SUSE-IU-2026:3643-1: Security update of suse-sles-15-sp6-chost-byos-v20260518-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri May 22 07:03:28 UTC 2026
SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20260518-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3643-1
Image Tags : suse-sles-15-sp6-chost-byos-v20260518-x86_64-gen2:20260518
Image Release :
Severity : critical
Type : security
References : 1082318 1094836 1098360 1118027 1133233 1144060 1144357 1162712
1167148 1170154 1171566 1171933 1172579 1172948 1176006 1179890
1180165 1181400 1181869 1182850 1184124 1185897 1187536 1189139
1189649 1190538 1191422 1192298 1194735 1199026 1199722 1203823
1205502 1206627 1207266 1209255 1209571 1209811 1209812 1210617
1211830 1212476 1214169 1214806 1216545 1216606 1217336 1218588
1218664 1218722 1220168 1220210 1221622 1221941 1222465 1222842
1222880 1223128 1223980 1224788 1225307 1225660 1225811 1225912
1226413 1226447 1226448 1226469 1226591 1227378 1227999 1228081
1228105 1228165 1228414 1228490 1228780 1229003 1229596 1229704
1229997 1230227 1230861 1230906 1231795 1232241 1233265 1233563
1233649 1234736 1234808 1234809 1234842 1236705 1236720 1236818
1237764 1238450 1238591 1238879 1239210 1239439 1239625 1239637
1239715 1240789 1240871 1241002 1241067 1241345 1241437 1241474
1242631 1242696 1242909 1243055 1243195 1243197 1243273 1243313
1243443 1243443 1244032 1244039 1244056 1244059 1244060 1244061
1244449 1244550 1244705 1244925 1245403 1245569 1245728 1245938
1245939 1245942 1245943 1245946 1246052 1246184 1246399 1246447
1246505 1246602 1247030 1247249 1247432 1247712 1247850 1247858
1248097 1248211 1248356 1248586 1248600 1249307 1249385 1249998
1250032 1250082 1250553 1250553 1250553 1250705 1250748 1250754
1251135 1251186 1251305 1251966 1251971 1251979 1252073 1252266
1252511 1252712 1252900 1252911 1252924 1252974 1252974 1253049
1253060 1253087 1253122 1253223 1253451 1253679 1254202 1254255
1254264 1254293 1254299 1254306 1254324 1254378 1254400 1254400
1254401 1254401 1254447 1254465 1254510 1254541 1254563 1254670
1254670 1254767 1254842 1254845 1254866 1254867 1254992 1254997
1254997 1255084 1255377 1255401 1256331 1256389 1256427 1256455
1256528 1256564 1256609 1256610 1256612 1256616 1256617 1256623
1256641 1256645 1256664 1256665 1256682 1256690 1256716 1256726
1256728 1256759 1256779 1256792 1256807 1256808 1256809 1256811
1256812 1256902 1257029 1257029 1257029 1257031 1257031 1257031
1257041 1257041 1257042 1257042 1257042 1257044 1257044 1257046
1257046 1257046 1257108 1257144 1257154 1257158 1257181 1257181
1257231 1257232 1257235 1257236 1257296 1257332 1257396 1257463
1257466 1257472 1257473 1257473 1257490 1257496 1257506 1257593
1257594 1257595 1257603 1257625 1257667 1257732 1257735 1257749
1257773 1257790 1257825 1257891 1257952 1257960 1258002 1258020
1258022 1258045 1258049 1258054 1258080 1258081 1258083 1258181
1258229 1258265 1258311 1258319 1258338 1258340 1258376 1258377
1258392 1258395 1258406 1258424 1258464 1258518 1258524 1258720
1258730 1258832 1258849 1258850 1258859 1258928 1259051 1259070
1259090 1259188 1259204 1259240 1259247 1259248 1259362 1259362
1259363 1259364 1259365 1259377 1259418 1259441 1259461 1259543
1259580 1259611 1259611 1259616 1259619 1259650 1259697 1259707
1259711 1259726 1259729 1259734 1259734 1259735 1259735 1259797
1259803 1259804 1259808 1259825 1259845 1259857 1259924 1259985
1259989 1259989 1259998 1260005 1260009 1260026 1260026 1260078
1260082 1260347 1260441 1260441 1260442 1260442 1260443 1260443
1260444 1260444 1260445 1260471 1260486 1260562 1260589 1260730
1260754 1260755 1260805 1261155 1261191 1261271 1261412 1261420
1261427 1261430 1261498 1261678 1261678 1261809 1261957 1261969
1261970 1262098 1262144 1262319 1262573 1262631 1262632 1262635
1262636 1262638 1262654 1264013 1264449 1264450 1265209 1265308
761162 916845 CVE-2013-4235 CVE-2021-45417 CVE-2023-27043 CVE-2023-28858
CVE-2023-28859 CVE-2023-30608 CVE-2023-40403 CVE-2023-4641 CVE-2023-53714
CVE-2023-53817 CVE-2024-0397 CVE-2024-11584 CVE-2024-12718 CVE-2024-22195
CVE-2024-2312 CVE-2024-26130 CVE-2024-34064 CVE-2024-35195 CVE-2024-35195
CVE-2024-3651 CVE-2024-37891 CVE-2024-38542 CVE-2024-4032 CVE-2024-42103
CVE-2024-47081 CVE-2024-53070 CVE-2024-53149 CVE-2024-55549 CVE-2024-56201
CVE-2024-56326 CVE-2024-58251 CVE-2024-6174 CVE-2024-6232 CVE-2024-6345
CVE-2024-6923 CVE-2024-7592 CVE-2024-8088 CVE-2024-9287 CVE-2025-0938
CVE-2025-10911 CVE-2025-10911 CVE-2025-10911 CVE-2025-11468 CVE-2025-11468
CVE-2025-11468 CVE-2025-11731 CVE-2025-12084 CVE-2025-12084 CVE-2025-12781
CVE-2025-12801 CVE-2025-13462 CVE-2025-13462 CVE-2025-13836 CVE-2025-13836
CVE-2025-13837 CVE-2025-13837 CVE-2025-14831 CVE-2025-15282 CVE-2025-15282
CVE-2025-15282 CVE-2025-15366 CVE-2025-15366 CVE-2025-15367 CVE-2025-15367
CVE-2025-1795 CVE-2025-22047 CVE-2025-24855 CVE-2025-27516 CVE-2025-27613
CVE-2025-27614 CVE-2025-3416 CVE-2025-37813 CVE-2025-37861 CVE-2025-38243
CVE-2025-38322 CVE-2025-38379 CVE-2025-38539 CVE-2025-39689 CVE-2025-39813
CVE-2025-39817 CVE-2025-39829 CVE-2025-39913 CVE-2025-39964 CVE-2025-39998
CVE-2025-40097 CVE-2025-40099 CVE-2025-40103 CVE-2025-40202 CVE-2025-40253
CVE-2025-40257 CVE-2025-40259 CVE-2025-4138 CVE-2025-4330 CVE-2025-4435
CVE-2025-4516 CVE-2025-4517 CVE-2025-45582 CVE-2025-46835 CVE-2025-47273
CVE-2025-48384 CVE-2025-48385 CVE-2025-50181 CVE-2025-53906 CVE-2025-54518
CVE-2025-6069 CVE-2025-6075 CVE-2025-6075 CVE-2025-66418 CVE-2025-66471
CVE-2025-68284 CVE-2025-68285 CVE-2025-68775 CVE-2025-68804 CVE-2025-68808
CVE-2025-68813 CVE-2025-68819 CVE-2025-69720 CVE-2025-70873 CVE-2025-71066
CVE-2025-71078 CVE-2025-71081 CVE-2025-71083 CVE-2025-71085 CVE-2025-71089
CVE-2025-71111 CVE-2025-71112 CVE-2025-71113 CVE-2025-71120 CVE-2025-71136
CVE-2025-71147 CVE-2025-71231 CVE-2025-7709 CVE-2025-7709 CVE-2025-8194
CVE-2025-8291 CVE-2025-8732 CVE-2025-9403 CVE-2026-0672 CVE-2026-0672
CVE-2026-0672 CVE-2026-0865 CVE-2026-0865 CVE-2026-0865 CVE-2026-0964
CVE-2026-0965 CVE-2026-0966 CVE-2026-0967 CVE-2026-0968 CVE-2026-0990
CVE-2026-0992 CVE-2026-1299 CVE-2026-1299 CVE-2026-1502 CVE-2026-1519
CVE-2026-1757 CVE-2026-1965 CVE-2026-1965 CVE-2026-21441 CVE-2026-2297
CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23010 CVE-2026-23054
CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23103 CVE-2026-23111
CVE-2026-23141 CVE-2026-23157 CVE-2026-23191 CVE-2026-23202 CVE-2026-23204
CVE-2026-23207 CVE-2026-23209 CVE-2026-23214 CVE-2026-23231 CVE-2026-23243
CVE-2026-23268 CVE-2026-23269 CVE-2026-23272 CVE-2026-23274 CVE-2026-23278
CVE-2026-23293 CVE-2026-23317 CVE-2026-23381 CVE-2026-23398 CVE-2026-23412
CVE-2026-23413 CVE-2026-23490 CVE-2026-23554 CVE-2026-23555 CVE-2026-24401
CVE-2026-24515 CVE-2026-24882 CVE-2026-25210 CVE-2026-25645 CVE-2026-25646
CVE-2026-26269 CVE-2026-27135 CVE-2026-27171 CVE-2026-27448 CVE-2026-27459
CVE-2026-28387 CVE-2026-28387 CVE-2026-28388 CVE-2026-28388 CVE-2026-28389
CVE-2026-28389 CVE-2026-28390 CVE-2026-28390 CVE-2026-28417 CVE-2026-29111
CVE-2026-30922 CVE-2026-31431 CVE-2026-31788 CVE-2026-31789 CVE-2026-31789
CVE-2026-31790 CVE-2026-3184 CVE-2026-32597 CVE-2026-32776 CVE-2026-32777
CVE-2026-32778 CVE-2026-33412 CVE-2026-33416 CVE-2026-33636 CVE-2026-3446
CVE-2026-34714 CVE-2026-34757 CVE-2026-3479 CVE-2026-3479 CVE-2026-34982
CVE-2026-35385 CVE-2026-35414 CVE-2026-35535 CVE-2026-3644 CVE-2026-3644
CVE-2026-3731 CVE-2026-3783 CVE-2026-3784 CVE-2026-3805 CVE-2026-4105
CVE-2026-4224 CVE-2026-4224 CVE-2026-43284 CVE-2026-43500 CVE-2026-4437
CVE-2026-4438 CVE-2026-4519 CVE-2026-4519 CVE-2026-46300 CVE-2026-46333
CVE-2026-4786 CVE-2026-4873 CVE-2026-4878 CVE-2026-5545 CVE-2026-5958
CVE-2026-6019 CVE-2026-6100 CVE-2026-6253 CVE-2026-6276 CVE-2026-6429
-----------------------------------------------------------------
The container suse-sles-15-sp6-chost-byos-v20260518-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2193-1
Released: Wed Oct 10 13:20:50 2018
Summary: Recommended update for dialog
Type: recommended
Severity: moderate
References: 1094836
This update for dialog fixes the following issues:
- Fixes a bug where scrolling is not possible (bsc#1094836)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2116-1
Released: Tue Aug 13 07:43:01 2019
Summary: Recommended update for aide
Type: recommended
Severity: moderate
References: 1098360
This update for aide fixes the following issues:
- Remove not available gcrypt algorithm 7 DB_HAVAL (bsc#1098360).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:2080-1
Released: Wed Jul 29 20:09:09 2020
Summary: Recommended update for libtool
Type: recommended
Severity: moderate
References: 1171566
This update for libtool provides missing the libltdl 32bit library. (bsc#1171566)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:130-1
Released: Thu Jan 14 13:08:01 2021
Summary: Recommended update for aide
Type: recommended
Severity: moderate
References: 1180165
This update for aide fixes the following issue:
- Add a `syslog_format` to Advanced Intrusion Detection Environment (AIDE). (bsc#1180165)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2179-1
Released: Mon Jun 28 17:36:37 2021
Summary: Recommended update for thin-provisioning-tools
Type: recommended
Severity: moderate
References: 1184124
This update for thin-provisioning-tools fixes the following issues:
- Link as position-independent executable (bsc#1184124)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2895-1
Released: Tue Aug 31 19:40:32 2021
Summary: Recommended update for unixODBC
Type: recommended
Severity: moderate
References:
This update for unixODBC fixes the following issues:
- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
- Fix incorrect permission for documentation files.
- Update requires and baselibs for new libodbc2.
- Employ shared library packaging guideline: new subpacakge libodbc2.
- Update to 2.3.9:
* Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h
- Update to 2.3.8:
* Add configure support for editline
* SQLDriversW was ignoring user config
* SQLDataSources Fix termination character
* Fix for pooling seg fault
* Make calling SQLSetStmtAttrW call the W function in the driver is its there
* Try and fix race condition clearing system odbc.ini file
* Remove trailing space from isql/iusql SQL
* When setting connection attributes set before connect also check if the W entry poins can be used
* Try calling the W error functions first if available in the driver
* Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle
* iconv handles was being lost when reusing pooled connection
* Catch null copy in iniPropertyInsert
* Fix a few leaks
- Update to 2.3.7:
* Fix for pkg-config file update on no linux platforms
* Add W entry for GUI work
* Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W
* Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString
* SQLBrowseConnect/W allow disconnecting a started browse session after error
* Add --with-stats-ftok-name configure option to allow the selection of a file name
used to generate the IPC id when collecting stats. Default is the system odbc.ini file
* Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle
* bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys
* Connection pooling: Fix liveness check for Unicode drivers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3959-1
Released: Mon Dec 6 19:54:32 2021
Summary: Recommended update for aide
Type: recommended
Severity: moderate
References: 1191422
This update for aide fixes the following issues:
- Fix issue with Libgcrypt FIPS mode and AIDE by disabling MD5 in FIPS mode (bsc#1191422)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:150-1
Released: Fri Jan 21 11:24:43 2022
Summary: Security update for aide
Type: security
Severity: important
References: 1194735,CVE-2021-45417
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2023:4502-1
Released: Tue Nov 21 12:14:58 2023
Summary: Feature update for python3
Type: feature
Severity: low
References:
This feature update for python3 packages adds the following:
- Second batch of new python-3.11 packages (jsc#PED-68)
Updates to previosly released python 3.11 packages:
- python-urllib3 to 2.0.7
- python-Sphinx to 7.2.6
- python-pytest to 7.4.2
- python-hypothesis to 6.82.7
- python-sphinxcontrib-serializinghtml to 1.1.9
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1342-1
Released: Thu Apr 18 16:35:47 2024
Summary: Recommended update for unixODBC, libtool and libssh2_org
Type: recommended
Severity: moderate
References: 1221622,1221941
This update for unixODBC, libtool and libssh2_org fixes the following issue:
- Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941).
- Fix an issue with Encrypt-then-MAC family. (bsc#1221622)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1637-1
Released: Tue May 14 14:22:14 2024
Summary: Recommended update for google-cloud SDK
Type: recommended
Severity: moderate
References: 1210617,CVE-2023-30608
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1639-1
Released: Tue May 14 14:26:29 2024
Summary: Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict
Type: security
Severity: important
References: 1209571,1209811,1209812,1216606,1222880,761162,CVE-2023-28858,CVE-2023-28859
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict contains the following fixes:
Changes in python-argcomplete
- Update to 3.3.0 (bsc#1222880):
* Preserve compatibility with argparse option tuples of length 4.
This update is required to use argcomplete on Python 3.11.9+ or
3.12.3+.
- update to 3.2.3:
* Allow register-python-argcomplete output to be used as lazy-loaded
zsh completion module (#475)
- Move debug_stream initialization to helper method to allow fd 9
behavior to be overridden in subclasses (#471)
- update to 3.2.2:
* Expand tilde in zsh
- Remove coverage check
- Fix zsh test failures: avoid coloring terminal
- update to 3.2.1:
* Allow explicit zsh global completion activation (#467)
* Fix and test global completion in zsh (#463, #466)
* Add –yes option to activate-global-python-argcomplete (#461)
* Test suite improvements
- drop without_zsh.patch: obsolete
- update to 3.1.6:
* Respect user choice in activate-global-python-argcomplete
* Escape colon in zsh completions. Fixes #456
* Call \_default as a fallback in zsh global completion
- update to 3.1.4:
* Call \_default as a fallback in zsh global completion
* zsh: Allow to use external script (#453)
* Add support for Python 3.12 and drop EOL 3.6 and 3.7 (#449)
* Use homebrew prefix by default
* zsh: Allow to use external script (#453)
Changes in python-Fabric:
- Update to 3.2.2
- add fix-test-deps.patch to remove vendored dependencies
*[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal
handler on shutdown; in rare situations this could cause tracebacks when
the Python process receives SIGWINCH while no remote session is active.
This has been fixed.
* [Bug] #2204: The signal handling functionality added in Fabric 2.6 caused
unrecoverable tracebacks when invoked from inside a thread (such as
the use of fabric.group.ThreadingGroup) under certain interpreter versions.
This has been fixed by simply refusing to register signal handlers when not
in the main thread. Thanks to Francesco Giordano and others for the reports.
* [Bug]: Neglected to actually add deprecated to our runtime dependency
specification (it was still in our development dependencies). This has been fixed.
* [Feature]: Enhanced fabric.testing in ways large and small:
Backwards-compatibly merged the functionality of MockSFTP into MockRemote (may be
opted-into by instantiating the latter with enable_sftp=True) so you can mock
out both SSH and SFTP functionality in the same test, which was previously impossible.
It also means you can use this in a Pytest autouse fixture to prevent any tests
from accidentally hitting the network!
A new pytest fixture, remote_with_sftp, has been added which leverages the previous
bullet point (an all-in-one fixture suitable for, eg, preventing any incidental
ssh/sftp attempts during test execution).
A pile of documentation and test enhancements (yes, testing our testing helpers is a thing).
* [Support]: Added a new runtime dependency on the Deprecated library.
* [Support]: Language update: applied s/sanity/safety/g to the codebase
(with the few actual API members using the term now marked deprecated & new ones added
in the meantime, mostly in fabric.testing).
* [Feature]: Add a new CLI flag to fab, fab --list-agent-keys, which will attempt
to connect to your local SSH agent and print a key list, similarly to ssh-add -l.
This is mostly useful for expectations-checking Fabric and Paramiko’s agent
functionality, or for situations where you might not have ssh-add handy.
* [Feature]: Implement opt-in support for Paramiko 3.2’s AuthStrategy machinery, as follows:
Added a new module and class, fabric.auth.OpenSSHAuthStrategy, which leverages
aforementioned new Paramiko functionality to marry loaded SSH config files with
Fabric-level and runtime-level parameters, arriving at what should
be OpenSSH-client-compatible authentication behavior. See its API docs for details.
Added new configuration settings:
authentication.strategy_class, which defaults to None,
but can be set to OpenSSHAuthStrategy to opt-in to the new behavior.
authentication.identities, which defaults to the empty list, and can
be a list of private key paths for use by the new strategy class.
* [Bug] #2263: Explicitly add our dependency on decorator to setup.py instead of using
Invoke’s old, now removed, vendored copy of same. This allows Fabric to happily use
Invoke 2.1 and above
- Update to 3.0.1
* [Bug] #2241: A typo prevented Fabric’s command runner from properly
calling its superclass stop() method, which in tandem with a related
Invoke bug meant messy or long shutdowns in many scenarios.
- Changes from 3.0.0
* [Feature]: Change the default configuration value for inline_ssh_env
from False to True, to better align with the practicalities of common
SSH server configurations.
- Warning
This change is backwards incompatible if you were using
environment-variable-setting kwargs or config settings,
such as Connection.run(command, env={'SOME': 'ENV VARS'}),
and were not already explicitly specifying the value of inline_ssh_env.
* [Bug] #1981: (fixed in #2195) Automatically close any open SFTP session
during fabric.connection.Connection.close; this avoids issues encountered
upon re-opening a previously-closed connection object.
* [Support]: Drop support for Python <3.6, including Python 2.
- Warning
This is a backwards incompatible change if you are not yet on
Python 3.6 or above; however, pip shouldn’t offer you this
version of Fabric as long as your pip version understands
python_requires metadata.
- Drop remove-mock.patch because now in upstream.
- Drop remove-pathlib2.patch because now in upstream.
- Add %{?sle15_python_module_pythons}
- Remove conditional definition of python_module.
- Add patch remove-pathlib2.patch:
* Drop install_requires on pathlib2.
- Update to 2.7.1:
* [Bug] #1924: (also #2007) Overhaul behavior and testing re: merging together
different sources for the key_filename parameter in
Connection.connect_kwargs. This fixes a number of type-related errors
(string objects have no extend attribute, cannot add lists to strings, etc).
- Update to 2.7.0:
* Add ~fabric.connection.Connection.shell, a belated port of the v1
open_shell() feature.
* Forward local terminal resizes to the remote end, when applicable.
(For the technical: this means we now turn SIGWINCH into SSH
window-change messages.)
* Update ~fabric.connection.Connection temporarily so that it doesn't
incidentally apply replace_env=True to local shell commands, only
remote ones.
- Add patch remove-mock.patch:
* Use unittest.mock, instead of mock
- pytest-relaxed now supports pytest 6, so test on all python versions.
- Don't test on python310 -- gh#bitprophet/pytest-relaxed#12
(This is mainly required by azure-cli in the primary python3
flavor)
- Update to 2.6.0:
* [Feature] #1999: Add sudo support to Group. Thanks to Bonnie Hardin for
the report and to Winston Nolan for an early patchset.
* [Feature] #1810: Add put/get support to Group.
* [Feature] #1868: Ported a feature from v1: interpolating the local path
argument in Transfer.get with connection and remote filepath attributes.
For example, cxn.get(remote='/var/log/foo.log', local='{host}/') is now
feasible for storing a file in per-host-named directories or files, and
in fact Group.get does this by default.
* [Feature]: When the local path argument to Transfer.get contains nonexistent
directories, they are now created instead of raising an error.
Warning: This change introduces a new runtime dependency: pathlib2.
* [Bug]: Fix a handful of issues in the handling and mocking of SFTP local paths
and os.path members within fabric.testing; this should remove some occasional
“useless Mocks†as well as hewing closer to the real behavior of things like
os.path.abspath re: path normalization.
- Update Requires from setup.py
Changes in python-PyGithub:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
- Update to 1.57
Breaking Changes
* Add support for Python 3.11, drop support for Python 3.6 (#2332) (1e2f10d)
Bug Fixes & Improvements
* Speed up get requested reviewers and teams for pr (#2349) (6725ece)
* [WorkflowRun] - Add missing attributes (run_started_at & run_attempt), remove deprecated unicode type (#2273) (3a6235b)
* Add support for repository autolink references (#2016) (0fadd6b)
* Add retry and pool_size to typing (#2151) (784a3ef)
* Fix/types for repo topic team (#2341) (db9337a)
* Add class Artifact (#2313) (#2319) (437ff84)
- Update to 1.56
This is the last release that will support Python 3.6.
*Bug Fixes & Improvements
Create repo from template (#2090) (b50283a)
Improve signature of Repository.create_repo (#2118) (001970d)
Add support for 'visibility' attribute preview for Repositories (#1872) (8d1397a)
Add Repository.rename_branch method (#2089) (6452ddf)
Add function to delete pending reviews on a pull request (#1897) (c8a945b)
Cover all code paths in search_commits (#2087) (f1faf94)
Correctly deal when PaginatedList's data is a dict (#2084) (93b92cd)
Add two_factor_authentication in AuthenticatedUser. (#1972) (4f00cbf)
Add ProjectCard.edit() to the type stub (#2080) (d417e4c)
Add method to delete Workflow runs (#2078) (b1c8eec)
Implement organization.cancel_invitation() (#2072) (53fb498)
Feat: Add html_url property in Team Class. (#1983) (6570892)
Add support for Python 3.10 (#2073) (aa694f8)
Add github actions secrets to org (#2006) (bc5e595)
Correct replay for Organization.create_project() test (#2075) (fcc1236)
Fix install command example (#2043) (99e00a2)
Fix: #1671 Convert Python Bool to API Parameter for Authenticated User Notifications (#2001) (1da600a)
Do not transform requestHeaders when logging (#1965) (1265747)
Add type to OrderedDict (#1954) (ed7d0fe)
Add Commit.get_pulls() to pyi (#1958) (b466470)
Adding headers in GithubException is a breaking change (#1931) (d1644e3)
- Update to 1.55:
* Remove client_id/client_secret authentication (#1888) (901af8c8)
* Adjust to Github API changes regarding emails (#1890) (2c77cfad)
+ This impacts what AuthenticatedUser.get_emails() returns
* Export headers in GithubException (#1887) (ddd437a7)
* Do not import from unpackaged paths in typing (#1926) (27ba7838)
* Implement hash for CompletableGithubObject (#1922) (4faff23c)
* Use right variable in both get_check_runs() (#1889) (3003e065)
* fix bad assertions in github.Project.edit (#1817) (6bae9e5c)
* Add support for deleting repository secrets (#1868) (696793de)
* Adding github actions secrets (#1681) (c90c050e)
* Drop support for Python 3.5 (#1770) (63e4fae9)
* Fix stubs file for Repository (fab682a5)
* The Github.get_installation(integer) method has been removed.
* Repository.create_deployment()'s payload parameter is now a dictionary.
* Add support for Check Suites (#1764) (6d501b28)
* Add missing preview features of Deployment and Deployment Statuses API
* Add Support for Check Runs (#1727) (c77c0676)
* Add WorkflowRun.workflow_id (#1737) (78a29a7c)
* Added support for the Self-Hosted actions runners API (#1684) (24251f4b)
* Fix Branch protection status in the examples (#1729) (88800844)
* Filter the DeprecationWarning in Team tests (#1728) (23f47539)
* Added get_installations() to Organizations (#1695) (b42fb244)
* Fix #1507: Add new Teams: Add or update team repository endpoint
* Added support for `Repository.get_workflow_runs` parameters
* feat(pullrequest): add the rebaseable attribute (#1690) (ee4c7a7e)
* Add support for deleting reactions (#1708) (f7d203c0)
* Add get_timeline() to Issue's type stubs (#1663) (6bc9ecc8)
- Update to 1.53:
* Add method get_team_membership for user to Team (#1658) (749e8d35)
* PaginatedList's totalCount is 0 if no last page (#1641) (69b37b4a)
* Add initial support for Github Apps. (#1631) (260558c1)
* Add delete_branch_on_merge arg to Repository.edit type stub
(#1639) (15b5ae0c)
* upload_asset with data in memory (#1601) (a7786393)
* Make Issue.closed_by nullable (#1629) (06dae387)
* Add support for workflow dispatch event (#1625) (16850ef1)
* Do not check reaction_type before sending (#1592) (136a3e80)
* more flexible header splitting (#1616) (85e71361)
* Add support for deployment statuses (#1588) (048c8a1d)
* Adds the 'twitter_username' attribute to NamedUser. (#1585) (079f75a7)
* Add support for Workflow Runs (#1583) (4fb1d23f)
* Small documentation correction in Repository.py (#1565) (f0f6ec83)
* Remove 'api_preview' parameter from type stubs and docstrings
(#1559) (cc1b884c)
* Repository.update_file() content also accepts bytes (#1543) (9fb8588b)
* Fix Repository.get_issues stub (#1540) (b40b75f8)
* Check all arguments of NamedUser.get_repos() (#1532) (69bfc325)
* Remove RateLimit.rate (#1529) (7abf6004)
* PullRequestReview is not a completable object (#1528) (19fc43ab)
* Remove pointless setters in GitReleaseAsset (#1527) (1dd1cf9c)
* Drop some unimplemented methods in GitRef (#1525) (d4b61311)
* Fixed formatting of docstrings for
`Repository.create_git_tag_and_release()`
and `StatsPunchCard`. (#1520) (ce400bc7)
* Remove Repository.topics (#1505) (53d58d2b)
* Correct Repository.get_workflows() (#1518) (8727003f)
* correct Repository.stargazers_count return type to int (#1513) (b5737d41)
* Raise a FutureWarning on use of client_{id,secret} (#1506) (2475fa66)
* Improve type signature for create_from_raw_data (#1503) (c7b5eff0)
* feat(column): move, edit and delete project columns (#1497) (a32a8965)
* Add support for Workflows (#1496) (a1ed7c0e)
* Add OAuth support for GitHub applications (4b437110)
* Create AccessToken entity (4a6468aa)
* Extend installation attributes (61808da1)
- Update to 1.51
+ New features
* PyGithub now supports type checking
* Ability to retrieve public events
* Add and handle the maintainer_can_modify attribute in PullRequest
* List matching references
* Add create_repository_dispatch
* Add some Organization and Repository attributes.
* Add create project method
+ Bug Fixes & Improvements
* Drop use of shadow-cat for draft PRs
* AuthenticatedUser.get_organization_membership() should be str
* Drop documentation for len() of PaginatedList
* Fix param name of projectcard's move function
* Correct typos found with codespell
* Export IncompletableObject in the github namespace
* Add GitHub Action workflow for checks
* Drop unneeded ignore rule for flake8
* Use pytest to parametrize tests
* Type stubs are now packaged with the build
* Get the project column by id
- Drop parametrized and pytest-cov from BuildRequires.
- Update to 1.47
+ Bug Fixes & Improvements
* Add support to edit and delete a project (#1434) (f11f739)
* Add method for fetching pull requests associated with a commit (#1433) (0c55381)
* Add 'get_repo_permission' to Team class (#1416) (219bde5)
* Add list projects support, update tests (#1431) (e44d11d)
* Don't transform completely in PullRequest.*assignees (#1428) (b1c3549)
* Add create_project support, add tests (#1429) (bf62f75)
* Add draft attribute, update test (bd28524)
* Docstring for Repository.create_git_tag_and_release (#1425) (bfeacde)
* Create a tox docs environment (#1426) (b30c09a)
* Add Deployments API (#1424) (3d93ee1)
* Add support for editing project cards (#1418) (425280c)
* Add draft flag parameter, update tests (bd0211e)
* Switch to using pytest (#1423) (c822dd1)
* Fix GitMembership with a hammer (#1420) (f2939eb)
* Add support to reply to a Pull request comment (#1374) (1c82573)
* PullRequest.update_branch(): allow expected_head_sha to be empty (#1412) (806130e)
* Implement ProjectCard.delete() (#1417) (aeb27b7)
* Add pre-commit plugin for black/isort/flake8 (#1398) (08b1c47)
* Add tox (#1388) (125536f)
* Open file in text mode in scripts/add_attribute.py (#1396) (0396a49)
* Silence most ResourceWarnings (#1393) (dd31a70)
* Assert more attributes in Membership (#1391) (d6dee01)
* Assert on changed Repository attributes (#1390) (6e3ceb1)
* Add reset to the repr for Rate (#1389) (0829af8)
- Update to 1.46
+ Bug Fixes & Improvements
* Add repo edit support for delete_branch_on_merge
* Fix mistake in Repository.create_fork()
* Correct two attributes in Invitation
* Search repo issues by string label
* Correct Repository.create_git_tag_and_release()
* exposed seats and filled_seats for Github Organization Plan
* Repository.create_project() body is optional
* Implement move action for ProjectCard
* Tidy up ProjectCard.get_content()
* Added nested teams and parent
* Correct parameter for Label.edit
* doc: example of Pull Request creation
* Fix PyPI wheel deployment
- No longer build Python 2 package
- Drop BuildRequires on mock, no longer required
- Drop no-hardcoded-dep.patch, no longer required
- Update to 1.45:
+ Breaking Changes
* Branch.edit_{user,team}_push_restrictions() have been removed
The new API is:
Branch.add_{user,team}_push_restrictions() to add new members
Branch.replace_{user,team}_push_restrictions() to replace all members
Branch.remove_{user,team}_push_restrictions() to remove members
* The api_preview parameter to Github() has been removed.
+ Bug Fixes & Improvements
* Allow sha=None for InputGitTreeElement
* Support github timeline events.
* Add support for update branch
* Refactor Logging tests
* Fix rtd build
* Apply black to whole codebase
* Fix class used returning pull request comments
* Support for create_fork
* Use Repository.get_contents() in tests
* Allow GithubObject.update() to be passed headers
* Correct URL for assignees on PRs
* Use inclusive ordered comparison for 'parameterized' requirement
* Deprecate Repository.get_dir_contents()
* Apply some polish to manage.sh
- Refresh no-hardcoded-dep.patch
- Add patch to not pull in hardcoded dependencies:
* no-hardcoded-dep.patch
- Update to 1.44.1:
* Too many changes to enumerate.
- Drop PyGithub-drop-network-tests.patch, the test in question no longer
requires network access.
- Drop fix-httpretty-dep.patch, the httpretty requirement has been relaxed
upstream.
- Use %python_expand to run the test suite, it works fine on Python 3 now.
- Add mock and parameterized to BuildRequires, the test suite requires them.
- Update to 1.43.8:
* Add two factor attributes on organizations (#1132) (a073168)
* Add Repository methods for pending invitations (#1159) (57af1e0)
* Adds get_issue_events to PullRequest object (#1154) (acd515a)
* Add invitee and inviter to Invitation (#1156) (0f2beac)
* Adding support for pending team invitations (#993) (edab176)
* Add support for custom base_url in GithubIntegration class (#1093) (6cd0d64)
* GithubIntegration: enable getting installation (#1135) (1818704)
* Add sorting capability to Organization.get_repos() (#1139) (ef6f009)
* Add new Organization.get_team_by_slug method (#1144) (4349bca)
* Add description field when creating a new team (#1125) (4a37860)
* Handle a path of / in Repository.get_contents() (#1070) (102c820)
* Add issue lock/unlock (#1107) (ec7bbcf)
* Fix bug in recursive repository contents example (#1166) (8b6b450)
* Allow name to be specified for upload_asset (#1151) (8d2a6b5)
* Fixes #1106 for GitHub Enterprise API (#1110) (5406579)
- Update to 1.43.7:
* Exclude tests from PyPI distribution (#1031) (78d283b9)
* Add codecov badge (#1090) (4c0b54c0)
- Update to 1.43.6:
* New features
o Add support for Python 3.7 (#1028) (6faa00ac)
o Adding HTTP retry functionality via urllib3 (#1002) (5ae7af55)
o Add new dismiss() method on PullRequestReview (#1053) (8ef71b1b)
o Add since and before to get_notifications (#1074) (7ee6c417)
o Add url parameter to include anonymous contributors in get_contributors (#1075) (293846be)
o Provide option to extend expiration of jwt token (#1068) (86a9d8e9)
* Bug Fixes & Improvements
o Fix the default parameter for PullRequest.create_review (#1058) (118def30)
o Fix get_access_token (#1042) (6a89eb64)
o Fix Organization.add_to_members role passing (#1039) (480f91cf)
* Deprecation
o Remove Status API (6efd6318)
- Add patch fix-httpretty-dep.patch
Changes in python-antlr4-python3-runtime:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
+ Drop support for older Python 3.x versions
- fix build for python 3.12
- require setuptools
- Update to version 4.13.1
csharp target
* [CSharp] Fix for #4386 -- change signatures for ReportAttemptingFullContext()
and ReportContextSensitivity() to be identical to all other targets (target:csharp,
type:cleanup)
go target
* Move GetText(), SetText(), and String() from CommonToken to BaseToken
(target:go, type:cleanup)
* Restore 'Obtained from string' source name. (target:go, type:cleanup)
* fix: Fix very minor code issues spotted by goreportcard.com (target:go, type:cleanup)
java target
* Java: suppress this-escape warning introduced in JDK 21. (actions, target:java)
javascript target
* Adds default targets for babel configuration (target:javascript)
* fix dependabot warnings (target:javascript, type:cleanup)
swift target
* [SWIFT] Add Antlr4Dynamic product (target:swift)
* Cleanup duplicate SwiftTarget code (target:swift, type:cleanup)
dart target
* [Dart] Fix for #4320--export additional types (type:bug, target:dart)
- from version 4.13.0
Issues fixed
* antlr4 jar doubled in size in 4.9.3 (unicode, comp:performance)
* Go: exponentially bad/absymal performance as of ... (type:bug, target:go)
* Go runtime panic (type:bug, target:go)
Improvements, features
* Update LexerATNSimulator.cs with virtual Consume (type:improvement, target:csharp)
* Feature/fixembedding (type:improvement, target:go, comp:performance)
* Provide Javascript port of TokenStreamRewriter (type:feature,
target:javascript, target:typescript)
- from version 4.12.0
Issues fixed
* github actions now fail for python2 and ubuntu clang and ubuntu swift
(comp:runtime, comp:build, comp:testing)
* js mergeArrays output differs from java (atn-analysis, target:javascript)
* C++ target fails Performance/DropLoopEntryBranchInLRRule_4.txt
(atn-analysis, type:bug, target:cpp)
* Wrong grammarFileName in generated code (code-gen, type:bug)
* C++ crashes on new test ParserExec/ListLabelsOnRuleRefStartOfAlt.txt
(atn-analysis, type:bug, target:cpp)
* [JavaScript runtime] Bad field name, bad comments (type:bug)
Improvements, features
* Fully qualify std::move invocations to fix -Wunqualified-std-cast-call
(type:improvement, target:cpp)
* Extract FileUtils updates by @ericvergnaud (type:improvement,
cross-platform-issue, comp:testing)
* Extract unit test updates by @ericvergnaud needed for TypeScript
(type:improvement, comp:testing)
* [Go target] Fix for #3926: Add accessors for tree navigation to interfaces
in generated parser (trees-contexts, code-gen, type:improvement, target:go)
* GitHub Workflows security hardening (actions, type:improvement, comp:testing)
- from version 4.11.1
* Just fixes 4.11.0 release issue. I forgot to change runtime
tool version so it didn't say SNAPSHOT.
- from version 4.11.0
Issues fixed
* Disable failing CI tests in master (comp:build, comp:testing)
* Create accessor for Go-based IntervalSet.intervals (target:go)
* Grammar Name Conflict Golang with SPARQL issue (target:go, type:cleanup)
* Dependency declaration error in ANTLR 4.10.1 (comp:build)
* Drop old version of Visual Studio C++ (2013, 2015, 2017)
(comp:build, target:cpp)
* Circular grammar inclusion causes stack overflow in the tool.
(comp:tool, type:bug)
* Cpp, Go, JavaScript, Python2/3: Template rendering error. (code-gen, comp:runtime,
target:java, target:javascript, target:python2, target:python3, target:go)
Improvements, features
* Augment error message during testing to include full cause of problem.
(type:improvement, comp:testing)
* Include swift & tool verification in CI workflow (type:improvement,
comp:build, cross-platform-issue, target:swift)
* Issue #3783: CI Check Builds (type:improvement, comp:build,
cross-platform-issue, comp:testing)
* Parallel lock free testing, remove potential deadlocks, cache static data,
go to descriptor via test (comp:runtime, type:improvement, comp:testing)
* update getting-started doc (type:improvement, comp:doc)
* Getting Started has error (type:improvement, comp:doc)
* new nuget directory for building ANTLR4 C++ runtime as 3 Nuget packages
(type:improvement, comp:build, target:cpp)
* Add interp tool like TestRig (comp:tool, type:feature)
* Issue 3720: Java 2 Security issue (type:improvement, target:java)
* Cpp: Disable warnings for external project (type:bug, type:improvement, target:cpp)
* Fix Docker README for arm OS user (type:improvement, comp:doc)
- from version 4.10.1
* [C++] Remove reference to antlrcpp:s2ws
* Update publishing instruction for Dart
- from version 4.10.0
Issues fixed
* C++ runtime: Version identifier macro ? (target:cpp, type:cleanup)
* Generating XPath lexer/parser (actions, type:bug)
* do we need this C++ ATN serialization? (target:cpp, type:cleanup)
* Incorrect type of token with number 0xFFFF because of incorrect
ATN serialization (atn-analysis, type:bug)
* Clean up ATN serialization: rm UUID and shifting by value of 2
(atn-analysis, type:cleanup)
* The parseFile method of the InterpreterDataReader class is missing
code: 'line = br.readLine();' (type:bug, target:java)
* antlr.runtime.standard 4.9.3 invalid strong name.
(type:bug, comp:build, target:csharp)
* Serialized ATN data element 810567 element 11 out of
range 0..65535 (atn-analysis, type:cleanup)
* Go target, unable to check when custom error strategy
is in recovery mode (target:go)
* Escape issue for characeters (grammars, type:bug)
* antlr4 java.lang.NullPointerException Antlr 4 4.8
(grammars, comp:tool, type:bug)
* UnsupportedOperationException while generating code for large grammars.
(atn-analysis, type:cleanup)
* Add a more understandable message than 'Serialized ATN data element ....
element ... out of range 0..65535' (atn-analysis, type:cleanup)
* avoid java.lang.StackOverflowError (lexers, error-handling)
* Getting this error: Exception in thread 'main' java.lang.UnsupportedOperationException:
Serialized ATN data element out of range (atn-analysis, type:cleanup)
Improvements, features
* Updated getting started with Cpp documentation. (type:improvement, comp:doc)
* Escape bad words during grammar generation (code-gen, type:improvement)
* Implement caseInsensitive option (lexers, options, type:improvement)
* Some tool bugfixes (error-handling, comp:tool, type:improvement, type:cleanup)
- Run testsuite using the tests/run.py script instead of %pyunittest
- Switch build systemd from setuptools to pyproject.toml
- Update BuildRequires from pyproject.toml
- Update filename pattern in %files section
- Update to version 4.9.3
Issues fixed
* Swift Target Crashes with Multi-Threading
* JavaScript Runtime bug
* Go target, cannot use superClass for the lexer grammar!
* Python runtime is inconsistent with Java
* FunctionDef source extract using getText()
* Provide .NET Framework target in the csharp nuget package
* Go target for Antlr tool, type ',int8' => 'int8'
* Flutter/Dart web support
* Allow Antlr Javascript runtime to be loaded into Kindle Touch
* Fix Go test suite
* Weird error
Improvements, features
* [C++] Use faster alternative to dynamic_cast when not testing inherit
* Stackoverflow after upgrading from 4.6 to 4.7
- from version 4.9.2
Issues fixed
* CSharp and Java produce different results for identical input, identical tokens
Improvements, features
* Moved away from travis-ci.com
- Source upstream tarball from Github since PyPi tarball no longer ships testsuite
- Update to version 4.9.1.
* Improve python3 performance by adding slots
* Fix incorrect python token string templates
- Add testing.
- Skip python2 because this is for python3.
- Use python_alternative
Changes in python-avro:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %define skip_python2 1
- Update to version 1.11.3:
+ See jira board for all the fixes addressed in this release:
https://issues.apache.org/jira/browse/AVRO-3855?jql=project%3DAVRO%20AND%20fixVersion%3D1.11.3
- Drop py311.patch: fixed upstream.
- Add py311.patch to make tests compatible with python 3.11 gh#apache/avro#1961
- Update to 1.11.1 (from GitHub release notes):
- Avro specification
- Clarify which names are allowed to be qualified with
namespaces
- Inconsistent behaviour on types as invalid names
- Clarify how fullnames are created, with example
- IDL: add syntax to create optional fields
- Improve docs for logical type annotation
- Python
- Scale assignment optimization
- 'Scale' property from decimal object
- Byte reading in avro.io does not assert bytes read
- validate the default value of an enum field
- Pass LogicalType to BytesDecimalSchema
- Website
- Website refactor
- Document IDL support in IDEs
Changes in python-chardet:
- update to 5.2.0:
* Adds support for running chardet CLI via `python -m chardet`
Changes in python-distro:
- Switch to autosetup macro.
- update to 1.9.0:
* Refactor distro.info() method to return an InfoDict [#360]
* Ignore the file '/etc/board-release' [#353]
* Ignore the file '/etc/ec2_version' [#359]
* Test on modern versions of CPython and PyPy and macOS [#362]
* Add support for ALT Linux Server 10.1 distribution [#354]
* Add Debian Testing to the tests [#356]
* Update archlinux resource for tests [#352]
- Remove duplicate files calling %fdupes
- add sle15_python_module_pythons
- update to 1.8.0:
* Lowered `LinuxDistribution._distro_release_info` method complexity
[#327]
* Added official support for Buildroot distribution [#329]
* Added official support for Guix distribution [#330]
* Added support for `/etc/debian_version` [#333] & [#349]
* Fixed a typography in CONTRIBUTING.md [#340]
* Improved README.md 'Usage' code block [#343]
* Bumped black to v22.3.0 in pre-commit.ci configuration [#331]
* Enabled GitHub Dependabot to keep GitHub Actions up to date [#335]
- remove shebang from distro.py
- update to version 1.7.0:
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5 [[#281](https://github.com/python-distro/distro/pull/281)]
- Dropped support for LSB and `uname` back-ends when `--root-dir` is specified [[#311](https://github.com/python-distro/distro/pull/311)]
- Moved `distro.py` to `src/distro/distro.py` [[#315](https://github.com/python-distro/distro/pull/315)]
- ENHANCEMENTS:
- Documented that `distro.version()` can return an empty string on rolling releases [[#312](https://github.com/python-distro/distro/pull/312)]
- Documented support for Python 3.10 [[#316](https://github.com/python-distro/distro/pull/316)]
- Added official support for Rocky Linux distribution [[#318](https://github.com/python-distro/distro/pull/318)]
- Added a shebang to `distro.py` to allow standalone execution [[#313](https://github.com/python-distro/distro/pull/313)]
- Added support for AIX platforms [[#311](https://github.com/python-distro/distro/pull/311)]
- Added compliance for PEP-561 [[#315](https://github.com/python-distro/distro/pull/315)]
- BUG FIXES:
- Fixed `include_uname` parameter oversight [[#305](https://github.com/python-distro/distro/pull/305)]
- Fixed crash when `uname -rs` output is empty [[#304](https://github.com/python-distro/distro/pull/304)]
- Fixed Amazon Linux identifier in `distro.id()` documentation [[#318](https://github.com/python-distro/distro/pull/318)]
- Fixed OpenSuse >= 15 support [[#319](https://github.com/python-distro/distro/pull/319)]
- Fixed encoding issues when opening distro release files [[#324](https://github.com/python-distro/distro/pull/324)]
- Fixed `linux_distribution` regression introduced in [[#230](https://github.com/python-distro/distro/pull/230)] [[#325](https://github.com/python-distro/distro/pull/325)]
- Tests: Set locale to UTF-8 to fix tests on Leap 15.3.
- Expliciting setting of locale is not necessary anymore
(gh#python-distro/distro#223).
- Update to version 1.6.0
* Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296]
* Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+
* Added type hints to distro module [#269]
* Added __version__ for checking distro version [#292]
* Added support for arbitrary rootfs via the root_dir parameter [#247]
* Added the --root-dir option to CLI [#161]
* Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262]
* Fixed subprocess.CalledProcessError when running lsb_release [#261]
* Ignore /etc/iredmail-release file while parsing distribution [#268]
* Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271]
- use %pytest macro
- Enable tests properly (this is pytest, not unittest),
Changes in python-docker:
- update to 7.0.0:
* Removed SSL version (`ssl_version`) and explicit hostname
check (`assert_hostname`) options (#3185)
* Python 3.7+ supports TLSv1.3 by default
* Websocket support is no longer included by default (#3123)
* Use `pip install docker[websockets]` to include `websocket-
client` dependency
* By default, `docker-py` hijacks the TCP connection and does
not use Websockets
* Websocket client is only required to use
`attach_socket(container, ws=True)`
* Python 3.7 no longer supported (reached end-of-life June
2023) (#3187)
* Python 3.12 support (#3185)
* Full `networking_config` support for `containers.create()`
* Replaces `network_driver_opt` (added in 6.1.0)
* Add `health()` property to container that returns status
(e.g. `unhealthy`)
* Add `pause` option to `container.commit()` (#3159)
* Add support for bind mount propagation (e.g. `rshared`,
`private`)
* Add support for `filters`, `keep_storage`, and `all` in
`prune_builds()` on API v1.39+ (#3192)
* Consistently return `docker.errors.NotFound` on 404 responses
* Validate tag format before push (#3191)
- update to 6.1.3:
* Bugfixes
- Fix eventlet compatibility (#3132)
- update to 6.1.2:
* Bugfixes
- Fix for socket timeouts on long docker exec calls (#3125)
- Respect timeout param on Windows (#3112)
- update to 6.1.1:
* Upgrade Notes (6.1.x)
- Errors are no longer returned during client initialization if
the credential helper cannot be found. A warning will be
emitted instead, and an error is returned if the credential
helper is used.
* Bugfixes
- Fix containers.stats() hanging with stream=True
- Correct return type in docs for containers.diff() method
- update to 6.1.0:
* Upgrade Notes
- Errors are no longer returned during client initialization if
the credential helper cannot be found. A warning will be
emitted instead, and an error is returned if the credential
helper is used.
* Features
- Python 3.11 support
- Use poll() instead of select() on non-Windows platforms
- New API fields
- network_driver_opt on container run / create
- one-shot on container stats
- status on services list
* Bugfixes
- Support for requests 2.29.0+ and urllib3 2.x
- Do not strip characters from volume names
- Fix connection leak on container.exec_* operations
- Fix errors closing named pipes on Windows
- update to 6.0.1:
* Notice
This version is not compatible with requests 2.29+ or urllib3
2.x.
Either add requests < 2.29 and urllib3 < 2 to your requirements
or upgrade to to the latest docker-py release.
* Bugfixes
- Fix for The pipe has been ended errors on Windows (#3056)
- Support floats for timestamps in Docker logs (since / until)
(#3031)
- update to 6.0.0:
* Upgrade Notes
- Minimum supported Python version is 3.7+
- When installing with pip, the docker[tls] extra is deprecated
and a no-op, use docker for same functionality (TLS support
is always available now)
- Native Python SSH client (used by default /
use_ssh_client=False) will now
- reject unknown host keys with
paramiko.ssh_exception.SSHException
- Short IDs are now 12 characters instead of 10 characters
(same as Docker CLI)
- Version metadata is now exposed as __version__
* Features
- Python 3.10 support
- Automatically negotiate most secure TLS version
- Add platform (e.g. linux/amd64, darwin/arm64) to container
create & run
- Add support for GlobalJob and ReplicatedJobs for Swarm
- Add remove() method on Image
- Add force param to disable() on Plugin
* Bugfixes
- Fix install issues on Windows related to pywin32
- Do not accept unknown SSH host keys in native Python SSH mode
- Use 12 character short IDs for consistency with Docker CLI
- Ignore trailing whitespace in .dockerignore files
- Fix IPv6 host parsing when explicit port specified
- Fix ProxyCommand option for SSH connections
- Do not spawn extra subshell when launching external SSH
client
- Improve exception semantics to preserve context
- Documentation improvements (formatting, examples, typos,
missing params)
* Miscellaneous
- Upgrade dependencies in requirements.txt to latest versions
- Remove extraneous transitive dependencies
- Eliminate usages of deprecated functions/methods
- Test suite reliability improvements
- GitHub Actions workflows for linting, unit tests, integration
tests, and publishing releases
- add sle15_python_module_pythons
- python-six is not required as well
- python-mock actually not required for build
- update to 5.0.3:
* Add cap_add and cap_drop parameters to service create and ContainerSpec
* Add templating parameter to config create
* Bump urllib3 to 1.26.5
* Bump requests to 2.26.0
* Remove support for Python 2.7
* Make Python 3.6 the minimum version supported
- Update to 4.4.4
>From project changelog:
4.4.4
Bugfixes
Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables when shelling out to the ssh client
4.4.3
Features
Add support for docker.types.Placement.MaxReplicas
Bugfixes
Fix SSH port parsing when shelling out to the ssh client
4.4.2
Bugfixes
Fix SSH connection bug where the hostname was incorrectly trimmed and the error was hidden
Fix docs example
Miscellaneous
Add Python3.8 and 3.9 in setup.py classifier list
4.4.1
Bugfixes
Avoid setting unsuported parameter for subprocess.Popen on Windows
Replace use of deprecated 'filter' argument on ''docker/api/image'
- update to 4.4.0:
- Add an alternative SSH connection to the paramiko one, based on shelling out to the SSh client. Similar to the behaviour of Docker cli
- Default image tag to `latest` on `pull`
- Fix plugin model upgrade
- Fix examples URL in ulimits
- Improve exception messages for server and client errors
- Bump cryptography from 2.3 to 3.2
- Set default API version to `auto`
- Fix conversion to bytes for `float`
- Support OpenSSH `identityfile` option
- Add `DeviceRequest` type to expose host resources such as GPUs
- Add support for `DriverOpts` in EndpointConfig
- Disable compression by default when using container.get_archive method
- Update default API version to v1.39
- Update test engine version to 19.03.12
- update to 4.2.2:
- Fix context load for non-docker endpoints
- update to 4.2.1:
- Add option on when to use `tls` on Context constructor
- Make context orchestrator field optional
- Bump required version of pycreds to 0.4.0 (sync with requirements.txt)
- update to 3.7.0 (mandatory for latest docker-compose)
- add python-dockerpycreds dependency in the spec file
rebase hide_py_pckgmgmt.patch
Changes in python-fakeredis:
- update to 2.21.0:
* Implement all TOP-K commands (`TOPK.INFO`, `TOPK.LIST`,
`TOPK.RESERVE`,
* `TOPK.ADD`, `TOPK.COUNT`, `TOPK.QUERY`, `TOPK.INCRBY`) #278
* Implement all cuckoo filter commands #276
* Implement all Count-Min Sketch commands #277
* Fix XREAD blocking bug #274 #275
* EXAT option does not work #279
- update to 2.20.1:
* Fix `XREAD` bug #256
* Testing for python 3.12
- update to 2.20.0:
* Implement `BITFIELD` command #247
* Implement `COMMAND`, `COMMAND INFO`, `COMMAND COUNT` #248
- Remove unnecessary BR on python-lupa
- update to 2.19.0:
* Implement Bloom filters commands #239
* Fix error on blocking XREADGROUP #237
- update to 2.18.1:
* Fix stream type issue #233
- update to 2.18.0:
* Implement `PUBSUB NUMPAT` #195, `SSUBSCRIBE` #199, `SPUBLISH`
#198, `SUNSUBSCRIBE` #200, `PUBSUB SHARDCHANNELS` #196, `PUBSUB
SHARDNUMSUB` #197
* Fix All aio.FakeRedis instances share the same server #218
- update to 2.17.0:
* Implement `LPOS` #207, `LMPOP` #184, and `BLMPOP` #183
* Implement `ZMPOP` #191, `BZMPOP` #186
* Fix incorrect error msg for group not found #210
* fix: use same server_key within pipeline when issued watch
issue with ZRANGE and ZRANGESTORE with BYLEX #214
* Implemented support for `JSON.MSET` #174, `JSON.MERGE` #181
* Add support for version for async FakeRedis #205
* Updated how to test django_rq #204
- update to 2.15.0:
* Implemented support for various stream groups commands:
* `XGROUP CREATE` #161, `XGROUP DESTROY` #164, `XGROUP SETID`
#165, `XGROUP DELCONSUMER` #162,
* `XGROUP CREATECONSUMER` #163, `XINFO GROUPS` #168, `XINFO
CONSUMERS` #168, `XINFO STREAM` #169, `XREADGROUP` #171,
* `XACK` #157, `XPENDING` #170, `XCLAIM` #159, `XAUTOCLAIM`
* Implemented sorted set commands:
* `ZRANDMEMBER` #192, `ZDIFF` #187, `ZINTER` #189, `ZUNION`
#194, `ZDIFFSTORE` #188,
* `ZINTERCARD` #190, `ZRANGESTORE` #193
* Implemented list commands:
* `BLMOVE` #182,
* Improved documentation.
* Fix documentation link
* Fix requirement for packaging.Version #177
* Implement `HRANDFIELD` #156
* Implement `JSON.MSET`
* Improve streams code
- update to 2.13.0:
* Fixed xadd timestamp (fixes #151) (#152)
* Implement XDEL #153
* Improve test code
* Fix reported security issue
* Add support for `Connection.read_response` arguments used in
redis-py 4.5.5 and 5.0.0
* Adding state for scan commands (#99)
* Improved documentation (added async sample, etc.)
- update to 2.12.0:
* Implement `XREAD` #147
* Unique FakeServer when no connection params are provided
* Minor fixes supporting multiple connections
* Update documentation
* connection parameters awareness:
* Creating multiple clients with the same connection parameters
will result in the same server data structure.
* Fix creating fakeredis.aioredis using url with user/password
- add sle15_python_module_pythons
- Update to 2.10.3:
* Support for redis-py 5.0.0b1
* Include tests in sdist (#133)
* Fix import used in GenericCommandsMixin.randomkey (#135)
* Fix async_timeout usage on py3.11 (#132)
* Enable testing django-cache using FakeConnection.
* All geo commands implemented
* Fix bug for xrange
* Fix bug for xrevrange
* Implement XTRIM
* Add support for MAXLEN, MAXID, LIMIT arguments for XADD command
* Add support for ZRANGE arguments for ZRANGE command #127
* Relax python version requirement #128
* Support for redis-py 4.5.0 #125
- update to 2.7.1:
* Fix import error for NoneType (#120)
* Implement
- JSON.ARRINDEX
- JSON.OBJLEN
- JSON.OBJKEYS
- JSON.ARRPOP
- JSON.ARRTRIM
- JSON.NUMINCRBY
- JSON.NUMMULTBY
- XADD
- XLEN
- XRANGE
- XREVRANGE
* Implement `JSON.TYPE`, `JSON.ARRLEN` and `JSON.ARRAPPEND`
* Fix encoding of None (#118)
- update to v2.5.0:
* Implement support for BITPOS (bitmap command) (#112)
* Fix json mget when dict is returned (#114)
* fix: properly export (#116)
* Extract param handling (#113)
- update to v2.4.0:
* Implement LCS (#111), BITOP (#110)
* Fix bug checking type in scan_iter (#109)
* Implement GETEX (#102)
* Implement support for JSON.STRAPPEND (json command) (#98)
* Implement JSON.STRLEN, JSON.TOGGLE and fix bugs with JSON.DEL (#96)
* Implement PUBSUB CHANNELS, PUBSUB NUMSUB
* Implement JSON.CLEAR (#87)
* Support for redis-py v4.4.0
* Implement json.mget (#85)
* Initial json module support - JSON.GET, JSON.SET and JSON.DEL (#80)
* fix: add nowait for asyncio disconnect (#76)
* Refactor how commands are registered (#79)
* Refactor tests from redispy4_plus (#77)
* Remove support for aioredis separate from redis-py (redis-py versions
4.1.2 and below). (#65)
* Add support for redis-py v4.4rc4 (#73)
* Add mypy support (#74)
* Implement support for zmscore by @the-wondersmith in #67
* What's Changed
* implement GETDEL and SINTERCARD support by @cunla in #57
* Test get float-type behavior by @cunla in #59
* Implement BZPOPMIN/BZPOPMAX support by @cunla in #60
- drop fakeredis-pr54-fix-ensure_str.patch (upstream)
- Update to 1.9.3
* Removed python-six dependency
* zadd support for GT/LT by @cunla in #49
* Remove six dependency by @cunla in #51
* Add host to conn_pool_args by @cunla in #51
- Drop python-fakeredis-no-six.patch which was incomplete
* all commits, including the missing ones in release now
- Add fakeredis-pr54-fix-ensure_str.patch
- use upstream
https://github.com/cunla/fakeredis-py/pull/51/
- modified patches
% python-fakeredis-no-six.patch (refreshed)
- version update to 1.9.1
* Zrange byscore by @cunla in #44
* Expire options by @cunla in #46
* Enable redis7 support by @cunla in #42
- added patches
fix https://github.com/cunla/fakeredis-py/issues/50
+ python-fakeredis-no-six.patch
- Update to 1.8.1
* fix: allow redis 4.3.* by @terencehonles in #30
- Release 1.8
* Fix handling url with username and password by @cunla in #27
* Refactor tests by @cunla in #28
- Release 1.7.6
* add IMOVE operation by @BGroever in #11
* Add SMISMEMBER command by @OlegZv in #20
* fix: work with redis.asyncio by @zhongkechen in #10
* Migrate to poetry by @cunla in #12
* Create annotation for redis4+ tests by @cunla in #14
* Make aioredis and lupa optional dependencies by @cunla in #16
* Remove aioredis requirement if redis-py 4.2+ by @ikornaselur in
#19
- update to 1.7.0
* Change a number of corner-case behaviours to match Redis 6.2.6.
* Fix DeprecationWarning for sampling from a set
* Improved support for constructor arguments
* Support redis-py 4
* Add support for GET option to SET
* PERSIST and EXPIRE should invalidate watches
- Update to 1.6.1
* #305 Some packaging modernisation
* #306 Fix FakeRedisMixin.from_url for unix sockets
* #308 Remove use of async_generator from tests
- Release 1.6.0
* #304 Support aioredis 2
* #302 Switch CI from Travis CI to Github Actions
- update to 1.5.2
* support python 3.9
* support aioredis
- Disable py2 as upstream actually disabled python2 support competely
* The syntax simply is not compatible
- Update to 1.3.0:
* No upstream changelog
- python2 tests are dysfunctional, test with python3 only
- Update to 1.0.5:
* No upstream changelog
- Update to 1.0.4:
* various bugfixes all around
- Update to v1.0.3
* Support for redis 3.2
(no effective changes in v1.0.2)
- Initial spec for v1.0.1
Changes in python-fixedint:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Fix capitalization in Summary
- Limit Python files matched in %files section
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Initial build
+ Version 0.2.0
Changes in python-httplib2:
- require setuptools
- Clean up SPEC file.
- Add %{?sle15_python_module_pythons}
- update to 0.22.0:
* https: disable_ssl_certificate_validation caused
ValueError: Cannot set verify_mode to CERT_NONE when
check_hostname is enabled
- Update to 0.21.0:
* http: `Content-Encoding: deflate` must accept zlib encapsulation
* https://github.com/httplib2/httplib2/pull/230
* Begin support and CI against CPython 3.10 and 3.11.
- update to 0.20.4:
proxy: support proxy urls with ipv6 address
Tests compatible with Python3.10 and recent pytest.
- add pyparsing dependency
- update to 0.20.2:
auth: support pyparsing v3
proxy: correct extraction of errno from pysocks ProxyConnectionError
IMPORTANT cacerts: remove expired DST Root CA X3, add ISRG Root X1, X2
- update to 0.19.1:
* auth header parsing performance optimizations; Thanks to Paul McGuire
* Use mock from the standard library on Python>=3.3
set first, othewise a 'ValueError: Cannot set
verify_mode to CERT_NONE when check_hostname
instead (bnc#761162)
item not in cache
- initial version of python-httplib2 (0.2.0)
Changes in python-httpretty:
- Add patch 0001-Fix-test_417_openssl.py-if-pyOpenSSL-not-available.patch:
* Fix tests without pyOpenSSL support in urllib3
- Allow building with python-urllib3 >= 2.x
- Do not use python-boto3 when building in SLE where it's currently
not available for python311
- Add %{?sle15_python_module_pythons}
- skip failing testsuite tests after requests update
- Add patch relax-test-callback-response.patch:
* Relax timeout for test_callback_response (bsc#1209571)
- Add patch 460-miliseconds_tests.patch (gh#gabrielfalcao/HTTPretty#460):
* Correct tests for s390x and aarch64 because of timeout failures
after 2 miliseconds
- Fix test suite:
* Remove nose idioms
* Remove outdated test skips
- Add patch double-slash-paths.patch:
* http.request may replace // with /, handle that in the testcase.
- Add 453-fix-tests-pytest.patch (gh#gabrielfalcao/HTTPretty#449)
to make tests compatible with pytest.
- Add patch remove-mock.patch:
* Use unittest.mock in the functional tests.
- specfile:
* update copyright year
- update to version 1.1.4:
* Bugfix: #435 Fallback to WARNING when logging.getLogger().level is
None.
- changes from version 1.1.3:
* Bugfix: #430 Respect socket timeout.
- changes from version 1.1.2:
* Bugfix: #426 Segmentation fault when running against a large
amount of tests with pytest --mypy.
- changes from version 1.1.1:
* Bugfix: httpretty.disable() injects pyopenssl into
:py:mod:`urllib3` even if it originally wasn't #417
* Bugfix: 'Incompatibility with boto3 S3 put_object' #416
* Bugfix: 'Regular expression for URL -> TypeError: wrap_socket()
missing 1 required' #413
* Bugfix: 'Making requests to non-stadard port throws TimeoutError
'#387
- changes from version 1.1.0:
* Feature: Display mismatched URL within UnmockedError whenever
possible. #388
* Feature: Display mismatched URL via logging. #419
* Add new properties to :py:class:`httpretty.core.HTTPrettyRequest`
(protocol, host, url, path, method).
- Updater to 1.0.5
* Bugfix: Support socket.socketpair() . #402
* Bugfix: Prevent exceptions from re-applying monkey patches.
#406
- Release 1.0.4
* Python 3.8 and 3.9 support. #407
- Update to 1.0.3
* Fix compatibility with urllib3>=1.26. #410
- Replace nose with nose2
- avoid reading DNS resolver settings
gh#gabrielfalcao/HTTPretty#405
- remove unnecessary test packages
- Update to 1.0.2
* Drop Python 2 support.
* Fix usage with redis and improve overall real-socket passthrough.
* Fix TypeError: wrap_socket() missing 1 required positional argument: 'sock'.
* Fix simple typo: neighter -> neither.
* Updated documentation for register_uri concerning using ports.
* Clarify relation between ``enabled`` and ``httprettized`` in API docs.
* Align signature with builtin socket.
- Version update to 0.9.6:
* Many fixes all around
* Support for python 3.7
- Make sure we really run the tests
- Remove superfluous devel dependency for noarch package
Changes in python-javaproperties:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- version update to 0.8.1
v0.8.1 (2021-10-05)
-------------------
- Fix a typing issue in Python 3.9
- Support Python 3.10
v0.8.0 (2020-11-28)
-------------------
- Drop support for Python 2.7, 3.4, and 3.5
- Support Python 3.9
- `ensure_ascii` parameter added to `PropertiesFile.dump()` and
`PropertiesFile.dumps()`
- **Bugfix**: When parsing XML input, empty `<entry>` tags now produce an empty
string as a value, not `None`
- Added type annotations
- `Properties` and `PropertiesFile` no longer raise `TypeError` when given a
non-string key or value, as type correctness is now expected to be enforced
through static type checking
- The `PropertiesElement` classes returned by `parse()` are no longer
subclasses of `namedtuple`, but they can still be iterated over to retrieve
their fields like a tuple
- python-six is not required
Changes in python-jsondiff:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- Add %{?sle15_python_module_pythons}
- Update to version 2.0.0
* Removed deprecated function
* Remove deprecated jsondiff entry point
- from version 1.3.1
* Optionally allow different escape_str than '$'
* Clarified the readme, closes #23
* Fixed readme
- Remove jsondiff command from %install, %post, %postun and %files sections
Changes in python-knack:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
- Update to version 0.11.0
* Declare support for Python 3.11 and drop support for Python 3.7 (#275)
* Stop converting argument's `bool` default value to `DefaultInt` (#273)
- Update to version 0.10.1
* Support bytearray serialization (#268)
- Update to version 0.10.0
* Enable Virtual Terminal mode on legacy Windows terminal
to support ANSI escape sequences (#265)
* Drop Python 3.6 support (#259)
- python-mock is not required for build
Changes in python-marshmallow:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- update to 3.20.2:
* Bug fixes: - Fix Nested field type hint for lambda Schema
types (:pr:`2164`).
* Other changes: - Officially support Python 3.12 (:pr:`2188`).
- update to 3.20.1:
* Fix call to ``get_declared_fields``: pass ``dict_cls`` again
* Add ``absolute`` parameter to ``URL`` validator and ``Url``
* Use Abstract Base Classes to define ``FieldABC`` and
``SchemaABC``
* Use `OrderedSet` as default `set_class`. Schemas are now
ordered by default.
* Handle ``OSError`` and ``OverflowError`` in
``utils.from_timestamp`` (:pr:`2102`).
* Fix the default inheritance of nested partial schemas
* Officially support Python 3.11 (:pr:`2067`).
* Drop support for Python 3.7 (:pr:`2135`).
- Switch documentation to be within the main package on SLE15
- rename docs subpackage to the more common doc name
- Update to 3.19.0
* Add timestamp and timestamp_ms formats to fields.DateTime (#612). Thanks @vgavro for the suggestion and thanks @vanHoi for the PR.
Changes in python-opencensus:
- Add Obsoletes for old python3 package on SLE-15
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Update to 0.11.4
* Changed bit-mapping for `httpx` and `fastapi` integrations
- Refresh patches for new version
* opencensus-pr1002-remove-mock.patch
- Switch package to modern Python Stack on SLE-15
* Add %{?sle15_python_module_pythons}
* Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- update to 0.11.3
* Updated azure modules
- sorry, six is still needed :(
- update to 0.11.2:
* Updated `azure`, `fastapi`,`flask` modules
* Updated `azure`, `httpx` modules
- Update to 0.11.0
* Updated `azure`, `context`, `flask`, `requests` modules
- from version 0.10.0
* Add kwargs to derived gauge (#1135)
- from version 0.9.0
* Make sure handler.flush() doesn't deadlock (#1112)
- Refresh patches for new version
* opencensus-pr1002-remove-mock.patch
- Update Requires from setup.py
Changes in python-opencensus-context:
- Clean up the SPEC file
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Update to 0.1.3
* Move `version.py` file into `runtime_context` folder (#1143)
Changes in python-opencensus-ext-threading:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop build support for Python 2.x
Changes in python-opentelemetry-api:
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 1.22.0:
* Prometheus exporter sanitize info metric (#3572)
* Remove Jaeger exporters (#3554)
* Log stacktrace on `UNKNOWN` status OTLP export error (#3536)
* Fix OTLPExporterMixin shutdown timeout period (#3524)
* Handle `taskName` `logrecord` attribute (#3557)
- update to 1.21.0:
* Fix `SumAggregation`(#3390)
* Fix handling of empty metric collection cycles (#3335)
* Fix error when no LoggerProvider configured for
LoggingHandler (#3423)
* Make `opentelemetry_metrics_exporter` entrypoint support pull
exporters (#3428)
* Allow instrument names to have '/' and up to 255 characters
(#3442)
* Do not load Resource on sdk import (#3447)
* Update semantic conventions to version 1.21.0 (#3251)
* Add missing schema_url in global api for logging and metrics
(#3251)
* Prometheus exporter support for auto instrumentation (#3413)
* Modify Prometheus exporter to translate non-monotonic Sums
into Gauges (#3306)
* Update the body type in the log ($3343)
* Add max_scale option to Exponential Bucket Histogram
Aggregation (#3323)
* Use BoundedAttributes instead of raw dict to extract
attributes from LogRecord (#3310)
* Support dropped_attributes_count in LogRecord and exporters
(#3351)
* Add unit to view instrument selection criteria (#3341)
* Upgrade opentelemetry-proto to 0.20 and regen #3355)
* Include endpoint in Grpc transient error warning #3362)
* Fixed bug where logging export is tracked as trace #3375)
* Select histogram aggregation with an environment variable
* Move Protobuf encoding to its own package (#3169)
* Add experimental feature to detect resource detectors in auto
instrumentation (#3181)
* Fix exporting of ExponentialBucketHistogramAggregation from
opentelemetry.sdk.metrics.view (#3240)
* Fix headers types mismatch for OTLP Exporters (#3226)
* Fix suppress instrumentation for log batch processor (#3223)
* Add speced out environment variables and arguments for
BatchLogRecordProcessor (#3237)
- Fix `ParentBased` sampler for implicit parent spans. Fix also `trace_state`
erasure for dropped spans or spans sampled by the `TraceIdRatioBased` sampler.
Changes in python-opentelemetry-sdk:
- Add missing python-wheel build dependency to BuildRequires
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- Initial package (1.22.0)
Changes in python-opentelemetry-semantic-conventions:
- update to 0.44b0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 0.43b0:
* Prometheus exporter sanitize info metric
* Remove Jaeger exporters
* Log stacktrace on `UNKNOWN` status OTLP export error
* Fix OTLPExporterMixin shutdown timeout period
* Handle `taskName` `logrecord` attribute
* Fix `SumAggregation`
* Fix handling of empty metric collection cycles
* Fix error when no LoggerProvider configured for
LoggingHandler
* Make `opentelemetry_metrics_exporter` entrypoint support pull
exporters
* Allow instrument names to have '/' and up to 255 characters
* Do not load Resource on sdk import
* Update semantic conventions to version 1.21.0
* Add missing schema_url in global api for logging and metrics
* Prometheus exporter support for auto instrumentation
* Drop `setuptools` runtime requirement.
* Update the body type in the log ($3343)
* Add max_scale option to Exponential Bucket Histogram
Aggregation
* Use BoundedAttributes instead of raw dict to extract
attributes from LogRecord
* Support dropped_attributes_count in LogRecord and exporters
* Add unit to view instrument selection criteria
* Upgrade opentelemetry-proto to 0.20 and regen #3355)
* Include endpoint in Grpc transient error warning #3362)
* Fixed bug where logging export is tracked as trace #3375)
* Select histogram aggregation with an environment variable
* Move Protobuf encoding to its own package
* Add experimental feature to detect resource detectors in auto
instrumentation
* Fix exporting of ExponentialBucketHistogramAggregation from
opentelemetry.sdk.metrics.view
* Fix headers types mismatch for OTLP Exporters
* Fix suppress instrumentation for log batch processor
* Add speced out environment variables and arguments for
BatchLogRecordProcessor
- Initial build
+ Version 0.25b2
Changes in python-opentelemetry-test-utils:
- update to 0.44b0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- Initial package (0.43b0)
Changes in python-pycomposefile:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- Initial build
+ Version 0.0.30
Changes in python-pydash:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Update to version 6.0.2
* Only prevent access to object paths containing ``__globals__`` or
``__builtins__`` instead of all dunder-methods for non-dict/list
objects.
- from version 6.0.1
* Fix exception raised due to mishandling of non-string keys in functions
like ``get()`` for non-dict/list objects that used integer index references
like ``'[0]'``.
- from version 6.0.0
* Prevent access to object paths containing dunder-methods in functions like
``get()`` for non-dict/list objects. Attempting to access dunder-methods
using get-path keys will raise a ``KeyError`` (e.g. ``get(SomeClass(),
'__init__'`` will raise). Access to dict keys are unaffected (e.g.
``get({'__init__': True}, '__init__')`` will return ``True``).
(**breaking change**)
* Add support for Python 3.11.
* Drop support for Python 3.6 (**breaking change**)
- from version 5.1.2
* Remove unnecessary type check and conversion for ``exceptions``
argument in ``pydash.retry``.
- from version 5.1.1
* Add support for Python 3.10.
* Fix timing assertion issue in test for ``pydash.delay`` where it could
fail on certain environments.
- Switch build system from setuptools to pyproject.toml
- Update BuildRequires from pyproject.toml
- version update to 5.1.0
v5.1.0 (2021-10-02)
-------------------
- Support matches-style callbacks on non-dictionary objects that are compatible with ``pydash.get`` in functions like ``pydash.find``.
v5.0.2 (2021-07-15)
-------------------
- Fix compatibility issue between ``pydash.py_`` / ``pydash._`` and ``typing.Protocol`` + ``typing.runtime_checkable``
that caused an exception to be raised for ``isinstance(py_, SomeRuntimeCheckableProtocol)``.
v5.0.1 (2021-06-27)
-------------------
- Fix bug in ``merge_with`` that prevented custom iteratee from being used when recursively merging. Thanks weineel_!
v5.0.0 (2021-03-29)
-------------------
- Drop support for Python 2.7. (**breaking change**)
- Improve Unicode word splitting in string functions to be inline with Lodash. Thanks mervynlee94_! (**breaking change**)
- ``camel_case``
- ``human_case``
- ``kebab_case``
- ``lower_case``
- ``pascal_case``
- ``separator_case``
- ``slugify``
- ``snake_case``
- ``start_case``
- ``upper_case``
- Optimize regular expression constants used in ``pydash.strings`` by pre-compiling them to regular expression pattern objects.
v4.9.3 (2021-03-03)
-------------------
- Fix regression introduced in ``v4.8.0`` that caused ``merge`` and ``merge_with`` to raise an exception when passing ``None``
as the first argument.
v4.9.2 (2020-12-24)
-------------------
- Fix regression introduced in ``v4.9.1`` that broke ``pydash.get`` for dictionaries and dot-delimited keys that reference
integer dict-keys.
v4.9.1 (2020-12-14)
-------------------
- Fix bug in ``get/has`` that caused ``defaultdict`` objects to get populated on key access.
v4.9.0 (2020-10-27)
-------------------
- Add ``default_to_any``. Thanks gonzalonaveira_!
- Fix mishandling of key names containing ``\.`` in ``set_``, ``set_with``, and ``update_with`` where the ``.`` was not
treated as a literal value within the key name. Thanks zhaowb_!
- python-mock is not required for build
- Activate test suite
- Update to v4.8.0
- Initial spec for v4.7.6
Changes in python-redis:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- add https://github.com/redis/redis-py/pull/3005 as
Close-various-objects-created-during-asyncio-tests.patch
to fix tests for python 3.12
- Add patch to increase timeouts in s390x where tests take longer
to run:
* increase-test-timeout.patch
- Disable broken tests for ppc64le, bsc#1216606
- Add pytest.ini source needed to run tests
- Remove/disable broken tests because of suse environment
- drop tox.ini. seems it does no longer exist in 5.0.1
- add support to easily disable the testsuite at build time
- update to 5.0.1
- New Features
- Provide aclose() / close() for classes requiring lifetime
management (#2898)
- Add support for ModuleCommands in cluster (#2951)
- Add support for multiple values in RPUSHX (#2949)
- Add Redis.from_pool() class method, for explicitly owning and
closing a ConnectionPool (#2913)
- Bug Fixes
- Fixing monitor parsing for messages containing specific
substrings (#2950)
- Cluster determine slot command name need to be upper (#2919)
- Support timeout = 0 in search query (#2934)
- Fix async sentinel: add push_request keyword argument to
read_response (#2922)
- Fix protocol checking for search commands (#2923)
- Fix: SentinelManagedConnection.read_response() got an
unexpected keyword argument 'push_request' (#2894)
- Fix: automatically close connection pool for async Sentinel
(#2900)
- Save a reference to created async tasks, to avoid tasks
potentially disappearing (#2816)
- Avoid reference cycling by the garbage collector during
response reading (#2932)
- Maintenance
- Type hint improvements (#2952)
- Replace clear_connect_callbacks with
_deregister_connect_callback (#2955)
- Async fixes, remove del and other things (#2870)
- Add pagination, sorting and grouping examples to search json
example (#2890)
- Remove process-id checks from asyncio. Asyncio and fork()
does not mix. (#2911)
- Fix resource usage and cleanup Mocks in the unit tests
(#2936)
- Remove mentions of tox (#2929)
- Add 7.2 to supported Redis versions (#2896)
- Fix resource warnings in unit tests (#2899)
- Fix typo in redis-stream-example.ipynb (#2918)
- Deprecate RedisGraph (#2927)
- Fix redis 7.2.0 tests (#2902)
- Fix test_scorer (search) (#2920)
- changes from 5.0.0
- What's new?
- Triggers and Functions support Triggers and Functions allow
you to execute server-side functions triggered when key
values are modified or created in Redis, a stream entry
arrival, or explicitly calling them. Simply put, you can
replace Lua scripts with easy-to-develop JavaScript or
TypeScript code. Move your business logic closer to the data
to ensure a lower latency, and forget about updating
dependent key values manually in your code. Try it for
yourself with Quick start
- Full Redis 7.2 and RESP3 support
- Python 3.7 End-of-Life
- Python 3.7 has reached its end-of-life (EOL) as of June
2023. This means that starting from this date, Python 3.7
will no longer receive any updates, including security
patches, bug fixes, or improvements. If you continue to use
Python 3.7 post-EOL, you may expose your projects and
systems to potential security vulnerabilities. We ended its
support in this version and strongly recommend migrating to
Python 3.10.
- Bug Fixes
- Fix timeout retrying on pipeline execution (#2812)
- Fix socket garbage collection (#2859)
- Maintenance
- Updating client license to clear, MIT (#2884)
- Add py.typed in accordance with PEP-561 (#2738)
- Dependabot label change (#2880)
- Fix type hints in SearchCommands (#2817)
- Add sync modules (except search) tests to cluster CI (#2850)
- Fix a duplicate word in CONTRIBUTING.md (#2848)
- Fixing doc builds (#2869)
- Change cluster docker to edge and enable debug command
(#2853)
- changes from 4.6.0
- Experimental Features
- Support JSON.MERGE command (#2761)
- Support JSON.MSET command (#2766)
- New Features
- Extract abstract async connection class (#2734)
- Add support for WAITAOF (#2760)
- Introduce OutOfMemoryError exception for Redis write command rejections due to OOM errors (#2778)
- Add WITHSCORE argument to ZRANK (#2758)
- Bug Fixes
- Fix dead weakref in sentinel connection causing ReferenceError (#2767) (#2771)
- Fix Key Error in parse_xinfo_stream (#2788)
- Remove unnecessary __del__ handlers (#2755)
- Added support for missing argument to SentinelManagedConnection.read_response() (#2756)
- Maintenance
- Fix type hint for retry_on_error in async cluster (#2804)
- Clean up documents and fix some redirects (#2801)
- Add unit tests for the connect method of all Redis connection classes (#2631)
- Docstring formatting fix (#2796)
- update to 4.5.5:
* Add support for CLIENT NO-TOUCH
* Add support for CLUSTER MYSHARDID
* Add 'address_remap' feature to RedisCluster
* Add WITHSCORES argument to ZREVRANK command
* Improve error output for master discovery
* Fix XADD: allow non negative maxlen
* Fix create single connection client from url
* Optionally disable disconnects in read_response
* Fix SLOWLOG GET return value
* Fix potential race condition during disconnection
* Return response in case of KeyError
* Fix incorrect usage of once flag in async Sentinel
* Fix memory leak caused by hiredis in asyncio case
* Really do not use asyncio's timeout lib before 3.11.2
- add sle15_python_module_pythons
- Update to 4.5.4:
* Security
+ Cancelling an async future does not, properly trigger, leading to a
potential data leak in specific cases. (CVE-2023-28858, bsc#1209811)
+ Cancelling an async future does not, properly trigger, leading to a
potential data leak in specific cases. (CVE-2023-28859, bsc#1209812)
* New Features
+ Introduce AbstractConnection so that UnixDomainSocketConnection can
call super().init (#2588)
+ Added queue_class to REDIS_ALLOWED_KEYS (#2577)
+ Made search document subscriptable (#2615)
+ Sped up the protocol parsing (#2596)
+ Use hiredis::pack_command to serialized the commands. (#2570)
+ Add support for unlink in cluster pipeline (#2562)
* Bug Fixes
+ Fixing cancelled async futures (#2666)
+ Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
+ Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor
argument (#2630)
+ CWE-404 AsyncIO Race Condition Fix (#2624, #2579)
+ Fix behaviour of async PythonParser to match RedisParser as for
issue #2349 (#2582)
+ Replace async_timeout by asyncio.timeout (#2602)
+ Update json().arrindex() default values (#2611)
+ Fix #2581 UnixDomainSocketConnection object has no attribute
_command_packer (#2583)
+ Fix issue with pack_commands returning an empty byte sequence (#2416)
+ Async HiredisParser should finish parsing after a
Connection.disconnect() (#2557)
+ Check for none, prior to raising exception (#2569)
+ Tuple function cannot be passed more than one argument (#2573)
+ Synchronise concurrent command calls to single-client to single-client
mode (#2568)
+ Async: added 'blocking' argument to call lock method (#2454)
+ Added a replacement for the default cluster node in the event of
failure. (#2463)
+ Fixed geosearch: Wrong number of arguments for geosearch command (#2464)
- Clean up BuildRequires and Requires.
- Disable broken test test_xautoclaim gh#redis/redis-py#2554
- udpate to 4.3.5:
* Add support for TIMESERIES 1.8 (#2296)
* Graph - add counters for removed labels and properties (#2292)
* Add support for TDIGEST.QUANTILE extensions (#2317)
* Add TDIGEST.TRIMMED_MEAN (#2300)
* Add support for async GRAPH module (#2273)
* Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE
(#2319)
* Adding reserve as an alias for create, so that we have BF.RESERVE and
CF.RESERVE accuratenly supported (#2331)
* Fix async connection.is_connected to return a boolean value (#2278)
* Fix: workaround asyncio bug on connection reset by peer (#2259)
* Fix crash: key expire while search (#2270)
* Async cluster: fix concurrent pipeline (#2280)
* Fix async SEARCH pipeline (#2316)
* Fix KeyError in async cluster - initialize before execute multi key
commands (#2439)
* Supply chain risk reduction: remove dependency on library named deprecated
(#2386)
* Search test - Ignore order of the items in the response (#2322)
* Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335)
* Fix TimeSeries range aggregation (twa) tests (#2358)
* Mark TOPK.COUNT as deprecated (#2363)
- update to 4.3.4:
* Fix backward compatibility from 4.3.2 in Lock.acquire()
* Fix XAUTOCLAIM to return the full response, instead of only keys 2+
* Added dynamic_startup_nodes configuration to RedisCluster.
* Fix retries in async mode
* Async cluster: fix simultaneous initialize
* Uppercased commands in CommandsParser.get_keys
* Late eval of the skip condition in async tests
* Reuse the old nodes' connections when a cluster topology refresh is being done
* Docs: add pipeline examples
* Correct retention_msecs value
* Cluster: use pipeline to execute split commands
* Docs: Add a note about client_setname and client_name difference
- Delete unused redismod.conf, remove duplicate Source entry for
tox.ini
- Add redismod.conf and tox.ini as Sources to SPEC file.
- Update to version 4.3.3
* Fix Lock crash, and versioning 4.3.3 (#2210)
* Async cluster: improve docs (#2208)
- Release 4.3.2
* SHUTDOWN - add support for the new NOW, FORCE and ABORT modifiers (#2150)
* Adding pipeline support for async cluster (#2199)
* Support CF.MEXISTS + Clean bf/commands.py (#2184)
* Extending query_params for FT.PROFILE (#2198)
* Implementing ClusterPipeline Lock (#2190)
* Set default response_callbacks to redis.asyncio.cluster.ClusterNode (#2201)
* Add default None for maxlen at xtrim command (#2188)
* Async cluster: add/update typing (#2195)
* Changed list type to single element type (#2203)
* Made sync lock consistent and added types to it (#2137)
* Async cluster: optimisations (#2205)
* Fix typos in README (#2206)
* Fix modules links to https://redis.io/commands/ (#2185)
- Update to version 4.3.1
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml (#1988). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster & change default
target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub,
ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio (#2065)
* Fix auth bug when provided with no username (#2086)
- Release 4.1.3
* Fix flushdb and flushall (#1926)
* Add redis5 and redis4 dockers (#1871)
* Change json.clear test multi to be up to date with redisjson
(#1922)
* Fixing volume for unstable_cluster docker (#1914)
* Update changes file with changes since 4.0.0-beta2 (#1915)
- Release 4.1.2
* Invalid OCSP certificates should raise ConnectionError on
failed validation (#1907)
* Added retry mechanism on socket timeouts when connecting to
the server (#1895)
* LMOVE, BLMOVE return incorrect responses (#1906)
* Fixing AttributeError in UnixDomainSocketConnection (#1903)
* Fixing TypeError in GraphCommands.explain (#1901)
* For tests, increasing wait time for the cluster (#1908)
* Increased pubsub's wait_for_messages timeout to prevent flaky
tests (#1893)
* README code snippets formatted to highlight properly (#1888)
* Fix link in the main page (#1897)
* Documentation fixes: JSON Example, SSL Connection Examples,
RTD version (#1887)
* Direct link to readthedocs (#1885)
- Release 4.1.1
* Add retries to connections in Sentinel Pools (#1879)
* OCSP Stapling Support (#1873)
* Define incr/decr as aliases of incrby/decrby (#1874)
* FT.CREATE - support MAXTEXTFIELDS, TEMPORARY, NOHL, NOFREQS,
SKIPINITIALSCAN (#1847)
* Timeseries docs fix (#1877)
* get_connection: catch OSError too (#1832)
* Set keys var otherwise variable not created (#1853)
* Clusters should optionally require full slot coverage (#1845)
* Triple quote docstrings in client.py PEP 257 (#1876)
* syncing requirements (#1870)
* Typo and typing in GraphCommands documentation (#1855)
* Allowing poetry and redis-py to install together (#1854)
* setup.py: Add project_urls for PyPI (#1867)
* Support test with redis unstable docker (#1850)
* Connection examples (#1835)
* Documentation cleanup (#1841)
- Release 4.1.0
* OCSP stapling support (#1820)
* Support for SELECT (#1825)
* Support for specifying error types with retry (#1817)
* Support for RESET command since Redis 6.2.0 (#1824)
* Support CLIENT TRACKING (#1612)
* Support WRITE in CLIENT PAUSE (#1549)
* JSON set_file and set_path support (#1818)
* Allow ssl_ca_path with rediss:// urls (#1814)
* Support for password-encrypted SSL private keys (#1782)
* Support SYNC and PSYNC (#1741)
* Retry on error exception and timeout fixes (#1821)
* Fixing read race condition during pubsub (#1737)
* Fixing exception in listen (#1823)
* Fixed MovedError, and stopped iterating through startup nodes
when slots are fully covered (#1819)
* Socket not closing after server disconnect (#1797)
* Single sourcing the package version (#1791)
* Ensure redis_connect_func is set on uds connection (#1794)
* SRTALGO - Skip for redis versions greater than 7.0.0 (#1831)
* Documentation updates (#1822)
* Add CI action to install package from repository commit hash
(#1781) (#1790)
* Fix link in lmove docstring (#1793)
* Disabling JSON.DEBUG tests (#1787)
* Migrated targeted nodes to kwargs in Cluster Mode (#1762)
* Added support for MONITOR in clusters (#1756)
* Adding ROLE Command (#1610)
* Integrate RedisBloom support (#1683)
* Adding RedisGraph support (#1556)
* Allow overriding connection class via keyword arguments
(#1752)
* Aggregation LOAD * support for RediSearch (#1735)
* Adding cluster, bloom, and graph docs (#1779)
* Add packaging to setup_requires, and use >= to play nice to
setup.py (fixes #1625) (#1780)
* Fixing the license link in the readme (#1778)
* Removing distutils from tests (#1773)
* Fix cluster ACL tests (#1774)
* Improved RedisCluster's reinitialize_steps and documentation
(#1765)
* Added black and isort (#1734)
* Link Documents for all module commands (#1711)
* Pyupgrade + flynt + f-strings (#1759)
* Remove unused aggregation subclasses in RediSearch (#1754)
* Adding RedisCluster client to support Redis Cluster Mode
(#1660)
* Support RediSearch FT.PROFILE command (#1727)
* Adding support for non-decodable commands (#1731)
* COMMAND GETKEYS support (#1738)
* RedisJSON 2.0.4 behaviour support (#1747)
* Removing deprecating distutils (PEP 632) (#1730)
* Updating PR template (#1745)
* Removing duplication of Script class (#1751)
* Splitting documentation for read the docs (#1743)
* Improve code coverage for aggregation tests (#1713)
* Fixing COMMAND GETKEYS tests (#1750)
* GitHub release improvements (#1684)
- Release 4.0.2
* Restoring Sentinel commands to redis client (#1723)
* Better removal of hiredis warning (#1726)
* Adding links to redis documents in function calls (#1719)
- Release 4.0.1
* Removing command on initial connections (#1722)
* Removing hiredis warning when not installed (#1721)
- Release 4.0.0
* FT.EXPLAINCLI intentionally raising NotImplementedError
* Restoring ZRANGE desc for Redis < 6.2.0 (#1697)
* Response parsing occasionally fails to parse floats (#1692)
* Re-enabling read-the-docs (#1707)
* Call HSET after FT.CREATE to avoid keyspace scan (#1706)
* Unit tests fixes for compatibility (#1703)
* Improve documentation about Locks (#1701)
* Fixes to allow --redis-url to pass through all tests (#1700)
* Fix unit tests running against Redis 4.0.0 (#1699)
* Search alias test fix (#1695)
* Adding RediSearch/RedisJSON tests (#1691)
* Updating codecov rules (#1689)
* Tests to validate custom JSON decoders (#1681)
* Added breaking icon to release drafter (#1702)
* Removing dependency on six (#1676)
* Re-enable pipeline support for JSON and TimeSeries (#1674)
* Export Sentinel, and SSL like other classes (#1671)
* Restore zrange functionality for older versions of Redis
(#1670)
* Fixed garbage collection deadlock (#1578)
* Tests to validate built python packages (#1678)
* Sleep for flaky search test (#1680)
* Test function renames, to match standards (#1679)
* Docstring improvements for Redis class (#1675)
* Fix georadius tests (#1672)
* Improvements to JSON coverage (#1666)
* Add python_requires setuptools check for python > 3.6 (#1656)
* SMISMEMBER support (#1667)
* Exposing the module version in loaded_modules (#1648)
* RedisTimeSeries support (#1652)
* Support for json multipath ($) (#1663)
* Added boolean parsing to PEXPIRE and PEXPIREAT (#1665)
* Add python_requires setuptools check for python > 3.6 (#1656)
* Adding vulture for static analysis (#1655)
* Starting to clean the docs (#1657)
* Update README.md (#1654)
* Adding description format for package (#1651)
* Publish to pypi as releases are generated with the release
drafter (#1647)
* Restore actions to prs (#1653)
* Fixing the package to include commands (#1649)
* Re-enabling codecov as part of CI process (#1646)
* Adding support for redisearch (#1640) Thanks @chayim
* redisjson support (#1636) Thanks @chayim
* Sentinel: Add SentinelManagedSSLConnection (#1419) Thanks
@AbdealiJK
* Enable floating parameters in SET (ex and px) (#1635) Thanks
@AvitalFineRedis
* Add warning when hiredis not installed. Recommend
installation. (#1621) Thanks @adiamzn
* Raising NotImplementedError for SCRIPT DEBUG and DEBUG
SEGFAULT (#1624) Thanks @chayim
* CLIENT REDIR command support (#1623) Thanks @chayim
* REPLICAOF command implementation (#1622) Thanks @chayim
* Add support to NX XX and CH to GEOADD (#1605) Thanks
@AvitalFineRedis
* Add support to ZRANGE and ZRANGESTORE parameters (#1603)
Thanks @AvitalFineRedis
* Pre 6.2 redis should default to None for script flush (#1641)
Thanks @chayim
* Add FULL option to XINFO SUMMARY (#1638) Thanks @agusdmb
* Geosearch test should use any=True (#1594) Thanks
@Andrew-Chen-Wang
* Removing packaging dependency (#1626) Thanks @chayim
* Fix client_kill_filter docs for skimpy (#1596) Thanks
@Andrew-Chen-Wang
* Normalize minid and maxlen docs (#1593) Thanks
@Andrew-Chen-Wang
* Update docs for multiple usernames for ACL DELUSER (#1595)
Thanks @Andrew-Chen-Wang
* Fix grammar of get param in set command (#1588) Thanks
@Andrew-Chen-Wang
* Fix docs for client_kill_filter (#1584) Thanks
@Andrew-Chen-Wang
* Convert README & CONTRIBUTING from rst to md (#1633) Thanks
@davidylee
* Test BYLEX param in zrangestore (#1634) Thanks
@AvitalFineRedis
* Tox integrations with invoke and docker (#1632) Thanks
@chayim
* Adding the release drafter to help simplify release notes
(#1618). Thanks @chayim
* BACKWARDS INCOMPATIBLE: Removed support for end of life
Python 2.7. #1318
* BACKWARDS INCOMPATIBLE: All values within Redis URLs are
unquoted via urllib.parse.unquote. Prior versions of redis-py
supported this by specifying the ``decode_components`` flag
to the ``from_url`` functions. This is now done by default
and cannot be disabled. #589
* POTENTIALLY INCOMPATIBLE: Redis commands were moved into a
mixin (see commands.py). Anyone importing ``redis.client`` to
access commands directly should import ``redis.commands``.
#1534, #1550
* Removed technical debt on REDIS_6_VERSION placeholder. Thanks
@chayim #1582.
* Various docus fixes. Thanks @Andrew-Chen-Wang #1585, #1586.
* Support for LOLWUT command, available since Redis 5.0.0.
Thanks @brainix #1568.
* Added support for CLIENT REPLY, available in Redis 3.2.0.
Thanks @chayim #1581.
* Support for Auto-reconnect PubSub on get_message. Thanks
@luhn #1574.
* Fix RST syntax error in README/ Thanks @JanCBrammer #1451.
* IDLETIME and FREQ support for RESTORE. Thanks @chayim #1580.
* Supporting args with MODULE LOAD. Thanks @chayim #1579.
* Updating RedisLabs with Redis. Thanks @gkorland #1575.
* Added support for ASYNC to SCRIPT FLUSH available in Redis
6.2.0. Thanks @chayim. #1567
* Added CLIENT LIST fix to support multiple client ids
available in Redis 2.8.12. Thanks @chayim #1563.
* Added DISCARD support for pipelines available in Redis 2.0.0.
Thanks @chayim #1565.
* Added ACL DELUSER support for deleting lists of users
available in Redis 6.2.0. Thanks @chayim. #1562
* Added CLIENT TRACKINFO support available in Redis 6.2.0.
Thanks @chayim. #1560
* Added GEOSEARCH and GEOSEARCHSTORE support available in Redis
6.2.0. Thanks @AvitalFine Redis. #1526
* Added LPUSHX support for lists available in Redis 4.0.0.
Thanks @chayim. #1559
* Added support for QUIT available in Redis 1.0.0. Thanks
@chayim. #1558
* Added support for COMMAND COUNT available in Redis 2.8.13.
Thanks @chayim. #1554.
* Added CREATECONSUMER support for XGROUP available in Redis
6.2.0. Thanks @AvitalFineRedis. #1553
* Including slowly complexity in INFO if available. Thanks
@ian28223 #1489.
* Added support for STRALGO available in Redis 6.0.0. Thanks
@AvitalFineRedis. #1528
* Addes support for ZMSCORE available in Redis 6.2.0. Thanks
@2014BDuck and @jiekun.zhu. #1437
* Support MINID and LIMIT on XADD available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1548
* Added sentinel commands FLUSHCONFIG, CKQUORUM, FAILOVER, and
RESET available in Redis 2.8.12. Thanks @otherpirate. #834
* Migrated Version instead of StrictVersion for Python 3.10.
Thanks @tirkarthi. #1552
* Added retry mechanism with backoff. Thanks @nbraun-amazon.
#1494
* Migrated commands to a mixin. Thanks @chayim. #1534
* Added support for ZUNION, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1522
* Added support for CLIENT LIST with ID, available in Redis
6.2.0. Thanks @chayim. #1505
* Added support for MINID and LIMIT with xtrim, available in
Reds 6.2.0. Thanks @chayim. #1508
* Implemented LMOVE and BLMOVE commands, available in Redis
6.2.0. Thanks @chayim. #1504
* Added GET argument to SET command, available in Redis 6.2.0.
Thanks @2014BDuck. #1412
* Documentation fixes. Thanks @enjoy-binbin @jonher937. #1496
#1532
* Added support for XAUTOCLAIM, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1529
* Added IDLE support for XPENDING, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1523
* Add a count parameter to lpop/rpop, available in Redis 6.2.0.
Thanks @wavenator. #1487
* Added a (pypy) trove classifier for Python 3.9. Thanks @D3X.
#1535
* Added ZINTER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1520
* Added ZINTER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1520
* Added ZDIFF and ZDIFFSTORE support, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1518
* Added ZRANGESTORE support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1521
* Added LT and GT support for ZADD, available in Redis 6.2.0.
Thanks @chayim. #1509
* Added ZRANDMEMBER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1519
* Added GETDEL support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1514
* Added CLIENT KILL laddr filter, available in Redis 6.2.0.
Thanks @chayim. #1506
* Added CLIENT UNPAUSE, available in Redis 6.2.0. Thanks
@chayim. #1512
* Added NOMKSTREAM support for XADD, available in Redis 6.2.0.
Thanks @chayim. #1507
* Added HRANDFIELD support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1513
* Added CLIENT INFO support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1517
* Added GETEX support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1515
* Added support for COPY command, available in Redis 6.2.0.
Thanks @malinaa96. #1492
* Provide a development and testing environment via docker.
Thanks @abrookins. #1365
* Added support for the LPOS command available in Redis 6.0.6.
Thanks @aparcar #1353/#1354
* Added support for the ACL LOG command available in Redis 6.
Thanks @2014BDuck. #1307
* Added support for ABSTTL option of the RESTORE command
available in Redis 5.0. Thanks @charettes. #1423
- Drop account-defaults-redis.patch merged upstream
- Add account-defaults-redis.patch which fixes failing tests by
taking into consideration redis defaults, not overwriting them
(gh#andymccurdy/redis-py#1499).
- Skipp two tests because of gh#andymccurdy/redis-py#1459.
- update to 3.5.3
* Restore try/except clauses to __del__ methods. These will be removed
in 4.0 when more explicit resource management if enforced. #1339
* Update the master_address when Sentinels promote a new master. #847
* Update SentinelConnectionPool to not forcefully disconnect other in-use
connections which can negatively affect threaded applications. #1345
3.5.2
* Tune the locking in ConnectionPool.get_connection so that the lock is
not held while waiting for the socket to establish and validate the
TCP connection.
3.5.1
* Fix for HSET argument validation to allow any non-None key. Thanks
@AleksMat, #1337, #1341
3.5.0
* Removed exception trapping from __del__ methods. redis-py objects that
hold various resources implement __del__ cleanup methods to release
those resources when the object goes out of scope. This provides a
fallback for when these objects aren't explicitly closed by user code.
Prior to this change any errors encountered in closing these resources
would be hidden from the user. Thanks @jdufresne. #1281
* Expanded support for connection strings specifying a username connecting
to pre-v6 servers. #1274
* Optimized Lock's blocking_timeout and sleep. If the lock cannot be
acquired and the sleep value would cause the loop to sleep beyond
blocking_timeout, fail immediately. Thanks @clslgrnc. #1263
* Added support for passing Python memoryviews to Redis command args that
expect strings or bytes. The memoryview instance is sent directly to
the socket such that there are zero copies made of the underlying data
during command packing. Thanks @Cody-G. #1265, #1285
* HSET command now can accept multiple pairs. HMSET has been marked as
deprecated now. Thanks to @laixintao #1271
* Don't manually DISCARD when encountering an ExecAbortError.
Thanks @nickgaya, #1300/#1301
* Reset the watched state of pipelines after calling exec. This saves
a roundtrip to the server by not having to call UNWATCH within
Pipeline.reset(). Thanks @nickgaya, #1299/#1302
* Added the KEEPTTL option for the SET command. Thanks
@laixintao #1304/#1280
* Added the MEMORY STATS command. #1268
* Lock.extend() now has a new option, `replace_ttl`. When False (the
default), Lock.extend() adds the `additional_time` to the lock's existing
TTL. When replace_ttl=True, the lock's existing TTL is replaced with
the value of `additional_time`.
* Add testing and support for PyPy.
- downgrade requires for redis to recommends
* Better error handling
Changes in python-retrying:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- require setuptools
- Switch to pyproject macros.
- Stop using greedy globs in %files.
- Update to version 1.3.4
* Added Greg Roodt as maintainer
* Formatted code with black
* Updated repository references
- Improve summary.
- Remove superfluous devel dependency for noarch package
- Initial package
Changes in python-semver:
- update to 3.0.2:
* :pr:`418`: Replace :class:`~collection.OrderedDict` with
:class:`dict`.
* The dict datatype is ordered since Python 3.7. As we do not
support Python 3.6 anymore, it can be considered safe to avoid
:class:`~collection.OrderedDict`.
* :pr:`431`: Clarify version policy for the different semver
versions (v2, v3, >v3) and the supported Python versions.
* :gh:`432`: Improve external doc links to Python and Pydantic.
* :pr:`417`: Amend GitHub Actions to check against MacOS.
- remove obsolete setup-remove-asterisk.patch
- update to version 3.0.1:
- Remove incorrect dependencies from build-system section of pyproject.toml by @mgorny in #405
- correct typo in function description of next_version by @treee111 in #406
- Improve GitHub Action by @tomschr in #408
- Add CITATION.cff for citation by @tomschr in #409
- Add Version class to __all__ export. Fix #410 by @Soneji in #411
- Configure docformatter by @tomschr in #412
- Prepare version 3.0.1 by @tomschr in #413
- update to version 3.0.0:
- Bugfixes
- :gh:`291`: Disallow negative numbers in VersionInfo arguments
for ``major``, ``minor``, and ``patch``.
* :gh:`310`: Rework API documentation.
Follow a more 'semi-manual' attempt and add auto directives
into :file:`docs/api.rst`.
* :gh:`344`: Allow empty string, a string with a prefix, or ``None``
as token in
:meth:`~semver.version.Version.bump_build` and
:meth:`~semver.version.Version.bump_prerelease`.
* :pr:`384`: General cleanup, reformat files:
* Reformat source code with black again as some config options
did accidentely exclude the semver source code.
Mostly remove some includes/excludes in the black config.
* Integrate concurrency in GH Action
* Ignore Python files on project dirs in .gitignore
* Remove unused patterns in MANIFEST.in
* Use ``extend-exclude`` for flake in :file:`setup.cfg`` and adapt list.
* Use ``skip_install=True`` in :file:`tox.ini` for black
* :pr:`393`: Fix command :command:`python -m semver` to avoid the error 'invalid choice'
* :pr:`396`: Calling :meth:`~semver.version.Version.parse` on a derived class will show correct type of derived class.
- Deprecations
* :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``.
* :gh:`234`: In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
* :gh:`284`: Deprecate the use of :meth:`~Version.isvalid`.
Rename :meth:`~semver.version.Version.isvalid`
to :meth:`~semver.version.Version.is_valid`
for consistency reasons with :meth:`~semver.version.Version.is_compatible`.
* :pr:`402`: Keep :func:`semver.compare <semver._deprecated.compare>`.
Although it breaks consistency with module level functions, it seems it's
a much needed/used function. It's still unclear if we should deprecate
this function or not (that's why we use :py:exc:`PendingDeprecationWarning`).
As we don't have a uniform initializer yet, this function stays in the
:file:`_deprecated.py` file for the time being until we find a better solution. See :gh:`258` for details.
- Features
* Remove :file:`semver.py`
* Create :file:`src/semver/__init__.py`
* Create :file:`src/semver/cli.py` for all CLI methods
* Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions
* Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver`
* Create :file:`src/semver/_types.py` to hold type aliases
* Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions
* Create :file:`src/semver/__about__.py` for all the metadata variables
* :gh:`213`: Add typing information
* :gh:`284`: Implement :meth:`~semver.version.Version.is_compatible` to make 'is self compatible with X'.
* :gh:`305`: Rename :class:`~semver.version.VersionInfo` to :class:`~semver.version.Version` but keep an alias for compatibility
- add setup-remove-asterisk.patch to fix build error
- update to version 3.0.0-dev.4:
- Bug Fixes:
- :gh:`374`: Correct Towncrier's config entries in the :file:`pyproject.toml` file.
The old entries ``[[tool.towncrier.type]]`` are deprecated and need
to be replaced by ``[tool.towncrier.fragment.<TYPE>]``.
- Deprecations:
- :gh:`372`: Deprecate support for Python 3.6.
Python 3.6 reached its end of life and isn't supported anymore.
At the time of writing (Dec 2022), the lowest version is 3.7.
Although the `poll <https://github.com/python-semver/python-semver/discussions/371>`_
didn't cast many votes, the majority agree to remove support for
Python 3.6.
- Improved Documentation:
- :gh:`335`: Add new section 'Converting versions between PyPI and semver' the limitations
and possible use cases to convert from one into the other versioning scheme.
- :gh:`340`: Describe how to get version from a file
- :gh:`343`: Describe combining Pydantic with semver in the 'Advanced topic'
section.
- :gh:`350`: Restructure usage section. Create subdirectory 'usage/' and splitted
all section into different files.
- :gh:`351`: Introduce new topics for:
* 'Migration to semver3'
* 'Advanced topics'
- Features:
- :pr:`359`: Add optional parameter ``optional_minor_and_patch`` in :meth:`.Version.parse` to allow optional
minor and patch parts.
- :pr:`362`: Make :meth:`.Version.match` accept a bare version string as match expression, defaulting to
equality testing.
- :gh:`364`: Enhance :file:`pyproject.toml` to make it possible to use the
:command:`pyproject-build` command from the build module.
For more information, see :ref:`build-semver`.
- :gh:`365`: Improve :file:`pyproject.toml`.
* Use setuptools, add metadata. Taken approach from
`A Practical Guide to Setuptools and Pyproject.toml
<https://godatadriven.com/blog/a-practical-guide-to-setuptools-and-pyproject-toml/>`_.
* Doc: Describe building of semver
* Remove :file:`.travis.yml` in :file:`MANIFEST.in`
(not needed anymore)
* Distinguish between Python 3.6 and others in :file:`tox.ini`
* Add skip_missing_interpreters option for :file:`tox.ini`
* GH Action: Upgrade setuptools and setuptools-scm and test
against 3.11.0-rc.2
- Trivial/Internal Changes:
- :gh:`378`: Fix some typos in Towncrier configuration
- switch to the tagged version rather than a gh branch tarball
- fix support for Python 3.10 with update to development version:
- update to revision g4d2df08:
- Changes for the upcoming release can be found in:
- the `'changelog.d' directory <https://github.com/python-semver/python-semver/tree/master/changelog.d>`_:
- in our repository.:
- update to version 3.0.0-dev.2:
- Deprecations:
- :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``.
- Features:
- :gh:`169`: Create semver package and split code among different modules in the packages.
* Remove :file:`semver.py`
* Create :file:`src/semver/__init__.py`
* Create :file:`src/semver/cli.py` for all CLI methods
* Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions
* Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver`
* Create :file:`src/semver/_types.py` to hold type aliases
* Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions
* Create :file:`src/semver/__about__.py` for all the metadata variables
- :gh:`305`: Rename :class:`VersionInfo` to :class:`Version` but keep an alias for compatibility
- Improved Documentation:
- :gh:`304`: Several improvements in documentation:
* Reorganize API documentation.
* Add migration chapter from semver2 to semver3.
* Distinguish between changlog for version 2 and 3
- :gh:`305`: Add note about :class:`Version` rename.
- Trivial/Internal Changes:
- :gh:`169`: Adapted infrastructure code to the new project layout.
* Replace :file:`setup.py` with :file:`setup.cfg` because the :file:`setup.cfg` is easier to use
* Adapt documentation code snippets where needed
* Adapt tests
* Changed the ``deprecated`` to hardcode the ``semver`` package name in the warning.
Increase coverage to 100% for all non-deprecated APIs
- :gh:`304`: Support PEP-561 :file:`py.typed`.
According to the mentioned PEP:
'Package maintainers who wish to support type checking
of their code MUST add a marker file named :file:`py.typed`
to their package supporting typing.'
Add package_data to :file:`setup.cfg` to include this marker in dist
and whl file.
- update to version 3.0.0-dev.1:
- Deprecations:
- :pr:`290`: For semver 3.0.0-alpha0:
* Remove anything related to Python2
* In :file:`tox.ini` and :file:`.travis.yml`
Remove targets py27, py34, py35, and pypy.
Add py38, py39, and nightly (allow to fail)
* In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
* Remove old Python versions (2.7, 3.4, 3.5, and pypy)
from Travis
- :gh:`234`: In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
- Features:
- :pr:`290`: Create semver 3.0.0-alpha0
* Update :file:`README.rst`, mention maintenance
branch ``maint/v2``.
* Remove old code mainly used for Python2 compatibility,
adjusted code to support Python3 features.
* Split test suite into separate files under :file:`tests/`
directory
* Adjust and update :file:`setup.py`. Requires Python >=3.6.*
Extract metadata directly from source (affects all the ``__version__``,
``__author__`` etc. variables)
- :gh:`270`: Configure Towncrier (:pr:`273`:)
* Add :file:`changelog.d/.gitignore` to keep this directory
* Create :file:`changelog.d/README.rst` with some descriptions
* Add :file:`changelog.d/_template.rst` as Towncrier template
* Add ``[tool.towncrier]`` section in :file:`pyproject.toml`
* Add 'changelog' target into :file:`tox.ini`. Use it like
:command:`tox -e changelog -- CMD` whereas ``CMD`` is a
Towncrier command. The default :command:`tox -e changelog`
calls Towncrier to create a draft of the changelog file
and output it to stdout.
* Update documentation and add include a new section
'Changelog' included from :file:`changelog.d/README.rst`.
- :gh:`276`: Document how to create a sublass from :class:`VersionInfo` class
- :gh:`213`: Add typing information
- Bug Fixes:
- :gh:`291`: Disallow negative numbers in VersionInfo arguments
for ``major``, ``minor``, and ``patch``.
- Improved Documentation:
- :pr:`290`: Several improvements in the documentation:
* New layout to distinguish from the semver2 development line.
* Create new logo.
* Remove any occurances of Python2.
* Describe changelog process with Towncrier.
* Update the release process.
- Trivial/Internal Changes:
- :pr:`290`: Add supported Python versions to :command:`black`.
* PR #62. Support custom default names for pre and build
Changes in python-sshtunnel:
- Require update-alternatives for the scriptlets.
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- Use %sle15_python_module_pythons
- do not require python-mock for build
- update to 0.4.0:
+ Change the daemon mod flag for all tunnel threads (is not fully backward
compatible) to prevent unexpected hangs (`#219`_) + Add docker based end to end
functinal tests for Mongo/Postgres/MySQL
+ Add docker based end to end hangs tests
+ Fix host key directory detection
+ Unify default ssh config folder to `~/.ssh`
+ Increase open connection timeout to 10 secods
+ Change default with context behavior to use `.stop(force=True)` on exit
+ Remove useless `daemon_forward_servers = True` hack for hangs prevention
+ Set transport keepalive to 5 second by default
+ Set default transport timeout to 0.1
+ Deprecate and remove `block_on_close` option
+ Fix 'deadlocks' / 'tunneling hangs'
+ Add `.stop(force=True)` for force close active connections
+ Fixes bug with orphan thread for a tunnel that is DOWN
+ Support IPv6 without proxy command. Use built-in paramiko create socket
logic. The logic tries to use ipv6 socket family first, then ipv4 socket
family.
Changes in python-strictyaml:
- require setuptools
- update to 1.7.3:
* REFACTOR : Fix pipeline.
* TOOLING : Improvements to pyenv multi-environment tester.
* FEATURE : Upgraded package to use pyproject.toml files
* REFACTOR : Fixed linter errors.
* TOOLING : Build wheel and sdist that both work.
- Add %{?sle15_python_module_pythons}
- Update to 1.6.2
No relevant code changes.
see details changelog: https://hitchdev.com/strictyaml/changelog/#latest
- update to 1.6.1
too many changes to be listed here
see detailed changelog: https://hitchdev.com/strictyaml/changelog/
- update to 1.4.4
* Add support for NaN and infinity representations
* Optional keys in mappings and set value to None
* Support underscores in int and decimal
* NullNone - parse 'null' as None like YAML 1.2 does.
* Bundle last propertly working ruamel.yaml version in with strictyaml.
- version update to 1.0.6
* BUGFIX : Fix accidental python 2 breakage.
* BUGFIX : Accidental misrecognition of boolean values as numbers - cause of #85.
* BUGFIX : Fix for #86 - handle changing multiline strings.
* BUGFIX: handle deprecated collections import in the parser (#82)
- Update to 1.0.5:
* BUGFIX : Fixed python 2 bug introduced when fixing #72.
* FEATURE : Include tests / stories in package.
* BUG: issue #72. Now setitem uses schema.
- Expand %description.
- Initial spec for v1.0.3
Changes in python-sure:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- update to 2.0.1:
* Fixes CI build (Github Actions)
* Fixes broken tests
* Housekeeping: Licensing
* Disable nosetests for testing leaving only pytest as
supported test-runner for now
- Add %{?sle15_python_module_pythons}
- Remove mock from BuildRequires.
- Rebase python-sure-no-mock.patch to remove one missed import.
- do not require mock for build nor runtime
- added patches
fix https://github.com/gabrielfalcao/sure/pull/161
+ python-sure-no-mock.patch
- Update to 2.0.0
* No longer patch the builtin dir() function, which fixes pytest
in some cases such as projects using gevent.
- switch to pytest
- Version update to 1.4.11:
* Reading the version dynamically was causing import errors that caused error when installing package. Refs #144
Changes in python-vcrpy:
- Update to 6.0.1
* BREAKING: Fix issue with httpx support (thanks @parkerhancock) in #784.
* BREAKING: Drop support for `boto` (vcrpy still supports boto3, but is dropping the deprecated `boto` support in this release. (thanks @jairhenrique)
* Fix compatibility issue with Python 3.12 (thanks @hartwork)
* Drop simplejson (fixes some compatibility issues) (thanks @jairhenrique)
* Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @mgorny)
* Various linting and docs improvements (thanks @jairhenrique)
* Tornado fixes (thanks @graingert)
- version update to 5.1.0
* Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @jairhenrique
* Enable rule B (flake8-bugbear) on ruff - thanks @jairhenrique
* Configure read the docs V2 - thanks @jairhenrique
* Fix typo in docs - thanks @quasimik
* Make json.loads of Python >=3.6 decode bytes by itself - thanks @hartwork
* Fix body matcher for chunked requests (fixes #734) - thanks @hartwork
* Fix query param filter for aiohttp (fixes #517) - thanks @hartwork and @salomvary
* Remove unnecessary dependency on six. - thanks @charettes
* build(deps): update sphinx requirement from <7 to <8 - thanks @jairhenrique
* Add action to validate docs - thanks @jairhenrique
* Add editorconfig file - thanks @jairhenrique
* Drop iscoroutinefunction fallback function for unsupported python thanks @jairhenrique
- for changelog for older releases refer to https://github.com/kevin1024/vcrpy/releases
- six is not required
- Use sle15_python_module_pythons
- Restrict urllib3 < 2 -- gh#kevin1024/vcrpy#688
- Update to version 4.2.1
* Fix a bug where the first request in a redirect chain was not being recorded with aiohttp
* Various typos and small fixes, thanks @jairhenrique, @timgates42
- Update to 4.1.1:
* Fix HTTPX support for versions greater than 0.15 (thanks @jairhenrique)
* Include a trailing newline on json cassettes (thanks @AaronRobson)
- Update to 4.1.0:
* Add support for httpx!! (thanks @herdigiorgi)
* Add the new allow_playback_repeats option (thanks @tysonholub)
* Several aiohttp improvements (cookie support, multiple headers with same
key) (Thanks @pauloromeira)
* Use enums for record modes (thanks @aaronbannin)
* Bugfix: Do not redirect on 304 in aiohttp (Thanks @royjs)
* Bugfix: Fix test suite by switching to mockbin (thanks @jairhenrique)
- Remove patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch
as we dropped py2 integration support on Tumbleweed
- Added patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch
* Enable python2 again since it breaks many packages
- Fix locale on Leap
- update to version 4.0.2
* Remove Python2 support
* Add Python 3.8 TravisCI support
* Correct mock imports
Changes in python-xmltodict:
- Clean up the SPEC file.
- add sle15_python_module_pythons
- update to 0.13.0:
* Add install info to readme for openSUSE. (#205)
* Support defaultdict for namespace mapping (#211)
* parse(generator) is now possible (#212)
* Processing comments on parsing from xml to dict (connected to #109) (#221)
* Add expand_iter kw to unparse to expand iterables (#213)
* Fixed some typos
* Add support for python3.8
* Drop Jython/Python 2 and add Python 3.9/3.10.
* Drop OrderedDict in Python >= 3.7
* Do not use len() to determine if a sequence is empty
* Add more namespace attribute tests
* Fix encoding issue in setup.py
- Add patch skip-tests-expat-245.patch:
* Do not run tests that make no sense with a current Expat.
Changes in python-asgiref:
First package shipment.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1857-1
Released: Thu May 30 14:13:01 2024
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1224788,CVE-2024-35195
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1864-1
Released: Thu May 30 14:19:13 2024
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1939-1
Released: Fri Jun 7 14:03:13 2024
Summary: Security update for python-idna
Type: security
Severity: moderate
References: 1222842,CVE-2024-3651
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed a denial of service via resource consumption through
specially crafted inputs to idna.encode() (bsc#1222842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2138-1
Released: Fri Jun 21 13:08:20 2024
Summary: Security update for python-cryptography
Type: security
Severity: moderate
References: 1220210,CVE-2024-26130
This update for python-cryptography fixes the following issues:
- CVE-2024-26130: Fix a NULL pointer dereference in pkcs12.serialize_key_and_certificates(). (bsc#1220210)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1638-1
Released: Fri Jun 21 13:09:31 2024
Summary: Recommended update for aws-cli and python311 dependencies
Type: recommended
Severity: moderate
References: 1118027,1144357,1162712,1167148,1171933,1172579,1172948,1179890,1189649,1190538,1192298,1199722,1209255,1211830,1217336,1220168
This update for aws-cli and python311 dependencies fixes the following issues:
- Upgrade aws-cli to v1.32 (jsc#PED-7487)
- This upgrade for aws-cli also provides the needed python311 dependencies.
- The bellow packages got obsoleted by the python311 counterpart:
- python3-botocore (superseded by python311-botocore)
- python3-s3transfer (superseded by python311-s3transfer)
- python3-boto (superseded by python311-boto)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2320-1
Released: Mon Jul 8 13:13:54 2024
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1226469,CVE-2024-37891
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2404-1
Released: Thu Jul 11 09:31:42 2024
Summary: Recommended update for mdadm
Type: recommended
Severity: moderate
References: 1225307
This update for mdadm fixes the following issues:
- util.c: change devnm to const in mdmon functions (bsc#1225307)
- Wait for mdmon when it is stared via systemd (bsc#1225307)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2982-1
Released: Tue Aug 20 11:08:55 2024
Summary: Security update for python311
Type: security
Severity: important
References: 1225660,1226447,1226448,1227378,1227999,1228780,CVE-2023-27043,CVE-2024-0397,CVE-2024-4032,CVE-2024-6923
This update for python311 fixes the following issues:
Security issues fixed:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
- CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233)
- CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448)
Non-security issues fixed:
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
- Improve python reproducible builds (bsc#1227999)
- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3055-1
Released: Wed Aug 28 14:49:28 2024
Summary: Security update for python-setuptools
Type: security
Severity: important
References: 1228105,CVE-2024-6345
This update for python-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3290-1
Released: Tue Sep 17 15:24:09 2024
Summary: Recommended update for python-netaddr
Type: recommended
Severity: moderate
References:
This update for python-netaddr fixes the following issue:
New python packages:
- python311-netaddr
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3427-1
Released: Tue Sep 24 18:42:49 2024
Summary: Security update for python311
Type: security
Severity: important
References: 1229596,1229704,1230227,CVE-2024-6232,CVE-2024-7592,CVE-2024-8088
This update for python311 fixes the following issues:
Update python311 to version 3.11.10.
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
- CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
- CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3469-1
Released: Fri Sep 27 13:19:43 2024
Summary: Recommended update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery
Type: recommended
Severity: moderate
References: 1223128
This update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery contains the following fixes:
Changes for python-kubernetes:
- add sle15_python_module_pythons, jsc#PED-8481
Changes for python-recommonmark:
- Initial shipment for python-recommonmark.
Please check changelog for detailed infromation.
Changes for python-Sphinx:
- Add patch to fix-test-expectation-for-enum-rendering-on-python-3.12.3. (bsc#1223128)
- Disable test test_ext_imgconverter.
- Add upstream patch to make it work with python 3.11.7
- avoid xdist - not used by upstream and unstable (and not
improving the build time by more than 25%)
- remove setuptools requires
Changes for python-sphinxcontrib-applehelp:
- Add fix tests with python-Shpinx 7.2
jsc#PED-8481
Changes for python-sphinxcontrib-jquery:
- drop tests-with-sphinx-72 patch in order to
- add tests-with-sphinx-72-python312 patch to build with python 312+
- remove tests-with-sphinx-71 patch
- Add tests-with-sphinx-72 patch to fix tests with sphinx 7.2.
- add tests-with-sphinx-71 patch to fix tests with sphinx 7.1+
- Initial release of 4.1
No source changes rebuild to fulfill python-recommonmark dependencies
on 15 SP4 for the following packages:
python311-Babel
python311-CommonMarkÂ
python311-Jinja2
python311-MarkupSafeÂ
python311-alabasterÂ
python311-imagesize
python311-snowballstemmer
python311-sphinx_rtd_theme
python311-sphinxcontrib-devhelpÂ
python311-sphinxcontrib-htmlhelp
python311-sphinxcontrib-jsmath
python311-sphinxcontrib-qthelp
python311-sphinxcontrib-serializinghtmlÂ
python311-sphinxcontrib-websupport
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3480-1
Released: Fri Sep 27 15:35:46 2024
Summary: Recommended update for mdadm
Type: recommended
Severity: moderate
References: 1226413
This update for mdadm fixes the following issues:
- Detail: remove duplicated code (bsc#1226413).
- mdadm: Fix native --detail --export (bsc#1226413).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3600-1
Released: Fri Oct 11 10:43:06 2024
Summary: Recommended update for python-requests
Type: recommended
Severity: moderate
References: 1225912,CVE-2024-35195
This update for python-requests fixes the following issue:
- Update CVE-2024-35195.patch to allow the usage of 'verify' parameter
as a directory (bsc#1225912)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3958-1
Released: Fri Nov 8 16:25:08 2024
Summary: Security update for python311
Type: security
Severity: moderate
References: 1230906,1232241,CVE-2024-9287
This update for python311 fixes the following issues:
- CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241).
Bug fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:6-1
Released: Thu Jan 2 09:45:11 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234808,1234809,CVE-2024-56201,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808)
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:500-1
Released: Thu Feb 13 09:26:54 2025
Summary: Recommended update for mdadm
Type: recommended
Severity: moderate
References: 1233265
This update for mdadm fixes the following issue:
- mdopen: add /sbin to PATH when call system('modprobe md_mod') (bsc#1233265).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:551-1
Released: Fri Feb 14 16:09:46 2025
Summary: Security update for python311
Type: security
Severity: moderate
References: 1228165,1231795,1236705,CVE-2025-0938
This update for python311 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
Other fixes:
- Update to version 3.11.11.
- Remove -IVendor/ from python-config. (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:956-1
Released: Wed Mar 19 17:12:25 2025
Summary: Security update for python-Jinja2
Type: security
Severity: moderate
References: 1238879,CVE-2025-27516
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:982-1
Released: Fri Mar 21 15:17:03 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1238450,1239210,CVE-2025-1795
This update for python311 fixes the following issues:
- CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1047-1
Released: Thu Mar 27 18:56:36 2025
Summary: Recommended update for branding-SLE
Type: recommended
Severity: moderate
References: 1236818
This update for branding-SLE fixes the following issue:
- Update plymouth theme to fix splash screen element placement issue (bsc#1236818).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1125-1
Released: Thu Apr 3 13:49:28 2025
Summary: Security update for libxslt
Type: security
Severity: important
References: 1238591,1239625,1239637,CVE-2023-40403,CVE-2024-55549,CVE-2025-24855
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1662-1
Released: Thu May 22 18:04:43 2025
Summary: Security update for python-cryptography
Type: security
Severity: low
References: 1242631,CVE-2025-3416
This update for python-cryptography fixes the following issues:
- CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value passed as
`properties` argument to either function (bsc#1242631).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1704-1
Released: Mon May 26 13:02:41 2025
Summary: Security update for python-setuptools
Type: security
Severity: important
References: 1243313,CVE-2025-47273
This update for python-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:1827-1
Released: Thu Jun 5 18:11:15 2025
Summary: Optional update for python-six
Type: optional
Severity: low
References:
This update python-six fixes the following issue:
- Rebuild for consistency across products, no source changes.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2057-1
Released: Sat Jun 21 11:04:24 2025
Summary: Security update for python311
Type: security
Severity: important
References: 1241067,1243273,1244032,1244056,1244059,1244060,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4516,CVE-2025-4517
This update for python311 fixes the following issues:
python311 was updated from version 3.11.10 to 3.11.13:
- Security issues fixed:
* CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273).
* CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile
extraction filters to be bypassed using crafted symlinks and hard links
(bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)
- Other changes and bugs fixed:
* Improved handling of system call failures that OpenSSL reports (bsc#1241067)
* Disable GC during thread operations to prevent deadlocks.
* Fixed a potential denial of service vulnerability in the imaplib module.
* Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an
email message using a modern email policy.
* Fixed parsing long IPv6 addresses with embedded IPv4 address.
* Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596
* Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
* ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
* os.path.realpath() now accepts a strict keyword-only argument.
* Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor
denial-of-service.
* Updated bundled libexpat to 2.7.1
* Writers of CPython documentation can now use next as the version for the versionchanged, versionadded,
deprecated directives.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2205-1
Released: Wed Jul 2 17:15:10 2025
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1244039,CVE-2024-47081
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixes netrc credential leak (bsc#1244039).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2247-1
Released: Tue Jul 8 10:59:37 2025
Summary: Recommended update for mdadm
Type: recommended
Severity: moderate
References: 1240789,1241474,1242696
This update for mdadm fixes the following issues:
- Add MAILFROM address to email envelope to avoid smtp auth errors (bsc#1241474).
- Allow any valid minor name in md device name (bsc#1240789).
- Add dependency on suse-module-tools for SLE15 (bsc#1242696).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2717-1
Released: Wed Aug 6 15:39:46 2025
Summary: Security update for python311
Type: security
Severity: important
References: 1244061,1244705,1247249,CVE-2025-4435,CVE-2025-6069,CVE-2025-8194
This update for python311 fixes the following issues:
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
- CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705).
- CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2735-1
Released: Fri Aug 8 10:06:06 2025
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1244925,CVE-2025-50181
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released: Fri Aug 29 02:07:38 2025
Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type: security
Severity: important
References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:
git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):
- Security issues fixed:
* CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
* CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
* CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
* CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
* CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)
- Other changes and bugs fixed:
- Other changes and bugs fixed:
* Added SHA256 support (bsc#1243197)
* Git moved to /usr/libexec/git/git and updated AppArmor profile
accordingly (bsc#1218588)
* gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
* Do not replace apparmor configuration (bsc#1216545)
* Fixed the Python version required (bsc#1212476)
- Version Updates Release Notes:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc
git-lfs is included in version 3.7.0.
python-PyYAML was updated from version 6.0.1 to 6.0.2:
- Added support for Cython 3.x and Python 3.13
obs-scm-bridge was updated from version 0.5.4 to 0.7.4:
- New Features and Improvements:
* Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
file.
* Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
files.
* Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
during checkout.
* Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
* SSH URL Support: ssh:// SCM URLs can now be used.
* Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
* Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
even when using subdirs.
* Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
* Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
* Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.
- Bugs fixed:
* Syntax Fix: A syntax issue was corrected.
* Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
tabs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3875-1
Released: Thu Oct 30 16:26:57 2025
Summary: Security update for libxslt
Type: security
Severity: important
References: 1250553,1251979,CVE-2025-10911,CVE-2025-11731
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3968-1
Released: Thu Nov 6 11:58:36 2025
Summary: Recommended update for libaio
Type: recommended
Severity: moderate
References: 1082318,1133233,1181869,1243195
This update for libaio fixes the following issues:
libaio was updated to 0.3.113 (jsc#PED-13433):
* Fix struct io_iocb_vector padding for 32bit architectures
* struct io_iocb_sockaddr padding for 32bit architectures
* Verify structure padding is correct at build time
* harness: add test for aio poll missed events
* Various patches for architectures/etc
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4113-1
Released: Mon Nov 17 04:11:18 2025
Summary: Recommended update for python-kiwi
Type: recommended
Severity: critical
References: 1250754
This update for python-kiwi contains the following fix:
- Fixed transition from `python3-kiwi` to the successor `python311-kiwi` when using `zypper patch` (bsc#1250754)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4297-1
Released: Fri Nov 28 11:03:19 2025
Summary: Security update for python311
Type: security
Severity: low
References: 1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python311 fixes the following issues:
Update to 3.11.14:
- CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
- CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4430-1
Released: Wed Dec 17 13:03:53 2025
Summary: Recommended update for mdadm
Type: recommended
Severity: moderate
References: 1207266,1229997,1243443,1248097,1253060
This update for mdadm fixes the following issues:
- Update to version 4.3+33.g22c212a5.
- Fixing race conditions between mdcheck_start and mdcheck_continue services
(bsc#1243443, bsc#1248097).
- Fixing broken monitoring for mdadm in Leap 15.6 (bsc#1229997).
- Fixing systemd unit file handling in spec file (bsc#1207266).
- Upstream bug fixes since 4.4 (bsc#1253060).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:255-1
Released: Thu Jan 22 17:08:38 2026
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1256331,CVE-2026-21441
This update for python-urllib3 fixes the following issues:
- CVE-2026-21441: Fixed excessive resource consumption during
decompression of data in HTTP redirect responses (bsc#1256331)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:271-1
Released: Fri Jan 23 12:00:51 2026
Summary: Recommended update for python-setuptools
Type: recommended
Severity: important
References: 1254255
This update for python-setuptools fixes the following issues:
- Implement basic PEP 639 support, (jsc#PED-14457, bsc#1254255)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:314-1
Released: Wed Jan 28 14:28:46 2026
Summary: Security update for python311
Type: security
Severity: moderate
References: 1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python311 fixes the following issues:
- CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997).
- CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400).
- CVE-2025-13837: protect against OOM when loading malicious content (bsc#1254401).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:367-1
Released: Tue Feb 3 14:09:40 2026
Summary: Security update for python-urllib3
Type: security
Severity: moderate
References: 1254866,1254867,CVE-2025-66418,CVE-2025-66471
This update for python-urllib3 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:407-1
Released: Mon Feb 9 07:43:45 2026
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1228081,1244449,1248356,1254202,1254293,1254563,1256427
This update for systemd fixes the following issues:
- Name libsystemd-{shared,core} based on the major version of systemd and
the package release number (bsc#1228081, bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared libraries.
- detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- timer: rebase last_trigger timestamp if needed
- timer: rebase the next elapse timestamp only if timer didn't already run
- timer: don't run service immediately after restart of a timer (bsc#1254563)
- test: check the next elapse timer timestamp after deserialization
- test: restarting elapsed timer shouldn't trigger the corresponding service
- Reintroduce systemd-network as a transitional dummy package containing no files (bsc#1254202)
The contents of this package were split into two independent packages:
systemd-networkd and systemd-resolved. However, the initial replacement caused
both network services to be disabled. Consequently, the original package has
been restored as an empty transitional package to prevent the disabling of the services.
It can be safely removed once the update is complete.
- units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
- units: add dep on systemd-logind.service by user at .service
- detect-virt: add bare-metal support for GCE (bsc#1244449)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:430-1
Released: Wed Feb 11 09:43:42 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1256902,CVE-2026-23490
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:432-1
Released: Wed Feb 11 10:11:56 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1248586,1254670,CVE-2025-7709
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:434-1
Released: Wed Feb 11 10:23:18 2026
Summary: Security update for gpg2
Type: security
Severity: important
References: 1256389,1257396,CVE-2026-24882
This update for gpg2 fixes the following issues:
Security fixes:
- CVE-2026-24882: Fixed stack-based buffer overflow in TPM2
PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396)
- Fixed GnuPG accepting Path Separators and Path Traversals in Literal
Data 'Filename' Field (bsc#1256389)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:465-1
Released: Thu Feb 12 10:53:02 2026
Summary: Recommended update for mdadm
Type: recommended
Severity: important
References: 1254541
This update for mdadm fixes the following issues:
- Update to version 4.3+34.g1edf7b5d:
* super1.c: fix crash with homehost=none (bsc#1254541)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:471-1
Released: Thu Feb 12 12:25:43 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1228490,1233563,1234842,1241437,1242909,1246184,1246447,1247030,1247712,1248211,1249307,1250032,1250082,1250705,1250748,1252511,1252712,1252900,1253087,1253451,1254378,1254447,1254465,1254510,1254767,1254842,1254845,1255377,1255401,1256528,1256609,1256610,1256612,1256616,1256617,1256623,1256641,1256664,1256665,1256682,1256726,1256728,1256759,1256779,1256792,1257154,1257158,1257232,1257236,1257296,1257332,1257473,1257603,CVE-2023-53714,CVE-2024-42103,CVE-2024-53070,CVE-2024-53149,CVE-2025-22047,CVE-2025-37813,CVE-2025-38243,CVE-2025-38322,CVE-2025-38379,CVE-2025-38539,CVE-2025-39689,CVE-2025-39813,CVE-2025-39829,CVE-2025-39913,CVE-2025-40097,CVE-2025-40202,CVE-2025-40257,CVE-2025-40259,CVE-2025-68284,CVE-2025-68285,CVE-2025-68775,CVE-2025-68804,CVE-2025-68808,CVE-2025-68813,CVE-2025-68819,CVE-2025-71078,CVE-2025-71081,CVE-2025-71083,CVE-2025-71085,CVE-2025-71089,CVE-2025-71111,CVE-2025-71112,CVE-2025-71120,CVE-2025-71136,CVE-2025-71147,CVE-2026-22999,CVE-2026-23001,CVE-20
26-23010
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
The following non security issues were fixed:
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes).
- cifs: Fix copy offload to flush destination region (bsc#1252511).
- cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511).
- cifs: add new field to track the last access time of cfid (git-fixes).
- ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- smb: change return type of cached_dir_lease_break() to bool (git-fixes).
- smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (git-fixes).
- smb: client: remove unused fid_lock (git-fixes).
- smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (git-fixes).
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748).
- smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes).
- smb: improve directory cache reuse for readdir operations (bsc#1252712).
- x86: make page fault handling disable interrupts properly (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:485-1
Released: Thu Feb 12 19:45:39 2026
Summary: Recommended update for suse-module-tools
Type: recommended
Severity: important
References: 1253679,1254264
This update for suse-module-tools fixes the following issues:
- Update to version 15.6.14:
* 80-hotplug-cpu-mem.rules: remount tmpfs on 'online' uevents (bsc#1254264)
* udev: use systemd service to remount tmpfs (bsc#1253679)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:570-1
Released: Tue Feb 17 17:38:47 2026
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1247850,1247858,1250553,1256807,1256808,1256809,1256811,1256812,1257593,1257594,1257595,CVE-2025-10911,CVE-2025-8732,CVE-2026-0990,CVE-2026-0992,CVE-2026-1757
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:597-1
Released: Mon Feb 23 16:58:08 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1258020,CVE-2026-25646
This update for libpng16 fixes the following issues:
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:637-1
Released: Wed Feb 25 13:13:52 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1254299,1258022
This update for grub2 fixes the following issues:
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
- Fix error 'grub-core/script/lexer.c:352:out of memory' after PowerPC CAS Reboot (bsc#1254299)
* Fix PowerPC CAS reboot to evaluate menu context
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:664-1
Released: Thu Feb 26 16:15:04 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,CVE-2025-11468,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:676-1
Released: Fri Feb 27 09:44:00 2026
Summary: Recommended update for makedumpfile
Type: recommended
Severity: important
References: 1245569,1256455
This update for makedumpfile fixes the following issues:
- Fix a data race in multi-threading mode (--num-threads=N) (bsc#1245569, bsc#1256455).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:741-1
Released: Mon Mar 2 09:11:04 2026
Summary: Security update for shim
Type: security
Severity: moderate
References: 1240871,1247432,CVE-2024-2312
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:767-1
Released: Tue Mar 3 14:05:42 2026
Summary: Security update for python311
Type: security
Severity: important
References: 1257029,1257031,1257041,1257042,1257044,1257046,1257108,CVE-2025-11468,CVE-2025-12781,CVE-2025-15282,CVE-2025-15366,CVE-2025-15367,CVE-2026-0672,CVE-2026-0865
This update for python311 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2025-12781: inadequate parameter check can cause data integrity issues (bsc#1257108).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:779-1
Released: Tue Mar 3 14:25:07 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1258045,1258049,1258054,1258080,1258081,CVE-2026-0964,CVE-2026-0965,CVE-2026-0966,CVE-2026-0967,CVE-2026-0968
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:783-1
Released: Tue Mar 3 14:36:14 2026
Summary: Security update for zlib
Type: security
Severity: moderate
References: 1258392,CVE-2026-27171
This update for zlib fixes the following issue:
- CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing
checks for negative lengths (bsc#1258392).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:791-1
Released: Tue Mar 3 16:59:33 2026
Summary: Recommended update for gcc15
Type: recommended
Severity: moderate
References: 1257463
This update for gcc15 fixes the following issues:
- Fix bogus expression simplification (bsc#1257463)
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2026:799-1
Released: Wed Mar 4 12:34:05 2026
Summary: Recommended update for python-passlib
Type: optional
Severity: low
References:
This update for python-passlib fixes the following issues:
- Ship python311-passlib to the s390x architecture, no source changes. (PED-13380)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:801-1
Released: Wed Mar 4 13:33:26 2026
Summary: Security update for libxslt
Type: security
Severity: moderate
References: 1250553,CVE-2025-10911
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:803-1
Released: Wed Mar 4 13:57:07 2026
Summary: Security update for util-linux
Type: security
Severity: moderate
References: 1258859,CVE-2026-3184
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:826-1
Released: Thu Mar 5 16:16:29 2026
Summary: Security update for expat
Type: security
Severity: moderate
References: 1257144,1257496,CVE-2026-24515,CVE-2026-25210
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:829-1
Released: Thu Mar 5 16:17:08 2026
Summary: Security update for gnutls
Type: security
Severity: moderate
References: 1257960,1258083,CVE-2025-14831
This update for gnutls fixes the following issues:
Security issue:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a
large number of name constraints and subject alternative names (bsc#1257960).
Other updates and bugfixes:
- update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753).
- lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
- tests/psk-file: Add testing for _credentials2 functions
- lib/psk: add null check for binder algo
- pre_shared_key: fix memleak when retrying with different binder algo
- pre_shared_key: add null check on pskcred
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:837-1
Released: Fri Mar 6 08:30:05 2026
Summary: Recommended update for syslogd
Type: recommended
Severity: moderate
References:
This update for syslogd fixes the following issues:
- Drop last sysvinit Requirement/Provide (jsc#PED-13698)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:844-1
Released: Fri Mar 6 16:45:31 2026
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1258319
This update for glibc fixes the following issues:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319, BZ #28940)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:863-1
Released: Wed Mar 11 13:41:48 2026
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References:
This update for openldap2 fixes the following issues:
- expose ldap_log.h in -devel (jsc#PED-15735)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:885-1
Released: Thu Mar 12 15:50:16 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1259363,1259364,1259365,CVE-2026-1965,CVE-2026-3783,CVE-2026-3784,CVE-2026-3805
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:908-1
Released: Tue Mar 17 17:32:39 2026
Summary: Security update for xen
Type: security
Severity: important
References: 1259247,1259248,CVE-2026-23554,CVE-2026-23555
This update for xen fixes the following issues:
- CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480)
- CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248, XSA-481)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:910-1
Released: Tue Mar 17 20:34:12 2026
Summary: Security update for vim
Type: security
Severity: moderate
References: 1246602,1258229,1259051,CVE-2025-53906,CVE-2026-26269,CVE-2026-28417
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:912-1
Released: Wed Mar 18 07:19:42 2026
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1229003,1258002
This update for ca-certificates-mozilla fixes the following issues:
- test for a concretely missing certificate rather than
just the directory, as the latter is now also provided by openssl-3
- Re-create java-cacerts with SOURCE_DATE_EPOCH set
for reproducible builds (bsc#1229003)
- Also mark /usr/share/factory/var/lib/ca-certificates/ as writable by the user
during install: allow rpm to properly execute %clean when completed.
- Create /var/lib/ca-certificates during build to ensure rpm gives
the %ghost'ed directory proper mode attributes.
- Updated to 2.84 state (bsc#1258002)
* Removed:
+ Baltimore CyberTrust Root
+ CommScope Public Trust ECC Root-01
+ CommScope Public Trust ECC Root-02
+ CommScope Public Trust RSA Root-01
+ CommScope Public Trust RSA Root-02
+ DigiNotar Root CA
* Added:
+ e-Szigno TLS Root CA 2023
+ OISTE Client Root ECC G1
+ OISTE Client Root RSA G1
+ OISTE Server Root ECC G1
+ OISTE Server Root RSA G1
+ SwissSign RSA SMIME Root CA 2022 - 1
+ SwissSign RSA TLS Root CA 2022 - 1
+ TrustAsia SMIME ECC Root CA
+ TrustAsia SMIME RSA Root CA
+ TrustAsia TLS ECC Root CA
+ TrustAsia TLS RSA Root CA
- reenable the distrusted certs again. the distrust is only for certs
issued after the distrust date, not for all certs of a CA.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:931-1
Released: Thu Mar 19 09:23:14 2026
Summary: Security update for jq
Type: security
Severity: low
References: 1248600,CVE-2025-9403
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:949-1
Released: Fri Mar 20 19:08:19 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1040-1
Released: Wed Mar 25 13:43:08 2026
Summary: Security update for systemd
Type: security
Severity: important
References: 1259418,1259650,1259697,CVE-2026-29111,CVE-2026-4105
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- a943e3ce2f machined: reject invalid class types when registering machines
- 71593f77db udev: fix review mixup
- 73a89810b4 udev-builtin-net-id: print cescaped bad attributes
- 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
- 40905232e2 udev: ensure tag parsing stays within bounds
- 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
- d018ac1ea3 udev: check for invalid chars in various fields received from the kernel
- aef6e11921 core/cgroup: avoid one unnecessary strjoina()
- cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
- 26a748f727 core: validate input cgroup path more prudently
- 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1041-1
Released: Wed Mar 25 15:13:19 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1226591,1241345,1243055,1245728,1249998,1251135,1251186,1251966,1251971,1252266,1252911,1252924,1253049,1254306,1254992,1255084,1256564,1256645,1256690,1256716,1257231,1257466,1257472,1257473,1257732,1257735,1257749,1257790,1257891,1257952,1258181,1258338,1258340,1258376,1258377,1258395,1258424,1258464,1258518,1258524,1258832,1258849,1258850,1258928,1259070,1259857,CVE-2023-53817,CVE-2024-38542,CVE-2025-37861,CVE-2025-39817,CVE-2025-39964,CVE-2025-40099,CVE-2025-40103,CVE-2025-40253,CVE-2025-71066,CVE-2025-71113,CVE-2025-71231,CVE-2026-23004,CVE-2026-23054,CVE-2026-23060,CVE-2026-23074,CVE-2026-23089,CVE-2026-23111,CVE-2026-23141,CVE-2026-23157,CVE-2026-23191,CVE-2026-23202,CVE-2026-23204,CVE-2026-23207,CVE-2026-23209,CVE-2026-23214,CVE-2026-23268,CVE-2026-23269
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).
- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).
- CVE-2025-71231: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (bsc#1258424).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Add bugnumber to existing mana change (bsc#1251971).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- cifs: add xid to query server interface call (git-fixes).
- clocksource: Print durations for sync check unconditionally (bsc#1241345).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
- net: mana: Add metadata support for xdp mode (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1065-1
Released: Thu Mar 26 11:38:12 2026
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1090-1
Released: Thu Mar 26 18:44:54 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1257181,CVE-2026-1299
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1105-1
Released: Fri Mar 27 08:03:05 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2026:1111-1
Released: Fri Mar 27 10:33:51 2026
Summary: Optional update for rsyslog
Type: optional
Severity: moderate
References:
This update for rsyslog fixes the following issue:
- add the rsyslog-module-ossl (openssl TLS support).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1113-1
Released: Fri Mar 27 10:34:35 2026
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1258311,1259825
This update for crypto-policies fixes the following issues:
Enables PQC key exchange support for OpenSSH (bsc#1258311, bsc#1259825)
* The sntrup761x25519-sha512 hybrid keyexchange for OpenSSH is enabled.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1158-1
Released: Tue Mar 31 13:55:47 2026
Summary: Security update for python-pyasn1
Type: security
Severity: important
References: 1259803,CVE-2026-30922
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1166-1
Released: Thu Apr 2 03:08:04 2026
Summary: Security update for expat
Type: security
Severity: important
References: 1259711,1259726,1259729,CVE-2026-32776,CVE-2026-32777,CVE-2026-32778
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1177-1
Released: Thu Apr 2 17:00:30 2026
Summary: Security update for tar
Type: security
Severity: important
References: 1246399,CVE-2025-45582
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1192-1
Released: Tue Apr 7 10:39:28 2026
Summary: Security update for python-pyOpenSSL
Type: security
Severity: important
References: 1259804,1259808,CVE-2026-27448,CVE-2026-27459
This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1215-1
Released: Wed Apr 8 14:27:57 2026
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1260445,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-31789,CVE-2026-31790
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1228-1
Released: Thu Apr 9 10:27:25 2026
Summary: Recommended update for shadow
Type: recommended
Severity: important
References: 1144060,1176006,1181400,1182850,1185897,1187536,1189139,1199026,1203823,1205502,1206627,1214806,1246052,916845,CVE-2013-4235,CVE-2023-4641
This update for shadow fixes the following issues:
shadow is updated to 4.17.2 to bring lots of features and bug fixes.
- util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize
it and update dependencies.
- Set SYS_{UID,GID}_MIN to 201:
After repeated similar requests to change the ID ranges we set the
above mentioned value to 201. The max value will stay at 499.
This range should be sufficient and will give us leeway for the
future.
It's not straightforward to find out which static UIDs/GIDs are
used in all packages.
Update to 4.17.2:
* src/login_nopam.c: Fix compiler warnings #1170
* lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
* Use HTTPS in link to Wikipedia article on password strength #1164
* lib/attr.h: use C23 attributes only with gcc >= 10 #1172
* login: Fix no-pam authorization regression #1174
* man: Add Portuguese translation #1178
* Update French translation #1177
* Add cheap defense mechanisms #1171
* Add Romanian translation #1176
Update to 4.17.1:
* Fix `su -` regression #1163
Update to 4.17.0:
* Fix the lower part of the domain of csrand_uniform()
* Fix use of volatile pointer
* Use str2[u]l() instead of atoi(3)
* Use a2i() in various places
* Fix const correctness
* Use uid_t for holding UIDs (and GIDs)
* Move all sprintf(3)-like APIs to a subdirectory
* Move all copying APIs to a subdirectory
* Fix forever loop on ENOMEM
* Fix REALLOC() nmemb calculation
* Remove id(1)
* Remove groups(1)
* Use local time for human-readable dates
* Use %F instead of %Y-%m-%d with strftime(3)
* is_valid{user,group}_name(): Set errno to distinguish the reasons
* Recommend --badname only if it is useful
* Add fmkomstemp() to fix mode of /etc/default/useradd
* Fix use-after-free bug in sgetgrent()
* Update Catalan translation
* Remove references to cppw, cpgr
* groupadd, groupmod: Update gshadow file with -U
* Added option -a for listing active users only, optimized using if aflg,return
* Added information in lastlog man page for new option '-a'
* Plenty of code cleanup and clarifications
- Disable flushing sssd caches. The sssd's files provider is no
longer available.
Update to 4.16.0:
* The shadow implementations of id(1) and groups(1) are deprecated
in favor of the GNU coreutils and binutils versions.
They will be removed in 4.17.0.
* The rlogind implementation has been removed.
* The libsubid major version has been bumped, since it now requires
specification of the module's free() implementation.
Update to 4.15.1:
* Fix a bug that caused spurious error messages about unknown
login.defs configuration options #967
* Adding checks for fd omission #964
* Use temporary stat buffer #974
* Fix wrong french translation #975
Update to 4.15.0
* libshadow:
+ Use utmpx instead of utmp. This fixes a regression introduced
in 4.14.0.
+ Fix build error (parameter name omitted).
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
+ Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
+ Fix build with musl libc.
+ Support out of tree builds
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
Update to 4.14.6:
* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
Update to 4.14.5:
* Build system:
+ Fix regression introduced in 4.14.4, due to a typo. chgpasswd had
been deleted from a Makefile variable, but it should have been
chpasswd.
Update to 4.14.4:
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
* libshadow:
+ Fix build error (parameter name omitted).
+ Fix off-by-one bug.
+ Remove warning.
Update to 4.14.3:
* libshadow: Avoid null pointer dereference (#904)
* Remove pam_keyinit from PAM configuration. (bsc#1199026 bsc#1203823)
This was introduced for bsc#1144060.
Update to 4.14.2:
* libshadow:
+ Fix build with musl libc.
+ Avoid NULL dereference.
+ Update utmp at an initial login
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
* Manual:
+ Document --prefix in chage(1), chpasswd(8), and passwd(1)
Update to 4.14.1:
Build system: Merge libshadow and libmisc into a single libshadow.
This fixes problems in the linker, which were reported at least
in Gentoo. #791
- Set proper SELinux labels for new homedirs.
Update to 4.14.0:
* configure: add with-libbsd option
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak (bsc#1214806, CVE-2023-4641)
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
* sssd: skip flushing if executable does not exist #699
* semanage: Do not set default SELinux range #676
* Add control character check #687
* usermod: respect --prefix for --gid option
* Fix null dereference in basename
* newuidmap and newgidmap: support passing pid as fd
* Prevent out of boundary access #633
* Explicitly override only newlines #633
* Correctly handle illegal system file in tz #633
* Supporting vendor given -shells- configuration file #599
* Warn if failed to read existing /etc/nsswitch.conf
* chfn: new_fields: fix wrong fields printed
* Allow supplementary groups to be added via config file #586
* useradd: check if subid range exists for user #592 (rh#2012929)
- Rename lastlog to lastlog.legacy to be able to switch to
Y2038 safe lastlog2 as default [jsc#PED-3144]
- bsc#1205502: Fix useradd audit event logging of ID field
Update to 4.13:
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don't block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don't test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don't warn when failed to open /etc/nsswitch.conf
Update to 4.12.3:
Revert removal of subid_init, which should have bumped soname.
So note that 4.12 through 4.12.2 were broken for subid users.
Update to 4.12.2:
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
Update to 4.12.1:
* Fix uk manpages
Update to 4.12:
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don't return uninitialized memory
* Don't let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use 'extern 'C'' to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages
- groupadd, useradd, usermod
- groups and id
- pwck
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
* Handle ERANGE errors correctly
* Check for fopen NULL return
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom.
* Chpasswd code cleanup
* Work around git safe.directory enforcement
* Alphabetize order in usermod help
* Erase password copy on error branches
* Suggest using --badname if needed
* Update translation files
* Correct badnames option to badname
* configure: replace obsolete autoconf macros
* tests: replace egrep with grep -E
* Update Ukrainian translations
* Cleanups
- Remove redeclared variable
- Remove commented out code and FIXMEs
- Add header guards
- Initialize local variables
* CI updates
- Create github workflow to install dependencies
- Enable CodeQL
- Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail
Provide /etc/login.defs.d on SLE15 since we support and use it
Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
rom util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
* Switch from xml2po to itstool in 'make dist'
* Fix double frees
* Add LOG_INIT configurable to useradd
* Add CREATE_MAIL_SPOOL documentation
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM
* Fix wrong SELinux labels in several possible cases
* Fix missing chmod in chadowtb_move
* Handle malformed hushlogins entries
* Fix groupdel segv when passwd does not exist
* Fix covscan-found newgrp segfault
* Remove trailing slash on hoedir
* Fix passwd -l message - it does not change expirey
* Fix SIGCHLD handling bugs in su and vipw
* Remove special case for '' in usermod
* Implement usermod -rG to remove a specific group
* call pam_end() after fork in child path for su and login
* useradd: In absence of /etc/passwd, assume 0 == root
* lib: check NULL before freeing data
* Fix pwck segfault
- Really enable USERGROUPS_ENAB [bsc#1189139].
Added hardening to systemd service(s) (bsc#1181400).
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
* login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- login.defs/MOTD_FILE: Use '' instead of blank entry [bsc#1187536]
- Add /etc/login.defs.d directory
- Enable shadowgrp so that we can set more secure group passwords
using shadow.
- Disable MOTD_FILE to allow the use of pam_motd to unify motd
message output [bsc#1185897]. Else motd entries of e.g. cockpit
will not be shown.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1310-1
Released: Tue Apr 14 12:42:12 2026
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1259377,CVE-2026-3731
This update for libssh fixes the following issues:
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1312-1
Released: Tue Apr 14 12:46:30 2026
Summary: Security update for bind
Type: security
Severity: important
References: 1260805,CVE-2026-1519
This update for bind fixes the following issues:
- CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1349-1
Released: Wed Apr 15 15:35:54 2026
Summary: Security update for python311
Type: security
Severity: important
References: 1252974,1254400,1254401,1254997,1257029,1257031,1257042,1257046,1257181,1259240,1259611,1259734,1259735,1259989,1260026,CVE-2025-11468,CVE-2025-12084,CVE-2025-13462,CVE-2025-13836,CVE-2025-13837,CVE-2025-15282,CVE-2025-6075,CVE-2026-0672,CVE-2026-0865,CVE-2026-1299,CVE-2026-2297,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519
This update for python311 fixes the following issues:
- Updated to Python 3.11.15
- CVE-2025-6075: If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables (bsc#1252974).
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029).
- CVE-2025-12084: cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (bsc#1254997).
- CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined (bsc#1259611).
- CVE-2025-13836: When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length (bsc#1254400).
- CVE-2025-13837: When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues (bsc#1254401).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181).
- CVE-2026-2297: cpython: incorrectly handled hook in FileLoader can lead to validation bypass (bsc#1259240).
- CVE-2026-3479: python: improper resource argument validation can allow path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies (bsc#1259734).
- CVE-2026-4224: C stack overflow when parsing XML with deeply nested DTD content models (bsc#1259735).
- CVE-2026-4519: leading dashes in URLs are accepted by the `webbrowser.open()` API and allow for web browser command line option injection (bsc#1260026).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1350-1
Released: Wed Apr 15 15:36:20 2026
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1259845,CVE-2026-27135
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1356-1
Released: Wed Apr 15 15:43:42 2026
Summary: Security update for nfs-utils
Type: security
Severity: moderate
References: 1246505,1259204,CVE-2025-12801
This update for nfs-utils fixes the following issue:
Security fixes:
- CVE-2025-12801: rpc.mountd allows a NFSv3 client to escalate their privileges and access subdirectories and subtrees
of an exported directory (bsc#1259204).
Other fixes:
- Split from nfs-utils into its own spec and changelog file (bsc#1246505).
- Split legacy libnfsidmap0 into a separate spec file (bsc#1246505).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1359-1
Released: Wed Apr 15 16:06:45 2026
Summary: Security update for sudo
Type: security
Severity: important
References: 1261420,CVE-2026-35535
This update for sudo fixes the following issue:
- CVE-2026-35535: Fixed potential privilege escalation when running the mailer (bsc#1261420).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1368-1
Released: Wed Apr 15 16:35:24 2026
Summary: Security update for libpng16
Type: security
Severity: important
References: 1260754,1260755,CVE-2026-33416,CVE-2026-33636
This update for libpng16 fixes the following issues:
- CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code
execution (bsc#1260754).
- CVE-2026-33636: out-of-bounds read/write in the palette expansion on ARM Neon can lead to information leak and
crashes (bsc#1260755).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1369-1
Released: Wed Apr 15 16:42:55 2026
Summary: Security update for glibc
Type: security
Severity: important
References: 1260078,1260082,CVE-2026-4437,CVE-2026-4438
This update for glibc fixes the following issues:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1372-1
Released: Wed Apr 15 19:07:33 2026
Summary: Recommended update for tpm2-0-tss
Type: recommended
Severity: moderate
References: 1258720
This update for tpm2-0-tss fixes the following issue:
- When installing libtss2-fapi errors from systemd-tmpfiles can appear.
Adding 'Requires' to libtss2-fapi to pull in the tss user (bsc#1258720).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1382-1
Released: Thu Apr 16 11:14:10 2026
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: important
References: 1230861,1239439,1241002,1244550,1257490,1257625,1257667,1257825,1261155
This update for suseconnect-ng fixes the following issues:
- Update version to 1.21.1:
* Fix nil token handling (bsc#1261155)
* Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
* Add expanded metric collection for kernel modules and hardware detection (jsc#TEL-226).
* Support new profile based metric collection
* Fix ignored --root parameter hanbling when reading and writing configuration (bsc#1257667)
* Add expanded metric collection for system vendor/manfacturer (jsc#TEL-260).
* Removed backport patch
* Add missing product id to allow yast2-registration to not break (bsc#1257825)
* Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
* Ignore product in announce call (bsc#1257490)
* Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
* Update error message for Public Cloud instances with registercloudguest installed.
SUSEConnect -d is disabled on PYAG and BYOS when
the registercloudguest command is available. (bsc#1230861)
* Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
* Fixed modules and extension link to point to version less documentation. (bsc#1239439)
* Fixed SAP instance detection (bsc#1244550)
* Remove link to extensions documentation (bsc#1239439)
* Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the new golang public library
which can be consumed without the need to interface with SUSEConnect directly.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1389-1
Released: Thu Apr 16 11:19:16 2026
Summary: Security update for python-PyJWT
Type: security
Severity: important
References: 1259616,CVE-2026-32597
This update for python-PyJWT fixes the following issues:
- CVE-2026-32597: Fixed unknown `crit` header extensions accepts (bsc#1259616).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1391-1
Released: Thu Apr 16 11:37:51 2026
Summary: Recommended update for mdadm
Type: recommended
Severity: important
References: 1243443,1258265,1259090
This update for mdadm fixes the following issues:
- Update to version 4.3+36.g12cb7035:
* avoid mdcheck_continue.timer and mdcheck_start.timer
firing simultaneously (bsc#1243443, bsc#1259090)
- Update to version 4.3+35.gd30fc922:
* platform-intel: Deal with hot-unplugged devices (bsc#1258265)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1410-1
Released: Thu Apr 16 14:41:43 2026
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1222465,1234736
This update for util-linux fixes the following issues:
- recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: Fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1418-1
Released: Thu Apr 16 18:43:02 2026
Summary: Security update for iproute2
Type: security
Severity: low
References: 1254324,CVE-2024-58251
This update for iproute2 fixes the following issue:
- CVE-2024-58251: denial of service via terminal escape sequences (bsc#1254324).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1432-1
Released: Fri Apr 17 12:12:08 2026
Summary: Security update for libcap
Type: security
Severity: important
References: 1261809,CVE-2026-4878
This update for libcap fixes the following issue:
- CVE-2026-4878: Address a potential TOCTOU race condition in cap_set_file() (bsc#1261809).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1434-1
Released: Fri Apr 17 12:49:03 2026
Summary: Recommended update for apparmor
Type: recommended
Severity: moderate
References: 1225811,1259441
This update for apparmor fixes the following issues:
- samba gives denied in audit with apparmor (bsc#1225811).
- apparmor denies printing with profiles on sle15-sp7 (bsc#1259441).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1441-1
Released: Fri Apr 17 16:18:19 2026
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1257235,CVE-2026-24401
This update for avahi fixes the following issue:
- CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1473-1
Released: Mon Apr 20 11:32:05 2026
Summary: Recommended update for grub2
Type: recommended
Severity: important
References: 1249385,1259543
This update for grub2 fixes the following issues:
- Fix PowerPC network boot prefix to correctly locate grub.cfg (bsc#1249385)
* use net config for boot location instead of
- Fix double free in xen booting if root filesystem is Btrfs (bsc#1259543)
* btrfs: add ability to boot from subvolumes
* btrfs: get default subvolume
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1487-1
Released: Mon Apr 20 17:52:11 2026
Summary: Security update for runc
Type: security
Severity: important
References:
This update for runc rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1495-1
Released: Mon Apr 20 17:59:12 2026
Summary: Security update for containerd
Type: security
Severity: important
References:
This update for containerd rebuilds it against the current go 1.25 security release.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1510-1
Released: Tue Apr 21 08:28:12 2026
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1259924,CVE-2025-69720
This update for ncurses fixes the following issue:
- CVE-2025-69720: buffer overflow in function `analyze_string()`of `progs/infocmp.c` (bsc#1259924).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1577-1
Released: Thu Apr 23 17:53:45 2026
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1260441,1260442,1260443,1260444,1261678,CVE-2026-28387,CVE-2026-28388,CVE-2026-28389,CVE-2026-28390,CVE-2026-31789
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1602-1
Released: Fri Apr 24 13:46:25 2026
Summary: Security update for libpng16
Type: security
Severity: moderate
References: 1261957,CVE-2026-34757
This update for libpng16 fixes the following issue:
- CVE-2026-34757: information disclosure and data corruption due to use-after-free in `png_set_PLTE`, `png_set_tRNS`
and `png_set_hIST` (bsc#1261957).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1605-1
Released: Fri Apr 24 13:48:53 2026
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1261678,CVE-2026-28390
This update for openssl-3 fixes the following issue:
Security issues fixed:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1607-1
Released: Fri Apr 24 13:50:52 2026
Summary: Security update for vim
Type: security
Severity: important
References: 1259985,1261191,1261271,CVE-2026-33412,CVE-2026-34714,CVE-2026-34982
This update for vim fixes the following issues:
Update to version 9.2.0280.
- CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS command
execution (bsc#1261271).
- CVE-2026-34714: missing checks allow for a `tabpanel` modeline escape and can lead to arbitrary OS command execution
(bsc#1261191).
- CVE-2026-33412: improper escaping of newline characters allows for command injection in `glob` and can lead to
arbitrary code execution (bsc#1259985).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1643-1
Released: Tue Apr 28 15:27:13 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1252073,1253122,1257506,1257773,1259188,1259461,1259580,1259707,1259797,1259998,1260005,1260009,1260347,1260471,1260486,1260562,1260730,1261412,1261498,CVE-2025-39998,CVE-2026-23103,CVE-2026-23231,CVE-2026-23243,CVE-2026-23272,CVE-2026-23274,CVE-2026-23278,CVE-2026-23293,CVE-2026-23317,CVE-2026-23381,CVE-2026-23398,CVE-2026-23412,CVE-2026-23413,CVE-2026-31788
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).
The following non security issues were fixed:
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (bsc#1253122).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1647-1
Released: Tue Apr 28 20:02:59 2026
Summary: Security update for python-requests
Type: security
Severity: moderate
References: 1260589,CVE-2026-25645
This update for python-requests fixes the following issues:
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and
reuses target files that already exist without validation (bsc#1260589).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1671-1
Released: Sat May 2 08:00:54 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1262573,CVE-2026-31431
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix one security issue
The following security issue was fixed:
- CVE-2026-31431: The copy.fail security issue is fixed by revert to operating out-of-place in algif_aead (bsc#1262573).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1715-1
Released: Wed May 6 14:09:30 2026
Summary: Security update for python3
Type: security
Severity: important
References: 1259611,1259734,1259735,1259989,1260026,1261969,1261970,1262098,1262319,1262654,CVE-2025-13462,CVE-2026-1502,CVE-2026-3446,CVE-2026-3479,CVE-2026-3644,CVE-2026-4224,CVE-2026-4519,CVE-2026-4786,CVE-2026-6019,CVE-2026-6100
This update for python3 fixes the following issues:
- CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to
misinterpretation of tar archives (bsc#1259611).
- CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969).
- CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be
processed (bsc#1261970).
- CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989).
- CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass
(bsc#1259734).
- CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735).
- CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser
command line option injection (bsc#1260026).
- CVE-2026-4786: URLs prefixed with `%action` can pass the dash-prefix safety check and allow for command injection
(bsc#1262319).
- CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654).
- CVE-2026-6100: use-after-free in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when process is
under memory pressure(bsc#1262098).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1721-1
Released: Wed May 6 16:43:37 2026
Summary: Recommended update for cloud-netconfig
Type: recommended
Severity: important
References: 1253223,1258406,1258730
This update for cloud-netconfig fixes the following issues:
- Update to version 1.19:
* Make sure IPADDR variable is stripped of netmask
- Update to version 1.18:
* Fix issue with link-local address routing (bsc#1258730)
- Update to version 1.17:
* Do not set broadcast address explicitly (bsc#1258406)
- Update to version 1.16:
* Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223)
* Fix variable names in the README
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:1814-1
Released: Mon May 11 17:16:51 2026
Summary: Recommended update for suse-build-key
Type: recommended
Severity: moderate
References:
This update for suse-build-key fixes the following issues:
- Import all keys if they are not yet in the RPM db.
- Added post quantum cryptographic keys for SLES 15 and SLES 16:
* build-pqc-15.pem
* build-pqc-16.pem
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1840-1
Released: Wed May 13 12:05:10 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1264449,1264450,CVE-2026-43284,CVE-2026-43500
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix the following issue:
- CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449).
- CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1876-1
Released: Sat May 16 00:06:36 2026
Summary: Security update for openssh
Type: security
Severity: important
References: 1261427,1261430,CVE-2026-35385,CVE-2026-35414
This update for openssh fixes the following issues
- CVE-2026-35385: a file downloaded by scp may be installed setuid or setgid (bsc#1261427).
- CVE-2026-35414: mishandling of authorized_keys principals option (bsc#1261430).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1908-1
Released: Sun May 17 19:14:31 2026
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1264013,1265209,1265308,CVE-2025-54518,CVE-2026-46300,CVE-2026-46333
The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).
- CVE-2026-46333: Fixed logic bug in the Linux kernel's __ptrace_may_access() function (bsc#1265308).
The following non security issues were fixed:
- io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1940-1
Released: Mon May 18 09:44:14 2026
Summary: Security update for curl
Type: security
Severity: important
References: 1259362,1262631,1262632,1262635,1262636,1262638,CVE-2026-1965,CVE-2026-4873,CVE-2026-5545,CVE-2026-6253,CVE-2026-6276,CVE-2026-6429
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2026-4873: connection reuse ignores TLS requirement (bsc#1262631).
- CVE-2026-5545: wrong reuse of HTTP Negotiate connection (bsc#1262632).
- CVE-2026-6253: proxy credentials leak over redirect-to proxy (bsc#1262635).
- CVE-2026-6276: stale custom cookie host causes cookie leak (bsc#1262636).
- CVE-2026-6429: netrc credential leak with reused proxy connection (bsc#1262638).
Other updates and bugfixes:
- sws: prevent 'connection monitor' to say disconnect twice (bsc#1259362).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1941-1
Released: Mon May 18 09:44:34 2026
Summary: Security update for sed
Type: security
Severity: moderate
References: 1262144,CVE-2026-5958
This update for sed fixes the following issue:
- CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file (bsc#1262144).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1980-1
Released: Mon May 18 14:07:52 2026
Summary: Security update for cloud-init
Type: security
Severity: important
References: 1170154,1214169,1228414,1233649,1236720,1237764,1239715,1245403,CVE-2024-11584,CVE-2024-6174
This update for cloud-init fixes the following issues:
- Update to version 25.1.3 (bsc#1245403, CVE-2024-11584, CVE-2024-6174)
- Update to version 25.1.1 (bsc#1239715, jsc#PED-8680, bsc#1228414, bsc#1237764)
- Make sure a directory exists, if not create it, before writing in that location (bsc#1236720)
- rsyslog warning, '~' is deprecated (bsc#1170154)
- Support python 3.13 (bsc#1233649)
- Move fdupes call back to %install (bsc#1214169)
- Re-ship python dependencies, those have no source changes.
The following package changes have been done:
- aide-0.16-24.1 added
- apparmor-abstractions-3.1.7-150600.5.12.2 updated
- apparmor-parser-3.1.7-150600.5.12.2 updated
- audit-audispd-plugins-3.0.6-150400.4.16.1 added
- bc-1.07.1-11.37 added
- bind-utils-9.18.33-150600.3.21.1 updated
- btrfsprogs-udev-rules-6.5.1-150600.2.4 added
- btrfsprogs-6.5.1-150600.2.4 added
- ca-certificates-mozilla-2.84-150200.44.1 updated
- cloud-init-config-suse-25.1.3-150400.15.7.6 updated
- cloud-init-25.1.3-150400.15.7.6 updated
- cloud-netconfig-azure-1.19-150000.25.31.1 updated
- containerd-ctr-1.7.29-150000.132.1 updated
- containerd-1.7.29-150000.132.1 updated
- crypto-policies-20230920.570ea89-150600.3.16.1 updated
- cryptsetup-2.7.0-150600.3.3.1 added
- curl-8.14.1-150600.4.43.1 updated
- device-mapper-2.03.22_1.02.196-150600.3.9.3 added
- dialog-1.3-3.3.7 added
- dracut-kiwi-lib-10.2.33-150600.14.10.2 added
- dracut-kiwi-oem-repart-10.2.33-150600.14.10.2 added
- glibc-locale-base-2.38-150600.14.46.1 updated
- glibc-2.38-150600.14.46.1 updated
- gpg2-2.4.4-150600.3.15.1 updated
- grub2-branding-SLE-15-150600.45.3.2 added
- grub2-i386-pc-2.12-150600.8.52.1 updated
- grub2-snapper-plugin-2.12-150600.8.52.1 added
- grub2-x86_64-efi-2.12-150600.8.52.1 updated
- grub2-2.12-150600.8.52.1 updated
- iproute2-6.4-150600.7.12.1 updated
- jq-1.6-150000.3.12.1 updated
- kernel-default-6.4.0-150600.23.109.1 updated
- libaio1-0.3.113-150600.15.3.1 added
- libapparmor1-3.1.7-150600.5.12.2 updated
- libavahi-client3-0.8-150600.15.15.1 updated
- libavahi-common3-0.8-150600.15.15.1 updated
- libblkid1-2.39.3-150600.4.21.1 updated
- libcap2-2.63-150400.3.6.1 updated
- libcurl4-8.14.1-150600.4.43.1 updated
- libdevmapper-event1_03-2.03.22_1.02.196-150600.3.9.3 added
- libdialog14-1.3-3.3.7 added
- libexpat1-2.7.1-150400.3.37.1 updated
- libfdisk1-2.39.3-150600.4.21.1 updated
- libgcc_s1-15.2.0+git10201-150000.1.9.1 updated
- libgnutls30-3.8.3-150600.4.17.1 updated
- libjq1-1.6-150000.3.12.1 updated
- libldap-2_4-2-2.4.46-150600.25.3.1 updated
- libldap-data-2.4.46-150600.25.3.1 updated
- libltdl7-2.4.6-150000.3.8.1 added
- liblvm2cmd2_03-2.03.22-150600.3.9.3 added
- libmount1-2.39.3-150600.4.21.1 updated
- libncurses6-6.1-150000.5.33.1 updated
- libnfsidmap1-1.0-150600.28.19.1 updated
- libnghttp2-14-1.40.0-150600.25.5.1 updated
- libopenscap25-1.3.6-150600.17.2 added
- libopenssl1_1-1.1.1w-150600.5.26.2 updated
- libopenssl3-3.1.4-150600.5.50.1 updated
- libpng16-16-1.6.40-150600.3.20.1 updated
- libpwquality1-1.4.5-150600.2.3 added
- libpython3_11-1_0-3.11.15-150600.3.53.1 added
- libpython3_6m1_0-3.6.15-150300.10.118.1 updated
- libreiserfscore0-3.6.27-2.24 added
- libsmartcols1-2.39.3-150600.4.21.1 updated
- libsqlite3-0-3.51.3-150000.3.39.1 updated
- libssh-config-0.9.8-150600.11.12.1 updated
- libssh4-0.9.8-150600.11.12.1 updated
- libstdc++6-15.2.0+git10201-150000.1.9.1 updated
- libsubid5-4.17.2-150600.17.18.1 added
- libsystemd0-254.27-150600.4.62.1 updated
- libtss2-esys0-3.1.1-150600.4.3.2 updated
- libtss2-fapi1-3.1.1-150600.4.3.2 updated
- libtss2-mu0-3.1.1-150600.4.3.2 updated
- libtss2-rc0-3.1.1-150600.4.3.2 updated
- libtss2-sys1-3.1.1-150600.4.3.2 updated
- libtss2-tctildr0-3.1.1-150600.4.3.2 updated
- libudev1-254.27-150600.4.62.1 updated
- libuuid1-2.39.3-150600.4.21.1 updated
- libxml2-2-2.10.3-150500.5.38.1 updated
- libxml2-tools-2.10.3-150500.5.38.1 added
- libxmlsec1-1-1.2.37-150600.19.3 added
- libxmlsec1-openssl1-1.2.37-150600.19.3 added
- libxslt1-1.1.34-150400.3.16.1 added
- libz1-1.2.13-150500.4.6.1 updated
- login_defs-4.17.2-150600.17.18.1 updated
- lvm2-2.03.22-150600.3.9.3 added
- makedumpfile-1.7.4-150600.3.6.1 updated
- mdadm-4.3+36.g12cb7035-150600.3.23.1 added
- ncurses-utils-6.1-150000.5.33.1 updated
- nfs-client-2.6.4-150600.28.19.1 updated
- openscap-utils-1.3.6-150600.17.2 added
- openscap-1.3.6-150600.17.2 added
- openssh-clients-9.6p1-150600.6.37.1 updated
- openssh-common-9.6p1-150600.6.37.1 updated
- openssh-server-9.6p1-150600.6.37.1 updated
- openssh-9.6p1-150600.6.37.1 updated
- openssl-3-3.1.4-150600.5.50.1 updated
- pv-1.7.24-150600.3.3 added
- python3-base-3.6.15-150300.10.118.1 updated
- python3-pyasn1-0.4.2-150000.3.16.1 updated
- python311-Jinja2-3.1.2-150400.12.14.1 added
- python311-MarkupSafe-2.1.3-150400.11.5.2 added
- python311-PyJWT-2.8.0-150400.8.10.1 added
- python311-PyYAML-6.0.2-150600.10.3.1 added
- python311-apipkg-3.0.1-150400.12.6.1 added
- python311-attrs-23.1.0-150400.8.6.1 added
- python311-base-3.11.15-150600.3.53.1 added
- python311-blinker-1.6.2-150400.12.7.4 added
- python311-certifi-2023.7.22-150400.12.6.2 added
- python311-cffi-1.15.1-150400.8.7.2 added
- python311-charset-normalizer-3.1.0-150400.9.7.2 added
- python311-configobj-5.0.8-150400.12.5.1 added
- python311-cryptography-41.0.3-150600.23.6.1 added
- python311-idna-3.4-150400.11.10.1 added
- python311-iniconfig-2.0.0-150400.10.6.1 added
- python311-jsonpatch-1.32-150400.10.5.1 added
- python311-jsonpointer-2.3-150400.11.5.1 added
- python311-jsonschema-4.17.3-150400.14.6.1 added
- python311-oauthlib-3.2.2-150400.12.7.4 added
- python311-passlib-1.7.4-150600.12.2.1 added
- python311-pyOpenSSL-23.2.0-150400.3.13.1 added
- python311-pycparser-2.21-150400.12.7.2 added
- python311-pyrsistent-0.19.3-150400.10.6.1 added
- python311-pyserial-3.5-150400.12.5.1 added
- python311-py-1.11.0-150400.12.7.2 added
- python311-requests-2.31.0-150400.6.21.1 added
- python311-setuptools-67.7.2-150400.3.22.1 added
- python311-six-1.16.0-150400.18.11.1 added
- python311-typing_extensions-4.9.0-150600.1.3 added
- python311-urllib3-2.0.7-150400.7.27.1 added
- python311-3.11.15-150600.3.53.1 added
- rsyslog-module-relp-8.2406.0-150600.12.10.1 updated
- rsyslog-8.2406.0-150600.12.10.1 updated
- runc-1.3.4-150000.92.1 updated
- scap-security-guide-0.1.80-150600.1.2 added
- sed-4.9-150600.3.3.1 updated
- shadow-4.17.2-150600.17.18.1 updated
- shim-16.1-150300.4.31.3 updated
- sudo-1.9.15p5-150600.3.15.1 updated
- suse-build-key-12.0-150000.8.64.1 updated
- suse-module-tools-15.6.14-150600.3.17.1 updated
- suseconnect-ng-1.21.1-150600.3.18.1 updated
- syslog-service-2.0-150300.13.3.1 updated
- system-user-tss-20170617-150400.24.2.1 added
- systemd-254.27-150600.4.62.1 updated
- tar-1.34-150000.3.37.1 updated
- terminfo-base-6.1-150000.5.33.1 updated
- terminfo-6.1-150000.5.33.1 updated
- thin-provisioning-tools-0.7.5-3.3.1 added
- udev-254.27-150600.4.62.1 updated
- util-linux-systemd-2.39.3-150600.4.21.1 updated
- util-linux-2.39.3-150600.4.21.1 updated
- vim-data-common-9.2.0280-150500.20.46.1 updated
- vim-9.2.0280-150500.20.46.1 updated
- xen-libs-4.18.5_12-150600.3.40.1 updated
- glibc-locale-2.38-150600.14.40.1 removed
- libwayland-client0-1.22.0-150600.1.6 removed
- python3-3.6.15-150300.10.103.1 removed
- python3-Babel-2.8.0-3.3.1 removed
- python3-Jinja2-2.10.1-150000.3.21.1 removed
- python3-MarkupSafe-1.0-1.29 removed
- python3-PyJWT-2.4.0-150200.3.8.1 removed
- python3-PyYAML-5.4.1-150300.3.6.1 removed
- python3-apipkg-2.1.0-150500.1.1 removed
- python3-appdirs-1.4.3-150000.3.3.1 removed
- python3-asn1crypto-0.24.0-150000.3.5.1 removed
- python3-attrs-19.3.0-150200.3.9.1 removed
- python3-blinker-1.4-150000.3.6.1 removed
- python3-certifi-2018.1.18-150000.3.6.1 removed
- python3-cffi-1.13.2-150200.3.5.1 removed
- python3-chardet-3.0.4-150000.5.6.1 removed
- python3-configobj-5.0.6-150000.3.3.1 removed
- python3-cryptography-3.3.2-150400.26.1 removed
- python3-idna-2.6-150000.3.6.1 removed
- python3-importlib-metadata-1.5.0-150100.3.8.1 removed
- python3-iniconfig-1.1.1-150000.1.13.1 removed
- python3-jsonpatch-1.23-150100.3.5.1 removed
- python3-jsonpointer-1.14-150000.3.2.1 removed
- python3-jsonschema-3.2.0-150200.9.5.1 removed
- python3-more-itertools-8.10.0-150400.10.1 removed
- python3-netifaces-0.10.6-150000.3.2.1 removed
- python3-oauthlib-2.0.6-150000.3.6.1 removed
- python3-ordered-set-4.0.2-150400.8.34 removed
- python3-packaging-21.3-150200.3.6.1 removed
- python3-passlib-1.7.4-150300.3.2.1 removed
- python3-py-1.10.0-150100.5.15.1 removed
- python3-pyOpenSSL-21.0.0-150400.10.1 removed
- python3-pycparser-2.17-150000.3.5.1 removed
- python3-pyparsing-2.4.7-150300.3.3.1 removed
- python3-pyrsistent-0.14.4-150100.3.4.1 removed
- python3-pyserial-3.4-150000.3.4.1 removed
- python3-pytz-2022.1-150300.3.9.1 removed
- python3-requests-2.25.1-150300.3.18.1 removed
- python3-setuptools-44.1.1-150400.9.15.1 removed
- python3-six-1.14.0-150200.15.1 removed
- python3-urllib3-1.25.10-150300.4.18.1 removed
- python3-zipp-0.6.0-150100.3.8.1 removed
More information about the sle-container-updates
mailing list