and timestamp options to
java.security.debug system property
+ JDK-8170817: G1: Returning MinTLABSize from
unsafe_max_tlab_alloc causes TLAB flapping
+ JDK-8183227: read/write APIs in class os shall return ssize_t
+ JDK-8193547: Regression automated test '/open/test/jdk/java/
/awt/Toolkit/DesktopProperties/rfe4758438.java' fails
+ JDK-8222884: ConcurrentClassDescLookup.java times out intermittently
+ JDK-8233725: ProcessTools.startProcess() has output issues
when using an OutputAnalyzer at the same time
+ JDK-8238169: BasicDirectoryModel getDirectories and
DoChangeContents.run can deadlock
+ JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due
to 'BindException: Address already in use'
+ JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
/FilenameFilterTest.java fails on Mac OS
+ JDK-8256291: RunThese30M fails 'assert(_class_unload ? true :
((((JfrTraceIdBits::load(class_loader_klass)) &
((1 << 4) << 8)) != 0))) failed: invariant'
+ JDK-8257540: javax/swing/JFileChooser/8041694/bug8041694.java
failed with 'RuntimeException: The selected directory name is
not the expected 'd ' but 'D '.'
+ JDK-8259866: two java.util tests failed with 'IOException:
There is not enough space on the disk'
+ JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
/MouseEventAfterStartDragTest.html test failed
+ JDK-8261433: Better pkcs11 performance for
libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
+ JDK-8263031: HttpClient throws Exception if it receives a
Push Promise that is too large
+ JDK-8265919: RunThese30M fails
'assert((!(((((JfrTraceIdBits::load(value)) & ((1 << 4) << 8))
!= 0))))) failed: invariant'
+ JDK-8269428: java/util/concurrent/ConcurrentHashMap/
/ToArray.java timed out
+ JDK-8269657: Test java/nio/channels/DatagramChannel/
/Loopback.java failed: Unexpected message
+ JDK-8272232: javax/swing/JTable/4275046/bug4275046.java
failed with 'Expected value in the cell: 'rededited' but found
'redEDITED'.'
+ JDK-8272558: IR Test Framework README misses some flags
+ JDK-8272777: Clean up remaining AccessController warnings in test library
+ JDK-8273216: JCMD does not work across container boundaries with Podman
+ JDK-8273430: Suspicious duplicate condition in
java.util.regex.Grapheme#isExcludedSpacingMark
+ JDK-8273541: Cleaner Thread creates with normal priority
instead of MAX_PRIORITY - 2
+ JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
/JComponent/6683775/bug6683775.java
+ JDK-8276660: Scalability bottleneck in
java.security.Provider.getService()
+ JDK-8277042: add test for 8276036 to compiler/codecache
+ JDK-8279068: IGV: Update to work with JDK 16 and 17
+ JDK-8279164: Disable TLS_ECDH_* cipher suites
+ JDK-8279222: Incorrect legacyMap.get in
java.security.Provider after JDK-8276660
+ JDK-8279337: The MToolkit is still referenced in a few places
+ JDK-8279641: Create manual JTReg tests for Swing accessibility
+ JDK-8279878: java/awt/font/JNICheck/JNICheck.sh test fails on Ubuntu 21.10
+ JDK-8280034: ProblemList jdk/jfr/api/consumer/recordingstream/
/TestOnEvent.java on linux-x64
+ JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
/NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.'
+ JDK-8280970: Cleanup dead code in java.security.Provider
+ JDK-8280982: [Wayland] [XWayland] java.awt.Robot taking screenshots
+ JDK-8280988: [XWayland] Click on title to request focus test failures
+ JDK-8280990: [XWayland] XTest emulated mouse click does not
bring window to front
+ JDK-8280993: [XWayland] Popup is not closed on click outside
of area controlled by XWayland
+ JDK-8280994: [XWayland] Drag and Drop does not work in java
-> wayland app direction
+ JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS
+ JDK-8282354: Remove dependancy of TestHttpServer,
HttpTransaction, HttpCallback from open/test/jdk/ tests
+ JDK-8282526: Default icon is not painted properly
+ JDK-8283728: jdk.hotspot.agent: Wrong location for
RISCV64ThreadContext.java
+ JDK-8284316: Support accessibility ManualTestFrame.java for
non SwingSet tests
+ JDK-8284585: PushPromiseContinuation test fails
intermittently in timeout
+ JDK-8285497: Add system property for Java SE specification
maintenance version
+ JDK-8288568: Reduce runtime of java.security microbenchmarks
+ JDK-8289182: NMT: MemTracker::baseline should return void
+ JDK-8290966: G1: Record number of PLAB filled and number of
direct allocations
+ JDK-8291760: PipelineLeaksFD.java still fails: More or fewer
pipes than expected
+ JDK-8292044: HttpClient doesn't handle 102 or 103 properly
+ JDK-8292739: Invalid legacy entries may be returned by
Provider.getServices() call
+ JDK-8292948: JEditorPane ignores font-size styles in external
linked css-file
+ JDK-8293862: javax/swing/JFileChooser/8046391/bug8046391.java
failed with 'Cannot invoke
'java.awt.Image.getWidth(java.awt.image.ImageObserver)'
because 'retVal' is null'
+ JDK-8293872: Make runtime/Thread/ThreadCountLimit.java more robust
+ JDK-8294148: Support JSplitPane for instructions and test UI
+ JDK-8294691: dynamicArchive/RelativePath.java is running
other test case
+ JDK-8294994: Update Jarsigner and Keytool i18n tests to
validate i18n compliance
+ JDK-8295111: dpkg appears to have problems resolving
symbolically linked native libraries
+ JDK-8296410: HttpClient throws java.io.IOException: no
statuscode in response for HTTP2
+ JDK-8296812: sprintf is deprecated in Xcode 14
+ JDK-8297878: KEM: Implementation
+ JDK-8298381: Improve handling of session tickets for multiple SSLContexts
+ JDK-8298596: vmTestbase/nsk/sysdict/vm/stress/chain/chain008/
/chain008.java fails with 'NoClassDefFoundError: Could not
initialize class java.util.concurrent.ThreadLocalRandom'
+ JDK-8298809: Clean up vm/compiler/InterfaceCalls JMH
+ JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
when connection is idle
+ JDK-8299254: Support dealing with standard assert macro
+ JDK-8299378: sprintf is deprecated in Xcode 14
+ JDK-8299395: Remove metaprogramming/removeCV.hpp
+ JDK-8299396: Remove metaprogramming/removeExtent.hpp
+ JDK-8299397: Remove metaprogramming/isFloatingPoint.hpp
+ JDK-8299398: Remove metaprogramming/isConst.hpp
+ JDK-8299399: Remove metaprogramming/isArray.hpp
+ JDK-8299402: Remove metaprogramming/isVolatile.hpp
+ JDK-8299479: Remove metaprogramming/decay.hpp
+ JDK-8299481: Remove metaprogramming/removePointer.hpp
+ JDK-8299482: Remove metaprogramming/isIntegral.hpp
+ JDK-8299487: Test java/net/httpclient/whitebox/
/SSLTubeTestDriver.java timed out
+ JDK-8299635: Hotspot update for deprecated sprintf in Xcode 14
+ JDK-8299779: Test tools/jpackage/share/jdk/jpackage/tests/
/MainClassTest.java timed out
+ JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java
fails with jtreg test timeout due to lost datagram
+ JDK-8299971: Remove metaprogramming/conditional.hpp
+ JDK-8299972: Remove metaprogramming/removeReference.hpp
+ JDK-8300169: Build failure with clang-15
+ JDK-8300260: Remove metaprogramming/isSame.hpp
+ JDK-8300264: Remove metaprogramming/isPointer.hpp
+ JDK-8300265: Remove metaprogramming/isSigned.hpp
+ JDK-8300806: Update googletest to v1.13.0
+ JDK-8300910: Remove metaprogramming/integralConstant.hpp
+ JDK-8301132: Test update for deprecated sprintf in Xcode 14
+ JDK-8301200: Don't scale timeout stress with timeout factor
+ JDK-8301274: update for deprecated sprintf for security components
+ JDK-8301279: update for deprecated sprintf for management components
+ JDK-8301686: TLS 1.3 handshake fails if server_name doesn't
match resuming session
+ JDK-8301704: Shorten the number of GCs in UnloadingTest.java
to verify a class loader not being unloaded
+ JDK-8302495: update for deprecated sprintf for java.desktop
+ JDK-8302800: Augment NaN handling tests of FDLIBM methods
+ JDK-8303216: Prefer ArrayList to LinkedList in
sun.net.httpserver.ServerImpl
+ JDK-8303466: C2: failed: malformed control flow. Limit type
made precise with MaxL/MinL
+ JDK-8303527: update for deprecated sprintf for
jdk.hotspot.agent
+ JDK-8303617: update for deprecated sprintf for jdk.jdwp.agent
+ JDK-8303830: update for deprecated sprintf for
jdk.accessibility
+ JDK-8303891: Speed up Zip64SizeTest using a small ZIP64 file
+ JDK-8303920: Avoid calling out to python in
DataDescriptorSignatureMissing test
+ JDK-8303942: os::write should write completely
+ JDK-8303965: java.net.http.HttpClient should reset the stream
if response headers contain malformed header fields
+ JDK-8304375: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with 'Expected at least some events to be out of order!
Reuse = false'
+ JDK-8304962: sun/net/www/http/KeepAliveCache/B5045306.java:
java.lang.RuntimeException: Failed: Initial Keep Alive
Connection is not being reused
+ JDK-8304963: HttpServer closes connection after processing
HEAD after JDK-7026262
+ JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
+ JDK-8305079: Remove finalize() from compiler/c2/Test719030
+ JDK-8305081: Remove finalize() from
test/hotspot/jtreg/compiler/runtime/Test8168712
+ JDK-8305825: getBounds API returns wrong value resulting in
multiple Regression Test Failures on Ubuntu 23.04
+ JDK-8305959: x86: Improve itable_stub
+ JDK-8306583: Add JVM crash check in CDSTestUtils.executeAndLog
+ JDK-8306929: Avoid CleanClassLoaderDataMetaspaces safepoints
when previous versions are shared
+ JDK-8306946: jdk/test/lib/process/
/ProcessToolsStartProcessTest.java fails with 'wrong number of
lines in OutputAnalyzer output'
+ JDK-8307091: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8307193: Several Swing jtreg tests use class.forName on
L&F classes
+ JDK-8307352: AARCH64: Improve itable_stub
+ JDK-8307448: Test RedefineSharedClassJFR fail due to wrong assumption
+ JDK-8307779: Relax the java.awt.Robot specification
+ JDK-8307848: update for deprecated sprintf for jdk.attach
+ JDK-8307850: update for deprecated sprintf for jdk.jdi
+ JDK-8308022: update for deprecated sprintf for java.base
+ JDK-8308144: Uncontrolled memory consumption in
SSLFlowDelegate.Reader
+ JDK-8308184: Launching java with large number of jars in
classpath with java.protocol.handler.pkgs system property set
can lead to StackOverflowError
+ JDK-8308801: update for deprecated sprintf for libnet in java.base
+ JDK-8308891: TestCDSVMCrash.java needs @requires vm.cds
+ JDK-8309241: ClassForNameLeak fails intermittently as the
class loader hasn't been unloaded
+ JDK-8309621: [XWayland][Screencast] screen capture failure
with sun.java2d.uiScale other than 1
+ JDK-8309703: AIX build fails after JDK-8280982
+ JDK-8309756: Occasional crashes with pipewire screen capture on Wayland
+ JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg
+ JDK-8310070: Test:
javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out
+ JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when
EnableJVMCI is specified
+ JDK-8310201: Reduce verbose locale output in -XshowSettings
launcher option
+ JDK-8310334: [XWayland][Screencast] screen capture error
message in debug
+ JDK-8310628: GcInfoBuilder.c missing JNI Exception checks
+ JDK-8310683: Refactor StandardCharset/standard.java to use JUnit
+ JDK-8311208: Improve CDS Support
+ JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved
+ JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
+ JDK-8312229: Crash involving yield, switch and anonymous classes
+ JDK-8313256: Exclude failing multicast tests on AIX
+ JDK-8313394: Array Elements in OldObjectSample event has the
incorrect description
+ JDK-8313674: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java should test for more block devices
+ JDK-8313697: [XWayland][Screencast] consequent getPixelColor
calls are slow
+ JDK-8313873: java/nio/channels/DatagramChannel/
/SendReceiveMaxSize.java fails on AIX due to small default
RCVBUF size and different IPv6 Header interpretation
+ JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/
/CodeCacheFullCountTest.java fails with
java.lang.VirtualMachineError
+ JDK-8314476: TestJstatdPortAndServer.java failed with
'java.rmi.NoSuchObjectException: no such object in table'
+ JDK-8314614: jdk/jshell/ImportTest.java failed with
'InternalError: Failed remote listen'
+ JDK-8314837: 5 compiled/codecache tests ignore VM flags
+ JDK-8315024: Vector API FP reduction tests should not test
for exact equality
+ JDK-8315362: NMT: summary diff reports threads count incorrectly
+ JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl
+ JDK-8315437: Enable parallelism in
vmTestbase/nsk/monitoring/stress/classload tests
+ JDK-8315442: Enable parallelism in
vmTestbase/nsk/monitoring/stress/thread tests
+ JDK-8315559: Delay TempSymbol cleanup to avoid symbol table churn
+ JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java
fails after JDK-8314837
+ JDK-8315651: Stop hiding AIX specific multicast socket errors
via NetworkConfiguration (aix)
+ JDK-8315684: Parallelize
sun/security/util/math/TestIntegerModuloP.java
+ JDK-8315774: Enable parallelism in vmTestbase/gc/g1/unloading tests
+ JDK-8315804: Open source several Swing JTabbedPane JTextArea
JTextField tests
+ JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
+ JDK-8315965: Open source various AWT applet tests
+ JDK-8316104: Open source several Swing SplitPane and
RadioButton related tests
+ JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
java.lang.Exception: Could not find leak
+ JDK-8316211: Open source several manual applet tests
+ JDK-8316240: Open source several add/remove MenuBar manual tests
+ JDK-8316285: Opensource JButton manual tests
+ JDK-8316306: Open source and convert manual Swing test
+ JDK-8316328: Test jdk/jfr/event/oldobject/
/TestSanityDefault.java times out for some heap sizes
+ JDK-8316387: Exclude more failing multicast tests on AIX
after JDK-8315651
+ JDK-8316389: Open source few AWT applet tests
+ JDK-8316468: os::write incorrectly handles partial write
+ JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+ JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java
+ JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+ JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
Press on the outside area didn't cause ungrab
+ JDK-8317316: G1: Make TestG1PercentageOptions use
createTestJvm
+ JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+ JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+ JDK-8317360: Missing null checks in JfrCheckpointManager and
JfrStringPool initialization routines
+ JDK-8317372: Refactor some NumberFormat tests to use JUnit
+ JDK-8317635: Improve GetClassFields test to verify
correctness of field order
+ JDK-8317831: compiler/codecache/CheckLargePages.java fails on
OL 8.8 with unexpected memory string
+ JDK-8318039: GHA: Bump macOS and Xcode versions
+ JDK-8318089: Class space not marked as such with NMT when CDS is off
+ JDK-8318474: Fix memory reporter for thread_count
+ JDK-8318479: [jmh] the test security.CacheBench failed for
multiple threads run
+ JDK-8318605: Enable parallelism in
vmTestbase/nsk/stress/stack tests
+ JDK-8318696: Do not use LFS64 symbols on Linux
+ JDK-8318986: Improve GenericWaitBarrier performance
+ JDK-8319103: Popups that request focus are not shown on Linux with Wayland
+ JDK-8319197: Exclude hb-subset and hb-style from compilation
+ JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates
+ JDK-8319713: Parallel: Remove
PSAdaptiveSizePolicy::should_full_GC
+ JDK-8320079: The ArabicBox.java test has no control buttons
+ JDK-8320379: C2: Sort spilling/unspilling sequence for better
ld/st merging into ldp/stp on AArch64
+ JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
+ JDK-8320608: Many jtreg printing tests are missing the
@printer keyword
+ JDK-8320655: awt screencast robot spin and sync issues with
native libpipewire api
+ JDK-8320692: Null icon returned for .exe without custom icon
+ JDK-8320945: problemlist tests failing on latest Windows 11 update
+ JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2
+ JDK-8321176: [Screencast] make a second attempt on screencast failure
+ JDK-8321220: JFR: RecordedClass reports incorrect modifiers
+ JDK-8322008: Exclude some CDS tests from running with -Xshare:off
+ JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC
+ JDK-8322726: C2: Unloaded signature class kills argument value
+ JDK-8322971: KEM.getInstance() should check if a 3rd-party
security provider is signed
+ JDK-8323122: AArch64: Increase itable stub size estimate
+ JDK-8323584: AArch64: Unnecessary ResourceMark in
NativeCall::set_destination_mt_safe
+ JDK-8323670: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8323801: <s> tag doesn't strikethrough the text
+ JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max
limit on macOS >= 10.6 for RLIMIT_NOFILE
+ JDK-8324646: Avoid Class.forName in SecureRandom constructor
+ JDK-8324648: Avoid NoSuchMethodError when instantiating NativePRNG
+ JDK-8324668: JDWP process management needs more efficient
file descriptor handling
+ JDK-8324753: [AIX] adjust os_posix after JDK-8318696
+ JDK-8324755: Enable parallelism in
vmTestbase/gc/gctests/LargeObjects tests
+ JDK-8324933: ConcurrentHashTable::statistics_calculate
synchronization is expensive
+ JDK-8325022: Incorrect error message on client authentication
+ JDK-8325179: Race in BasicDirectoryModel.validateFileCache
+ JDK-8325194: GHA: Add macOS M1 testing
+ JDK-8325384: sun/security/ssl/SSLSessionImpl/
/ResumptionUpdateBoundValues.java failing intermittently when
main thread is a virtual thread
+ JDK-8325444: GHA: JDK-8325194 causes a regression
+ JDK-8325567: jspawnhelper without args fails with segfault
+ JDK-8325620: HTMLReader uses ConvertAction instead of
specified CharacterAction for <b>, <i>, <u>
+ JDK-8325621: Improve jspawnhelper version checks
+ JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes
survive minor garbage collections
+ JDK-8326106: Write and clear stack trace table outside of safepoint
+ JDK-8326332: Unclosed inline tags cause misalignment in
summary tables
+ JDK-8326446: The User and System of jdk.CPULoad on Apple M1 are inaccurate
+ JDK-8326734: text-decoration applied to <span> lost when
mixed with <u> or <s>
+ JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
+ JDK-8327137: Add test for ConcurrentModificationException in
BasicDirectoryModel
+ JDK-8327312: [17u] Problem list
ReflectionCallerCacheTest.java due to 8324978
+ JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java
on all platforms with ZGC
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8327787: Convert javax/swing/border/Test4129681.java
applet test to main
+ JDK-8327840: Automate javax/swing/border/Test4129681.java
+ JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
/GetBoundsResizeTest.java applet test to main
+ JDK-8328075: Shenandoah: Avoid forwarding when objects don't
move in full-GC
+ JDK-8328110: Allow simultaneous use of PassFailJFrame with
split UI and additional windows
+ JDK-8328115: Convert java/awt/font/TextLayout/
/TestJustification.html applet test to main
+ JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
to automatic main test
+ JDK-8328218: Delete test
java/awt/Window/FindOwner/FindOwner.html
+ JDK-8328234: Remove unused nativeUtils files
+ JDK-8328238: Convert few closed manual applet tests to main
+ JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful
+ JDK-8328273: sun/management/jmxremote/bootstrap/
/RmiRegistrySslTest.java failed with
java.rmi.server.ExportException: Port already in use
+ JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
/ClickDuringKeypress.java imports Applet
+ JDK-8328561: test java/awt/Robot/ManualInstructions/
/ManualInstructions.java isn't used
+ JDK-8328642: Convert applet test
MouseDraggedOutCauseScrollingTest.html to main
+ JDK-8328647: TestGarbageCollectorMXBean.java fails with
C1-only and -Xcomp
+ JDK-8328896: Fontmetrics for large Fonts has zero width
+ JDK-8328953: JEditorPane.read throws ChangedCharSetException
+ JDK-8328999: Update GIFlib to 5.2.2
+ JDK-8329004: Update Libpng to 1.6.43
+ JDK-8329103: assert(!thread->in_asgct()) failed during
multi-mode profiling
+ JDK-8329109: Threads::print_on() tries to print CPU time for
terminated GC threads
+ JDK-8329126: No native wrappers generated anymore with
-XX:-TieredCompilation after JDK-8251462
+ JDK-8329134: Reconsider TLAB zapping
+ JDK-8329510: Update ProblemList for
JFileChooser/8194044/FileSystemRootTest.java
+ JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
because The End and Start buttons are not placed correctly and
Tab focus does not move as expected
+ JDK-8329605: hs errfile generic events - move memory
protections and nmethod flushes to separate sections
+ JDK-8329663: hs_err file event log entry for thread
adding/removing should print current thread
+ JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771
+ JDK-8329995: Restricted access to `/proc` can cause JFR
initialization to crash
+ JDK-8330063: Upgrade jQuery to 3.7.1
+ JDK-8330524: Linux ppc64le compile warning with clang in os_linux_ppc.cpp
+ JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512)
+ JDK-8330615: avoid signed integer overflows in zip_util.c
readCen / hashN
+ JDK-8331011: [XWayland] TokenStorage fails under Security Manager
+ JDK-8331063: Some HttpClient tests don't report leaks
+ JDK-8331077: nroff man page update for jar tool
+ JDK-8331164: createJMHBundle.sh download jars fail when url
needed to be redirected
+ JDK-8331265: Bump update version for OpenJDK: jdk-17.0.13
+ JDK-8331331: :tier1 target explanation in doc/testing.md is incorrect
+ JDK-8331466: Problemlist serviceability/dcmd/gc/
/RunFinalizationTest.java on generic-all
+ JDK-8331605:
jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure
+ JDK-8331746: Create a test to verify that the cmm id is not ignored
+ JDK-8331798: Remove unused arg of checkErgonomics() in
TestMaxHeapSizeTools.java
+ JDK-8331885: C2: meet between unloaded and speculative types
is not symmetric
+ JDK-8332008: Enable issuestitle check
+ JDK-8332113: Update nsk.share.Log to be always verbose
+ JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in
ff_Adlm.xml
+ JDK-8332248: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java failed with RuntimeException
+ JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16
+ JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13'
+ JDK-8332898: failure_handler: log directory of commands
+ JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
/TestDescription.java fails with no GC's recorded
+ JDK-8333270: HandlersOnComplexResetUpdate and
HandlersOnComplexUpdate tests fail with 'Unexpected reference'
if timeoutFactor is less than 1/3
+ JDK-8333353: Delete extra empty line in CodeBlob.java
+ JDK-8333398: Uncomment the commented test in test/jdk/java/
/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java
+ JDK-8333477: Delete extra empty spaces in Makefiles
+ JDK-8333698: [17u] TestJstatdRmiPort fails after JDK-8333667
+ JDK-8333716: Shenandoah: Check for disarmed method before
taking the nmethod lock
+ JDK-8333724: Problem list security/infra/java/security/cert/
/CertPathValidator/certification/CAInterop.java
#teliasonerarootcav1
+ JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
an exception with 0 failures
+ JDK-8334166: Enable binary check
+ JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java
should not depend on SecurityManager
+ JDK-8334332: TestIOException.java fails if run by root
+ JDK-8334333: MissingResourceCauseTestRun.java fails if run by root
+ JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
includes elements of JDK-8163327
+ JDK-8334339: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java fails on alinux3
+ JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14
+ JDK-8334482: Shenandoah: Deadlock when safepoint is pending
during nmethods iteration
+ JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java
fails on linux-aarch64
+ JDK-8334653: ISO 4217 Amendment 177 Update
+ JDK-8334769: Shenandoah: Move CodeCache_lock close to its use
in ShenandoahConcurrentNMethodIterator
+ JDK-8335536: Fix assertion failure in IdealGraphPrinter when
append is true
+ JDK-8335775: Remove extraneous 's' in comment of
rawmonitor.cpp test file
+ JDK-8335808: update for deprecated sprintf for jfrTypeSetUtils
+ JDK-8335918: update for deprecated sprintf for jvmti
+ JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags
+ JDK-8336301: test/jdk/java/nio/channels/
/AsyncCloseAndInterrupt.java leaves around a FIFO file upon
test completion
+ JDK-8336928: GHA: Bundle artifacts removal broken
+ JDK-8337038: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java shoud set as /native
+ JDK-8337283: configure.log is truncated when build dir is on
different filesystem
+ JDK-8337664: Distrust TLS server certificates issued after
Oct 2024 and anchored by Entrust Root CAs
+ JDK-8337669: [17u] Backport of JDK-8284047 missed to delete a file
+ JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
are inconsistent with their setVerbose methods
+ JDK-8338696: (fs) BasicFileAttributes.creationTime() falls
back to epoch if birth time is unavailable (Linux)
+ JDK-8339869: [21u] Test CreationTime.java fails with
UnsatisfiedLinkError after 8334339
+ JDK-8341057: Add 2 SSL.com TLS roots
+ JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
+ JDK-8341673: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.13
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3971-1
Released: Mon Nov 11 10:29:03 2024
Summary: Recommended update for mojo-parent
Type: recommended
Severity: moderate
References: CVE-2022-34169
This update for mojo-parent fixes the following issues:
xalan-j2 was updated from version 2.7.2 to 2.7.3:
- Security issues fixed:
* CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684)
- Changes and Bugs fixed:
* Java 8 is now the minimum requirement
* Upgraded to Apache Commons BCEL 6.7.0
* Upgraded to Xerces-J 2.12.2
mojo-parent was updated from version 70 to 82:
- Main changes:
* Potentially Breaking Changes:
+ mojo.java.target should be set as '8', without '1.'
+ spotless plugin must be executed by JDK 11 at least
+ ossrh-snapshots repository was removed from parent
* New features and improvements:
+ Removed SHA-512 checksum for source release artifact
+ Use only project version as tag for release
+ Added space before close empty elements in poms by spotless
+ Using Checkstyle together with Spotless
+ Introduce spotless for automatic code formatting
+ Introduce enforcer rule for minimal version of Java and Maven
+ Use new Plugin Tools report - maven-plugin-report-plugin
+ Added sisu-maven-plugin
+ Introduced maven.version property
+ Execute spotless by JDK 11 at least
+ Use release options for m-compiler-p with newer JDKs
+ Allow override of invoker.streamLogsOnFailures
+ Require Maven 3.9.x at least for releases
+ Added maven-wrapper-plugin to pluginManagement
+ Removed ossrh-snapshots repository from MojoHaus parent
+ Added build-helper-maven-plugin to pluginManagement
+ Require Maven 3.6.3+
+ Updated palantirJavaFormat for spotless - JDK 21 compatible
+ Added dependencyManagement for maven-shade-plugin
+ Dropped recommendedJavaBuildVersion property
+ Format Markdown files with Spotless Plugin
* Bugs fixed:
+ Restore source release distribution in child projects
+ Rename property maven.version to mavenVersion
+ minimalMavenBuildVersion should not be overriding by
mavenVersion
+ Use simple checkstyle rules since spotless is executed by
default
+ Use old spotless version only for JDK < 11
+ Fixed spotless configuration for markdown
- Other changes:
* Removed Google search box due to privacy
* Put version for mrm-maven-plugin in property
* Added streamLogsOnFailures to m-invoker-p
* Added property for maven-fluido-skin version
* Setup Apache Matomo analytics
* Require Maven 3.2.5
* Added SHA-512 hashes
* Extract plugin version as variable so child pom can override if needed
* Removed issue-tracking as no longer exists
* Removed cim report as no longer exists
bcel was updated from version 5.2 to 6.10:
- Many APIs have been extended
- Added riscv64 support
- Various bugs were fixed
apache-commons-lang3 was updated to version 3.12.0 to 3.16.0:
- Included new APIs that are needed by bcel 6.x
- Various minor bugs were fixed
xerces-j2:
- Improved RPM packaging build instructions
netty3:
- Generate sources with protobuf instead of using pre-generated ones
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4009
Released: Mon Nov 18 14:21:44 2024
Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Type: security
Severity: critical
References: 1228945,1229077,1229923,1230255,1230536,1231332,1231568,1231852,1231900,1231922,CVE-2024-47533,CVE-2024-49502,CVE-2024-49503
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4033-1
Released: Mon Nov 18 14:31:43 2024
Summary: Recommended update for salt
Type: recommended
Severity: moderate
References: 1219041,1220357,1226141,1229109,1229539,1230322
This update for salt fixes the following issues:
- Fix failing x509 tests with OpenSSL < 1.1
- Avoid explicit reading of /etc/salt/minion (bsc#1220357)
- Allow NamedLoaderContexts to be returned from loader
- Revert the change making reactor less blocking (bsc#1230322)
- Use --cachedir for extension_modules in salt-call (bsc#1226141)
- Prevent using SyncWrapper with no reason
- Fix the SELinux context for Salt Minion service (bsc#1219041)
- Set contextvars as a build requirement for package
- Increase warn_until_date date for code we still support
- The test_debian test now uses port 80 for ubuntu keyserver
- Fix too frequent systemd service restart in test_system test
- Avoid crash on wrong output of systemctl version (bsc#1229539)
- Improve error handling with different OpenSSL versions
- Remove redundant run_func from salt.master.MWorker._handle_aes
- Fix cloud minion configuration for multiple masters (bsc#1229109)
- Use Pygit2 id instead of deprecated oid in gitfs
- Fix few failing tests to work with both Salt and Salt bundle
- Skip testing unsupported OpenSSL crypto algorithms
The following package changes have been done:
- glibc-2.38-150600.14.14.2 updated
- libsasl2-3-2.1.28-150600.7.3.1 updated
- libcom_err2-1.47.0-150600.4.6.2 updated
- adcli-0.8.2-150400.17.8.3 updated
- libncurses6-6.1-150000.5.27.1 updated
- terminfo-base-6.1-150000.5.27.1 updated
- ncurses-utils-6.1-150000.5.27.1 updated
- libudev1-254.18-150600.4.15.10 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- login_defs-4.8.1-150600.17.9.1 updated
- openssl-3-3.1.4-150600.5.21.1 updated
- libreadline7-7.0-150400.27.3.2 updated
- bash-4.4-150400.27.3.2 updated
- bash-sh-4.4-150400.27.3.2 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libapr1-1.6.3-150000.3.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- sles-release-15.6-150600.64.3.1 updated
- libsolv-tools-base-0.7.30-150600.8.2.1 updated
- libzypp-17.35.12-150600.3.27.1 updated
- zypper-1.14.77-150600.10.11.2 updated
- glibc-locale-base-2.38-150600.14.14.2 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- pam-config-1.1-150600.16.3.1 updated
- libsystemd0-254.18-150600.4.15.10 updated
- systemd-254.18-150600.4.15.10 updated
- shadow-4.8.1-150600.17.9.1 updated
- drbd-utils-9.25.0-150600.2.2 added
- libcurl4-8.6.0-150600.4.12.1 updated
- curl-8.6.0-150600.4.12.1 updated
- libarchive13-3.7.2-150600.3.9.1 updated
- libatomic1-14.2.0+git10526-150000.1.6.1 updated
- libdevmapper1_03-2.03.22_1.02.196-150600.3.3.2 updated
- libgomp1-14.2.0+git10526-150000.1.6.1 updated
- libitm1-14.2.0+git10526-150000.1.6.1 updated
- liblsan0-14.2.0+git10526-150000.1.6.1 updated
- libnettle8-3.9.1-150600.3.2.1 updated
- libopenssl1_1-1.1.1w-150600.5.9.1 updated
- libquadmath0-14.2.0+git10526-150000.1.6.1 updated
- libsodium23-1.0.18-150000.4.8.1 updated
- libsolv-tools-0.7.30-150600.8.2.1 updated
- perl-Bootloader-1.8.2-150600.3.3.1 updated
- release-notes-susemanager-5.0.2-150600.11.16.2 updated
- susemanager-schema-utility-5.0.12-150600.3.6.8 updated
- uyuni-config-modules-5.0.11-150600.3.6.6 updated
- libyui-ncurses16-4.5.3-150600.6.2.1 updated
- libyui16-4.5.3-150600.6.2.1 updated
- glibc-locale-2.38-150600.14.14.2 updated
- cyrus-sasl-2.1.28-150600.7.3.1 updated
- libhogweed6-3.9.1-150600.3.2.1 updated
- libpython3_6m1_0-3.6.15-150300.10.75.1 updated
- python3-base-3.6.15-150300.10.75.1 updated
- python3-3.6.15-150300.10.75.1 updated
- python3-curses-3.6.15-150300.10.75.1 updated
- postgresql-16-150600.17.3.2 updated
- glibc-devel-2.38-150600.14.14.2 updated
- susemanager-docs_en-5.0-150600.11.6.6 updated
- spacewalk-java-lib-5.0.14-150600.3.8.2 updated
- logrotate-3.18.1-150400.3.10.1 updated
- libyui-ncurses-pkg16-4.5.3-150600.6.2.1 updated
- shim-15.8-150300.4.23.1 updated
- apache2-prefork-2.4.58-150600.5.26.1 updated
- cyrus-sasl-gssapi-2.1.28-150600.7.3.1 updated
- cyrus-sasl-digestmd5-2.1.28-150600.7.3.1 updated
- libgnutls30-3.8.3-150600.4.3.1 updated
- wicked-0.6.77-150600.11.15.1 updated
- wicked-service-0.6.77-150600.11.15.1 updated
- python3-zypp-plugin-0.6.4-150600.18.2.3 updated
- python3-uyuni-common-libs-5.0.5-150600.2.3.6 updated
- python3-susemanager-retail-1.0.1722253762.9f01ce8-150600.3.3.6 updated
- python3-solv-0.7.30-150600.8.2.1 updated
- postgresql-server-16-150600.17.3.2 updated
- susemanager-docs_en-pdf-5.0-150600.11.6.6 updated
- susemanager-schema-5.0.12-150600.3.6.8 updated
- susemanager-sync-data-5.0.8-150600.3.8.6 updated
- apache2-2.4.58-150600.5.26.1 updated
- grub2-2.12-150600.8.9.2 updated
- grub2-i386-pc-2.12-150600.8.9.2 updated
- rsyslog-8.2406.0-150600.12.6.2 updated
- susemanager-retail-tools-1.0.1722253762.9f01ce8-150600.3.3.6 updated
- salt-shaptools-0.3.18+git.1690200022.db379c1-150200.3.12.1 added
- python3-dnspython-1.15.0-150000.3.10.2 updated
- postgresql-contrib-16-150600.17.3.2 updated
- samba-client-libs-4.19.8+git.368.51d32c069f-150600.3.6.11 updated
- supportutils-plugin-salt-1.2.2-150600.3.16.1 added
- java-17-openjdk-headless-17.0.13.0-150400.3.48.2 updated
- java-11-openjdk-headless-11.0.25.0-150000.3.119.1 updated
- grub2-x86_64-efi-2.12-150600.8.9.2 updated
- spacecmd-5.0.10-150600.4.6.6 updated
- spacewalk-backend-sql-postgresql-5.0.10-150600.4.6.10 updated
- j2objc-annotations-2.2-150200.5.3.4 added
- google-errorprone-annotations-2.26.1-150200.5.6.1 added
- apache-commons-lang3-3.16.0-150200.3.9.2 updated
- java-17-openjdk-17.0.13.0-150400.3.48.2 updated
- java-11-openjdk-11.0.25.0-150000.3.119.1 updated
- spacewalk-base-minimal-5.0.15-150600.3.10.2 updated
- xalan-j2-2.7.3-150200.11.7.1 updated
- xerces-j2-2.12.2-150200.3.10.2 updated
- bcel-6.10.0-150200.11.6.2 updated
- python3-firewall-2.0.1-150600.3.2.1 updated
- spacewalk-base-minimal-config-5.0.15-150600.3.10.2 updated
- protobuf-java-25.1-150600.16.10.1 updated
- firewalld-2.0.1-150600.3.2.1 updated
- spacewalk-backend-5.0.10-150600.4.6.10 updated
- spacewalk-base-5.0.15-150600.3.10.2 updated
- python3-salt-3006.0-150500.4.44.2 updated
- salt-3006.0-150500.4.44.2 updated
- spacewalk-backend-sql-5.0.10-150600.4.6.10 updated
- python3-spacewalk-certs-tools-5.0.8-150600.3.6.6 updated
- spacewalk-certs-tools-5.0.8-150600.3.6.6 updated
- salt-master-3006.0-150500.4.44.2 updated
- cobbler-3.3.3-150600.5.8.8 updated
- spacewalk-backend-server-5.0.10-150600.4.6.10 updated
- susemanager-sls-5.0.11-150600.3.6.6 updated
- spacewalk-java-postgresql-5.0.14-150600.3.8.2 updated
- spacewalk-java-config-5.0.14-150600.3.8.2 updated
- salt-api-3006.0-150500.4.44.2 updated
- spacewalk-backend-xmlrpc-5.0.10-150600.4.6.10 updated
- spacewalk-backend-xml-export-libs-5.0.10-150600.4.6.10 updated
- spacewalk-backend-package-push-server-5.0.10-150600.4.6.10 updated
- spacewalk-backend-iss-5.0.10-150600.4.6.10 updated
- spacewalk-backend-app-5.0.10-150600.4.6.10 updated
- spacewalk-html-5.0.15-150600.3.10.2 updated
- spacewalk-taskomatic-5.0.14-150600.3.8.2 updated
- spacewalk-java-5.0.14-150600.3.8.2 updated
- spacewalk-backend-iss-export-5.0.10-150600.4.6.10 updated
- patterns-suma_retail-5.0-150600.6.3.6 updated
- susemanager-tools-5.0.10-150600.3.6.6 updated
- spacewalk-backend-tools-5.0.10-150600.4.6.10 updated
- drbd-formula-0.4.2+git.1616116365.1e3ab34-3.6.1 added
- spacewalk-utils-5.0.5-150600.3.3.6 updated
- habootstrap-formula-0.4.4+git.1632747498.2caa677-3.20.1 added
- spacewalk-setup-5.0.6-150600.3.3.6 updated
- susemanager-5.0.10-150600.3.6.6 updated
- sapnwbootstrap-formula-0.6.4+git.1621842068.a86c37c-10.1 added
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 added
- patterns-suma_server-5.0-150600.6.3.6 updated
- container:suse-manager-5.0-init-5.0.2-5.0.2-7.6.16 added
- augeas-1.14.1-150600.1.3 removed
- augeas-lenses-1.14.1-150600.1.3 removed
- autoyast2-installation-4.6.6-150600.1.2 removed
- container:suse-manager-5.0-init-5.0.1-5.0.1-7.3.17 removed
- device-mapper-2.03.22_1.02.196-150600.1.3 removed
- fdupes-2.3.0-150400.3.3.1 removed
- hostname-3.16-2.22 removed
- hwinfo-21.85-150500.3.3.1 removed
- initviocons-0.5-1.27 removed
- kmod-29-150600.11.4 removed
- libaio1-0.3.109-1.25 removed
- libargon2-1-20190702-150600.1.4 removed
- libcryptsetup12-2.7.0-150600.3.3.1 removed
- libdevmapper-event1_03-2.03.22_1.02.196-150600.1.3 removed
- libldapcpp1-0.3.1-1.33 removed
- libparted0-3.2-150300.21.3.1 removed
- libpci3-3.5.6-150300.13.6.1 removed
- libruby2_5-2_5-2.5.9-150000.4.29.1 removed
- libstorage-ng-ruby-4.5.201-150600.1.3 removed
- libstorage-ng1-4.5.201-150600.1.3 removed
- libsuseconnect-1.11.0-150600.3.5.3 removed
- libx86emu3-3.1-1.23 removed
- lsscsi-0.28-1.24 removed
- parted-3.2-150300.21.3.1 removed
- pciutils-3.5.6-150300.13.6.1 removed
- perl-Digest-SHA1-2.13-1.27 removed
- perl-Parse-RecDescent-1.967015-1.22 removed
- perl-X500-DN-0.29-1.22 removed
- perl-gettext-1.07-1.442 removed
- pigz-2.3.3-1.28 removed
- python3-ldap-3.4.0-150400.5.69 removed
- python3-pyasn1-modules-0.2.1-3.4.12 removed
- regexp-1.5-150200.11.4.4 removed
- ruby-2.5-1.21 removed
- ruby-common-2.1-3.15 removed
- ruby-solv-0.7.30-150400.3.27.2 removed
- ruby2.5-2.5.9-150000.4.29.1 removed
- ruby2.5-rubygem-abstract_method-1.2.1-1.28 removed
- ruby2.5-rubygem-cfa-1.0.2-1.33 removed
- ruby2.5-rubygem-cfa_grub2-2.0.0-1.55 removed
- ruby2.5-rubygem-cheetah-0.5.2-1.33 removed
- ruby2.5-rubygem-fast_gettext-1.6.0-1.18 removed
- ruby2.5-rubygem-gem2rpm-0.10.1-3.45 removed
- ruby2.5-rubygem-mini_portile2-2.3.0-1.27 removed
- ruby2.5-rubygem-nokogiri-1.8.5-150400.14.3.1 removed
- ruby2.5-rubygem-ruby-augeas-0.5.0-1.31 removed
- ruby2.5-rubygem-ruby-dbus-0.14.0-1.27 removed
- ruby2.5-rubygem-simpleidn-0.0.9-1.17 removed
- ruby2.5-stdlib-2.5.9-150000.4.29.1 removed
- spacewalk-utils-extras-5.0.4-150600.1.1 removed
- suse-module-tools-15.6.10-150600.3.6.2 removed
- suseconnect-ng-1.11.0-150600.3.5.3 removed
- suseconnect-ruby-bindings-1.11.0-150600.3.5.3 removed
- system-group-kvm-20170617-150400.24.2.1 removed
- thin-provisioning-tools-0.7.5-3.3.1 removed
- udev-254.15-150600.4.8.1 removed
- unzip-6.00-150000.4.14.1 removed
- yast2-4.6.8-150600.1.1 removed
- yast2-add-on-4.6.2-150600.1.2 removed
- yast2-bootloader-4.6.7-150600.1.1 removed
- yast2-core-4.6.0-150600.1.7 removed
- yast2-country-4.6.6-150600.1.2 removed
- yast2-country-data-4.6.6-150600.1.2 removed
- yast2-hardware-detection-4.6.0-150600.1.5 removed
- yast2-installation-4.6.13-150600.3.3.3 removed
- yast2-ldap-4.6.0-150600.1.5 removed
- yast2-logs-4.6.8-150600.1.1 removed
- yast2-migration-4.6.0-150600.1.2 removed
- yast2-network-4.6.9-150600.1.1 removed
- yast2-ntp-client-4.6.0-150600.1.3 removed
- yast2-packager-4.6.9-150600.1.1 removed
- yast2-pam-4.6.0-150600.1.2 removed
- yast2-perl-bindings-4.6.0-150600.1.5 removed
- yast2-pkg-bindings-4.6.5-150600.3.6.1 removed
- yast2-proxy-4.6.0-150600.1.2 removed
- yast2-registration-4.6.2-150600.3.3.2 removed
- yast2-ruby-bindings-4.6.2-150600.1.5 removed
- yast2-security-4.6.0-150600.1.2 removed
- yast2-services-manager-4.6.1-150600.1.2 removed
- yast2-slp-4.6.0-150600.1.5 removed
- yast2-storage-ng-4.6.17-150600.1.1 removed
- yast2-trans-stats-2.19.0-1.28 removed
- yast2-transfer-4.6.0-150600.1.5 removed
- yast2-update-4.6.3-150600.1.2 removed
- yast2-users-4.6.6-150600.3.3.5 removed
- yast2-xml-4.6.0-150600.1.5 removed
- yast2-ycp-ui-bindings-4.6.0-150600.1.5 removed
More information about the sle-container-updates
mailing list