Recommended update for yast2-samba-client

SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-218 Recommended update for yast2-samba-client moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-samba-client fixes the following issues: - Fixed an issue when untranslated text appears in Windows Domain Membership Expert settings dialog. (bsc#1197936) yast2-samba-client-4.4.4-150400.3.3.1.noarch.rpm yast2-samba-client-4.4.4-150400.3.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1867 Security update for fwupdate moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of fwupdate fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). - Update the email address of security team in SBAT (bsc#1221301) - elf_aarch64_efi.lds: set the memory permission explicitly to avoid ld warning like "LOAD segment with RWX permissions" fwupdate-12-150100.11.15.2.src.rpm fwupdate-12-150100.11.15.2.x86_64.rpm fwupdate-devel-12-150100.11.15.2.x86_64.rpm fwupdate-efi-12-150100.11.15.2.x86_64.rpm libfwup1-12-150100.11.15.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-647 Optional update for icu low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for icu fixes the following issue: - No source changes, this just synchronizes the changelog with the latest implemented changes and correspondent ids. icu-60.2-150000.3.15.4.src.rpm libicu60_2-60.2-150000.3.15.4.x86_64.rpm libicu60_2-ledata-60.2-150000.3.15.4.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1910 Security update for gstreamer-plugins-base important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) gstreamer-plugins-base-1.20.1-150400.3.8.2.src.rpm gstreamer-plugins-base-1.20.1-150400.3.8.2.x86_64.rpm gstreamer-plugins-base-devel-1.20.1-150400.3.8.2.x86_64.rpm gstreamer-plugins-base-lang-1.20.1-150400.3.8.2.noarch.rpm libgstallocators-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstapp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstaudio-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstfft-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstgl-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstpbutils-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstriff-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstrtp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstrtsp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstsdp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgsttag-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstvideo-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstApp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstAudio-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGL-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstRtp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstSdp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstTag-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstVideo-1_0-1.20.1-150400.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472 Security update for tomcat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing (bsc#1216118). - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120). - CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119). - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649) - CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208) The following non-security issues were fixed: - Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402). Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html tomcat-9.0.85-150200.57.1.noarch.rpm tomcat-9.0.85-150200.57.1.src.rpm tomcat-admin-webapps-9.0.85-150200.57.1.noarch.rpm tomcat-el-3_0-api-9.0.85-150200.57.1.noarch.rpm tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch.rpm tomcat-lib-9.0.85-150200.57.1.noarch.rpm tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch.rpm tomcat-webapps-9.0.85-150200.57.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-560 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: plexus-archiver was updated from version 4.2.1 to 4.8.0: - Changes of 4.8.0: * Security issues fixed: + CVE-2023-37460: Avoid override target symlink by standard file in AbstractUnArchiver (bsc#1215973) * New features and improvements: + Added tzst alias for tar.zst archiver/unarchived * Bugs fixed: + Detect permissions for addFile * Maintenance: + Removed public modifier from JUnit 5 tests + Use https in scm/url + Removed junit-jupiter-engine from project dependencies + Removed parent and reports menu from site + Cleanup after "veryLargeJar" test + Override project.url - Changes of 4.7.1: * Bugs fixed: + Don't apply umask on unknown perms (Win) - Changes of 4.7.0: * New features and improvements: + add umask support and use 022 in RB mode + Use NIO Files for creating temporary files + Deprecate the JAR Index feature (JDK-8302819) + Added Archiver aliases for tar.* * Maintenance: + Use JUnit TempDir to manage temporary files in tests + Override uId and gId for Tar in test + Bump maven-resources-plugin from 2.7 to 3.3.1 - Changes of 4.6.3: * New features and improvements: + Fixed path traversal vulnerability The vulnerability affects only directories whose name begins with the same prefix as the destination directory. For example malicious archive may extract file in /opt/directory instead of /opt/dir. - Changes of 4.6.2: * Bugs fixed: + Fixed regression in handling symbolic links - Changes of 4.6.1: * Bugs fixed: + Normalize file separators before warning about equal archive entries - Changes of 4.6.0: * New features and improvements: + keep file/directory permissions in Reproducible Builds mode - Changes of 4.5.0: * New features and improvements: + Added zstd (un)archiver support * Bugs fixed: + Fixed UnArchiver#isOverwrite not working as expected - Changes of 4.4.0: * New features and improvements: + Drop legacy plexus API and use only JSR330 components - Changes of 4.3.0: * New features and improvements: + Require Java 8 + Refactor to use FileTime API + Rename setTime method to setZipEntryTime + Convert InputStreamSupplier to lambdas * Bugs fixed: + Reproducible Builds not working when using modular jar - Changes of 4.2.7: * New features and improvements: + Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file - Changes of 4.2.6: * New features and improvements: + FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used + Code cleanup - Changes of 4.2.5: * New features and improvements: + Speed improvements * Bugs fixed: + Fixed use of a mismatching Unicode path extra field in zip unarchiving - Changes of 4.2.4: * Bugs fixed: + Fixed unjustified warning about casing for directory entries - Changes of 4.2.2: * Bugs fixed: + DirectoryArchiver fails for symlinks if a parent directory doesn't exist objectweb-asm was updated to version 9.6: - Changes of version 9.6: * New Opcodes.V22 constant for Java 22 * Bugs fixed: + Analyzer produces frames that have different locals than those detected by JRE bytecode verifier + Invalid stackmap generated when the instruction stream has new instruction after invokespecial to <init> + Analyzer can fail to catch thrown exceptions + `asm-analysis` Frame allocates an array unnecessarily inside `executeInvokeInsn` + Fixed bug in `CheckFrameAnalyzer` with static methods - Changes of version 9.5: * New Opcodes.V21 constant for Java 21 * New readBytecodeInstructionOffset hook in ClassReader * Added more detailed exception messages * Javadoc improvements and fixes * Bugs fixed: + Silent removal of zero-valued entries from the line-number table - Changes of version 9.4: * Changes: + New Opcodes.V20 constant for Java 20 + Added more checks in CheckClassAdapter + Javadoc improvements and fixes + `module-info` classes can be built without Gradle and Bnd + Parent POM updated to `org.ow2:ow2:1.5.1` * Bugs fixed: +`CheckClassAdapter` is no longer transparent for MAXLOCALS + Added public `getDelegate` method to all visitor classes + Analyzer does not compute optimal maxLocals for static methods + Fixed `SignatureWriter` when a generic type has a depth over 30 + Skip remap inner class name if not changed in Remapper maven-archiver was updated from version 3.5.0 to 3.6.1: - Changes of 3.6.1: * New Features: + Deprecated the JAR Index feature (JDK-8302819) * Task: + Refreshed download page + Prefer JDK features over plexus-utils, plexus-io - Changes of 3.6.0: * Task: + Require Java 8 + Drop m-shared-utils from deps maven-assembly-plugin was updated from version 3.3.0 to 3.6.0: - Changes of 3.6.0: * Bugs fixed: + finalName as readonly parameter makes common usecases very complicated + Symbolic links get copied with absolute path + Warning if using Maven 3.9.1 + Minimal default Manifest configuration of jar archiver should be respected * New Features: + Support Zstandard compression format * Improvements: + In RB mode, apply 022 umask to ignore environment group write umask + Added system requirements history * Task: + Dropped deprecated repository element + Support running build on Java 20 + Refresh download page + Cleanup declared dependencies + Avoid using deprecated methods of `plexus-archiver` - Changes of 3.5.0: * Bugs fixed: + File permissions removed during assembly:single since 3.2.0 - Changes of 3.4.2: * Bugs fixed: + Fixed Excludes filtering * Task: + Fixed examples to refer to https instead of http - Changes of 3.4.1: * Bugs fixed: + Fixed error build with shared assemblies - Changes of 3.4.0: * Bugs fixed: + dependencySet includes filter with classifier breaks include of artifacts without classifier * Task: + Speed improvements + Update plugin (requires Maven 3.2.5+) + Assembly plugin resolves too much, even plugins used to build dependencies + Deprecated the repository element in assembly descriptor + Upgraded to Java 8, drop unused dependencies maven-common-artifact-filters was updated from version 3.0.1 to 3.3.2: - Changes of 3.3.2: * Bugs fixed: + PatternIncludesArtifactFilters raising NPE for patterns w/ wildcards and artifactoid w/ null on any coordinate - Changes of 3.3.1: * Bugs fixed: + Pattern w/ 4 elements may be GATV or GATC - Changes of 3.3.0: * Bugs fixed: + null passed to DependencyFilter in EclipseAetherFilterTransformerTest + PatternIncludesArtifactFilter#include(Artifact) + Common Artifact Filters pattern parsing with classifier is broken * Task: + Sanitized dependencies + Upgraded to Maven Parent 36, to Maven 3.2.5, to Java 8 and clean up dependencies - Changes of 3.2.0: * Improvements: + Big speed improvements for patterns that do not contain any wildcard - Changes of 3.1.1: * Bugs fixed: + Updated JIRA URL for maven-common-artifact-filters * Improvements: + Made build Reproducible - Changes of 3.1.0: * Bugs fixed: + Several filters do not preserve order of artifacts filtered maven-compiler-plugin was updated from version 3.10.1 to 3.11.0: Changes of 3.11.0: * New features and improvements: + Added a useModulePath switch to the testCompile mojo + Allow dependency exclusions for 'annotationProcessorPaths' + Use maven-resolver to resolve 'annotationProcessorPaths' dependencies + Upgrade plexus-compiler to improve compiling message + compileSourceRoots parameter should be writable + Change showWarnings to true by default + Warn about warn-config conflicting values + Update default source/target from 1.7 to 1.8 + Display recompilation causes + Added some parameter to pattern from stale source calculation + Added dedicated option for implicit javac flag * Bugs fixed: + Fixed incorrect detection of dependency change + Test with Maven 3.9.0 and fix the failing IT + Resolved all annotation processor dependencies together + Defining maven.compiler.release as empty string ends with NumberFormatException in testCompileMojo + Fixed missing dirs in createMissingPackageInfoClasses + Set Xcludes in config passed to actual compiler maven-dependency-analyzer was updated from version 1.10 to 1.13.2: - Changes of 1.13.2: * Changes and bugs fixed: + Made mvn dependency:analyze work with OpenJDK 11 + Fixed jdk8 incompatibility at runtime (NoSuchMethodError) + Upgraded asm to 8.0.1 + Use try with resources to avoid leaks + dependency:analyze recommends test scope for test-only artifacts that have non-test scope + remove reference to deprecated public mutable field + Updated JIRA URL + dependency:analyze should recommend narrower scope where possible + Remove dependency on jmock + Inline deprecated field + Added more JavaDoc + Handle different classes from same artifact used by model and test code + Included class names in used undeclared dependencies + Check maximum allowed Maven version + Get rid of maven-plugin-testing-tools for IT test + Require Maven 3.2.5+ + Analyze project classes only once + Fixed array parsing + CONSTANT_METHOD_TYPE should not add to classes + Inner classes are in same compilation unit as container class + Upgraded Parent to 36 + Cleanup IT tests + Replace Codehaus Plexus utils with java.nio.file.Files and Apache Commons + Fixed bug with "non-test scoped test only dependencies found" + Bump asm from 9.4 to 9.5 + Refresh download page + Upgrade Parent to 39 + Build on JDK 19, 20 + Prefer JDK classes to Plexus utils + Replaced System.out by logger + Fixed java.lang.RuntimeException: Unknown constant pool type + Switched to JUnit 5 + Dependency improvements maven-dependency-plugin was updated from version 3.1.2 to 3.6.0: - Changes in 3.6.0: * Bugs fixed: + Obsolete example of -Dverbose on web page + Unsupported verbose option still appears in docs + dependency:go-offline does not use repositories from parent pom in reactor build + Fixed possible NPE + `dependency:analyze-only` goal fails on OpenJDK 14 + FileWriter and FileReader should be replaced + Dependency Plugin go-offline doesn't respect artifact classifier + analyze-only failed: Unsupported class file major version 60 (Java 16) + analyze-only failed: Unsupported class file major version 61 (Java 17) + copy-dependencies fails when using excludeScope=test + mvn dependency:analyze detected wrong transitive dependency + dependency plugin does not work with JDK 16 + skip dependency analyze in ear packaging + Non-test dependency reported as Non-test scoped test only dependency + 'Dependency not found' with 3.2.0 and Java-17 while analyzing + Tree plugin does not terminate with 3.2.0 + Minor improvement - continue + analyze-only failed: PermittedSubclasses requires ASM9 + Broken Link to "Introduction to Dependency Mechanism Page" + Sealed classes not supported + Dependency tree in verbose mode for war is empty + Javadoc was not updated to reflect that :tree's verbose option is now ok + error dependency:list (caused by postgresql dependency) + :list-classes does not skip if skip is set + :list-classes does not use GAV parameters * New Features: + Reintroduce the verbose option for dependency:tree + List classes in a given artifact + dependency:analyze should recommend narrower scope where possible + Added analyze parameter "ignoreUnusedRuntime" + Allow ignoring non-test-scoped dependencies + Added a <stripType> option to unpack goals + Allow auto-ignore of all non-test scoped dependencies used only in test scope * Improvements: + Unused method o.a.m.p.d.t.TreeMojo.containsVersion + Minor improvements + GitHub Action build improvement + dependency:analyze should list the classes that cause a used undeclared dependency + Improve documentation of analyze - Non-test scoped + Turn warnings into errors instead of failOnWarning + maven-dependency-plugin should leverage plexus-build-api to support IDEs + TestListClassesMojo logs too much + Use outputDirectory from AbstractMavenReport + Removed not used dependencies / Replace parts + list-repositories - improvements + warns about depending on plexus-container-default + Replace AnalyzeReportView with a new AnalyzeReportRenderer * Task: + Removed no longer required exclusions + Java 1.8 as minimum + Explicitly start and end tables with Doxia Sinks in report renderers + Replace Maven shared StringUtils with Commons Lang3 + Removed unused and ignored parameter - useJvmChmod + Removed custom plexus configuration + Code refactor - UnpackUtil + Refresh download page maven-dependency-tree was updated from version 3.0.1 to 3.2.1: - Changes in 3.2.1: * Bugs fixed: + DependencyCollectorBuilder does not collect dependencies when artifact has 'war' packaging + Transitive provided dependencies are not removed from collected dependency graph * New Features: + DependencyCollectorBuilder more configurable * Improvements: + DependencyGraphBuilder does not provide verbose tree + DependencyGraphBuilders shouldn't need reactorProjects for resolving dependencies + Maven31DependencyGraphBuilder should not download dependencies other than the pom + Fixed `plexus-component-annotation` in line with `plexus-component-metadata` + Upgraded parent to 31 + Added functionality to collect raw dependencies in Maven 3+ + Annotate DependencyNodes with dependency management metadata + Require Java 8 + Upgrade `org.eclipse.aether:aether-util` dependency in org.apache.maven.shared:maven-dependency-tree + Added Exclusions to DependencyNode + Made build Reproducible + Migrate plexus component to JSR-330 + Drop maven 3.0 compatibility * Dependency upgrade: + Upgrade shared-component to version 33 + Upgrade Parent to 36 + Bump maven-shared-components from 36 to 37 - Removed unnecessary dependency on xmvn tools and parent pom maven-enforcer was updated to version 3.4.1: - Update to version 3.4.1: * Bugs fixed: + In a multi module project "bannedDependencies" rule tries to resolve project artifacts from external repository + Require Release Dependencies ignorant about aggregator build + banDuplicatePomDependencyVersions does not check managementDependencies + Beanshell rule is not thread-safe + RequireSnapshotVersion not compatible with CI Friendly Versions (${revision}) + NPE when using new <?m2e execute ?> syntax with maven-enforcer-plugin + Broken links on Maven Enforcer Plugin site + RequirePluginVersions not recognizing versions-from-properties + [REGRESSION] RequirePluginVersions fails when versions are inherited + requireFilesExist rule should be case sensitive + Broken Links on Project Home Page + TestRequireOS uses hamcrest via transitive dependency + plexus-container-default in enforcer-api is very outdated + classifier not included in output of failes RequireUpperBoundDeps test + Exclusions are not considered when looking at parent for requireReleaseDeps + requireUpperBoundDeps does not fail when packaging is 'war' + DependencyConvergence in 3.0.0 fails on provided scoped dependencies + NPE on requireReleaseDeps with non-matching includes + RequireUpperBoundDeps now follow scope provided transitive dependencies + Use currently build artifacts in IT tests + requireReleaseDeps does not support optional dependencies or runtime scope + Enforcer 3.0.0 breaks with Maven 3.8.4 + Version 3.1.0 is not enforcing bannedDependencies rules + DependencyConvergence treats provided dependencies are runtime dependencies + Plugin shouldn't use NullPointerException for non-exceptional code flow + NPE in RequirePluginVersions + ReactorModuleConvergence not cached in reactor + RequireUpperBoundDeps fails on provided dependencies since 3.2.1 + Problematic dependency resolution by new 'banDynamicVersions' rule + banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one + Filtering dependency tree by scope + Upgrading to 3.0.0 causes 'Could not build dependency tree' with repositories some unknown protocol + DependencyConvergence in 3.1.0 fails when using version ranges + Semantics of 'ignores' parameter of 'banDynamicVersions' is inverted + Omission of 'excludedScopes' parameter of 'banDynamicVersions' causes NPE + ENFORCER: plugin-info and mojo pages not found * New Features: + requireUpperBounds deps should have includes + Introduce RequireTextFileChecksum with line separator normalization + allow no rules + show rules processed + DependencyConvergence should support including/excluding certain dependencies + Support declaring external banned dependencies in an external file/URL + Maven enforcer rule which checks that all dependencies have an explicit scope set + Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set + Rule for no version ranges, version placeholders or SNAPSHOT versions + Allow one of many files in RequireFiles rules to pass + Skip specific rules + New Enforcer API + New Enforcer API - RuleConfigProvider + Move Built-In Rules to new API * Improvements: + wildcard ignore in requireReleaseDeps + Improve documentation about writing own Enforcer Rule + RequireActiveProfile should respect inherited activated profiles + Upgrade maven-dependency-tree to 3.x + Improve dependency resolving in multiple modules project + requireUpperBoundDeps: add [<scope>] and colors to the output + Example for writing a custom rule should be upgraded + Along with JavaVersion, allow enforcement of the JavaVendor + Included Java vendor in display-info output + requireMavenVersion x.y.z is processed as (,x.y.z] instead of [x.y.z,) + Consistently format artifacts same as dependency:tree + Made build Reproducible + Added support for excludes/includes in requireJavaVendor rule + Introduce Maven Enforcer Extension + Extends RequirePluginVersions with banMavenDefaults + Shared GitHub Actions + Log at ERROR level when <fail> is set + Reuse getDependenciesToCheck results across rules + Violation messages can be really hard to find in a multi module project + Clarify class loading for custom Enforcer rules + Using junit jupiter bom instead of single artifacts. + Get rid of maven-dependency-tree dependency + Allow 8 as JDK version for requireJavaVersion + Improve error message for rule "requireJavaVersion" + Include Java Home in Message for Java Rule Failures + Manage all Maven Core dependencies as provided + Mange rules configuration by plugin + Deprecate 'rules' property and introduce 'enforcer.rules' as a replacement + Change success message from executed to passed + EnforcerLogger: Provide isDebugEnabled(), isErrorEnabled(), isWarnEnabled() and isInfoEnabled() + Properly declare dependencies * Test: + Regression test for dependency convergence problem fixed in 3.0.0 * Task: + Removed reference to travis or switch to travis.com + Fixed maven assembly links + Require Java 8 + Verify working with Maven 4 + Code cleanup + Refresh download page + Deprecate display-info mojo + Refresh site descriptors + Superfluous blanks in BanDuplicatePomDependencyVersions + Rename ResolveUtil to ResolverUtil maven-plugin-tools was updated from version 3.6.0 to version 3.9.0: - Changes of version 3.9.0: * Bugs fixed: + Fixed *-mojo.xml (in PluginXdocGenerator) is overwritten when multiple locales are defined + Generated table by PluginXdocGenerator does not contain default attributes * Improvements: + Omit empty line in generated help goal output if plugin description is empty + Use Plexus I18N rather than fiddling with * Task: + Removed reporting from maven-plugin-plugin: create maven-plugin-report-plugin * Dependency upgrade: + Upgrade plugins and components (in ITs) - Changes of version 3.8.2: * Improvements: + Used Resolver API, get rid of localRepository * Dependency upgrade: + Bump httpcore from 4.4.15 to 4.4.16 + Bump httpclient from 4.5.13 to 4.5.14 + Bump antVersion from 1.10.12 to 1.10.13 + Bump slf4jVersion from 1.7.5 to 1.7.36 + Bump plexus-java from 1.1.1 to 1.1.2 + Bump plexus-archiver from 4.6.1 to 4.6.3 + Bump jsoup from 1.15.3 to 1.15.4 + Bump asmVersion from 9.4 to 9.5 + Bump assertj-core from 3.23.1 to 3.24.2 - Changes of version 3.8.1: * Bugs fixed: + Javadoc reference containing a link label with spaces are not detected + JavadocLinkGenerator.createLink: Support nested binary class names + ERROR during build of m-plugin-report-p and m-plugin-p: Dependencies in wrong scope + "Executes as an aggregator plugin" documentation: s/plugin/goal/ + Maven scope warning should be logged at WARN level + Fixed Temporary File Information Disclosure Vulnerability * New features: + Support mojos using the new maven v4 api * Improvements: + Plugin descriptor should contain the requiredJavaVersion/requiredMavenVersion + Execute annotation only supports standard lifecycle phases due to use of enum + Clarify deprecation of all extractors but the maven-plugin-tools-annotations * Dependency upgrade: + Update to Maven Parent POM 39 + Bump junit-bom from 5.9.1 to 5.9.2 + Bump plexus-archiver from 4.5.0 to 4.6.1 - Changes of version 3.7.1: * Bugs fixed: + Maven scope warning should be logged at WARN level - Changes of version 3.7.0: * Bugs fixed: + The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets + Report-Mojo doesn't respect input encoding + Generating site reports for plugin results in NoSuchMethodError + JDK Requirements in plugin-info.html: Consider property "maven.compiler.release" + Parameters documentation inheriting @ since from Mojo can be confusing + Don't emit warning for missing javadoc URL of primitives + Don't emit warning for missing javadoc URI if no javadoc sources are configured + Parameter description should be taken from annotated item * New Features: + Added link to javadoc in configuration description page for user defined types of Mojos. + Allow only @ Deprecated annotation without @ deprecated javadoc tag + add system requirements history section + report: allow to generate usage section in plugin-info.html with true + Allow @ Parameter on setters methods + Extract plugin report into its own plugin + report: Expose generics information of Collection and Map types * Improvement: + plugin-info.html should contain a better Usage section + Do not overwrite generate files with no content change + Upgrade to JUnit 5 and @ Inject annotations + Support for java 20 - ASM 9.4 + Don't print empty Memory, Disk Space in System Requirements + simplification in helpmojo build + Get rid of plexus-compiler-manager from tests + Use Maven core artifacts in provided scope + report and descriptor goal need to evaluate Javadoc comments differently + Allow to reference aggregator javadoc from plugin report * Task: + Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations + Update level to Java 8 + Deprecate scripting support for mojos + Deprecate requirements parameter in report Mojo + Removed duplicate code from PluginReport + Prepare for Doxia (Sitetools) 2.0.0 + Fixed documentation for maven-plugin-report-plugin + Removed deprecated items from new maven-plugin-report-plugin + Improve site build + Improve dependency management + Plugin generator generation fails when the parent class comes from a different project * Dependency upgrade: + Upgrade Maven Reporting API/Impl to 3.1.0 + Upgrade Parent to 36 + Upgrade project dependencies after JDK 1.8 + Bump maven-parent from 36 to 37 + Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl to 3.2.0 + Upgrade plexus-utils to 3.5.0 - Changes of version 3.6.4: * Restored compatibility with Maven 3 ecosystem * Upgraded dependencies - Changes of version 3.6.3: * Added prerequisites to plugin pom * Exclude dependency in provided scope from plugin descriptor * Get rid of String.format use * Fixed this logging as well * Simplify documentation * Exclude maven-archiver and maven-jxr from warning - Changes of version 3.6.2: * Deprecated unused requiresReports flag * Check that Maven dependencies are provided scope * Update ITs * Use shared gh action * Deprecate unsupported Mojo descriptor items * Weed out ITs * Upgrade to maven 3.x and avoid using deprecated API * Drop legacy dependencies * Use shared gh action - v1 * Fixed wording in javadoc - Changes of version 3.6.1: * What's Changed: * Added missing @OverRide and make methods static * Upgraded to JUnit 4.12 * Upgraded parent POM and other dependencies * Updated plugins * Upgraded Doxia Sitetools to 1.9.2 to remove dependency on Struts * removed Maven 2 info * Removed unneeded dependency * Tighten the dependency tree * Ignore .checkstyle * Strict dependencies for maven-plugin-tools-annotations * Improved @execute(goal...) docs * Improve @execute(lifecycle...) docs plexus-compiler was updated from version 2.11.1 to 2.14.2: - Changes of 2.14.2: * Removed: + Drop J2ObjC compiler * New features and improvements: + Update AspectJ Compiler to 1.9.21 to support Java 21 + Require JDK 17 for build + Improve locking on JavacCompiler + Include 'parameter' and 'preview' describe log + Switch to SISU annotations and plugin, fixes #217 + Support jdk 21 + Require Maven 3.5.4+ + Require Java 11 for plexus-compiler-eclipse an javac-errorprone and aspectj compilers + Added support to run its with Java 20 * Bugs fixed: + Fixed javac memory leak + Validate zip file names before extracting (Zip Slip) + Restore AbstractCompiler#getLogger() method + Return empty list for not existing source root location + Improve javac error output parsing - Changes of 2.13.0: * New features and improvements: + Fully ignore any possible jdk bug + MCOMPILER-402: Added implicitOption to CompilerConfiguration + Added a custom compile argument replaceProcessorPathWithProcessorModulePath to force the plugin replace processorPath with processormodulepath + describe compiler configuration on run + simplify "Compiling" info message: display relative path * Bugs fixed: + Respect CompilerConfiguration.sourceFiles in EclipseJavaCompiler + Avoid NPE in AspectJCompilerTest on AspectJ 1.9.8+ * Dependency updates: + Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 + Bump error_prone_core from 2.11.0 to 2.13.1 + Bump github/codeql-action from 1 to 2 + Bump ecj from 3.28.0 to 3.29.0 + Bump release-drafter/release-drafter from 5.18.1 to 5.19.0 + Bump ecj from 3.29.0 to 3.30.0 + Bump maven-invoker-plugin from 3.2.2 to 3.3.0 + Bump maven-enforcer-plugin from 3.0.0 to 3.1.0 + Bump error_prone_core from 2.13.1 to 2.14.0 + Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 + Bump ecj from 3.31.0 to 3.32.0 + Bump junit-bom from 5.9.0 to 5.9.1 + Bump ecj from 3.30.0 to 3.31.0 + Bump groovy from 3.0.12 to 3.0.13 + Bump groovy-json from 3.0.12 to 3.0.13 + Bump groovy-xml from 3.0.12 to 3.0.13 + Bump animal-sniffer-maven-plugin from 1.21 to 1.22 + Bump error_prone_core from 2.14.0 to 2.15.0 + Bump junit-bom from 5.8.2 to 5.9.0 + Bump groovy-xml from 3.0.11 to 3.0.12 + Bump groovy-json from 3.0.11 to 3.0.12 + Bump groovy from 3.0.11 to 3.0.12 * Maintenance: + Require Maven 3.2.5 maven-archiver-3.6.1-150200.3.7.3.noarch.rpm maven-archiver-3.6.1-150200.3.7.3.src.rpm maven-common-artifact-filters-3.3.2-150200.3.7.3.noarch.rpm maven-common-artifact-filters-3.3.2-150200.3.7.3.src.rpm maven-compiler-plugin-3.11.0-150200.3.7.1.noarch.rpm maven-compiler-plugin-3.11.0-150200.3.7.1.src.rpm maven-plugin-annotations-3.9.0-150200.3.7.3.noarch.rpm maven-plugin-tools-3.9.0-150200.3.7.3.src.rpm objectweb-asm-9.6-150200.3.11.3.noarch.rpm objectweb-asm-9.6-150200.3.11.3.src.rpm plexus-archiver-4.8.0-150200.3.7.2.noarch.rpm plexus-archiver-4.8.0-150200.3.7.2.src.rpm plexus-compiler-2.14.2-150200.3.9.2.noarch.rpm plexus-compiler-2.14.2-150200.3.9.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-87 Recommended update for pesign moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pesign fixes the following issue: - Create pesign-systemd subpackage to remove systemd dependency (jsc#PED-7256) pesign-0.112-150000.4.18.1.src.rpm pesign-0.112-150000.4.18.1.x86_64.rpm pesign-systemd-0.112-150000.4.18.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-853 Recommended update for qrencode moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qrencode fixes the following issues: - update to 4.1.1 (jsc#PED-7296): * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. libqrencode4-4.1.1-150000.3.3.1.x86_64.rpm qrencode-4.1.1-150000.3.3.1.src.rpm qrencode-devel-4.1.1-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-88 Recommended update for libsolv, zypper, libzypp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an "else" part sometimes leading to unsolved dependencies libsolv-0.7.27-150400.3.11.2.src.rpm True libsolv-devel-0.7.27-150400.3.11.2.x86_64.rpm True libsolv-tools-0.7.27-150400.3.11.2.x86_64.rpm True libzypp-17.31.27-150400.3.49.1.src.rpm True libzypp-17.31.27-150400.3.49.1.x86_64.rpm True libzypp-devel-17.31.27-150400.3.49.1.x86_64.rpm True perl-solv-0.7.27-150400.3.11.2.x86_64.rpm True python3-solv-0.7.27-150400.3.11.2.x86_64.rpm True ruby-solv-0.7.27-150400.3.11.2.x86_64.rpm True zypper-1.14.68-150400.3.40.2.src.rpm True zypper-1.14.68-150400.3.40.2.x86_64.rpm True zypper-log-1.14.68-150400.3.40.2.noarch.rpm True zypper-needs-restarting-1.14.68-150400.3.40.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4902 Security update for openssh important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump openssh-8.4p1-150300.3.27.1.src.rpm openssh-8.4p1-150300.3.27.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.27.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.27.1.x86_64.rpm openssh-clients-8.4p1-150300.3.27.1.x86_64.rpm openssh-common-8.4p1-150300.3.27.1.x86_64.rpm openssh-fips-8.4p1-150300.3.27.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.27.1.x86_64.rpm openssh-server-8.4p1-150300.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-169 Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to 545.29.06 - no longer try to overwrite NVreg_OpenRmEnableUnsupportedGpus driver NVreg_OpenRmEnableUnsupportedGpus driver option setting (disable it), Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 545.29.06 kernel-firmware-nvidia-gspx-G06-545.29.06-150400.9.18.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-545.29.06-150400.9.18.1.x86_64.rpm nvidia-open-driver-G06-signed-545.29.06-150400.9.35.2.src.rpm nvidia-open-driver-G06-signed-default-devel-545.29.06-150400.9.35.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150400.24.100-150400.9.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-217 Recommended update for sssd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sssd fixes the following issues: - Only send cldap-ping to our local domain; (bsc#1217319); (gh#SSSD/sssd#5822); - Do not write kdc info file for GC lookup; (bsc#1217319); (gh#SSSD/sssd#5956); - sssd Unable to obtain cached rules filling up sssd_sudo.log; (bsc#1216907); libipa_hbac-devel-2.5.2-150400.4.24.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.24.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.24.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.24.1.x86_64.rpm sssd-2.5.2-150400.4.24.1.src.rpm sssd-2.5.2-150400.4.24.1.x86_64.rpm sssd-ad-2.5.2-150400.4.24.1.x86_64.rpm sssd-common-2.5.2-150400.4.24.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.24.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.24.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.24.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.24.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.24.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.24.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.24.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.24.1.x86_64.rpm sssd-tools-2.5.2-150400.4.24.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-611 Feature providing a supportconfig plugin for servers with pmem memory moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This feature provides supportutils-plugin-pmem, a supportconfig plugin for servers with pmem memory: - New package targeting SUSE:SLE-15-SP3:Update (jsc#PED-3251). This is a support utils plugin to gather information on ndctl (NVDIMM) & ipmctl (Intel pmem) tools for issue diagnosis. ipmctl-03.00.00.0423-150400.3.2.2.src.rpm ipmctl-03.00.00.0423-150400.3.2.2.x86_64.rpm ipmctl-devel-03.00.00.0423-150400.3.2.2.x86_64.rpm libndctl-devel-71.1-150400.10.5.1.x86_64.rpm libndctl6-71.1-150400.10.5.1.x86_64.rpm ndctl-71.1-150400.10.5.1.src.rpm ndctl-71.1-150400.10.5.1.x86_64.rpm supportutils-plugin-pmem-0.0.1-150300.7.5.1.noarch.rpm supportutils-plugin-pmem-0.0.1-150300.7.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-68 Recommended update for rsyslog moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsyslog fixes the following issues: - Restart daemon after modules packages have been updated (bsc#1217292) rsyslog-8.2306.0-150400.5.24.1.src.rpm rsyslog-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-gssapi-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-gtls-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-mmnormalize-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-mysql-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-pgsql-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-relp-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-snmp-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-udpspoof-8.2306.0-150400.5.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-8 Recommended update for samba moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for samba fixes the following issues: - Add "net offlinejoin composeodj" command (bsc#1214076) libsamba-policy-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm libsamba-policy0-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-4.15.13+git.710.7032820fcd-150400.3.34.2.src.rpm samba-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ad-dc-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ad-dc-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ceph-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-devel-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-dsdb-modules-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-gpupdate-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ldb-ldap-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-tool-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-26 Recommended update for mozilla-nss moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: Mozilla NSS was updated to NSS 3.90.1 * regenerate NameConstraints test certificates. * add OSXSAVE and XCR0 tests to AVX2 detection. libfreebl3-3.90.1-150400.3.35.2.x86_64.rpm libfreebl3-32bit-3.90.1-150400.3.35.2.x86_64.rpm libsoftokn3-3.90.1-150400.3.35.2.x86_64.rpm libsoftokn3-32bit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-3.90.1-150400.3.35.2.src.rpm mozilla-nss-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-32bit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-certs-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-devel-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-sysinit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-tools-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-certs-32bit-3.90.1-150400.3.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4928 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974). * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). - Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 MozillaFirefox-115.6.0-150200.152.120.1.src.rpm MozillaFirefox-115.6.0-150200.152.120.1.x86_64.rpm MozillaFirefox-devel-115.6.0-150200.152.120.1.noarch.rpm MozillaFirefox-translations-common-115.6.0-150200.152.120.1.x86_64.rpm MozillaFirefox-translations-other-115.6.0-150200.152.120.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-5 Security update for gstreamer-plugins-bad important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213). - CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). gstreamer-plugins-bad-1.20.1-150400.3.15.1.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-6 Security update for libssh2_org moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). libssh2-1-1.11.0-150000.4.22.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.22.1.x86_64.rpm libssh2_org-1.11.0-150000.4.22.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-214 Recommended update for systemd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) libsystemd0-249.17-150400.8.40.1.x86_64.rpm True libsystemd0-32bit-249.17-150400.8.40.1.x86_64.rpm True libudev1-249.17-150400.8.40.1.x86_64.rpm True libudev1-32bit-249.17-150400.8.40.1.x86_64.rpm True systemd-249.17-150400.8.40.1.src.rpm True systemd-249.17-150400.8.40.1.x86_64.rpm True systemd-container-249.17-150400.8.40.1.x86_64.rpm True systemd-coredump-249.17-150400.8.40.1.x86_64.rpm True systemd-devel-249.17-150400.8.40.1.x86_64.rpm True systemd-doc-249.17-150400.8.40.1.x86_64.rpm True systemd-lang-249.17-150400.8.40.1.noarch.rpm True systemd-sysvinit-249.17-150400.8.40.1.x86_64.rpm True udev-249.17-150400.8.40.1.x86_64.rpm True systemd-32bit-249.17-150400.8.40.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032). - CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). - CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1218032, bsc#1215868). WebKitGTK-4.0-lang-2.42.4-150400.4.70.3.noarch.rpm WebKitGTK-4.1-lang-2.42.4-150400.4.70.3.noarch.rpm WebKitGTK-6.0-lang-2.42.4-150400.4.70.3.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.4-150400.4.70.3.x86_64.rpm libjavascriptcoregtk-4_1-0-2.42.4-150400.4.70.3.x86_64.rpm libjavascriptcoregtk-6_0-1-2.42.4-150400.4.70.3.x86_64.rpm libwebkit2gtk-4_0-37-2.42.4-150400.4.70.3.x86_64.rpm libwebkit2gtk-4_1-0-2.42.4-150400.4.70.3.x86_64.rpm libwebkitgtk-6_0-4-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2-4_1-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk3-2.42.4-150400.4.70.3.src.rpm webkit2gtk3-devel-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk3-soup2-2.42.4-150400.4.70.3.src.rpm webkit2gtk3-soup2-devel-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk4-2.42.4-150400.4.70.3.src.rpm webkitgtk-6_0-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-12 Security update for postfix important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postfix fixes the following issues: - CVE-2023-51764: Fixed SMTP smuggling attack (bsc#1218304). postfix-3.5.9-150300.5.15.1.src.rpm postfix-3.5.9-150300.5.15.1.x86_64.rpm postfix-bdb-3.5.9-150300.5.15.1.src.rpm postfix-bdb-3.5.9-150300.5.15.1.x86_64.rpm postfix-bdb-lmdb-3.5.9-150300.5.15.1.x86_64.rpm postfix-devel-3.5.9-150300.5.15.1.x86_64.rpm postfix-doc-3.5.9-150300.5.15.1.noarch.rpm postfix-ldap-3.5.9-150300.5.15.1.x86_64.rpm postfix-mysql-3.5.9-150300.5.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-35 Security update for python-paramiko important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-paramiko fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#bsc#1218168). - Update to 3.4.0. python-paramiko-3.4.0-150400.13.6.1.src.rpm python-paramiko-doc-3.4.0-150400.13.6.1.noarch.rpm python311-paramiko-3.4.0-150400.13.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-131 Recommended update for sanlock moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sanlock fixes the following issues: - Update to sanlock 3.8.5 (jsc#PED-7338) - python: Replace distutils with setuptools - sanlock: fix memory leak of lockspace renewal_history - sanlock: fix pthread_create error check - sanlock: use helper to set max_sectors_kb - Add support for 4k sector size (bsc#1215229) - Dropped patches: sanlock-old_blkid, suse-fix-link-errors, sanlock-python3 - Add hardening to systemd services (bsc#1181400) libsanlock1-3.8.5-150000.4.6.1.x86_64.rpm sanlock-3.8.5-150000.4.6.1.src.rpm sanlock-3.8.5-150000.4.6.1.x86_64.rpm sanlock-devel-3.8.5-150000.4.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-108 Recommended update for apache2-mod_jk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2-mod_jk fixes the following issues: - Fix a typo to restrict the symbols to export by the module (bsc#1206261) apache2-mod_jk-1.2.49-150100.6.9.1.src.rpm apache2-mod_jk-1.2.49-150100.6.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-146 Recommended update for btrfsprogs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for btrfsprogs fixes the following issue: - btrfs-progs: fix defrag -c option parsing (bsc#1218029) btrfsprogs-5.14-150400.5.6.1.src.rpm btrfsprogs-5.14-150400.5.6.1.x86_64.rpm btrfsprogs-udev-rules-5.14-150400.5.6.1.noarch.rpm libbtrfs-devel-5.14-150400.5.6.1.x86_64.rpm libbtrfs0-5.14-150400.5.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-125 Recommended update for suseconnect-ng moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option libsuseconnect-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150400.3.19.1.src.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm suseconnect-ruby-bindings-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-158 Security update for perl-Spreadsheet-ParseExcel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-Spreadsheet-ParseExcel fixes the following issues: - CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet (bsc#1218414). perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1.noarch.rpm perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-230 Recommended update for adcli moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for adcli fixes the following issues: - Populate Samba's secrets database using offline domain join (bsc#1214076) - Write SID before secret to Samba's db (bsc#1214076) adcli-0.8.2-150400.17.6.1.src.rpm adcli-0.8.2-150400.17.6.1.x86_64.rpm adcli-doc-0.8.2-150400.17.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-136 Security update for pam moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) pam-1.3.0-150000.6.66.1.src.rpm pam-1.3.0-150000.6.66.1.x86_64.rpm pam-devel-1.3.0-150000.6.66.1.x86_64.rpm pam-devel-32bit-1.3.0-150000.6.66.1.x86_64.rpm pam-doc-1.3.0-150000.6.66.1.noarch.rpm pam-extra-1.3.0-150000.6.66.1.x86_64.rpm pam-32bit-1.3.0-150000.6.66.1.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.66.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-223 Recommended update for md_monitor moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for md_monitor fixes the following issues: - Update to version 6.6+11+gcbb8940: - Fix deadlock because of locking itself (bsc#1197160) - Remove the obsolete md_dev from md_list (bsc#1193465) - Flush the log file after writing each message - Fix locking of dev->lock in lookup_md_component() (bsc#1197160) - Replace pselect with ppoll (bsc#1161872) - Add systemd service file for systemd with increased TaskMax and LimitNOFILE (bsc#1104770) - Fix crash on MonitorStatus (bsc#1096363, bsc#1081286) - Ignore NewArray message if does not exists yet (bsc#1091619) - Fix crash in display_md_status (bsc#1081286) - Ignore inactive arrays (bsc#1068175, bsc#1079253) - Store alias in struct md_dev to avoid lookup errors (bsc#1068175,bsc#1079253) md_monitor-6.6+11+gcbb8940-150000.3.6.1.src.rpm md_monitor-6.6+11+gcbb8940-150000.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2890 Security update for libqt5-qtbase important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqt5-qtbase fixes the following issues: - CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413). - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426) - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120) Other fixes: - Add patch from upstream to fix a regression in the ODBC driver (bsc#1227513, QTBUG-112375) - Add upstream patch to fix a potential overflow in assemble_hpack_block() libQt5Concurrent-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Concurrent5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Core-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Core5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5DBus-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5DBus5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Gui-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Gui5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Network-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Network5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGL-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5OpenGL5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5PrintSupport-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5PrintSupport5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Sql5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-mysql-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-postgresql-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-sqlite-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Test-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Test5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Widgets-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Widgets5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Xml-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Xml5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-5.15.2+kde294-150400.6.15.1.src.rpm libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-58 Security update for wireshark important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wireshark fixes the following issues: - Updated to Wireshark 3.6.20: - CVE-2024-0208: Fixed a crash in the GVCP dissector (bsc#1218504). - CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector (bsc#1218505). libwireshark15-3.6.20-150000.3.109.1.x86_64.rpm libwiretap12-3.6.20-150000.3.109.1.x86_64.rpm libwsutil13-3.6.20-150000.3.109.1.x86_64.rpm wireshark-3.6.20-150000.3.109.1.src.rpm wireshark-3.6.20-150000.3.109.1.x86_64.rpm wireshark-devel-3.6.20-150000.3.109.1.x86_64.rpm wireshark-ui-qt-3.6.20-150000.3.109.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-100 Security update for gstreamer-plugins-bad important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin (bsc#1218534). gstreamer-plugins-bad-1.20.1-150400.3.18.1.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.18.1.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-105 Recommended update for grub2 and efibootmgr important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr-17-150400.3.2.2.src.rpm efibootmgr-17-150400.3.2.2.x86_64.rpm grub2-2.06-150400.11.43.2.src.rpm grub2-2.06-150400.11.43.2.x86_64.rpm grub2-i386-pc-2.06-150400.11.43.2.noarch.rpm grub2-snapper-plugin-2.06-150400.11.43.2.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.43.2.noarch.rpm grub2-x86_64-efi-2.06-150400.11.43.2.noarch.rpm grub2-x86_64-xen-2.06-150400.11.43.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-111 Security update for xorg-x11-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582) - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access (bsc#1218583) - CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584) - CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585) Other: - Fix vmware graphics driver crash (bsc#1218176) - Fix xserver crash when Xinerama is enabled (bsc#1218240) xorg-x11-server-1.20.3-150400.38.40.1.src.rpm xorg-x11-server-1.20.3-150400.38.40.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.40.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.40.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-261 Recommended update for conmon moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for conmon fixes the following issues: - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock * logging: Respect log-size-max immediately after open - Add patch for fixing regression in v2.1.9 (https://github.com/containers/conmon/issues/475 and https://github.com/containers/conmon/issues/477) - New upstream release 2.1.9 ### Bug fixes * fix some issues flagged by SAST scan * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command ### Features * Forward more messages on the sd-notify socket * logging: -l passthrough accepts TTYs * [bsc#1215806] - Update to version 2.1.8: * stdio: ignore EIO for terminals (bsc#1217773) * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD conmon-2.1.10-150400.3.17.1.src.rpm conmon-2.1.10-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-139 Recommended update for go1.21 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race container-suseconnect-2.4.0-150000.4.48.1.src.rpm container-suseconnect-2.4.0-150000.4.48.1.x86_64.rpm go1.21-1.21.6-150000.1.21.1.src.rpm go1.21-1.21.6-150000.1.21.1.x86_64.rpm go1.21-doc-1.21.6-150000.1.21.1.x86_64.rpm go1.21-race-1.21.6-150000.1.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-880 Recommended update for installation-images moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for installation-images fixes the following issues: - Include complete system-role-common-criteria package (bsc#1217968, bsc#1218652) - Change HMC console name from ttyS1 to ttysclp0 (bsc#1203405) installation-images-SLES-16.57.29-150400.3.19.1.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.29-150400.3.19.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-140 Security update for libssh important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code libssh-0.9.8-150400.3.3.1.src.rpm libssh-config-0.9.8-150400.3.3.1.x86_64.rpm libssh-devel-0.9.8-150400.3.3.1.x86_64.rpm libssh4-0.9.8-150400.3.3.1.x86_64.rpm libssh4-32bit-0.9.8-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-156 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Drop drm/bridge lt9611uxc patches that have been reverted on stable trees - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - libceph: use kernel_connect() (bsc#1217981). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). kernel-default-5.14.21-150400.24.103.1.nosrc.rpm True kernel-default-5.14.21-150400.24.103.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1.src.rpm True kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.103.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.103.1.noarch.rpm True kernel-docs-5.14.21-150400.24.103.1.noarch.rpm True kernel-docs-5.14.21-150400.24.103.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.103.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.103.1.src.rpm True kernel-obs-build-5.14.21-150400.24.103.1.x86_64.rpm True kernel-source-5.14.21-150400.24.103.1.noarch.rpm True kernel-source-5.14.21-150400.24.103.1.src.rpm True kernel-syms-5.14.21-150400.24.103.1.src.rpm True kernel-syms-5.14.21-150400.24.103.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.103.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-427 Recommended update for supportutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) supportutils-3.1.28-150300.7.35.24.1.noarch.rpm supportutils-3.1.28-150300.7.35.24.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-518 Security update for openssl-3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690) - CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810) - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-3-devel-3.0.8-150400.4.49.1.x86_64.rpm libopenssl3-3.0.8-150400.4.49.1.x86_64.rpm openssl-3-3.0.8-150400.4.49.1.src.rpm openssl-3-3.0.8-150400.4.49.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-233 Recommended update for suse-module-tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) suse-module-tools-15.4.19-150400.3.17.1.src.rpm suse-module-tools-15.4.19-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-628 Recommended update for open-lldp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-lldp fixes the following issues: - open-lldp was updated to version v1.1+77.75e83b6fb98e: * Fixed issue with `lldpad.service` failing in login/sched nodes (bsc#1212749) * Fixed various NULL pointer dereference issues * dcbx: Fixed memory vulnerability (UAF) * dcbx: Fixed leak when receiving legacy TLVs with mismatched mode * lldp: Reject frames with duplicate TLVs * dcbx: Free manifest in rchange callback * dcbx: Avoid memory leak if ifup is called twice * ctrl_iface: Fixed a memory leak in ctrl_iface_deinit * lldp: Avoid sending uninitialized data * Reverted "Use interface index instead of name in libconfig" * agent: Reset frame status on message delete * basman: Use return address when pulling address * 8021Qaz: Check for rx block validity * 8021qaz: Fixed squelch initialization errors * macvtap: Fixed error condition * vdp22: converted command parsing to null term liblldp_clif1-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm open-lldp-1.1+77.75e83b6-150300.3.6.1.src.rpm open-lldp-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm open-lldp-devel-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-440 Recommended update for scap-security-guide moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: - updated to 0.1.71 (jsc#ECO-3319) - Add RHEL 9 STIG - Add support for Debian 12 - Update PCI-DSS profile for RHEL - lots of bugfixes and improvements for SLE - removed left over file, patch upstreamed in 0.1.69 scap-security-guide-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-0.1.71-150000.1.75.1.src.rpm scap-security-guide-debian-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-redhat-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-ubuntu-0.1.71-150000.1.75.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-204 Security update for bluez important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bluez fixes the following issues: - CVE-2023-50229: Fixed an out of bounds write in the primary version counter for the Phone Book Access Profile implementation (bsc#1218300). - CVE-2023-50230: Fixed an out of bounds write in the secondary version counter for the Phone Book Access Profile implementation (bsc#1218301). bluez-5.62-150400.4.19.1.src.rpm bluez-5.62-150400.4.19.1.x86_64.rpm bluez-deprecated-5.62-150400.4.19.1.x86_64.rpm bluez-devel-5.62-150400.4.19.1.x86_64.rpm libbluetooth3-5.62-150400.4.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1764 Recommended update for jackson moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jackson fixes the following issues: jackson-annotations was upgraded to version 2.16.1: - Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling - Allow per-type configuration of strict type id handling - Added JsonTypeInfo.Value object (backport from 3.0) - Added new JsonTypeInfo.Id.SIMPLE_NAME jackson-bom was upgraded to version 2.16.1: - Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through "de-sugaring" jackson-core was upgraded to version 2.16.1: - NPE in Version.equals() if snapshot-info null - NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()" - JsonPointer.append(JsonPointer.tail()) includes the original pointer - Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16 - Improve error message for StreamReadConstraints violations - JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES - Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest - Allow all array elements in JsonPointerBasedFilter - Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation - Start using AssertJ in unit tests - Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON) - Add configurable limit for the maximum number of bytes/chars of content to parse before failing - Add configurable limit for the maximum length of Object property names to parse before failing - Add configurable processing limits for JSON generator (StreamWriteConstraints) - Compare _snapshotInfo in Version - Add JsonGeneratorDecorator to allow decorating JsonGenerators - Add full set of BufferRecyclerPool implementations - Add configurable error report behavior via ErrorReportConfiguration - Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs - Allow pluggable buffer recycling via new RecyclerPool extension point - Change parsing error message to mention -INF jackson-databind was upgraded to version 2.16.1: - JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument - Primitive array deserializer not being captured by DeserializerModifier - JsonNode.findValues() and findParents() missing expected values in 2.16.0 - Incorrect deserialization for BigDecimal numbers - Add a way to configure caches Jackson uses - Mix-ins do not work for Enums - Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes - Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY - Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double - @JsonIgnoreProperties not working with @JsonValue - Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing - Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route - Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling - Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE) - Incorrect target type when disabling coercion, trying to deserialize String from Array/Object - @JsonProperty on constructor parameter changes default field serialization order - Create new JavaType subtype IterationType (extending SimpleType) - Use JsonTypeInfo.Value for annotation handling - Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON) - Optimize ObjectNode findValue(s) and findParent(s) fast paths - Locale "" is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled - Add guardrail setting for TypeParser handling of type parameters - Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled - Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used - Use @JsonProperty and lowercase feature when serializing Enums despite using toString() - Use @JsonProperty over EnumNamingStrategy for Enum serialization - Actually cache EnumValues#internalMap - ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE - Provide the "ObjectMapper.treeToValue(TreeNode, TypeReference)" method - Expose NativeImageUtil.isRunningInNativeImage() method - Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName() - Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors - java.desktop module is no longer optional - ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+ - Support sequenced collections (JDK 21) - Add withObjectProperty(String), withArrayProperty(String) in JsonNode - Change JsonNode.withObject(String) to work similar to withArray() wrt argument - Log WARN if deprecated subclasses of PropertyNamingStrategy is used - NPE when transforming a tree to a model class object, at ArrayNode.elements() - Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type) - Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums - Do not rewind position when serializing direct ByteBuffer - Exception when deserialization of private record with default constructor - BeanDeserializer updates currentValue incorrectly when deserialising empty Object jackson-dataformats-binary was upgraded to version 2.16.1: - (ion) NullPointerException in IonParser.nextToken() - (smile) Remove Smile-specific buffer-recycling jackson-modules-base was upgraded to version 2.16.1: - (afterburner) Disable when running in native-image - (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations - (blackbird) BlackBird proxy object error in Java 17 - (blackbird) Disable when running in native-image - (guice) Add guice7 (jakarta.inject) module jackson-parent was upgraded to version 2.16: - Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin) jackson-parent, fasterxml-oss-parent: - Added to SUSE Manager 4.3 as it is needed by `jackson-modules-base` jackson-annotations-2.16.1-150200.3.14.4.noarch.rpm jackson-annotations-2.16.1-150200.3.14.4.src.rpm jackson-core-2.16.1-150200.3.14.7.noarch.rpm jackson-core-2.16.1-150200.3.14.7.src.rpm jackson-databind-2.16.1-150200.3.18.1.noarch.rpm jackson-databind-2.16.1-150200.3.18.1.src.rpm jackson-dataformat-cbor-2.16.1-150200.3.13.6.noarch.rpm jackson-dataformats-binary-2.16.1-150200.3.13.6.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-210 Security update for erlang important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for erlang fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218192) erlang-23.3.4.19-150300.3.14.1.src.rpm erlang-23.3.4.19-150300.3.14.1.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-252 Security update for xorg-x11-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. (bsc#1218845) - CVE-2024-0409: Fixed SELinux context corruption. (bsc#1218846) xorg-x11-server-1.20.3-150400.38.43.1.src.rpm xorg-x11-server-1.20.3-150400.38.43.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.43.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.43.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-638 Security update for gnutls moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). gnutls-3.7.3-150400.4.41.3.src.rpm gnutls-3.7.3-150400.4.41.3.x86_64.rpm libgnutls-devel-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.41.3.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.41.3.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.41.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-295 Security update for runc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) runc-1.1.11-150000.58.1.src.rpm runc-1.1.11-150000.58.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-325 Security update for java-17-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 (January 2024 CPU): - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). - CVE-2024-20932: Fixed an incorrect handling of ZIP files with duplicate entries (bsc#1218908). - CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html java-17-openjdk-17.0.10.0-150400.3.36.1.src.rpm java-17-openjdk-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-demo-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-devel-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-headless-17.0.10.0-150400.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-465 Recommended update for numatop moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for numatop fixes the following issues: - update to version 2.4 * Support EMR processors (jsc#PED-6059, jsc#PED-6038) * Support Power10 processors (jsc#PED-5450, jsc#PED-5667) * Support Zen3, Zen4 processors numatop-2.4-150100.3.9.1.src.rpm numatop-2.4-150100.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-547 Recommended update for rpmlint moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - remove Erlang-related tests (bsc#1218850) rpmlint-1.10-150000.7.81.1.noarch.rpm rpmlint-1.10-150000.7.81.1.src.rpm rpmlint-mini-1.10-150400.23.18.2.src.rpm rpmlint-mini-1.10-150400.23.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-219 Recommended update for rsyslog moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsyslog fixes the following issues: - suppress installation errors when systemd is not running (bsc#1218799) rsyslog-8.2306.0-150400.5.27.1.src.rpm rsyslog-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-gssapi-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-gtls-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-mmnormalize-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-mysql-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-pgsql-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-relp-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-snmp-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-udpspoof-8.2306.0-150400.5.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-225 Recommended update for ant and and-contrib moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant and ant-contrib fixes the following issues: ant: - ant was updated from version 1.10.13 to 1.10.14: * Changes that could break older environments: + Resource#compareTo now invokes getName rather than toString as the later may be costly (for example in the case of a StringResource). + When using Java 18 or higher, Ant will no longer use Java SecurityManager because it has been deprecated for removal and by default is disallowed to be set at runtime https://openjdk.org/jeps/411. This will mean that the "<permissions>" type is no longer functional when using Java 18 or higher. Furthermore, when using Java 18 or higher, if the build executes tasks that call "java.lang.System.exit()" and if those tasks aren't running in a forked VM of their own, then such tasks will now kill the entire Ant build process. It is recommended that such tasks be updated to launch in a forked VM so that the System.exit() call will not impact the JVM in which Ant process runs. * Fixed bugs: + Log only the stylesheet name in the xslt task. + junitlauncher task's "test" and "listener" elements which take a "outputDir" property were incorrectly resolving the outputDir against the current working directory instead of the project's basedir. + regexmapper would, in some cases, incorrectly consume backslash characters from the "to" attribute, resulting in missing backslashes in the output. + <fixcrlf>, <replace> and <replaceregexp> now try to preserve the file permissions of the files they modify. + junitlauncher task would fail if a forked test timed out even if haltOnFailure was set to false. + Fixed a bug in org.apache.tools.zip.ZipOutputStream where, even when "zip64Mode" is set to "always", ZipOutputStream may not create a CEN extra field data for the entry. + legacy-xml listener of junitlauncher task wouldn't report certain failures involving junit jupiter dynamic tests. + allow.class which was introduced in Ant 1.10.13 release, has been removed from this 1.10.14 release. This class was introduced in context of the SecurityManager changes in Ant 1.10.13, which have now been reverted in Ant 1.10.14, since they caused several regressions. * Other changes: + <fork> element of the junitlauncher task now has a new optional "java" attribute which can be used to point to a different Java installation for runnning the forked tests. + Made sure <echoproperties> sorts the echoed properties on JDK9+ as well. + org.apache.tools.ant.taskdefs.Recorder class now introduces a setLogLevel(LogLevel level) method. + The <fork> element of junitlaunchertask now allows a "forkMode" attribute. forkMode=perTestClass can now be used to launch each test class in a separate forked JVM. ant-contrib: - Package was rebuilt against ant version 1.10.14 to prevent installation issues (no source changes) ant-1.10.14-150200.4.18.2.noarch.rpm ant-1.10.14-150200.4.18.2.src.rpm ant-antlr-1.10.14-150200.4.18.2.noarch.rpm ant-antlr-1.10.14-150200.4.18.2.src.rpm ant-apache-bcel-1.10.14-150200.4.18.2.noarch.rpm ant-apache-bsf-1.10.14-150200.4.18.2.noarch.rpm ant-apache-log4j-1.10.14-150200.4.18.2.noarch.rpm ant-apache-oro-1.10.14-150200.4.18.2.noarch.rpm ant-apache-regexp-1.10.14-150200.4.18.2.noarch.rpm ant-apache-resolver-1.10.14-150200.4.18.2.noarch.rpm ant-commons-logging-1.10.14-150200.4.18.2.noarch.rpm ant-contrib-1.0b3-150200.11.12.2.noarch.rpm ant-contrib-1.0b3-150200.11.12.2.src.rpm ant-jakartamail-1.10.14-150200.4.18.2.noarch.rpm ant-javamail-1.10.14-150200.4.18.2.noarch.rpm ant-jdepend-1.10.14-150200.4.18.2.noarch.rpm ant-jmf-1.10.14-150200.4.18.2.noarch.rpm ant-junit-1.10.14-150200.4.18.2.noarch.rpm ant-junit-1.10.14-150200.4.18.2.src.rpm ant-manual-1.10.14-150200.4.18.2.noarch.rpm ant-scripts-1.10.14-150200.4.18.2.noarch.rpm ant-swing-1.10.14-150200.4.18.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-845 Recommended update for release-notes-sles moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for release-notes-sles fixes the following issues: - Added note about sched parameter deprecation (bsc#1216929) - Added note about set-hostname deprecation (bsc#1215156) - Added note about Xen Dom0 suspend/resume (bsc#1210490) release-notes-sles-15.4.20240119-150400.3.24.5.noarch.rpm release-notes-sles-15.4.20240119-150400.3.24.5.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-188 Recommended update for suseconnect-ng critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) libsuseconnect-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm suseconnect-ng-1.6.0~git0.31371c8-150400.3.22.1.src.rpm suseconnect-ng-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm suseconnect-ruby-bindings-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-229 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.7.0 ESR (MFSA2024-02) (bsc#1218955): - CVE-2024-0741: Out of bounds write in ANGLE - CVE-2024-0742: Failure to update user input timestamp - CVE-2024-0746: Crash when listing printers on Linux - CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set - CVE-2024-0749: Phishing site popup could show local origin in address bar - CVE-2024-0750: Potential permissions request bypass via clickjacking - CVE-2024-0751: Privilege escalation through devtools - CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain - CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 MozillaFirefox-115.7.0-150200.152.123.1.src.rpm MozillaFirefox-115.7.0-150200.152.123.1.x86_64.rpm MozillaFirefox-devel-115.7.0-150200.152.123.1.noarch.rpm MozillaFirefox-translations-common-115.7.0-150200.152.123.1.x86_64.rpm MozillaFirefox-translations-other-115.7.0-150200.152.123.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-631 Recommended update for texlive-specs-a moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for texlive-specs-a fixes the following issues: - Replace arara.jar in arara.tar.xz with a updated log4j to silent some simple screening tools reporting vulnerable log4j version even if even log4j is not used that way (bsc#1218601) texlive-12many-2021.189.0.0.3svn15878-150400.20.3.1.noarch.rpm texlive-2up-2021.189.1.3asvn55076-150400.20.3.1.noarch.rpm texlive-Asana-Math-2021.189.0.000.958svn50999-150400.20.3.1.noarch.rpm texlive-Asana-Math-fonts-2021.189.0.000.958svn50999-150400.20.3.1.noarch.rpm texlive-ESIEEcv-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-GS1-2021.189.22svn44822-150400.20.3.1.noarch.rpm texlive-HA-prosper-2021.189.4.21svn15878-150400.20.3.1.noarch.rpm texlive-IEEEconf-2021.189.1.4svn15878-150400.20.3.1.noarch.rpm texlive-IEEEtran-2021.189.1.8bsvn51065-150400.20.3.1.noarch.rpm texlive-MemoirChapStyles-2021.189.1.7esvn25918-150400.20.3.1.noarch.rpm texlive-SIstyle-2021.189.2.3asvn54080-150400.20.3.1.noarch.rpm texlive-SIunits-2021.189.1.36svn15878-150400.20.3.1.noarch.rpm texlive-Tabbing-2021.189.svn17022-150400.20.3.1.noarch.rpm texlive-Type1fonts-2021.189.2.14svn19603-150400.20.3.1.noarch.rpm texlive-a0poster-2021.189.1.22bsvn54071-150400.20.3.1.noarch.rpm texlive-a2ping-2021.189.2.84psvn52964-150400.20.3.1.noarch.rpm texlive-a4wide-2021.189.svn20943-150400.20.3.1.noarch.rpm texlive-a5comb-2021.189.4svn17020-150400.20.3.1.noarch.rpm texlive-aaai-named-2021.189.svn52470-150400.20.3.1.noarch.rpm texlive-aalok-2021.189.0.0.2svn57728-150400.20.3.1.noarch.rpm texlive-aastex-2021.189.6.3.1svn58057-150400.20.3.1.noarch.rpm texlive-abbr-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-abc-2021.189.2.0bsvn41157-150400.20.3.1.noarch.rpm texlive-abnt-2021.189.svn55471-150400.20.3.1.noarch.rpm texlive-abntex2-2021.189.1.9.7svn49248-150400.20.3.1.noarch.rpm texlive-abraces-2021.189.2.0svn58761-150400.20.3.1.noarch.rpm texlive-abstract-2021.189.1.2asvn15878-150400.20.3.1.noarch.rpm texlive-abstyles-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-academicons-2021.189.1.9.0svn56119-150400.20.3.1.noarch.rpm texlive-academicons-fonts-2021.189.1.9.0svn56119-150400.20.3.1.noarch.rpm texlive-accanthis-2021.189.svn32089-150400.20.3.1.noarch.rpm texlive-accanthis-fonts-2021.189.svn32089-150400.20.3.1.noarch.rpm texlive-accents-2021.189.1.4svn51497-150400.20.3.1.noarch.rpm texlive-accessibility-2021.189.2.0.3svn55777-150400.20.3.1.noarch.rpm texlive-accfonts-2021.189.0.0.25svn18835-150400.20.3.1.noarch.rpm texlive-accsupp-2021.189.0.0.6svn53052-150400.20.3.1.noarch.rpm texlive-achemso-2021.189.3.13csvn57479-150400.20.3.1.noarch.rpm texlive-acmart-2021.189.1.75svn56946-150400.20.3.1.noarch.rpm texlive-acmconf-2021.189.1.3svn15878-150400.20.3.1.noarch.rpm texlive-acro-2021.189.3.5svn57447-150400.20.3.1.noarch.rpm texlive-acronym-2021.189.1.47svn54758-150400.20.3.1.noarch.rpm texlive-acroterm-2021.189.0.0.1svn20498-150400.20.3.1.noarch.rpm texlive-active-conf-2021.189.0.0.3asvn15878-150400.20.3.1.noarch.rpm texlive-actuarialangle-2021.189.2.1svn51376-150400.20.3.1.noarch.rpm texlive-actuarialsymbol-2021.189.1.1svn54080-150400.20.3.1.noarch.rpm texlive-addfont-2021.189.1.1svn58559-150400.20.3.1.noarch.rpm texlive-addliga-2021.189.1.0svn50912-150400.20.3.1.noarch.rpm texlive-addlines-2021.189.0.0.3svn49326-150400.20.3.1.noarch.rpm texlive-adfathesis-2021.189.2.42svn26048-150400.20.3.1.noarch.rpm texlive-adforn-2021.189.1.1bsvn54512-150400.20.3.1.noarch.rpm texlive-adforn-fonts-2021.189.1.1bsvn54512-150400.20.3.1.noarch.rpm texlive-adfsymbols-2021.189.1.2bsvn54512-150400.20.3.1.noarch.rpm texlive-adfsymbols-fonts-2021.189.1.2bsvn54512-150400.20.3.1.noarch.rpm texlive-adhocfilelist-2021.189.svn29349-150400.20.3.1.noarch.rpm texlive-adigraph-2021.189.1.7.1svn49862-150400.20.3.1.noarch.rpm texlive-adjmulticol-2021.189.1.2svn54157-150400.20.3.1.noarch.rpm texlive-adjustbox-2021.189.1.3svn56291-150400.20.3.1.noarch.rpm texlive-adobemapping-2021.189.svn51787-150400.20.3.1.noarch.rpm texlive-adrconv-2021.189.1.4svn46817-150400.20.3.1.noarch.rpm texlive-adtrees-2021.189.1.1svn51618-150400.20.3.1.noarch.rpm texlive-advdate-2021.189.svn20538-150400.20.3.1.noarch.rpm texlive-ae-2021.189.1.4svn15878-150400.20.3.1.noarch.rpm texlive-aeguill-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-aesupp-2021.189.1svn58253-150400.20.3.1.noarch.rpm texlive-aesupp-fonts-2021.189.1svn58253-150400.20.3.1.noarch.rpm texlive-afm2pl-2021.189.svn54074-150400.20.3.1.noarch.rpm texlive-afparticle-2021.189.1.3svn35900-150400.20.3.1.noarch.rpm texlive-afthesis-2021.189.2.7svn15878-150400.20.3.1.noarch.rpm texlive-aguplus-2021.189.1.6bsvn17156-150400.20.3.1.noarch.rpm texlive-aiaa-2021.189.3.6svn15878-150400.20.3.1.noarch.rpm texlive-aichej-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-ajl-2021.189.svn34016-150400.20.3.1.noarch.rpm texlive-akktex-2021.189.0.0.3.2svn26055-150400.20.3.1.noarch.rpm texlive-akletter-2021.189.1.5isvn15878-150400.20.3.1.noarch.rpm texlive-akshar-2021.189.0.0.2svn56277-150400.20.3.1.noarch.rpm texlive-albatross-2021.189.0.0.3.0svn57416-150400.20.3.1.noarch.rpm texlive-alegreya-2021.189.svn54512-150400.20.3.1.noarch.rpm texlive-alegreya-fonts-2021.189.svn54512-150400.20.3.1.noarch.rpm texlive-aleph-2021.189.svn57972-150400.20.3.1.noarch.rpm texlive-alertmessage-2021.189.1.1svn38055-150400.20.3.1.noarch.rpm texlive-alfaslabone-2021.189.0.0.0.1svn57452-150400.20.3.1.noarch.rpm texlive-alfaslabone-fonts-2021.189.0.0.0.1svn57452-150400.20.3.1.noarch.rpm texlive-alg-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-algobox-2021.189.1.3svn52204-150400.20.3.1.noarch.rpm texlive-algolrevived-2021.189.1.052svn56864-150400.20.3.1.noarch.rpm texlive-algolrevived-fonts-2021.189.1.052svn56864-150400.20.3.1.noarch.rpm texlive-algorithm2e-2021.189.5.2svn44846-150400.20.3.1.noarch.rpm texlive-algorithmicx-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-algorithms-2021.189.0.0.1svn42428-150400.20.3.1.noarch.rpm texlive-algpseudocodex-2021.189.1.0svn56125-150400.20.3.1.noarch.rpm texlive-algxpar-2021.189.0.0.91svn56006-150400.20.3.1.noarch.rpm texlive-aligned-overset-2021.189.0.0.1.0svn47290-150400.20.3.1.noarch.rpm texlive-alkalami-2021.189.1.000svn44497-150400.20.3.1.noarch.rpm texlive-alkalami-fonts-2021.189.1.000svn44497-150400.20.3.1.noarch.rpm texlive-allrunes-2021.189.2.1.1svn42221-150400.20.3.1.noarch.rpm texlive-allrunes-fonts-2021.189.2.1.1svn42221-150400.20.3.1.noarch.rpm texlive-almendra-2021.189.svn56035-150400.20.3.1.noarch.rpm texlive-almendra-fonts-2021.189.svn56035-150400.20.3.1.noarch.rpm texlive-almfixed-2021.189.0.0.92svn35065-150400.20.3.1.noarch.rpm texlive-almfixed-fonts-2021.189.0.0.92svn35065-150400.20.3.1.noarch.rpm texlive-alnumsec-2021.189.0.0.03svn15878-150400.20.3.1.noarch.rpm texlive-alpha-persian-2021.189.1.3svn50316-150400.20.3.1.noarch.rpm texlive-alphalph-2021.189.2.6svn53087-150400.20.3.1.noarch.rpm texlive-altfont-2021.189.1.1svn15878-150400.20.3.1.noarch.rpm texlive-ametsoc-2021.189.4.3.2svn36030-150400.20.3.1.noarch.rpm texlive-amiri-2021.189.0.0.113svn55403-150400.20.3.1.noarch.rpm texlive-amiri-fonts-2021.189.0.0.113svn55403-150400.20.3.1.noarch.rpm texlive-amiweb2c-guide-2021.189.1.0svn56878-150400.20.3.1.noarch.rpm texlive-amsaddr-2021.189.1.1svn29630-150400.20.3.1.noarch.rpm texlive-amscdx-2021.189.2.2xsvn51532-150400.20.3.1.noarch.rpm texlive-amscls-2021.189.2.20.6svn55378-150400.20.3.1.noarch.rpm texlive-amscls-doc-2021.189.svn46110-150400.20.3.1.noarch.rpm texlive-amsfonts-2021.189.3.04svn29208-150400.20.3.1.noarch.rpm texlive-amsfonts-fonts-2021.189.3.04svn29208-150400.20.3.1.noarch.rpm texlive-amslatex-primer-2021.189.2.3svn28980-150400.20.3.1.noarch.rpm texlive-amsldoc-it-2021.189.svn45662-150400.20.3.1.noarch.rpm texlive-amsldoc-vn-2021.189.2.0svn21855-150400.20.3.1.noarch.rpm texlive-amsmath-2021.189.svn56514-150400.20.3.1.noarch.rpm texlive-amsmath-it-2021.189.svn22930-150400.20.3.1.noarch.rpm texlive-amsrefs-2021.189.2.14svn30646-150400.20.3.1.noarch.rpm texlive-amstex-2021.189.svn57972-150400.20.3.1.noarch.rpm texlive-amsthdoc-it-2021.189.svn45662-150400.20.3.1.noarch.rpm texlive-animate-2021.189.svn56583-150400.20.3.1.noarch.rpm texlive-annee-scolaire-2021.189.1.6svn55988-150400.20.3.1.noarch.rpm texlive-annotate-2021.189.svn52824-150400.20.3.1.noarch.rpm texlive-anonchap-2021.189.1.1asvn17049-150400.20.3.1.noarch.rpm texlive-anonymous-acm-2021.189.1.0svn55121-150400.20.3.1.noarch.rpm texlive-anonymouspro-2021.189.2.2svn51631-150400.20.3.1.noarch.rpm texlive-anonymouspro-fonts-2021.189.2.2svn51631-150400.20.3.1.noarch.rpm texlive-answers-2021.189.2.16svn35032-150400.20.3.1.noarch.rpm texlive-antanilipsum-2021.189.0.0.8.1svn55250-150400.20.3.1.noarch.rpm texlive-antiqua-2021.189.001.003svn24266-150400.20.3.1.noarch.rpm texlive-antiqua-fonts-2021.189.001.003svn24266-150400.20.3.1.noarch.rpm texlive-antomega-2021.189.0.0.8svn21933-150400.20.3.1.noarch.rpm texlive-antt-2021.189.2.08svn18651-150400.20.3.1.noarch.rpm texlive-antt-fonts-2021.189.2.08svn18651-150400.20.3.1.noarch.rpm texlive-anufinalexam-2021.189.svn26053-150400.20.3.1.noarch.rpm texlive-anyfontsize-2021.189.svn17050-150400.20.3.1.noarch.rpm texlive-anysize-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-aobs-tikz-2021.189.1.0svn32662-150400.20.3.1.noarch.rpm texlive-aomart-2021.189.1.24svn56102-150400.20.3.1.noarch.rpm texlive-apa-2021.189.1.3.4svn54080-150400.20.3.1.noarch.rpm texlive-apa6-2021.189.2.34svn53406-150400.20.3.1.noarch.rpm texlive-apa6e-2021.189.0.0.3svn23350-150400.20.3.1.noarch.rpm texlive-apa7-2021.189.2.10svn58121-150400.20.3.1.noarch.rpm texlive-apacite-2021.189.6.03svn54080-150400.20.3.1.noarch.rpm texlive-apalike-german-2021.189.svn54080-150400.20.3.1.noarch.rpm texlive-apalike2-2021.189.svn54080-150400.20.3.1.noarch.rpm texlive-apnum-2021.189.1.7svn47510-150400.20.3.1.noarch.rpm texlive-appendix-2021.189.1.2csvn53718-150400.20.3.1.noarch.rpm texlive-appendixnumberbeamer-2021.189.1.2svn46317-150400.20.3.1.noarch.rpm texlive-apprendre-a-programmer-en-tex-2021.189.svn57179-150400.20.3.1.noarch.rpm texlive-apprends-latex-2021.189.4.02svn19306-150400.20.3.1.noarch.rpm texlive-apptools-2021.189.1.0svn28400-150400.20.3.1.noarch.rpm texlive-apxproof-2021.189.1.2.1svn56673-150400.20.3.1.noarch.rpm texlive-arabi-2021.189.1.1svn44662-150400.20.3.1.noarch.rpm texlive-arabi-add-2021.189.1.0svn37709-150400.20.3.1.noarch.rpm texlive-arabi-fonts-2021.189.1.1svn44662-150400.20.3.1.noarch.rpm texlive-arabicfront-2021.189.1.1svn51474-150400.20.3.1.noarch.rpm texlive-arabluatex-2021.189.1.20svn54512-150400.20.3.1.noarch.rpm texlive-arabtex-2021.189.3.17svn25711-150400.20.3.1.noarch.rpm texlive-arabtex-fonts-2021.189.3.17svn25711-150400.20.3.1.noarch.rpm texlive-arabxetex-2021.189.1.2.1svn38299-150400.20.3.1.noarch.rpm texlive-aramaic-serto-2021.189.1.0svn30042-150400.20.3.1.noarch.rpm texlive-aramaic-serto-fonts-2021.189.1.0svn30042-150400.20.3.1.noarch.rpm texlive-arara-2021.189.6.1.0svn58764-150400.20.3.1.noarch.rpm texlive-archaeologie-2021.189.2.4.5svn57090-150400.20.3.1.noarch.rpm texlive-archaic-2021.189.svn38005-150400.20.3.1.noarch.rpm texlive-archaic-fonts-2021.189.svn38005-150400.20.3.1.noarch.rpm texlive-archivo-2021.189.0.0.0.2svn57283-150400.20.3.1.noarch.rpm texlive-archivo-fonts-2021.189.0.0.0.2svn57283-150400.20.3.1.noarch.rpm texlive-arcs-2021.189.1svn15878-150400.20.3.1.noarch.rpm texlive-arev-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-arev-fonts-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-arimo-2021.189.svn42880-150400.20.3.1.noarch.rpm texlive-arimo-fonts-2021.189.svn42880-150400.20.3.1.noarch.rpm texlive-armtex-2021.189.3.0_beta3svn33894-150400.20.3.1.noarch.rpm texlive-armtex-fonts-2021.189.3.0_beta3svn33894-150400.20.3.1.noarch.rpm texlive-specs-a-2021-150400.20.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-736 Recommended update for sap-installation-wizard moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sap-installation-wizard fixes the following issues: sap-installation-wizard was updated to version 4.4.13: - Fixed SAP Business One storage configuration failing (bsc#1218918) sap-installation-wizard-4.4.13-150400.3.11.1.src.rpm sap-installation-wizard-4.4.13-150400.3.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-575 Recommended update for php7 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php7 fixes the following issues: - Ensure that package is built using openssl-1_1 apache2-mod_php7-7.4.33-150400.4.31.1.src.rpm apache2-mod_php7-7.4.33-150400.4.31.1.x86_64.rpm php7-7.4.33-150400.4.31.1.src.rpm php7-7.4.33-150400.4.31.1.x86_64.rpm php7-bcmath-7.4.33-150400.4.31.1.x86_64.rpm php7-bz2-7.4.33-150400.4.31.1.x86_64.rpm php7-calendar-7.4.33-150400.4.31.1.x86_64.rpm php7-cli-7.4.33-150400.4.31.1.x86_64.rpm php7-ctype-7.4.33-150400.4.31.1.x86_64.rpm php7-curl-7.4.33-150400.4.31.1.x86_64.rpm php7-dba-7.4.33-150400.4.31.1.x86_64.rpm php7-devel-7.4.33-150400.4.31.1.x86_64.rpm php7-dom-7.4.33-150400.4.31.1.x86_64.rpm php7-enchant-7.4.33-150400.4.31.1.x86_64.rpm php7-exif-7.4.33-150400.4.31.1.x86_64.rpm php7-fastcgi-7.4.33-150400.4.31.1.src.rpm php7-fastcgi-7.4.33-150400.4.31.1.x86_64.rpm php7-fileinfo-7.4.33-150400.4.31.1.x86_64.rpm php7-fpm-7.4.33-150400.4.31.1.src.rpm php7-fpm-7.4.33-150400.4.31.1.x86_64.rpm php7-ftp-7.4.33-150400.4.31.1.x86_64.rpm php7-gd-7.4.33-150400.4.31.1.x86_64.rpm php7-gettext-7.4.33-150400.4.31.1.x86_64.rpm php7-gmp-7.4.33-150400.4.31.1.x86_64.rpm php7-iconv-7.4.33-150400.4.31.1.x86_64.rpm php7-intl-7.4.33-150400.4.31.1.x86_64.rpm php7-json-7.4.33-150400.4.31.1.x86_64.rpm php7-ldap-7.4.33-150400.4.31.1.x86_64.rpm php7-mbstring-7.4.33-150400.4.31.1.x86_64.rpm php7-mysql-7.4.33-150400.4.31.1.x86_64.rpm php7-odbc-7.4.33-150400.4.31.1.x86_64.rpm php7-opcache-7.4.33-150400.4.31.1.x86_64.rpm php7-openssl-7.4.33-150400.4.31.1.x86_64.rpm php7-pcntl-7.4.33-150400.4.31.1.x86_64.rpm php7-pdo-7.4.33-150400.4.31.1.x86_64.rpm php7-pgsql-7.4.33-150400.4.31.1.x86_64.rpm php7-phar-7.4.33-150400.4.31.1.x86_64.rpm php7-posix-7.4.33-150400.4.31.1.x86_64.rpm php7-readline-7.4.33-150400.4.31.1.x86_64.rpm php7-shmop-7.4.33-150400.4.31.1.x86_64.rpm php7-snmp-7.4.33-150400.4.31.1.x86_64.rpm php7-soap-7.4.33-150400.4.31.1.x86_64.rpm php7-sockets-7.4.33-150400.4.31.1.x86_64.rpm php7-sodium-7.4.33-150400.4.31.1.x86_64.rpm php7-sqlite-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvmsg-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvsem-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvshm-7.4.33-150400.4.31.1.x86_64.rpm php7-tidy-7.4.33-150400.4.31.1.x86_64.rpm php7-tokenizer-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlreader-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlrpc-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlwriter-7.4.33-150400.4.31.1.x86_64.rpm php7-xsl-7.4.33-150400.4.31.1.x86_64.rpm php7-zip-7.4.33-150400.4.31.1.x86_64.rpm php7-zlib-7.4.33-150400.4.31.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-224 Security update for apache-parent, apache-sshd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: - Version 31: * New Features: + Added maven-checkstyle-plugin to pluginManagement * Improvements: + Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins + Using an SPDX identifier as the license name is recommended by Maven + Use properties to define the versions of plugins * Bugs fixed: + Updated documentation for previous changes apache-sshd was updated from version 2.7.0 to 2.12.0: - Security issues fixed: * CVE-2023-48795: Implemented OpenSSH "strict key exchange" protocol in apache-sshd version 2.12.0 (bsc#1218189) * CVE-2022-45047: Java unsafe deserialization vulnerability fixed in apache-sshd version 2.9.2 (bsc#1205463) - Other changes in version 2.12.0: * Bugs fixed: + SCP client fails silently when error signalled due to missing file or lacking permissions + Ignore unknown key types from agent or in OpenSSH host keys extension * New Features: + Support GIT protocol-v2 - Other changes in version 2.11.0: * Bugs fixed: + Added configurable timeout(s) to DefaultSftpClient + Compare file keys in ModifiableFileWatcher. + Fixed channel pool in SftpFileSystem. + Use correct default OpenOptions in SftpFileSystemProvider.newFileChannel(). + Use correct lock modes for SFTP FileChannel.lock(). + ScpClient: support issuing commands to a server that uses a non-UTF-8 locale. + SftpInputStreamAsync: fix reporting EOF on zero-length reads. + Work-around a bug in WS_FTP <= 12.9 SFTP clients. + (Regression in 2.10.0) SFTP performance fix: override FilterOutputStream.write(byte[], int, int). + Fixed a race condition to ensure SSH_MSG_CHANNEL_EOF is always sent before SSH_MSG_CHANNEL_CLOSE. + Fixed error handling while flushing queued packets at end of KEX. + Fixed wrong log level on closing an Nio2Session. + Fixed detection of Android O/S from system properties. + Consider all applicable host keys from the known_hosts files. + SftpFileSystem: do not close user session. + ChannelAsyncOutputStream: remove write future when done. + SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile file names in HostConfigEntry. * New Features: + Use KeepAliveHandler global request instance in client as well + Publish snapshot maven artifacts to the Apache Snapshots maven repository. + Bundle sshd-contrib has support classes for the HAProxy protocol V2. - Other changes in version 2.10.0: * Bugs fixed: + Connection attempt not canceled when a connection timeout occurs + Possible OOM in ChannelPipedInputStream + SftpRemotePathChannel.transferFrom(...) ignores position argument + Rooted file system can leak informations + Failed to establish an SSH connection because the server identifier exceeds the int range * Improvements: + Password in clear in SSHD server's logs - Other changes in version 2.9.2: * Bugs fixed: + SFTP worker threads got stuck while processing PUT methods against one specific SFTP server + Use the maximum packet size of the communication partner + ExplicitPortForwardingTracker does not unbind auto-allocated one + Default SshClient FD leak because Selector not closed + Reading again from exhausted ChannelExec#getInvertedOut() throws IOException instead of returning -1 + Keeping error streams and input streams separate after ChannelExec#setRedirectErrorStream(true) is called + Nio2Session.shutdownOutput() should wait for writes in progress * Test: + Research intermittent failure in unit tests using various I/O service factories - Other changes in version 2.9.1: * Bugs fixed: + ClientSession.auth().verify() is terminated with timeout + 2.9.0 release broken on Java 8 + Infinite loop in org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead + Deadlock during session exit + Race condition is logged in ChannelAsyncOutputStream - Other changes in version 2.9.0: * Bugs fixed: + Deadlock on disconnection at the end of key-exchange + Remote port forwarding mode does not handle EOF properly + Public key authentication: wrong signature algorithm used (ed25519 key with ssh-rsa signature) + Client fails window adjust above Integer.MAX_VALUE + class loader fails to load org.apache.sshd.common.cipher.BaseGCMCipher + Shell is not getting closed if the command has already closed the OutputStream it is using. + Sometimes async write listener is not called + Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to SocketTimeoutException + different host key algorithm used on rekey than used for the initial connection + OpenSSH certificate is not properly encoded when critical options are included + TCP/IP remote port forwarding with wildcard IP addresses doesn't work with OpenSSH + UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from an agent * New Features: + Added support for Argon2 encrypted PUTTY key files + Added support for merged inverted output and error streams of remote process * Improvements: + Added support for "limits@openssh.com" SFTP extension + Support host-based pubkey authentication in the client + Send environment variable and open subsystem at the same time for SSH session - Other changes in version 2.8.0: * Bugs fixed: + Fixed wrong server key algorithm choice + Expiration of OpenSshCertificates needs to compare timestamps as unsigned long + SFTP Get downloads empty file from servers which supports EOF indication after data + skip() doesn't work properly in SftpInputStreamAsync + OpenMode and CopyMode is not honored as expected in version > 4 of SFTP api + SftpTransferTest sometimes hangs (failure during rekeying) + Race condition in KEX + Fix the ciphers supported documentation + Update tarLongFileMode to use POSIX + WinsCP transfer failure to Apache SSHD Server + Pubkey auth: keys from ssh-agent are used even if HostConfigEntry.isIdentitiesOnly() is true + Support RSA SHA2 signatures via SSH agent + NOTICE: wrong copyright year range + Wrong creationTime in writeAttrs for SFTP + sshd-netty logs all traffic on INFO level * New Features: + Add support for chacha20-poly1305@openssh.com + Parsing of ~/.ssh/config Host patterns fails with extra whitespace + Support generating OpenSSH client certificates * Improvements: + Add support for curve25519-sha256@libssh.org key exchange + OpenSSH certificates: check certificate type + OpenSSHCertificatesTest: certificates expire in 2030 + Display IdleTimeOut in more user-friendly format + sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in ChannelAsyncOutputStream constructor configurable from outside using variable/config file + Intercepting the server exception message from server in SSHD client + Implement RFC 8332 server-sig-algs on the server + Slow performance listing huge number of files on Apache SSHD server + SFTP: too many LSTAT calls + Support key constraints when adding a key to an SSH agent + Add SFTP server side file custom attributes hook apache-sshd-2.12.0-150200.5.8.1.noarch.rpm apache-sshd-2.12.0-150200.5.8.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-321 Security update for java-11-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 (January 2024 CPU): - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906). - CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html java-11-openjdk-11.0.22.0-150000.3.110.1.src.rpm java-11-openjdk-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-demo-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-devel-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-headless-11.0.22.0-150000.3.110.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-235 Recommended update for yast2-pkg-bindings moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-pkg-bindings fixes the following issues: - Fixed repository and service probing with libzypp 7.31.26 and newer, fixes broken repository handling (bsc#1218977, bsc#1218399) - 4.4.7 yast2-pkg-bindings-4.4.7-150400.3.9.1.src.rpm yast2-pkg-bindings-4.4.7-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-205 Security update for python-Pillow important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Pillow fixes the following issues: - CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048) python-Pillow-9.5.0-150400.5.9.1.src.rpm python311-Pillow-9.5.0-150400.5.9.1.x86_64.rpm python311-Pillow-tk-9.5.0-150400.5.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-870 Security update for glibc moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) glibc-2.31-150300.68.1.src.rpm glibc-2.31-150300.68.1.x86_64.rpm glibc-devel-2.31-150300.68.1.x86_64.rpm glibc-devel-static-2.31-150300.68.1.x86_64.rpm glibc-extra-2.31-150300.68.1.x86_64.rpm glibc-i18ndata-2.31-150300.68.1.noarch.rpm glibc-info-2.31-150300.68.1.noarch.rpm glibc-lang-2.31-150300.68.1.noarch.rpm glibc-locale-2.31-150300.68.1.x86_64.rpm glibc-locale-base-2.31-150300.68.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.68.1.x86_64.rpm glibc-profile-2.31-150300.68.1.x86_64.rpm glibc-utils-2.31-150300.68.1.x86_64.rpm glibc-utils-src-2.31-150300.68.1.src.rpm nscd-2.31-150300.68.1.x86_64.rpm glibc-32bit-2.31-150300.68.1.x86_64.rpm glibc-devel-32bit-2.31-150300.68.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-243 Recommended update for util-linux moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) libblkid-devel-2.37.2-150400.8.23.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.23.1.x86_64.rpm libblkid1-2.37.2-150400.8.23.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.23.1.x86_64.rpm libfdisk1-2.37.2-150400.8.23.1.x86_64.rpm libmount-devel-2.37.2-150400.8.23.1.x86_64.rpm libmount1-2.37.2-150400.8.23.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.23.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.23.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.23.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.23.1.x86_64.rpm libuuid1-2.37.2-150400.8.23.1.x86_64.rpm util-linux-2.37.2-150400.8.23.1.src.rpm util-linux-2.37.2-150400.8.23.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.23.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.23.1.src.rpm util-linux-systemd-2.37.2-150400.8.23.1.x86_64.rpm uuidd-2.37.2-150400.8.23.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.23.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.23.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-268 Security update for xen moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) xen-4.16.5_12-150400.4.46.1.src.rpm True xen-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-devel-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-libs-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-domU-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-770 Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Update to 550.54.14 * Added vGPU Host and vGPU Guest support. For vGPU Host, please refer to the README.vgpu packaged in the vGPU Host Package for more details. Security issues fixed: * CVE-2024-0074: A user could trigger a NULL ptr dereference. * CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution. * CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution. - create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks also during modprobing the nvidia module; this changes the issue of not having access to /dev/nvidia${devid}, when gfxcard has been replaced by a different gfx card after installing the driver - provide nvidia-open-driver-G06-kmp (jsc#PED-7117) * this makes it easy to replace the package from nVidia's CUDA repository with this presigned package kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1.x86_64.rpm nvidia-open-driver-G06-signed-550.54.14-150400.9.50.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-322 Recommended update for aaa_base moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-509 Security update for salt important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430) - CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431) Bugs fixed: - Ensure that pillar refresh loads beacons from pillar without restart - Fix the aptpkg.py unit test failure - Prefer unittest.mock to python-mock in test suite - Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649) - Revert changes to set Salt configured user early in the stack (bsc#1216284) - Align behavior of some modules when using salt-call via symlink (bsc#1215963) - Fix gitfs "__env__" and improve cache cleaning (bsc#1193948) - Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed python3-salt-3006.0-150400.8.54.1.x86_64.rpm True salt-3006.0-150400.8.54.1.src.rpm True salt-3006.0-150400.8.54.1.x86_64.rpm True salt-api-3006.0-150400.8.54.1.x86_64.rpm True salt-bash-completion-3006.0-150400.8.54.1.noarch.rpm True salt-cloud-3006.0-150400.8.54.1.x86_64.rpm True salt-doc-3006.0-150400.8.54.1.x86_64.rpm True salt-fish-completion-3006.0-150400.8.54.1.noarch.rpm True salt-master-3006.0-150400.8.54.1.x86_64.rpm True salt-minion-3006.0-150400.8.54.1.x86_64.rpm True salt-proxy-3006.0-150400.8.54.1.x86_64.rpm True salt-ssh-3006.0-150400.8.54.1.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.54.1.x86_64.rpm True salt-syndic-3006.0-150400.8.54.1.x86_64.rpm True salt-transactional-update-3006.0-150400.8.54.1.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.54.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-617 Recommended update for yast2-http-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-http-server fixes the following issue: - bsc#1218943 - followup of previous fix - fixed internal issue which caused Server modules not to be displayed at all. - 4.4.3 upgrade yast2-http-server-4.4.3-150400.3.6.1.noarch.rpm yast2-http-server-4.4.3-150400.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-724 Recommended update for orarun moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orarun fixes the following issue: - bsc#1217288 - Fixed common.sh checks if $ORACLE_HOME is NOT a directory instead of if it is Oracle Agent won't start orarun-2.1-150400.22.6.1.src.rpm orarun-2.1-150400.22.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-828 Recommended update for ant-contrib moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant-contrib fixes the following issues: ant: - Fix unit tests annotated with @CsvSource and @CsvFileSource) ant-contrib: - Recompile RPM package to resolve package building issues with newer versions of `ant` ant-1.10.14-150200.4.22.1.noarch.rpm ant-1.10.14-150200.4.22.1.src.rpm ant-antlr-1.10.14-150200.4.22.1.noarch.rpm ant-antlr-1.10.14-150200.4.22.1.src.rpm ant-apache-bcel-1.10.14-150200.4.22.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.22.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.22.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.22.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.22.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.22.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.22.1.noarch.rpm ant-contrib-1.0b3-150200.11.15.2.noarch.rpm ant-contrib-1.0b3-150200.11.15.2.src.rpm ant-jakartamail-1.10.14-150200.4.22.1.noarch.rpm ant-javamail-1.10.14-150200.4.22.1.noarch.rpm ant-jdepend-1.10.14-150200.4.22.1.noarch.rpm ant-jmf-1.10.14-150200.4.22.1.noarch.rpm ant-junit-1.10.14-150200.4.22.1.noarch.rpm ant-junit-1.10.14-150200.4.22.1.src.rpm ant-manual-1.10.14-150200.4.22.1.noarch.rpm ant-scripts-1.10.14-150200.4.22.1.noarch.rpm ant-swing-1.10.14-150200.4.22.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-739 Recommended update for pesign moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pesign fixes the following issue: - Fix errors when installing pesign alone (bsc#1219198) pesign-0.112-150000.4.21.1.src.rpm pesign-0.112-150000.4.21.1.x86_64.rpm pesign-systemd-0.112-150000.4.21.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-303 Recommended update for gcc7 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc7 fixes the following issues: - Avoid crash when hitting a broken pattern in the s390 backend. - Avoid creating recursive DIE references through DW_AT_abstract_origin when using LTO. [bsc#1216488] cpp7-7.5.0+r278197-150000.4.38.1.x86_64.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.38.1.src.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm cross-nvptx-newlib7-devel-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-7.5.0+r278197-150000.4.38.1.src.rpm gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-ada-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-c++-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-c++-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-fortran-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-fortran-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-info-7.5.0+r278197-150000.4.38.1.noarch.rpm gcc7-locale-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-objc-7.5.0+r278197-150000.4.38.1.x86_64.rpm libada7-7.5.0+r278197-150000.4.38.1.x86_64.rpm libasan4-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libasan4-7.5.0+r278197-150000.4.38.1.x86_64.rpm libcilkrts5-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libcilkrts5-7.5.0+r278197-150000.4.38.1.x86_64.rpm libgfortran4-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libgfortran4-7.5.0+r278197-150000.4.38.1.x86_64.rpm libstdc++6-devel-gcc7-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm libubsan0-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libubsan0-7.5.0+r278197-150000.4.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-480 Recommended update for libsolv important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) libsolv-0.7.28-150400.3.16.2.src.rpm True libsolv-devel-0.7.28-150400.3.16.2.x86_64.rpm True libsolv-tools-0.7.28-150400.3.16.2.x86_64.rpm True libzypp-17.31.31-150400.3.52.2.src.rpm True libzypp-17.31.31-150400.3.52.2.x86_64.rpm True libzypp-devel-17.31.31-150400.3.52.2.x86_64.rpm True perl-solv-0.7.28-150400.3.16.2.x86_64.rpm True python3-solv-0.7.28-150400.3.16.2.x86_64.rpm True ruby-solv-0.7.28-150400.3.16.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-327 Security update for bouncycastle, jsch important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bouncycastle, jsch fixes the following issues: - Updated jsch to version 0.2.15: - CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information (bsc#1218134). - Updated bouncycastle to version 1.77. bouncycastle-1.77-150200.3.24.1.noarch.rpm bouncycastle-1.77-150200.3.24.1.src.rpm bouncycastle-pg-1.77-150200.3.24.1.noarch.rpm bouncycastle-pkix-1.77-150200.3.24.1.noarch.rpm bouncycastle-util-1.77-150200.3.24.1.noarch.rpm jsch-0.2.15-150200.11.13.1.noarch.rpm jsch-0.2.15-150200.11.13.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-792 Recommended update for timezone moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be "minimum" - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 timezone-2024a-150000.75.28.1.src.rpm timezone-2024a-150000.75.28.1.x86_64.rpm timezone-java-2024a-150000.75.28.1.noarch.rpm timezone-java-2024a-150000.75.28.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-444 Security update for suse-build-key important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 suse-build-key-12.0-150000.8.40.1.noarch.rpm suse-build-key-12.0-150000.8.40.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-305 Security update for cpio moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) cpio-2.13-150400.3.6.1.src.rpm cpio-2.13-150400.3.6.1.x86_64.rpm cpio-lang-2.13-150400.3.6.1.noarch.rpm cpio-mt-2.13-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-455 Security update for squid important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squid fixes the following issues: - CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. (bsc#1217654) - CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses. (bsc#1219131) squid-5.7-150400.3.23.1.src.rpm squid-5.7-150400.3.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-320 Security update for xerces-c important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xerces-c fixes the following issues: - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. (bsc#1159552) libxerces-c-3_2-3.2.3-150300.3.6.1.x86_64.rpm libxerces-c-devel-3.2.3-150300.3.6.1.x86_64.rpm xerces-c-3.2.3-150300.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-726 Security update for Java important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all   in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc "the old fashioned way" after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter "stylesheet" + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in "Copying xresources" info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib apache-commons-codec-1.16.1-150200.3.9.1.noarch.rpm apache-commons-codec-1.16.1-150200.3.9.1.src.rpm apache-commons-compress-1.26.0-150200.3.16.1.noarch.rpm apache-commons-compress-1.26.0-150200.3.16.1.src.rpm apache-commons-configuration2-2.9.0-150200.5.5.1.noarch.rpm apache-commons-configuration2-2.9.0-150200.5.5.1.src.rpm apache-commons-io-2.15.1-150200.3.12.1.noarch.rpm apache-commons-io-2.15.1-150200.3.12.1.src.rpm gradle-local-6.2.0-150200.3.7.1.noarch.rpm ivy-local-6.2.0-150200.3.7.1.noarch.rpm javapackages-meta-6.2.0-150200.3.7.1.src.rpm maven-3.9.6-150200.4.21.2.src.rpm maven-3.9.6-150200.4.21.2.x86_64.rpm maven-doxia-1.12.0-150200.4.7.2.src.rpm maven-doxia-core-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.7.1.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.7.1.src.rpm maven-jar-plugin-3.3.0-150200.3.10.1.noarch.rpm maven-jar-plugin-3.3.0-150200.3.10.1.src.rpm maven-javadoc-plugin-3.6.0-150200.4.10.1.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.10.1.src.rpm maven-lib-3.9.6-150200.4.21.2.x86_64.rpm maven-local-6.2.0-150200.3.7.1.noarch.rpm maven-reporting-api-3.1.1-150200.3.7.1.noarch.rpm maven-reporting-api-3.1.1-150200.3.7.1.src.rpm maven-resolver-1.9.18-150200.3.17.2.src.rpm maven-resolver-api-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-connector-basic-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-impl-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-named-locks-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-spi-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-file-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-http-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-wagon-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-util-1.9.18-150200.3.17.2.noarch.rpm maven-resources-plugin-3.3.1-150200.3.12.1.noarch.rpm maven-resources-plugin-3.3.1-150200.3.12.1.src.rpm xmvn-4.2.0-150200.3.18.1.src.rpm xmvn-4.2.0-150200.3.18.1.x86_64.rpm xmvn-api-4.2.0-150200.3.18.1.noarch.rpm xmvn-connector-4.2.0-150200.3.18.1.noarch.rpm xmvn-connector-4.2.0-150200.3.18.1.src.rpm xmvn-core-4.2.0-150200.3.18.1.noarch.rpm xmvn-install-4.2.0-150200.3.18.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.18.1.x86_64.rpm xmvn-mojo-4.2.0-150200.3.18.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.18.1.src.rpm xmvn-resolve-4.2.0-150200.3.18.1.noarch.rpm xmvn-subst-4.2.0-150200.3.18.1.noarch.rpm xmvn-tools-4.2.0-150200.3.18.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-651 Recommended update for nftables moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nftables fixes the following issues: - Enable python311 module (bsc#1219253). libnftables1-0.9.8-150400.6.3.1.x86_64.rpm nftables-0.9.8-150400.6.3.1.src.rpm nftables-0.9.8-150400.6.3.1.x86_64.rpm python3-nftables-0.9.8-150400.6.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-898 Security update for gdb moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as "nibbles". The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The "info breakpoints" now displays enabled breakpoint locations of disabled breakpoints as in the "y-" state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format "/b" has been introduce to provide the old behavior of "/r". * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new "set style tui-current-position" command. * It is now possible to use the "document" command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the "set/show debug solib" commands instead. See the NEWS file for a more complete and detailed list of what this release includes. gdb-13.2-150400.15.14.1.src.rpm gdb-13.2-150400.15.14.1.x86_64.rpm gdbserver-13.2-150400.15.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-911 Recommended update for virt-v2v moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for virt-v2v fixes the following issue: - virt-v2v fails due to zstd module compression (bsc#1216068) virt-v2v-1.44.2-150400.3.6.1.src.rpm virt-v2v-1.44.2-150400.3.6.1.x86_64.rpm virt-v2v-bash-completion-1.44.2-150400.3.6.1.noarch.rpm virt-v2v-man-pages-ja-1.44.2-150400.3.6.1.noarch.rpm virt-v2v-man-pages-uk-1.44.2-150400.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-423 Security update for libavif important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libavif fixes the following issues: - CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found (bsc#1218303). libavif-0.9.3-150400.3.3.1.src.rpm libavif13-0.9.3-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-459 Security update for runc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. runc-1.1.12-150000.61.2.src.rpm runc-1.1.12-150000.61.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-433 Recommended update for source-highlight moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for source-highlight fixes the following issues: Version update to 3.1.9: * changed esc.style to work better with dark theme terminals * updated C and C++ to more recent standards * fixed zsh.lang * added new Python keywords * added Rust * added ixpe * added vim - ships it to missing service packs like SUSE Linux Enterprise 15 SP3. libsource-highlight-devel-3.1.9-150000.3.7.1.x86_64.rpm libsource-highlight4-3.1.9-150000.3.7.1.x86_64.rpm source-highlight-3.1.9-150000.3.7.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-548 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.5 (bsc#1219604): - CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution (bsc#1219113). - CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages (bsc#1219604). - CVE-2024-23213: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2023-40414: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2014-1745: Fixed denial-of-service or potentially disclose memory contents while processing maliciously crafted files (bsc#1219604). - CVE-2023-42833: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). WebKitGTK-4.0-lang-2.42.5-150400.4.75.1.noarch.rpm WebKitGTK-4.1-lang-2.42.5-150400.4.75.1.noarch.rpm WebKitGTK-6.0-lang-2.42.5-150400.4.75.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1.x86_64.rpm libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1.x86_64.rpm libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1.x86_64.rpm libwebkitgtk-6_0-4-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk3-2.42.5-150400.4.75.1.src.rpm webkit2gtk3-devel-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk3-soup2-2.42.5-150400.4.75.1.src.rpm webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk4-2.42.5-150400.4.75.1.src.rpm webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-466 Recommended update for syslinux important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for syslinux fixes the following issues: - syslinux RPM package was rebuilt to address issues with aarch64 built binaries syslinux-4.04-150300.17.2.1.src.rpm syslinux-4.04-150300.17.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-425 Recommended update for python-argcomplete moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-argcomplete fixes the following issues: - Use update-alternatives for package binaries to avoid conflict with python311 stack (bsc#1219305) python-argcomplete-1.9.2-150000.3.5.1.src.rpm python3-argcomplete-1.9.2-150000.3.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-802 Recommended update for wicked moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) wicked-0.6.74-150400.3.13.1.src.rpm wicked-0.6.74-150400.3.13.1.x86_64.rpm wicked-service-0.6.74-150400.3.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-833 Security update for openssl-1_1 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-1_1-devel-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.63.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.63.1.src.rpm openssl-1_1-1.1.1l-150400.7.63.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-831 Security update for openssl-1_0_0 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-1_0_0-devel-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.91.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.91.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.91.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-563 Recommended update for ffmpeg important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg contains the following fixes: - Added `libavresample3` and `libavformat57` to subpackages for Package Hub SLE-15-SP5 (bsc#1205435) - Fix RPM package build with new `binutils` ffmpeg-3.4.2-150200.11.34.2.src.rpm libavcodec57-3.4.2-150200.11.34.2.x86_64.rpm libavformat57-3.4.2-150200.11.34.2.x86_64.rpm libavresample3-3.4.2-150200.11.34.2.x86_64.rpm libavutil-devel-3.4.2-150200.11.34.2.x86_64.rpm libavutil55-3.4.2-150200.11.34.2.x86_64.rpm libpostproc-devel-3.4.2-150200.11.34.2.x86_64.rpm libpostproc54-3.4.2-150200.11.34.2.x86_64.rpm libswresample-devel-3.4.2-150200.11.34.2.x86_64.rpm libswresample2-3.4.2-150200.11.34.2.x86_64.rpm libswscale-devel-3.4.2-150200.11.34.2.x86_64.rpm libswscale4-3.4.2-150200.11.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-907 Recommended update for audit moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) audit-3.0.6-150400.4.16.1.src.rpm audit-3.0.6-150400.4.16.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.16.1.x86_64.rpm audit-devel-3.0.6-150400.4.16.1.x86_64.rpm audit-secondary-3.0.6-150400.4.16.1.src.rpm libaudit1-3.0.6-150400.4.16.1.x86_64.rpm libauparse0-3.0.6-150400.4.16.1.x86_64.rpm python3-audit-3.0.6-150400.4.16.1.x86_64.rpm system-group-audit-3.0.6-150400.4.16.1.x86_64.rpm libaudit1-32bit-3.0.6-150400.4.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-641 Recommended update for gcc7 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc7 fixes the following issues: - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. cpp7-7.5.0+r278197-150000.4.41.1.x86_64.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.41.1.src.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm cross-nvptx-newlib7-devel-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-7.5.0+r278197-150000.4.41.1.src.rpm gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-ada-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-c++-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-c++-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-fortran-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-fortran-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-info-7.5.0+r278197-150000.4.41.1.noarch.rpm gcc7-locale-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-objc-7.5.0+r278197-150000.4.41.1.x86_64.rpm libada7-7.5.0+r278197-150000.4.41.1.x86_64.rpm libasan4-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libasan4-7.5.0+r278197-150000.4.41.1.x86_64.rpm libcilkrts5-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libcilkrts5-7.5.0+r278197-150000.4.41.1.x86_64.rpm libgfortran4-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libgfortran4-7.5.0+r278197-150000.4.41.1.x86_64.rpm libstdc++6-devel-gcc7-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm libubsan0-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libubsan0-7.5.0+r278197-150000.4.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). kernel-default-5.14.21-150400.24.108.1.nosrc.rpm True kernel-default-5.14.21-150400.24.108.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2.src.rpm True kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.108.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.108.1.noarch.rpm True kernel-docs-5.14.21-150400.24.108.1.noarch.rpm True kernel-docs-5.14.21-150400.24.108.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.108.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.108.1.src.rpm True kernel-obs-build-5.14.21-150400.24.108.1.x86_64.rpm True kernel-source-5.14.21-150400.24.108.1.noarch.rpm True kernel-source-5.14.21-150400.24.108.1.src.rpm True kernel-syms-5.14.21-150400.24.108.1.src.rpm True kernel-syms-5.14.21-150400.24.108.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.108.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-562 Recommended update for openblas important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openblas contains the following fixes: - Added `libopenblas_pthreads0` to Package Hub SLE-15-SP4 on architecture s390 (no source changes) (bsc#1217608) libopenblas_openmp0-0.3.20-150400.4.2.1.x86_64.rpm libopenblas_pthreads-devel-0.3.20-150400.4.2.1.x86_64.rpm libopenblas_pthreads0-0.3.20-150400.4.2.1.x86_64.rpm openblas-common-devel-0.3.20-150400.4.2.1.x86_64.rpm openblas_openmp-0.3.20-150400.4.2.1.src.rpm openblas_pthreads-0.3.20-150400.4.2.1.src.rpm openblas_serial-0.3.20-150400.4.2.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-550 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: Upgrade to 16.2: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). libecpg6-16.2-150200.5.10.1.x86_64.rpm libpq5-16.2-150200.5.10.1.x86_64.rpm libpq5-32bit-16.2-150200.5.10.1.x86_64.rpm postgresql16-16.2-150200.5.10.1.src.rpm postgresql16-16.2-150200.5.10.1.x86_64.rpm postgresql16-contrib-16.2-150200.5.10.1.x86_64.rpm postgresql16-devel-16.2-150200.5.10.1.x86_64.rpm postgresql16-docs-16.2-150200.5.10.1.noarch.rpm postgresql16-plperl-16.2-150200.5.10.1.x86_64.rpm postgresql16-plpython-16.2-150200.5.10.1.x86_64.rpm postgresql16-pltcl-16.2-150200.5.10.1.x86_64.rpm postgresql16-server-16.2-150200.5.10.1.x86_64.rpm postgresql16-server-devel-16.2-150200.5.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-551 Security update for postgresql15 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql15 fixes the following issues: Upgrade to 15.6: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql15-15.6-150200.5.22.1.src.rpm postgresql15-15.6-150200.5.22.1.x86_64.rpm postgresql15-contrib-15.6-150200.5.22.1.x86_64.rpm postgresql15-devel-15.6-150200.5.22.1.x86_64.rpm postgresql15-docs-15.6-150200.5.22.1.noarch.rpm postgresql15-plperl-15.6-150200.5.22.1.x86_64.rpm postgresql15-plpython-15.6-150200.5.22.1.x86_64.rpm postgresql15-pltcl-15.6-150200.5.22.1.x86_64.rpm postgresql15-server-15.6-150200.5.22.1.x86_64.rpm postgresql15-server-devel-15.6-150200.5.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-552 Security update for postgresql14 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql14-14.11-150200.5.39.1.src.rpm postgresql14-14.11-150200.5.39.1.x86_64.rpm postgresql14-contrib-14.11-150200.5.39.1.x86_64.rpm postgresql14-devel-14.11-150200.5.39.1.x86_64.rpm postgresql14-docs-14.11-150200.5.39.1.noarch.rpm postgresql14-plperl-14.11-150200.5.39.1.x86_64.rpm postgresql14-plpython-14.11-150200.5.39.1.x86_64.rpm postgresql14-pltcl-14.11-150200.5.39.1.x86_64.rpm postgresql14-server-14.11-150200.5.39.1.x86_64.rpm postgresql14-server-devel-14.11-150200.5.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-522 Security update for postgresql13 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql13 fixes the following issues: Upgrade to 13.14: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql13-13.14-150200.5.53.1.src.rpm postgresql13-13.14-150200.5.53.1.x86_64.rpm postgresql13-contrib-13.14-150200.5.53.1.x86_64.rpm postgresql13-devel-13.14-150200.5.53.1.x86_64.rpm postgresql13-docs-13.14-150200.5.53.1.noarch.rpm postgresql13-llvmjit-13.14-150200.5.53.1.x86_64.rpm postgresql13-llvmjit-devel-13.14-150200.5.53.1.x86_64.rpm postgresql13-plperl-13.14-150200.5.53.1.x86_64.rpm postgresql13-plpython-13.14-150200.5.53.1.x86_64.rpm postgresql13-pltcl-13.14-150200.5.53.1.x86_64.rpm postgresql13-server-13.14-150200.5.53.1.x86_64.rpm postgresql13-server-devel-13.14-150200.5.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-634 Recommended update for postgresql moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql fixes the following issues: - Require fillup package to properly create the config file (bsc#1219340) postgresql-16-150400.4.12.1.noarch.rpm postgresql-16-150400.4.12.1.src.rpm postgresql-contrib-16-150400.4.12.1.noarch.rpm postgresql-devel-16-150400.4.12.1.noarch.rpm postgresql-docs-16-150400.4.12.1.noarch.rpm postgresql-llvmjit-16-150400.4.12.1.noarch.rpm postgresql-llvmjit-devel-16-150400.4.12.1.noarch.rpm postgresql-plperl-16-150400.4.12.1.noarch.rpm postgresql-plpython-16-150400.4.12.1.noarch.rpm postgresql-pltcl-16-150400.4.12.1.noarch.rpm postgresql-server-16-150400.4.12.1.noarch.rpm postgresql-server-devel-16-150400.4.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-725 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 suse-build-key-12.0-150000.8.43.1.noarch.rpm suse-build-key-12.0-150000.8.43.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-558 Security update for libssh2_org important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh2_org fixes the following issues: - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. libssh2-1-1.11.0-150000.4.25.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.25.1.x86_64.rpm libssh2_org-1.11.0-150000.4.25.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-613 Security update for libxml2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). libxml2-2-2.9.14-150400.5.28.1.x86_64.rpm libxml2-2.9.14-150400.5.28.1.src.rpm libxml2-devel-2.9.14-150400.5.28.1.x86_64.rpm libxml2-python-2.9.14-150400.5.28.1.src.rpm libxml2-tools-2.9.14-150400.5.28.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.28.1.x86_64.rpm python311-libxml2-2.9.14-150400.5.28.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-576 Security update for dpdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issues: - Fixed a regression caused by incomplete fix for CVE-2022-2132 (bsc#1219187). dpdk-19.11.10-150400.4.12.1.src.rpm dpdk-19.11.10-150400.4.12.1.x86_64.rpm dpdk-devel-19.11.10-150400.4.12.1.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.103-150400.4.12.1.x86_64.rpm dpdk-tools-19.11.10-150400.4.12.1.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-573 Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional<T>. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr<std::unique_ptr<DNSResolver>>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector<std::string>. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert "Revert "[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)" (#30991)". (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport "Fix ruby windows ucrt build #31051" to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: "stabilize the C2P resolver URI scheme" to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport "Include ADS stream error in XDS error updates (#29014)" to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport "Lazily import grpc_tools when using runtime stub/message generation" to 1.34.x (gh#grpc/grpc#25011). * Backport "do not use <PublicSign>true</PublicSign> on non-windows" to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" (gh#grpc/grpc#24782). - Add support for "unix-abstract:" URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert "Revert "Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS"" (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in "target uri is not valid" error messages (gh#grpc/grpc#23782). - Fix "cannot send compressed message large than 1024B" in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert "Start 0.3.0 development cycle (#167)" (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split("/") returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip "src" from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java … (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert "Standardize on Array copyOf" (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)’ - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add "ensure_ascii" parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on "new" buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have "has" methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include "|null". (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have "has" methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support "\u" escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for "==" to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked "explicit" (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named "async" or "await". * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span<byte>` type internally * Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter<byte>` or to a `Span<byte>` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the "optional" field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an "optional" label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call "Class#new" over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce <clinit> size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the "GetOptions()" method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka "cpp api v2") that replaces the old ("cpp api v1") one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert "Fix prefork handler register's default behavior" [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package "xds_protos" (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport "Lazily import grpc_tools when using runtime stub/message generation" to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. abseil-cpp-20230802.1-150400.10.4.1.src.rpm abseil-cpp-devel-20230802.1-150400.10.4.1.x86_64.rpm grpc-1.60.0-150400.8.3.2.src.rpm libabsl2308_0_0-20230802.1-150400.10.4.1.x86_64.rpm libgrpc++1_60-1.60.0-150400.8.3.2.x86_64.rpm libgrpc1_60-1.60.0-150400.8.3.2.x86_64.rpm libgrpc37-1.60.0-150400.8.3.2.x86_64.rpm libprotobuf-lite25_1_0-25.1-150400.9.3.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.3.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.3.1.x86_64.rpm libre2-11-20240201-150400.9.3.1.x86_64.rpm libupb37-1.60.0-150400.8.3.2.x86_64.rpm protobuf-25.1-150400.9.3.1.src.rpm protobuf-devel-25.1-150400.9.3.1.x86_64.rpm re2-20240201-150400.9.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-553 Security update for openvswitch important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvswitch fixes the following issues: - CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c (bsc#1219059). libopenvswitch-2_14-0-2.14.2-150400.24.20.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.20.1.x86_64.rpm openvswitch-2.14.2-150400.24.20.1.src.rpm openvswitch-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-ipsec-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.20.1.x86_64.rpm ovn-20.06.2-150400.24.20.1.x86_64.rpm ovn-central-20.06.2-150400.24.20.1.x86_64.rpm ovn-devel-20.06.2-150400.24.20.1.x86_64.rpm ovn-docker-20.06.2-150400.24.20.1.x86_64.rpm ovn-host-20.06.2-150400.24.20.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.20.1.x86_64.rpm python3-ovs-2.14.2-150400.24.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-595 Security update for python310 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character (bsc#1210638). libpython3_10-1_0-3.10.13-150400.4.39.1.x86_64.rpm python310-3.10.13-150400.4.39.1.src.rpm python310-3.10.13-150400.4.39.1.x86_64.rpm python310-base-3.10.13-150400.4.39.1.x86_64.rpm python310-core-3.10.13-150400.4.39.1.src.rpm python310-curses-3.10.13-150400.4.39.1.x86_64.rpm python310-dbm-3.10.13-150400.4.39.1.x86_64.rpm python310-devel-3.10.13-150400.4.39.1.x86_64.rpm python310-idle-3.10.13-150400.4.39.1.x86_64.rpm python310-tk-3.10.13-150400.4.39.1.x86_64.rpm python310-tools-3.10.13-150400.4.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3218 Security update for 389-ds important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for 389-ds fixes the following issues: - Update to version 2.0.20 - CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. (bsc#1225512) - CVE-2024-5953: Malformed userPassword hashes may cause a denial of service. (bsc#1226277) - CVE-2024-2199: Malformed userPassword may cause crash at do_modify in slapd/modify.c. (bsc#1225507) - CVE-2024-1062: Fixed a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in log_entry_attr. (bsc#1219836) 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3.src.rpm 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm lib389-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-592 Security update for php-composer2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php-composer2 fixes the following issues: - CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files (bsc#1219757). php-composer2-2.2.3-150400.3.9.1.noarch.rpm php-composer2-2.2.3-150400.3.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-626 Recommended update for ecj important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ecj fixes the following issues: - Allow building ecj with language levels 8 (bsc#1219862) - Distribute the bundled javax17api.jar under maven coordinate of org.eclipse:javax17api:17, so that it can be used if needed ecj-4.23-150200.3.12.1.noarch.rpm ecj-4.23-150200.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-565 Recommended update for suseconnect-ng important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) libsuseconnect-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1.src.rpm suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm suseconnect-ruby-bindings-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-590 Security update for bind important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. bind-9.16.48-150400.5.40.1.src.rpm bind-9.16.48-150400.5.40.1.x86_64.rpm bind-doc-9.16.48-150400.5.40.1.noarch.rpm bind-utils-9.16.48-150400.5.40.1.x86_64.rpm python3-bind-9.16.48-150400.5.40.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-646 Feature update for python3.11 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This feature update adds the following packages: - python-CherryPy - python-cheroot - python-jaraco.collections - python-jaraco.text - python-pytest-forked - python-pytest-services - python-pylons-sphinx-themes - python-scp - python-requests-unixsocket - python-waitress - python-zc.lockfile python-CherryPy-18.9.0-150400.7.3.1.src.rpm python-cheroot-10.0.0-150400.9.3.1.src.rpm python-jaraco.collections-5.0.0-150400.9.3.1.src.rpm python-jaraco.text-3.12.0-150400.9.3.1.src.rpm python-pylons-sphinx-themes-1.0.13-150400.9.3.1.src.rpm python-pytest-forked-1.6.0-150400.12.3.1.src.rpm python-pytest-services-2.2.1-150400.7.3.1.src.rpm python-requests-unixsocket-0.3.0-150400.7.3.1.src.rpm python-scp-0.14.5-150400.12.3.1.src.rpm python-waitress-2.1.2-150400.12.4.1.src.rpm python-waitress-doc-2.1.2-150400.12.4.1.src.rpm python-zc.lockfile-3.0.post1-150400.7.3.1.src.rpm python311-CherryPy-18.9.0-150400.7.3.1.noarch.rpm python311-cheroot-10.0.0-150400.9.3.1.noarch.rpm python311-jaraco.collections-5.0.0-150400.9.3.1.noarch.rpm python311-jaraco.text-3.12.0-150400.9.3.1.noarch.rpm python311-pylons-sphinx-themes-1.0.13-150400.9.3.1.noarch.rpm python311-pytest-forked-1.6.0-150400.12.3.1.noarch.rpm python311-pytest-services-2.2.1-150400.7.3.1.noarch.rpm python311-requests-unixsocket-0.3.0-150400.7.3.1.noarch.rpm python311-scp-0.14.5-150400.12.3.1.noarch.rpm python311-waitress-2.1.2-150400.12.4.1.noarch.rpm python311-waitress-doc-2.1.2-150400.12.4.1.noarch.rpm python311-zc.lockfile-3.0.post1-150400.7.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-614 Recommended update for rpm important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) python-rpm-4.14.3-150400.59.7.1.src.rpm python3-rpm-4.14.3-150400.59.7.1.x86_64.rpm python311-rpm-4.14.3-150400.59.7.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.7.1.x86_64.rpm rpm-4.14.3-150400.59.7.1.src.rpm rpm-4.14.3-150400.59.7.1.x86_64.rpm rpm-build-4.14.3-150400.59.7.1.x86_64.rpm rpm-devel-4.14.3-150400.59.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-596 Security update for openssh important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) openssh-8.4p1-150300.3.30.1.src.rpm openssh-8.4p1-150300.3.30.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.30.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.30.1.x86_64.rpm openssh-clients-8.4p1-150300.3.30.1.x86_64.rpm openssh-common-8.4p1-150300.3.30.1.x86_64.rpm openssh-fips-8.4p1-150300.3.30.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.30.1.x86_64.rpm openssh-server-8.4p1-150300.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368 Security update for shim important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) shim-15.8-150300.4.20.2.src.rpm shim-15.8-150300.4.20.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-577 Security update for python-aiohttp, python-time-machine important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: * Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``) * Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures. From version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829): * Fixed server-side websocket connection leak. * Fixed ``web.FileResponse`` doing blocking I/O in the event loop. * Fixed double compress when compression enabled and compressed file exists in server file responses. * Added runtime type check for ``ClientSession`` ``timeout`` parameter. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Improved validation of paths for static resources requests to the server. * Added support for passing :py:data:`True` to ``ssl`` parameter in ``ClientSession`` while deprecating :py:data:`None`. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Fixed examples of ``fallback_charset_resolver`` function in the :doc:`client_advanced` document. * The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs. * The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately. * Updated :ref:`contributing/Tests coverage <aiohttp-contributing>` section to show how we use ``codecov``. * Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite. - Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782 update to 3.9.1: * Fixed importing aiohttp under PyPy on Windows. * Fixed async concurrency safety in websocket compressor. * Fixed ``ClientResponse.close()`` releasing the connection instead of closing. * Fixed a regression where connection may get closed during upgrade. -- by :user:`Dreamsorcerer` * Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:`Dreamsorcerer` update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082) * Introduced ``AppKey`` for static typing support of ``Application`` storage. * Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. * Added `handler_cancellation`_ parameter to cancel web handler on client disconnection. * This (optionally) reintroduces a feature removed in a previous release. * Recommended for those looking for an extra level of protection against denial-of-service attacks. * Added support for setting response header parameters ``max_line_size`` and ``max_field_size``. * Added ``auto_decompress`` parameter to ``ClientSession.request`` to override ``ClientSession._auto_decompress``. * Changed ``raise_for_status`` to allow a coroutine. * Added client brotli compression support (optional with runtime check). * Added ``client_max_size`` to ``BaseRequest.clone()`` to allow overriding the request body size. -- :user:`anesabml`. * Added a middleware type alias ``aiohttp.typedefs.Middleware``. * Exported ``HTTPMove`` which can be used to catch any redirection request that has a location -- :user:`dreamsorcerer`. * Changed the ``path`` parameter in ``web.run_app()`` to accept a ``pathlib.Path`` object. * Performance: Skipped filtering ``CookieJar`` when the jar is empty or all cookies have expired. * Performance: Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``. * Performance: Used timestamp instead of ``datetime`` to achieve faster cookie expiration in ``CookieJar``. * Added support for passing a custom server name parameter to HTTPS connection. * Added support for using Basic Auth credentials from :file:`.netrc` file when making HTTP requests with the * :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is set to ``True``. -- by :user:`yuvipanda`. * Turned access log into no-op when the logger is disabled. * Added typing information to ``RawResponseMessage``. -- by :user:`Gobot1234` * Removed ``async-timeout`` for Python 3.11+ (replaced with ``asyncio.timeout()`` on newer releases). * Added support for ``brotlicffi`` as an alternative to ``brotli`` (fixing Brotli support on PyPy). * Added ``WebSocketResponse.get_extra_info()`` to access a protocol transport's extra info. * Allow ``link`` argument to be set to None/empty in HTTP 451 exception. * Fixed client timeout not working when incoming data is always available without waiting. -- by :user:`Dreamsorcerer`. * Fixed ``readuntil`` to work with a delimiter of more than one character. * Added ``__repr__`` to ``EmptyStreamReader`` to avoid ``AttributeError``. * Fixed bug when using ``TCPConnector`` with ``ttl_dns_cache=0``. * Fixed response returned from expect handler being thrown away. -- by :user:`Dreamsorcerer` * Avoided raising ``UnicodeDecodeError`` in multipart and in HTTP headers parsing. * Changed ``sock_read`` timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:`dtrifiro` * Fixed missing query in tracing method URLs when using ``yarl`` 1.9+. * Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a ``DeprecationWarning`` on Python 3.12. * Fixed ``EmptyStreamReader.iter_chunks()`` never ending. * Fixed a rare ``RuntimeError: await wasn't used with future`` exception. * Fixed issue with insufficient HTTP method and version validation. * Added check to validate that absolute URIs have schemes. * Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates. * Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator. * Fixed Python HTTP parser not treating 204/304/1xx as an empty body. * Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3. * Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:`Dreamsorcerer` * Edge Case Handling for ResponseParser for missing reason value. * Fixed ``ClientWebSocketResponse.close_code`` being erroneously set to ``None`` when there are concurrent async tasks receiving data and closing the connection. * Added HTTP method validation. * Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:`Dreamsorcerer` * Performance: Fixed increase in latency with small messages from websocket compression changes. * Improved Documentation * Fixed the `ClientResponse.release`'s type in the doc. Changed from `comethod` to `method`. * Added information on behavior of base_url parameter in `ClientSession`. * Completed ``trust_env`` parameter description to honor ``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env. * Dropped Python 3.6 support. * Dropped Python 3.7 support. -- by :user:`Dreamsorcerer` * Removed support for abandoned ``tokio`` event loop. * Made ``print`` argument in ``run_app()`` optional. * Improved performance of ``ceil_timeout`` in some cases. * Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:`Dreamsorcerer` * Improved import time by replacing ``http.server`` with ``http.HTTPStatus``. * Fixed annotation of ``ssl`` parameter to disallow ``True``. update to 3.8.6 (bsc#1217181, CVE-2023-47627): * Security bugfixes * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- pjjw-qhg8-p2p9. * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- gfw2-4jvh-wgfg. * Added ``fallback_charset_resolver`` parameter in ``ClientSession`` to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use `fallback_charset_resolver the client * Fixed ``PermissionError`` when ``.netrc`` is unreadable due to permissions. * Fixed output of parsing errors * Fixed sorting in ``filter_cookies`` to use cookie with longest path. Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641) python-aiohttp-3.9.3-150400.10.14.1.src.rpm python311-aiohttp-3.9.3-150400.10.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-757 Security update for apache2-mod_auth_openidc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2024-24814: Fixed a denial of service when using `OIDCSessionType client-cookie` and manipulating cookies (bsc#1219911). apache2-mod_auth_openidc-2.3.8-150100.3.28.1.src.rpm apache2-mod_auth_openidc-2.3.8-150100.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-938 Recommended update for sapconf moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sapconf fixes the following issues: sapconf was updated from version 5.0.6 to 5.0.7: - Added requirement of package `sysctl-logger` (jsc#PED-5025) - Suppress error message regarding missing systemd service file during posttrans script sapconf-5.0.7-150000.7.30.1.noarch.rpm sapconf-5.0.7-150000.7.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884 Security update for spectre-meltdown-checker moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for spectre-meltdown-checker fixes the following issues: - updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) - feat: add the linux-firmware repository as another source for CPU microcode versions - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 - fix: docker: adding missing utils (#433) - feat: add support for Guix System kernel - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) - fix: a /devnull file was mistakenly created on the filesystem - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) - updated to 0.45 - arm64: phytium: Add CPU Implementer Phytium - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig - chore: ensure vars are set before being dereferenced (set -u compat) - chore: fix indentation - chore: fwdb: update to v220+i20220208 - chore: only attempt to load msr and cpuid module once - chore: read_cpuid: use named constants - chore: readme: framapic is gone, host the screenshots on GitHub - chore: replace 'Vulnerable to' by 'Affected by' in the hw section - chore: speculative execution -> transient execution - chore: update fwdb to v222+i20220208 - chore: update Intel Family 6 models - chore: wording: model not vulnerable -> model not affected - doc: add an FAQ entry about CVE support - doc: add an FAQ.md and update the README.md accordingly - doc: more FAQ and README - doc: readme: make the FAQ entry more visible - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 - feat: add subleaf != 0 support for read_cpuid - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected - feat: hw check: add IPRED, RRSBA, BHI features check - feat: implement detection for MCEPSC under BSD - feat: set default TMPDIR for Android (#415) - fix: extract_kernel: don't overwrite kernel_err if already set - fix: has_vmm false positive with pcp - fix: is_ucode_blacklisted: fix some model names - fix: mcedb: v191 changed the MCE table format - fix: refuse to run under MacOS and ESXi - fix: retpoline: detection on 5.15.28+ (#420) - fix: variant4: added case where prctl ssbd status is tagged as 'unknown' spectre-meltdown-checker-0.46-150100.3.9.1.src.rpm spectre-meltdown-checker-0.46-150100.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-827 Recommended update for tomcat moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - Added dependencies on tomcat `user` and `group`, required by RPM 4.19 (bsc#1219530) - Link ecj.jar into the install instead of copying it tomcat-9.0.85-150200.60.1.noarch.rpm tomcat-9.0.85-150200.60.1.src.rpm tomcat-admin-webapps-9.0.85-150200.60.1.noarch.rpm tomcat-el-3_0-api-9.0.85-150200.60.1.noarch.rpm tomcat-jsp-2_3-api-9.0.85-150200.60.1.noarch.rpm tomcat-lib-9.0.85-150200.60.1.noarch.rpm tomcat-servlet-4_0-api-9.0.85-150200.60.1.noarch.rpm tomcat-webapps-9.0.85-150200.60.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-586 Security update for docker important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-24.0.7_ce-150000.193.1.src.rpm docker-24.0.7_ce-150000.193.1.x86_64.rpm docker-bash-completion-24.0.7_ce-150000.193.1.noarch.rpm docker-rootless-extras-24.0.7_ce-150000.193.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-597 Security update for mozilla-nss important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) libfreebl3-3.90.2-150400.3.39.1.x86_64.rpm libfreebl3-32bit-3.90.2-150400.3.39.1.x86_64.rpm libsoftokn3-3.90.2-150400.3.39.1.x86_64.rpm libsoftokn3-32bit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-3.90.2-150400.3.39.1.src.rpm mozilla-nss-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-32bit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-certs-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-devel-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-sysinit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-tools-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-certs-32bit-3.90.2-150400.3.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-607 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.8.0 ESR (MFSA 2024-06) (bsc#1220048): - CVE-2024-1546: Out-of-bounds memory read in networking channels - CVE-2024-1547: Alert dialog could have been spoofed on another site - CVE-2024-1548: Fullscreen Notification could have been hidden by select element - CVE-2024-1549: Custom cursor could obscure the permission dialog - CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants - CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts - CVE-2024-1552: Incorrect code generation on 32-bit ARM devices - CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 - Recommend libfido2-udev on codestreams that exist, in order to try to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272) MozillaFirefox-115.8.0-150200.152.126.3.src.rpm MozillaFirefox-115.8.0-150200.152.126.3.x86_64.rpm MozillaFirefox-devel-115.8.0-150200.152.126.3.noarch.rpm MozillaFirefox-translations-common-115.8.0-150200.152.126.3.x86_64.rpm MozillaFirefox-translations-other-115.8.0-150200.152.126.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1953 Recommended update for scap-security-guide moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.72 (jsc#ECO-3319): - ANSSI BP 028 profile for debian12 (#11368) - Control for BSI APP.4.4 (#11342) - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks - various fixes to SLE profiles - add openeuler to -redhat package scap-security-guide-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-0.1.72-150000.1.78.2.src.rpm scap-security-guide-debian-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-redhat-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-ubuntu-0.1.72-150000.1.78.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1476 Recommended update for python-docutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-docutils fixes the following issue: - Use update-alternatives for all binary scripts and provide /usr/bin/docutils to avoid conflict with python311-docutils (bsc#1219501) python-docutils-0.14-150000.3.4.1.src.rpm python3-docutils-0.14-150000.3.4.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-730 Security update for nodejs18 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs18 fixes the following issues: Update to 18.19.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: undici version 5.28.3 (bsc#1220017). * CVE-2024-24806: libuv version 1.48.0 (bsc#1219724). Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults nodejs18-18.19.1-150400.9.18.2.src.rpm nodejs18-18.19.1-150400.9.18.2.x86_64.rpm nodejs18-devel-18.19.1-150400.9.18.2.x86_64.rpm nodejs18-docs-18.19.1-150400.9.18.2.noarch.rpm npm18-18.19.1-150400.9.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-982 Recommended update for systemd-rpm-macros moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) systemd-rpm-macros-15-150000.7.39.1.noarch.rpm systemd-rpm-macros-15-150000.7.39.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-619 Security update for java-1_8_0-ibm important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: - CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843). - CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908). - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911). - CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907). - CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905). - CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903). - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906). - CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909). java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-728 Security update for nodejs16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: ignore proxy-authorization header (bsc#1220017). * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724). nodejs16-16.20.2-150400.3.30.1.src.rpm nodejs16-16.20.2-150400.3.30.1.x86_64.rpm nodejs16-devel-16.20.2-150400.3.30.1.x86_64.rpm nodejs16-docs-16.20.2-150400.3.30.1.noarch.rpm npm16-16.20.2-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-786 Security update for giflib important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in "LZW image data" page ("110_2 = 4_10") * #140: Typo in "LZW image data" page ("LWZ") * #141: Typo in "Bits and bytes" page ("filed") * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c giflib-5.2.2-150000.4.13.1.src.rpm giflib-devel-5.2.2-150000.4.13.1.x86_64.rpm libgif7-5.2.2-150000.4.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-795 Security update for sudo important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sudo fixes the following issues: NOTE: This update has been retracted as some logic was not correct. - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). sudo-1.9.9-150400.4.33.1.src.rpm sudo-1.9.9-150400.4.33.1.x86_64.rpm sudo-devel-1.9.9-150400.4.33.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-819 Security update for wpa_supplicant important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). wpa_supplicant-2.9-150000.4.39.1.src.rpm wpa_supplicant-2.9-150000.4.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-994 Recommended update for rasdaemon moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rasdaemon fixes the following issues: - Maint: MI300A: rasdaemon: MI300A support patches (jsc#PED-7633) * Fix SMCA bank type decoding * Identify the DIe Number in multidie system * Handle reassigned bit definitions for UMC bank * Add new MA_LLC, USR_DP, and USR_CP bank types * Add support for post-processing MCA errors * Handle reassigned bit definitions for CS SMCA * Update SMCA bank error descriptions rasdaemon-0.6.7.18.git+7ccf12f-150400.4.3.1.src.rpm rasdaemon-0.6.7.18.git+7ccf12f-150400.4.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-817 Security update for jetty-minimal important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jetty-minimal fixes the following issues: - CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak (bsc#1220437). jetty-http-9.4.54-150200.3.25.1.noarch.rpm jetty-io-9.4.54-150200.3.25.1.noarch.rpm jetty-minimal-9.4.54-150200.3.25.1.src.rpm jetty-security-9.4.54-150200.3.25.1.noarch.rpm jetty-server-9.4.54-150200.3.25.1.noarch.rpm jetty-servlet-9.4.54-150200.3.25.1.noarch.rpm jetty-util-9.4.54-150200.3.25.1.noarch.rpm jetty-util-ajax-9.4.54-150200.3.25.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-901 Security update for python3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). libpython3_6m1_0-3.6.15-150300.10.57.1.x86_64.rpm python3-3.6.15-150300.10.57.1.src.rpm python3-3.6.15-150300.10.57.1.x86_64.rpm python3-base-3.6.15-150300.10.57.1.x86_64.rpm python3-core-3.6.15-150300.10.57.1.src.rpm python3-curses-3.6.15-150300.10.57.1.x86_64.rpm python3-dbm-3.6.15-150300.10.57.1.x86_64.rpm python3-devel-3.6.15-150300.10.57.1.x86_64.rpm python3-idle-3.6.15-150300.10.57.1.x86_64.rpm python3-tk-3.6.15-150300.10.57.1.x86_64.rpm python3-tools-3.6.15-150300.10.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-820 Security update for python310 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). libpython3_10-1_0-3.10.13-150400.4.42.1.x86_64.rpm python310-3.10.13-150400.4.42.1.src.rpm python310-3.10.13-150400.4.42.1.x86_64.rpm python310-base-3.10.13-150400.4.42.1.x86_64.rpm python310-core-3.10.13-150400.4.42.1.src.rpm python310-curses-3.10.13-150400.4.42.1.x86_64.rpm python310-dbm-3.10.13-150400.4.42.1.x86_64.rpm python310-devel-3.10.13-150400.4.42.1.x86_64.rpm python310-idle-3.10.13-150400.4.42.1.x86_64.rpm python310-tk-3.10.13-150400.4.42.1.x86_64.rpm python310-tools-3.10.13-150400.4.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1889 Recommended update for container-suseconnect moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for container-suseconnect fixes the following issues: Update to 2.5.0: * Upgrade to go 1.21 * Allow setting of SCC credentials via environment variables * Bump github.com/urfave/cli/v2 from 2.25.7 to 2.27.1 * Use switch instead of else if construction * Add system token header to query SCC subscriptions (bsc#1219855) * Use the FIPS capable go1.21-openssl to build. container-suseconnect-2.5.0-150000.4.53.2.src.rpm container-suseconnect-2.5.0-150000.4.53.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-773 Security update for postgresql-jdbc critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql-jdbc fixes the following issues: - CVE-2024-1597: Fixed SQL Injection via line comment generation (bsc#1220644). postgresql-jdbc-42.2.25-150400.3.12.1.noarch.rpm postgresql-jdbc-42.2.25-150400.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1177 Recommended update for multipath-tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for multipath-tools fixes the following issues: - Fixed activation of LVM volume groups during coldplug (bsc#1219142) - Avoid changing SCSI timeouts in "multipath -d" (bsc#1213809) - Fixed dev_loss_tmo even if not set in configuration (bsc#1212440) - Backport of upstream bug fixes (bsc#1220374): * Avoid setting queue_if_no_path on multipath maps for which the no_path_retry timeout has expired * Fixed memory and error handling for code using aio (marginal path code, directio path checker) * libmultipath: fixed max_sectors_kb on adding path * Fixed warnings reported by udevadm verify * libmultipath: use directio checker for LIO targets * multipathd.service: remove "Also=multipathd.socket" * libmultipathd: avoid parsing errors due to unsupported designators * libmultipath: return 'pending' state when port is in transition * multipath.rules: fixed "smart" bug with failed valid path check * libmpathpersist: fixed resource leak in update_map_pr() * libmultipath: keep renames from stopping other multipath actions kpartx-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libdmmp-devel-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libdmmp0_2_0-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libmpath0-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm multipath-tools-0.9.0+161+suse.a26bd4c-150400.4.19.1.src.rpm multipath-tools-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm multipath-tools-devel-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-871 Security update for vim important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 gvim-9.1.0111-150000.5.60.1.x86_64.rpm vim-9.1.0111-150000.5.60.1.src.rpm vim-9.1.0111-150000.5.60.1.x86_64.rpm vim-data-9.1.0111-150000.5.60.1.noarch.rpm vim-data-common-9.1.0111-150000.5.60.1.noarch.rpm vim-small-9.1.0111-150000.5.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-782 Security update for python311 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638). - CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015). libpython3_11-1_0-3.11.8-150400.9.23.1.x86_64.rpm python311-3.11.8-150400.9.23.1.src.rpm python311-3.11.8-150400.9.23.1.x86_64.rpm python311-base-3.11.8-150400.9.23.1.x86_64.rpm python311-core-3.11.8-150400.9.23.1.src.rpm python311-curses-3.11.8-150400.9.23.1.x86_64.rpm python311-dbm-3.11.8-150400.9.23.1.x86_64.rpm python311-devel-3.11.8-150400.9.23.1.x86_64.rpm python311-doc-3.11.8-150400.9.23.1.x86_64.rpm python311-doc-devhelp-3.11.8-150400.9.23.1.x86_64.rpm python311-documentation-3.11.8-150400.9.23.1.src.rpm python311-idle-3.11.8-150400.9.23.1.x86_64.rpm python311-tk-3.11.8-150400.9.23.1.x86_64.rpm python311-tools-3.11.8-150400.9.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-766 Recommended update for libssh important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) libssh-0.9.8-150400.3.6.1.src.rpm libssh-config-0.9.8-150400.3.6.1.x86_64.rpm libssh-devel-0.9.8-150400.3.6.1.x86_64.rpm libssh4-0.9.8-150400.3.6.1.x86_64.rpm libssh4-32bit-0.9.8-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1468 Security update for ffmpeg important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) Adding references for already fixed issues: - CVE-2021-38091: Fixed integer overflow in function filter16_sobel in libavfilter/vf_convolution.c (bsc#1190732) - CVE-2021-38090: Fixed integer overflow in function filter16_roberts in libavfilter/vf_convolution.c (bsc#1190731) - CVE-2020-20898: Fixed integer overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724) - CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c (bsc#1190728) - CVE-2020-20900: Fixed buffer overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190727) - CVE-2020-20894: Fixed buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190721) ffmpeg-3.4.2-150200.11.41.1.src.rpm libavcodec57-3.4.2-150200.11.41.1.x86_64.rpm libavformat57-3.4.2-150200.11.41.1.x86_64.rpm libavresample3-3.4.2-150200.11.41.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.41.1.x86_64.rpm libavutil55-3.4.2-150200.11.41.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.41.1.x86_64.rpm libpostproc54-3.4.2-150200.11.41.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.41.1.x86_64.rpm libswresample2-3.4.2-150200.11.41.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.41.1.x86_64.rpm libswscale4-3.4.2-150200.11.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-801 Optional update for grpc low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grpc fixes the following issue: - Add grpc-devel packages (bsc#1220732). grpc-1.60.0-150400.8.5.2.src.rpm grpc-devel-1.60.0-150400.8.5.2.x86_64.rpm libgrpc++1_60-1.60.0-150400.8.5.2.x86_64.rpm libgrpc1_60-1.60.0-150400.8.5.2.x86_64.rpm libgrpc37-1.60.0-150400.8.5.2.x86_64.rpm libre2-11-20240201-150400.9.5.1.x86_64.rpm libupb37-1.60.0-150400.8.5.2.x86_64.rpm re2-20240201-150400.9.5.1.src.rpm re2-devel-20240201-150400.9.5.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3341 Security update for kubernetes1.23 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.23 fixes the following issues: - CVE-2021-25743: escape, meta and control sequences in raw data output to terminal not neutralized. (bsc#1194400) - CVE-2023-2727: bypass of policies imposed by the ImagePolicyWebhook admission plugin. (bsc#1211630) - CVE-2023-2728: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1211631) - CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2024-0793: kube-controller-manager pod crash when processing malformed HPA v1 manifests. (bsc#1219964) - CVE-2024-3177: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1222539) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Use -trimpath in non-DBG mode for reproducible builds. (bsc#1062303) - Fix multiple issues for successful `kubeadm init` run. (bsc#1214406) - Update go to version 1.22.5 in build requirements. (bsc#1229858) kubernetes1.24-1.24.17-150400.9.16.1.src.rpm kubernetes1.24-client-1.24.17-150400.9.16.1.x86_64.rpm kubernetes1.24-client-common-1.24.17-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-864 Security update for fontforge important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for fontforge fixes the following issues: - CVE-2024-25081: Fixed command injection via crafted filenames (bsc#1220404). - CVE-2024-25082: Fixed command injection via crafted archives or compressed files (bsc#1220405). fontforge-20200314-150200.3.6.1.src.rpm fontforge-20200314-150200.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1129 Security update for expat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) expat-2.4.4-150400.3.17.1.src.rpm expat-2.4.4-150400.3.17.1.x86_64.rpm libexpat-devel-2.4.4-150400.3.17.1.x86_64.rpm libexpat1-2.4.4-150400.3.17.1.x86_64.rpm libexpat1-32bit-2.4.4-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-847 Security update for java-1_8_0-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (8317547) (bsc#1218911). - CVE-2024-20921: Fixed range check loop optimization issue (8314307) (bsc#1218905). - CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn (8314284) (bsc#1218906). - CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified byte code execution (8314295) (bsc#1218903). - CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (8314468) (bsc#1218907). - CVE-2024-20945: Fixed logging of digital signature private keys (8316976) (bsc#1218909). Update to version jdk8u402 (icedtea-3.30.0). java-1_8_0-openjdk-1.8.0.402-150000.3.88.1.src.rpm java-1_8_0-openjdk-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1304 Security update for eclipse, maven-surefire, tycho moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: - CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. (bsc#1216992) maven-sunfire was updated from version 2.22.0 to 2.22.2: - Changes in version 2.22.2: * Bugs fixed: + Fixed JUnit Runner that writes to System.out corrupts Surefire’s STDOUT when using JUnit’s Vintage Engine - Changes in version 2.22.1: * Bugs fixed: + Fixed Surefire unable to run testng suites in parallel + Fixed Git wrongly considering PNG files as changed when there is no change + Fixed the surefire XSD published on maven site lacking of some rerun element + Fixed XML Report elements rerunError, rerunFailure, flakyFailure, flakyError + Fixed overriding platform version through project/plugin dependencies + Fixed mixed up characters in standard output + Logs in Parallel Tests are mixed up when `forkMode=never` or `forkCount=0` + MIME type for javascript is now officially application/javascript * Improvements: + Elapsed time in XML Report should satisfy pattern in XSD. + Fix old test resources TEST-*.xml in favor of continuing with SUREFIRE-1550 + Nil element “failureMessage” in failsafe-summary.xml should have self closed tag + Removed obsolete module `surefire-setup-integration-tests` + Support Java 11 + Surefire should support parameterized reportsDirectory * Dependency upgrades: + Upgraded maven-plugins parent to version 32 + Upgraded maven-plugins parent to version 33 tycho received the following bug fixes: - Fixed build against maven-surefire 2.22.1 and newer - Fixed build against newer plexus-compiler - Fixed issues with plexus-archiver 4.4.0 and newer - Require explicitely artifacts that will not be required automatically any more maven-surefire-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-2.22.2-150200.3.9.9.1.src.rpm maven-surefire-plugin-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-plugins-2.22.2-150200.3.9.9.1.src.rpm maven-surefire-provider-junit-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-provider-testng-2.22.2-150200.3.9.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-811 Security update for go1.21 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: - Upgrade go to version 1.21.8 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) go1.21-1.21.8-150000.1.27.1.src.rpm go1.21-1.21.8-150000.1.27.1.x86_64.rpm go1.21-doc-1.21.8-150000.1.27.1.x86_64.rpm go1.21-race-1.21.8-150000.1.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1104 Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? catatonit-0.1.7-150300.10.5.2.src.rpm catatonit-0.1.7-150300.10.5.2.x86_64.rpm containerd-1.7.10-150000.108.1.src.rpm containerd-1.7.10-150000.108.1.x86_64.rpm containerd-ctr-1.7.10-150000.108.1.x86_64.rpm containerd-devel-1.7.10-150000.108.1.x86_64.rpm docker-24.0.7_ce-150000.198.2.src.rpm docker-24.0.7_ce-150000.198.2.x86_64.rpm docker-bash-completion-24.0.7_ce-150000.198.2.noarch.rpm docker-rootless-extras-24.0.7_ce-150000.198.2.noarch.rpm fuse-overlayfs-1.1.2-150100.3.11.1.src.rpm fuse-overlayfs-1.1.2-150100.3.11.1.x86_64.rpm rootlesskit-1.1.1-150000.1.5.1.src.rpm rootlesskit-1.1.1-150000.1.5.1.x86_64.rpm slirp4netns-1.2.0-150300.8.7.1.src.rpm slirp4netns-1.2.0-150300.8.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1885 Recommended update for dhcp-tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dhcp-tools fixes the following issues: - Fixed license to BSD 2-Clause License dhcp-tools-1.6-150000.3.3.2.src.rpm dhcp-tools-1.6-150000.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1397 Recommended update for gcc12 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc12 fixes the following issues: - gcc12 D language packages are shipped to PackageHub 15 SP5. cpp12-12.3.0+git1204-150000.1.18.1.x86_64.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.18.1.src.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-12.3.0+git1204-150000.1.18.1.src.rpm gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-PIE-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-c++-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-c++-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-fortran-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-fortran-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-info-12.3.0+git1204-150000.1.18.1.noarch.rpm gcc12-locale-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-testresults-12.3.0+git1204-150000.1.18.1.src.rpm gcc12-testresults-12.3.0+git1204-150000.1.18.1.x86_64.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1091 Recommended update for rpm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new "rpm-imaevmsign" subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. dwz-0.12-150000.3.4.1.src.rpm dwz-0.12-150000.3.4.1.x86_64.rpm evmctl-1.4-150400.3.2.1.x86_64.rpm ima-evm-utils-1.4-150400.3.2.1.src.rpm ima-evm-utils-devel-1.4-150400.3.2.1.x86_64.rpm libimaevm3-1.4-150400.3.2.1.x86_64.rpm python-rpm-4.14.3-150400.59.10.1.src.rpm python3-rpm-4.14.3-150400.59.10.1.x86_64.rpm python311-rpm-4.14.3-150400.59.10.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.10.1.x86_64.rpm rpm-4.14.3-150400.59.10.1.src.rpm rpm-4.14.3-150400.59.10.1.x86_64.rpm rpm-build-4.14.3-150400.59.10.1.x86_64.rpm rpm-devel-4.14.3-150400.59.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1144 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) buildah-1.34.1-150400.3.27.1.src.rpm buildah-1.34.1-150400.3.27.1.x86_64.rpm cni-0.7.1-150100.3.18.1.src.rpm cni-0.7.1-150100.3.18.1.x86_64.rpm cni-plugins-0.8.6-150100.3.22.3.src.rpm cni-plugins-0.8.6-150100.3.22.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-877 Security update for sudo important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). sudo-1.9.9-150400.4.36.1.src.rpm sudo-1.9.9-150400.4.36.1.x86_64.rpm sudo-devel-1.9.9-150400.4.36.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-900 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). The following non-security bugs were fixed: - bpf: Fix verification of indirect var-off stack access (git-fixes). - bpf: Guard stack limits against 32bit overflow (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064). - nvme: start keep-alive after admin queue setup (bsc#1211515). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). kernel-default-5.14.21-150400.24.111.2.nosrc.rpm True kernel-default-5.14.21-150400.24.111.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1.src.rpm True kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.111.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.111.1.noarch.rpm True kernel-docs-5.14.21-150400.24.111.2.noarch.rpm True kernel-docs-5.14.21-150400.24.111.2.nosrc.rpm True kernel-macros-5.14.21-150400.24.111.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.111.1.src.rpm True kernel-obs-build-5.14.21-150400.24.111.1.x86_64.rpm True kernel-source-5.14.21-150400.24.111.1.noarch.rpm True kernel-source-5.14.21-150400.24.111.1.src.rpm True kernel-syms-5.14.21-150400.24.111.1.src.rpm True kernel-syms-5.14.21-150400.24.111.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.111.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-919 Recommended update for libtcnative-1-0 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of libtcnative-1-0 rebuilds it against a TLS 1.3 capable openssl 1.1, enabling TLS 1.3 support. libtcnative-1-0-1.2.38-150200.6.2.1.src.rpm libtcnative-1-0-1.2.38-150200.6.2.1.x86_64.rpm libtcnative-1-0-devel-1.2.38-150200.6.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1119 Security update for gradle, gradle-bootstrap important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gradle, gradle-bootstrap fixes the following issues: - CVE-2021-29429: Fixed information disclosure through temporary directory permissions (bsc#1184799). - CVE-2019-15052: Fixed authentication credentials disclosure (bsc#1145903). gradle: - Fixed RPM package building issues due to changed dependencies gradle-bootstrap: - Added missing dependency of aopalliance gradle-4.4.1-150200.3.15.1.src.rpm gradle-4.4.1-150200.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-937 Security update for openvswitch important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvswitch fixes the following issues: - CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc#1219465). libopenvswitch-2_14-0-2.14.2-150400.24.23.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.23.1.x86_64.rpm openvswitch-2.14.2-150400.24.23.1.src.rpm openvswitch-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-ipsec-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.23.1.x86_64.rpm ovn-20.06.2-150400.24.23.1.x86_64.rpm ovn-central-20.06.2-150400.24.23.1.x86_64.rpm ovn-devel-20.06.2-150400.24.23.1.x86_64.rpm ovn-docker-20.06.2-150400.24.23.1.x86_64.rpm ovn-host-20.06.2-150400.24.23.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.23.1.x86_64.rpm python3-ovs-2.14.2-150400.24.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1139 Security update for ucode-intel moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20240312 release. (bsc#1221323) - CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access - CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. - CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel® SGX may allow a privileged user to potentially enable information disclosure via local access. ucode-intel-20240312-150200.38.1.src.rpm ucode-intel-20240312-150200.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-942 Recommended update for suseconnect-ng important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Allow "--rollback" flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 libsuseconnect-1.8.0-150400.3.28.1.x86_64.rpm suseconnect-ng-1.8.0-150400.3.28.1.src.rpm suseconnect-ng-1.8.0-150400.3.28.1.x86_64.rpm suseconnect-ruby-bindings-1.8.0-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-969 Recommended update for yast2-network important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-network fixes the following issues: - Guard secret attributes against leaking to the log (bsc#1221194) - Update to version 4.4.60 yast2-network-4.4.60-150400.3.30.1.noarch.rpm yast2-network-4.4.60-150400.3.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-952 Recommended update for rmt-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Version 2.15: * Moving system hardware information to systems database table to allow transmitting system information dynamically. (jsc#PED-3734) * Dropping Rails Secrets facilities and related config files (bsc#1215176) * Updated supportconfig script (bsc#1216389) * Support zstd compression for repository metadata (bsc#1218775) * Do not add credential handling to normal repository URLs (bsc#1219153) * Fix for SUSE Liberty registration script to allow RHEL7/SLL7/CentOS7 clients to register to RMT servers * make sure yum that can read repomd.xml correctly is installed (bsc#1221223) * Provide user/group symbol for user created during pre (bsc#1219540) * Disable authentication for license files in pubcloud context * Higher registration sharing timeout * rmt-server-pubcloud: * Extend cache expiration time for BYOS systems (PAYG: 20 min, BYOS: 24 hours) * Include byos parameter when checking subscription validity for BYOS systems with SCC rmt-server-2.15-150400.3.18.2.src.rpm rmt-server-2.15-150400.3.18.2.x86_64.rpm rmt-server-config-2.15-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1002 Security update for MozillaFirefox critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 (bsc#1221850). - CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (bmo#1886852). Firefox Extended Support Release 115.9.0 ESR (bsc#1221327): - CVE-2024-0743: Crash in NSS TLS method (bmo#1867408). - CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (bmo#1872920). - CVE-2024-2607: JIT code failed to save return registers on Armv7-A (bmo#1879939). - CVE-2024-2608: Integer overflow could have led to out of bounds write (bmo#1880692). - CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (bmo#1846197). - CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (bmo#1780432). - CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage (bmo#1871112). - CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions (bmo#1876675). - CVE-2024-2612: Self referencing object could have potentially led to a use- after-free (bmo#1879444). - CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093). MozillaFirefox-115.9.1-150200.152.131.1.src.rpm MozillaFirefox-115.9.1-150200.152.131.1.x86_64.rpm MozillaFirefox-devel-115.9.1-150200.152.131.1.noarch.rpm MozillaFirefox-translations-common-115.9.1-150200.152.131.1.x86_64.rpm MozillaFirefox-translations-other-115.9.1-150200.152.131.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2022 Recommended update for chrony moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable chrony-4.1-150400.21.5.7.src.rpm chrony-4.1-150400.21.5.7.x86_64.rpm chrony-pool-empty-4.1-150400.21.5.7.noarch.rpm chrony-pool-suse-4.1-150400.21.5.7.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1015 Recommended update for sed important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sed fixes the following issues: - "sed -i" now creates temporary files with correct umask (bsc#1221218) sed-4.4-150300.13.3.1.src.rpm sed-4.4-150300.13.3.1.x86_64.rpm sed-lang-4.4-150300.13.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1286 Recommended update for yast2-users moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-users fixes the following issue: - Add a missing require in the auto client (bsc#1219422) yast2-users-4.4.16-150400.3.18.2.src.rpm yast2-users-4.4.16-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1487 Recommended update for aaa_base moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1316 Recommended update for ibus-pinyin moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ibus-pinyin fixes the following issues: - Make system could respond to Super key to swith input engine after input Chinese in ibus-pinyin (bsc#1220235) - Backporting ffe471c9 from upstream, Use single quote inside SQL to avoid the sqlite latest than 3.41.0's syntax fault during building process. python3. ibus-pinyin-1.5.0-150100.6.3.2.src.rpm ibus-pinyin-1.5.0-150100.6.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1010 Recommended update for perl-Bootloader important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary perl-Bootloader-0.947-150400.3.12.1.src.rpm perl-Bootloader-0.947-150400.3.12.1.x86_64.rpm perl-Bootloader-YAML-0.947-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1325 Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to 550.67 Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 550.67 kernel-firmware-nvidia-gspx-G06-550.67-150400.9.24.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.67-150400.9.24.1.x86_64.rpm nvidia-open-driver-G06-signed-550.67-150400.9.53.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.67-150400.9.53.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.67_k5.14.21_150400.24.111-150400.9.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1372 Recommended update for clone-master-clean-up moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clone-master-clean-up fixes the following issues: - Added a check that journald.conf file exists (bsc#1221533) clone-master-clean-up-1.12-150100.3.23.1.noarch.rpm clone-master-clean-up-1.12-150100.3.23.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-984 Recommended update for runc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. runc-1.1.12-150000.64.1.src.rpm runc-1.1.12-150000.64.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1113 Security update for squid important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squid fixes the following issues: - CVE-2024-25617: Fixes denial of service in HTTP header parser (bsc#1219960) - CVE-2024-25111: Fixes Chunked Encoding Stack Overflow (bsc#1216715) squid-5.7-150400.3.26.1.src.rpm squid-5.7-150400.3.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3290 Recommended update for python-netaddr moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-netaddr fixes the following issue: New python packages: - python311-netaddr libmodulemd-2.13.0-150400.3.3.3.src.rpm libmodulemd2-2.13.0-150400.3.3.3.x86_64.rpm python-gobject-3.44.1-150400.3.9.2.src.rpm python-netaddr-1.2.1-150400.11.3.2.src.rpm python-pycairo-1.23.0-150400.3.5.1.src.rpm python-six-1.16.0-150400.18.9.1.src.rpm python311-gobject-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-Gdk-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-cairo-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-devel-3.44.1-150400.3.9.2.x86_64.rpm python311-libmodulemd-2.13.0-150400.3.3.3.x86_64.rpm python311-netaddr-1.2.1-150400.11.3.2.noarch.rpm python311-pycairo-1.23.0-150400.3.5.1.x86_64.rpm python311-pycairo-devel-1.23.0-150400.3.5.1.x86_64.rpm python311-six-1.16.0-150400.18.9.1.noarch.rpm typelib-1_0-Modulemd-2_0-2.13.0-150400.3.3.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1100 Security update for libvirt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815) The following non-security bug was fixed: - Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (bsc#1221749). libvirt-8.0.0-150400.7.11.2.src.rpm libvirt-8.0.0-150400.7.11.2.x86_64.rpm libvirt-client-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-config-network-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-config-nwfilter-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-libxl-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-hooks-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-qemu-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-xen-8.0.0-150400.7.11.2.x86_64.rpm libvirt-devel-8.0.0-150400.7.11.2.x86_64.rpm libvirt-doc-8.0.0-150400.7.11.2.noarch.rpm libvirt-libs-8.0.0-150400.7.11.2.x86_64.rpm libvirt-lock-sanlock-8.0.0-150400.7.11.2.x86_64.rpm libvirt-nss-8.0.0-150400.7.11.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1006 Security update for krb5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). krb5-1.19.2-150400.3.9.1.src.rpm krb5-1.19.2-150400.3.9.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.9.1.x86_64.rpm krb5-client-1.19.2-150400.3.9.1.x86_64.rpm krb5-devel-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-kdb-ldap-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.9.1.x86_64.rpm krb5-server-1.19.2-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1365 Security update for apache-commons-configuration2 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797). - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793). apache-commons-configuration2-2.10.1-150200.5.8.1.noarch.rpm apache-commons-configuration2-2.10.1-150200.5.8.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1128 Recommended update for wicked important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) wicked-0.6.74-150400.3.16.1.src.rpm wicked-0.6.74-150400.3.16.1.x86_64.rpm wicked-service-0.6.74-150400.3.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1058 Security update for podman important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). podman-4.4.4-150400.4.22.1.src.rpm podman-4.4.4-150400.4.22.1.x86_64.rpm podman-cni-config-4.4.4-150400.4.22.1.noarch.rpm podman-docker-4.4.4-150400.4.22.1.noarch.rpm podman-remote-4.4.4-150400.4.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1341 Recommended update for tftp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) tftp-5.2-150000.5.6.2.src.rpm tftp-5.2-150000.5.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1344 Recommended update for libzypp, zypper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) PackageKit-1.2.4-150400.3.15.4.src.rpm True PackageKit-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.2.2.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.2.2.src.rpm True PackageKit-devel-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.15.4.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.15.4.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.15.4.x86_64.rpm True libyui-4.3.7-150400.3.5.4.src.rpm True libyui-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-4.3.7-150400.3.5.4.src.rpm True libyui-qt-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.5.4.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.5.4.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui16-4.3.7-150400.3.5.4.x86_64.rpm True libzypp-17.32.4-150400.3.61.1.src.rpm True libzypp-17.32.4-150400.3.61.1.x86_64.rpm True libzypp-devel-17.32.4-150400.3.61.1.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.15.4.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.11.4.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.11.4.x86_64.rpm True zypper-1.14.71-150400.3.45.2.src.rpm True zypper-1.14.71-150400.3.45.2.x86_64.rpm True zypper-log-1.14.71-150400.3.45.2.noarch.rpm True zypper-needs-restarting-1.14.71-150400.3.45.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1151 Security update for curl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) curl-8.0.1-150400.5.44.1.src.rpm curl-8.0.1-150400.5.44.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.44.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.44.1.x86_64.rpm libcurl4-8.0.1-150400.5.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1253 Recommended update for gcc13 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] cpp13-13.2.1+git8285-150000.1.9.1.x86_64.rpm cross-nvptx-gcc13-13.2.1+git8285-150000.1.9.1.src.rpm cross-nvptx-gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm cross-nvptx-newlib13-devel-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-13.2.1+git8285-150000.1.9.1.src.rpm gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-PIE-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-c++-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-c++-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-fortran-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-fortran-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-info-13.2.1+git8285-150000.1.9.1.noarch.rpm gcc13-locale-13.2.1+git8285-150000.1.9.1.x86_64.rpm libasan8-13.2.1+git8285-150000.1.9.1.x86_64.rpm libasan8-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libatomic1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libatomic1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgcc_s1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgcc_s1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgfortran5-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgfortran5-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgomp1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgomp1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libhwasan0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libitm1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libitm1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm liblsan0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libobjc4-13.2.1+git8285-150000.1.9.1.x86_64.rpm libobjc4-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libquadmath0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libquadmath0-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc13-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-locale-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-pp-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-pp-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libtsan2-13.2.1+git8285-150000.1.9.1.x86_64.rpm libubsan1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libubsan1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1345 Security update for tomcat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386) - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385) Other fixes: - Update to Tomcat 9.0.87 * Catalina + Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) + Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) + Fix: 68692: The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support NIO2. (remm) + Fix: 68495: When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. (markt) + Fix: 68721: Workaround a possible cause of duplicate class definitions when using ClassFileTransformers and the transformation of a class also triggers the loading of the same class. (markt) + Fix: The rewrite valve should not do a rewrite if the output is identical to the input. (remm) + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to allow skipping over the next valve in the Catalina pipeline. (remm) + Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) + Add: Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: 68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt) * Coyote + Fix: Improve the HTTP/2 stream prioritisation process. If a stream uses all of the connection windows and still has content to write, it will now be added to the backlog immediately rather than waiting until the write attempt for the remaining content. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext. + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm) + Fix: Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. (markt) + Fix: Improve the Tomcat Native shutdown process to reduce the likelihood of a JVM crash during Tomcat shutdown. (markt) + Fix: Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt) + Fix: Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt) + Fix: Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt) * Jasper + Add: Add support for specifying Java 22 (with the value 22) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) * Cluster + Fix: Avoid updating request count stats on async. (remm) * WebSocket + Fix: Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt) * Web applications + Add: Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz) * Other + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update Checkstyle to 10.13.0. (markt) + Update: Update JSign to 6.0. (markt) + Update: Add strings for debug level messages. (remm) + Update: Update Tomcat Native to 1.3.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) apache-commons-daemon-1.3.4-150200.11.14.1.src.rpm apache-commons-daemon-1.3.4-150200.11.14.1.x86_64.rpm apache-commons-dbcp-2.1.1-150200.10.8.1.noarch.rpm apache-commons-dbcp-2.1.1-150200.10.8.1.src.rpm apache-commons-pool2-2.4.2-150200.11.8.1.noarch.rpm apache-commons-pool2-2.4.2-150200.11.8.1.src.rpm geronimo-annotation-1_0-api-1.2-150200.15.8.1.noarch.rpm geronimo-jms-1_1-api-1.2-150200.15.8.1.noarch.rpm geronimo-jta-1_1-api-1.2-150200.15.8.1.noarch.rpm geronimo-specs-1.2-150200.15.8.1.src.rpm geronimo-stax-1_0-api-1.2-150200.15.8.1.noarch.rpm jakarta-taglibs-standard-1.1.1-150000.4.10.1.noarch.rpm jakarta-taglibs-standard-1.1.1-150000.4.10.1.src.rpm tomcat-9.0.87-150200.65.1.noarch.rpm tomcat-9.0.87-150200.65.1.src.rpm tomcat-admin-webapps-9.0.87-150200.65.1.noarch.rpm tomcat-el-3_0-api-9.0.87-150200.65.1.noarch.rpm tomcat-jsp-2_3-api-9.0.87-150200.65.1.noarch.rpm tomcat-lib-9.0.87-150200.65.1.noarch.rpm tomcat-servlet-4_0-api-9.0.87-150200.65.1.noarch.rpm tomcat-webapps-9.0.87-150200.65.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1315 Recommended update for orarun moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orarun fixes the following issue: - Fix checking for running agent during shutdown (bsc#1219103) orarun-2.1-150400.22.9.2.src.rpm orarun-2.1-150400.22.9.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1370 Recommended update for autofs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for autofs fixes the following issue: - Don't use initgroups at spawn (bsc#1214710, bsc#1221181) autofs-5.1.3-150000.7.17.2.src.rpm autofs-5.1.3-150000.7.17.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1079 Security update for netty, netty-tcnative important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). netty-tcnative-2.0.65-150200.3.19.1.src.rpm netty-tcnative-2.0.65-150200.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1169 Security update for util-linux important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) libblkid-devel-2.37.2-150400.8.29.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.29.1.x86_64.rpm libblkid1-2.37.2-150400.8.29.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.29.1.x86_64.rpm libfdisk1-2.37.2-150400.8.29.1.x86_64.rpm libmount-devel-2.37.2-150400.8.29.1.x86_64.rpm libmount1-2.37.2-150400.8.29.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.29.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.29.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.29.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.29.1.x86_64.rpm libuuid1-2.37.2-150400.8.29.1.x86_64.rpm util-linux-2.37.2-150400.8.29.1.src.rpm util-linux-2.37.2-150400.8.29.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.29.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.29.1.src.rpm util-linux-systemd-2.37.2-150400.8.29.1.x86_64.rpm uuidd-2.37.2-150400.8.29.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.29.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.29.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1393 Recommended update for libserf moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libserf fixes the following issue: - Fix build with openSSL 3 (bsc#1221211) libserf-1-1-1.3.9-150000.4.3.2.x86_64.rpm libserf-1.3.9-150000.4.3.2.src.rpm libserf-devel-1.3.9-150000.4.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1671 Recommended update for open-vm-tools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-vm-tools fixes the following issues: - Remove protobuf less than v22 dependency from spec file (bsc#1217478) - Use for updating open-vm-tools to new version (bsc#1222089) - There are no new features in the current open-vm-tools release This is primarily a maintenance release that addresses a few critical problems - Use %patch -P N instead of deprecated %patchN - Own %{_modulesloaddir}: used to be present via udev-mini - kmod - suse-module-tools dependency before - Fix outdated libxmlsec1 dependency version Updates to open-vm-tools for SLES 12 SP4 and SP5 are now being built againt against libxmlsec1-1-1.2.37. Update the spec file to now require libxmlsec1-openssl1 v1.2.37 or above. (bsc#1217796) - limit to protobuf less than v22 for now until build failures have been fixed pam-vmtoolsd patch as instructed by vmware (bsc#1171003). This should fix both (bsc#1171003) and (bsc#1172693) - Update vmtoolsd.service to support cloud-init customization by default (bsc#994598) - Enable vgauth for openSUSE Leap 42.1 (bsc#952645) - Extensive rewrite of the spec file - rename vmware-KMP to vmware-guest-KMP for easier identification libvmtools-devel-12.4.0-150300.49.11.x86_64.rpm libvmtools0-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-12.4.0-150300.49.11.src.rpm open-vm-tools-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-containerinfo-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-desktop-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-salt-minion-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-sdmp-12.4.0-150300.49.11.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1192 Security update for less important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). less-590-150400.3.6.2.src.rpm less-590-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1342 Recommended update for unixODBC, libtool and libssh2_org moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for unixODBC, libtool and libssh2_org fixes the following issue: - Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941). - Fix an issue with Encrypt-then-MAC family. (bsc#1221622) libltdl7-2.4.6-150000.3.6.2.x86_64.rpm libltdl7-32bit-2.4.6-150000.3.6.2.x86_64.rpm libodbc2-2.3.9-150400.16.5.3.x86_64.rpm libodbc2-32bit-2.3.9-150400.16.5.3.x86_64.rpm libssh2-1-1.11.0-150000.4.29.1.x86_64.rpm libssh2-1-32bit-1.11.0-150000.4.29.1.x86_64.rpm libssh2_org-1.11.0-150000.4.29.1.src.rpm libtool-2.4.6-150000.3.6.2.src.rpm libtool-2.4.6-150000.3.6.2.x86_64.rpm libtool-32bit-2.4.6-150000.3.6.2.x86_64.rpm unixODBC-2.3.9-150400.16.5.3.src.rpm unixODBC-2.3.9-150400.16.5.3.x86_64.rpm unixODBC-32bit-2.3.9-150400.16.5.3.x86_64.rpm unixODBC-devel-2.3.9-150400.16.5.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1162 Security update for python310 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2024-0450: Fixed "quoted-overlap" in zipfile module is python310 (bsc#1221854) - CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 (bsc#1219559) - CVE-2023-6597: Fixed tempfile.TemporaryDirectory fails on removing dir in some edge cases related to symlinks in python310 (bsc#1219666) Other changes: - Revert %autopatch due to missing parameter support (bsc#1189495) - Extended crypto-policies support (bsc#1211301) libpython3_10-1_0-3.10.14-150400.4.45.1.x86_64.rpm python310-3.10.14-150400.4.45.1.src.rpm python310-3.10.14-150400.4.45.1.x86_64.rpm python310-base-3.10.14-150400.4.45.1.x86_64.rpm python310-core-3.10.14-150400.4.45.1.src.rpm python310-curses-3.10.14-150400.4.45.1.x86_64.rpm python310-dbm-3.10.14-150400.4.45.1.x86_64.rpm python310-devel-3.10.14-150400.4.45.1.x86_64.rpm python310-idle-3.10.14-150400.4.45.1.x86_64.rpm python310-tk-3.10.14-150400.4.45.1.x86_64.rpm python310-tools-3.10.14-150400.4.45.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2666 Recommended update for trousers moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for trousers fixes the following issue: - fix runtime requirements for stat and udevadm (bsc#1221770) On minimal systems this can cause some scriptlets to fail because of missing tools. libtspi1-0.3.15-150400.3.3.19.x86_64.rpm trousers-0.3.15-150400.3.3.19.src.rpm trousers-0.3.15-150400.3.3.19.x86_64.rpm trousers-devel-0.3.15-150400.3.3.19.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1167 Security update for nghttp2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) libnghttp2-14-1.40.0-150200.17.1.x86_64.rpm libnghttp2-14-32bit-1.40.0-150200.17.1.x86_64.rpm libnghttp2-devel-1.40.0-150200.17.1.x86_64.rpm libnghttp2_asio-devel-1.40.0-150200.17.1.x86_64.rpm libnghttp2_asio1-1.40.0-150200.17.1.x86_64.rpm nghttp2-1.40.0-150200.17.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1206 Recommended update for rpm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] python-rpm-4.14.3-150400.59.13.1.src.rpm python3-rpm-4.14.3-150400.59.13.1.x86_64.rpm python311-rpm-4.14.3-150400.59.13.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.13.1.x86_64.rpm rpm-4.14.3-150400.59.13.1.src.rpm rpm-4.14.3-150400.59.13.1.x86_64.rpm rpm-build-4.14.3-150400.59.13.1.x86_64.rpm rpm-devel-4.14.3-150400.59.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1122 Security update for go1.21 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400) Other changes: - go minor release upgrade to 1.21.9 (bsc#1212475) go1.21-1.21.9-150000.1.30.1.src.rpm go1.21-1.21.9-150000.1.30.1.x86_64.rpm go1.21-doc-1.21.9-150000.1.30.1.x86_64.rpm go1.21-race-1.21.9-150000.1.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1258 Security update for python-Pillow important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262) Other fixes: - Re-enabled build tests for s390x and ppc (bsc#1222553) python-Pillow-9.5.0-150400.5.15.1.src.rpm python311-Pillow-9.5.0-150400.5.15.1.x86_64.rpm python311-Pillow-tk-9.5.0-150400.5.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1260 Security update for xorg-x11-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length (bsc#1222309). - CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply (bsc#1222310). - CVE-2024-31082: Fixed ProcAppleDRICreatePixmap to use unswapped length to send reply (bsc#1222311). - CVE-2024-31083: Fixed refcounting of glyphs during ProcRenderAddGlyphs (bsc#1222312). Other fixes: - Fixed regression for security fix for CVE-2024-31083 when using Android Studio (bnc#1222442) xorg-x11-server-1.20.3-150400.38.48.1.src.rpm xorg-x11-server-1.20.3-150400.38.48.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.48.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1398 Recommended update for systemd-default-settings moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific "feature" has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones systemd-default-settings-0.10-150300.3.7.1.noarch.rpm systemd-default-settings-0.10-150300.3.7.1.src.rpm systemd-default-settings-branding-SLE-0.10-150300.3.7.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1412 Recommended update for patterns-fonts moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-fonts fixes the following issues: - Added google-noto-sans-symbols-fonts and google-noto-sans-symbols2-fonts to default installation, to enable terminal display special characters (bsc#1219553) patterns-fonts-20190130-150100.3.3.1.src.rpm patterns-fonts-fonts-20190130-150100.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1321 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). The following non-security bugs were fixed: - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). kernel-default-5.14.21-150400.24.116.1.nosrc.rpm True kernel-default-5.14.21-150400.24.116.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.116.1.150400.24.54.5.src.rpm True kernel-default-base-5.14.21-150400.24.116.1.150400.24.54.5.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.116.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.116.1.noarch.rpm True kernel-docs-5.14.21-150400.24.116.1.noarch.rpm True kernel-docs-5.14.21-150400.24.116.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.116.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.116.1.src.rpm True kernel-obs-build-5.14.21-150400.24.116.1.x86_64.rpm True kernel-source-5.14.21-150400.24.116.1.noarch.rpm True kernel-source-5.14.21-150400.24.116.1.src.rpm True kernel-syms-5.14.21-150400.24.116.1.src.rpm True kernel-syms-5.14.21-150400.24.116.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.116.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1279 Recommended update for python3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issue: - Fix syslog making default "ident" from sys.argv (bsc#1222109) libpython3_6m1_0-3.6.15-150300.10.60.1.x86_64.rpm python3-3.6.15-150300.10.60.1.src.rpm python3-3.6.15-150300.10.60.1.x86_64.rpm python3-base-3.6.15-150300.10.60.1.x86_64.rpm python3-core-3.6.15-150300.10.60.1.src.rpm python3-curses-3.6.15-150300.10.60.1.x86_64.rpm python3-dbm-3.6.15-150300.10.60.1.x86_64.rpm python3-devel-3.6.15-150300.10.60.1.x86_64.rpm python3-idle-3.6.15-150300.10.60.1.x86_64.rpm python3-tk-3.6.15-150300.10.60.1.x86_64.rpm python3-tools-3.6.15-150300.10.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1327 Recommended update for pcp important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pcp fixes the following issue: - Adding fix for redis server backend exposure (bsc#1222121) libpcp-devel-5.2.5-150400.5.6.3.x86_64.rpm libpcp3-5.2.5-150400.5.6.3.x86_64.rpm libpcp_gui2-5.2.5-150400.5.6.3.x86_64.rpm libpcp_import1-5.2.5-150400.5.6.3.x86_64.rpm libpcp_mmv1-5.2.5-150400.5.6.3.x86_64.rpm libpcp_trace2-5.2.5-150400.5.6.3.x86_64.rpm libpcp_web1-5.2.5-150400.5.6.3.x86_64.rpm pcp-5.2.5-150400.5.6.3.src.rpm pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-conf-5.2.5-150400.5.6.3.x86_64.rpm pcp-devel-5.2.5-150400.5.6.3.x86_64.rpm pcp-doc-5.2.5-150400.5.6.3.noarch.rpm pcp-import-iostat2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-import-mrtg2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-import-sar2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-system-tools-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-LogImport-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-LogSummary-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-MMV-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-PMDA-5.2.5-150400.5.6.3.x86_64.rpm python3-pcp-5.2.5-150400.5.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1270 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010). - CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010). - CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010). - CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010). Other fixes: - Update to version 2.44.0 (bsc#1222010): + Make the DOM accessibility tree reachable from UI process with GTK4. + Removed the X11 and WPE renderers in favor of DMA-BUF. + Improved vblank synchronization when rendering. + Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. + Fix gamepads detection by correctly handling focused window in GTK4. WebKitGTK-4.0-lang-2.44.0-150400.4.78.1.noarch.rpm WebKitGTK-4.1-lang-2.44.0-150400.4.78.1.noarch.rpm WebKitGTK-6.0-lang-2.44.0-150400.4.78.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.0-150400.4.78.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.0-150400.4.78.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.0-150400.4.78.1.x86_64.rpm libwebkit2gtk-4_0-37-2.44.0-150400.4.78.1.x86_64.rpm libwebkit2gtk-4_1-0-2.44.0-150400.4.78.1.x86_64.rpm libwebkitgtk-6_0-4-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk3-2.44.0-150400.4.78.1.src.rpm webkit2gtk3-devel-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk3-soup2-2.44.0-150400.4.78.1.src.rpm webkit2gtk3-soup2-devel-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk4-2.44.0-150400.4.78.1.src.rpm webkitgtk-6_0-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1271 Security update for gnutls moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) gnutls-3.7.3-150400.4.44.1.src.rpm gnutls-3.7.3-150400.4.44.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.44.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.44.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1448 Feature update for python-M2Crypto low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-M2Crypto fixes the following issue: - Build for modern python stack - Adds python311-M2Crypto python-M2Crypto-0.40.0-150400.3.9.1.src.rpm python-M2Crypto-doc-0.40.0-150400.3.9.1.noarch.rpm python311-M2Crypto-0.40.0-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1337 Recommended update for wicked moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) wicked-0.6.74-150400.3.19.1.src.rpm wicked-0.6.74-150400.3.19.1.x86_64.rpm wicked-service-0.6.74-150400.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1366 Recommended update for openssh moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with "signature unverified: incorrect signature" by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). openssh-8.4p1-150300.3.37.1.src.rpm openssh-8.4p1-150300.3.37.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.37.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.37.1.x86_64.rpm openssh-clients-8.4p1-150300.3.37.1.x86_64.rpm openssh-common-8.4p1-150300.3.37.1.x86_64.rpm openssh-fips-8.4p1-150300.3.37.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.37.1.x86_64.rpm openssh-server-8.4p1-150300.3.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1340 Security update for pgadmin4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pgadmin4 fixes the following issues: - CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user (bsc#1221172) pgadmin4-4.30-150300.3.12.1.src.rpm pgadmin4-4.30-150300.3.12.1.x86_64.rpm pgadmin4-doc-4.30-150300.3.12.1.noarch.rpm pgadmin4-web-4.30-150300.3.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1434 Recommended update for systemd-presets-common-SUSE moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. systemd-presets-common-SUSE-15-150100.8.23.1.noarch.rpm systemd-presets-common-SUSE-15-150100.8.23.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309 Security update for nodejs18 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053) nodejs18-18.20.1-150400.9.21.3.src.rpm nodejs18-18.20.1-150400.9.21.3.x86_64.rpm nodejs18-devel-18.20.1-150400.9.21.3.x86_64.rpm nodejs18-docs-18.20.1-150400.9.21.3.noarch.rpm npm18-18.20.1-150400.9.21.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1350 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR (MSFA 2024-19) (bsc#1222535): - CVE-2024-3852: GetBoundName in the JIT returned the wrong object - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement - CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection - CVE-2024-2609: Permission prompt input delay could expire when not in focus - CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer - CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move - CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows - CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames - CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 MozillaFirefox-115.10.0-150200.152.134.1.src.rpm MozillaFirefox-115.10.0-150200.152.134.1.x86_64.rpm MozillaFirefox-devel-115.10.0-150200.152.134.1.noarch.rpm MozillaFirefox-translations-common-115.10.0-150200.152.134.1.x86_64.rpm MozillaFirefox-translations-other-115.10.0-150200.152.134.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1308 Security update for nodejs16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) nodejs16-16.20.2-150400.3.33.1.src.rpm nodejs16-16.20.2-150400.3.33.1.x86_64.rpm nodejs16-devel-16.20.2-150400.3.33.1.x86_64.rpm nodejs16-docs-16.20.2-150400.3.33.1.noarch.rpm npm16-16.20.2-150400.3.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1392 Recommended update for sapconf, saptune, sysctl-logger moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sapconf, saptune and sysctl-logger fixes the following issues: sapconf, saptune: - Added requirement for package `sysctl-logger` for SUSE Linux Enterprise 15 Service Pack 4 and Service Pack 5 (jsc#PED-6220, jsc#PED-6221) sysctl-logger: - New implementation at version v0.0.6, needed as required dependency for `sapconf` and `saptune` (jsc#PED-6220) sapconf-5.0.7-150400.16.4.1.noarch.rpm sapconf-5.0.7-150400.16.4.1.src.rpm sysctl-logger-0.0.6-150400.9.3.2.src.rpm sysctl-logger-0.0.6-150400.9.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1429 Recommended update for ca-certificates moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ca-certificates-2+git20240416.98ae794-150300.4.3.3.noarch.rpm ca-certificates-2+git20240416.98ae794-150300.4.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1849 Recommended update for desktop-data-SLE moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for desktop-data-SLE fixes the following issue: - Fix typo in the desktop files for some of the wallpapers (bsc#1222146) desktop-data-SLE-15-150000.4.3.11.noarch.rpm desktop-data-SLE-15-150000.4.3.11.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1443 Recommended update for emacs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - Fixed issue with emacs-info (bsc#1221769) emacs-27.2-150400.3.14.1.src.rpm emacs-27.2-150400.3.14.1.x86_64.rpm emacs-el-27.2-150400.3.14.1.noarch.rpm emacs-info-27.2-150400.3.14.1.noarch.rpm emacs-nox-27.2-150400.3.14.1.x86_64.rpm emacs-x11-27.2-150400.3.14.1.x86_64.rpm etags-27.2-150400.3.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1531 Recommended update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter fixes the following issues: - update to 1.7.0 (jsc#PED-7893, jsc#PED-7928): * [FEATURE] Add ZFS freebsd per dataset stats #2753 * [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721 * [ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772 * [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711 * [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778 * [ENHANCEMENT] Improve qdisc collector performance #2779 * [ENHANCEMENT] Add include and exclude filter for hwmon collector #2699 * [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs #2777 * [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754 * [BUGFIX] Fallback to 32-bit stats in netdev #2757 * [BUGFIX] Close btrfs.FS handle after use #2780 * [BUGFIX] Move RO status before error return #2807 * [BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808 * [BUGFIX] Fix nfsd v4 index miss #2824 - update to 1.6.1: (no source code changes in this release) - BuildRequire go1.20 - update to 1.6.0: * [CHANGE] Fix cpustat when some cpus are offline #2318 * [CHANGE] Remove metrics of offline CPUs in CPU collector #2605 * [CHANGE] Deprecate ntp collector #2603 * [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583 * [CHANGE] Deprecate supervisord collector #2685 * [FEATURE] Enable uname collector on NetBSD #2559 * [FEATURE] NetBSD support for the meminfo collector #2570 * [FEATURE] NetBSD support for CPU collector #2626 * [FEATURE] Add FreeBSD collector for netisr subsystem #2668 * [FEATURE] Add softirqs collector #2669 * [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449 * [ENHANCEMENT] Add administrative state of Linux network interfaces #2515 * [ENHANCEMENT] Log current value of GOMAXPROCS #2537 * [ENHANCEMENT] Add profiler options for perf collector #2542 * [ENHANCEMENT] Allow root path as metrics path #2590 * [ENHANCEMENT] Add cpu frequency governor metrics #2569 * [ENHANCEMENT] Add new landing page #2622 * [ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634 * [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687 * [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats #2612 * [ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669 * [BUGFIX] perf: fixes for automatically detecting the correct tracefs mountpoints #2553 * [BUGFIX] Fix `thermal_zone` collector noise @2554 * [BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584 * [BUGFIX] interrupts: Fix fields on linux aarch64 #2631 * [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605 * [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637 * [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in OpenBSD #2663 - change go_modules archive in _service to use obscpio file golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1.src.rpm golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1347 Security update for wireshark important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wireshark fixes the following issues: Security fixes: - CVE-2024-24476: Fixed a denial of service in ws_manuf_lookup_str() (bsc#1220181) Other fixes: - Wireshark 3.6.22: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.22.html libwireshark15-3.6.22-150000.3.112.1.x86_64.rpm libwiretap12-3.6.22-150000.3.112.1.x86_64.rpm libwsutil13-3.6.22-150000.3.112.1.x86_64.rpm wireshark-3.6.22-150000.3.112.1.src.rpm wireshark-3.6.22-150000.3.112.1.x86_64.rpm wireshark-devel-3.6.22-150000.3.112.1.x86_64.rpm wireshark-ui-qt-3.6.22-150000.3.112.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1848 Recommended update for supportutils important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps supportutils-3.1.30-150300.7.35.30.1.noarch.rpm supportutils-3.1.30-150300.7.35.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1528 Recommended update for salt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Convert oscap output to UTF-8 - Make Salt compatible with Python 3.11 - Ignore non-ascii chars in oscap output (bsc#1219001) - Fix detected issues in Salt tests when running on VMs - Make importing seco.range thread safe (bsc#1211649) - Fix problematic tests and allow smooth tests executions on containers - Discover Ansible playbook files as "*.yml" or "*.yaml" files (bsc#1211888) - Provide user(salt)/group(salt) capabilities for RPM 4.19 - Extend dependencies for python3-salt-testsuiteand python3-salt packages - Improve Salt and testsuite packages multibuild - Enable multibuilld and create test flavor - Prevent exceptions with fileserver.update when called via state (bsc#1218482) - Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) - Fixed KeyError in logs when running a state that fails python3-salt-3006.0-150400.8.57.2.x86_64.rpm True salt-3006.0-150400.8.57.2.src.rpm True salt-3006.0-150400.8.57.2.x86_64.rpm True salt-api-3006.0-150400.8.57.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.57.2.noarch.rpm True salt-cloud-3006.0-150400.8.57.2.x86_64.rpm True salt-doc-3006.0-150400.8.57.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.57.2.noarch.rpm True salt-master-3006.0-150400.8.57.2.x86_64.rpm True salt-minion-3006.0-150400.8.57.2.x86_64.rpm True salt-proxy-3006.0-150400.8.57.2.x86_64.rpm True salt-ssh-3006.0-150400.8.57.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.57.2.x86_64.rpm True salt-syndic-3006.0-150400.8.57.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.57.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.57.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1436 Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 550.76 (bsc#1222972) Changes in nvidia-open-driver-G06-signed: - Update to 550.76 (bsc#1222972) kernel-firmware-nvidia-gspx-G06-550.76-150400.9.27.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.76-150400.9.27.1.x86_64.rpm nvidia-open-driver-G06-signed-550.76-150400.9.56.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.76-150400.9.56.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.76_k5.14.21_150400.24.116-150400.9.56.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1394 Security update for qemu important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qemu fixes the following issues: - CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269) - CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889) - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134) - CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843) - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845) qemu-6.2.0-150400.37.29.1.src.rpm qemu-6.2.0-150400.37.29.1.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-alsa-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-pa-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-curl-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-iscsi-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-rbd-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-ssh-6.2.0-150400.37.29.1.x86_64.rpm qemu-chardev-baum-6.2.0-150400.37.29.1.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.29.1.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-usb-host-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.29.1.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.29.1.noarch.rpm qemu-ksm-6.2.0-150400.37.29.1.x86_64.rpm qemu-kvm-6.2.0-150400.37.29.1.x86_64.rpm qemu-lang-6.2.0-150400.37.29.1.x86_64.rpm qemu-tools-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-curses-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-gtk-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-spice-app-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.29.1.x86_64.rpm qemu-x86-6.2.0-150400.37.29.1.x86_64.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.29.1.noarch.rpm qemu-sgabios-8-150400.37.29.1.noarch.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.29.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1375 Security update for glibc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) glibc-2.31-150300.74.1.src.rpm glibc-2.31-150300.74.1.x86_64.rpm glibc-devel-2.31-150300.74.1.x86_64.rpm glibc-devel-static-2.31-150300.74.1.x86_64.rpm glibc-extra-2.31-150300.74.1.x86_64.rpm glibc-i18ndata-2.31-150300.74.1.noarch.rpm glibc-info-2.31-150300.74.1.noarch.rpm glibc-lang-2.31-150300.74.1.noarch.rpm glibc-locale-2.31-150300.74.1.x86_64.rpm glibc-locale-base-2.31-150300.74.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.74.1.x86_64.rpm glibc-profile-2.31-150300.74.1.x86_64.rpm glibc-utils-2.31-150300.74.1.x86_64.rpm glibc-utils-src-2.31-150300.74.1.src.rpm nscd-2.31-150300.74.1.x86_64.rpm glibc-32bit-2.31-150300.74.1.x86_64.rpm glibc-devel-32bit-2.31-150300.74.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1440 Security update for python-gunicorn important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling (bsc#1222950) python-gunicorn-20.1.0-150400.12.6.1.src.rpm python311-gunicorn-20.1.0-150400.12.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1498 Security update for java-11-openjdk low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use "@run driver" + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - "'snprintf': identifier not found" + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in "process reaper" thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to "FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()" + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: "Dumping core ..." is shown despite claiming that "# No core dump will be written." + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8" + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with "AssertionError: All pixels are not black" + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with "isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN" + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with "List wasn't garbage collected" + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias "all" for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) java-11-openjdk-11.0.23.0-150000.3.113.1.src.rpm java-11-openjdk-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-demo-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-devel-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-headless-11.0.23.0-150000.3.113.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1499 Security update for java-17-openjdk low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two batches of Active Setting events" + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only" + JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant" from compiled frame" + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: "control input must dominate current control" assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias "all" for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). java-17-openjdk-17.0.11.0-150400.3.42.1.src.rpm java-17-openjdk-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-demo-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-devel-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-headless-17.0.11.0-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1471 Recommended update for libzypp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) libzypp-17.32.5-150400.3.64.1.src.rpm True libzypp-17.32.5-150400.3.64.1.x86_64.rpm True libzypp-devel-17.32.5-150400.3.64.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1472 Recommended update for libyui important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squidGuard fixes the following issues: - Add libyui to SUMA Server 4.3 (bsc#1223146) libyui-4.3.7-150400.3.7.1.src.rpm libyui-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-pkg-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-pkg-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-pkg16-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-tools-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-4.3.7-150400.3.7.1.src.rpm libyui-qt-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-graph-4.3.7-150400.3.7.1.src.rpm libyui-qt-graph-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-graph16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-pkg-4.3.7-150400.3.7.1.src.rpm libyui-qt-pkg-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-pkg16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-qt-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt16-4.3.7-150400.3.7.1.x86_64.rpm libyui-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui16-4.3.7-150400.3.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1464 Security update for jasper important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jasper fixes the following issues: - CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155). jasper-2.0.14-150000.3.34.1.src.rpm libjasper-devel-2.0.14-150000.3.34.1.x86_64.rpm libjasper4-2.0.14-150000.3.34.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1451 Security update for java-1_8_0-openjdk low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to version jdk8u412 (icedtea-3.31.0) (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Import of OpenJDK 8 u412 build 08 + JDK-8011180: Delete obsolete scripts + JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build + JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios + JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X + JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows + JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) + JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache + JDK-8168518: rcache interop with krb5-1.15 + JDK-8183503: Update hotspot tests to allow for unique test classes directory + JDK-8186095: upgrade to jtreg 4.2 b08 + JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH + JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails + JDK-8208655: use JTreg skipped status in hotspot tests + JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 + JDK-8208706: compiler/tiered/ /ConstantGettersTransitionsTest.java fails to compile + JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system + JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + JDK-8224768: Test ActalisCA.java fails + JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits + JDK-8251551: Use .md filename extension for README + JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired + JDK-8270280: security/infra/java/security/cert/ /CertPathValidator/certification/LetsEncryptCA.java OCSP response error + JDK-8270517: Add Zero support for LoongArch + JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/ /security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled + JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test + JDK-8288132: Update test artifacts in QuoVadis CA interop tests + JDK-8297955: LDAP CertStore should use LdapName and not String for DNs + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8308592: Framework for CA interoperability testing + JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set + JDK-8320713: Bump update version of OpenJDK: 8u412 + JDK-8321060: [8u] hotspot needs to recognise VS2022 + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8323202: [8u] Remove get_source.sh and hgforest.sh + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324530: Build error with gcc 10 + JDK-8325150: (tz) Update Timezone Data to 2024a * Bug fixes + Support make 4.4 - Do not recommend timezone-java8 (bsc#1213470) - Use %patch -P N instead of deprecated %patchN. java-1_8_0-openjdk-1.8.0.412-150000.3.91.1.src.rpm java-1_8_0-openjdk-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1481 Recommended update for rmt-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Support bzip2 compressed repositories (bsc#1222122) - Remove automatic backup generation for repodata within repository - Add support for Debian repositories using flat or nested structures (jsc#PED-3684) rmt-server-2.16-150400.3.21.1.src.rpm rmt-server-2.16-150400.3.21.1.x86_64.rpm rmt-server-config-2.16-150400.3.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1470 Security update for ffmpeg-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272) ffmpeg-4-4.4-150400.3.24.1.src.rpm libavcodec58_134-4.4-150400.3.24.1.x86_64.rpm libavformat58_76-4.4-150400.3.24.1.x86_64.rpm libavutil56_70-4.4-150400.3.24.1.x86_64.rpm libpostproc55_9-4.4-150400.3.24.1.x86_64.rpm libswresample3_9-4.4-150400.3.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1441 Recommended update for liblouis moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for liblouis fixes the following issues: - Add s390x-support patch to fix issues with python bindings on big endian machines (gh#liblouis/liblouis#1552, bsc#1198348) - Run python tests in %check liblouis-3.20.0-150400.3.16.3.src.rpm liblouis-data-3.20.0-150400.3.16.3.noarch.rpm liblouis-devel-3.20.0-150400.3.16.3.x86_64.rpm liblouis20-3.20.0-150400.3.16.3.x86_64.rpm python3-louis-3.20.0-150400.3.16.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1474 Recommended update for cups important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Fix occasional stuck on poll() loop (bsc#1217119) cups-2.2.7-150000.3.54.1.src.rpm cups-2.2.7-150000.3.54.1.x86_64.rpm cups-client-2.2.7-150000.3.54.1.x86_64.rpm cups-config-2.2.7-150000.3.54.1.x86_64.rpm cups-ddk-2.2.7-150000.3.54.1.x86_64.rpm cups-devel-2.2.7-150000.3.54.1.x86_64.rpm libcups2-2.2.7-150000.3.54.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.54.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.54.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.54.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.54.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3295 Security update for gstreamer-plugins-bad important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - Dropped support for libmfx to fix the following CVEs: * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) gstreamer-plugins-bad-1.20.1-150400.3.23.2.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.23.2.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.23.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1473 Recommended update for cups-filters important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issues: - Fix printing only one copy of a postscript file instead of multiple (bsc#1211401, bsc#1173345) cups-filters-1.25.0-150200.3.9.1.src.rpm cups-filters-1.25.0-150200.3.9.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1467 Recommended update for tracker moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tracker fixes the following issue: - Initialize FTS tokenizer earlier to fix regressions with sqlite (bsc#1222949) libtracker-sparql-3_0-0-3.2.1-150400.3.6.2.x86_64.rpm tracker-3.2.1-150400.3.6.2.src.rpm tracker-data-files-3.2.1-150400.3.6.2.x86_64.rpm tracker-devel-3.2.1-150400.3.6.2.x86_64.rpm typelib-1_0-Tracker-3_0-3.2.1-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1475 Security update for frr important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2024-31948: Fixed denial of service due to malformed Prefix SID attribute in BGP Update packet (bsc#1222518) frr-7.4-150300.4.23.1.src.rpm frr-7.4-150300.4.23.1.x86_64.rpm frr-devel-7.4-150300.4.23.1.x86_64.rpm libfrr0-7.4-150300.4.23.1.x86_64.rpm libfrr_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrcares0-7.4-150300.4.23.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.23.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.23.1.x86_64.rpm libfrrzmq0-7.4-150300.4.23.1.x86_64.rpm libmlag_pb0-7.4-150300.4.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1503 Recommended update for gdb important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) gdb-13.2-150400.15.17.1.src.rpm gdb-13.2-150400.15.17.1.x86_64.rpm gdbserver-13.2-150400.15.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1778 Recommended update for systemd-presets-branding-SLE moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) systemd-presets-branding-SLE-15.1-150100.20.14.1.noarch.rpm systemd-presets-branding-SLE-15.1-150100.20.14.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2801 Security update for docker critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 RETRACTED: This update for docker fixes the following issues: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-25.0.6_ce-150000.203.1.src.rpm docker-25.0.6_ce-150000.203.1.x86_64.rpm docker-bash-completion-25.0.6_ce-150000.203.1.noarch.rpm docker-rootless-extras-25.0.6_ce-150000.203.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1535 Security update for flatpak important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization (bsc#1223110) flatpak-1.12.8-150400.3.6.1.src.rpm flatpak-1.12.8-150400.3.6.1.x86_64.rpm flatpak-devel-1.12.8-150400.3.6.1.x86_64.rpm flatpak-zsh-completion-1.12.8-150400.3.6.1.x86_64.rpm libflatpak0-1.12.8-150400.3.6.1.x86_64.rpm system-user-flatpak-1.12.8-150400.3.6.1.x86_64.rpm typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1538 Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - Update to 550.78 Changes in nvidia-open-driver-G06-signed: - Update to 550.78 kernel-firmware-nvidia-gspx-G06-550.78-150400.9.30.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.78-150400.9.30.1.x86_64.rpm nvidia-open-driver-G06-signed-550.78-150400.9.59.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.78-150400.9.59.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.78_k5.14.21_150400.24.116-150400.9.59.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1557 Security update for rpm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) python-rpm-4.14.3-150400.59.16.1.src.rpm python3-rpm-4.14.3-150400.59.16.1.x86_64.rpm python311-rpm-4.14.3-150400.59.16.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.16.1.x86_64.rpm rpm-4.14.3-150400.59.16.1.src.rpm rpm-4.14.3-150400.59.16.1.x86_64.rpm rpm-build-4.14.3-150400.59.16.1.x86_64.rpm rpm-devel-4.14.3-150400.59.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1637 Recommended update for google-cloud SDK moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) libprotobuf-lite25_1_0-25.1-150400.9.6.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.6.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.6.1.x86_64.rpm protobuf-25.1-150400.9.6.1.src.rpm protobuf-devel-25.1-150400.9.6.1.x86_64.rpm python-apipkg-3.0.1-150400.12.6.1.src.rpm python-cachetools-5.3.1-150400.8.6.1.src.rpm python-certifi-2023.7.22-150400.12.6.2.src.rpm python-cffi-1.15.1-150400.8.7.2.src.rpm python-charset-normalizer-3.1.0-150400.9.7.2.src.rpm python-cryptography-41.0.3-150400.16.19.1.src.rpm python-google-auth-2.27.0-150400.6.7.1.src.rpm python-idna-3.4-150400.11.6.1.src.rpm python-iniconfig-2.0.0-150400.10.6.1.src.rpm python-py-1.11.0-150400.12.7.2.src.rpm python-pyOpenSSL-23.2.0-150400.3.10.1.src.rpm python-pyasn1-0.5.0-150400.12.7.2.src.rpm python-pyasn1-modules-0.3.0-150400.12.7.1.src.rpm python-pycparser-2.21-150400.12.7.2.src.rpm python-pytz-2023.3-150400.6.6.1.src.rpm python-requests-2.31.0-150400.6.8.1.src.rpm python-rsa-4.9-150400.12.7.1.src.rpm python-setuptools-67.7.2-150400.3.12.1.src.rpm python-urllib3-2.0.7-150400.7.14.1.src.rpm python311-apipkg-3.0.1-150400.12.6.1.noarch.rpm python311-cachetools-5.3.1-150400.8.6.1.noarch.rpm python311-certifi-2023.7.22-150400.12.6.2.noarch.rpm python311-cffi-1.15.1-150400.8.7.2.x86_64.rpm python311-charset-normalizer-3.1.0-150400.9.7.2.noarch.rpm python311-cryptography-41.0.3-150400.16.19.1.x86_64.rpm python311-google-auth-2.27.0-150400.6.7.1.noarch.rpm python311-idna-3.4-150400.11.6.1.noarch.rpm python311-iniconfig-2.0.0-150400.10.6.1.noarch.rpm python311-py-1.11.0-150400.12.7.2.noarch.rpm python311-pyOpenSSL-23.2.0-150400.3.10.1.noarch.rpm python311-pyasn1-0.5.0-150400.12.7.2.noarch.rpm python311-pyasn1-modules-0.3.0-150400.12.7.1.noarch.rpm python311-pycparser-2.21-150400.12.7.2.noarch.rpm python311-pytz-2023.3-150400.6.6.1.noarch.rpm python311-requests-2.31.0-150400.6.8.1.noarch.rpm python311-rsa-4.9-150400.12.7.1.noarch.rpm python311-setuptools-67.7.2-150400.3.12.1.noarch.rpm python311-urllib3-2.0.7-150400.7.14.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497 Security update for skopeo important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for skopeo fixes the following issues: - Update to version 1.14.2: * [release-1.14] Bump Skopeo to v1.14.2 * [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563) - Update to version 1.14.1: * Bump to v1.14.1 * fix(deps): update module github.com/containers/common to v0.57.2 * fix(deps): update module github.com/containers/image/v5 to v5.29.1 * chore(deps): update dependency containers/automation_images to v20240102 * Fix libsubid detection * fix(deps): update module golang.org/x/term to v0.16.0 * fix(deps): update golang.org/x/exp digest to 02704c9 * chore(deps): update dependency containers/automation_images to v20231208 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containers/common to v0.57.1 * fix(deps): update golang.org/x/exp digest to 6522937 * DOCS: add Gentoo in install.md * DOCS: Update to add Arch Linux in install.md * fix(deps): update module golang.org/x/term to v0.15.0 * Bump to v1.14.1-dev - Update to version 1.14.0: * Bump to v1.14.0 * fix(deps): update module github.com/containers/common to v0.57.0 * chore(deps): update dependency containers/automation_images to v20231116 * fix(deps): update module github.com/containers/image/v5 to v5.29.0 * Add documentation and smoke tests for the new --compat-auth-file options * Update c/image and c/common to latest * fix(deps): update module github.com/containers/storage to v1.51.0 * fix(deps): update module golang.org/x/term to v0.14.0 * fix(deps): update module github.com/spf13/cobra to v1.8.0 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1 * fix(deps): update github.com/containers/common digest to 3e5caa0 * chore(deps): update module google.golang.org/grpc to v1.57.1 [security] * fix(deps): update module github.com/containers/ocicrypt to v1.1.9 * Update github.com/klauspost/compress to v1.17.2 * chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] * Fix ENTRYPOINT documentation, drop others. * Remove unused environment variables in Cirrus * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0 * chore(deps): update dependency containers/automation_images to v20231004 * chore(deps): update module golang.org/x/net to v0.17.0 [security] * copy: Note support for `zstd:chunked` * fix(deps): update module golang.org/x/term to v0.13.0 * fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible * fix(deps): update github.com/containers/common digest to 745eaa4 * Packit: switch to @containers/packit-build team for copr failure notification comments * Packit: tag @lsm5 on copr build failures * vendor of containers/common * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * fix(deps): update module github.com/containers/common to v0.56.0 * Cirrus: Remove multi-arch skopeo image builds * fix(deps): update module github.com/containers/image/v5 to v5.28.0 * Increase the golangci-lint timeout * fix(deps): update module github.com/containers/storage to v1.50.2 * fix(deps): update module github.com/containers/storage to v1.50.1 * fix(deps): update golang.org/x/exp digest to 9212866 * Fix a man page link * fix(deps): update github.com/containers/image/v5 digest to 58d5eb6 * GHA: Closed issue/PR comment-lock test * fix(deps): update module github.com/containers/common to v0.55.4 * fix(deps): update module github.com/containers/storage to v1.49.0 * rpm: spdx compatible license field * chore(deps): update dependency golangci/golangci-lint to v1.54.2 * chore(deps): update dependency containers/automation_images to v20230816 * Packit: set eln target correctly * packit: Build PRs into default packit COPRs * DOCS: Update Go version requirement info * DOCS: Add information about the cross-build * fix(deps): update module github.com/containers/ocicrypt to v1.1.8 * fix(deps): update module github.com/containers/common to v0.55.3 * Update c/image after https://github.com/containers/image/pull/2070 * chore(deps): update dependency golangci/golangci-lint to v1.54.1 * chore(deps): update dependency containers/automation_images to v20230809 * fix(deps): update golang.org/x/exp digest to 352e893 * chore(deps): update dependency containers/automation_images to v20230807 * Update to Go 1.19 * fix(deps): update module golang.org/x/term to v0.11.0 * Update c/image for golang.org/x/exp * RPM: define gobuild macro for rhel/centos stream * Fix handling the unexpected return value combination from IsRunningImageAllowed * Close the PolicyContext, as required by the API * Use globalOptions.getPolicyContext instead of an image-targeted SystemContext * Packit: remove pre-sync action * fix(deps): update module github.com/containers/common to v0.55.2 * proxy: Change the imgid to uint64 * [CI:BUILD] Packit: install golist before updating downstream spec * Update module golang.org/x/term to v0.10.0 * Bump to v1.14.0-dev * Bump to v1.13.0 - Bump go version to 1.21 (bsc#1215611) - Update to version 1.13.2: * [release-1.13] Bump to v1.13.2 * [release-1.31] Bump c/common v0.55.3 * Packit: remove pre-sync action * [release-1.13] Bump to v1.13.2-dev - Update to version 1.13.1: * [release-1.13] Bump to v1.13.1 * [release-1.13] Bump c/common to v0.55.2 * [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec * [release-1.13] Bump to v1.13.1-dev - Update to version 1.13.0: * Bump to v1.13.0 * proxy: Policy verification of OCI Image before pulling * Update module github.com/opencontainers/image-spec to v1.1.0-rc4 * Update module github.com/containers/common to v0.55.1 * Update module github.com/containers/common to v0.54.0 * Update module github.com/containers/image/v5 to v5.26.0 * [CI:BUILD] RPM: fix ELN builds * Update module github.com/containers/storage to v1.47.0 * Packit: easier to read distro conditionals * Update dependency golangci/golangci-lint to v1.53.3 * Help Renovate manage the golangci-lint version * Minor: Cleanup renovate configuration * Update dependency containers/automation_images to v20230614 * Update module golang.org/x/term to v0.9.0 * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * Update module github.com/sirupsen/logrus to v1.9.3 * Update dependency containers/automation_images to v20230601 * Update golang.org/x/exp digest to 2e198f4 * Update github.com/containers/image/v5 digest to e14c1c5 * Update module github.com/stretchr/testify to v1.8.4 * Update module github.com/stretchr/testify to v1.8.3 * Update dependency containers/automation_images to v20230517 * Update module github.com/sirupsen/logrus to v1.9.2 * Update module github.com/docker/distribution to v2.8.2+incompatible * Trigger an update of the ostree_ext container image * Update c/image with https://github.com/containers/image/pull/1944 * Update module github.com/containers/common to v0.53.0 * Update module golang.org/x/term to v0.8.0 * Update dependency containers/automation_images to v20230426 * Update golang.org/x/exp digest to 47ecfdc * Emphasize the semantics of --preserve-digests a tiny bit * Improve the static build documentation a tiny bit * Bump to v1.12.1-dev skopeo-1.14.2-150300.11.8.1.src.rpm skopeo-1.14.2-150300.11.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1578 Security update for sssd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) libipa_hbac-devel-2.5.2-150400.4.27.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.27.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.27.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.27.1.x86_64.rpm sssd-2.5.2-150400.4.27.1.src.rpm sssd-2.5.2-150400.4.27.1.x86_64.rpm sssd-ad-2.5.2-150400.4.27.1.x86_64.rpm sssd-common-2.5.2-150400.4.27.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.27.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.27.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.27.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.27.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.27.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.27.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.27.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.27.1.x86_64.rpm sssd-tools-2.5.2-150400.4.27.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1539 Security update for bouncycastle moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252) bouncycastle-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-1.78.1-150200.3.29.1.src.rpm bouncycastle-pg-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-pkix-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-util-1.78.1-150200.3.29.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598 Security update for less important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) less-590-150400.3.9.1.src.rpm less-590-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1556 Security update for python311 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2024-0450: Fixed "quoted-overlap" issue inside the zipfile module (bsc#1221854). - CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666). - CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559). Bug fixes: - Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260). - Revert use of %autopatch (bsc#1189495). - Use the system-wide crypto-policies (bsc#1211301). libpython3_11-1_0-3.11.9-150400.9.26.1.x86_64.rpm python311-3.11.9-150400.9.26.1.src.rpm python311-3.11.9-150400.9.26.1.x86_64.rpm python311-base-3.11.9-150400.9.26.1.x86_64.rpm python311-core-3.11.9-150400.9.26.1.src.rpm python311-curses-3.11.9-150400.9.26.1.x86_64.rpm python311-dbm-3.11.9-150400.9.26.1.x86_64.rpm python311-devel-3.11.9-150400.9.26.1.x86_64.rpm python311-doc-3.11.9-150400.9.26.1.x86_64.rpm python311-doc-devhelp-3.11.9-150400.9.26.1.x86_64.rpm python311-documentation-3.11.9-150400.9.26.1.src.rpm python311-idle-3.11.9-150400.9.26.1.x86_64.rpm python311-tk-3.11.9-150400.9.26.1.x86_64.rpm python311-tools-3.11.9-150400.9.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1895 Security update for glibc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) glibc-2.31-150300.83.1.src.rpm glibc-2.31-150300.83.1.x86_64.rpm glibc-devel-2.31-150300.83.1.x86_64.rpm glibc-devel-static-2.31-150300.83.1.x86_64.rpm glibc-extra-2.31-150300.83.1.x86_64.rpm glibc-i18ndata-2.31-150300.83.1.noarch.rpm glibc-info-2.31-150300.83.1.noarch.rpm glibc-lang-2.31-150300.83.1.noarch.rpm glibc-locale-2.31-150300.83.1.x86_64.rpm glibc-locale-base-2.31-150300.83.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.83.1.x86_64.rpm glibc-profile-2.31-150300.83.1.x86_64.rpm glibc-utils-2.31-150300.83.1.x86_64.rpm glibc-utils-src-2.31-150300.83.1.src.rpm nscd-2.31-150300.83.1.x86_64.rpm glibc-32bit-2.31-150300.83.1.x86_64.rpm glibc-devel-32bit-2.31-150300.83.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1876 Recommended update for aaa_base moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1763 Recommended update for ant, hamcrest, junit moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant, hamcrest, junit fixes the following issues: ant, ant-antlr, ant-junit5, ant-junit: - Put hamcrest on the classpath of ant-junit module hamcrest was updated to version 2.2: - Version 2.2: * This version simplifies the packaging of Hamcrest into a single jar. Other big changes include Java 9 module compatibility, along with numerous other improvements and bug fixes. * Breaking Changes: + Although the class API has not changed since Hamcrest 1.3, the way that the project is packaged has changed. Refer to the Hamcrest Distributables documentation for more information, and in particular the section on Upgrading from Hamcrest 1.x + The org.hamcrest.Factory annotation has been removed (it should not be used in client code) * Improvements: + AllOf/AnyOf: Pass the matchers to constructor using varargs + Matchers.anyOf: Fixed generic bounds compatibility for JDK 11 + AssertionError message is unhelpful when match fails for byte type + Use platform specific line breaks + The build now checks for consistent use of spaces * Bugs fixed and other changes: + Fixed compatibility issue for development with Android D8 + Fixed typo in license name + 1.3 compatible constructors for string matchers + Fixed for split packages with Java 9 modules + Documentation updates + Added implementation for CharSequence length matcher + Fixed for TypeSafeDiagnosingMatcher can't detect generic types for subclass + Renamed IsCollectionContaining to IsIterableContaining + Make Hamcrest an OSGI bundle + Added StringRegularExpression matcher + Fixed StringContainsInOrder to detect if a repeated pattern is missing + Added ArrayAsIterableMatcher + Fixed description for IsEqualIgnoringCase + Fixed JavaDoc examples + Upgraded to Java 7 + Build with Gradle + Deprecate IsCollectionContaining and IsArrayContainingXXX + Removed deprecated methods from previous release + Improve mismatch description of hasItem/hasItems + General improvements to mismatch descriptions + Several JavaDoc improvements and corrections + Deprecated several matcher factory methods of the for "isXyz" + Fixed address doclint errors reported in JDK 1.8 + Fixed Iterable contains in order is null-safe + Added equalToObject() (i.e. unchecked) method + Fixed arrayContaining(null, null) cause NullPointerException * Fixed string matching on regular expressions * Fixed isCloseTo() shows wrong delta in mismatch description * Fixed add untyped version of equalTo, named equalToObject * Implement IsEmptyMap, IsMapWithSize * Fixed IsArray.describeMismatchSafely() should use Matcher.describeMismatch * Added Matcher implementation for files * Fixed NPE in IsIterableContainingInOrder junit: - Generate anew the ant build system using the maven pom.xml - Fetch sources from github by source service and filter out stale hamcrest binaries. - Port to hamcrest 2.2 unconditionally - Removed deprecated assertThat - Let ant build with --release 8 if the compiler knows that option. This allows us to avoid incompatible exception declarations in ObjectInputStream.GetField.get(String,Object) in java >= 20 ant-1.10.14-150200.4.25.1.noarch.rpm ant-1.10.14-150200.4.25.1.src.rpm ant-antlr-1.10.14-150200.4.25.1.noarch.rpm ant-antlr-1.10.14-150200.4.25.1.src.rpm ant-apache-bcel-1.10.14-150200.4.25.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.25.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.25.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.25.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.25.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.25.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.25.1.noarch.rpm ant-jakartamail-1.10.14-150200.4.25.1.noarch.rpm ant-javamail-1.10.14-150200.4.25.1.noarch.rpm ant-jdepend-1.10.14-150200.4.25.1.noarch.rpm ant-jmf-1.10.14-150200.4.25.1.noarch.rpm ant-junit-1.10.14-150200.4.25.1.noarch.rpm ant-junit-1.10.14-150200.4.25.1.src.rpm ant-manual-1.10.14-150200.4.25.1.noarch.rpm ant-scripts-1.10.14-150200.4.25.1.noarch.rpm ant-swing-1.10.14-150200.4.25.1.noarch.rpm junit-4.13.2-150200.3.11.2.noarch.rpm junit-4.13.2-150200.3.11.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-33664 Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format PackageKit-1.2.4-150400.3.17.10.src.rpm True PackageKit-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.4.9.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.4.9.src.rpm True PackageKit-devel-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.17.10.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.17.10.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.17.10.x86_64.rpm True libsolv-0.7.29-150400.3.22.4.src.rpm True libsolv-devel-0.7.29-150400.3.22.4.x86_64.rpm True libsolv-tools-0.7.29-150400.3.22.4.x86_64.rpm True libsolv-tools-base-0.7.29-150400.3.22.4.x86_64.rpm True libyui-4.3.7-150400.3.9.9.src.rpm True libyui-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.9.9.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.9.10.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.9.10.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.9.10.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-4.3.7-150400.3.9.9.src.rpm True libyui-qt-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.9.9.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.9.10.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.9.10.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.9.10.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui16-4.3.7-150400.3.9.9.x86_64.rpm True libzypp-17.34.1-150400.3.71.7.src.rpm True libzypp-17.34.1-150400.3.71.7.x86_64.rpm True libzypp-devel-17.34.1-150400.3.71.7.x86_64.rpm True perl-solv-0.7.29-150400.3.22.4.x86_64.rpm True python3-solv-0.7.29-150400.3.22.4.x86_64.rpm True ruby-solv-0.7.29-150400.3.22.4.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.17.10.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.13.10.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.13.10.x86_64.rpm True zypper-1.14.73-150400.3.50.10.src.rpm True zypper-1.14.73-150400.3.50.10.x86_64.rpm True zypper-log-1.14.73-150400.3.50.10.noarch.rpm True zypper-needs-restarting-1.14.73-150400.3.50.10.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1611 Recommended update for rpmlint moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - rpmlint-checks: whitelist permissions.d entry in CheckSUIDPermissions for commoncriteria (bsc#1223682) rpmlint-1.10-150000.7.84.1.noarch.rpm rpmlint-1.10-150000.7.84.1.src.rpm rpmlint-mini-1.10-150400.23.20.1.src.rpm rpmlint-mini-1.10-150400.23.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1641 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - Call flush_delayed_fput() from nfsd main-loop (bsc#1223380). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - scsi: Update max_hw_sectors on rescan (bsc#1216223). kernel-default-5.14.21-150400.24.119.1.nosrc.rpm True kernel-default-5.14.21-150400.24.119.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1.src.rpm True kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.119.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.119.1.noarch.rpm True kernel-docs-5.14.21-150400.24.119.1.noarch.rpm True kernel-docs-5.14.21-150400.24.119.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.119.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.119.1.src.rpm True kernel-obs-build-5.14.21-150400.24.119.1.x86_64.rpm True kernel-source-5.14.21-150400.24.119.1.noarch.rpm True kernel-source-5.14.21-150400.24.119.1.src.rpm True kernel-syms-5.14.21-150400.24.119.1.src.rpm True kernel-syms-5.14.21-150400.24.119.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.119.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1665 Recommended update for coreutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) coreutils-8.32-150400.9.6.1.src.rpm coreutils-8.32-150400.9.6.1.x86_64.rpm coreutils-doc-8.32-150400.9.6.1.noarch.rpm coreutils-lang-8.32-150400.9.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1624 Security update for python-Werkzeug important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). python-Werkzeug-1.0.1-150300.3.8.1.src.rpm python3-Werkzeug-1.0.1-150300.3.8.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1591 Security update for python-Werkzeug important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). python-Werkzeug-2.3.6-150400.6.9.1.src.rpm python311-Werkzeug-2.3.6-150400.6.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1786 Recommended update for lasso moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lasso fixes the following issues: - Fix segmentation fault causing the test suite to fail, build was failing for SLE 15 SP5 (bsc#1205335) - Patch written by Petr Gajdos, reviewed, approved and merged upstream fix-bsc-1205335 lasso-2.6.1-150200.19.4.src.rpm liblasso3-2.6.1-150200.19.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1947 Security update for openssl-3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). - CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388). libopenssl-3-devel-3.0.8-150400.4.54.1.x86_64.rpm libopenssl3-3.0.8-150400.4.54.1.x86_64.rpm openssl-3-3.0.8-150400.4.54.1.src.rpm openssl-3-3.0.8-150400.4.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1949 Security update for openssl-1_1 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). libopenssl-1_1-devel-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.66.2.x86_64.rpm openssl-1_1-1.1.1l-150400.7.66.2.src.rpm openssl-1_1-1.1.1l-150400.7.66.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1592 Security update for ffmpeg-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). ffmpeg-4-4.4-150400.3.27.1.src.rpm libavcodec58_134-4.4-150400.3.27.1.x86_64.rpm libavformat58_76-4.4-150400.3.27.1.x86_64.rpm libavutil56_70-4.4-150400.3.27.1.x86_64.rpm libpostproc55_9-4.4-150400.3.27.1.x86_64.rpm libswresample3_9-4.4-150400.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1593 Security update for ffmpeg important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). ffmpeg-3.4.2-150200.11.44.1.src.rpm libavcodec57-3.4.2-150200.11.44.1.x86_64.rpm libavformat57-3.4.2-150200.11.44.1.x86_64.rpm libavresample3-3.4.2-150200.11.44.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.44.1.x86_64.rpm libavutil55-3.4.2-150200.11.44.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.44.1.x86_64.rpm libpostproc54-3.4.2-150200.11.44.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.44.1.x86_64.rpm libswresample2-3.4.2-150200.11.44.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.44.1.x86_64.rpm libswscale4-3.4.2-150200.11.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1603 Recommended update for salt important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Make "man" a recommended package instead of required to fix installation issues with SLE Micro python3-salt-3006.0-150400.8.60.1.x86_64.rpm True salt-3006.0-150400.8.60.1.src.rpm True salt-3006.0-150400.8.60.1.x86_64.rpm True salt-api-3006.0-150400.8.60.1.x86_64.rpm True salt-bash-completion-3006.0-150400.8.60.1.noarch.rpm True salt-cloud-3006.0-150400.8.60.1.x86_64.rpm True salt-doc-3006.0-150400.8.60.1.x86_64.rpm True salt-fish-completion-3006.0-150400.8.60.1.noarch.rpm True salt-master-3006.0-150400.8.60.1.x86_64.rpm True salt-minion-3006.0-150400.8.60.1.x86_64.rpm True salt-proxy-3006.0-150400.8.60.1.x86_64.rpm True salt-ssh-3006.0-150400.8.60.1.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.60.1.x86_64.rpm True salt-syndic-3006.0-150400.8.60.1.x86_64.rpm True salt-transactional-update-3006.0-150400.8.60.1.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.60.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1588 Security update for go1.21 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 go1.21-1.21.10-150000.1.33.1.src.rpm go1.21-1.21.10-150000.1.33.1.x86_64.rpm go1.21-doc-1.21.10-150000.1.33.1.x86_64.rpm go1.21-race-1.21.10-150000.1.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1868 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401). apache2-2.4.51-150400.6.17.1.src.rpm apache2-2.4.51-150400.6.17.1.x86_64.rpm apache2-devel-2.4.51-150400.6.17.1.x86_64.rpm apache2-doc-2.4.51-150400.6.17.1.noarch.rpm apache2-prefork-2.4.51-150400.6.17.1.x86_64.rpm apache2-utils-2.4.51-150400.6.17.1.x86_64.rpm apache2-worker-2.4.51-150400.6.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1827 Recommended update for wicked important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove "missed config" generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when "lower" interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. wicked-0.6.75-150400.3.24.1.src.rpm wicked-0.6.75-150400.3.24.1.x86_64.rpm wicked-service-0.6.75-150400.3.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1660 Recommended update for pam_pkcs11 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam_pkcs11 fixes the following issue: - Fix 0001-Set-slot_num-configuration-parameter-to-0-by-default (bsc#1221255) pam_pkcs11-0.6.10-150100.3.3.2.src.rpm pam_pkcs11-0.6.10-150100.3.3.2.x86_64.rpm pam_pkcs11-32bit-0.6.10-150100.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2065 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071) WebKitGTK-4.0-lang-2.44.2-150400.4.83.2.noarch.rpm WebKitGTK-4.1-lang-2.44.2-150400.4.83.2.noarch.rpm WebKitGTK-6.0-lang-2.44.2-150400.4.83.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.2-150400.4.83.2.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.2-150400.4.83.2.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.2-150400.4.83.2.x86_64.rpm libwebkit2gtk-4_0-37-2.44.2-150400.4.83.2.x86_64.rpm libwebkit2gtk-4_1-0-2.44.2-150400.4.83.2.x86_64.rpm libwebkitgtk-6_0-4-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk3-2.44.2-150400.4.83.2.src.rpm webkit2gtk3-devel-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk3-soup2-2.44.2-150400.4.83.2.src.rpm webkit2gtk3-soup2-devel-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk4-2.44.2-150400.4.83.2.src.rpm webkitgtk-6_0-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1762 Security update for perl important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) perl-5.26.1-150300.17.17.1.src.rpm perl-5.26.1-150300.17.17.1.x86_64.rpm perl-base-5.26.1-150300.17.17.1.x86_64.rpm perl-core-DB_File-5.26.1-150300.17.17.1.x86_64.rpm perl-doc-5.26.1-150300.17.17.1.noarch.rpm perl-base-32bit-5.26.1-150300.17.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1631 Recommended update for python-argcomplete and python-Twisted moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-argcomplete and python-Twisted fixes the following issue: - Fix update-alternatives (bsc#1224109) python-argcomplete-1.9.2-150000.3.8.1.src.rpm python3-Twisted-22.2.0-150400.18.1.src.rpm python3-Twisted-22.2.0-150400.18.1.x86_64.rpm python3-argcomplete-1.9.2-150000.3.8.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1770 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking - CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types - CVE-2024-4770: Use-after-free could occur when printing to PDF - CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 MozillaFirefox-115.11.0-150200.152.137.2.src.rpm MozillaFirefox-115.11.0-150200.152.137.2.x86_64.rpm MozillaFirefox-devel-115.11.0-150200.152.137.2.noarch.rpm MozillaFirefox-translations-common-115.11.0-150200.152.137.2.x86_64.rpm MozillaFirefox-translations-other-115.11.0-150200.152.137.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1797 Recommended update for ipset moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ipset fixes the following issue: - Fix build with latest kernel (bsc#1223370) ipset-7.15-150400.12.6.4.src.rpm ipset-7.15-150400.12.6.4.x86_64.rpm ipset-devel-7.15-150400.12.6.4.x86_64.rpm libipset13-7.15-150400.12.6.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1956 Recommended update for google-errorprone, guava moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for google-errorprone, guava fixes the following issues: guava: - guava was updated to version 33.1.0: * Changes of version 33.1.0: + Updated our Error Prone dependency to 2.26.1, which includes a JPMS-ready jar of annotations. If you use the Error Prone annotations in a modular build of your own code, you may need to add a requires line for them. + base: Added a Duration overload for Suppliers.memoizeWithExpiration. + base: Deprecated the remaining two overloads of Throwables.propagateIfPossible. They won't be deleted, but we recommend migrating off them. + cache: Fixed a bug that could cause false "recursive load" reports during refresh. + graph: Changed the return types of transitiveClosure() and reachableNodes() to Immutable* types. reachableNodes() already returned an immutable object (even though that was not reflected in the declared return type); transitiveClosure() used to return a mutable object. The old signatures remain available, so this change does not break binary compatibility. + graph: Changed the behavior of views returned by graph accessor methods that take a graph element as input: They now throw IllegalStateException when that element is removed from the graph. + hash: Optimized Checksum-based hash functions for Java 9+. + testing: Exposed FakeTicker Duration methods to Android users. + util.concurrent: Deprecated the constructors of UncheckedExecutionException and ExecutionError that don't accept a cause. We won't remove these constructors, but we recommend migrating off them, as users of those classes often assume that instances will contain a cause. + util.concurrent: Improved the correctness of racy accesses for J2ObjC users. * Changes of version 33.0.0: + This version of guava-android contains some package-private methods whose signature includes the Java 8 Collector API. This is a test to identify any problems before we expose those methods publicly to users. Please report any problems that you encounter. + Changed various classes to catch Exception instead of RuntimeException even when only RuntimeException is theoretically possible. This can help code that throws undeclared exceptions, as some bytecode rewriters (e.g., Robolectric) and languages (e.g., Kotlin) do. + Added an Automatic-Module-Name to failureaccess, Guava's one strong runtime dependency. + reflect: In guava-android only, removed Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). These methods never worked in an Android VM, and to reflect that, they were born @Deprecated, @Beta, and @DoNotCall. They're now preventing us from rolling out some new Android compatibility testing. This is the only binary-incompatible change in this release, and it should have no effect in practice. Still, we bump the major version number to follow Semantic Versioning. + util.concurrent: Changed our implementations to avoid eagerly initializing loggers during class loading. This can help performance, especially under Android. * Changes of version 32.1.3: + Changed Gradle Metadata to include dependency versions directly. This may address "Could not find some-dependency" errors that some users have reported (which might be a result of users' excluding guava-parent). + collect: Changed Multisets.unmodifiableMultiset(set) .removeIf(predicate) to throw an exception always, even if nothing matches predicate. + graph: Fixed the behavior of Graph/ValueGraph views for a node when that node is removed from the graph. + io: Fixed Files.createTempDir and FileBackedOutputStream under Windows services, a rare use case. (The fix actually covers only Java 9+ because Java 8 would require an additional approach. Let us know if you need support under Java 8.) + net: Made MediaType.parse allow and skip over whitespace around the / and = separator tokens in addition to the ; separator, for which it was already being allowed. + util.concurrent: Tweaked Futures.getChecked constructor-selection behavior: The method continues to prefer to call constructors with a String parameter, but now it breaks ties based on whether the constructor has a Throwable parameter. Beyond that, the choice of constructor remains undefined. (For this and other reasons, we discourage the use of getChecked.) * Changes of version 32.1.2: + Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. + Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. + collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. + net: Optimized InternetDomainName construction. * Changes of version 32.1.1: + Fixed our broken Gradle metadata from 32.1.0. Sorry again for the trouble. If you use Gradle, please still read the release notes from that version: You may still see errors from the new checking that the metadata enables, and the release notes discuss how to fix those errors. * Changes of version 32.1.0: + collect: Tweaked more nullness annotations. + hash: Enhanced crc32c() to use Java's hardware-accelerated implementation where available. + util.concurrent: Added Duration-based default methods to ListeningExecutorService. + Began updating Javadoc to focus less on APIs that have been superseded by additions to the JDK. We're also looking to add more documentation that directs users to JDK equivalents for our APIs. Further PRs welcome! + Fixed some problems with using Guava from a Java Agent. (But we don't test that configuration, and we don't know how well we'll be able to keep it working.) + Fixed BootstrapMethodError when using CacheBuilder from a custom system class loader. (As with the previous item, we're not sure how well we'll be able to keep this use case working.) + Suppressed a harmless unusable-by-js warning seen by users of guava-gwt. - Fix version mismatch in the ant build files. - The binaries are compatible with java 1.8 google-errorprone, google-errorprone-annotations: - google-errorprone and google-errorprone-annotations were updated to version 2.26.1: * Changes of version 2.26.1: + Fixes the module name: from 'com.google.errorprone.annotation' to 'com.google.errorprone.annotations'. Amends the OSGi build not to include 'Automatic-Module-Name' in the MANIFEST.MF for the 'annotations' project. * Changes of version 2.26.0: + The 'annotations' artifact now includes a module-info.java for Java Platform Module System support. + Disabled checks passed to -XepPatchChecks are now ignored, instead of causing a crash. + New checks: - SystemConsoleNull: Null-checking System.console() is not a reliable way to detect if the console is connected to a terminal. - EnumOrdinal: Discourage uses of Enum.ordinal() + Closed issues: - Add module-info.java - 2.19.x: Exception thrown when a disabled check is passed to -XepPatchChecks - Ignore disabled checks passed to -XepPatchChecks - feat: add jpms definition for annotations - Add the 'compile' goal for 'compile-java9' * Changes of version 2.25.0: + New checks: - JUnitIncompatibleType: Detects incompatible types passed to an assertion, similar to TruthIncompatibleType - RedundantSetterCall: Detects fields set twice in the same chained expression. Generalization of previous ProtoRedundantSet check to also handle AutoValue. + Closed issues: - Crash in UnnecessaryStringBuilder - Fix typos - Add support for specifying badEnclosingTypes for BadImport via flags - Some BugPattern docs are missing code examples - Remove incorrect statement from BugPattern index doc - Do not report NonFinalStaticField findings for fields modified in @BeforeAll methods * Changes of version 2.24.1: + Add an assertion to try to help debug * Changes of version 2.24.0: + New checks: - MultipleNullnessAnnotations: Discourage multiple nullness annotations - NullableTypeParameter: Discourage nullness annotations on type parameters - NullableWildcard: Discourage nullness annotations on wildcards - SuperCallToObjectMethod: Generalization of SuperEqualsIsObjectEquals, now covers hashCode * Changes of version 2.23.0: + New checks: DuplicateDateFormatField, NonFinalStaticField, StringCharset, StringFormatWithLiteral, SuperEqualsIsObjectEquals + Bug fixes and improvements * Changes of version 2.22.0: + New checks: - ClosingStandardOutputStreams: Prevents accidentally closing System.{out,err} with try-with-resources - TruthContainsExactlyElementsInUsage: containsExactly is preferred over containsExactlyElementsIn when creating new iterables - UnnecessaryAsync: detects unnecessary use of async primitives in local (and hence single-threaded) scopes - ReturnAtTheEndOfVoidFunction: detects unnecessary return statements at the end of void functions - MultimapKeys: Suggests using keySet() instead of iterating over Multimap.keys(), which does not collapse duplicates + Bug fixes and improvements: - Don't complain about literal IP addresses in AddressSelection - Prevent SuggestedFixes#renameMethod from modifying return type declaration - Fix UnusedVariable false positives for private record parameters - When running in conservative mode, no longer assume that implementations of Map.get, etc. return null - CanIgnoreReturnValueSuggester: Support additional exempting method annotations - UnusedVariable: exclude junit5's @RegisterExtension - Support running all available patch checks - Upgrade java-diff-utils 4.0 -> 4.12 - Flag unused Refaster template parameters - Support @SuppressWarnings("all") - Prevent Refaster UMemberSelect from matching method parameters - MissingDefault : Don't require // fall out comments on expression switches - Skip UnnecessaryLambda findings for usages in enhanced for loops - Fix bug where nested MissingBraces violations' suggested fixes result in broken code - Add support for specifying exemptPrefixes/exemptNames for UnusedVariable via flags - UnusedMethod: Added exempting variable annotations * Changes of version 2.21.1: + Handle overlapping ranges in suppressedRegions + Add AddressSelection to discourage APIs that convert a hostname to a single address * Changes of version 2.21.0: + New Checkers: - AttemptedNegativeZero: Prevents accidental use of -0, which is the same as 0. The floating-point negative zero is -0.0. - ICCProfileGetInstance: Warns on uses of ICC_Profile.getInstance(String), due to JDK-8191622. - MutableGuiceModule: Fields in Guice modules should be final. - NullableOptional: Discourages @Nullable-annotated Optionals. - OverridingMethodInconsistentArgumentNamesChecker: Arguments of overriding method are inconsistent with overridden method. + Fixed issues: - Avoid MemberName IOOBE on lambda parameters inside overriding methods - Improve LockOnNonEnclosingClassLiteral documentation - Security scan reported high CVE for com.google.guava:guava:31.1-jre - Upgrade guava to 32.0.1 - Proposal: checker to prevent other checkers from calling javac methods that changed across JDKs - Add support in ASTHelpersSuggestions for getEnclosedElements * Changes of version 2.20.0: + This release is compatible with early-access builds of JDK 21. + New Checkers: InlineTrivialConstant, UnnecessaryStringBuilder, BanClassLoader, DereferenceWithNullBranch, DoNotUseRuleChain, LockOnNonEnclosingClassLiteral, MissingRefasterAnnotation, NamedLikeContextualKeyword, NonApiType + Fixes issues: - Introduce MissingRefasterAnnotation checker - Fix minor typo in URepeated - Drop unused constant Template#AUTOBOXING_DEFAULT - Introduce command-line flag -XepAllSuggestionsAsWarnings - JDK21 compatibility - Add OSGi runtime metadata to error-prone's MANIFEST.MF files - Use EISOP Checker Framework version 3.34.0-eisop1 - NotJavadoc pattern does not allow Javadoc on module declarations - ErrorProneInjector incorrectly picks up the no-args constructor - Several high CVEs related to dependency com.google.protobuf:protobuf-java:3.19.2 - Upgrade protobuf-java to 3.19.6 * Changes of version 2.19.1: + This release fixes a binary compatibility issue when running on JDK 11 * Changes of version 2.19.0: + New Checkers: NotJavadoc, StringCaseLocaleUsage, UnnecessaryTestMethodPrefix + Fixes issues: - Exclude inner classes annotated with @Nested from ClassCanBeStatic rule - Optimize VisitorState#getSymbolFromName - ClassCanBeStatic: Exclude JUnit @Nested classes - BadImport: flag static import of newInstance methods - Support given for enforcing DirectInvocationOnMock: issue 3396 - Handle yield statement case in ASTHelpers#targetType - Should ASTHelpers.getSymbol(Tree) be annotated with @Nullable? - Fix '@' character in javadoc code snippets - Replace guava cache with caffeine - Discourage APIs locale-dependent APIs like String.to{Lower,Upper}Case - Introduce StringCaseLocaleUsage check * Changes of version 2.18.0: + New Checkers: InjectOnBugCheckers, LabelledBreakTarget, UnusedLabel, YodaCondition + Fixes issues: - @SuppressWarnings("InlineFormatString") doesn't work - Refaster: support method invocation type argument inlining - java.lang.IllegalArgumentException: Cannot edit synthetic AST nodes with specific record constructor - Rename class to match filename - Optimize VisitorState#getSymbolFromName - refactor: refactor bad smell UnusedLabel - LambdaFunctionalInterface crash with IllegalArgumentException when processing an enum constructor taking a lambda - Fix JDK 20-ea build compatibility - UngroupedOverloads: ignore generated constructors - [errorprone 2.17.0] NPE in StatementSwitchToExpressionSwitch.analyzeSwitchTree - StatementSwitchToExpressionSwitch: handle empty statement blocks - StatementSwitchToExpressionSwitch: only trigger on compatible target versions - Fix Finalize bugpattern to match protected finalize() - Make MemoizeConstantVisitorStateLookups check suppressible * Changes of version 2.17.0: + New Checkers: AvoidObjectArrays, Finalize, IgnoredPureGetter, ImpossibleNullComparison, MathAbsoluteNegative, NewFileSystem, StatementSwitchToExpressionSwitch, UnqualifiedYield + Fixed issues: - InvalidParam warning on Javadoc for Java record components - UnusedMethod flags @JsonValue methods as unused - UnusedMethod: Add more JPA lifecycle annotations or make annotations configurable - UnusedMethod: Support additional exempting method annotations - Have InvalidParam support records - Fix -XepDisableAllWarnings flag when passed on its own - ASTHelpersSuggestions does not flag call to packge() on com.sun.tools.javac.code.Symbol.ClassSymbol - @SupressWarnings on record compact constructor causes crash * Changes of version 2.16.0: + New Checkers: ASTHelpersSuggestions, CanIgnoreReturnValueSuggester, LenientFormatStringValidation, UnnecessarilyUsedValue + Fixed issues: - Avoid using non-ASCII Unicode characters outside of comments and literals - NullPointerException thrown during analysis - NPE analysing new style switch statement (2.14.0) - ImmutableChecker handles null types - Drop pre-JDK 11 logic from Refaster's Inliner class * Changes of version 2.15.0: + New Checkers: BuilderReturnThis, CanIgnoreReturnValueSuggester, CannotMockFinalClass, CannotMockFinalMethod, DirectInvocationOnMock, ExtendsObject, MockNotUsedInProduction, NoCanIgnoreReturnValueOnClasses, NullArgumentForNonNullParameter, SelfAlwaysReturnsThis, UnsafeWildcard, UnusedTypeParameter * Changes of version 2.14.0: + New checkers: BanJNDI, EmptyTopLevelDeclaration, ErroneousBitwiseExpression, FuzzyEqualsShouldNotBeUsedInEqualsMethod, Interruption, NullableOnContainingClass * Changes of version 2.13.1: + Fix a crash in UnnecessaryBoxedVariable + Include the unicode character in the diagnostic message * Changes of version 2.13.0: + Handle all annotations with the simple name Generated in -XepDisableWarningsInGeneratedCode + Reconcile BugChecker#isSuppressed with suppression handling in ErrorProneScanner + Fix a bug in enclosingPackage + Improve performance of fix application + Implicitly treat @AutoBuilder setter methods as @CanIgnoreReturnValue. + Remove some obsolete checks (PublicConstructorForAbstractClass, HashCodeToString) * Changes of version 2.12.1: + This release adds an infrastructure optimization to AppliedFix source code processing. * Changes of version 2.12.0: + New checks: BoxedPrimitiveEquality, DoubleBraceInitialization, IgnoredPureGetter, LockOnBoxedPrimitive, IncorrectMainMethod, LongDoubleConversion, RobolectricShadowDirectlyOn, StaticAssignmentOfThrowable, UnnecessaryLongToIntConversion, Varifier - Do not require maven-javadoc-plugin as it's not being used guava-33.1.0-150200.3.10.1.noarch.rpm guava-33.1.0-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1890 Recommended update for patterns-wsl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-wsl fixes the following issues: - `wslg.conf` is now provided by a new package named `patterns-wsl-tmpfiles` which is required by `patterns-wsl-systemd`: * WSL uses `/etc/zypp/zypp.conf:solver.onlyRequires = true` by default - Ensure creation of the file `wslg.conf` if it doesn't exist patterns-wsl-20240327-150400.3.11.1.src.rpm patterns-wsl-base-20240327-150400.3.11.1.noarch.rpm patterns-wsl-gui-20240327-150400.3.11.1.noarch.rpm patterns-wsl-systemd-20240327-150400.3.11.1.noarch.rpm patterns-wsl-tmpfiles-20240327-150400.3.11.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1940 Recommended update for suseconnect-ng moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow "--rollback" flag to run on readonly filesystem (bsc#1220679) libsuseconnect-1.9.0-150400.3.31.2.x86_64.rpm suseconnect-ng-1.9.0-150400.3.31.2.src.rpm suseconnect-ng-1.9.0-150400.3.31.2.x86_64.rpm suseconnect-ruby-bindings-1.9.0-150400.3.31.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1872 Security update for python-tqdm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-tqdm fixes the following issues: Update to version 4.66.4: * rich: fix completion * cli: eval safety (CVE-2024-34062, bsc#1223880) * pandas: add DataFrame.progress_map * notebook: fix HTML padding * keras: fix resuming training when verbose>=2 * fix format_num negative fractions missing leading zero * fix Python 3.12 DeprecationWarning on import python-tqdm-4.66.4-150400.9.12.1.src.rpm python-tqdm-bash-completion-4.66.4-150400.9.12.1.noarch.rpm python311-tqdm-4.66.4-150400.9.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1771 Security update for ucode-intel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel® Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel® Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel® Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. ucode-intel-20240514-150200.41.1.src.rpm ucode-intel-20240514-150200.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1807 Security update for git important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). git-2.35.3-150300.10.39.1.src.rpm git-2.35.3-150300.10.39.1.x86_64.rpm git-arch-2.35.3-150300.10.39.1.x86_64.rpm git-core-2.35.3-150300.10.39.1.x86_64.rpm git-cvs-2.35.3-150300.10.39.1.x86_64.rpm git-daemon-2.35.3-150300.10.39.1.x86_64.rpm git-doc-2.35.3-150300.10.39.1.noarch.rpm git-email-2.35.3-150300.10.39.1.x86_64.rpm git-gui-2.35.3-150300.10.39.1.x86_64.rpm git-svn-2.35.3-150300.10.39.1.x86_64.rpm git-web-2.35.3-150300.10.39.1.x86_64.rpm gitk-2.35.3-150300.10.39.1.x86_64.rpm perl-Git-2.35.3-150300.10.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1861 Security update for python3-sqlparse important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-sqlparse fixes the following issues: - CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603). python3-sqlparse-0.4.2-150300.12.1.noarch.rpm python3-sqlparse-0.4.2-150300.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2568 Security update for mockito, snakeyaml, testng important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline (not applicable to mockito-android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the "inline bytecode" principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation - Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. - Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions - New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method. - byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: - Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java - Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove Trusted*Inspector classes from main sources tree - Changes of version 2.0: * Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class<? super T> type instead of Class<T> * CustomClassLoaderConstructor takes LoaderOptions * Check input parameters for non-null values testng was updated to version 7.10.1: - Security issues fixed: * CVE-2022-4065: Fixed Zip Slip Vulnerability (bsc#1205628) - Changes of version 7.10.1: * Fixed maven build with junit5 - Changes of version 7.10.0: * Minor discrepancy fixes * Deleting TestNG eclipse plugin specific classes * Remove deprecated JUnit related support in TestNG * Handle exceptions in emailable Reporter * Added wrapperbot and update workflow order * Support ITestNGFactory customisation * Streamlined data provider listener invocation * Streamlined Guice Module creation in concurrency. * Copy test result attributes when unexpected failures * chore: use explicit dependency versions instead of refreshVersions * Removed Ant * Support ordering of listeners * Added errorprone * Allow custom thread pool executors to be wired in. * Allow data providers to be non cacheable * Use Locks instead of synchronised keyword * Document pgp artifact signing keys * Added Unique Id for all test class instances * Added issue management workflows * Map object to configurations * Allow listeners to be disabled at runtime * Streamlined Data Provider execution * Honour inheritance when parsing listener factories * Tweaks around accessing SuiteResult * Streamlined random generation * Streamlined dependencies for configurations - Changes of version 7.9.0: * Fixed maps containing nulls can be incorrectly considered equal * Test Results as artifacts for failed runs * Fixed data races * Dont honour params specified in suite-file tag * Decouple SuiteRunner and TestRunner * Disable Native DI for BeforeSuite methods * Streamlined running Parallel Dataproviders+retries * Removed extra whitespace in log for Configuration.createMethods() * Added the link for TestNG Documentation's GitHub Repo in README.md * FirstTimeOnlyConfig methods + Listener invocations * Added overrideGroupsFromCliInParentChildXml test * Ensure thread safety for attribute access * Added @inherited to the Listeners annotation * Restrict Group inheritance to Before|AfterGroups * Ensure ITestResult injected to @AfterMethod is apt * Support suite level thread pools for data provider * Favour CompletableFuture instead of PoolService * Favour FutureTask for concurrency support * Shared Threadpool for normal/datadriven tests. * Abort for invalid combinations - Changes of version 7.8.0: * [Feature] Not exception but warning if some (not all) of the given test names are not found in suite files. * [Feature] Generate testng-results.xml per test suite * [Feature] Allow test classes to define "configfailurepolicy" at a per class level * XmlTest index is not set for test suites invoked with YAML * Listener's onAfterClass is called before @afterclass configuration methods are executed. * After upgrading to TestNG 7.5.0, setting ITestResult.status to FAILURE doesn't fail the test anymore * JUnitReportReporter should capture the test case output at the test case level * TestNG.xml doesn't honour Parallel value of a clone * before configuration and before invocation should be 'SKIP' when beforeMethod is 'skip' * Test listeners specified in parent testng.xml file are not included in testng-failed.xml file * Discrepancies with DataProvider and Retry of failed tests * Skipped Tests with DataProvider appear as failed * testng-results xml reports config skips from base classes as ignored * Feature: Check that specific object present in List * Upgraded snakeyaml to 2.0 - Changes of version 7.7.1: * Streamline overloaded assertion methods for Groovy - Changes of version 7.7.0: * Replace FindBugs by SpotBugs * Gradle: Drop forUseAtConfigurationTime() * Added ability to provide custom message to assertThrows\expectThrows methods * Only resolve hostname once * Prevent overlogging of debug msgs in Graph impl * Streamlined dataprovider invoking in abstract classes * Streamlined TestResult due to expectedExceptions * Unexpected test runs count with retry analyzer * Make PackageUtils compliant with JPMS * Ability to retry a data provider during failures * Fixing bug with DataProvider retry * Added config key for callback discrepancy behavior * Fixed FileAlreadyExistsException error on copy * JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted #2825 * Changing assertion message of the osgitest * Enhancing the Matrix * Avoid Compilation errors on Semeru JDK flavour. * Add addition yml extension * Support getting dependencies info for a test * Honour regex in dependsOnMethods * Ensure All tests run all the time * Deprecate support for running Spock Tests * Streamline dependsOnMethods for configurations * Ensure ITestContext available for JUnit4 tests * Deprecate support for running JUnit tests * Changes of 7.6.1 * Fix Files.copy() such that parent dirs are created * Remove deprecated utility methods - Changes of version 7.6.0: * Remove redundant Parameter implementation * Upgraded to JDK11 * Move SimpleBaseTest to be Kotlin based * Restore testnames when using suites in suite. * Moving ClassHelperTests into Kotlin * IHookable and IConfigurable callback discrepancy * Minor refactoring * Add additional condition for assertEqualsNoOrder * beforeConfiguration() listener method should be invoked for skipped configurations as well * Keep the initial order of listeners * SuiteRunner could not be initial by default Configuration * Enable Dataprovider failures to be considered. * BeforeGroups should run before any matched test * Fixed possible StringIndexOutOfBoundsException exception in XmlReporter * DataProvider: possibility to unload dataprovider class, when done with it * Fixed possibilty that AfterGroups method is invoked before all tests * Fixed equals implementation for WrappedTestNGMethod * Wire-In listeners consistently * Streamline AfterClass invocation * Show FQMN for tests in console * Honour custom attribute values in TestNG default reports snakeyaml-2.2-150200.3.15.1.noarch.rpm snakeyaml-2.2-150200.3.15.1.src.rpm testng-7.10.1-150200.3.10.1.noarch.rpm testng-7.10.1-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2000 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: javadoc-parser: - Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes) maven-filtering was updated to version 3.3.2: - Build against the plexus-build-api0 package containing sonatype plexus build api - Version 3.3.2: * Changes: + pick correct hamcrest dependency + Prefer commons lang to plexus utils + MSHARED-1214: move tag back to HEAD + MSHARED-1216: Use caching output stream + Bump org.codehaus.plexus:plexus-utils from 3.0.16 to 3.0.24 in /src/test/resources + Fix typos and grammar + Fix 'licenced' typo in PR template + refactor IncrementalResourceFilteringTest + MSHARED-1340: Require Maven 3.6.3+ + Bump commons-io:commons-io from 2.11.0 to 2.15.1 + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 + MSHARED-1339: Bump org.apache.maven.shared:maven-shared-components from 39 to 41 + MSHARED-1290: Fix PropertyUtils cycle detection results in false positives + MSHARED-1285: use an up-to-date scanner instead the newscanner + Bump org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 + Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 + Bump release-drafter/release-drafter from 5 to 6 + Bump org.junit.jupiter:junit-jupiter-api from 5.10.1 to 5.10.2 + MSHARED-1351: Fix console message when origin is baseDir + MSHARED-1050: Fix ConcurrentModificationException for maven-filtering + MSHARED-1330: Always overwrite files - Version 3.3.1: * Changes: + MSHARED-1175: Copying x resources from rel/path to rel/path + MSHARED-1213: Bug: filtering existing but 0 byte file + MSHARED-1199: Upgrade parent pom to 39 + MSHARED-1112: Ignore setting permissions on non existing dest files/symlinks + MSHARED-1144: remove rendundant error message - Version 3.3.0: * Changes: + Fixed cloning of MavenResourcesExecution's instances using copyOf() method + MRESOURCES-258: Copying and filtering logic is delegated to FileUtils + replace deprecated methods + replace deprecated code in favor of Java 7 core and apache commons libraries declare dependencies + MSHARED-1080: Parent POM 36, Java8, drop legacy. maven-plugin-tools: - Build against the plexus-build-api0 package containing sonatype plexus build api - Added dependency on plexus-xml where relevant modello was updated to version 2.4.0: - Build against the new codehaus plexus build api 1.2.0 - Build all modello plugins - Version 2.4.0: * New features and improvements: + Keep license structure + Support addition of license header to generated files + Make generated code - Java 8 based by default + threadsafety * Bugs fixed: + Revert snakeyaml to 1.33 (as 2.x is not fully compatible with 1.x). - Version 2.3.0: * Changes: + Kill off dead Plexus + Fix for #366 - Version 2.2.0: * Changes: + Parse javadoc tags in xdoc generator (only @since is supported atm) + Use generic in Xpp3Reader for JDK 5+ + Get rid of usage deprecated Reader/WriterFactory + Make spotless plugin work with Java 21 + Support java source property being discovered as 1.x + Fix thread safety issues by not using singletons for generators + Improve discovering javaSource based on maven.compiler properties, default as 8 + Switch Plexus Annotation to JSR-330 + Make spotless plugin work with Java 21 - Add dependency on plexus-xml where relevant plexus-build-api was updated to version 1.2.0: - Version 1.2.0: * Potentially breaking changes: + change package to org.codehaus.plexus.build * New features and improvements: + Convert to JSR 330 component + Bump sisu-maven-plugin from 0.3.5 to 0.9.0.M2 + Switch to parent 13 and reformat + Use a CachingOutputStream when using the build context + Reuse plexus-pom action for CI + Add README and LICENSE + Remove ThreadBuildContext * Bugs fixed: + Store Objects in the DefaultContext in a map + Let the DefaultBuildContext delegate to the legacy build-api plexus-build-api0 was implemented at version 0.0.8: - New package plexus-xml: - Deliver plexus-xml RPM package to meet new dependency requirements (no source changes) maven-filtering-3.3.2-150200.3.7.2.noarch.rpm maven-filtering-3.3.2-150200.3.7.2.src.rpm maven-plugin-annotations-3.13.0-150200.3.12.2.noarch.rpm maven-plugin-tools-3.13.0-150200.3.12.2.src.rpm plexus-build-api-1.2.0-150200.3.7.1.noarch.rpm plexus-build-api-1.2.0-150200.3.7.1.src.rpm plexus-build-api0-0.0.8-150200.5.5.2.noarch.rpm plexus-build-api0-0.0.8-150200.5.5.2.src.rpm plexus-xml-3.0.0-150200.5.5.1.noarch.rpm plexus-xml-3.0.0-150200.5.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2479 Security update for python3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) libpython3_6m1_0-3.6.15-150300.10.65.1.x86_64.rpm python3-3.6.15-150300.10.65.2.src.rpm python3-3.6.15-150300.10.65.2.x86_64.rpm python3-base-3.6.15-150300.10.65.1.x86_64.rpm python3-core-3.6.15-150300.10.65.1.src.rpm python3-curses-3.6.15-150300.10.65.2.x86_64.rpm python3-dbm-3.6.15-150300.10.65.2.x86_64.rpm python3-devel-3.6.15-150300.10.65.1.x86_64.rpm python3-idle-3.6.15-150300.10.65.2.x86_64.rpm python3-tk-3.6.15-150300.10.65.2.x86_64.rpm python3-tools-3.6.15-150300.10.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1859 Security update for java-1_8_0-ibm important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): - CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). - CVE-2024-21094: Fixed C2 compilation fails with "Exceeded _node_regs array" (bsc#1222986). - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). - CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). - CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). - CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1880 Security update for python-requests moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). python-requests-2.25.1-150300.3.9.1.src.rpm python3-requests-2.25.1-150300.3.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2034 Recommended update for dpdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issue: - Fix dpdk_nic_bind 'python': No such file or directory (bsc#1219990) * Add requires for 'which' as dpdk-tools has its dependency dpdk-19.11.10-150400.4.15.13.src.rpm dpdk-19.11.10-150400.4.15.13.x86_64.rpm dpdk-devel-19.11.10-150400.4.15.13.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.119-150400.4.15.13.x86_64.rpm dpdk-tools-19.11.10-150400.4.15.13.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.15.13.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1791 Recommended update for bpftool moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bpftool fixes the following issue: - Enable showing info for processes holding BPF map/prog/link/btf FDs (jsc#PED-8375) bpftool-5.14.21-150400.9.7.2.src.rpm bpftool-5.14.21-150400.9.7.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2108 Security update for containerd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). containerd-1.7.17-150000.111.3.src.rpm containerd-1.7.17-150000.111.3.x86_64.rpm containerd-ctr-1.7.17-150000.111.3.x86_64.rpm containerd-devel-1.7.17-150000.111.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1907 Security update for ffmpeg-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586) - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ffmpeg-4-4.4-150400.3.32.1.src.rpm libavcodec58_134-4.4-150400.3.32.1.x86_64.rpm libavformat58_76-4.4-150400.3.32.1.x86_64.rpm libavutil56_70-4.4-150400.3.32.1.x86_64.rpm libpostproc55_9-4.4-150400.3.32.1.x86_64.rpm libswresample3_9-4.4-150400.3.32.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1995 Recommended update for libteam moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libteam fixes the following issue: - teamd: lw: arp_ping: bitmask VID in VLAN BPF filter (bsc#1224798) libteam-1.27-150000.4.15.2.src.rpm libteam-devel-1.27-150000.4.15.2.x86_64.rpm libteam-tools-1.27-150000.4.15.2.x86_64.rpm libteam5-1.27-150000.4.15.2.x86_64.rpm libteamdctl0-1.27-150000.4.15.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1898 Recommended update for iputils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for iputils fixes the following issues: - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) - "arping: Fix 1s delay on exit for unsolicited arpings", Backport upstream fix (bsc#1224877) iputils-20211215-150400.3.8.2.src.rpm iputils-20211215-150400.3.8.2.x86_64.rpm rarpd-20211215-150400.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1802 Recommended update for e2fsprogs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) e2fsprogs-1.46.4-150400.3.6.2.src.rpm e2fsprogs-1.46.4-150400.3.6.2.x86_64.rpm e2fsprogs-devel-1.46.4-150400.3.6.2.x86_64.rpm libcom_err-devel-1.46.4-150400.3.6.2.x86_64.rpm libcom_err-devel-static-1.46.4-150400.3.6.2.x86_64.rpm libcom_err2-1.46.4-150400.3.6.2.x86_64.rpm libcom_err2-32bit-1.46.4-150400.3.6.2.x86_64.rpm libext2fs-devel-1.46.4-150400.3.6.2.x86_64.rpm libext2fs-devel-static-1.46.4-150400.3.6.2.x86_64.rpm libext2fs2-1.46.4-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2366 Security update for freeradius-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for freeradius-server fixes the following issues: - CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414). freeradius-server-3.0.25-150400.4.7.1.src.rpm freeradius-server-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-devel-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-krb5-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-ldap-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-libs-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-mysql-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-perl-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-postgresql-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-python3-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-sqlite-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-utils-3.0.25-150400.4.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1806 Security update for xdg-desktop-portal important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). xdg-desktop-portal-1.10.1-150400.3.6.1.src.rpm xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64.rpm xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64.rpm xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1914 Recommended update for perl-DBD-SQLite moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-DBD-SQLite fixes the following issues: - Remove sqlite files when building with system libraries * Avoiding having wrong sqlite version when checking with the perl module (bsc#1218946) perl-DBD-SQLite-1.66-150300.3.12.1.src.rpm perl-DBD-SQLite-1.66-150300.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2684 Recommended update for mozilla-nss moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added "Provides: nss" so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in "certutil dump keys with explicit default trust flags" * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. libfreebl3-3.101.2-150400.3.48.1.x86_64.rpm libfreebl3-32bit-3.101.2-150400.3.48.1.x86_64.rpm libsoftokn3-3.101.2-150400.3.48.1.x86_64.rpm libsoftokn3-32bit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-3.101.2-150400.3.48.1.src.rpm mozilla-nss-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-32bit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-certs-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-devel-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-sysinit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-tools-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-certs-32bit-3.101.2-150400.3.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3150 Recommended update for python3-PyNaCl, python3-paramiko moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-PyNaCl, python3-paramiko fixes the following issues: - Upgrade python3-PyNaCl from 1.4.0 to 1.5.0 - upgrade python3-paramiko from 2.4.3 to 3.4.0 python3-PyNaCl-1.5.0-150400.9.3.17.src.rpm python3-PyNaCl-1.5.0-150400.9.3.17.x86_64.rpm python3-paramiko-3.4.0-150400.9.3.3.noarch.rpm python3-paramiko-3.4.0-150400.9.3.3.src.rpm python3-paramiko-doc-3.4.0-150400.9.3.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1874 Security update for Java important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version 3.25.3: - New package implementation needed by Junit5 byte-buddy was updated to version v1.14.16: - `byte-buddy` is required by `assertj-core` - Changes in version v1.14.16: * Update ASM and introduce support for Java 23. - Changes in version v1.14.15: * Allow attaching from root on J9. - Changes of v1.14.14: * Adjust type validation to accept additional names that are legal in the class file format. * Fix dynamic attach on Windows when a service user is active. * Avoid failure when using Android's strict mode. dom4j was updated to version 2.1.4: - Improvements and potentially breaking changes: * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): + http://xml.org/sax/properties/external-general-entities + http://xml.org/sax/properties/external-parameter-entities - Other changes: * Do not depend on jtidy, since it is not used during build * Fixed license to Plexus * JPMS: Add the Automatic-Module-Name attribute to the manifest. * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j` * Updated pull-parser version * Reuse the writeAttribute method in writeAttributes * Support build on OS with non-UTF8 as default charset * Gradle: add an automatic module name * Use Correct License Name "Plexus" * Possible vulnerability of DocumentHelper.parseText() to XML injection * CVS directories left in the source tree * XMLWriter does not escape supplementary unicode characters correctly * writer.writeOpen(x) doesn't write namespaces * Fixed concurrency problem with QNameCache * All dependencies are optional * SAXReader: hardcoded namespace features * Validate QNames * StringIndexOutOfBoundsException in XMLWriter.writeElementContent() * TreeNode has grown some generics * QName serialization fix * DocumentException initialize with nested exception * Accidentally occurring error in a multi-threaded test * Added compatibility with W3C DOM Level 3 * Use Java generics hamcrest: - `hamcrest-core` has been replaced by `hamcrest` (no source changes) junit had the following change: - Require hamcrest >= 2.2 junit5 was updated to version 5.10.2: - Conditional execution based on OS architectures - Configurable cleanup mode for @TempDir - Configurable thread mode for @Timeout - Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf - Dry-run mode for test execution - Failure threshold for @RepeatedTest - Fixed build with the latest open-test-reporting milestone - Fixed dependencies in module-info.java files - Fixed unreported exception error that is fatal with JDK 21 - Improved configurability of parallel execution - New @SelectMethod support in test @Suite classes. - New ConsoleLauncher subcommand for test discovery without execution - New convenience base classes for implementing ArgumentsProvider and ArgumentConverter - New IterationSelector - New LauncherInterceptor SPI - New NamespacedHierarchicalStore for use in third-party test engines - New TempDirFactory SPI for customizing how temporary directories are created - New testfeed details mode for ConsoleLauncher - New TestInstancePreConstructCallback extension API - Numerous bug fixes and minor improvements - Parameter injection for @MethodSource methods - Promotion of various experimental APIs to stable - Reusable parameter resolution for custom extension methods via ExecutableInvoker - Stacktrace pruning to hide internal JUnit calls - The binaries are compatible with java 1.8 - Various improvements to ConsoleLauncher - XML reports in new Open Test Reporting format jdom: - Security issues fixed: * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request (bsc#1187446) - Other changes and bugs fixed: * Fixed wrong entries in changelog (bsc#1224410) * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom` jaxen was implemented at version 2.0.0: - New standalone RPM package implementation, originally part of `jdom` source package - Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools. - The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation - Despite the major version bump, this should be a drop in replacement for almost every project. The two major possible incompatibilities are: * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6. * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively it will need to add explicit dependencies to build. jopt-simple: - Included jopt-simple to Package Hub 15 SP5 (no source changes) objectweb-asm was updated to version 9.7: - New Opcodes.V23 constant for Java 23 - Bugs fixed * Fixed unit test regression in dex2jar. * Fixed 'ClassNode#outerClass' with incorrect JavaDocs. * asm-bom packaging should be 'pom'. * The Textifier prints a supplementary space at the end of each method that throws at least one exception. open-test-reporting: - Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime dependencies of Junit5 (no source changes) saxpath was implemented at version 1.0 FCS: - New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only) xom was implemented at version 1.3.9: - New standalone RPM package implementation, originally part of `jdom` source package - The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes. - The copy() method is now covariant. - Adds Automatic-Moduole-Name to jar - Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime. - Eliminate usage of com.sun classes to make XOM compatible with JDK 16. - Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance. dom4j-2.1.4-150200.12.10.2.noarch.rpm dom4j-2.1.4-150200.12.10.2.src.rpm hamcrest-2.2-150200.12.17.2.noarch.rpm hamcrest-2.2-150200.12.17.2.src.rpm jaxen-2.0.0-150200.5.3.1.noarch.rpm jaxen-2.0.0-150200.5.3.1.src.rpm jdom-1.1.3-150200.12.8.2.noarch.rpm jdom-1.1.3-150200.12.8.2.src.rpm junit-4.13.2-150200.3.15.2.noarch.rpm junit-4.13.2-150200.3.15.2.src.rpm objectweb-asm-9.7-150200.3.15.2.noarch.rpm objectweb-asm-9.7-150200.3.15.2.src.rpm xom-1.3.9-150200.5.3.3.noarch.rpm xom-1.3.9-150200.5.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2003 Security update for cups important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) cups-2.2.7-150000.3.59.1.src.rpm cups-2.2.7-150000.3.59.1.x86_64.rpm cups-client-2.2.7-150000.3.59.1.x86_64.rpm cups-config-2.2.7-150000.3.59.1.x86_64.rpm cups-ddk-2.2.7-150000.3.59.1.x86_64.rpm cups-devel-2.2.7-150000.3.59.1.x86_64.rpm libcups2-2.2.7-150000.3.59.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.59.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.59.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.59.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.59.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.59.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2256 Recommended update for maven-surefire, tycho moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for maven-surefire, tycho fixes the following issues: maven-surefire was updated to version 3.2.5: - Version 3.2.5: * Bugs fixed: + Surefire evaluates parameter jvm before skip + StatelessXmlReporter#getTestProblems() does not properly reflect report schema structure + Surefire ITs fail when project directory contains space + JaCoCo 0.8.11 fails with old TestNG releases on Java 17+ * Improvements: + Support flakyFailure and flakyError in TestSuiteXmlParser + Document minimum supported Java version for Toolchains - Version 3.2.3: * Bugs fixed: + Additional class path ordering broken since 3.2.0 + additionalClasspathElement with UNC path not working with Maven Failsafe Plugin + OutOfMemoryError raised when parsing files with huge stderr/stdout output in surefire-report-parser + SurefireForkChannel#getForkNodeConnectionString() returns invalid URI string if localHost resolves to IPv6 * Dependency upgrade: + Upgrade to HtmlUnit 3.8.0 + Upgrade to Parent 41 + Upgrade plugins and components (in ITs) - Version 3.2.2: * Bugs fixed: + Use maven-plugin-report-plugin only in plugins modules + Downgrade plexus-xml to 3.0.0 * Dependency updates: + Bump org.codehaus.plexus:plexus-java from 1.1.2 to 1.2.0 - Version 3.2.1: * New features and improvements: + Support forkNumber in environment variables + Use junit-bom instead of single JUnit 5 versions + Support adding additional Maven dependencies to the test runtime classpath + Clarified classpathDependencyExcludes + Log starter implementation on DEBUG level * Bugs fixed: + Fix module dependencies for compile only dependencies * Documentation updates: + Fix TestNG web site URL - Version 3.1.2: * Changes: + Use ChoiceFormat to selective render percentage and elapsed time in SurefireReportRenderer + Simplify serialization/deserialization of elapsed time + Potential NPE in WrappedReportEntry when #getElapsed() is called + Replace StringUtils#isEmpty(String) and #isNotEmpty(String) - Version 3.1.0: * Bugs fixed: + Cannot release Surefire on Windows * Improvements: + Replace SurefireReportGenerator with a new SurefireReportRenderer + Replace LocalizedProperties with (Custom)I18N approach from MPIR - Version 3.0.0: * New features and improvements: + Get rid of localRepository from surefire mojo parameter, use Resolver API * Bugs fixed: + Sanitize failIfNoSpecifiedTests prefix in failsafe + Fix reporting of skipped parameterized test * Documentation updates: + Refresh download page tycho: - Fixed build with maven-plugin-plugin >= 3.11 - Require at least maven-surefire 3 for build - Added dependency on plexus-xml where relevant maven-surefire-3.2.5-150200.3.9.12.8.noarch.rpm maven-surefire-3.2.5-150200.3.9.12.8.src.rpm maven-surefire-plugin-3.2.5-150200.3.9.12.1.noarch.rpm maven-surefire-plugins-3.2.5-150200.3.9.12.1.src.rpm maven-surefire-provider-junit-3.2.5-150200.3.9.12.8.noarch.rpm maven-surefire-provider-testng-3.2.5-150200.3.9.12.8.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2284 Recommended update for gmavenplus-plugin, istack-commons, replacer, xmvn moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gmavenplus-plugin, istack-commons, replacer, xmvn fixes the following issues: gmavenplus-plugin, istack-commons, replacer, xmvn: - Fixed build with `maven-plugin-plugin` xmvn-4.2.0-150200.3.21.2.src.rpm xmvn-4.2.0-150200.3.21.2.x86_64.rpm xmvn-api-4.2.0-150200.3.21.1.noarch.rpm xmvn-connector-4.2.0-150200.3.21.1.noarch.rpm xmvn-connector-4.2.0-150200.3.21.1.src.rpm xmvn-core-4.2.0-150200.3.21.1.noarch.rpm xmvn-install-4.2.0-150200.3.21.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.21.2.x86_64.rpm xmvn-mojo-4.2.0-150200.3.21.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.21.1.src.rpm xmvn-resolve-4.2.0-150200.3.21.1.noarch.rpm xmvn-subst-4.2.0-150200.3.21.1.noarch.rpm xmvn-tools-4.2.0-150200.3.21.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2079 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Gradle and Maven fixes the following issues: gradle-bootstrap: - Regenerate to account for the new plexus-xml dependency gradle: - Fixed build with the `plexus-xml` split from plexus-utils maven-artifact-transfer: - Added dependency on `plexus-xml` where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-assembly-plugin, maven-doxia, maven-doxia-sitetools, maven-install-plugin, maven-javadoc-plugin, maven-plugin-testing, maven-resolver, maven: - Added dependency on `plexus-xml` where relevant gradle-4.4.1-150200.3.18.1.src.rpm gradle-4.4.1-150200.3.18.1.x86_64.rpm maven-3.9.6-150200.4.24.2.src.rpm maven-3.9.6-150200.4.24.2.x86_64.rpm maven-artifact-transfer-0.13.1-150200.3.7.1.noarch.rpm maven-artifact-transfer-0.13.1-150200.3.7.1.src.rpm maven-doxia-1.12.0-150200.4.10.5.src.rpm maven-doxia-core-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.10.2.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.10.2.src.rpm maven-javadoc-plugin-3.6.0-150200.4.13.2.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.13.2.src.rpm maven-lib-3.9.6-150200.4.24.2.x86_64.rpm maven-resolver-1.9.18-150200.3.20.1.src.rpm maven-resolver-api-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-connector-basic-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-impl-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-named-locks-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-spi-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-file-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-http-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-wagon-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-util-1.9.18-150200.3.20.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2118 Recommended update for rpmlint moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - Support python >= 3.7 pyc parsing. (bsc#1225343) rpmlint-1.10-150000.7.87.1.noarch.rpm rpmlint-1.10-150000.7.87.1.src.rpm rpmlint-mini-1.10-150400.23.22.5.src.rpm rpmlint-mini-1.10-150400.23.22.5.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1991 Security update for unbound important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for unbound fixes the following issues: unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy Changes: * Removed DLV. The DLV has been decommisioned since unbound 1.5.4 and has been advised to stop using it since. The use of dlv options displays a warning. * Remove EDNS lame procedure, do not re-query without EDNS after timeout. * Add DNS over HTTPS * libunbound has been upgraded to major version 8 Security Fixes: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU. [bsc#1219826] * CVE-2022-30698: Novel "ghost domain names" attack by introducing subdomain delegations. [bsc#1202033] * CVE-2022-30699: Novel "ghost domain names" attack by updating almost expired delegation information. [bsc#1202031] * CVE-2022-3204: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack). [bsc#1203643] Packaging Changes: * Use prefixes instead of sudo in unbound.service * Remove no longer necessary BuildRequires: libfstrm-devel and libprotobuf-c-devel libunbound8-1.20.0-150100.10.13.1.x86_64.rpm unbound-1.20.0-150100.10.13.1.src.rpm unbound-anchor-1.20.0-150100.10.13.1.x86_64.rpm unbound-devel-1.20.0-150100.10.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1908 Security update for ffmpeg important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ffmpeg-3.4.2-150200.11.47.1.src.rpm libavcodec57-3.4.2-150200.11.47.1.x86_64.rpm libavformat57-3.4.2-150200.11.47.1.x86_64.rpm libavresample3-3.4.2-150200.11.47.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.47.1.x86_64.rpm libavutil55-3.4.2-150200.11.47.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.47.1.x86_64.rpm libpostproc54-3.4.2-150200.11.47.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.47.1.x86_64.rpm libswresample2-3.4.2-150200.11.47.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.47.1.x86_64.rpm libswscale4-3.4.2-150200.11.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2255 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: maven-file-management: - Use sisu-plexus instead of plexus-containers-container-default - Added dependency on plexus-xml where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-io: - Do not add PROVIDED dependency on plexus-container-default - Use sisu-plexus instead of plexus-containers-container-default - Removed unnecessary dependency on xmvn tools and parent pom maven2: - Use sisu-plexus instead of plexus-containers-container-default - Fixed build with both sisu-plexus and plexus-containers-container-default - Require the new plexus-xml package to fix build maven-shared-utils was updated to version 3.3.4: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers - Checked exception converted to raw runtime - PrettyPrintXmlWriter output is platform dependent - Deprecated StringUtils.unifyLineSeparator - Fixed environment variable with null value - Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0 plexus-ant-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default - Fixed the code to build both with sisu-plexus and plexus-containers-container-default. plexus-bsh-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-cli: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers plexus-i18n: - Use sisu-plexus instead of plexus-containers-container-default plexus-resources: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-sec-dispatcher: - Removed unnecessary dependency on plexus-containers-container-default - Add dependency on plexus-xml where relevant - Build with source and target levels 8 plexus-velocity: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default tesla-polyglot: - Fixed build with maven-plugin-plugin - Fixed build with snakeyaml 2.2 maven-artifact-2.2.1-150200.3.7.3.noarch.rpm maven-file-management-3.0.0-150200.3.7.3.noarch.rpm maven-file-management-3.0.0-150200.3.7.3.src.rpm maven-shared-io-3.0.0-150200.3.7.2.noarch.rpm maven-shared-io-3.0.0-150200.3.7.2.src.rpm maven-shared-utils-3.3.4-150200.3.7.2.noarch.rpm maven-shared-utils-3.3.4-150200.3.7.2.src.rpm maven2-2.2.1-150200.3.7.3.src.rpm plexus-i18n-1.0~beta10-150200.3.7.2.noarch.rpm plexus-i18n-1.0~beta10-150200.3.7.2.src.rpm plexus-sec-dispatcher-2.0-150200.3.7.3.noarch.rpm plexus-sec-dispatcher-2.0-150200.3.7.3.src.rpm plexus-velocity-1.2-150200.3.7.2.noarch.rpm plexus-velocity-1.2-150200.3.7.2.src.rpm tesla-polyglot-0.4.5-150200.3.7.2.src.rpm tesla-polyglot-common-0.4.5-150200.3.7.2.noarch.rpm tesla-polyglot-common-0.4.5-150200.3.7.2.src.rpm tesla-polyglot-groovy-0.4.5-150200.3.7.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2620 Recommended update for ant, lucene, mysql-connector-java, univocity-parsers moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant, lucene, mysql-connector-java, univocity-parsers fixes the following issues: ant: - Add forgotten open-test-reporting/events to ant.d/junitlauncher lucene was updated from version 8.5.0 to 8.11.2: - API Changes: * SimpleFSDirectory is deprecated in favor of NIOFSDirectory. * Removed ability to set DocumentsWriterPerThreadPool on IndexWriterConfig. The DocumentsWriterPerThreadPool is a packaged protected final class which made it impossible to customize. * MergeScheduler#merge doesn't accept a parameter if a new merge was found anymore. * SortFields are now responsible for writing themselves into index headers if they are used as index sorts. * Deprecate SimpleBindings#add(SortField). * MergeScheduler is now decoupled from IndexWriter. Instead it accepts a MergeSource interface that offers the basic methods to acquire pending merges, run the merge and do accounting around it. * QueryVisitor.consumeTermsMatching() now takes a Supplier<ByteRunAutomaton> to enable queries that build large automata to provide them lazily. TermsInSetQuery switches to using this method to report matching terms. * DocValues.emptySortedNumeric() no longer takes a maxDoc parameter * CodecUtil#checkFooter(IndexInput, Throwable) now throws a CorruptIndexException if checksums mismatch or if checksums can't be verified. * TieredMergePolicy#setMaxMergeAtOnceExplicit is deprecated and the number of segments that get merged via explicit merges is unlimited by default. * Lucene's facet module's DocValuesOrdinalsReader.decode method is now public, making it easier for applications to decode facet ordinals into their corresponding labels * Field comparators for numeric fields and _doc were moved to their own package. TopFieldCollector sets TotalHits.relation to GREATER_THAN_OR_EQUAL_TO, as soon as the requested total hits threshold is reached, even though in some cases no skipping optimization is applied and all hits are collected. * IndexingChain now accepts individual primitives rather than a DocumentsWriterPerThread instance in order to create a new DocConsumer. * Removed deprecation warning from IndexWriter#getFieldNames(). * Change the getValue method from IntTaxonomyFacets to be protected instead of private. Users can now access the count of an ordinal directly without constructing an extra FacetLabel. Also use variable length arguments for the getOrdinal call in TaxonomyReader. * DrillSideways allows sub-classes to provide "drill down" FacetsCollectors. They may provide a null collector if they choose to bypass "drill down" facet collection. * Add a new Directory reader open API from indexCommit and a custom comparator for sorting leaf readers * Replaced the ScoreCachingWrappingScorer ctor with a static factory method that ensures unnecessary wrapping doesn't occur. - New Features: * Grouping by range based on values from DoubleValuesSource and LongValuesSource * Add IndexWriter merge-on-commit feature to selectively merge small segments on commit, subject to a configurable timeout, to improve search performance by reducing the number of small segments for searching * Add IndexWriter merge-on-refresh feature to selectively merge small segments on getReader, subject to a configurable timeout, to improve search performance by reducing the number of small segments for searching. * Doc values now allow configuring how to trade compression for retrieval speed. * Add FacetsConfig option to control which drill-down terms are indexed for a FacetLabel * RegExpQuery added case insensitive matching option. * Add CJKWidthCharFilter and its factory * Add utility class to retrieve facet labels from the taxonomy index for a facet field so such fields do not also have to be redundantly stored * Allow sorting an index after it was created. With SortingCodecReader, existing unsorted segments can be wrapped and merged into a fresh index using IndexWriter#addIndices API. * Custom order for leaves in IndexReader and IndexWriter * Added smoothingScore method and default implementation to Scorable abstract class. The smoothing score allows scorers to calculate a score for a document where the search term or subquery is not present. The smoothing score acts like an idf so that documents that do not have terms or subqueries that are more frequent in the index are not penalized as much as documents that do not have less frequent terms or subqueries and prevents scores which are the product or terms or subqueries from going to zero. Added the implementation of the Indri AND and the IndriDirichletSimilarity from the academic Indri search engine: http://www.lemurproject.org/indri.php. * New LatLonPoint query that accepts an array of LatLonGeometries. * New XYPoint query that accepts an array of XYGeometries. * TypeAsSynonymFilter has been enhanced support ignoring some types, and to allow the generated synonyms to copy some or all flags from the original token * A token filter to drop tokens that match all specified flags. * PatternTypingFilter has been added to allow setting a type attribute on tokens based on a configured set of regular expressions * FeatureField supports newLinearQuery that for scoring uses raw indexed values of features without any transformation. * LatLonPoint query support for spatial relationships. * New tool for creating a deterministic index to enable benchmarking changes on a consistent multi-segment index even when they require re-indexing. * New facet counting implementation for general string doc value fields (SortedSetDocValues / SortedDocValues) not created through FacetsConfig * The SimpleText codec now writes skip lists. * Analyzer and stemmer for Telugu language - Improvements: * Use same code-path for updateDocuments and updateDocument in IndexWriter and DocumentsWriter. * Update dictionary version for Ukrainian analyzer to 4.9.1 * PerFieldDocValuesFormat should not get the DocValuesFormat on a field that has no doc values. * Removed ThreadState abstraction from DocumentsWriter which allows pooling of DWPT directly and improves the approachability of the IndexWriter code. * Add an ID to SegmentCommitInfo in order to compare commits for equality and make snapshots incremental on generational files. * TotalHits' relation will be EQUAL_TO when the number of hits is lower than TopDocsColector's numHits * Metadata of the terms dictionary moved to its own file, with the '.tmd' extension. This allows checksums of metadata to be verified when opening indices and helps saveseeks when opening an index. * SegmentInfos#readCommit now always returns a CorruptIndexException if the content of the file is invalid. * Make FunctionScoreQuery use ScoreMode.COMPLETE for creating the inner query weight when ScoreMode.TOP_DOCS is requested. * Make FacetsConfig.DELIM_CHAR publicly accessible * UniformSplit supports encodable fields metadata. * Improved truncation detection for points. * Let MultiCollector handle minCompetitiveScore * Add a new ExpressionValueSource which will enforce only one value per name per hit in dependencies, ExpressionFunctionValues will no longer recompute already computed values * Fix CheckIndex to print an invalid non-zero norm as unsigned long when detecting corruption. * FieldInfo#checkConsistency called twice from Lucene50(60)FieldInfosFormat#read; Removed the (redundant?) assert and do these checks for real. * In BooleanQuery rewrite, always remove MatchAllDocsQuery filter clauses when possible. * Improve coverage for Asserting* test classes: make sure to handle singleton doc values, and sometimes exercise Weight#scorer instead of Weight#bulkScorer for top-level queries. * Include StoredFieldsWriter in DWPT accounting to ensure that it's heap consumption is taken into account when IndexWriter stalls or should flush DWPTs. * Include TermVectorsWriter in DWPT accounting to ensure that it's heap consumption is taken into account when IndexWriter stalls or should flush DWPTs. * In query shapes over shape fields, skip points while traversing the BKD tree when the relationship with the document is already known. * Use more compact datastructures to represent sorted doc-values in memory when sorting a segment before flush and in SortingCodecReader. * WordDelimiterGraphFilter should order tokens at the same position by endOffset to emit longer tokens first. The same graph is produced. * Optimize facet counting for single-valued SSDV / StringValueFacetCounts. * GlobalOrdinalsWithScore should not compute occurrences when the provided min is 1. * ICUNormalizer2CharFilter no longer requires normalization-inert characters as boundaries for incremental processing, vastly improving worst-case performance. * ExitableTermsEnum should sample timeout and interruption check before calling next(). * Make CheckIndex concurrent by parallelizing index check across segments. * Add compression to terms dict from SortedSet/Sorted DocValues. * Binary doc values fields now expose their configured compression mode in the attributes of the field info. * BM25FQuery was extended to handle similarities beyond BM25Similarity. It was renamed to CombinedFieldQuery to reflect its more general scope. * Reduce index size by increasing allowable exceptions in PForUtil from 3 to 7. * Hunspell support improvements: add API for spell-checking and suggestions, support compound words, fix various behavior differences between Java and C++ implementations, improve performance * The BEST_SPEED compression mode now trades more compression ratio in exchange of faster reads. * Enable bulk merge for stored fields with index sort. * Allow DrillSideways users to provide their own CollectorManager without also requiring them to provide an ExecutorService. * Extend DrillSideways to support exposing FacetCollectors directly. * Support for multi-value fields in LongRangeFacetCounts and DoubleRangeFacetCounts. * Added QueryProfilerIndexSearcher and ProfilerCollector to support debugging query execution strategy and timing. * Operations.getCommonSuffix/Prefix(Automaton) is now much more efficient, from a worst case exponential down to quadratic cost in the number of states + transitions in the Automaton. These methods no longer use the costly determinize method, removing the risk of TooComplexToDeterminizeException * Operations.determinize now throws TooComplexToDeterminizeException based on too much "effort" spent determinizing rather than a precise state count on the resulting returned automaton, to better handle adversarial cases like det(rev(regexp("(.*a){2000}"))) that spend lots of effort but result in smallish eventual returned automata. * Stop sorting determinize powersets unnecessarily. * Evaluate score in DrillSidewaysScorer.doQueryFirstScoring * Decrease default for LRUQueryCache's skipCacheFactor to 10. This prevents caching a query clause when it is much more expensive than running the top-level query. * Make QueryCache respect Accountable queries - Optimizations: * UniformSplit keeps FST off-heap. * DoubleValuesSource and QueryValueSource now use a TwoPhaseIterator if one is provided by the Query. * UsageTrackingQueryCachingPolicy no longer caches DocValuesFieldExistsQuery. * FST.Arc.BitTable reads directly FST bytes. Arc is lightweight again and FSTEnum traversal faster. * Fail precommit on unparameterised log messages and examine for wasted work/objects * Speed up geometry queries by specialising Component2D spatial operations. Instead of using a generic relate method for all relations, we use specialize methods for each one. In addition, the type of triangle is computed at deserialization time, therefore we can be more selective when decoding points of a triangle. * Build always trees with full leaves and lower the default value for maxPointsPerLeafNode to 512. * Points now write their index in a separate file. * Add an ability for field comparators to skip non-competitive documents. Creating a TopFieldCollector with totalHitsThreshold less than Integer.MAX_VALUE instructs Lucene to skip non-competitive documents whenever possible. For numeric sort fields the skipping functionality works when the same field is indexed both with doc values and points. To indicate that the same data is stored in these points and doc values SortField#setCanUsePoints method should be used. * ConstantValuesSource now shares a single DoubleValues instance across all segments * Stored fields now get higer compression ratios on highly compressible data. * FunctionMatchQuery now accepts a "matchCost" optimization hint. * Indexing with an index sort is now faster by not compressing temporary representations of the data. * Enhance DocComparator to provide an iterator over competitive documents when searching with "after". This iterator can quickly position on the desired "after" document skipping all documents and segments before "after". * QueryParser: re-use the LookaheadSuccess exception. * WANDScorer now supports queries that have a 'minimumNumberShouldMatch' configured. * Reduced memory usage for OrdinalMap when a segment has all values. * Faster decoding of postings for some numbers of bits per value. * Substantially improve RAM efficiency of how MemoryIndex stores postings in memory, and reduced a bit of RAM overhead in IndexWriter's internal postings book-keeping * Speed up merging of stored fields and term vectors for smaller segments. * Performance improvement for BKD index building * Improved memory efficiency of IndexWriter's RAM buffer, in particular in the case of many fields and many indexing threads. * Lucene90DocValuesFormat was using too many bits per value when compressing via gcd, unnecessarily wasting index storage. * Rewrite empty DisjunctionMaxQuery to MatchNoDocsQuery. * Slightly faster segment merging for sorted indices. * Improve IntroSorter with 3-ways partitioning * FacetsCollector will not request scores if it does not use them - Bugs fixed: * Fix corruption of the new gen field infos when doc values updates are applied on a segment created externally and added to the index with IndexWriter#addIndexes(Directory). * Holding levenshtein automata on FuzzyQuery can end up blowing up query caches which use query objects as cache keys, so building the automata is now delayed to search time again. * Fix wrong NGramFilterFactory argument name for preserveOriginal option * DocValuesRewriteMethod.visit wasn't visiting its embedded query * DocTermsIndexDocValues assumed it was operating on a SortedDocValues (single valued) field when it could be multi-valued used with a SortedSetSelector * Ensure IW processes all internal events before it closes itself on a rollback. * Return default value from objectVal when doc doesn't match the query in QueryValueSource * Fix for potential NPE in TermFilteredPresearcher for empty fields * Wait for #addIndexes merges when aborting merges. * Ensure CMS updates it's thread accounting datastructures consistently. CMS today releases it's lock after finishing a merge before it re-acquires it to update the thread accounting datastructures. This causes threading issues where concurrently finishing threads fail to pick up pending merges causing potential thread starvation on forceMerge calls * Single-document monitor runs were using the less efficient MultiDocumentBatch implementation. * Fix equality check in ExpressionValueSource#rewrite. This fixes rewriting of inner value sources. * IndexWriter incorrectly calls closeMergeReaders twice when the merged segment is 100% deleted. * Tessellator might build illegal polygons when several holes share the shame vertex. * Tessellator might build illegal polygons when several holes share are connected to the same vertex. * Fix ordered intervals over interleaved terms * The UnifiedHighlighter was closing the underlying reader when there were multiple term-vector fields. This was a regression in 8.6.0. * Prevent DWPTDeleteQueue from referencing itself and leaking memory. The queue passed an implicit this reference to the next queue instance on flush which leaked about 500byte of memory on each full flush, commit or getReader call. * Fix a regression where the unified highlighter didn't produce highlights on fuzzy queries that correspond to exact matches. * Fix NRTCachingDirectory to use Directory#fileLength to check if a file already exists instead of opening an IndexInput on the file which might throw a AccessDeniedException in some Directory implementations. * Fixed a bug in IndexSortSortedNumericDocValuesRangeQuery where it could violate the DocIdSetIterator contract. * Include field in ComplexPhraseQuery's toString() * Fix TermRangeQuery when there is no upper bound and the lower bound is the empty string excluded. This would previously match no strings at all while it should match all non-empty strings. * Fix NPE in SpanWeight#explain when no scoring is required and SpanWeight has null Similarity.SimScorer. * DocumentsWriter was only stalling threads for 1 second allowing documents to be indexed even the DocumentsWriter wasn't able to keep up flushing. Unless IW can't make progress due to an ill behaving DWPT this issue was barely noticeable. * Japanese tokenizer should discard the compound token instead of disabling the decomposition of long tokens when discardCompoundToken is activated. * Make Component2D#withinPoint implementations consistent with ShapeQuery logic. * Wrap boolean queries generated by shape fields with a Constant score query. * Fix per-field memory leak in IndexWriter.deleteAll(). Reset next available internal field number to 0 on FieldInfos.clear(), to avoid wasting FieldInfo references. * BM25FQuery - Mask encoded norm long value in array lookup. * When encoding triangles in ShapeField, make sure generated triangles are CCW by rotating triangle points before checking triangle orientation. * Fix deadlock in TermsEnum.EMPTY that occurs when trying to initialize TermsEnum and BaseTermsEnum at the same time * NPE on a degenerate query in MinimumShouldMatchIntervalsSource $MinimumMatchesIterator.getSubMatches(). * DoubleValuesSource.fromQuery (also used by FunctionScoreQuery.boostByQuery) could throw an exception when the query implements TwoPhaseIterator and when the score is requested repeatedly. * BytesRefHash.equals/find is now thread safe, fixing a Luwak/Monitor bug causing registered queries to sometimes fail to match. * Fix Circle2D intersectsLine t-value (distance) range clamp * Fixed parameter use in RadixSelector. * LongValueFacetCounts should count each document at most once when determining the total count for a dimension. Prior to this fix, multi-value docs could contribute a > 1 count to the dimension count. * Fixed performance regression for boolean queries that configure a minimum number of matching clauses. * FlattenGraphFilter is now more robust when handling incoming holes in the input token graph * Duplicate long values in a document field should only be counted once when using SortedNumericDocValuesFields * Do not throw NullPointerException while trying to handle another exception in ReplicaNode.start * Fix DrillSideways correctness bug * Fix edge case failure in TestStringValueFacetCounts * CombinedFieldQuery can fail with an exception when document is missing some fields. * Respect ignoreCase in CommonGramsFilterFactory * DocComparator should not skip docs with the same docID on multiple sorts with search after * Fix CombinedFieldQuery equals and hashCode, which ensures query rewrites don't drop CombinedFieldQuery clauses. * Correct CombinedFieldQuery scoring when there is a single field. * Counting bug fixed in StringValueFacetCounts. * Ensure DrillSidewaysQuery instances never get cached. * Skip deleted docs when accumulating facet counts for all docs * KoreanTokenizer should check the max backtrace gap on whitespaces. * Sort optimization can wrongly skip the first document of each segment * MultiCollector now handles single leaf collector that wants to skip low-scoring hits but the combined score mode doesn't allow it * Missing calculating the bytes used of DocsWithFieldSet in NormValuesWriter * Missing calculating the bytes used of DocsWithFieldSet and currentValues in SortedSetDocValuesWriter * Sort optimization with search_after can wrongly skip documents whose values are equal to the last value of the previous page * Sort optimization with a chunked bulk scorer can wrongly skip documents * ConcurrentSortedSetDocValuesFacetCounts shouldn't share liveDocs Bits across threads * NumericLeafComparator to define getPointValues * Ensure that the minimum competitive score does not decrease in concurrent search * Highlighter: WeightedSpanTermExtractor.extractWeightedSpanTerms to Query#rewrite multiple times if necessary * Make sure SparseFixedBitSet#or updates ramBytesUsed - Documentation: * Add a performance warning to AttributeSource.captureState javadocs - Changes in runtime behaviour: * SortingCodecReader now doesn't cache doc values fields anymore. Previously, SortingCodecReader used to cache all doc values fields after they were loaded into memory. This reader should only be used to sort segments after the fact using IndexWriter#addIndices. * Other changes: * Always keep FST off-heap. FSTLoadMode, Reader attributes and openedFromWriter removed. * Checksums of the terms index are now verified when LeafReader#checkIntegrity is called rather than when opening the index. * Update Javadoc about normalizeEntry in the Kuromoji DictionaryBuilder. * Make TestLatLonMultiPolygonShapeQueries more resilient for CONTAINS queries. * Adjust TestLucene60PointsFormat#testEstimatePointCount2Dims so it does not fail when a point is shared by multiple leaves. * ByteBufferIndexInput was refactored to work on top of the ByteBuffer API. * Make LineFileDocs's random seeking more efficient, making tests using LineFileDocs faster * Refactors SimpleBindings to improve type safety and cycle detection * Change the way the multi-dimensional BKD tree builder generates the intermediate tree representation to be equal to the one dimensional case to avoid unnecessary tree and leaves rotation. * poll_mirrors.py release script can handle HTTPS mirrors. * Fix or suppress 13 resource leak precommit warnings in lucene/replicator * Always keep BKD index off-heap. BKD reader does not implement Accountable any more. * Refactor BKD point configuration into its own class. * Make TestXYMultiPolygonShapeQueries more resilient for CONTAINS queries. * Move LockFactory stress test to be a unit/integration test. * Removes some unused code and replaces the Point implementation on ShapeField/ShapeQuery random tests. * Removed the pure Maven build. It is no longer possible to build artifacts using Maven (this feature was no longer working correctly). Due to migration to Gradle for Lucene/Solr 9.0, the maintenance of the Maven build was no longer reasonable. POM files are generated for deployment to Maven Central only. Please use "ant generate-maven-artifacts" to produce and deploy artifacts to any repository. * Migrate Maven tasks to use "maven-resolver-ant-tasks" instead of the no longer maintained "maven-ant-tasks". * Upgrade jetty to 9.4.41 * Fix WANDScorer assertion error. * Add docs/links to GermanAnalyzer describing how to decompound nouns * Update Jetty to 9.4.34 mysql-connector-java was updated to version 8.4.0: - Removed OpenTelemetry support, which was added upstream - Avoid producing dupplicate maven data - Changes in version 8.4.0: * Added support for VECTOR data type. * Fixed tests failing due to removal of deprecated features. * Fixed join condition for retrieval of imported primary keys. * GPL License Exception Update. * Updated SyntaxRegressionTest.java. * Replaced StringBuffer with StringBuilder in ValueEncoders * Fixed DatabaseMetaData that specifies incorrect extra name characters. * Fixed setting the FetchSize on a Statement object does not affect. * Fixed GETPARAMETERBINDINGS() ON A PS RETURNS NPE WHEN NOT ALL PARAMETERS ARE BOUND. * Removed support for FIDO authentication * Only call Messages.getString(...) when it's needed (when the SQLException is thrown) * CLIENT HANG WHEN LOADBALANCESTRATEGY IS BESTRESPONSETIME. - Includes changes from 8.3.0: * Fixed redundant "Reset stmt" when setting useServerPrepStmts&cachePrepStmts to true * Fixed COMMENT PARSING IS NOT PROPER IN CONNECTOR JDBC. * Fixed setting a large timeout leads to errors when executing SQL. * Upgrade 3rd party libraries and tools. * Upgrade Protocol Buffers dependency to protobuf*java-3.25.1. * Fixed issue with mysql-connector-j 8.0.33 connector (XDEVAPI) - getsession is slow. * Fixed CallableStatement::getParameterMetaData reports incorrect parameterCount. * Fixed executeUpdate throws SQLException on queries that are only comments. * getWarnings() of StatementImpl contains all warnings. * Fixed Unexpected list of permitted ciphers. * Fixed jdbc.MysqlParameterMetadata#isNullable doesnt check whether to be simple. * Fixed Parameter metadata inferred incorrectly when procedure or function doesn't exist. * Fixed execution of a stored procedure if exists function with same name. - Changes in version 8.2.0: * Added the missing implementation for Connection.releaseSavepoint() * Connector/J now supports WebAuthn Authentication. See Connecting Using Web Authentication (WebAuthn) Authentication for details. * The auto-deserialization function for BLOB objects, deprecated since release 8.1.0, is now removed. * The SessionStateChanges objects failed to provide proper values for section state changes. This was because Connector/J parsed the OK_Packet incorrectly, and this patch fixes the issue. * Using javax.sql.rowset.CachedRowSet#getDate() or javax.sql.rowset.CachedRowSet#getTimestamp() on DATETIME fields resulted in a ClassCastException. It was because the default return type of DATETIME fields by ResultSet.getObject() was java.time.LocalDateTime instead of java.sql.Timestamp. To prevent the exception, a new connection property, treatMysqlDatetimeAsTimestamp, now allows the return type of DATETIME by ResultSet.getObject() to be changed to java.sql.Timestamp * Obtaining a connection from a MysqlConnectionPoolDataSource made Connector/J reset its connection state unless the connection property paranoid was set to be true. During the reset, the autocommit mode of the session was restored to the default value specified on the server by the system variable autocommit, while the JDBC specification mandates that autocommit be always enabled for a freshly created connection. With this patch, the connection reset will always enable autocommit in the situation. - Changes in version 8.1.0: * Deprecated autoDeserialize feature. * Fix KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used. * Fixed Issue in JDBC PreparedStatement on adding NO_BACKSLASH_ESCAPES in sql_mode. univocity-parsers: - Add Automatic-Module-Name to the manifest ant-1.10.14-150200.4.28.1.noarch.rpm ant-1.10.14-150200.4.28.1.src.rpm ant-antlr-1.10.14-150200.4.28.1.noarch.rpm ant-antlr-1.10.14-150200.4.28.1.src.rpm ant-apache-bcel-1.10.14-150200.4.28.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.28.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.28.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.28.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.28.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.28.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.28.1.noarch.rpm ant-jakartamail-1.10.14-150200.4.28.1.noarch.rpm ant-javamail-1.10.14-150200.4.28.1.noarch.rpm ant-jdepend-1.10.14-150200.4.28.1.noarch.rpm ant-jmf-1.10.14-150200.4.28.1.noarch.rpm ant-junit-1.10.14-150200.4.28.1.noarch.rpm ant-junit-1.10.14-150200.4.28.1.src.rpm ant-manual-1.10.14-150200.4.28.1.noarch.rpm ant-scripts-1.10.14-150200.4.28.1.noarch.rpm ant-swing-1.10.14-150200.4.28.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1987 Security update for skopeo important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for skopeo fixes the following issues: - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123) skopeo-1.14.4-150300.11.11.1.src.rpm skopeo-1.14.4-150300.11.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2085 recommended update for python-requests moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-requests fixes the following issue: - Allow the usage of "verify" parameter as a directory. (bsc#1225912) python-requests-2.25.1-150300.3.12.2.src.rpm python3-requests-2.25.1-150300.3.12.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2023 Recommended update for socat moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd "inetd" mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on "socat /tmp/x\"x/x -" Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file socat-1.8.0.0-150400.14.3.1.src.rpm socat-1.8.0.0-150400.14.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2005 Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356). - CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356). kernel-firmware-nvidia-gspx-G06-550.90.07-150400.9.33.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.90.07-150400.9.33.1.x86_64.rpm nvidia-open-driver-G06-signed-550.90.07-150400.9.62.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.90.07-150400.9.62.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.90.07_k5.14.21_150400.24.119-150400.9.62.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2077 Security update for gdk-pixbuf important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdk-pixbuf fixes the following issues: gdk-pixbuf was updated to version 2.42.12: - Security issues fixed: * CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276) - Changes in version 2.42.12: + ani: Reject files with multiple INA or IART chunks, + ani: validate chunk size, + Updated translations. - Enable other image loaders such as xpm and xbm (bsc#1223903) - Changes in version 2.42.11: + Disable fringe loaders by default. + Introspection fixes. + Updated translations. - Changes in version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Fixed loading of larger images - Avoid Bash specific syntax in baselibs postscript (bsc#1195391) gdk-pixbuf-2.42.12-150400.5.9.1.src.rpm gdk-pixbuf-devel-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-lang-2.42.12-150400.5.9.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-150400.5.9.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-150400.5.9.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.9.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.9.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1985 Security update for mariadb moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mariadb fixes the following issues: - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - CVE-2023-22084: Fixed a vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server (bsc#1217405). - Update to 10.6.18. libmariadbd-devel-10.6.18-150400.3.33.1.x86_64.rpm libmariadbd19-10.6.18-150400.3.33.1.x86_64.rpm mariadb-10.6.18-150400.3.33.1.src.rpm mariadb-10.6.18-150400.3.33.1.x86_64.rpm mariadb-client-10.6.18-150400.3.33.1.x86_64.rpm mariadb-errormessages-10.6.18-150400.3.33.1.noarch.rpm mariadb-tools-10.6.18-150400.3.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1986 Security update for rmt-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content-Type. (bsc#1225997) rmt-server-2.17-150400.3.25.1.src.rpm rmt-server-2.17-150400.3.25.1.x86_64.rpm rmt-server-config-2.17-150400.3.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2189 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). kernel-default-5.14.21-150400.24.122.2.nosrc.rpm True kernel-default-5.14.21-150400.24.122.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.122.2.150400.24.58.2.src.rpm True kernel-default-base-5.14.21-150400.24.122.2.150400.24.58.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.122.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.122.1.noarch.rpm True kernel-docs-5.14.21-150400.24.122.2.noarch.rpm True kernel-docs-5.14.21-150400.24.122.2.nosrc.rpm True kernel-macros-5.14.21-150400.24.122.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.122.2.src.rpm True kernel-obs-build-5.14.21-150400.24.122.2.x86_64.rpm True kernel-source-5.14.21-150400.24.122.1.noarch.rpm True kernel-source-5.14.21-150400.24.122.1.src.rpm True kernel-syms-5.14.21-150400.24.122.1.src.rpm True kernel-syms-5.14.21-150400.24.122.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.122.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2518 Recommended update for salt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Speed up salt.matcher.confirm_top by using __context__ - Do not call the async wrapper calls with the separate thread - Prevent OOM with high amount of batch async calls (bsc#1216063) - Add missing contextvars dependency in salt.version - Skip tests for unsupported algorithm on old OpenSSL version - Remove redundant `_file_find` call to the master - Prevent possible exception in tornado.concurrent.Future._set_done - Make reactor engine less blocking the EventPublisher - Make salt-master self recoverable on killing EventPublisher - Improve broken events catching and reporting - Make logging calls lighter - Remove unused import causing delays on starting salt-master - Mark python3-CherryPy as recommended package for the testsuite python3-salt-3006.0-150400.8.63.2.x86_64.rpm True salt-3006.0-150400.8.63.2.src.rpm True salt-3006.0-150400.8.63.2.x86_64.rpm True salt-api-3006.0-150400.8.63.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.63.2.noarch.rpm True salt-cloud-3006.0-150400.8.63.2.x86_64.rpm True salt-doc-3006.0-150400.8.63.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.63.2.noarch.rpm True salt-master-3006.0-150400.8.63.2.x86_64.rpm True salt-minion-3006.0-150400.8.63.2.x86_64.rpm True salt-proxy-3006.0-150400.8.63.2.x86_64.rpm True salt-ssh-3006.0-150400.8.63.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.63.2.x86_64.rpm True salt-syndic-3006.0-150400.8.63.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.63.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.63.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2069 Recommended update for mksusecd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - Fix --no-joliet option and add warning about too long Joliet file names - Add more mkisofs log output in verbosity level 3 - Ensure mksusecd error code is preserved - Add info about Joliet file name limit to man page - Fix integrating software modules containing debuginfo packages (bsc#1226047) - Increase initrd xz compression level - Enforce de-duplication in mkisofs - Deal with systems where /tmp is a symlink (bsc#1221603) - Support usrmerged kmod package (bsc#1221603) - Handle compressed firmware files (bsc#1214789) - Allow also xz and zstd compression in repodata (bsc#1218706) - Allow --instsys option for Live media - Calculate EFI boot image size correctly - If initrd/kernel are in two different location on the medium, update in both locations - isohybrid: remove outdated 1024 cylinders warning - Default to GPT if source ISO uses it - Add --signature-file option and rewrite signature embedding - Fix --instsys option handling (bsc#1213606) - Add --rescue option to allow modifying the rescue system - Add --volume1 option to allow setting separate labels for both ISO file systems (bsc#1213185) mksusecd-2.18-150400.3.18.2.src.rpm mksusecd-2.18-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2061 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window - CVE-2024-5692: Bypass of file name restrictions during saving - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas - CVE-2024-5696: Memory Corruption in Text Fragments - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 MozillaFirefox-115.12.0-150200.152.140.2.src.rpm MozillaFirefox-115.12.0-150200.152.140.2.x86_64.rpm MozillaFirefox-devel-115.12.0-150200.152.140.2.noarch.rpm MozillaFirefox-translations-common-115.12.0-150200.152.140.2.x86_64.rpm MozillaFirefox-translations-other-115.12.0-150200.152.140.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2052 Security update for libaom important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libaom fixes the following issues: - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). libaom-3.2.0-150400.3.6.1.src.rpm libaom3-3.2.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2090 Security update for podman important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122) - CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136) podman-4.9.5-150400.4.27.1.src.rpm podman-4.9.5-150400.4.27.1.x86_64.rpm podman-docker-4.9.5-150400.4.27.1.noarch.rpm podman-remote-4.9.5-150400.4.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2039 Security update for php8 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) apache2-mod_php8-8.0.30-150400.4.43.1.src.rpm apache2-mod_php8-8.0.30-150400.4.43.1.x86_64.rpm php8-8.0.30-150400.4.43.1.src.rpm php8-8.0.30-150400.4.43.1.x86_64.rpm php8-bcmath-8.0.30-150400.4.43.1.x86_64.rpm php8-bz2-8.0.30-150400.4.43.1.x86_64.rpm php8-calendar-8.0.30-150400.4.43.1.x86_64.rpm php8-cli-8.0.30-150400.4.43.1.x86_64.rpm php8-ctype-8.0.30-150400.4.43.1.x86_64.rpm php8-curl-8.0.30-150400.4.43.1.x86_64.rpm php8-dba-8.0.30-150400.4.43.1.x86_64.rpm php8-devel-8.0.30-150400.4.43.1.x86_64.rpm php8-dom-8.0.30-150400.4.43.1.x86_64.rpm php8-embed-8.0.30-150400.4.43.1.src.rpm php8-embed-8.0.30-150400.4.43.1.x86_64.rpm php8-enchant-8.0.30-150400.4.43.1.x86_64.rpm php8-exif-8.0.30-150400.4.43.1.x86_64.rpm php8-fastcgi-8.0.30-150400.4.43.1.src.rpm php8-fastcgi-8.0.30-150400.4.43.1.x86_64.rpm php8-fileinfo-8.0.30-150400.4.43.1.x86_64.rpm php8-fpm-8.0.30-150400.4.43.1.src.rpm php8-fpm-8.0.30-150400.4.43.1.x86_64.rpm php8-ftp-8.0.30-150400.4.43.1.x86_64.rpm php8-gd-8.0.30-150400.4.43.1.x86_64.rpm php8-gettext-8.0.30-150400.4.43.1.x86_64.rpm php8-gmp-8.0.30-150400.4.43.1.x86_64.rpm php8-iconv-8.0.30-150400.4.43.1.x86_64.rpm php8-intl-8.0.30-150400.4.43.1.x86_64.rpm php8-ldap-8.0.30-150400.4.43.1.x86_64.rpm php8-mbstring-8.0.30-150400.4.43.1.x86_64.rpm php8-mysql-8.0.30-150400.4.43.1.x86_64.rpm php8-odbc-8.0.30-150400.4.43.1.x86_64.rpm php8-opcache-8.0.30-150400.4.43.1.x86_64.rpm php8-openssl-8.0.30-150400.4.43.1.x86_64.rpm php8-pcntl-8.0.30-150400.4.43.1.x86_64.rpm php8-pdo-8.0.30-150400.4.43.1.x86_64.rpm php8-pgsql-8.0.30-150400.4.43.1.x86_64.rpm php8-phar-8.0.30-150400.4.43.1.x86_64.rpm php8-posix-8.0.30-150400.4.43.1.x86_64.rpm php8-readline-8.0.30-150400.4.43.1.x86_64.rpm php8-shmop-8.0.30-150400.4.43.1.x86_64.rpm php8-snmp-8.0.30-150400.4.43.1.x86_64.rpm php8-soap-8.0.30-150400.4.43.1.x86_64.rpm php8-sockets-8.0.30-150400.4.43.1.x86_64.rpm php8-sodium-8.0.30-150400.4.43.1.x86_64.rpm php8-sqlite-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvmsg-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvsem-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvshm-8.0.30-150400.4.43.1.x86_64.rpm php8-test-8.0.30-150400.4.43.1.src.rpm php8-test-8.0.30-150400.4.43.1.x86_64.rpm php8-tidy-8.0.30-150400.4.43.1.x86_64.rpm php8-tokenizer-8.0.30-150400.4.43.1.x86_64.rpm php8-xmlreader-8.0.30-150400.4.43.1.x86_64.rpm php8-xmlwriter-8.0.30-150400.4.43.1.x86_64.rpm php8-xsl-8.0.30-150400.4.43.1.x86_64.rpm php8-zip-8.0.30-150400.4.43.1.x86_64.rpm php8-zlib-8.0.30-150400.4.43.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2038 Security update for php8 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) apache2-mod_php7-7.4.33-150400.4.37.1.src.rpm apache2-mod_php7-7.4.33-150400.4.37.1.x86_64.rpm php7-7.4.33-150400.4.37.1.src.rpm php7-7.4.33-150400.4.37.1.x86_64.rpm php7-bcmath-7.4.33-150400.4.37.1.x86_64.rpm php7-bz2-7.4.33-150400.4.37.1.x86_64.rpm php7-calendar-7.4.33-150400.4.37.1.x86_64.rpm php7-cli-7.4.33-150400.4.37.1.x86_64.rpm php7-ctype-7.4.33-150400.4.37.1.x86_64.rpm php7-curl-7.4.33-150400.4.37.1.x86_64.rpm php7-dba-7.4.33-150400.4.37.1.x86_64.rpm php7-devel-7.4.33-150400.4.37.1.x86_64.rpm php7-dom-7.4.33-150400.4.37.1.x86_64.rpm php7-enchant-7.4.33-150400.4.37.1.x86_64.rpm php7-exif-7.4.33-150400.4.37.1.x86_64.rpm php7-fastcgi-7.4.33-150400.4.37.1.src.rpm php7-fastcgi-7.4.33-150400.4.37.1.x86_64.rpm php7-fileinfo-7.4.33-150400.4.37.1.x86_64.rpm php7-fpm-7.4.33-150400.4.37.1.src.rpm php7-fpm-7.4.33-150400.4.37.1.x86_64.rpm php7-ftp-7.4.33-150400.4.37.1.x86_64.rpm php7-gd-7.4.33-150400.4.37.1.x86_64.rpm php7-gettext-7.4.33-150400.4.37.1.x86_64.rpm php7-gmp-7.4.33-150400.4.37.1.x86_64.rpm php7-iconv-7.4.33-150400.4.37.1.x86_64.rpm php7-intl-7.4.33-150400.4.37.1.x86_64.rpm php7-json-7.4.33-150400.4.37.1.x86_64.rpm php7-ldap-7.4.33-150400.4.37.1.x86_64.rpm php7-mbstring-7.4.33-150400.4.37.1.x86_64.rpm php7-mysql-7.4.33-150400.4.37.1.x86_64.rpm php7-odbc-7.4.33-150400.4.37.1.x86_64.rpm php7-opcache-7.4.33-150400.4.37.1.x86_64.rpm php7-openssl-7.4.33-150400.4.37.1.x86_64.rpm php7-pcntl-7.4.33-150400.4.37.1.x86_64.rpm php7-pdo-7.4.33-150400.4.37.1.x86_64.rpm php7-pgsql-7.4.33-150400.4.37.1.x86_64.rpm php7-phar-7.4.33-150400.4.37.1.x86_64.rpm php7-posix-7.4.33-150400.4.37.1.x86_64.rpm php7-readline-7.4.33-150400.4.37.1.x86_64.rpm php7-shmop-7.4.33-150400.4.37.1.x86_64.rpm php7-snmp-7.4.33-150400.4.37.1.x86_64.rpm php7-soap-7.4.33-150400.4.37.1.x86_64.rpm php7-sockets-7.4.33-150400.4.37.1.x86_64.rpm php7-sodium-7.4.33-150400.4.37.1.x86_64.rpm php7-sqlite-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvmsg-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvsem-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvshm-7.4.33-150400.4.37.1.x86_64.rpm php7-tidy-7.4.33-150400.4.37.1.x86_64.rpm php7-tokenizer-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlreader-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlrpc-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlwriter-7.4.33-150400.4.37.1.x86_64.rpm php7-xsl-7.4.33-150400.4.37.1.x86_64.rpm php7-zip-7.4.33-150400.4.37.1.x86_64.rpm php7-zlib-7.4.33-150400.4.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2142 Recommended update for scap-security-guide moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: scap-security-guid was updated to 0.1.73 (jsc#ECO-3319) - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651) - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0 - Generate rule references from control files (#11540) - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820) scap-security-guide-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-0.1.73-150000.1.81.1.src.rpm scap-security-guide-debian-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-redhat-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-ubuntu-0.1.73-150000.1.81.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2088 Security update for openssl-3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) libopenssl-3-devel-3.0.8-150400.4.57.1.x86_64.rpm libopenssl3-3.0.8-150400.4.57.1.x86_64.rpm openssl-3-3.0.8-150400.4.57.1.src.rpm openssl-3-3.0.8-150400.4.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2089 Security update for openssl-1_1 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) libopenssl-1_1-devel-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.69.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.69.1.src.rpm openssl-1_1-1.1.1l-150400.7.69.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2744 Recommended update for suseconnect-ng important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) libsuseconnect-1.11.0-150400.3.36.4.x86_64.rpm suseconnect-ng-1.11.0-150400.3.36.4.src.rpm suseconnect-ng-1.11.0-150400.3.36.4.x86_64.rpm suseconnect-ruby-bindings-1.11.0-150400.3.36.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2171 Security update for libarchive important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libarchive fixes the following issues: - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). bsdtar-3.5.1-150400.3.15.1.x86_64.rpm libarchive-3.5.1-150400.3.15.1.src.rpm libarchive-devel-3.5.1-150400.3.15.1.x86_64.rpm libarchive13-3.5.1-150400.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2106 Security update for php-composer2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php-composer2 fixes the following issues: - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181). - CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182). php-composer2-2.2.3-150400.3.12.1.noarch.rpm php-composer2-2.2.3-150400.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2180 Security update for vte important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for vte fixes the following issues: - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape. (bsc#1226134) libvte-2_91-0-0.66.2-150400.3.5.1.x86_64.rpm typelib-1_0-Vte-2.91-0.66.2-150400.3.5.1.x86_64.rpm vte-0.66.2-150400.3.5.1.src.rpm vte-devel-0.66.2-150400.3.5.1.x86_64.rpm vte-lang-0.66.2-150400.3.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2231 Recommended update for autofs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for autofs fixes the following issues: - Don't use the intr option on NFS mounts by default, it's been ignored by the kernel for a long time now (bsc#1225130) autofs-5.1.3-150000.7.20.1.src.rpm autofs-5.1.3-150000.7.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2226 Recommended update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - Apache ignores headers sent by CGI scripts (bsc#1226217) apache2-2.4.51-150400.6.20.1.src.rpm apache2-2.4.51-150400.6.20.1.x86_64.rpm apache2-devel-2.4.51-150400.6.20.1.x86_64.rpm apache2-doc-2.4.51-150400.6.20.1.noarch.rpm apache2-prefork-2.4.51-150400.6.20.1.x86_64.rpm apache2-utils-2.4.51-150400.6.20.1.x86_64.rpm apache2-worker-2.4.51-150400.6.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2170 Security update for gnome-settings-daemon important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnome-settings-daemon fixes the following issues: - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). gnome-settings-daemon-41.0-150400.3.3.1.src.rpm gnome-settings-daemon-41.0-150400.3.3.1.x86_64.rpm gnome-settings-daemon-devel-41.0-150400.3.3.1.x86_64.rpm gnome-settings-daemon-lang-41.0-150400.3.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2224 Recommended update for java-1_8_0-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - Fix condition enabling shenandoah GC (bsc#1226274) - Disable shenandoah for all distributions, since the shenandoah hotspot tarball is rather out of sync java-1_8_0-openjdk-1.8.0.412-150000.3.94.1.src.rpm java-1_8_0-openjdk-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.412-150000.3.94.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2198 Security update for ghostscript important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ghostscript-9.52-150000.191.1.src.rpm ghostscript-9.52-150000.191.1.x86_64.rpm ghostscript-devel-9.52-150000.191.1.x86_64.rpm ghostscript-x11-9.52-150000.191.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2196 Recommended update for wicked important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] wicked-0.6.75-150400.3.27.1.src.rpm wicked-0.6.75-150400.3.27.1.x86_64.rpm wicked-service-0.6.75-150400.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2245 Security update for frr important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2023-38406: Fixed nlri length of zero mishandling, aka "flowspec overflow". (bsc#1216900) - CVE-2023-47235: Fixed a crash on malformed BGP UPDATE message with an EOR, because the presence of EOR does not lead to a treat-as-withdraw outcome. (bsc#1216896) - CVE-2023-47234: Fixed a crash on crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data. (bsc#1216897) - CVE-2023-38407: Fixed attempts to read beyond the end of the stream during labeled unicast parsing. (bsc#1216899) frr-7.4-150300.4.26.1.src.rpm frr-7.4-150300.4.26.1.x86_64.rpm frr-devel-7.4-150300.4.26.1.x86_64.rpm libfrr0-7.4-150300.4.26.1.x86_64.rpm libfrr_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrcares0-7.4-150300.4.26.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.26.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.26.1.x86_64.rpm libfrrzmq0-7.4-150300.4.26.1.x86_64.rpm libmlag_pb0-7.4-150300.4.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2253 Recommended update for containerd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds containerd-1.7.17-150000.114.1.src.rpm containerd-1.7.17-150000.114.1.x86_64.rpm containerd-ctr-1.7.17-150000.114.1.x86_64.rpm containerd-devel-1.7.17-150000.114.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2296 Feature update for jakarta-inject moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jakarta-inject fixes the following issues: - New pacakge implementation at version 2.0.1 jakarta-inject-2.0.1-150200.5.3.3.noarch.rpm jakarta-inject-2.0.1-150200.5.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3178 Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) PackageKit-1.2.4-150400.3.20.2.src.rpm True PackageKit-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.7.2.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.7.2.src.rpm True PackageKit-devel-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.20.2.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.20.2.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.20.2.x86_64.rpm True libsolv-0.7.30-150400.3.27.2.src.rpm True libsolv-devel-0.7.30-150400.3.27.2.x86_64.rpm True libsolv-tools-0.7.30-150400.3.27.2.x86_64.rpm True libsolv-tools-base-0.7.30-150400.3.27.2.x86_64.rpm True libyui-4.3.7-150400.3.12.1.src.rpm True libyui-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-4.3.7-150400.3.12.1.src.rpm True libyui-qt-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.12.1.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.12.1.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui16-4.3.7-150400.3.12.1.x86_64.rpm True libzypp-17.35.8-150400.3.85.1.src.rpm True libzypp-17.35.8-150400.3.85.1.x86_64.rpm True libzypp-devel-17.35.8-150400.3.85.1.x86_64.rpm True perl-solv-0.7.30-150400.3.27.2.x86_64.rpm True python3-solv-0.7.30-150400.3.27.2.x86_64.rpm True python3-zypp-plugin-0.6.4-150400.13.4.1.noarch.rpm True ruby-solv-0.7.30-150400.3.27.2.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.20.2.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.16.1.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.16.1.x86_64.rpm True zypp-plugin-0.6.4-150400.13.4.1.src.rpm True zypper-1.14.76-150400.3.57.16.src.rpm True zypper-1.14.76-150400.3.57.16.x86_64.rpm True zypper-log-1.14.76-150400.3.57.16.noarch.rpm True zypper-needs-restarting-1.14.76-150400.3.57.16.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2283 Security update for libndp important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) libndp-1.6-150000.3.3.1.src.rpm libndp-devel-1.6-150000.3.3.1.x86_64.rpm libndp0-1.6-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2292 Security update for ghostscript important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path (bsc#1226945). - CVE-2024-33870: Fixed a format string injection that could lead to command execution (bsc#1226944). - CVE-2024-33869: Fixed a path validation bypass that could lead to path traversal (bsc#1226946). ghostscript-9.52-150000.194.1.src.rpm ghostscript-9.52-150000.194.1.x86_64.rpm ghostscript-devel-9.52-150000.194.1.x86_64.rpm ghostscript-x11-9.52-150000.194.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2402 Recommended update for xkbcomp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xkbcomp fixes the following issue: - fix keyboard layouts in XWayland applications when having several keyboard layouts enabled (bsc#1219505) xkbcomp-1.4.1-150000.3.3.2.src.rpm xkbcomp-1.4.1-150000.3.3.2.x86_64.rpm xkbcomp-devel-1.4.1-150000.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2567 Security update for emacs important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode (bsc#1226957). emacs-27.2-150400.3.17.1.src.rpm emacs-27.2-150400.3.17.1.x86_64.rpm emacs-el-27.2-150400.3.17.1.noarch.rpm emacs-info-27.2-150400.3.17.1.noarch.rpm emacs-nox-27.2-150400.3.17.1.x86_64.rpm emacs-x11-27.2-150400.3.17.1.x86_64.rpm etags-27.2-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2647 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: antinject was updated to version 1.0.5: - Don't distribute as jakarta.inject:jakarta-inject-api artifact to prevent conflicts with the version 2.x that actually has classes in jakarta.inject namespace and thus is incompatible - Switched to sources in https://github.com/jakartaee/inject/ - Changes in version 1.0.5: * This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module. This is a multi-release jar - Changes in version 1.0.4: * This is a 1.0.4 service release with a multi-release jar that adds the module-info class to META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the javax.inject module. - Changes in version 1.0.3: * This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. * It adds the Automatic-Module-Name=java.inject to the api jar manifest. - Changes in version 1.0.2: * Set Automatic-Module-Name to java.inject * Added OSGi bundle headers - Changes in version 1.0.1: * Added Automatic-Module-Name of jakarta.inject - Changes in version 1.0: * First Injection API release for Jakarta EE cdi-api: - Use the javax.inject artifact google-guice was updated to version 6.0.0: - Changes in version 6.0.0: * JEE Jakarta Transition: + Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec (after the javax -> jakarta JEE transition). Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0 that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject or com.google.inject Providers. + The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces respectively. + Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is passed to bind(..).toProvider. * Guice Core: + Adds jakarta.inject support. + Support Java 21 (via updating ASM to 9.5 and other changes). + Improve AOP support on JVMs such as Azul. + Fix a deadlock or crash associated with recursively loading just-in-time bindings. + Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources. + Fix an endloop loop (that can OOM) in singleton lock cycle detection. + Fix tests to pass on Windows, despite the different line separator. + Improvements to OSGi metadata. + Mark the JSR305 dependency as optional (since it's not required at runtime). + Fix Binder.requestInjection(TypeLiteral<T>, T) to use the TypeLiteral. + Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation + Add a way to tell if a class is "enhanced" by Guice, and retrieve the original class. + Ensure the order of bind(...) statements does not matter when referring to JIT bindings. + Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass isn't required. + Mark the error_prone_annotations dependency as optional. * Servlet: + Fix an NPE if contextPath is null * Persist: + Persist had a number of changes, some of which are backwards incompatible. Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks). Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets setAutoBeginWorkOnEntityManagerCreation to true. + EntityManager provisioning no longer automatically starts an unit of work. + Ignore multiple start/stop calls, rather than throwing an exception. + Support manually initiated rollbacks. + Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions. gradle-bootstrap: - Package rebuilt to account for the new jakarta-inject dependency gradle: - Fixed build with jakarta-inject, which was introduced as a new google-guice dependency maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire: - Use plexus-metadata-generator executable directly to simplify build classpath maven-javadoc-plugin: - Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more modello: - Added dependency on jakarta-inject, needed by google-guice 6.0.0 plexus-component-metadata and plexus-containers were updated to version 2.2.0: - Added dependency on plexus-xml where relevant * This will be needed for smooth upgrade to plexus-utils 4.0.0 - Changes in version 2.2.0: * Improved documentation to switch to Sisu * Cleaned up poms after parent upgrade * Improved plexus-component metadata - removed dependency to plexus-container-default * Added deprecation information to Plexus components * Require Java 8 * Dropped plexus-container-default artefact * Require Maven 3.6.3+ * Switched to Junit5 * Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2 - Changes in version 2.1.1: * Last version before deprecation * Requires Java 7 and Maven 3.2.5+ * Upgraded ASM to 9.2 * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 plexus-utils was updated to version 4.0.0: - Changes in version 4.0.0: * Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate plexus-xml: if you need them, just use this new artifact\ * Other changes: + Fixed false difference detected with CachingOutputStream/CachingWriter when streams are flushed + Dependency updates + Switched to Junit 5 plexus-xml was update to version 3.0.1: - Changes in version 3.0.1: * Bugs fixed: + Allow nulls for write elements in MXSerializer + Removed special chars from xml output * Dependency updates: + Bumped org.codehaus.plexus:plexus from 17 to 18 + Bumped release-drafter/release-drafter from 5 to 6 + Bumped parent to 17 and updates * Maintenance: + Switched to Junit 5 + Switched to shared gh actions setup from master branch sbt: - Require the new plexus-xml package to fix build sisu was updated to version 0.9.0.M3: - Provide plexus-containers-container-default for easier update - Add dependency on plexus-xml where relevant - Changes of sisu version 0.9.0.M3: * Annotated new method * Updated workflow to run on Java 21 * Build with final Java 21 on GitHub * Switched to JUnit5 * Disabled annotation processor by default * Do not silently fail in case of class scanning exceptions * Updated to ASM 9.7 * Updated CONTRIBUTING.md * Aligned Plexus ASM version * Renamed release profile * Fixed Jacoco coverage repots in Sonar * Added a method to allow LifecycleManager to free keys * Licence change: From EPL1 to EPL2 * Updated documentation for exposed core extensions, fix anchors * Trigger Sonarcloud analysis from GHA - Changes of sisu version 0.9.0.M2: * Fixed SpaceScanner to use latest ASM API version * 3.7 is not an officially supported version therefore specify3.8 instead * Provide script to help upgrade embedded copy of ASM * ASM_9_4 * Require Java 8 * Sisu specific PreConstruct/PreDestroy annotations * Updated build plugins * ASM 9.5 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project * Create a 'no_asm' jar at release time which doesn't embed ASM - Changes of sisu.inject version 9.0.M1: * Fixed CDI related issues * Build with Eclipse/Tycho 2.5.0 and Java 11 * Raise problem reporting logs to DEBUG, fixes #36 * Upgraded internal copy of ASM to 9.2 * Implemented PathTypeConverter * Added JUnit 5 annotations to InjectedTest setUp/tearDown * Fixed static parameters binding lookup * Run injection tests against multiple versions of Guice * Support using @priority on Providers * Use read lock when subscribing to publishers… * Cache binding lookups for single bean providers * Use AtomicReferenceFieldUpdater as it works better for large numbers of instances * Enabled Java CI workflow * Enabled CodeQL analysis * Replaced potentially-expensive regex with simple tokenizer * Allow Main to boot with extra bindings * Re-enabled various resource-related unit tests * Reworked globber pattern strategy to avoid use of regex * Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering - Changes of sisu.plexus version 0.9.0.M2: * Make build work with Java17 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project - Changes of sisu.plexus version 0.9.0.M1: * Aligned logback with sisu.inject * Build with Eclipse/Tycho 2.5.0 and Java 11 * Support configuration of collections with complex generic types * Enabled Java CI workflow * Enabled CodeQL analysis sisu-mojos: - Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project atinject-1+20211017gitd06ce18-150200.3.13.1.noarch.rpm atinject-1+20211017gitd06ce18-150200.3.13.1.src.rpm cdi-api-2.0.2-150200.3.11.2.noarch.rpm cdi-api-2.0.2-150200.3.11.2.src.rpm google-guice-6.0.0-150200.3.10.4.noarch.rpm google-guice-6.0.0-150200.3.10.4.src.rpm gradle-4.4.1-150200.3.21.2.src.rpm gradle-4.4.1-150200.3.21.2.x86_64.rpm maven-3.9.8-150200.4.27.2.src.rpm maven-3.9.8-150200.4.27.2.x86_64.rpm maven-artifact-transfer-0.13.1-150200.3.12.1.noarch.rpm maven-artifact-transfer-0.13.1-150200.3.12.1.src.rpm maven-doxia-1.12.0-150200.4.15.4.src.rpm maven-doxia-core-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.15.1.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.15.1.src.rpm maven-javadoc-plugin-3.6.0-150200.4.18.1.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.18.1.src.rpm maven-lib-3.9.8-150200.4.27.2.x86_64.rpm maven-resolver-1.9.20-150200.3.23.2.src.rpm maven-resolver-api-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-connector-basic-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-impl-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-named-locks-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-spi-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-file-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-http-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-wagon-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-util-1.9.20-150200.3.23.2.noarch.rpm maven-surefire-3.2.5-150200.3.9.17.4.noarch.rpm maven-surefire-3.2.5-150200.3.9.17.4.src.rpm maven-surefire-plugin-3.2.5-150200.3.9.17.1.noarch.rpm maven-surefire-plugins-3.2.5-150200.3.9.17.1.src.rpm maven-surefire-provider-junit-3.2.5-150200.3.9.17.4.noarch.rpm maven-surefire-provider-testng-3.2.5-150200.3.9.17.4.noarch.rpm plexus-component-metadata-2.2.0-150200.3.9.2.noarch.rpm plexus-component-metadata-2.2.0-150200.3.9.2.src.rpm plexus-containers-2.2.0-150200.3.9.2.src.rpm plexus-containers-component-annotations-2.2.0-150200.3.9.2.noarch.rpm plexus-utils-4.0.1-150200.3.11.2.noarch.rpm plexus-utils-4.0.1-150200.3.11.2.src.rpm plexus-xml-3.0.1-150200.5.8.2.noarch.rpm plexus-xml-3.0.1-150200.5.8.2.src.rpm sisu-0.9.0.M3-150200.3.9.2.src.rpm sisu-inject-0.9.0.M3-150200.3.9.2.noarch.rpm sisu-plexus-0.9.0.M3-150200.3.9.2.noarch.rpm xmvn-4.2.0-150200.3.24.2.src.rpm xmvn-4.2.0-150200.3.24.2.x86_64.rpm xmvn-api-4.2.0-150200.3.24.2.noarch.rpm xmvn-connector-4.2.0-150200.3.24.2.noarch.rpm xmvn-connector-4.2.0-150200.3.24.2.src.rpm xmvn-core-4.2.0-150200.3.24.2.noarch.rpm xmvn-install-4.2.0-150200.3.24.2.noarch.rpm xmvn-minimal-4.2.0-150200.3.24.2.x86_64.rpm xmvn-mojo-4.2.0-150200.3.24.2.noarch.rpm xmvn-mojo-4.2.0-150200.3.24.2.src.rpm xmvn-resolve-4.2.0-150200.3.24.2.noarch.rpm xmvn-subst-4.2.0-150200.3.24.2.noarch.rpm xmvn-tools-4.2.0-150200.3.24.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2322 Security update for krb5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). krb5-1.19.2-150400.3.12.1.src.rpm krb5-1.19.2-150400.3.12.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.12.1.x86_64.rpm krb5-client-1.19.2-150400.3.12.1.x86_64.rpm krb5-devel-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-kdb-ldap-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.12.1.x86_64.rpm krb5-server-1.19.2-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2308 Security update for go1.21 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: Updated to version 1.21.12 (bsc#1212475): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). go1.21-1.21.12-150000.1.39.1.src.rpm go1.21-1.21.12-150000.1.39.1.x86_64.rpm go1.21-doc-1.21.12-150000.1.39.1.x86_64.rpm go1.21-race-1.21.12-150000.1.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2495 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert "build initrd without systemd" (bsc#1195775)" - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). kernel-default-5.14.21-150400.24.125.1.nosrc.rpm True kernel-default-5.14.21-150400.24.125.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1.src.rpm True kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.125.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.125.1.noarch.rpm True kernel-docs-5.14.21-150400.24.125.1.noarch.rpm True kernel-docs-5.14.21-150400.24.125.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.125.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.125.1.src.rpm True kernel-obs-build-5.14.21-150400.24.125.1.x86_64.rpm True kernel-source-5.14.21-150400.24.125.1.noarch.rpm True kernel-source-5.14.21-150400.24.125.1.src.rpm True kernel-syms-5.14.21-150400.24.125.1.src.rpm True kernel-syms-5.14.21-150400.24.125.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.125.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2324 Recommended update for cups-filters moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issue: - "cups-filters: Poppler for color PDF as grayscale via PS level 1: huge output makes printing slow" (bsc#1225040) cups-filters-1.25.0-150200.3.12.3.src.rpm cups-filters-1.25.0-150200.3.12.3.x86_64.rpm cups-filters-devel-1.25.0-150200.3.12.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2409 Security update for libvpx important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). - CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879). libvpx-1.11.0-150400.3.7.1.src.rpm libvpx-devel-1.11.0-150400.3.7.1.x86_64.rpm libvpx7-1.11.0-150400.3.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2408 Security update for libvpx important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). libvpx-1.6.1-150000.6.16.1.src.rpm libvpx4-1.6.1-150000.6.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2664 Recommended update for open-vm-tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-vm-tools fixes the following issues: - There are no new features in the open-vm-tools release (bsc#1227181). This is primarily a maintenance release that addresses a few critical problems, including: - A Github pull request and associated issue has been handled. Please see the Resolved Issues section of the Release Notes - A number of issues flagged by Coverity and ShellCheck have been addressed - A vmtoolsd process hang related to nested logging from an RPC Channel error has been fixed libvmtools-devel-12.4.5-150300.52.6.x86_64.rpm libvmtools0-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-12.4.5-150300.52.6.src.rpm open-vm-tools-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-containerinfo-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-desktop-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-salt-minion-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-sdmp-12.4.5-150300.52.6.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2313 Security update for netty3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netty3 fixes the following issues: - CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045). netty3-3.10.6-150200.3.10.1.noarch.rpm netty3-3.10.6-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2325 Recommended update for xfsprogs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) libhandle1-5.13.0-150400.3.10.2.x86_64.rpm xfsprogs-5.13.0-150400.3.10.2.src.rpm xfsprogs-5.13.0-150400.3.10.2.x86_64.rpm xfsprogs-devel-5.13.0-150400.3.10.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2399 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316): - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS - CVE-2024-6603: Memory corruption in thread creation - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 Other fixes: - Fix GNOME search provider (bsc#1225278) MozillaFirefox-115.13.0-150200.152.143.1.src.rpm MozillaFirefox-115.13.0-150200.152.143.1.x86_64.rpm MozillaFirefox-devel-115.13.0-150200.152.143.1.noarch.rpm MozillaFirefox-translations-common-115.13.0-150200.152.143.1.x86_64.rpm MozillaFirefox-translations-other-115.13.0-150200.152.143.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2486 Recommended update for libssh2_org moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update rebuilds libssh2_org against openssl 1.1.1, enabling ed25519 support. (bsc#1227490) libssh2-1-1.11.0-150200.9.2.1.x86_64.rpm libssh2-1-32bit-1.11.0-150200.9.2.1.x86_64.rpm libssh2-devel-1.11.0-150200.9.2.1.x86_64.rpm libssh2_org-1.11.0-150200.9.2.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2697 Recommended update for dracut moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) dracut-055+suse.357.g905645c2-150400.3.34.2.src.rpm dracut-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-fips-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-ima-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2624 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) apache2-2.4.51-150400.6.29.1.src.rpm apache2-2.4.51-150400.6.29.1.x86_64.rpm apache2-devel-2.4.51-150400.6.29.1.x86_64.rpm apache2-doc-2.4.51-150400.6.29.1.noarch.rpm apache2-prefork-2.4.51-150400.6.29.1.x86_64.rpm apache2-utils-2.4.51-150400.6.29.1.x86_64.rpm apache2-worker-2.4.51-150400.6.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2406 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key suse-build-key-12.0-150000.8.46.2.noarch.rpm suse-build-key-12.0-150000.8.46.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2688 Feature update for Public Cloud important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) python-cssselect-1.0.3-150400.3.7.4.src.rpm python-toml-0.10.2-150300.3.2.6.src.rpm python3-cssselect-1.0.3-150400.3.7.4.noarch.rpm python3-toml-0.10.2-150300.3.2.6.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2485 Security update for tomcat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: Updated to version 9.0.91: - CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). tomcat-9.0.91-150200.68.1.noarch.rpm tomcat-9.0.91-150200.68.1.src.rpm tomcat-admin-webapps-9.0.91-150200.68.1.noarch.rpm tomcat-el-3_0-api-9.0.91-150200.68.1.noarch.rpm tomcat-jsp-2_3-api-9.0.91-150200.68.1.noarch.rpm tomcat-lib-9.0.91-150200.68.1.noarch.rpm tomcat-servlet-4_0-api-9.0.91-150200.68.1.noarch.rpm tomcat-webapps-9.0.91-150200.68.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3763 Recommended update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - Update to version 555.42.06 for CUDA. - Update to 550.100 (bsc#1227575) - Add a second flavor to be used by the kernel module versions used by CUDA. The firmware targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics firmware. (bsc#1227417) Changes in nvidia-open-driver-G06-signed: - Update to 550.127.05 (boo#1232057) * Fixed a bug which could cause applications using GBM to crash when running with nvidia-drm.modeset=0. - cuda-flavor provide also nvidia-open-driver-G06-kmp-$flavor = %version to workaround broken cuda-drivers - For CUDA update version to 560.35.03 - cuda-flavor * provide nvidia-open-driver-G06-kmp = %version to workaround broken cuda-drivers - nv-prefer-signed-open-driver * added comments for requirements - latest change hardcoded to 555.42.06; we no longer need this for 560 - nv-prefer-signed-open-driver: * added specicic versions of cuda-drivers/cuda-drivers-xxx as preconditions for requiring specific version of nvidia-compute-G06 - nv-prefer-signed-open-driver: * no longer require a specific version of nvidia-open-driver-G06-signed-cuda-kmp, so it can select the correct open driver KMP matching the cuda-runtime version - cuda-flavor: * added nvidia-compute-G06 = %version to preconditions for requiring kernel-firmware-nvidia-gspx-G06, since nvidia-compute-utils-G06 does not have a version-specific requires on nvidia-compute-G06 - cuda-flavor: * require kernel-firmware-nvidia-gspx-G06 instead of kernel-firmware-nvidia-gspx-G06-cuda (which provides also kernel-firmware-nvidia-gspx-G06) * trigger removal of driver modules also on kernel-firmware-nvidia-gspx-G06 - no longer hard-require kernel firmware package, but install it automatically once nvidia-compute-utils-G06 gets installed - trigger removal of driver modules with non-existing or wrong firmware when (new) firmware gets installed - Update to 550.120 (boo#1230779) * Fixed a bug that could cause kernel crashes upon attempting KMS operations through DRM when nvidia_drm was loaded with modeset=0. - CUDA build: removed entries from pci_ids-555.42.06 since this is doing more harm than benefit (bsc#1230368) - For CUDA (preamble file): * added: Provides: nvidia-open-driver-G06-signed-cuda-kmp-$flavor = %version which is needed for 'zypper install <package> = <version>' * added: Provides/Conflicts: nvidia-open-driver-G06-signed-kmp-$flavor = %version useful for containers - reverted CUDA update version to 560.x.y due to changes in CUDA repository with CUDA 12.6/560.x.y drivers - For CUDA update version to 560.35.03 - Update to 550.107.02 (boo#1229716) - For CUDA update version to 560.28.03 - Update to version 555.42.06 for CUDA. - Update to 550.100 (bsc#1227575) * Fixed a bug that caused OpenGL triple buffering to behave like double buffering. - To avoid issues with missing dependencies when no CUDA repo is present make the dependecy to nvidia-compute-G06 conditional. - CUDA is not available for Tumbleweed, exclude the build of the cuda flavor. - preamble: let the -cuda flavor KMP require the -cuda flavor firmware - Add a second flavor for building the kernel module versions used by CUDA. The kmp targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics kmp. (bsc#1227417) - Provide the meta package nv-prefer-signed-open-driver to make sure the latest available SUSE-build open driver is installed - independent of the latest available open driver version in he CUDA repository. Rationale: The package cuda-runtime provides the link between CUDA and the kernel driver version through a Requires: cuda-drivers >= %version This implies that a CUDA version will run withany kernel driver version equal or higher than a base version. nvidia-compute-G06 provides the glue layer between CUDA and a specific version of he kernel driver both by providing a set of base libraries and by requiring a specific kernel version. 'cuda-drivers' (provided by nvidia-compute-utils-G06) requires an unversioned nvidia-compute-G06. With this, the resolver will install the latest available and applicable nvidia-compute-G06. nv-prefer-signed-open-driver then represents the latest available open driver version and restricts the nvidia-compute-G06 version to it. (bsc#1227419) kernel-firmware-nvidia-gspx-G06-550.100-150400.9.40.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.100-150400.9.40.1.x86_64.rpm kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150400.9.40.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-cuda-555.42.06-150400.9.40.1.x86_64.rpm nv-prefer-signed-open-driver-560.35.03-150400.9.71.2.x86_64.rpm nvidia-open-driver-G06-signed-550.127.05-150400.9.71.2.src.rpm nvidia-open-driver-G06-signed-cuda-560.35.03-150400.9.71.2.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-560.35.03-150400.9.71.2.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-560.35.03_k5.14.21_150400.22-150400.9.71.2.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-550.127.05-150400.9.71.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.127.05_k5.14.21_150400.22-150400.9.71.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3423 Security update for xen important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355) - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) xen-4.16.6_04-150400.4.62.1.src.rpm True xen-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-devel-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-libs-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-domU-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.16.6_04-150400.4.62.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2625 Security update for p7zip important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for p7zip fixes the following issues: - CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358) - CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359) p7zip-16.02-150200.14.12.1.src.rpm p7zip-16.02-150200.14.12.1.x86_64.rpm p7zip-full-16.02-150200.14.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2644 Recommended update for python-lxml moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-lxml fixes the following issues: - Fixed compatibility with system libexpat in tests (bsc#1222075) python-lxml-4.9.3-150400.8.8.1.src.rpm python311-lxml-4.9.3-150400.8.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2640 Recommended update for certmonger moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for certmonger fixes the following issues: - Add a SUSE specific patch which prevents the restart of the cert request for an external ca (bsc#1221406) - Remove obsolete build dependencies libfreebl3-hmac and libsoftokn3-hmac certmonger-0.79.13-150400.3.6.2.src.rpm certmonger-0.79.13-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2718 Recommended update for libqb moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqb fixes the following issue: - ipc: Retry receiving credentials if the the message is short (bsc#1224183) libqb-2.0.4+20211112.a2691b9-150400.4.6.2.src.rpm libqb-devel-2.0.4+20211112.a2691b9-150400.4.6.2.x86_64.rpm libqb100-2.0.4+20211112.a2691b9-150400.4.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2609 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) suse-build-key-12.0-150000.8.49.2.noarch.rpm suse-build-key-12.0-150000.8.49.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2671 Recommended update for cups moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) cups-2.2.7-150000.3.62.1.src.rpm cups-2.2.7-150000.3.62.1.x86_64.rpm cups-client-2.2.7-150000.3.62.1.x86_64.rpm cups-config-2.2.7-150000.3.62.1.x86_64.rpm cups-ddk-2.2.7-150000.3.62.1.x86_64.rpm cups-devel-2.2.7-150000.3.62.1.x86_64.rpm libcups2-2.2.7-150000.3.62.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.62.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.62.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.62.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.62.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.62.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2651 Recommended update for rmt-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Version 2.18 * Move temporary storage of downloaded files to the repo directory to avoid filling up /tmp partition * Fixes for RES7-LTSS and OL7-LTSS clients * Instance Verification: re-setting the repository and registry cache path to the right value; update the cache scrubber paths rmt-server-2.18-150400.3.28.1.src.rpm rmt-server-2.18-150400.3.28.1.x86_64.rpm rmt-server-config-2.18-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2642 Recommended update for Java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: maven-shared-utils was updated to version 3.4.2: - Changes in version 3.4.2: * New features and improvements: + Made Commandline.addSystemEnvironment public and deprecated + Deprecated IsEmpty/IsNotEmpty methods + Deprecated newXmlWriter + Deprecated redundant isEmptyString method + Deprecated join methods now available in Java 8 String class + FileUtils: avoid getCanonicalPath() + Added build() method and document toString() method + Optionally inherit system environment variables by Commandline + Dropped plexus container default * Bugs Fixed: + Removed trim parameter + Fixed blocking in StreamFeeder + Ignore MessageUtilsTest methods on unsupported platforms + Make copyFile succeed with source file having lastModified() = 0 + XmlWriterUtil platform independent and consistent + Poll data from input stream plexus-io was updated to version 3.2.0 to 3.4.2: - New features and improvements: * Drop legacy and make components pure JSR330 * Restore speed improvements * Plexus IO build is now reproducible * Various speed improvements * Plexus IO now requires Java 8 - Dependency updates: * Update sisu.inject to 0.9.0.M2 * Bumped guice from 5.1.0 to 6.0.0 * Bumped commons-io:commons-io from 2.11.0 to 2.15.1 * Bumped plexus-utils from 3.5.0 to 4.0.0 * Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 - Bugs fixed: * Fix symbolic link are being resolved into absolute path * Fix symbolic links to directories are not recognized as directories * Fix issue related to symbolic link tests issue plexus-interpolation was updated to version 1.27.0: - New features and improvements: * Added support for PPC64LE * Added dependabot and release drafter configuration * Moved to Junit5 - Dependency updates: * Bumped plexus from 7 to 16 * Bumped maven-bundle-plugin from 3.0.1 to 5.1.9 plexus-cli was updated to version 1.7: - Changes: * Bumped plexus-components from 6.5 to 10.0 * Bumped checkstyle from 9.2 to 9.2.1 * Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1 * Bumped checkstyle from 9.2.1 to 9.3 * Bumped commons-cli from 1.0 to 1.5.0 * Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0 * Bumped maven-shared-resources from 4 to 5 * Bumped apache/maven-gh-actions-shared from 1 to 3 * Updated to Parent pom 15 * Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0 * Reuse plexus-pom action for CI * Bumped org.codehaus.plexus:plexus from 15 to 16 * Replace plexus-container-default with Sisu Plexus * Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 plexus-cipher was updated to version 2.1.0: - Changes: * Switched to java.util.Base64 * Moved code to Java 8 * Fixed insecure cryptography in PBECipher.java * Enabled missed decryption test and adjust to new algorithm plexus-archiver was updated to version 4.9.2: - New features and improvements: * Allow copy all files without timestamp checking by DirectoryArchiver * Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet * Various dependencies were upgraded plexus-interactivity was updated to version 1.3: - New features and improvements: + Ensure prompter does not double colon + Java 8 as mininum + Moved off plexus - Other changes: * The class previously in plexus-interactivity-jdom artifact is folded into the main plexus-interactivity-api. maven-shared-incremental: - `sisu-plexus` is now used instead of the old `plexus-component-api` - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-incremental-1.1-150200.3.7.2.noarch.rpm maven-shared-incremental-1.1-150200.3.7.2.src.rpm maven-shared-utils-3.4.2-150200.3.10.1.noarch.rpm maven-shared-utils-3.4.2-150200.3.10.1.src.rpm plexus-archiver-4.9.2-150200.3.10.1.noarch.rpm plexus-archiver-4.9.2-150200.3.10.1.src.rpm plexus-cipher-2.1.0-150200.3.7.1.noarch.rpm plexus-cipher-2.1.0-150200.3.7.1.src.rpm plexus-interactivity-1.3-150200.3.7.1.src.rpm plexus-interactivity-api-1.3-150200.3.7.1.noarch.rpm plexus-interpolation-1.27.0-150200.3.7.2.noarch.rpm plexus-interpolation-1.27.0-150200.3.7.2.src.rpm plexus-io-3.4.2-150200.3.7.1.noarch.rpm plexus-io-3.4.2-150200.3.7.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2682 Recommended update for aardvark-dns moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netavark and aardvark-dns fixes the following issues: - Update aardvark-dns from 1.5.0 to 1.10.0 (bsc#1224122) - Update netavark from 1.5.0 to 1.10.3 (bsc#1224122) aardvark-dns-1.10.0-150400.9.8.1.src.rpm aardvark-dns-1.10.0-150400.9.8.1.x86_64.rpm netavark-1.10.3-150400.9.8.1.src.rpm netavark-1.10.3-150400.9.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2628 Security update for java-17-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). java-17-openjdk-17.0.12.0-150400.3.45.1.src.rpm java-17-openjdk-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-demo-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-devel-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-headless-17.0.12.0-150400.3.45.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2629 Security update for java-11-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). java-11-openjdk-11.0.24.0-150000.3.116.1.src.rpm java-11-openjdk-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-demo-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-devel-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-headless-11.0.24.0-150000.3.116.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2619 Security update for libgit2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libgit2 fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) libgit2-1.3.0-150400.3.9.1.src.rpm libgit2-1_3-1.3.0-150400.3.9.1.x86_64.rpm libgit2-devel-1.3.0-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2656 Security update for git important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) git-2.35.3-150300.10.42.1.src.rpm git-2.35.3-150300.10.42.1.x86_64.rpm git-arch-2.35.3-150300.10.42.1.x86_64.rpm git-core-2.35.3-150300.10.42.1.x86_64.rpm git-cvs-2.35.3-150300.10.42.1.x86_64.rpm git-daemon-2.35.3-150300.10.42.1.x86_64.rpm git-doc-2.35.3-150300.10.42.1.noarch.rpm git-email-2.35.3-150300.10.42.1.x86_64.rpm git-gui-2.35.3-150300.10.42.1.x86_64.rpm git-svn-2.35.3-150300.10.42.1.x86_64.rpm git-web-2.35.3-150300.10.42.1.x86_64.rpm gitk-2.35.3-150300.10.42.1.x86_64.rpm perl-Git-2.35.3-150300.10.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2690 Recommended update for fence-agents moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for fence-agents fixes the following issues: - Fix Azure native fencing does not start due to Python version. (bsc#1224797) (jsc#PED-8887) - The updated fence-agents does not include anymore the Azure fence-agents. - If you are on Azure, you need to install in addition the package fence-agents-azure-arm. This package (fence-agents-azure-arm) is only installable with Public Cloud Module enabled which provides the required Python3.11 dependencies. python-pexpect-4.8.0-150400.15.7.3.src.rpm python-ptyprocess-0.7.0-150400.11.5.3.src.rpm python-pycurl-7.45.2-150400.13.6.3.src.rpm python-pycurl-test-7.45.2-150400.13.6.3.src.rpm python311-pexpect-4.8.0-150400.15.7.3.noarch.rpm python311-ptyprocess-0.7.0-150400.11.5.3.noarch.rpm python311-pycurl-7.45.2-150400.13.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2675 Recommended update for wicked important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname wicked-0.6.76-150400.3.30.1.src.rpm wicked-0.6.76-150400.3.30.1.x86_64.rpm wicked-service-0.6.76-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2679 Recommended update for patterns-base moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. patterns-base-20200124-150400.20.10.1.src.rpm patterns-base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-apparmor-20200124-150400.20.10.1.x86_64.rpm patterns-base-apparmor-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-base-20200124-150400.20.10.1.x86_64.rpm patterns-base-base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-basesystem-20200124-150400.20.10.1.x86_64.rpm patterns-base-basic_desktop-20200124-150400.20.10.1.x86_64.rpm patterns-base-bootloader-20200124-150400.20.10.1.x86_64.rpm patterns-base-documentation-20200124-150400.20.10.1.x86_64.rpm patterns-base-enhanced_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-enhanced_base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-fips-20200124-150400.20.10.1.x86_64.rpm patterns-base-fips-certified-20200124-150400.20.10.1.x86_64.rpm patterns-base-minimal_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-minimal_base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-sw_management-20200124-150400.20.10.1.x86_64.rpm patterns-base-sw_management-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-transactional_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11_enhanced-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11_enhanced-32bit-20200124-150400.20.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2658 Security update for shadow important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). login_defs-4.8.1-150400.10.18.1.noarch.rpm shadow-4.8.1-150400.10.18.1.src.rpm shadow-4.8.1-150400.10.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2886 Recommended update for dmidecode moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records dmidecode-3.6-150400.16.11.2.src.rpm dmidecode-3.6-150400.16.11.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2660 Security update for gtk2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gtk2 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) gtk2-2.24.33-150400.4.3.1.src.rpm gtk2-data-2.24.33-150400.4.3.1.noarch.rpm gtk2-devel-2.24.33-150400.4.3.1.x86_64.rpm gtk2-lang-2.24.33-150400.4.3.1.noarch.rpm gtk2-tools-2.24.33-150400.4.3.1.x86_64.rpm libgtk-2_0-0-2.24.33-150400.4.3.1.x86_64.rpm libgtk-2_0-0-32bit-2.24.33-150400.4.3.1.x86_64.rpm typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1.x86_64.rpm gtk2-tools-32bit-2.24.33-150400.4.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2661 Security update for gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gtk3 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) gtk3-3.24.34-150400.3.9.1.src.rpm gtk3-data-3.24.34-150400.3.9.1.noarch.rpm gtk3-devel-3.24.34-150400.3.9.1.x86_64.rpm gtk3-devel-doc-3.24.34-150400.3.9.1.x86_64.rpm gtk3-doc-3.24.34-150400.3.9.1.src.rpm gtk3-lang-3.24.34-150400.3.9.1.noarch.rpm gtk3-schema-3.24.34-150400.3.9.1.noarch.rpm gtk3-tools-3.24.34-150400.3.9.1.x86_64.rpm libgtk-3-0-3.24.34-150400.3.9.1.x86_64.rpm typelib-1_0-Gtk-3_0-3.24.34-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2711 Recommended update for mksusecd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - merge github: openSUSE/mksusecd #75 - update El-Torito UEFI image to match 'EFI' directory (bsc#1227668) mksusecd-2.19-150400.3.21.2.src.rpm mksusecd-2.19-150400.3.21.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2663 Security update for orc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184) liborc-0_4-0-0.4.28-150000.3.6.1.x86_64.rpm orc-0.4.28-150000.3.6.1.src.rpm orc-0.4.28-150000.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2971 Recommended update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML fixes the following issues: perl-DBI was updated from version 1.642 to 1.643: - Updated Devel::PPPort and removed redundant compatibility macros - Correct minor typo in documentation - Correct documentation introducing $dbh->selectall_array() - Introduced select and do wrappers earlier in the documentation - Mark as deprecated old API functions which overflow or are affected by Unicode issues - Add new attribute RaiseWarn, similar to RaiseError perl-DBD-SQLite was updated from version 1.66 to 1.74: - Fixed disabling of __perllib_provides - Upgraded SQLite to 3.42.0 - Added missing possible table_type values to POD - Set UTF8CACHE to avoid slowdown with -DDEBUGGING - Lowercase datatype in table column metadata for back-compatibility - Fixed test failure on perl built with -DDEBUGGING - Improve sqlite_load_extension documentation - Add a feature to unregister a created function - Fixed accented characters in POD - Link embedded sqlite devel files to system files - Use the system sqlite rather than the built-in one - Fixed documentation to use the correct attribute with sqlite_ - Modify the fix to silence the sqlite_unicode warning not to check the attribute twice - Fix an encoding issue of naive - Made DBD_SQLITE_STRING_MODE constants exportable - Stop setting THREADSAFE=0 if perl has pthread (ie. 5.20+) - Fixed a memory leak in ::VirtualTable - Introduced "string_mode" handle attribute to fix long-standing issues of sqlite_unicode - Added a dependency from dbdimp.o to the *.inc files included into dbdimp.c - Fixed an offset issue of VirtualTable - Fixed quadmath issues - Added sqlite_txn_state method to see internal state of the backend - Switched to XSLoader - Use quadmath_snprintf if USE_QUADMATH is defined - Use av_fetch instead of av_shift perl-DBD-Pg was update from version 3.10.4 to 3.18.0: - Support new PQclosePrepared function, added in Postgres 17 - Improved documentation about ping always returning a value - New database handle attribute pg_skip_deallocate Prevents any deallocation of automatically prepared statements to support new pgBouncer feature - Fix to handle escaped quotes in connection string - Return number of affected rows from a MERGE command - Added support for Github CI actions - Removed undocumented internal-only pg_pid_number attribute - Small warning in docs about PG_CHAR - Added new attribute "pg_int8_as_string", for backwards compatibility. - Added a META.json file; rename META.yml to META.yaml - Fix 03smethod.t $sth->last_insert_id skip count for DBI < 1.642 - Documentation improvements for service files - Automatically use 64-bit versions of large object functions when available - Set UTF8 flag as needed for error messages - In tests, do not assume what the default transaction isolation level will be - Make tests smarter about detecting pg_ctl results in different locales - Adjust tests for the fact that reltuples can be -1 in Postgres version 13 and later. This is mostly reflected in the CARDINALITY column for $dbh->statistics_info. - Correctly pull back pg_async status from statement handle. Previously, $dbh->{pg_async} would return undef. - Remove the experimental 'fulltest' Makefile target. - The $dbh->primary_key_info and $dbh->foreign_key_info methods will now always return a statement handle, even with no matches. Previously, they returned undef directly. Callers can check if the returned handle contains any rows. - The $dbh->tables method will always return a list, even if it is empty. - Add pg_lo_tell64, pg_lo_seek64, and pg_lo_truncate64, for anyone dealing with really, really, really large 'large objects'. Requires Postgres 9.3 or better. - Allow test to run again when using a non-superuser to connect - Adjust tests to force loading proper version of DBD::Pg every time. - Removed the long-deprecated _pg_use_catalog method. - Many improvements and changes to the test suite. - Redo the "last_result" internals in dbdimp.c, which fixes a memory leak. - Fixed regression in Perl length() for returned query results - Make $sth->finish() do a little less. Notably, even after calling finish(), pg_error_field will still work on the last action performed. - Tweak tests so Windows boxes pass - Run tests in verbose mode - Prevent DBI from flipping AutoCommit to 'on' after a failed commit - Revert overly aggressive testing shortcut as it can cause installs to fail - Return the table info row last in statistics_info. This fixes statistics_info on pre-8.3 servers. - Fixed ASC_OR_DESC field in statistics_info - Indicate NULL ordering in statistics_info - Adjust Makefile to fix failing 'fulltest' target on BSD systems - Indicate non-key index columns (INCLUDE) in statistics_info - Return an empty result set instead of undef from statistics_info when the requested table doesn't exist and $unique_only is false. - Fixed segfault during st destroy - Improved testing for table_info() - Improved UTF-8 wording in documentaion perl-YAML-LibYAML was updated to version 0.89: - Breaking Change: Set $YAML::XS::LoadBlessed default to false to make it more secure - Fixed disabling of __perllib_provides - Recognise core booleans on Perl 5.36+ at dump time - Fixed YAML::XS pod in cpanminus - Convert doc from Swim to Markdown - Added option ForbidDuplicateKeys - Recognize tied variables - Updated libyaml sources to 0.2.4. Changes affecting YAML::XS are - Output '...' at the stream end after a block scalar with trailing empty lines - Accept '%YAML 1.2' directives (they are ignored and do not change behaviour though) - Fix memory leak when loading invalid YAML - Support aliasing scalars resolved as null or booleans - Add YAML::XS::LibYAML::libyaml_version() - Support standard !!int/!!float tags instead of dying - Fixed double free/core dump when Dump()ing binary data - Update config.h from libyaml - Update libyaml to version 0.2.2. Most important change for users is that plain urls in flow style can be parsed now. Example: `[ http://yaml.org]`. - Added $Indent - number of spaces when dumping - Implemented $LoadCode - Update to libyaml 0.2.1. It's forbidden now to escape single quotes inside double quotes - When disabling $LoadBlessed, return scalars not refs - Save anchors also for blessed scalars - Fixed format specifier/argument mismatch - Fixed a C90-compatibility issue - Prevent warning about unused variables perl-YAML-LibYAML-0.890.0-150000.3.8.2.src.rpm perl-YAML-LibYAML-0.890.0-150000.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3469 Recommended update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery contains the following fixes: Changes for python-kubernetes: - add sle15_python_module_pythons, jsc#PED-8481 Changes for python-recommonmark: - Initial shipment for python-recommonmark. Please check changelog for detailed infromation. Changes for python-Sphinx: - Add patch to fix-test-expectation-for-enum-rendering-on-python-3.12.3. (bsc#1223128) - Disable test test_ext_imgconverter. - Add upstream patch to make it work with python 3.11.7 - avoid xdist - not used by upstream and unstable (and not improving the build time by more than 25%) - remove setuptools requires Changes for python-sphinxcontrib-applehelp: - Add fix tests with python-Shpinx 7.2 jsc#PED-8481 Changes for python-sphinxcontrib-jquery: - drop tests-with-sphinx-72 patch in order to - add tests-with-sphinx-72-python312 patch to build with python 312+ - remove tests-with-sphinx-71 patch - Add tests-with-sphinx-72 patch to fix tests with sphinx 7.2. - add tests-with-sphinx-71 patch to fix tests with sphinx 7.1+ - Initial release of 4.1 No source changes rebuild to fulfill python-recommonmark dependencies on 15 SP4 for the following packages: python311-Babel python311-CommonMark python311-Jinja2 python311-MarkupSafe python311-alabaster python311-imagesize python311-snowballstemmer python311-sphinx_rtd_theme python311-sphinxcontrib-devhelp python311-sphinxcontrib-htmlhelp python311-sphinxcontrib-jsmath python311-sphinxcontrib-qthelp python311-sphinxcontrib-serializinghtml python311-sphinxcontrib-websupport python-Babel-2.12.1-150400.8.5.1.src.rpm python-CommonMark-0.9.1-150400.9.5.1.src.rpm python-Jinja2-3.1.2-150400.12.8.1.src.rpm python-MarkupSafe-2.1.3-150400.11.5.2.src.rpm python-Sphinx-7.2.6-150400.3.10.1.src.rpm python-alabaster-0.7.13-150400.12.5.1.src.rpm python-imagesize-1.4.1-150400.12.5.1.src.rpm python-snowballstemmer-2.2.0-150400.12.5.1.src.rpm python-sphinx_rtd_theme-1.2.0-150400.12.5.1.src.rpm python-sphinxcontrib-applehelp-1.0.4-150400.3.7.1.src.rpm python-sphinxcontrib-devhelp-1.0.2-150400.3.5.1.src.rpm python-sphinxcontrib-htmlhelp-2.0.1-150400.3.5.1.src.rpm python-sphinxcontrib-jquery-4.1-150400.9.7.1.src.rpm python-sphinxcontrib-jsmath-1.0.1-150400.3.5.1.src.rpm python-sphinxcontrib-qthelp-1.0.3-150400.3.5.1.src.rpm python-sphinxcontrib-serializinghtml-1.1.9-150400.3.8.1.src.rpm python-sphinxcontrib-websupport-1.2.4-150400.13.5.1.src.rpm python311-Babel-2.12.1-150400.8.5.1.noarch.rpm python311-CommonMark-0.9.1-150400.9.5.1.noarch.rpm python311-Jinja2-3.1.2-150400.12.8.1.x86_64.rpm python311-MarkupSafe-2.1.3-150400.11.5.2.x86_64.rpm python311-Sphinx-7.2.6-150400.3.10.1.noarch.rpm python311-Sphinx-latex-7.2.6-150400.3.10.1.noarch.rpm python311-alabaster-0.7.13-150400.12.5.1.noarch.rpm python311-imagesize-1.4.1-150400.12.5.1.noarch.rpm python311-snowballstemmer-2.2.0-150400.12.5.1.noarch.rpm python311-sphinx_rtd_theme-1.2.0-150400.12.5.1.noarch.rpm python311-sphinxcontrib-applehelp-1.0.4-150400.3.7.1.noarch.rpm python311-sphinxcontrib-devhelp-1.0.2-150400.3.5.1.noarch.rpm python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.5.1.noarch.rpm python311-sphinxcontrib-jquery-4.1-150400.9.7.1.noarch.rpm python311-sphinxcontrib-jsmath-1.0.1-150400.3.5.1.noarch.rpm python311-sphinxcontrib-qthelp-1.0.3-150400.3.5.1.noarch.rpm python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.8.1.noarch.rpm python311-sphinxcontrib-websupport-1.2.4-150400.13.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2860 Security update for python3-Twisted important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-Twisted fixes the following issues: - CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web (bsc#1228549) - CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response (bsc#1228552) python3-Twisted-22.2.0-150400.21.1.src.rpm python3-Twisted-22.2.0-150400.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2880 Security update for python-Twisted important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549) - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552) python-Twisted-22.10.0-150400.5.23.1.src.rpm python311-Twisted-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-all_non_platform-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-conch-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-conch_nacl-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-contextvars-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-http2-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-serial-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-tls-22.10.0-150400.5.23.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2927 Security update for openssl-1_1 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) libopenssl-1_1-devel-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.72.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.72.1.src.rpm openssl-1_1-1.1.1l-150400.7.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2931 Security update for openssl-3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) libopenssl-3-devel-3.0.8-150400.4.60.1.x86_64.rpm libopenssl3-3.0.8-150400.4.60.1.x86_64.rpm openssl-3-3.0.8-150400.4.60.1.src.rpm openssl-3-3.0.8-150400.4.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2786 Security update for java-1_8_0-openjdk important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes + JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports + JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage + JDK-8320097: Improve Image transformations + JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling + JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading + JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management + JDK-8323390: Enhance mask blit functionality + JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling + JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 + JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 + JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings + JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited + JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails + JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails + JDK-8205407: [windows, vs<2017] C4800 after 8203197 + JDK-8235834: IBM-943 charset encoder needs updating + JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled + JDK-8256152: tests fail because of ambiguous method resolution + JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 + JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. + JDK-8268916: Tests for AffirmTrust roots + JDK-8278067: Make HttpURLConnection default keep alive timeout configurable + JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 + JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value + JDK-8291638: Keep-Alive timeout of 0 should close connection immediately + JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + JDK-8316138: Add GlobalSign 2 TLS root certificates + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8320005: Allow loading of shared objects with .a extension on AIX + JDK-8324185: [8u] Accept Xcode 12+ builds on macOS + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test + JDK-8326686: Bump update version of OpenJDK: 8u422 + JDK-8327440: Fix "bad source file" error during beaninfo generation + JDK-8328809: [8u] Problem list some CA tests + JDK-8328825: Google CAInterop test failures + JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary + JDK-8331791: [8u] AIX build break from JDK-8320005 backport + JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test + JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes + JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye + JDK-8333669: [8u] GHA: Dead VS2010 download link + JDK-8318039: GHA: Bump macOS and Xcode versions java-1_8_0-openjdk-1.8.0.422-150000.3.97.1.src.rpm java-1_8_0-openjdk-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2869 Security update for ca-certificates-mozilla important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ca-certificates-mozilla-2.68-150200.33.1.noarch.rpm ca-certificates-mozilla-2.68-150200.33.1.src.rpm ca-certificates-mozilla-prebuilt-2.68-150200.33.1.noarch.rpm ca-certificates-mozilla-prebuilt-2.68-150200.33.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3286 Recommended update for salt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Fix rich rule comparison in firewalld module (bsc#1222684) - test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL - Make auth.pam more robust with Salt Bundle and fix tests - Fix performance of user.list_groups with many remote groups - Fix "status.diskusage" function and exclude some tests for Salt Bundle - Skip certain tests if necessary for some OSes and set flaky ones - Add a timer to delete old env post update for venv-minion - Several fixes for tests to avoid errors and failures in some OSes python3-salt-3006.0-150400.8.66.2.x86_64.rpm True salt-3006.0-150400.8.66.2.src.rpm True salt-3006.0-150400.8.66.2.x86_64.rpm True salt-api-3006.0-150400.8.66.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.66.2.noarch.rpm True salt-cloud-3006.0-150400.8.66.2.x86_64.rpm True salt-doc-3006.0-150400.8.66.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.66.2.noarch.rpm True salt-master-3006.0-150400.8.66.2.x86_64.rpm True salt-minion-3006.0-150400.8.66.2.x86_64.rpm True salt-proxy-3006.0-150400.8.66.2.x86_64.rpm True salt-ssh-3006.0-150400.8.66.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.66.2.x86_64.rpm True salt-syndic-3006.0-150400.8.66.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.66.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.66.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3026 Recommended update for supportutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) supportutils-3.2.8-150300.7.35.33.1.noarch.rpm supportutils-3.2.8-150300.7.35.33.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2799 Recommended update for runc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) runc-1.1.13-150000.67.1.src.rpm runc-1.1.13-150000.67.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2863 Security update for bind important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) bind-9.16.50-150400.5.43.1.src.rpm bind-9.16.50-150400.5.43.1.x86_64.rpm bind-doc-9.16.50-150400.5.43.1.noarch.rpm bind-utils-9.16.50-150400.5.43.1.x86_64.rpm python3-bind-9.16.50-150400.5.43.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3003 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) - CVE-2024-7518: Fullscreen notification dialog can be obscured by document - CVE-2024-7519: Out of bounds memory access in graphics shared memory handling - CVE-2024-7520: Type confusion in WebAssembly - CVE-2024-7521: Incomplete WebAssembly exception handing - CVE-2024-7522: Out of bounds read in editor component - CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims - CVE-2024-7525: Missing permission check when creating a StreamFilter - CVE-2024-7526: Uninitialized memory used by WebGL - CVE-2024-7527: Use-after-free in JavaScript garbage collection - CVE-2024-7528: Use-after-free in IndexedDB - CVE-2024-7529: Document content could partially obscure security prompts - CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel MozillaFirefox-128.1.0-150200.152.146.1.src.rpm MozillaFirefox-128.1.0-150200.152.146.1.x86_64.rpm MozillaFirefox-branding-SLE-128-150200.9.16.1.src.rpm MozillaFirefox-branding-SLE-128-150200.9.16.1.x86_64.rpm MozillaFirefox-devel-128.1.0-150200.152.146.1.noarch.rpm MozillaFirefox-translations-common-128.1.0-150200.152.146.1.x86_64.rpm MozillaFirefox-translations-other-128.1.0-150200.152.146.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2877 Optional update for sles-release low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sles-release fixes the following issue: - Adjust codestream lifecycle sles-release-15.4-150400.58.10.2.src.rpm sles-release-15.4-150400.58.10.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3167 Recommended update for glibc moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). glibc-2.31-150300.86.3.src.rpm glibc-2.31-150300.86.3.x86_64.rpm glibc-devel-2.31-150300.86.3.x86_64.rpm glibc-devel-static-2.31-150300.86.3.x86_64.rpm glibc-extra-2.31-150300.86.3.x86_64.rpm glibc-i18ndata-2.31-150300.86.3.noarch.rpm glibc-info-2.31-150300.86.3.noarch.rpm glibc-lang-2.31-150300.86.3.noarch.rpm glibc-locale-2.31-150300.86.3.x86_64.rpm glibc-locale-base-2.31-150300.86.3.x86_64.rpm glibc-locale-base-32bit-2.31-150300.86.3.x86_64.rpm glibc-profile-2.31-150300.86.3.x86_64.rpm glibc-utils-2.31-150300.86.3.x86_64.rpm glibc-utils-src-2.31-150300.86.3.src.rpm nscd-2.31-150300.86.3.x86_64.rpm glibc-32bit-2.31-150300.86.3.x86_64.rpm glibc-devel-32bit-2.31-150300.86.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2929 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). kernel-default-5.14.21-150400.24.128.1.nosrc.rpm True kernel-default-5.14.21-150400.24.128.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.128.1.150400.24.62.1.src.rpm True kernel-default-base-5.14.21-150400.24.128.1.150400.24.62.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.128.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.128.1.noarch.rpm True kernel-docs-5.14.21-150400.24.128.1.noarch.rpm True kernel-docs-5.14.21-150400.24.128.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.128.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.128.1.src.rpm True kernel-obs-build-5.14.21-150400.24.128.1.x86_64.rpm True kernel-source-5.14.21-150400.24.128.1.noarch.rpm True kernel-source-5.14.21-150400.24.128.1.src.rpm True kernel-syms-5.14.21-150400.24.128.1.src.rpm True kernel-syms-5.14.21-150400.24.128.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.128.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2967 Recommended update for pam moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). pam-1.3.0-150000.6.71.2.src.rpm pam-1.3.0-150000.6.71.2.x86_64.rpm pam-devel-1.3.0-150000.6.71.2.x86_64.rpm pam-devel-32bit-1.3.0-150000.6.71.2.x86_64.rpm pam-doc-1.3.0-150000.6.71.2.noarch.rpm pam-extra-1.3.0-150000.6.71.2.x86_64.rpm pam-32bit-1.3.0-150000.6.71.2.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.71.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3120 Security update for buildah, docker critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in "bud and test --unsetlabel" * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert "Reduce official image size" * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base "image" platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-25.0.6_ce-150000.207.1.src.rpm docker-25.0.6_ce-150000.207.1.x86_64.rpm docker-bash-completion-25.0.6_ce-150000.207.1.noarch.rpm docker-rootless-extras-25.0.6_ce-150000.207.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3057 Recommended update for go1.21 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issue: - go1.21.13 (released 2024-08-06) includes fixes to the go command, the covdata command, and the bytes package (bsc#1212475). go1.21-1.21.13-150000.1.42.2.src.rpm go1.21-1.21.13-150000.1.42.2.x86_64.rpm go1.21-doc-1.21.13-150000.1.42.2.x86_64.rpm go1.21-race-1.21.13-150000.1.42.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2966 Recommended update for util-linux moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). libblkid-devel-2.37.2-150400.8.32.2.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.32.2.x86_64.rpm libblkid1-2.37.2-150400.8.32.2.x86_64.rpm libfdisk-devel-2.37.2-150400.8.32.2.x86_64.rpm libfdisk1-2.37.2-150400.8.32.2.x86_64.rpm libmount-devel-2.37.2-150400.8.32.2.x86_64.rpm libmount1-2.37.2-150400.8.32.2.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.32.2.x86_64.rpm libsmartcols1-2.37.2-150400.8.32.2.x86_64.rpm libuuid-devel-2.37.2-150400.8.32.2.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.32.2.x86_64.rpm libuuid1-2.37.2-150400.8.32.2.x86_64.rpm util-linux-2.37.2-150400.8.32.2.src.rpm util-linux-2.37.2-150400.8.32.2.x86_64.rpm util-linux-lang-2.37.2-150400.8.32.2.noarch.rpm util-linux-systemd-2.37.2-150400.8.32.2.src.rpm util-linux-systemd-2.37.2-150400.8.32.2.x86_64.rpm uuidd-2.37.2-150400.8.32.2.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.32.2.x86_64.rpm libmount1-32bit-2.37.2-150400.8.32.2.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.32.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2922 Recommended update for grub2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution grub2-2.06-150400.11.46.1.src.rpm grub2-2.06-150400.11.46.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.46.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.46.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.46.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.46.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.46.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3059 Recommended update for udisks2 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for udisks2 fixes the following issue: - Code patch: fix double free inside the g_static_resource_fini() atexit handler (bsc#1228290). libudisks2-0-2.9.2-150400.3.6.2.x86_64.rpm libudisks2-0-devel-2.9.2-150400.3.6.2.x86_64.rpm typelib-1_0-UDisks-2_0-2.9.2-150400.3.6.2.x86_64.rpm udisks2-2.9.2-150400.3.6.2.src.rpm udisks2-2.9.2-150400.3.6.2.x86_64.rpm udisks2-lang-2.9.2-150400.3.6.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3091 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698): - Fix web process cache suspend/resume when sandbox is enabled. - Fix accelerated images dissapearing after scrolling. - Fix video flickering with DMA-BUF sink. - Fix pointer lock on X11. - Fix movement delta on mouse events in GTK3. - Undeprecate console message API and make it available in 2022 API. - Fix several crashes and rendering issues. - Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558. WebKitGTK-4.0-lang-2.44.3-150400.4.88.1.noarch.rpm WebKitGTK-4.1-lang-2.44.3-150400.4.88.1.noarch.rpm WebKitGTK-6.0-lang-2.44.3-150400.4.88.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1.x86_64.rpm libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1.x86_64.rpm libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1.x86_64.rpm libwebkitgtk-6_0-4-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk3-2.44.3-150400.4.88.1.src.rpm webkit2gtk3-devel-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk3-soup2-2.44.3-150400.4.88.1.src.rpm webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk4-2.44.3-150400.4.88.1.src.rpm webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3054 Security update for python3-setuptools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python3-setuptools-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-44.1.1-150400.9.9.1.src.rpm python3-setuptools-test-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-test-44.1.1-150400.9.9.1.src.rpm python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2907 Security update for python310-setuptools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python310-setuptools-67.6.1-150400.4.9.1.noarch.rpm python310-setuptools-67.6.1-150400.4.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3055 Security update for python-setuptools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python-setuptools-67.7.2-150400.3.16.1.src.rpm python311-setuptools-67.7.2-150400.3.16.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3141 Recommended update for python-kiwi important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Update virtualenv setup - types-pkg_resources got dropped from PyPI - Fixed regression in GRUB_SERIAL_COMMAND setup (bsc#1228808) dracut-kiwi-lib-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.84.1.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.84.1.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.84.1.x86_64.rpm kiwi-tools-9.24.43-150100.3.84.1.x86_64.rpm python-kiwi-9.24.43-150100.3.84.1.src.rpm python3-kiwi-9.24.43-150100.3.84.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2987 Recommended update for dpdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issue: - Provided DPDK modules taint the kernel as unsupported (bsc#1214724, jsc#PED-8431) dpdk-19.11.10-150400.4.18.1.src.rpm dpdk-19.11.10-150400.4.18.1.x86_64.rpm dpdk-devel-19.11.10-150400.4.18.1.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.125-150400.4.18.1.x86_64.rpm dpdk-tools-19.11.10-150400.4.18.1.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3094 Security update for kubernetes1.26 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.26 fixes the following issues: Update kubernetes to version 1.26.15: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Fixed packages required by kubernetes1.26-client installation (bsc#1229008) - Update go to version v1.22.5 (bsc#1229858) - Add upstream patch for reproducible builds (bsc#1062303) kubernetes1.26-1.26.15-150400.9.11.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.11.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3095 Security update for ucode-intel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release (bsc#1229129) - CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html) - CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html) - CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html) - CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html) - CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html) Other issues fixed: - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile - update to 20240531: * Update for functional issues. Refer to Intel Pentium Silver and Intel Celeron Processor Specification Update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx ucode-intel-20240813-150200.44.1.src.rpm True ucode-intel-20240813-150200.44.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2980 Security update for kernel-firmware important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) kernel-firmware-20220509-150400.4.28.1.src.rpm True kernel-firmware-all-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.28.1.noarch.rpm True ucode-amd-20220509-150400.4.28.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3080 Security update for curl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) curl-8.0.1-150400.5.47.1.src.rpm curl-8.0.1-150400.5.47.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.47.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.47.1.x86_64.rpm libcurl4-8.0.1-150400.5.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3200 Security update for python311 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Other fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) libpython3_11-1_0-3.11.9-150400.9.32.3.x86_64.rpm python311-3.11.9-150400.9.32.4.src.rpm python311-3.11.9-150400.9.32.4.x86_64.rpm python311-base-3.11.9-150400.9.32.3.x86_64.rpm python311-core-3.11.9-150400.9.32.3.src.rpm python311-curses-3.11.9-150400.9.32.4.x86_64.rpm python311-dbm-3.11.9-150400.9.32.4.x86_64.rpm python311-devel-3.11.9-150400.9.32.3.x86_64.rpm python311-doc-3.11.9-150400.9.32.1.x86_64.rpm python311-doc-devhelp-3.11.9-150400.9.32.1.x86_64.rpm python311-documentation-3.11.9-150400.9.32.1.src.rpm python311-idle-3.11.9-150400.9.32.4.x86_64.rpm python311-tk-3.11.9-150400.9.32.4.x86_64.rpm python311-tools-3.11.9-150400.9.32.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2976 Security update for libqt5-qt3d important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqt5-qt3d fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204) Other fixes: - Check for a nullptr returned from the shader manager - Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call - Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd. libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DAnimation5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DCore-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DCore5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DExtras5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DInput-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DInput5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DLogic5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuick5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DRender-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DRender5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-5.15.2+kde39-150400.3.3.1.src.rpm libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1.noarch.rpm libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3119 Security update for openssl-1_0_0 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138, bsc#1227227) libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.94.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.94.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3396 Security update for qemu important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qemu fixes the following issues: - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) qemu-6.2.0-150400.37.34.1.src.rpm qemu-6.2.0-150400.37.34.1.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-alsa-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-pa-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-curl-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-iscsi-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-rbd-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-ssh-6.2.0-150400.37.34.1.x86_64.rpm qemu-chardev-baum-6.2.0-150400.37.34.1.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.34.1.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-usb-host-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.34.1.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.34.1.noarch.rpm qemu-ksm-6.2.0-150400.37.34.1.x86_64.rpm qemu-kvm-6.2.0-150400.37.34.1.x86_64.rpm qemu-lang-6.2.0-150400.37.34.1.x86_64.rpm qemu-tools-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-curses-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-gtk-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-spice-app-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.34.1.x86_64.rpm qemu-x86-6.2.0-150400.37.34.1.x86_64.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.34.1.noarch.rpm qemu-sgabios-8-150400.37.34.1.noarch.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.34.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2974 Security update for python310 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: Security issue fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Non-security issues fixed: - Improve python reproducible builds (bsc#1227999) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) - Fixed executable bits for /usr/bin/idle* (bsc#1227378). libpython3_10-1_0-3.10.14-150400.4.54.1.x86_64.rpm python310-3.10.14-150400.4.54.1.src.rpm python310-3.10.14-150400.4.54.1.x86_64.rpm python310-base-3.10.14-150400.4.54.1.x86_64.rpm python310-core-3.10.14-150400.4.54.1.src.rpm python310-curses-3.10.14-150400.4.54.1.x86_64.rpm python310-dbm-3.10.14-150400.4.54.1.x86_64.rpm python310-devel-3.10.14-150400.4.54.1.x86_64.rpm python310-idle-3.10.14-150400.4.54.1.x86_64.rpm python310-tk-3.10.14-150400.4.54.1.x86_64.rpm python310-tools-3.10.14-150400.4.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3118 Security update for dovecot23 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dovecot23 fixes the following issues: - CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183) - CVE-2024-23184: Fixed a denial of service parsing messages containing many address headers (bsc#1229184) dovecot23-2.3.15-150200.65.1.src.rpm dovecot23-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-mysql-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-pgsql-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-sqlite-2.3.15-150200.65.1.x86_64.rpm dovecot23-devel-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-lucene-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-solr-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-squat-2.3.15-150200.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3009 Recommended update for git moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issue: - Fix syntax error with old apparmor versions (bsc#1229029) git-2.35.3-150300.10.45.2.src.rpm git-2.35.3-150300.10.45.2.x86_64.rpm git-arch-2.35.3-150300.10.45.2.x86_64.rpm git-core-2.35.3-150300.10.45.2.x86_64.rpm git-cvs-2.35.3-150300.10.45.2.x86_64.rpm git-daemon-2.35.3-150300.10.45.2.x86_64.rpm git-doc-2.35.3-150300.10.45.2.noarch.rpm git-email-2.35.3-150300.10.45.2.x86_64.rpm git-gui-2.35.3-150300.10.45.2.x86_64.rpm git-svn-2.35.3-150300.10.45.2.x86_64.rpm git-web-2.35.3-150300.10.45.2.x86_64.rpm gitk-2.35.3-150300.10.45.2.x86_64.rpm perl-Git-2.35.3-150300.10.45.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3173 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) apache2-2.4.51-150400.6.34.1.src.rpm apache2-2.4.51-150400.6.34.1.x86_64.rpm apache2-devel-2.4.51-150400.6.34.1.x86_64.rpm apache2-doc-2.4.51-150400.6.34.1.noarch.rpm apache2-prefork-2.4.51-150400.6.34.1.x86_64.rpm apache2-utils-2.4.51-150400.6.34.1.x86_64.rpm apache2-worker-2.4.51-150400.6.34.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3071 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). suse-build-key-12.0-150000.8.52.3.noarch.rpm suse-build-key-12.0-150000.8.52.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3597 Recommended update for bash moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). bash-4.4-150400.27.3.2.src.rpm bash-4.4-150400.27.3.2.x86_64.rpm bash-devel-4.4-150400.27.3.2.x86_64.rpm bash-doc-4.4-150400.27.3.2.noarch.rpm bash-lang-4.4-150400.27.3.2.noarch.rpm bash-sh-4.4-150400.27.3.2.x86_64.rpm libreadline7-7.0-150400.27.3.2.x86_64.rpm readline-devel-7.0-150400.27.3.2.x86_64.rpm readline-doc-7.0-150400.27.3.2.noarch.rpm libreadline7-32bit-7.0-150400.27.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3185 Recommended update for cups moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) cups-2.2.7-150000.3.65.1.src.rpm cups-2.2.7-150000.3.65.1.x86_64.rpm cups-client-2.2.7-150000.3.65.1.x86_64.rpm cups-config-2.2.7-150000.3.65.1.x86_64.rpm cups-ddk-2.2.7-150000.3.65.1.x86_64.rpm cups-devel-2.2.7-150000.3.65.1.x86_64.rpm libcups2-2.2.7-150000.3.65.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.65.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.65.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.65.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.65.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3090 Security update for frr important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgp_attr_encap (bsc#1229438) frr-7.4-150300.4.29.1.src.rpm frr-7.4-150300.4.29.1.x86_64.rpm frr-devel-7.4-150300.4.29.1.x86_64.rpm libfrr0-7.4-150300.4.29.1.x86_64.rpm libfrr_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrcares0-7.4-150300.4.29.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.29.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.29.1.x86_64.rpm libfrrzmq0-7.4-150300.4.29.1.x86_64.rpm libmlag_pb0-7.4-150300.4.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3089 Security update for go1.21-openssl important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) - CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) - CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) - CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) - CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) - CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) - CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: - Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) - Update to version 1.21.13 (bsc#1212475) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) - Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) go1.21-openssl-1.21.13.1-150000.1.11.1.src.rpm go1.21-openssl-1.21.13.1-150000.1.11.1.x86_64.rpm go1.21-openssl-doc-1.21.13.1-150000.1.11.1.x86_64.rpm go1.21-openssl-race-1.21.13.1-150000.1.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3145 Recommended update for dracut moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). dracut-055+suse.359.geb85610b-150400.3.37.2.src.rpm dracut-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-fips-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-ima-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3107 Security update for openssl-3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) libopenssl-3-devel-3.0.8-150400.4.63.1.x86_64.rpm libopenssl3-3.0.8-150400.4.63.1.x86_64.rpm openssl-3-3.0.8-150400.4.63.1.src.rpm openssl-3-3.0.8-150400.4.63.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3123 Recommended update for deltarpm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for deltarpm fixes the following issues: - Support for threaded zstd compression. - use a tmp file instead of memory to hold the data (bsc#1228948). - fixed C related bugs (incorrect sized memset(), memcpy instead of strcpy, unsigned int). deltarpm-3.6.4-150000.5.3.2.src.rpm deltarpm-3.6.4-150000.5.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3131 Recommended update for mozilla-nss moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). libfreebl3-3.101.2-150400.3.51.1.x86_64.rpm libfreebl3-32bit-3.101.2-150400.3.51.1.x86_64.rpm libsoftokn3-3.101.2-150400.3.51.1.x86_64.rpm libsoftokn3-32bit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-3.101.2-150400.3.51.1.src.rpm mozilla-nss-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-32bit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-certs-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-devel-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-sysinit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-tools-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-certs-32bit-3.101.2-150400.3.51.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3206 Recommended update for snapper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for snapper fixes the following issues: - handle content-length of stomp in zypper plugin (bsc#1229142) libsnapper-devel-0.8.16-150300.3.9.1.x86_64.rpm libsnapper5-0.8.16-150300.3.9.1.x86_64.rpm pam_snapper-0.8.16-150300.3.9.1.x86_64.rpm snapper-0.8.16-150300.3.9.1.src.rpm snapper-0.8.16-150300.3.9.1.x86_64.rpm snapper-zypp-plugin-0.8.16-150300.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3097 Security update for kubernetes1.28 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) kubernetes1.28-1.28.13-150400.9.8.1.src.rpm kubernetes1.28-client-1.28.13-150400.9.8.1.x86_64.rpm kubernetes1.28-client-common-1.28.13-150400.9.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3098 Security update for kubernetes1.27 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.27 fixes the following issues: Update kubernetes to version 1.27.16 - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) kubernetes1.27-1.27.16-150400.9.10.1.src.rpm kubernetes1.27-client-1.27.16-150400.9.10.1.x86_64.rpm kubernetes1.27-client-common-1.27.16-150400.9.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3174 Security update for bubblewrap and flatpak important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bubblewrap and flatpak fixes the following issues: - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent (bsc#1229157) bubblewrap-0.4.1-150200.3.3.1.src.rpm bubblewrap-0.4.1-150200.3.3.1.x86_64.rpm flatpak-1.12.8-150400.3.9.1.src.rpm flatpak-1.12.8-150400.3.9.1.x86_64.rpm flatpak-devel-1.12.8-150400.3.9.1.x86_64.rpm flatpak-zsh-completion-1.12.8-150400.3.9.1.x86_64.rpm libflatpak0-1.12.8-150400.3.9.1.x86_64.rpm system-user-flatpak-1.12.8-150400.3.9.1.x86_64.rpm typelib-1_0-Flatpak-1_0-1.12.8-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3245 Recommended update for maven, maven-resolver, sbt, xmvn moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: maven-resolver was upgraded to version 1.9.22: - Bugs fixed: * Resolver-Supplier unusable in OSGi runtimes * Invalid Cookie set under proxy conditions * In typical setups, DefaultArtifact copies the same maps over and over again * Memory consumption improvements - New Features: * Import o.e.aether packages with the exact same version in OSGi metadata - Improvements: * Removed excessive strictness of OSGi dependency metadata maven was upgraded to version 3.9.9: - Bugs fixed: * Fixed search for topDirectory when using -f / --file for Maven 3.9.x * Fixed Maven not finding extensions for -f when current dir is root * Fixed warning for com.sun:tools:jar that refers to a non-existing file * Fixed profile activation based on OS properties for "mvn site" * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported * Fixed regression causing Property not resolved in profile pluginManagement sbt, xmvn: - Minor code improvements maven-3.9.9-150200.4.30.1.src.rpm maven-3.9.9-150200.4.30.1.x86_64.rpm maven-lib-3.9.9-150200.4.30.1.x86_64.rpm maven-resolver-1.9.22-150200.3.26.1.src.rpm maven-resolver-api-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-connector-basic-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-impl-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-named-locks-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-spi-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-file-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-http-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-wagon-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-util-1.9.22-150200.3.26.1.noarch.rpm xmvn-4.2.0-150200.3.27.1.src.rpm xmvn-4.2.0-150200.3.27.1.x86_64.rpm xmvn-api-4.2.0-150200.3.27.1.noarch.rpm xmvn-connector-4.2.0-150200.3.27.1.noarch.rpm xmvn-connector-4.2.0-150200.3.27.1.src.rpm xmvn-core-4.2.0-150200.3.27.1.noarch.rpm xmvn-install-4.2.0-150200.3.27.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.27.1.x86_64.rpm xmvn-mojo-4.2.0-150200.3.27.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.27.1.src.rpm xmvn-resolve-4.2.0-150200.3.27.1.noarch.rpm xmvn-subst-4.2.0-150200.3.27.1.noarch.rpm xmvn-tools-4.2.0-150200.3.27.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3175 Recommended update for mksusecd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - Make some compression settings configurable (bsc#1223982, jsc#PED-8374). - Update documentation. - Fix UEFI image rebuild detection (bsc#1227668). - Allow updating kernel in live initrd. - Allow updating kernel in live root, support resizing live root. mksusecd-3.0-150400.3.24.4.src.rpm mksusecd-3.0-150400.3.24.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3580 Recommended update for wicked moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issue: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). wicked-0.6.76-150400.3.33.6.src.rpm wicked-0.6.76-150400.3.33.6.x86_64.rpm wicked-service-0.6.76-150400.3.33.6.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3180 Recommended update for binutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file <FILE> option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in "objdump -M insndesc" to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) binutils-2.43-150100.7.49.1.src.rpm binutils-2.43-150100.7.49.1.x86_64.rpm binutils-devel-2.43-150100.7.49.1.x86_64.rpm libctf-nobfd0-2.43-150100.7.49.1.x86_64.rpm libctf0-2.43-150100.7.49.1.x86_64.rpm binutils-devel-32bit-2.43-150100.7.49.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3162 Security update for java-1_8_0-ibm important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346) - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) - CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) - CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) - CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) - CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046) - CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224) java-1_8_0-ibm-1.8.0_sr8.30-150000.3.92.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3238 Recommended update for util-linux moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). libblkid-devel-2.37.2-150400.8.35.2.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.35.2.x86_64.rpm libblkid1-2.37.2-150400.8.35.2.x86_64.rpm libfdisk-devel-2.37.2-150400.8.35.2.x86_64.rpm libfdisk1-2.37.2-150400.8.35.2.x86_64.rpm libmount-devel-2.37.2-150400.8.35.2.x86_64.rpm libmount1-2.37.2-150400.8.35.2.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.35.2.x86_64.rpm libsmartcols1-2.37.2-150400.8.35.2.x86_64.rpm libuuid-devel-2.37.2-150400.8.35.2.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.35.2.x86_64.rpm libuuid1-2.37.2-150400.8.35.2.x86_64.rpm util-linux-2.37.2-150400.8.35.2.src.rpm util-linux-2.37.2-150400.8.35.2.x86_64.rpm util-linux-lang-2.37.2-150400.8.35.2.noarch.rpm util-linux-systemd-2.37.2-150400.8.35.2.src.rpm util-linux-systemd-2.37.2-150400.8.35.2.x86_64.rpm uuidd-2.37.2-150400.8.35.2.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.35.2.x86_64.rpm libmount1-32bit-2.37.2-150400.8.35.2.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3246 Recommended update for beust-jcommander moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for beust-jcommander fixes the following issues: - beust-jcommander was upgraded to version 1.83: * Fixed Docs Timestamp * Fixed JCommander does not recognize command by alias * Fixed missing null check * Renamed IRule to IParametersValidator * Added the new interface IRule, and the new rules attribute to @Paramters * Fixed @-syntax not working with command objects * Fixed regression with removed usage methods * Add OSGi entries in MANIFEST.MF during jar creation beust-jcommander-1.83-150200.3.13.1.noarch.rpm beust-jcommander-1.83-150200.3.13.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3234 Recommended update for grub2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 fixes the following issues: - Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866) - Improved check for disk device when looking for PReP partition grub2-2.06-150400.11.49.1.src.rpm grub2-2.06-150400.11.49.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.49.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.49.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.49.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.49.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.49.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3247 Recommended update for hamcrest moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hamcrest fixes the following issues: - hamcrest was updated to version 3.0: * Breaking Changes: + From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar. * Improvements: + FileMatchersTest simplification + License cleanup hamcrest-3.0-150200.12.20.1.noarch.rpm hamcrest-3.0-150200.12.20.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3186 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: Update to version 1.35.4: * CVE-2024-3727 updates (bsc#1224117) * Bump go-jose CVE-2024-28180 * Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: * correctly configure /etc/hosts and resolv.conf * buildah: refactor resolv/hosts setup. * rename the hostFile var to reflect * CVE-2024-24786 protobuf to 1.33 Update to version 1.35.1: * CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) Update to version 1.35.0: * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * Update module go.etcd.io/bbolt to v1.3.9 * Update module github.com/opencontainers/image-spec to v1.1.0 * build --all-platforms: skip some base "image" platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * imagebuildah: fix crash with empty RUN * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * Replace map[K]bool with map[K]struct{} where it makes sense * Bump CI VMs * Replace strings.SplitN with strings.Cut * Document use of containers-transports values in buildah * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * [skip-ci] Update actions/stale action to v9 * Ignore errors if label.Relabel returns ENOSUP buildah-1.35.4-150400.3.30.1.src.rpm buildah-1.35.4-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3157 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821) - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block - CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran - CVE-2024-8383: Firefox did not ask before openings news: links in an external application - CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions - CVE-2024-8385: WASM type confusion involving ArrayTypes - CVE-2024-8386: SelectElements could be shown over another site if popups are allowed - CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 MozillaFirefox-128.2.0-150200.152.149.1.src.rpm MozillaFirefox-128.2.0-150200.152.149.1.x86_64.rpm MozillaFirefox-devel-128.2.0-150200.152.149.1.noarch.rpm MozillaFirefox-translations-common-128.2.0-150200.152.149.1.x86_64.rpm MozillaFirefox-translations-other-128.2.0-150200.152.149.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3170 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) libecpg6-16.4-150200.5.16.1.x86_64.rpm libpq5-16.4-150200.5.16.1.x86_64.rpm libpq5-32bit-16.4-150200.5.16.1.x86_64.rpm postgresql16-16.4-150200.5.16.1.src.rpm postgresql16-16.4-150200.5.16.1.x86_64.rpm postgresql16-contrib-16.4-150200.5.16.1.x86_64.rpm postgresql16-devel-16.4-150200.5.16.1.x86_64.rpm postgresql16-docs-16.4-150200.5.16.1.noarch.rpm postgresql16-plperl-16.4-150200.5.16.1.x86_64.rpm postgresql16-plpython-16.4-150200.5.16.1.x86_64.rpm postgresql16-pltcl-16.4-150200.5.16.1.x86_64.rpm postgresql16-server-16.4-150200.5.16.1.x86_64.rpm postgresql16-server-devel-16.4-150200.5.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3168 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 15.8 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql15-15.8-150200.5.30.1.src.rpm postgresql15-15.8-150200.5.30.1.x86_64.rpm postgresql15-contrib-15.8-150200.5.30.1.x86_64.rpm postgresql15-devel-15.8-150200.5.30.1.x86_64.rpm postgresql15-docs-15.8-150200.5.30.1.noarch.rpm postgresql15-plperl-15.8-150200.5.30.1.x86_64.rpm postgresql15-plpython-15.8-150200.5.30.1.x86_64.rpm postgresql15-pltcl-15.8-150200.5.30.1.x86_64.rpm postgresql15-server-15.8-150200.5.30.1.x86_64.rpm postgresql15-server-devel-15.8-150200.5.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3169 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql14-14.13-150200.5.47.1.src.rpm postgresql14-14.13-150200.5.47.1.x86_64.rpm postgresql14-contrib-14.13-150200.5.47.1.x86_64.rpm postgresql14-devel-14.13-150200.5.47.1.x86_64.rpm postgresql14-docs-14.13-150200.5.47.1.noarch.rpm postgresql14-plperl-14.13-150200.5.47.1.x86_64.rpm postgresql14-plpython-14.13-150200.5.47.1.x86_64.rpm postgresql14-pltcl-14.13-150200.5.47.1.x86_64.rpm postgresql14-server-14.13-150200.5.47.1.x86_64.rpm postgresql14-server-devel-14.13-150200.5.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3171 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 13.16 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql13-13.16-150200.5.61.1.src.rpm postgresql13-13.16-150200.5.61.1.x86_64.rpm postgresql13-contrib-13.16-150200.5.61.1.x86_64.rpm postgresql13-devel-13.16-150200.5.61.1.x86_64.rpm postgresql13-docs-13.16-150200.5.61.1.noarch.rpm postgresql13-llvmjit-13.16-150200.5.61.1.x86_64.rpm postgresql13-llvmjit-devel-13.16-150200.5.61.1.x86_64.rpm postgresql13-plperl-13.16-150200.5.61.1.x86_64.rpm postgresql13-plpython-13.16-150200.5.61.1.x86_64.rpm postgresql13-pltcl-13.16-150200.5.61.1.x86_64.rpm postgresql13-server-13.16-150200.5.61.1.x86_64.rpm postgresql13-server-devel-13.16-150200.5.61.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3155 Security update for kubernetes1.26 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.26 fixes the following issues: - CVE-2023-45288: Close connections when receiving too many headers. (bsc#1229869) kubernetes1.26-1.26.15-150400.9.14.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.14.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3242 Recommended update for strace moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). strace-5.14-150400.3.3.2.src.rpm strace-5.14-150400.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3408 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" (bsc#1230413). - Revert "mm, kmsan: fix infinite recursion due to RCU critical section" (bsc#1230413). - Revert "mm/sparsemem: fix race in accessing memory_section->usage" (bsc#1230413). - nvme_core: scan namespaces asynchronously (bsc#1224105). kernel-default-5.14.21-150400.24.133.2.nosrc.rpm True kernel-default-5.14.21-150400.24.133.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.133.2.150400.24.64.5.src.rpm True kernel-default-base-5.14.21-150400.24.133.2.150400.24.64.5.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.133.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.133.2.noarch.rpm True kernel-docs-5.14.21-150400.24.133.1.noarch.rpm True kernel-docs-5.14.21-150400.24.133.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.133.2.noarch.rpm True kernel-obs-build-5.14.21-150400.24.133.2.src.rpm True kernel-obs-build-5.14.21-150400.24.133.2.x86_64.rpm True kernel-source-5.14.21-150400.24.133.2.noarch.rpm True kernel-source-5.14.21-150400.24.133.2.src.rpm True kernel-syms-5.14.21-150400.24.133.1.src.rpm True kernel-syms-5.14.21-150400.24.133.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.133.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3222 Security update for runc low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) runc-1.1.14-150000.70.1.src.rpm runc-1.1.14-150000.70.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3221 Security update for containerd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) containerd-1.7.21-150000.117.1.src.rpm containerd-1.7.21-150000.117.1.x86_64.rpm containerd-ctr-1.7.21-150000.117.1.x86_64.rpm containerd-devel-1.7.21-150000.117.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3244 Recommended update for scap-security-guide moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: - Version update (jsc#ECO-3319). - Add Amazon Linux 2023 product - Introduce new remediation type Kickstart - Make PAM macros more flexible to variables - Remove Debian 10 Product - Remove Red Hat Enterprise Linux 7 product - Update CIS RHEL9 control file to v2.0.0 scap-security-guide-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-0.1.74-150000.1.86.2.src.rpm scap-security-guide-debian-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-redhat-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-ubuntu-0.1.74-150000.1.86.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3358 Security update for ffmpeg-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - Dropped support for libmfx to fix the following CVEs: * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) - CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026) ffmpeg-4-4.4-150400.3.42.1.src.rpm libavcodec58_134-4.4-150400.3.42.1.x86_64.rpm libavformat58_76-4.4-150400.3.42.1.x86_64.rpm libavutil56_70-4.4-150400.3.42.1.x86_64.rpm libpostproc55_9-4.4-150400.3.42.1.x86_64.rpm libswresample3_9-4.4-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3259 Recommended update for rmt-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server contains the following fixes: - Version 2.19 * Fix for mirroring products that contain special characters (eg.: '$') in their path * rmt-server-pubcloud: * Support registration of extensions in BYOS mode on top of a PAYG system (hybrid mode) (jsc#PCT-400) * Validate repository and registy access for hybrid systems - Include new script to fix yum-utils issue (jsc#SLL-369) rmt-server-2.19-150400.3.31.3.src.rpm rmt-server-2.19-150400.3.31.3.x86_64.rpm rmt-server-config-2.19-150400.3.31.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3263 Recommended update for python3-dmidecode moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-dmidecode fixes the following issues: - python3-dmidecode was updated to version 3.12.3 (bsc#1229855): * Added support for SMBIOS3.3.0 python3-dmidecode-3.12.3-150400.21.2.src.rpm python3-dmidecode-3.12.3-150400.21.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3412 Recommended update for python-kiwi moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Fixed resize of DOS table type on s390 systems (bsc#1228729) dracut-kiwi-lib-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.87.2.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.87.2.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.87.2.x86_64.rpm kiwi-tools-9.24.43-150100.3.87.2.x86_64.rpm python-kiwi-9.24.43-150100.3.87.2.src.rpm python3-kiwi-9.24.43-150100.3.87.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-50 Security update for libmfx moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libmfx fixes the following issues: - CVE-2023-48368: Fixed an improper input validation. (bsc#1226897) - CVE-2023-45221: Fixed an improper buffer restrictions. (bsc#1226898) - CVE-2023-22656: Fixed an out-of-bounds read. (bsc#1226899) - CVE-2023-47282: Fixed an out-of-bounds write. (bsc#1226900) - CVE-2023-47169: Fixed an improper buffer restrictions. (bsc#1226901) libmfx-21.3.4-150400.3.5.1.src.rpm libmfx1-21.3.4-150400.3.5.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3659 Recommended update for gcc14 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the "Development Tools" module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install "gcc14" or "gcc14-c++" or one of the other "gcc14-COMPILER" frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. gcc14-14.2.0+git10526-150000.1.3.3.src.rpm libasan8-14.2.0+git10526-150000.1.3.3.x86_64.rpm libasan8-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libatomic1-14.2.0+git10526-150000.1.3.3.x86_64.rpm libatomic1-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgcc_s1-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgcc_s1-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgfortran5-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgfortran5-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgomp1-14.2.0+git10526-150000.1.3.3.x86_64.rpm libgomp1-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libhwasan0-14.2.0+git10526-150000.1.3.3.x86_64.rpm libitm1-14.2.0+git10526-150000.1.3.3.x86_64.rpm libitm1-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm liblsan0-14.2.0+git10526-150000.1.3.3.x86_64.rpm libobjc4-14.2.0+git10526-150000.1.3.3.x86_64.rpm libobjc4-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libquadmath0-14.2.0+git10526-150000.1.3.3.x86_64.rpm libquadmath0-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libstdc++6-14.2.0+git10526-150000.1.3.3.x86_64.rpm libstdc++6-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libstdc++6-locale-14.2.0+git10526-150000.1.3.3.x86_64.rpm libstdc++6-pp-14.2.0+git10526-150000.1.3.3.x86_64.rpm libstdc++6-pp-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm libtsan2-14.2.0+git10526-150000.1.3.3.x86_64.rpm libubsan1-14.2.0+git10526-150000.1.3.3.x86_64.rpm libubsan1-32bit-14.2.0+git10526-150000.1.3.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3485 Recommended update for libzypp, zypper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. PackageKit-1.2.4-150400.3.22.1.src.rpm True PackageKit-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-devel-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.22.1.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.22.1.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.22.1.x86_64.rpm True libzypp-17.35.11-150400.3.90.1.src.rpm True libzypp-17.35.11-150400.3.90.1.x86_64.rpm True libzypp-devel-17.35.11-150400.3.90.1.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.22.1.x86_64.rpm True zypper-1.14.77-150400.3.62.2.src.rpm True zypper-1.14.77-150400.3.62.2.x86_64.rpm True zypper-log-1.14.77-150400.3.62.2.noarch.rpm True zypper-needs-restarting-1.14.77-150400.3.62.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3300 Recommended update for ncurses moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) libncurses5-6.1-150000.5.27.1.x86_64.rpm libncurses6-6.1-150000.5.27.1.x86_64.rpm ncurses-6.1-150000.5.27.1.src.rpm ncurses-devel-6.1-150000.5.27.1.x86_64.rpm ncurses-utils-6.1-150000.5.27.1.x86_64.rpm ncurses5-devel-6.1-150000.5.27.1.x86_64.rpm tack-6.1-150000.5.27.1.x86_64.rpm terminfo-6.1-150000.5.27.1.x86_64.rpm terminfo-base-6.1-150000.5.27.1.x86_64.rpm terminfo-iterm-6.1-150000.5.27.1.x86_64.rpm terminfo-screen-6.1-150000.5.27.1.x86_64.rpm libncurses5-32bit-6.1-150000.5.27.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.27.1.x86_64.rpm ncurses-devel-32bit-6.1-150000.5.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3331 Recommended update for colord moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for colord fixes the following issue: - Remove script in %pre to change ownership of /var/lib/colord (bsc#1208056). colord-1.4.5-150400.4.6.3.src.rpm colord-color-profiles-1.4.5-150400.4.6.3.x86_64.rpm libcolord-devel-1.4.5-150400.4.6.3.x86_64.rpm libcolord2-1.4.5-150400.4.6.3.x86_64.rpm libcolorhug2-1.4.5-150400.4.6.3.x86_64.rpm typelib-1_0-Colord-1_0-1.4.5-150400.4.6.3.x86_64.rpm typelib-1_0-Colorhug-1_0-1.4.5-150400.4.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3332 Security update for ucode-intel moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240910 release (bsc#1230400) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. ucode-intel-20240910-150200.47.1.src.rpm True ucode-intel-20240910-150200.47.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3305 Security update for clamav important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clamav fixes the following issues: - Update to version 0.103.12 - CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) - CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) clamav-0.103.12-150000.3.53.1.src.rpm clamav-0.103.12-150000.3.53.1.x86_64.rpm clamav-devel-0.103.12-150000.3.53.1.x86_64.rpm libclamav9-0.103.12-150000.3.53.1.x86_64.rpm libfreshclam2-0.103.12-150000.3.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3503 Recommended update for glibc moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). glibc-2.31-150300.89.2.src.rpm glibc-2.31-150300.89.2.x86_64.rpm glibc-devel-2.31-150300.89.2.x86_64.rpm glibc-devel-static-2.31-150300.89.2.x86_64.rpm glibc-extra-2.31-150300.89.2.x86_64.rpm glibc-i18ndata-2.31-150300.89.2.noarch.rpm glibc-info-2.31-150300.89.2.noarch.rpm glibc-lang-2.31-150300.89.2.noarch.rpm glibc-locale-2.31-150300.89.2.x86_64.rpm glibc-locale-base-2.31-150300.89.2.x86_64.rpm glibc-locale-base-32bit-2.31-150300.89.1.x86_64.rpm glibc-profile-2.31-150300.89.2.x86_64.rpm glibc-utils-2.31-150300.89.2.x86_64.rpm glibc-utils-src-2.31-150300.89.2.src.rpm nscd-2.31-150300.89.2.x86_64.rpm glibc-2.31-150300.89.1.src.rpm glibc-32bit-2.31-150300.89.1.x86_64.rpm glibc-devel-32bit-2.31-150300.89.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3298 Security update for python-dnspython moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-dnspython fixes the following issue: - Fix CVE-2023-29483 (bsc#1230353). python-dnspython-1.15.0-150000.3.10.2.src.rpm python3-dnspython-1.15.0-150000.3.10.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3316 Recommended update for ddclient moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ddclient fixes the following issues: - Remove buildRequires to perl(HTTP::Message::PSGI) not available and needed only for tests. - Add curl as BuildRequires/Requires to be able to use the '-curl' option (eg. in DDCLIENT_OPTIONS in /etc/sysconfig/ddclient). - Minor version update * Added support for domaindiscount24.com * Added support for njal.la * Added support for Cloudflare API tokens * Added support for OVH DynHost. * Added support for ClouDNS. * Added support for dinahosting. * Added support for Gandi LiveDNS. * The freedns protocol (for https://freedns.afraid.org) now supports IPv6 addresses. * New ssl_ca_dir and ssl_ca_file options to specify the location of CA certificates. * New built-in IP discovery service shorthands: + googledomains from https://domains.google + he from https://he.net ip+4only.me, ip6only.me from http://whatismyv6.com + ipify-ipv4 and ipify-ipv6 from https://www.ipify.org + myonlineportal from https://myonlineportal.net + noip-ipv4 and noip-ipv6 from https://www.noip.com + nsupdate.info-ipv4 and nsupdate.info-ipv6 from + https://www.nsupdate.info + zoneedit from https://www.zoneedit.com * Added option -curl to access network with system Curl command instead of the Perl built-in IO::Socket classes. * Added option -{no}web-ssl-validate and -{no}fw-ssl-validateto provide option to disable SSL certificate validation. Note that these only apply for network access when obtaining an IP address with use=web or use=fw (any firewall). Network access to Dynamic DNS servers to set or retrieve IP address will always require certificate validation. * The fw-banlocal option is deprecated and no longer does anything. * The if-skip option is deprecated and no longer does anything. * The default server for the dslreports1 protocol changed from members.dyndns.org to www.dslreports.com. * Removed support for defunct dnsspark service * Removed support for defunct dtdns service * Removed support for defunct Hammernode service - (Bug) ddclient no longer sends info mails add SupplementaryGroups=maildrop to service file (bsc#1191885). - rebase patches - update Source to %{name}-%{version} - Modify the systemd service file so ddclient is run After network-online.target instead of just network.target, since running ddclient without being online is pointless. - Added a Wants statement for the same systemd targets as in After - Added hardening to systemd service(s). - systemd-tmpfiles need updating from /var/run/* to /run/* (bsc#1127387). - fix for unit systemd-tmpfiles-setup.service entered failed state (bsc#881520). - Require perl-Data-Validate-IP. - remove leftover debug line in init script (bsc#267306). ddclient-3.10.0-150000.3.10.3.noarch.rpm ddclient-3.10.0-150000.3.10.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3470 Security update for python3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. libpython3_6m1_0-3.6.15-150300.10.72.1.x86_64.rpm python3-3.6.15-150300.10.72.1.src.rpm python3-3.6.15-150300.10.72.1.x86_64.rpm python3-base-3.6.15-150300.10.72.1.x86_64.rpm python3-core-3.6.15-150300.10.72.1.src.rpm python3-curses-3.6.15-150300.10.72.1.x86_64.rpm python3-dbm-3.6.15-150300.10.72.1.x86_64.rpm python3-devel-3.6.15-150300.10.72.1.x86_64.rpm python3-idle-3.6.15-150300.10.72.1.x86_64.rpm python3-tk-3.6.15-150300.10.72.1.x86_64.rpm python3-tools-3.6.15-150300.10.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3473 Recommended update for postgresql, postgresql-pgagent moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresq, postgresql-pgagentl fixes the following issues: - Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. (bsc#1230423) postgresql-pgagent is rebuilt with updated requirements. postgresql-16-150400.4.15.2.noarch.rpm postgresql-16-150400.4.15.2.src.rpm postgresql-contrib-16-150400.4.15.2.noarch.rpm postgresql-devel-16-150400.4.15.2.noarch.rpm postgresql-docs-16-150400.4.15.2.noarch.rpm postgresql-llvmjit-16-150400.4.15.2.noarch.rpm postgresql-llvmjit-devel-16-150400.4.15.2.noarch.rpm postgresql-plperl-16-150400.4.15.2.noarch.rpm postgresql-plpython-16-150400.4.15.2.noarch.rpm postgresql-pltcl-16-150400.4.15.2.noarch.rpm postgresql-server-16-150400.4.15.2.noarch.rpm postgresql-server-devel-16-150400.4.15.2.noarch.rpm postgresql13-pgagent-4.0.0-150400.17.2.1.src.rpm postgresql13-pgagent-4.0.0-150400.17.2.1.x86_64.rpm postgresql14-pgagent-4.0.0-150400.17.2.1.src.rpm postgresql14-pgagent-4.0.0-150400.17.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3479 Recommended update for deltarpm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for deltarpm fixes the following issue: - Version update with support for archive files bigger than 2GByte (bsc#1230547). deltarpm-3.6.5-150000.5.6.3.src.rpm deltarpm-3.6.5-150000.5.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3344 Security update for kubernetes1.25 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.25 fixes the following issues: - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Update go to version 1.22.5 in build requirements. (bsc#1229858) kubernetes1.25-1.25.16-150400.9.16.1.src.rpm kubernetes1.25-client-1.25.16-150400.9.16.1.x86_64.rpm kubernetes1.25-client-common-1.25.16-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3491 Recommended update for xerces-c moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xerces-c fixes the following issues: - Enable gnuiconv transcoder (bsc#1223088) libxerces-c-3_2-3.2.3-150300.3.9.1.x86_64.rpm libxerces-c-devel-3.2.3-150300.3.9.1.x86_64.rpm xerces-c-3.2.3-150300.3.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3330 Recommended update for suseconnect-ng important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229, bsc#1229014) libsuseconnect-1.12.0-150400.3.39.2.x86_64.rpm suseconnect-ng-1.12.0-150400.3.39.2.src.rpm suseconnect-ng-1.12.0-150400.3.39.2.x86_64.rpm suseconnect-ruby-bindings-1.12.0-150400.3.39.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3482 Recommended update for realmd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for realmd fixes the following issues: - Use 'additional dns hostnames' with net ads join; (bsc#1230334). - Use 'dnshostname' with net ads join;(bsc#1230334). realmd-0.16.3-150200.3.9.2.src.rpm realmd-0.16.3-150200.3.9.2.x86_64.rpm realmd-lang-0.16.3-150200.3.9.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3477 Recommended update for curl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). curl-8.0.1-150400.5.53.2.src.rpm curl-8.0.1-150400.5.53.2.x86_64.rpm libcurl-devel-8.0.1-150400.5.53.2.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.53.2.x86_64.rpm libcurl4-8.0.1-150400.5.53.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3486 Feature update for python-looseversion, python-pyzmq, python-msgpack low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-looseversion, python-pyzmq, python-msgpack fixes the following issues: - Add python311-looseversion, python311-pyzmq and python311-msgpack. (jsc#PED-5848) python-looseversion-1.3.0-150400.10.3.1.src.rpm python-msgpack-1.0.7-150400.10.3.1.src.rpm python-pyzmq-25.1.2-150400.12.3.1.src.rpm python311-looseversion-1.3.0-150400.10.3.1.noarch.rpm python311-msgpack-1.0.7-150400.10.3.1.x86_64.rpm python311-pyzmq-25.1.2-150400.12.3.1.x86_64.rpm python311-pyzmq-devel-25.1.2-150400.12.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3418 Security update for python311 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - Update python311 to version 3.11.10. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) - CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) libpython3_11-1_0-3.11.10-150400.9.35.1.x86_64.rpm python311-3.11.10-150400.9.35.1.src.rpm python311-3.11.10-150400.9.35.1.x86_64.rpm python311-base-3.11.10-150400.9.35.1.x86_64.rpm python311-core-3.11.10-150400.9.35.1.src.rpm python311-curses-3.11.10-150400.9.35.1.x86_64.rpm python311-dbm-3.11.10-150400.9.35.1.x86_64.rpm python311-devel-3.11.10-150400.9.35.1.x86_64.rpm python311-doc-3.11.10-150400.9.35.1.x86_64.rpm python311-doc-devhelp-3.11.10-150400.9.35.1.x86_64.rpm python311-documentation-3.11.10-150400.9.35.1.src.rpm python311-idle-3.11.10-150400.9.35.1.x86_64.rpm python311-tk-3.11.10-150400.9.35.1.x86_64.rpm python311-tools-3.11.10-150400.9.35.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3357 Security update for python310 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704) - CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1229596) - CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227) libpython3_10-1_0-3.10.15-150400.4.57.1.x86_64.rpm python310-3.10.15-150400.4.57.1.src.rpm python310-3.10.15-150400.4.57.1.x86_64.rpm python310-base-3.10.15-150400.4.57.1.x86_64.rpm python310-core-3.10.15-150400.4.57.1.src.rpm python310-curses-3.10.15-150400.4.57.1.x86_64.rpm python310-dbm-3.10.15-150400.4.57.1.x86_64.rpm python310-devel-3.10.15-150400.4.57.1.x86_64.rpm python310-idle-3.10.15-150400.4.57.1.x86_64.rpm python310-tk-3.10.15-150400.4.57.1.x86_64.rpm python310-tools-3.10.15-150400.4.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3360 Security update for container-suseconnect important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 container-suseconnect-2.5.0-150000.4.55.1.src.rpm container-suseconnect-2.5.0-150000.4.55.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3489 Recommended update for installation-images important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for installation-images fixes the following issues: - Rebuilding images with newer grub2 installation-images-SLES-16.57.29-150400.3.21.1.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.29-150400.3.21.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3472 Recommended update for libsodium important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsodium fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) libsodium-1.0.18-150000.4.8.1.src.rpm libsodium-devel-1.0.18-150000.4.8.1.x86_64.rpm libsodium23-1.0.18-150000.4.8.1.x86_64.rpm libsodium23-32bit-1.0.18-150000.4.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3487 Recommended update for logrotate moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) logrotate-3.18.1-150400.3.10.1.src.rpm logrotate-3.18.1-150400.3.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3451 Recommended update for pam-config moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) pam-config-1.1-150200.3.9.1.src.rpm pam-config-1.1-150200.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3478 Security update for quagga important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for quagga fixes the following issues: - CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866) - CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438) - CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023) libfpm_pb0-1.1.1-150400.12.8.1.x86_64.rpm libospf0-1.1.1-150400.12.8.1.x86_64.rpm libospfapiclient0-1.1.1-150400.12.8.1.x86_64.rpm libquagga_pb0-1.1.1-150400.12.8.1.x86_64.rpm libzebra1-1.1.1-150400.12.8.1.x86_64.rpm quagga-1.1.1-150400.12.8.1.src.rpm quagga-1.1.1-150400.12.8.1.x86_64.rpm quagga-devel-1.1.1-150400.12.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3458 Security update for kubernetes1.24 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.24 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.24-1.24.17-150400.9.18.1.src.rpm kubernetes1.24-client-1.24.17-150400.9.18.1.x86_64.rpm kubernetes1.24-client-common-1.24.17-150400.9.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3457 Security update for kubernetes1.25 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.25 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.25-1.25.16-150400.9.18.1.src.rpm kubernetes1.25-client-1.25.16-150400.9.18.1.x86_64.rpm kubernetes1.25-client-common-1.25.16-150400.9.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3456 Security update for kubernetes1.26 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.26 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.26-1.26.15-150400.9.16.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.16.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3455 Security update for kubernetes1.27 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.27 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.27-1.27.16-150400.9.12.1.src.rpm kubernetes1.27-client-1.27.16-150400.9.12.1.x86_64.rpm kubernetes1.27-client-common-1.27.16-150400.9.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3454 Security update for kubernetes1.28 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.28 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.28-1.28.13-150400.9.10.1.src.rpm kubernetes1.28-client-1.28.13-150400.9.10.1.x86_64.rpm kubernetes1.28-client-common-1.28.13-150400.9.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3490 Recommended update for perl-XML-LibXSLT moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-XML-LibXSLT fixes the following issues: - testsuite: do not check version of libxslt and libxml2 (bsc#1197798) perl-XML-LibXSLT-1.95-150000.3.3.1.src.rpm perl-XML-LibXSLT-1.95-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3524 Security update for frr important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issue: - Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. (bsc#1230866) frr-7.4-150300.4.32.1.src.rpm frr-7.4-150300.4.32.1.x86_64.rpm frr-devel-7.4-150300.4.32.1.x86_64.rpm libfrr0-7.4-150300.4.32.1.x86_64.rpm libfrr_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrcares0-7.4-150300.4.32.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.32.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.32.1.x86_64.rpm libfrrzmq0-7.4-150300.4.32.1.x86_64.rpm libmlag_pb0-7.4-150300.4.32.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3530 Recommended update for libpcap moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). libpcap-1.10.1-150400.3.6.2.src.rpm libpcap-devel-1.10.1-150400.3.6.2.x86_64.rpm libpcap1-1.10.1-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3539 Recommended update for obs-service-docker_label_helper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for obs-service-docker_label_helper fixes the following issues: - Support Docker.FLAVOR in _multibuild (bsc#1225985). - Handle LABEL statements with any whitespace and LABEL values containing "=" properly. - Do not ever use "%setup -n ." and use "%setup -c" instead, which creates the appropriate %{name}-%{version} directory expected. - Avoid mangling whitespace by using gsub instead of assigning to fields obs-service-docker_label_helper-0.0-150200.5.9.2.noarch.rpm obs-service-docker_label_helper-0.0-150200.5.9.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3525 Security update for openssl-3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) libopenssl-3-devel-3.0.8-150400.4.66.1.x86_64.rpm libopenssl3-3.0.8-150400.4.66.1.x86_64.rpm openssl-3-3.0.8-150400.4.66.1.src.rpm openssl-3-3.0.8-150400.4.66.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3527 Recommended update for e2fsprogs moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). e2fsprogs-1.46.4-150400.3.9.2.src.rpm e2fsprogs-1.46.4-150400.3.9.2.x86_64.rpm e2fsprogs-devel-1.46.4-150400.3.9.2.x86_64.rpm libcom_err-devel-1.46.4-150400.3.9.2.x86_64.rpm libcom_err-devel-static-1.46.4-150400.3.9.2.x86_64.rpm libcom_err2-1.46.4-150400.3.9.2.x86_64.rpm libcom_err2-32bit-1.46.4-150400.3.9.2.x86_64.rpm libext2fs-devel-1.46.4-150400.3.9.2.x86_64.rpm libext2fs-devel-static-1.46.4-150400.3.9.2.x86_64.rpm libext2fs2-1.46.4-150400.3.9.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3519 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979): - CVE-2024-8900: Clipboard write permission bypass - CVE-2024-9392: Compromised content process can bypass site isolation - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects - CVE-2024-9397: Potential directory upload bypass via clickjacking - CVE-2024-9398: External protocol handlers could be enumerated via popups - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service - CVE-2024-9400: Potential memory corruption during JIT compilation - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 MozillaFirefox-128.3.0-150200.152.152.1.src.rpm MozillaFirefox-128.3.0-150200.152.152.1.x86_64.rpm MozillaFirefox-devel-128.3.0-150200.152.152.1.noarch.rpm MozillaFirefox-translations-common-128.3.0-150200.152.152.1.x86_64.rpm MozillaFirefox-translations-other-128.3.0-150200.152.152.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3568 Recommended update for lttng-tools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lttng-tools fixes the following issues: - Fix crash when unregistering UST apps during shutdown (bsc#1230128) liblttng-ctl0-2.12.2-150300.3.6.1.x86_64.rpm lttng-tools-2.12.2-150300.3.6.1.src.rpm lttng-tools-2.12.2-150300.3.6.1.x86_64.rpm lttng-tools-devel-2.12.2-150300.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3531 Recommended update for collectd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for collectd fixes the following issue: - Fixing collectd syntax errors (bsc#1230895) collectd-5.12.0-150400.3.5.2.src.rpm collectd-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-buddyinfo-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-connectivity-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-dbi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ipmi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-java-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-logparser-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-lua-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-mcelog-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-memcachec-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-mysql-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-notify-desktop-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-nut-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-openldap-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ovs-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-pcie-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-pinba-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-postgresql-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-procevent-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-python3-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-smart-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-snmp-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-synproxy-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-sysevent-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ubi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-uptime-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-virt-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_influxdb_udp-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_stackdriver-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_syslog-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugins-all-5.12.0-150400.3.5.2.x86_64.rpm collectd-spamassassin-5.12.0-150400.3.5.2.x86_64.rpm collectd-web-5.12.0-150400.3.5.2.x86_64.rpm collectd-web-js-5.12.0-150400.3.5.2.x86_64.rpm libcollectdclient-devel-5.12.0-150400.3.5.2.x86_64.rpm libcollectdclient1-5.12.0-150400.3.5.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3523 Security update for cups-filters critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issues: - cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocols(bsc#1230939, CVE-2024-47176) cups-filters-1.25.0-150200.3.16.1.src.rpm cups-filters-1.25.0-150200.3.16.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3593 Recommended update for rsyslog moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsyslog fixes the following issue: - fix PreserveFQDN option before daemon is restarted (bsc#1231229) rsyslog-8.2306.0-150400.5.30.2.src.rpm rsyslog-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-gssapi-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-gtls-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-mmnormalize-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-mysql-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-pgsql-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-relp-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-snmp-8.2306.0-150400.5.30.2.x86_64.rpm rsyslog-module-udpspoof-8.2306.0-150400.5.30.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4032 Recommended update for salt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Fix failing x509 tests with OpenSSL < 1.1 - Avoid explicit reading of /etc/salt/minion (bsc#1220357) - Allow NamedLoaderContexts to be returned from loader - Revert the change making reactor less blocking (bsc#1230322) - Use --cachedir for extension_modules in salt-call (bsc#1226141) - Prevent using SyncWrapper with no reason - Fix the SELinux context for Salt Minion service (bsc#1219041) - Set contextvars as a build requirement for package - Increase warn_until_date date for code we still support - The test_debian test now uses port 80 for ubuntu keyserver - Fix too frequent systemd service restart in test_system test - Avoid crash on wrong output of systemctl version (bsc#1229539) - Improve error handling with different OpenSSL versions - Remove redundant run_func from salt.master.MWorker._handle_aes - Fix cloud minion configuration for multiple masters (bsc#1229109) - Use Pygit2 id instead of deprecated oid in gitfs - Fix few failing tests to work with both Salt and Salt bundle - Skip testing unsupported OpenSSL crypto algorithms python3-salt-3006.0-150400.8.69.2.x86_64.rpm True salt-3006.0-150400.8.69.2.src.rpm True salt-3006.0-150400.8.69.2.x86_64.rpm True salt-api-3006.0-150400.8.69.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.69.2.noarch.rpm True salt-cloud-3006.0-150400.8.69.2.x86_64.rpm True salt-doc-3006.0-150400.8.69.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.69.2.noarch.rpm True salt-master-3006.0-150400.8.69.2.x86_64.rpm True salt-minion-3006.0-150400.8.69.2.x86_64.rpm True salt-proxy-3006.0-150400.8.69.2.x86_64.rpm True salt-ssh-3006.0-150400.8.69.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.69.2.x86_64.rpm True salt-syndic-3006.0-150400.8.69.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.69.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.69.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3547 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). The following non-security bugs were fixed: - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - kabi: add __nf_queue_get_refs() for kabi compliance. - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016). kernel-default-5.14.21-150400.24.136.1.nosrc.rpm True kernel-default-5.14.21-150400.24.136.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1.src.rpm True kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.136.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.136.1.noarch.rpm True kernel-docs-5.14.21-150400.24.136.1.noarch.rpm True kernel-docs-5.14.21-150400.24.136.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.136.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.136.1.src.rpm True kernel-obs-build-5.14.21-150400.24.136.1.x86_64.rpm True kernel-source-5.14.21-150400.24.136.1.noarch.rpm True kernel-source-5.14.21-150400.24.136.1.src.rpm True kernel-syms-5.14.21-150400.24.136.1.src.rpm True kernel-syms-5.14.21-150400.24.136.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.136.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3575 Security update for redis important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for redis fixes the following issues: - CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) - CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) redis-6.2.6-150400.3.28.1.src.rpm redis-6.2.6-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3600 Recommended update for python-requests moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-requests fixes the following issue: - Update CVE-2024-35195.patch to allow the usage of "verify" parameter as a directory (bsc#1225912) python-requests-2.31.0-150400.6.15.1.src.rpm python311-requests-2.31.0-150400.6.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3613 Recommended update for clone-master-clean-up moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clone-master-clean-up fixes the following issues: - Minor version update: 1.13. - Solving clone-master-clean-up error on a SLES minimal installation (bsc#1221533). The script died with the error message: "cp: cannot stat 'journald.conf': No such file or directory" - modified fstab from UUID to /dev/sdx. (bsc#1229217). - Introduce two command line parameters: -n, --dont-ask suppresses all requests. -f, --dont-change-fstab Do not swap UUID and label into device name in fstab. Without this parameters it behaves as usual. clone-master-clean-up-1.13-150100.3.26.2.noarch.rpm clone-master-clean-up-1.13-150100.3.26.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3606 Recommended update for icewm-theme-branding moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for icewm-theme-branding fixes the following issue: - The Adwaita theme does not provide much legacy apps icon now, redirect icewm web-browser icon to the right place (bsc#1220034, bsc#1222655). See: - https://gitlab.gnome.org/GNOME/adwaita-icon-theme/-/issues/163 - https://gitlab.gnome.org/GNOME/adwaita-icon-theme/-/merge_requests/34/ icewm-theme-branding-1.2.5-150300.5.6.2.noarch.rpm icewm-theme-branding-1.2.5-150300.5.6.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3892 Recommended update for python-responses moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-responses fixes the following issues: - Fix request count even if max_retries is exceeded (bsc#1228868) python-responses-0.21.0-150300.3.6.1.src.rpm python3-responses-0.21.0-150300.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3614 Security update for MozillaFirefox critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413) - CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344) Also includes the following CVEs from MFSA 2024-47 (bsc#1230979) - CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843) - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301) - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874) - CVE-2024-8900: Clipboard write permission bypass (bmo#1872841) - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471) - CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659) - CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037) - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726) - CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249) - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) MozillaFirefox-128.3.1-150200.152.155.1.src.rpm MozillaFirefox-128.3.1-150200.152.155.1.x86_64.rpm MozillaFirefox-devel-128.3.1-150200.152.155.1.noarch.rpm MozillaFirefox-translations-common-128.3.1-150200.152.155.1.x86_64.rpm MozillaFirefox-translations-other-128.3.1-150200.152.155.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3863 Security update for cups-filters critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issues: - CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294) - CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937). cups-filters-1.25.0-150200.3.19.2.src.rpm cups-filters-1.25.0-150200.3.19.2.x86_64.rpm cups-filters-devel-1.25.0-150200.3.19.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3727 Recommended update for libzypp important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] libzypp-17.35.12-150400.3.93.1.src.rpm True libzypp-17.35.12-150400.3.93.1.x86_64.rpm True libzypp-devel-17.35.12-150400.3.93.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3746 Security update for protobuf important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for protobuf fixes the following issues: - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778) libprotobuf-lite25_1_0-25.1-150400.9.10.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.10.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.10.1.x86_64.rpm protobuf-25.1-150400.9.10.1.src.rpm protobuf-devel-25.1-150400.9.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3897 Recommended update for shadow moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shadow fixes the following issues: - Add useradd warnings when requested UID is outside the default range (bsc#1230972) - Chage -d date vs passwd -S output is off by one (bsc#1228337) login_defs-4.8.1-150400.10.24.1.noarch.rpm shadow-4.8.1-150400.10.24.1.src.rpm shadow-4.8.1-150400.10.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3891 Recommended update for libkdumpfile moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libkdumpfile fixes the following issues: - support for zstd compression (bsc#1231429). - add support for flattened dump files (bsc#1223399). libaddrxlat-devel-0.4.1-150400.3.3.2.x86_64.rpm libaddrxlat2-0.4.1-150400.3.3.2.x86_64.rpm libkdumpfile-0.4.1-150400.3.3.2.src.rpm libkdumpfile-devel-0.4.1-150400.3.3.2.x86_64.rpm libkdumpfile9-0.4.1-150400.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3864 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) apache2-2.4.51-150400.6.37.1.src.rpm apache2-2.4.51-150400.6.37.1.x86_64.rpm apache2-devel-2.4.51-150400.6.37.1.x86_64.rpm apache2-doc-2.4.51-150400.6.37.1.noarch.rpm apache2-prefork-2.4.51-150400.6.37.1.x86_64.rpm apache2-utils-2.4.51-150400.6.37.1.x86_64.rpm apache2-worker-2.4.51-150400.6.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4054 Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428) - Upstream changes and bugs fixed: * Version 2.10: + footnote-body ignores rl-tb writing mode + SVG tspan content is displayed out of place + Added new schema to handle pdf/a and pdfa/ua + Correct fop version at runtime + NoSuchElementException when using font with no family name + Resolve classpath for binary distribution + Switch to spotbugs + Set an automatic module name + Rename packages to avoid conflicts with modules + Resize table only for multicolumn page + Missing jars in servlet + Optimise performance of PNG with alpha using raw loader + basic-link not navigating to corresponding footnote + Added option to sign PDF + Added secure processing for XSL input + Allow sections which need security permissions to be run when AllPermission denied in caller code + Remove unused PDFStructElem + Remove space generated by fo:wrapper + Reset content length for table changing ipd + Added alt text to PDF signature + Allow change of resource level for SVG in AFP + Exclude shape not in clipping path for AFP + Only support 1 column for redo of layout without page pos only + Switch to Jakarta servlet API + NPE when list item is split alongside an ipd change + Added mandatory MODCA triplet to AFP + Redo layout for multipage columns + Added image mask option for AFP + Skip written block ipds inside float + Allow curly braces for src url + Missing content for last page with change ipd + Added warning when different pdf languages are used + Only restart line manager when there is a linebreak for blocklayout * Version 2.9: + Values in PDF Number Trees must be indirect references + Do not delete files on syntax errors using command line + Surrogate pair edge-case causes Exception + Reset character spacing + SVG text containing certain glyphs isn't rendered + Remove duplicate classes from maven classpath + Allow use of page position only on redo of layout + Failure to render multi-block itemBody alongside float + Update to PDFBox 2.0.27 + NPE if link destination is missing with accessibility + Make property cache thread safe + Font size was rounded to 0 for AFP TTF + Cannot process a SVG using mvn jars + Remove serializer jar + Allow creating a PDF 2.0 document + Text missing after page break inside table inline + IllegalArgumentException for list in a table + Table width may be too wide when layout width changes + NPE when using broken link and PDF 1.5 + Allow XMP at PDF page level + Symbol font was not being mapped to unicode + Correct font differences table for Chrome + Link against Java 8 API + Added support for font-selection-strategy=character-by-character + Merge form fields in external PDFs + Fixed test for Java 11 xmlgraphics-batik was updated from version 1.17 to 1.18: - PNG transcoder references nonexistent class - Set offset to 0 if missing in stop tag - Validate throws NPE - Fixed missing arabic characters - Animated rotate tranform ignores y-origin at exactly 270 degrees - Set an automatic module name - Ignore inkscape properties - Switch to spotbugs - Allow source and target resolution configuration xmlgraphics-commons was updated from version 2.8 to 2.10: - Fixed test for Java 11 - Allow XMP at PDF page level - Allow source resolution configuration - Added new schema to handle pdf/a and pdfa/ua - Set an automatic module name - Switch to spotbugs - Do not use a singleton for ImageImplRegistry javapackages-tools was updated from version 6.3.0 to 6.3.4: - Version 6.3.4: * A corner case when which is not present * Remove dependency on which * Simplify after the which -> type -p change * jpackage_script: Remove pointless assignment when %java_home is unset * Don't export JAVA_HOME (bsc#1231347) - Version 6.3.2: * Search for JAVACMD under JAVA_HOME only if it's set * Obsolete set_jvm and set_jvm_dirs functions * Drop unneeded _set_java_home function * Remove JAVA_HOME check from check_java_env function * Bump codecov/codecov-action from 2.0.2 to 4.6.0 * Bump actions/setup-python from 4 to 5 * Bump actions/checkout from 2 to 4 * Added custom dependabot config * Remove the test for JAVA_HOME and error if it is not set * java-functions: Remove unneeded local variables * Fixed build status shield - Version 6.3.1: * Allow missing components with abs2rel * Fixed tests with python 3.4 * Sync spec file from Fedora * Drop default JRE/JDK * Fixed the use of java-functions in scripts * Test that we don't bomb on <relativePath/> * Test variable expansion in artifactId * Interpolate properties also in the current artifact * Rewrite abs2rel in shell * Use asciidoctor instead of asciidoc * Fixed incompatibility with RPM 4.20 * Reproducible exclusions order in maven metadata * Do not bomb on <relativePath/> construct * Make maven_depmap order of aliases reproducible javapackages-filesystem-6.3.4-150200.3.15.1.x86_64.rpm javapackages-gradle-6.3.4-150200.3.15.1.noarch.rpm javapackages-ivy-6.3.4-150200.3.15.1.noarch.rpm javapackages-local-6.3.4-150200.3.15.1.noarch.rpm javapackages-tools-6.3.4-150200.3.15.1.src.rpm javapackages-tools-6.3.4-150200.3.15.1.x86_64.rpm javapackages-tools-extras-6.3.4-150200.3.15.1.src.rpm python3-javapackages-6.3.4-150200.3.15.1.noarch.rpm xmlgraphics-batik-1.18-150200.4.10.2.noarch.rpm xmlgraphics-batik-1.18-150200.4.10.2.src.rpm xmlgraphics-batik-css-1.18-150200.4.10.2.noarch.rpm xmlgraphics-commons-2.10-150200.3.10.2.noarch.rpm xmlgraphics-commons-2.10-150200.3.10.2.src.rpm xmlgraphics-fop-2.10-150200.13.10.1.noarch.rpm xmlgraphics-fop-2.10-150200.13.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3902 Recommended update for shim moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shim fixes the following issues: - Update shim-install to apply the missing fix for openSUSE Leap (bsc#1210382) - Update shim-install to use the 'removable' way for SL-Micro (bsc#1230316) shim-15.8-150300.4.23.1.src.rpm shim-15.8-150300.4.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3865 Recommended update for gcc14 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc14 fixes the following issues: - Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833] gcc14-14.2.0+git10526-150000.1.6.1.src.rpm libasan8-14.2.0+git10526-150000.1.6.1.x86_64.rpm libasan8-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libatomic1-14.2.0+git10526-150000.1.6.1.x86_64.rpm libatomic1-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgcc_s1-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgcc_s1-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgfortran5-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgfortran5-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgomp1-14.2.0+git10526-150000.1.6.1.x86_64.rpm libgomp1-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libhwasan0-14.2.0+git10526-150000.1.6.1.x86_64.rpm libitm1-14.2.0+git10526-150000.1.6.1.x86_64.rpm libitm1-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm liblsan0-14.2.0+git10526-150000.1.6.1.x86_64.rpm libobjc4-14.2.0+git10526-150000.1.6.1.x86_64.rpm libobjc4-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libquadmath0-14.2.0+git10526-150000.1.6.1.x86_64.rpm libquadmath0-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libstdc++6-14.2.0+git10526-150000.1.6.1.x86_64.rpm libstdc++6-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libstdc++6-locale-14.2.0+git10526-150000.1.6.1.x86_64.rpm libstdc++6-pp-14.2.0+git10526-150000.1.6.1.x86_64.rpm libstdc++6-pp-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm libtsan2-14.2.0+git10526-150000.1.6.1.x86_64.rpm libubsan1-14.2.0+git10526-150000.1.6.1.x86_64.rpm libubsan1-32bit-14.2.0+git10526-150000.1.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3866 Security update for xorg-x11-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). xorg-x11-server-1.20.3-150400.38.51.1.src.rpm xorg-x11-server-1.20.3-150400.38.51.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.51.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.51.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3868 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: - Also include the GPG key from the current build project to allow Staging testing without production keys, but only in staging. (bsc#1231829) suse-build-key-12.0-150000.8.55.1.noarch.rpm suse-build-key-12.0-150000.8.55.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3869 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 (bsc#1231039). - CVE-2024-40866 - CVE-2024-44187 Already fixed in version 2.44.3: - CVE-2024-4558 - CVE-2024-27838 - CVE-2024-27851 Already fixed in version 2.44.2: - CVE-2024-27834 - CVE-2024-27808 - CVE-2024-27820 - CVE-2024-27833 Already fixed in version 2.44.1: - CVE-2024-23222 - CVE-2024-23206 - CVE-2024-23213 - CVE-2024-23271 WebKitGTK-4.0-lang-2.46.0-150400.4.91.1.noarch.rpm WebKitGTK-4.1-lang-2.46.0-150400.4.91.1.noarch.rpm WebKitGTK-6.0-lang-2.46.0-150400.4.91.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.46.0-150400.4.91.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.46.0-150400.4.91.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.46.0-150400.4.91.1.x86_64.rpm libwebkit2gtk-4_0-37-2.46.0-150400.4.91.1.x86_64.rpm libwebkit2gtk-4_1-0-2.46.0-150400.4.91.1.x86_64.rpm libwebkitgtk-6_0-4-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.46.0-150400.4.91.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.46.0-150400.4.91.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.46.0-150400.4.91.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.46.0-150400.4.91.1.x86_64.rpm webkit2gtk3-2.46.0-150400.4.91.1.src.rpm webkit2gtk3-devel-2.46.0-150400.4.91.1.x86_64.rpm webkit2gtk3-soup2-2.46.0-150400.4.91.1.src.rpm webkit2gtk3-soup2-devel-2.46.0-150400.4.91.1.x86_64.rpm webkit2gtk4-2.46.0-150400.4.91.1.src.rpm webkitgtk-6_0-injected-bundles-2.46.0-150400.4.91.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3871 Security update for openssl-3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) - CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698) libopenssl-3-devel-3.0.8-150400.4.69.1.x86_64.rpm libopenssl3-3.0.8-150400.4.69.1.x86_64.rpm openssl-3-3.0.8-150400.4.69.1.src.rpm openssl-3-3.0.8-150400.4.69.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3872 Security update for openssl-1_1 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) libopenssl-1_1-devel-1.1.1l-150400.7.75.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.75.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.75.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.75.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.75.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.75.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.75.1.src.rpm openssl-1_1-1.1.1l-150400.7.75.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3909 Recommended update for open-vm-tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-vm-tools fixes the following issues: - convert to obs_scm - Version update 12.5.0 (bsc#1231826). There are no new features in the open-vm-tools 12.5.0 release. This is primarily a maintenance release for updating NetworkManager calls in suspend/resume scripts. libvmtools-devel-12.5.0-150300.55.3.x86_64.rpm libvmtools0-12.5.0-150300.55.3.x86_64.rpm open-vm-tools-12.5.0-150300.55.3.src.rpm open-vm-tools-12.5.0-150300.55.3.x86_64.rpm open-vm-tools-containerinfo-12.5.0-150300.55.3.x86_64.rpm open-vm-tools-desktop-12.5.0-150300.55.3.x86_64.rpm open-vm-tools-salt-minion-12.5.0-150300.55.3.x86_64.rpm open-vm-tools-sdmp-12.5.0-150300.55.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3890 Recommended update for wget moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wget fixes the following issues: - wget incorrectly truncates long filenames (bsc#1231661). - wget dies writing too long filenames (bsc#1204720). wget-1.20.3-150000.3.23.2.src.rpm wget-1.20.3-150000.3.23.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3873 Security update for rubygem-bundler important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rubygem-bundler fixes the following issues: - CVE-2021-43809: Fixed remote execution via Gemfile argument injection (bsc#1193578) ruby2.5-rubygem-bundler-1.16.1-150000.3.6.1.x86_64.rpm rubygem-bundler-1.16.1-150000.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3874 Security update for ruby2.5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ruby2.5 fixes the following issues: - CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673) - CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794) - CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799) - CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390) - CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072) libruby2_5-2_5-2.5.9-150000.4.32.1.x86_64.rpm ruby2.5-2.5.9-150000.4.32.1.src.rpm ruby2.5-2.5.9-150000.4.32.1.x86_64.rpm ruby2.5-devel-2.5.9-150000.4.32.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150000.4.32.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150000.4.32.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3971 Recommended update for mojo-parent moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: * CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684) - Changes and Bugs fixed: * Java 8 is now the minimum requirement * Upgraded to Apache Commons BCEL 6.7.0 * Upgraded to Xerces-J 2.12.2 mojo-parent was updated from version 70 to 82: - Main changes: * Potentially Breaking Changes: + mojo.java.target should be set as "8", without "1." + spotless plugin must be executed by JDK 11 at least + ossrh-snapshots repository was removed from parent * New features and improvements: + Removed SHA-512 checksum for source release artifact + Use only project version as tag for release + Added space before close empty elements in poms by spotless + Using Checkstyle together with Spotless + Introduce spotless for automatic code formatting + Introduce enforcer rule for minimal version of Java and Maven + Use new Plugin Tools report - maven-plugin-report-plugin + Added sisu-maven-plugin + Introduced maven.version property + Execute spotless by JDK 11 at least + Use release options for m-compiler-p with newer JDKs + Allow override of invoker.streamLogsOnFailures + Require Maven 3.9.x at least for releases + Added maven-wrapper-plugin to pluginManagement + Removed ossrh-snapshots repository from MojoHaus parent + Added build-helper-maven-plugin to pluginManagement + Require Maven 3.6.3+ + Updated palantirJavaFormat for spotless - JDK 21 compatible + Added dependencyManagement for maven-shade-plugin + Dropped recommendedJavaBuildVersion property + Format Markdown files with Spotless Plugin * Bugs fixed: + Restore source release distribution in child projects + Rename property maven.version to mavenVersion + minimalMavenBuildVersion should not be overriding by mavenVersion + Use simple checkstyle rules since spotless is executed by default + Use old spotless version only for JDK < 11 + Fixed spotless configuration for markdown - Other changes: * Removed Google search box due to privacy * Put version for mrm-maven-plugin in property * Added streamLogsOnFailures to m-invoker-p * Added property for maven-fluido-skin version * Setup Apache Matomo analytics * Require Maven 3.2.5 * Added SHA-512 hashes * Extract plugin version as variable so child pom can override if needed * Removed issue-tracking as no longer exists * Removed cim report as no longer exists bcel was updated from version 5.2 to 6.10: - Many APIs have been extended - Added riscv64 support - Various bugs were fixed apache-commons-lang3 was updated to version 3.12.0 to 3.16.0: - Included new APIs that are needed by bcel 6.x - Various minor bugs were fixed xerces-j2: - Improved RPM packaging build instructions netty3: - Generate sources with protobuf instead of using pre-generated ones apache-commons-lang3-3.16.0-150200.3.9.2.noarch.rpm apache-commons-lang3-3.16.0-150200.3.9.2.src.rpm bcel-6.10.0-150200.11.6.2.noarch.rpm bcel-6.10.0-150200.11.6.2.src.rpm netty3-3.10.6-150200.3.13.2.noarch.rpm netty3-3.10.6-150200.3.13.2.src.rpm xalan-j2-2.7.3-150200.11.7.1.noarch.rpm xalan-j2-2.7.3-150200.11.7.1.src.rpm xerces-j2-2.12.2-150200.3.10.2.noarch.rpm xerces-j2-2.12.2-150200.3.10.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3941 Security update for ghostscript important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2024-46951: Fixed arbitrary code execution via unchecked "Implementation" pointer in "Pattern" color space (bsc#1232265). - CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution (bsc#1232267). - CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall (bsc#1232270). - CVE-2024-46955: Fixed out of bounds read when reading color in "Indexed" color space (bsc#1232269). ghostscript-9.52-150000.200.1.src.rpm ghostscript-9.52-150000.200.1.x86_64.rpm ghostscript-devel-9.52-150000.200.1.x86_64.rpm ghostscript-x11-9.52-150000.200.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3898 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.4.0 ESR (bsc#1231879): - CVE-2024-10458: Permission leak via embed or object elements - CVE-2024-10459: Use-after-free in layout with accessibility - CVE-2024-10460: Confusing display of origin for external protocol handler prompt - CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response - CVE-2024-10462: Origin of permission prompt could be spoofed by long URL - CVE-2024-10463: Cross origin video frame leak - CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser - CVE-2024-10465: Clipboard "paste" button persisted across tabs - CVE-2024-10466: DOM push subscription message could hang Firefox - CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 MozillaFirefox-128.4.0-150200.152.158.1.src.rpm MozillaFirefox-128.4.0-150200.152.158.1.x86_64.rpm MozillaFirefox-devel-128.4.0-150200.152.158.1.noarch.rpm MozillaFirefox-translations-common-128.4.0-150200.152.158.1.x86_64.rpm MozillaFirefox-translations-other-128.4.0-150200.152.158.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4333 Security update for libaom, libyuv moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libaom, libyuv fixes the following issues: libaom was updated to version 3.7.1: * Bug Fixes: - aomedia:3349: heap overflow when increasing resolution - aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning on aom/av1/encoder/motion_search_facade.c - aomedia:3489: Detect encoder and image high bit depth mismatch - aomedia:3491: heap-buffer-overflow on frame size change - b/303023614: Segfault at encoding time for high bit depth images - New upstream release 3.7.0 - New Features * New codec controls: * AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame. * AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta quantization in all intra mode. The "enable-rate-guide-deltaq" option is added for this control. * AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate distribution used in all intra mode. The "rate-distribution-info" option is added for this control. * AV1E_GET_LUMA_CDEF_STRENGTH * AV1E_SET_BITRATE_ONE_PASS_CBR * AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling. * aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP. The "tune" option is extended to include "vmaf_saliency_map". * SVC example encoder svc_encoder_rtc is able to use the rate control library. * Loopfilter level and CDEF filter level is supported by RTC rate control library. * New speed (--cpu-used) 11, intended for RTC screen sharing, added for faster encoding with ~3% bdrate loss with 16% IC (instruction count) speedup compared to speed 10. - Compression Efficiency Improvements * Improved VoD encoding performance * 0.1-0.6% BDrate gains for encoding speeds 2 to 6 * Rate control accuracy improvement in VBR mode * RTC encoding improvements * Screen content mode: 10-19% BDrate gains for speeds 6 - 10 * Temporal layers video mode, for speed 10: * 2 temporal layers on low resolutions: 13-15% BDrate gain * 3 temporal layers on VGA/HD: 3-4% BDrate gain - Perceptual Quality Improvements * Fixed multiple block and color artifacts for RTC screen content by * Incorporating color into RD cost for IDTX * Reducing thresholds for palette mode in non RD mode * Allowing more palette mode testing * Improved color sensitivity for altref in non-RD mode. * Reduced video flickering for temporal layer encoding. - Speedup and Memory Optimizations * Speed up the VoD encoder * 2-5% for encoding speed 2 to 4 * 9-15% for encoding speed 5 to 6 * ARM * Standard bitdepth * speed 5: +31% * speed 4: +2% * speed 3: +9% * speed 2: +157% * High bitdepth * speed 5: +85% * RTC speedups * Screen content mode * 15% IC speedup for speeds 6-8 * ARM: 7% for speed 9, 3% for speed 10 * Temporal layers video mode * 7% speedup for 3 temporal layers on VGA/HD, for speed 10 * Single layer video * x86: 2% IC speedup for speeds 7-10 * ARM: 2-4% speedup across speeds 5-10 - Bug Fixes * aomedia:3261 Assertion failed when encoding av1 with film grain and '--monochrome' flag * aomedia:3276 ensure all allocations are checked (partial fix) * aomedia:3451 The libaom library calls exit() * aomedia:3450 enable -Wshadow for C++ sources * aomedia:3449 Test Seg Faults After b459af3e345be402db052a143fcc5383d4b74cbd * aomedia:3416 prune unused symbols / restrict symbol visibility * aomedia:3443 Jenkins failure: UninstantiatedParameterizedTestSuite<EstimateNoiseTest> * aomedia:3434 realtime failures with CONFIG_BITSTREAM_DEBUG=1 * aomedia:3433 DeltaqModeTest crash w/row_mt=0 * aomedia:3429 Encoder crash when turn on both ExternalResize and g_threads > 2 * aomedia:3438 Build failure with `-DSANITIZE=address -DBUILD_SHARED_LIBS=ON` when using clang. * aomedia:3435 Block artifacts when scrolling with AV1 in screen sharing scenarios * aomedia:3170 vmaf tune presets produce extreme glitches in one scene * aomedia:3401 Building shared libaom with MSVC results in a race condition with the export library * aomedia:3420 Floating point exception in av1_tpl_get_frame_importance() * aomedia:3424 heap-buffer-overflow in ScaleFilterCols_16_C() (SIGABRT) * aomedia:3417 examples/svc_encoder_rtc.c is using internal macros and functions * aomedia:3372 SEGV in assign_frame_buffer_p av1_common_int.h * aomedia:3130 'cpu-features.h' file not found on Android NDK 22 * aomedia:3415 Encoder/decoder mismatch for svc_encoder_rtc running 1 SL 3 TL * aomedia:3412 Lossless Mode Fails Loopback Bit Test * aomedia:3409 The use of AV1_VAR_OFFS in av1/encoder/var_based_part.c is incorrect for high bit depths * aomedia:3403 test_libaom fails with error message "feenableexcept() failed" on Linux arm * aomedia:3370 Random color block at fast motion area * aomedia:3393 Assertion failure in av1_convolve_2d_sr_c() * aomedia:3392 Strong artifacting for high bit-depth real-time * aomedia:3376 aomenc --threads=10 --deltaq-mode=3 crashes after "Allintra: multi-threading of calculating differential contrast" * aomedia:3380 Crashes and ASan and TSan errors in deltaq-mode=3 multithreading code * chromium:1410766 heap-buffer-overflow in aom_yv12_copy_v_c * Cannot set level via AV1E_SET_TARGET_SEQ_LEVEL_IDX * Encoding failure due to the use of loop restoration with unintended use of lossless mode. * Signed integer overflow in scan_past_frames * Signed integer overflow in update_a_sep_sym * Flickering in AV1 1440p/2160p HDR transcodes * Fixed artifacts with screen share at encoder speed 10 * Fixed prediction setup for IDTX - Update to version 3.6.1: * aomedia:2871: Guard the support of the 7.x and 8.x levels for AV1 under the CONFIG_CWG_C013 config flag, and only output the 7.x and 8.x levels when explicitly requested. * aomedia:3382: Choose sb_size by ppi instead of svc. * aomedia:3384: Fix fullpel search limits. * aomedia:3388: Replace left shift of xq_active by multiplication. * aomedia:3389: Fix MV clamping in av1_mv_pred. * aomedia:3390: set_ld_layer_depth: cap max_layer_depth to MAX_ARF_LAYERS. * aomedia:3418: Fix MV clamping in av1_int_pro_motion_estimation. * aomedia:3429: Move lpf thread data init to lpf_pipeline_mt_init(). * b:266719111: Fix undefined behavior in Arm Neon code. * b:269840681: nonrd_opt: align scan tables. * rtc: Fix is_key_frame setting in variance partition. * Build: Fix build with clang-cl and Visual Studio. - Update to version 3.6.0: * This release includes compression efficiency and perceptual quality improvements, speedup and memory optimizations, and some new features. This release is ABI compatible with the last release. * New Features: - New values 20-27 (corresponding to levels 7.0-7.3 and 8.0-8.3) for the encoder control AV1E_SET_TARGET_SEQ_LEVEL_IDX (note that the proposal to add the new levels are still in draft status). The original special value 24 (keep level stats only for level monitoring) is renumbered as 32. - New encoder control AV1E_SET_SKIP_POSTPROC_FILTERING to skip the application of post-processing filters on reconstructed frame in all intra mode. - New encoder option "kf-max-pyr-height": Maximum height of pyramid structure used for the GOP starting with a key frame (-1 to 5). - Make SVC work for screen content. - Rate control improvements to reduce frame-size spikes for screen content coding. - RISC-V architecture support with gcc toolchain. * Compression Efficiency Improvements: - Peak compression efficiency in VOD setting is improved by 1%. - 0.7% - 2.2% RTC encoding BDrate gains for real time speed 8 to 10. - 15% RTC encoding BDrate gains for screen content speed 10. * Perceptual Quality Improvements: - Resolved a visual quality issue that was reported for high resolution clips (2K) for speed 4 and above in VOD use case. - Visual quality improvements to screen content coding. - Quality improvements to temporal layer RTC coding. * Speedup and Memory Optimizations: - RTC single-thread encoder speedup: . ~6% instruction count reduction for speed 5 and 6. . ~15% instruction count reduction for speed 7. . ~10% instruction count reduction for speed 8 to 10 (>=360p resolutions). - RTC multi-thread encoder speedup (beyond single-thread speedup): . 5-8% encode time reduction for speed 7 to 10. - RTC screen-content encoder speedup: . 11% instruction count reduction for speed 9 and 10 (>=720p resolutions). - ~5% reduction in heap memory requirements for RTC, speed 6 to 10. * AVIF: . 4-5% speedup for speed 9 in still-picture encoding mode. . 3-4% heap memory reduction in still-picture encoding mode for 360p-720p resolutions with multiple threads. * Bug Fixes: - Added a workaround for an AV1 specification bug which makes TRANSLATION type global motion models unusable. - Fixed AddressSanitizer global-buffer-overflow errors in av1/encoder/arm/neon/av1_fwd_txfm2d_neon.c. - Fixed AddressSanitizer heap-buffer-overflow error in av1_wiener_convolve_add_src_neon(). - chromium:1393384 Avoid scene detection on spatial resize. - aomedia:3308 Remove color artifacts under high motion. - aomedia:3310 Avoid out of memory failures with Visual Studio 2017, 2019, and 2022 for Win32 x86 builds. - aomedia:3346 Make SVC work properly for screen content. - aomedia:3348 Fix a bug where an uninitialized search_site is used. - aomedia:3365 Work around what seems like a Visual Studio 2022 compiler optimization bug. - aomedia:3369 Incorrect PSNR values reported by libaom for 12-bit encode. - Update to version 3.5.0: * This release is ABI compatible with the last one, including speedup and memory optimizations, and new APIs and features. * New Features - Support for frame parallel encode for larger number of threads. --fp-mt flag is available for all build configurations. - New codec control AV1E_GET_NUM_OPERATING_POINTS * Speedup and Memory Optimizations - Speed-up multithreaded encoding for good quality mode for larger number of threads through frame parallel encoding: . 30-34% encode time reduction for 1080p, 16 threads, 1x1 tile configuration (tile_rows x tile_columns) . 18-28% encode time reduction for 1080p, 16 threads, 2x4 tile configuration . 18-20% encode time reduction for 2160p, 32 threads, 2x4 tile configuration - 16-20% speed-up for speed=6 to 8 in still-picture encoding mode - 5-6% heap memory reduction for speed=6 to 10 in real-time encoding mode - Improvements to the speed for speed=7, 8 in real-time encoding mode - Improvements to the speed for speed=9, 10 in real-time screen encoding mode - Optimizations to improve multi-thread efficiency in real-time encoding mode - 10-15% speed up for SVC with temporal layers - SIMD optimizations: . Improve av1_quantize_fp_32x32_neon() 1.05x to 1.24x faster . Add aom_highbd_quantize_b{,_32x32,_64x64}_adaptive_neon() 3.15x to 5.6x faster than "C" . Improve av1_quantize_fp_64x64_neon() 1.17x to 1.66x faster . Add aom_quantize_b_avx2() 1.4x to 1.7x faster than aom_quantize_b_avx() . Add aom_quantize_b_32x32_avx2() 1.4x to 2.3x faster than aom_quantize_b_32x32_avx() . Add aom_quantize_b_64x64_avx2() 2.0x to 2.4x faster than aom_quantize_b_64x64_ssse3() . Add aom_highbd_quantize_b_32x32_avx2() 9.0x to 10.5x faster than aom_highbd_quantize_b_32x32_c() . Add aom_highbd_quantize_b_64x64_avx2() 7.3x to 9.7x faster than aom_highbd_quantize_b_64x64_c() . Improve aom_highbd_quantize_b_avx2() 1.07x to 1.20x faster . Improve av1_quantize_fp_avx2() 1.13x to 1.49x faster . Improve av1_quantize_fp_32x32_avx2() 1.07x to 1.54x faster . Improve av1_quantize_fp_64x64_avx2() 1.03x to 1.25x faster . Improve av1_quantize_lp_avx2() 1.07x to 1.16x faster * Bug fixes including but not limited to - aomedia:3206 Assert that skip_width > 0 for deconvolve function - aomedia:3278 row_mt enc: Delay top-right sync when intraBC is enabled - aomedia:3282 blend_a64_*_neon: fix bus error in armv7 - aomedia:3283 FRAME_PARALLEL: Propagate border size to all cpis - aomedia:3283 RESIZE_MODE: Fix incorrect strides being used for motion search - aomedia:3286 rtc-svc: Fix to dynamic_enable spatial layers - aomedia:3289 rtc-screen: Fix to skipping inter-mode test in nonrd - aomedia:3289 rtc-screen: Fix for skip newmv on flat blocks - aomedia:3299 Fix build failure with CONFIG_TUNE_VMAF=1 - aomedia:3296 Fix the conflict --enable-tx-size-search=0 with nonrd mode --enable-tx-size-search will be ignored in non-rd pick mode - aomedia:3304 Fix off-by-one error of max w/h in validate_config - aomedia:3306 Do not use pthread_setname_np on GNU/Hurd - aomedia:3325 row-multithreading produces invalid bitstream in some cases - chromium:1346938, chromium:1338114 - compiler_flags.cmake: fix flag detection w/cmake 3.17-3.18.2 - tools/*.py: update to python3 - aom_configure.cmake: detect PIE and set CONFIG_PIC - test/simd_cmp_impl: use explicit types w/CompareSimd* - rtc: Fix to disable segm for aq-mode=3 - rtc: Fix to color_sensitivity in variance partition - rtc-screen: Fix bsize in model rd computation for intra chroma - Fixes to ensure the correct behavior of the encoder algorithms (like segmentation, computation of statistics, etc.) - Update to version 3.4.0: * This release includes compression efficiency and perceptual quality improvements, speedup and memory optimizations, and some new features. There are no ABI or API breaking changes in this release. * New Features: - New --dist-metric flag with "qm-psnr" value to use quantization matrices in the distortion computation for RD search. The default value is "psnr". - New command line option "--auto-intra-tools-off=1" to make all-intra encoding faster for high bit rate under "--deltaq-mode=3" mode. - New rate control library aom_av1_rc for real-time hardware encoders. Supports CBR for both one spatial layer and SVC. - New image format AOM_IMG_FMT_NV12 can be used as input to the encoder. The presence of AOM_IMG_FMT_NV12 can be detected at compile time by checking if the macro AOM_HAVE_IMG_FMT_NV12 is defined. - New codec controls for the encoder: o AV1E_SET_AUTO_INTRA_TOOLS_OFF. Only in effect if --deltaq-mode=3. o AV1E_SET_RTC_EXTERNAL_RC o AV1E_SET_FP_MT. Only supported if libaom is built with -DCONFIG_FRAME_PARALLEL_ENCODE=1. o AV1E_GET_TARGET_SEQ_LEVEL_IDX - New key-value pairs for the key-value API: o --auto-intra-tools-off=0 (default) or 1. Only in effect if --deltaq-mode=3. o --strict-level-conformance=0 (default) or 1 o --fp-mt=0 (default) or 1. Only supported if libaom is built with -DCONFIG_FRAME_PARALLEL_ENCODE=1. - New aomenc options (not supported by the key-value API): o --nv12 * Compression Efficiency Improvements: - Correctly calculate SSE for high bitdepth in skip mode, 0.2% to 0.6% coding gain. - RTC at speed 9/10: BD-rate gain of ~4/5% - RTC screen content coding: many improvements for real-time screen at speed 10 (quality, speedup, and rate control), up to high resolutions (1080p). - RTC-SVC: fixes to make intra-only frames work for spatial layers. - RTC-SVC: quality improvements for temporal layers. - AV1 RT: A new passive rate control strategy for screen content, an average of 7.5% coding gain, with some clips of 20+%. The feature is turned off by default due to higher bit rate variation. * Perceptual Quality Improvements: - RTC: Visual quality improvements for high speeds (9/10) - Improvements in coding quality for all intra mode * Speedup and Memory Optimizations: - ~10% speedup in good quality mode encoding. - ~7% heap memory reduction in good quality encoding mode for speed 5 and 6. - Ongoing improvements to intra-frame encoding performance on Arm - Faster encoding speed for "--deltaq-mode=3" mode. - ~10% speedup for speed 5/6, ~15% speedup for speed 7/8, and ~10% speedup for speed 9/10 in real time encoding mode - ~20% heap memory reduction in still-picture encoding mode for 360p-720p resolutions with multiple threads - ~13% speedup for speed 6 and ~12% speedup for speed 9 in still-picture encoding mode. - Optimizations to improve multi-thread efficiency for still-picture encoding mode. * Bug Fixes: - b/204460717: README.md: replace master with main - b/210677928: libaom disable_order is surprising for max_reference_frames=3 - b/222461449: -DCONFIG_TUNE_BUTTERAUGLI=1 broken - b/227207606: write_greyscale writes incorrect chroma in highbd mode - b/229955363: Integer-overflow in linsolve_wiener Update to version 3.3.0: * This release includes compression efficiency and perceptual quality improvements, speedup and memory optimizations, some new features, and several bug fixes. * New Features - AV1 RT: Introducing CDEF search level 5 - Changed real time speed 4 to behave the same as real time speed 5 - Add --deltaq-strength - rtc: Allow scene-change and overshoot detection for svc - rtc: Intra-only frame for svc - AV1 RT: Option 2 for codec control AV1E_SET_ENABLE_CDEF to disable CDEF on non-ref frames - New codec controls AV1E_SET_LOOPFILTER_CONTROL and AOME_GET_LOOPFILTER_LEVEL - Improvements to three pass encoding * Compression Efficiency Improvements: Overall compression gains: 0.6% * Perceptual Quality Improvements - Improves the perceptual quality of high QP encoding for delta-q mode 4 - Auto select noise synthesis level for all intra * Speedup and Memory Optimizations - Added many SSE2 optimizations. - Good quality 2-pass encoder speedups: o Speed 2: 9% o Speed 3: 12.5% o Speed 4: 8% o Speed 5: 3% o Speed 6: 4% - Real time mode encoder speedups: o Speed 5: 2.6% BDRate gain, 4% speedup o Speed 6: 3.5% BDRate gain, 4% speedup o Speed 9: 1% BDRate gain, 3% speedup o Speed 10: 3% BDRate gain, neutral speedup - All intra encoding speedups (AVIF): o Single thread - speed 6: 8% o Single thread - speed 9: 15% o Multi thread(8) - speed 6: 14% o Multi thread(8) - speed 9: 34% * Bug Fixes - Issue 3163: Segmentation fault when using --enable-keyframe-filtering=2 - Issue 2436: Integer overflow in av1_warp_affine_c() - Issue 3226: armv7 build failure due to gcc-11 - Issue 3195: Bug report on libaom (AddressSanitizer: heap-buffer-overflow) - Issue 3191: Bug report on libaom (AddressSanitizer: SEGV on unknown address) - Drop libaom-devel Requires from libaom-devel-doc sub-package: We do not need the devel package to be able to read the devel documentation. libyuv was added new in version 20230517+a377993. aom-tools-3.7.1-150400.3.9.1.x86_64.rpm libaom-3.7.1-150400.3.9.1.src.rpm libaom-devel-3.7.1-150400.3.9.1.x86_64.rpm libaom-devel-doc-3.7.1-150400.3.9.1.noarch.rpm libaom-devel-doc-3.7.1-150400.3.9.1.src.rpm libaom3-3.7.1-150400.3.9.1.x86_64.rpm libyuv-20230517+a377993-150400.9.3.1.src.rpm libyuv-devel-20230517+a377993-150400.9.3.1.x86_64.rpm libyuv-tools-20230517+a377993-150400.9.3.1.x86_64.rpm libyuv0-20230517+a377993-150400.9.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4055 Recommended update for Jackson moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Jackson fixes the following issues: jackson-annotations was updated from version 2.16.1 to 2.17.3: - Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for use on constructor parameters) - Build the module-info.java source too (with release=9) jackson-bom was updated from version 2.16.1 to 2.17.3: - Added `jackson-jr-extension-javatime` - Added managed dependency to JUnit5 - Removed unused JUnit5 dependency jackson-core, jackson-databind, jackson-dataformats-binary were updated from version 2.16.1 to 2.17.3: - Various minor bugs have been fixed jackson-modules-base was updated from version 2.16.1 to 2.17.3: - Version update with no changes jackson-parent was updated from version 2.16 to 2.17: - Update to oss-parent 58 (plugin version updates) jackson-annotations-2.17.3-150200.3.19.1.noarch.rpm jackson-annotations-2.17.3-150200.3.19.1.src.rpm jackson-core-2.17.3-150200.3.19.1.noarch.rpm jackson-core-2.17.3-150200.3.19.1.src.rpm jackson-databind-2.17.3-150200.3.23.1.noarch.rpm jackson-databind-2.17.3-150200.3.23.1.src.rpm jackson-dataformat-cbor-2.17.3-150200.3.18.1.noarch.rpm jackson-dataformats-binary-2.17.3-150200.3.18.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3875 Security update for java-11-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 (October 2024 CPU): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702) - CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719) java-11-openjdk-11.0.25.0-150000.3.119.1.src.rpm java-11-openjdk-11.0.25.0-150000.3.119.1.x86_64.rpm java-11-openjdk-demo-11.0.25.0-150000.3.119.1.x86_64.rpm java-11-openjdk-devel-11.0.25.0-150000.3.119.1.x86_64.rpm java-11-openjdk-headless-11.0.25.0-150000.3.119.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3906 Recommended update for numatop moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for numatop fixes the following issues: - numatop fix for building with recent gcc - Support for Power11 processors (jsc#PED-9887, jsc#PED-10899) numatop-2.4-150100.3.12.2.src.rpm numatop-2.4-150100.3.12.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3930 Recommended update for wicked important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Update to version 0.6.77 - compat-suse: use iftype in sysctl handling (bsc#1230911) - Always generate the ipv4/ipv6 <enabled>true|false</enabled> node - Inherit all, default and interface sysctl settings also for loopback, except for use_tempaddr and accept_dad - Consider only interface specific accept_redirects sysctl settings - Adopt ifsysctl(5) manual page with wicked specific behavior - route: fix family and destination processing (bsc#1231060) - man: improve wicked-config(5) file description - dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option - team: set arp link watcher interval default to 1s - systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745) - compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (bsc#1229555) - arp: don't set target broadcast hardware address - dbus: don't memcpy empty/NULL array value - ethtool: fix leak and free pause data in ethtool_free wicked-0.6.77-150400.3.36.1.src.rpm wicked-0.6.77-150400.3.36.1.x86_64.rpm wicked-service-0.6.77-150400.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3900 Recommended update for protobuf moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for protobuf fixes the following issues: - Build the java part with maven, so that we create artifacts that correspond to upstream distributed ones. - Add maven artifact metadata to the protoc binary - Package also the bom and pom artifacts libprotobuf-lite25_1_0-25.1-150400.9.13.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.13.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.13.1.x86_64.rpm protobuf-25.1-150400.9.13.1.src.rpm protobuf-devel-25.1-150400.9.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3926 Security update for curl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) curl-8.0.1-150400.5.56.1.src.rpm curl-8.0.1-150400.5.56.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.56.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.56.1.x86_64.rpm libcurl4-8.0.1-150400.5.56.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3876 Security update for python-waitress important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-waitress fixes the following issues: - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled (bsc#1232556) - CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhaustion (bsc#1232554) python-waitress-2.1.2-150400.12.7.1.src.rpm python-waitress-doc-2.1.2-150400.12.7.1.src.rpm python311-waitress-2.1.2-150400.12.7.1.noarch.rpm python311-waitress-doc-2.1.2-150400.12.7.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3922 Security update for libgsf important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libgsf fixes the following issues: - CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282, bsc#1231283). libgsf-1-114-1.14.50-150400.3.6.1.x86_64.rpm libgsf-1.14.50-150400.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3963 Security update for java-17-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: - Update to upstream tag jdk-17.0.13+11 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-7026262: HttpServer: improve handling of finished HTTP exchanges + JDK-7124313: [macosx] Swing Popups should overlap taskbar + JDK-8005885: enhance PrintCodeCache to print more data + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8183227: read/write APIs in class os shall return ssize_t + JDK-8193547: Regression automated test '/open/test/jdk/java/ /awt/Toolkit/DesktopProperties/rfe4758438.java' fails + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8233725: ProcessTools.startProcess() has output issues when using an OutputAnalyzer at the same time + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to "BindException: Address already in use" + JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/ /FilenameFilterTest.java fails on Mac OS + JDK-8256291: RunThese30M fails "assert(_class_unload ? true : ((((JfrTraceIdBits::load(class_loader_klass)) & ((1 << 4) << 8)) != 0))) failed: invariant" + JDK-8257540: javax/swing/JFileChooser/8041694/bug8041694.java failed with "RuntimeException: The selected directory name is not the expected 'd ' but 'D '." + JDK-8259866: two java.util tests failed with "IOException: There is not enough space on the disk" + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8263031: HttpClient throws Exception if it receives a Push Promise that is too large + JDK-8265919: RunThese30M fails "assert((!(((((JfrTraceIdBits::load(value)) & ((1 << 4) << 8)) != 0))))) failed: invariant" + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8272232: javax/swing/JTable/4275046/bug4275046.java failed with "Expected value in the cell: 'rededited' but found 'redEDITED'." + JDK-8272558: IR Test Framework README misses some flags + JDK-8272777: Clean up remaining AccessController warnings in test library + JDK-8273216: JCMD does not work across container boundaries with Podman + JDK-8273430: Suspicious duplicate condition in java.util.regex.Grapheme#isExcludedSpacingMark + JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2 + JDK-8275851: Deproblemlist open/test/jdk/javax/swing/ /JComponent/6683775/bug6683775.java + JDK-8276660: Scalability bottleneck in java.security.Provider.getService() + JDK-8277042: add test for 8276036 to compiler/codecache + JDK-8279068: IGV: Update to work with JDK 16 and 17 + JDK-8279164: Disable TLS_ECDH_* cipher suites + JDK-8279222: Incorrect legacyMap.get in java.security.Provider after JDK-8276660 + JDK-8279337: The MToolkit is still referenced in a few places + JDK-8279641: Create manual JTReg tests for Swing accessibility + JDK-8279878: java/awt/font/JNICheck/JNICheck.sh test fails on Ubuntu 21.10 + JDK-8280034: ProblemList jdk/jfr/api/consumer/recordingstream/ /TestOnEvent.java on linux-x64 + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with "RuntimeException: Test failed." + JDK-8280970: Cleanup dead code in java.security.Provider + JDK-8280982: [Wayland] [XWayland] java.awt.Robot taking screenshots + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8280993: [XWayland] Popup is not closed on click outside of area controlled by XWayland + JDK-8280994: [XWayland] Drag and Drop does not work in java -> wayland app direction + JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS + JDK-8282354: Remove dependancy of TestHttpServer, HttpTransaction, HttpCallback from open/test/jdk/ tests + JDK-8282526: Default icon is not painted properly + JDK-8283728: jdk.hotspot.agent: Wrong location for RISCV64ThreadContext.java + JDK-8284316: Support accessibility ManualTestFrame.java for non SwingSet tests + JDK-8284585: PushPromiseContinuation test fails intermittently in timeout + JDK-8285497: Add system property for Java SE specification maintenance version + JDK-8288568: Reduce runtime of java.security microbenchmarks + JDK-8289182: NMT: MemTracker::baseline should return void + JDK-8290966: G1: Record number of PLAB filled and number of direct allocations + JDK-8291760: PipelineLeaksFD.java still fails: More or fewer pipes than expected + JDK-8292044: HttpClient doesn't handle 102 or 103 properly + JDK-8292739: Invalid legacy entries may be returned by Provider.getServices() call + JDK-8292948: JEditorPane ignores font-size styles in external linked css-file + JDK-8293862: javax/swing/JFileChooser/8046391/bug8046391.java failed with 'Cannot invoke "java.awt.Image.getWidth(java.awt.image.ImageObserver)" because "retVal" is null' + JDK-8293872: Make runtime/Thread/ThreadCountLimit.java more robust + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8294691: dynamicArchive/RelativePath.java is running other test case + JDK-8294994: Update Jarsigner and Keytool i18n tests to validate i18n compliance + JDK-8295111: dpkg appears to have problems resolving symbolically linked native libraries + JDK-8296410: HttpClient throws java.io.IOException: no statuscode in response for HTTP2 + JDK-8296812: sprintf is deprecated in Xcode 14 + JDK-8297878: KEM: Implementation + JDK-8298381: Improve handling of session tickets for multiple SSLContexts + JDK-8298596: vmTestbase/nsk/sysdict/vm/stress/chain/chain008/ /chain008.java fails with "NoClassDefFoundError: Could not initialize class java.util.concurrent.ThreadLocalRandom" + JDK-8298809: Clean up vm/compiler/InterfaceCalls JMH + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299254: Support dealing with standard assert macro + JDK-8299378: sprintf is deprecated in Xcode 14 + JDK-8299395: Remove metaprogramming/removeCV.hpp + JDK-8299396: Remove metaprogramming/removeExtent.hpp + JDK-8299397: Remove metaprogramming/isFloatingPoint.hpp + JDK-8299398: Remove metaprogramming/isConst.hpp + JDK-8299399: Remove metaprogramming/isArray.hpp + JDK-8299402: Remove metaprogramming/isVolatile.hpp + JDK-8299479: Remove metaprogramming/decay.hpp + JDK-8299481: Remove metaprogramming/removePointer.hpp + JDK-8299482: Remove metaprogramming/isIntegral.hpp + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299635: Hotspot update for deprecated sprintf in Xcode 14 + JDK-8299779: Test tools/jpackage/share/jdk/jpackage/tests/ /MainClassTest.java timed out + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8299971: Remove metaprogramming/conditional.hpp + JDK-8299972: Remove metaprogramming/removeReference.hpp + JDK-8300169: Build failure with clang-15 + JDK-8300260: Remove metaprogramming/isSame.hpp + JDK-8300264: Remove metaprogramming/isPointer.hpp + JDK-8300265: Remove metaprogramming/isSigned.hpp + JDK-8300806: Update googletest to v1.13.0 + JDK-8300910: Remove metaprogramming/integralConstant.hpp + JDK-8301132: Test update for deprecated sprintf in Xcode 14 + JDK-8301200: Don't scale timeout stress with timeout factor + JDK-8301274: update for deprecated sprintf for security components + JDK-8301279: update for deprecated sprintf for management components + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8301704: Shorten the number of GCs in UnloadingTest.java to verify a class loader not being unloaded + JDK-8302495: update for deprecated sprintf for java.desktop + JDK-8302800: Augment NaN handling tests of FDLIBM methods + JDK-8303216: Prefer ArrayList to LinkedList in sun.net.httpserver.ServerImpl + JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + JDK-8303527: update for deprecated sprintf for jdk.hotspot.agent + JDK-8303617: update for deprecated sprintf for jdk.jdwp.agent + JDK-8303830: update for deprecated sprintf for jdk.accessibility + JDK-8303891: Speed up Zip64SizeTest using a small ZIP64 file + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8303942: os::write should write completely + JDK-8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields + JDK-8304375: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with "Expected at least some events to be out of order! Reuse = false" + JDK-8304962: sun/net/www/http/KeepAliveCache/B5045306.java: java.lang.RuntimeException: Failed: Initial Keep Alive Connection is not being reused + JDK-8304963: HttpServer closes connection after processing HEAD after JDK-7026262 + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305079: Remove finalize() from compiler/c2/Test719030 + JDK-8305081: Remove finalize() from test/hotspot/jtreg/compiler/runtime/Test8168712 + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8305959: x86: Improve itable_stub + JDK-8306583: Add JVM crash check in CDSTestUtils.executeAndLog + JDK-8306929: Avoid CleanClassLoaderDataMetaspaces safepoints when previous versions are shared + JDK-8306946: jdk/test/lib/process/ /ProcessToolsStartProcessTest.java fails with "wrong number of lines in OutputAnalyzer output" + JDK-8307091: A few client tests intermittently throw ConcurrentModificationException + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307448: Test RedefineSharedClassJFR fail due to wrong assumption + JDK-8307779: Relax the java.awt.Robot specification + JDK-8307848: update for deprecated sprintf for jdk.attach + JDK-8307850: update for deprecated sprintf for jdk.jdi + JDK-8308022: update for deprecated sprintf for java.base + JDK-8308144: Uncontrolled memory consumption in SSLFlowDelegate.Reader + JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError + JDK-8308801: update for deprecated sprintf for libnet in java.base + JDK-8308891: TestCDSVMCrash.java needs @requires vm.cds + JDK-8309241: ClassForNameLeak fails intermittently as the class loader hasn't been unloaded + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309703: AIX build fails after JDK-8280982 + JDK-8309756: Occasional crashes with pipewire screen capture on Wayland + JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg + JDK-8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out + JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when EnableJVMCI is specified + JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + JDK-8310334: [XWayland][Screencast] screen capture error message in debug + JDK-8310628: GcInfoBuilder.c missing JNI Exception checks + JDK-8310683: Refactor StandardCharset/standard.java to use JUnit + JDK-8311208: Improve CDS Support + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + JDK-8312229: Crash involving yield, switch and anonymous classes + JDK-8313256: Exclude failing multicast tests on AIX + JDK-8313394: Array Elements in OldObjectSample event has the incorrect description + JDK-8313674: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java should test for more block devices + JDK-8313697: [XWayland][Screencast] consequent getPixelColor calls are slow + JDK-8313873: java/nio/channels/DatagramChannel/ /SendReceiveMaxSize.java fails on AIX due to small default RCVBUF size and different IPv6 Header interpretation + JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/ /CodeCacheFullCountTest.java fails with java.lang.VirtualMachineError + JDK-8314476: TestJstatdPortAndServer.java failed with "java.rmi.NoSuchObjectException: no such object in table" + JDK-8314614: jdk/jshell/ImportTest.java failed with "InternalError: Failed remote listen" + JDK-8314837: 5 compiled/codecache tests ignore VM flags + JDK-8315024: Vector API FP reduction tests should not test for exact equality + JDK-8315362: NMT: summary diff reports threads count incorrectly + JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + JDK-8315437: Enable parallelism in vmTestbase/nsk/monitoring/stress/classload tests + JDK-8315442: Enable parallelism in vmTestbase/nsk/monitoring/stress/thread tests + JDK-8315559: Delay TempSymbol cleanup to avoid symbol table churn + JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java fails after JDK-8314837 + JDK-8315651: Stop hiding AIX specific multicast socket errors via NetworkConfiguration (aix) + JDK-8315684: Parallelize sun/security/util/math/TestIntegerModuloP.java + JDK-8315774: Enable parallelism in vmTestbase/gc/g1/unloading tests + JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test + JDK-8315965: Open source various AWT applet tests + JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + JDK-8316211: Open source several manual applet tests + JDK-8316240: Open source several add/remove MenuBar manual tests + JDK-8316285: Opensource JButton manual tests + JDK-8316306: Open source and convert manual Swing test + JDK-8316328: Test jdk/jfr/event/oldobject/ /TestSanityDefault.java times out for some heap sizes + JDK-8316387: Exclude more failing multicast tests on AIX after JDK-8315651 + JDK-8316389: Open source few AWT applet tests + JDK-8316468: os::write incorrectly handles partial write + JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm + JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java + JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + JDK-8317316: G1: Make TestG1PercentageOptions use createTestJvm + JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm + JDK-8317358: G1: Make TestMaxNewSize use createTestJvm + JDK-8317360: Missing null checks in JfrCheckpointManager and JfrStringPool initialization routines + JDK-8317372: Refactor some NumberFormat tests to use JUnit + JDK-8317635: Improve GetClassFields test to verify correctness of field order + JDK-8317831: compiler/codecache/CheckLargePages.java fails on OL 8.8 with unexpected memory string + JDK-8318039: GHA: Bump macOS and Xcode versions + JDK-8318089: Class space not marked as such with NMT when CDS is off + JDK-8318474: Fix memory reporter for thread_count + JDK-8318479: [jmh] the test security.CacheBench failed for multiple threads run + JDK-8318605: Enable parallelism in vmTestbase/nsk/stress/stack tests + JDK-8318696: Do not use LFS64 symbols on Linux + JDK-8318986: Improve GenericWaitBarrier performance + JDK-8319103: Popups that request focus are not shown on Linux with Wayland + JDK-8319197: Exclude hb-subset and hb-style from compilation + JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates + JDK-8319713: Parallel: Remove PSAdaptiveSizePolicy::should_full_GC + JDK-8320079: The ArabicBox.java test has no control buttons + JDK-8320379: C2: Sort spilling/unspilling sequence for better ld/st merging into ldp/stp on AArch64 + JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + JDK-8320608: Many jtreg printing tests are missing the @printer keyword + JDK-8320655: awt screencast robot spin and sync issues with native libpipewire api + JDK-8320692: Null icon returned for .exe without custom icon + JDK-8320945: problemlist tests failing on latest Windows 11 update + JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2 + JDK-8321176: [Screencast] make a second attempt on screencast failure + JDK-8321220: JFR: RecordedClass reports incorrect modifiers + JDK-8322008: Exclude some CDS tests from running with -Xshare:off + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + JDK-8322726: C2: Unloaded signature class kills argument value + JDK-8322971: KEM.getInstance() should check if a 3rd-party security provider is signed + JDK-8323122: AArch64: Increase itable stub size estimate + JDK-8323584: AArch64: Unnecessary ResourceMark in NativeCall::set_destination_mt_safe + JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + JDK-8323801: <s> tag doesn't strikethrough the text + JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE + JDK-8324646: Avoid Class.forName in SecureRandom constructor + JDK-8324648: Avoid NoSuchMethodError when instantiating NativePRNG + JDK-8324668: JDWP process management needs more efficient file descriptor handling + JDK-8324753: [AIX] adjust os_posix after JDK-8318696 + JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + JDK-8324933: ConcurrentHashTable::statistics_calculate synchronization is expensive + JDK-8325022: Incorrect error message on client authentication + JDK-8325179: Race in BasicDirectoryModel.validateFileCache + JDK-8325194: GHA: Add macOS M1 testing + JDK-8325384: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java failing intermittently when main thread is a virtual thread + JDK-8325444: GHA: JDK-8325194 causes a regression + JDK-8325567: jspawnhelper without args fails with segfault + JDK-8325620: HTMLReader uses ConvertAction instead of specified CharacterAction for , , + JDK-8325621: Improve jspawnhelper version checks + JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes survive minor garbage collections + JDK-8326106: Write and clear stack trace table outside of safepoint + JDK-8326332: Unclosed inline tags cause misalignment in summary tables + JDK-8326446: The User and System of jdk.CPULoad on Apple M1 are inaccurate + JDK-8326734: text-decoration applied to lost when mixed with or <s> + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + JDK-8327312: [17u] Problem list ReflectionCallerCacheTest.java due to 8324978 + JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java on all platforms with ZGC + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + JDK-8327840: Automate javax/swing/border/Test4129681.java + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/ /GetBoundsResizeTest.java applet test to main + JDK-8328075: Shenandoah: Avoid forwarding when objects don't move in full-GC + JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + JDK-8328115: Convert java/awt/font/TextLayout/ /TestJustification.html applet test to main + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + JDK-8328234: Remove unused nativeUtils files + JDK-8328238: Convert few closed manual applet tests to main + JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + JDK-8328273: sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ /ClickDuringKeypress.java imports Applet + JDK-8328561: test java/awt/Robot/ManualInstructions/ /ManualInstructions.java isn't used + JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main + JDK-8328647: TestGarbageCollectorMXBean.java fails with C1-only and -Xcomp + JDK-8328896: Fontmetrics for large Fonts has zero width + JDK-8328953: JEditorPane.read throws ChangedCharSetException + JDK-8328999: Update GIFlib to 5.2.2 + JDK-8329004: Update Libpng to 1.6.43 + JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + JDK-8329109: Threads::print_on() tries to print CPU time for terminated GC threads + JDK-8329126: No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 + JDK-8329134: Reconsider TLAB zapping + JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + JDK-8329605: hs errfile generic events - move memory protections and nmethod flushes to separate sections + JDK-8329663: hs_err file event log entry for thread adding/removing should print current thread + JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771 + JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + JDK-8330063: Upgrade jQuery to 3.7.1 + JDK-8330524: Linux ppc64le compile warning with clang in os_linux_ppc.cpp + JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8330615: avoid signed integer overflows in zip_util.c readCen / hashN + JDK-8331011: [XWayland] TokenStorage fails under Security Manager + JDK-8331063: Some HttpClient tests don't report leaks + JDK-8331077: nroff man page update for jar tool + JDK-8331164: createJMHBundle.sh download jars fail when url needed to be redirected + JDK-8331265: Bump update version for OpenJDK: jdk-17.0.13 + JDK-8331331: :tier1 target explanation in doc/testing.md is incorrect + JDK-8331466: Problemlist serviceability/dcmd/gc/ /RunFinalizationTest.java on generic-all + JDK-8331605: jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure + JDK-8331746: Create a test to verify that the cmm id is not ignored + JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + JDK-8331885: C2: meet between unloaded and speculative types is not symmetric + JDK-8332008: Enable issuestitle check + JDK-8332113: Update nsk.share.Log to be always verbose + JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in ff_Adlm.xml + JDK-8332248: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java failed with RuntimeException + JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + JDK-8332524: Instead of printing "TLSv1.3," it is showing "TLS13" + JDK-8332898: failure_handler: log directory of commands + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/ /TestDescription.java fails with no GC's recorded + JDK-8333270: HandlersOnComplexResetUpdate and HandlersOnComplexUpdate tests fail with "Unexpected reference" if timeoutFactor is less than 1/3 + JDK-8333353: Delete extra empty line in CodeBlob.java + JDK-8333398: Uncomment the commented test in test/jdk/java/ /util/jar/JarFile/mrjar/MultiReleaseJarAPI.java + JDK-8333477: Delete extra empty spaces in Makefiles + JDK-8333698: [17u] TestJstatdRmiPort fails after JDK-8333667 + JDK-8333716: Shenandoah: Check for disarmed method before taking the nmethod lock + JDK-8333724: Problem list security/infra/java/security/cert/ /CertPathValidator/certification/CAInterop.java #teliasonerarootcav1 + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + JDK-8334166: Enable binary check + JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java should not depend on SecurityManager + JDK-8334332: TestIOException.java fails if run by root + JDK-8334333: MissingResourceCauseTestRun.java fails if run by root + JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u includes elements of JDK-8163327 + JDK-8334339: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java fails on alinux3 + JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + JDK-8334482: Shenandoah: Deadlock when safepoint is pending during nmethods iteration + JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java fails on linux-aarch64 + JDK-8334653: ISO 4217 Amendment 177 Update + JDK-8334769: Shenandoah: Move CodeCache_lock close to its use in ShenandoahConcurrentNMethodIterator + JDK-8335536: Fix assertion failure in IdealGraphPrinter when append is true + JDK-8335775: Remove extraneous 's' in comment of rawmonitor.cpp test file + JDK-8335808: update for deprecated sprintf for jfrTypeSetUtils + JDK-8335918: update for deprecated sprintf for jvmti + JDK-8335967: "text-decoration: none" does not work with "A" HTML tags + JDK-8336301: test/jdk/java/nio/channels/ /AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + JDK-8336928: GHA: Bundle artifacts removal broken + JDK-8337038: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java shoud set as /native + JDK-8337283: configure.log is truncated when build dir is on different filesystem + JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + JDK-8337669: [17u] Backport of JDK-8284047 missed to delete a file + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + JDK-8338696: (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux) + JDK-8339869: [21u] Test CreationTime.java fails with UnsatisfiedLinkError after 8334339 + JDK-8341057: Add 2 SSL.com TLS roots + JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + JDK-8341673: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.13 java-17-openjdk-17.0.13.0-150400.3.48.2.src.rpm java-17-openjdk-17.0.13.0-150400.3.48.2.x86_64.rpm java-17-openjdk-demo-17.0.13.0-150400.3.48.2.x86_64.rpm java-17-openjdk-devel-17.0.13.0-150400.3.48.2.x86_64.rpm java-17-openjdk-headless-17.0.13.0-150400.3.48.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3923 Security update for gradle important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gradle fixes the following issues: - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location (bsc#1212931). gradle-4.4.1-150200.3.27.1.src.rpm gradle-4.4.1-150200.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3974 Recommended update for cosign moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cosign fixes the following issues: cosign was updated to 2.4.0 (jsc#SLE-23879) - Add new bundle support to verify-blob and verify-blob-attestation (#3796) - Adding protobuf bundle support to sign-blob and attest-blob (#3752) - Bump sigstore/sigstore to support email_verified as string or boolean (#3819) - Conformance testing for cosign (#3806) - move incremental builds per commit to GHCR instead of GCR (#3808) - Add support for recording creation timestamp for cosign attest (#3797) - Include SCT verification failure details in error message (#3799) - Set CGO_ENABLED=1 for fixing s390x failed build Update to 2.3.0 (jsc#SLE-23879): * Features - Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693) - add registry options to cosign save (#3645) - Add debug providers command. (#3728) - Make config layers in ociremote mountable (#3741) - adds tsa cert chain check for env var or tuf targets. (#3600) - add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464) - add handling of keyless verification for all verify commands (#3761) * Bug Fixes - fix: close attestationFile (#3679) - Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745) * Documentation - Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776) - add completion subpackages (bash, fish, zsh) cosign-2.4.0-150400.3.23.1.src.rpm cosign-2.4.0-150400.3.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4058 Recommended update for hawtjni-runtime moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hawtjni-runtime fixes the following issues: - Port to use Maven 3.x APIs instead of the old Maven 2.2.1 - Make the hawtjni-maven-plugin require autotools, make and gcc for building hawtjni-runtime-1.18-150200.3.7.1.src.rpm hawtjni-runtime-1.18-150200.3.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3961 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST (bsc#1216423). apache2-2.4.51-150400.6.40.1.src.rpm apache2-2.4.51-150400.6.40.1.x86_64.rpm apache2-devel-2.4.51-150400.6.40.1.x86_64.rpm apache2-doc-2.4.51-150400.6.40.1.noarch.rpm apache2-prefork-2.4.51-150400.6.40.1.x86_64.rpm apache2-utils-2.4.51-150400.6.40.1.x86_64.rpm apache2-worker-2.4.51-150400.6.40.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4131 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117). - CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556). - CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893). - CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976). - CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979). - CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286). - CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070). - CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454). - CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193). - CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200). - CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203). - CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073). - CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174). - CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861). - CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). The following non-security bugs were fixed: - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036). - bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375). - dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813). - initramfs: avoid filename buffer overrun (bsc#1232436). - ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813). - ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813). - net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813). kernel-default-5.14.21-150400.24.141.1.nosrc.rpm True kernel-default-5.14.21-150400.24.141.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.141.1.150400.24.68.2.src.rpm True kernel-default-base-5.14.21-150400.24.141.1.150400.24.68.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.141.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.141.1.noarch.rpm True kernel-docs-5.14.21-150400.24.141.1.noarch.rpm True kernel-docs-5.14.21-150400.24.141.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.141.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.141.1.src.rpm True kernel-obs-build-5.14.21-150400.24.141.1.x86_64.rpm True kernel-source-5.14.21-150400.24.141.1.noarch.rpm True kernel-source-5.14.21-150400.24.141.1.src.rpm True kernel-syms-5.14.21-150400.24.141.1.src.rpm True kernel-syms-5.14.21-150400.24.141.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.141.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4085 Recommended update for sapconf moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sapconf fixes the following issue: - version update from 5.0.7 to 5.0.8 * starting with 15SP5 change setting of transparent hugepages (THP) from 'never' to 'madvise' because of updated SAP notes (2131662, 2684254, 2031375) (bsc#1232373). sapconf-5.0.8-150400.16.7.2.noarch.rpm sapconf-5.0.8-150400.16.7.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3994 Recommended update for rabbitmq-c moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rabbitmq-c fixes the following issue: - Fix default cacert location (bsc#1232541). librabbitmq-devel-0.10.0-150300.5.9.2.x86_64.rpm librabbitmq4-0.10.0-150300.5.9.2.x86_64.rpm rabbitmq-c-0.10.0-150300.5.9.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4168 Recommended update for vim moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for vim fixes the following issues: - Update from vim-9.1.0330 to vim-9.1.0836 (bsc#1230625, bsc#1230625) gvim-9.1.0836-150000.5.66.1.x86_64.rpm vim-9.1.0836-150000.5.66.1.src.rpm vim-9.1.0836-150000.5.66.1.x86_64.rpm vim-data-9.1.0836-150000.5.66.1.noarch.rpm vim-data-common-9.1.0836-150000.5.66.1.noarch.rpm vim-small-9.1.0836-150000.5.66.1.x86_64.rpm xxd-9.1.0836-150000.5.66.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4116 Security update for xen important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xen fixes the following issues: - CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622). - CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624). Bug fixes: - Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542). xen-4.16.6_06-150400.4.65.1.src.rpm True xen-4.16.6_06-150400.4.65.1.x86_64.rpm True xen-devel-4.16.6_06-150400.4.65.1.x86_64.rpm True xen-libs-4.16.6_06-150400.4.65.1.x86_64.rpm True xen-tools-4.16.6_06-150400.4.65.1.x86_64.rpm True xen-tools-domU-4.16.6_06-150400.4.65.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.16.6_06-150400.4.65.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4037 Security update for bea-stax, xstream important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bea-stax, xstream fixes the following issues: - CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085). bea-stax-1.2.0-150200.11.3.1.noarch.rpm bea-stax-1.2.0-150200.11.3.1.src.rpm bea-stax-api-1.2.0-150200.11.3.1.noarch.rpm xstream-1.4.21-150200.3.28.1.noarch.rpm xstream-1.4.21-150200.3.28.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4044 Recommended update for hwdata moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hwdata fixes the following issue: - Version update to v0.389: * Update pci, usb and vendor ids hwdata-0.389-150000.3.71.2.noarch.rpm hwdata-0.389-150000.3.71.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4061 Recommended update for rubygem-nokogiri moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rubygem-nokogiri fixes the following issues: - Only report mismatching libxml2 version if the runtime version is older than the build versin (bsc#1213999) ruby2.5-rubygem-nokogiri-1.8.5-150400.14.6.1.x86_64.rpm rubygem-nokogiri-1.8.5-150400.14.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3988 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - CVE-2024-9676: Fixed github.com/containers/storage: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698): - CVE-2024-9675: VUL-0: CVE-2024-9675: buildah,podman: buildah: cache arbitrary directory mount (bsc#1231499): - CVE-2024-9407: Fixed improper input validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208) - CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) - Using networking slirp4netns as default instead of pasta on SLE (bsc#1232522). buildah-1.35.4-150400.3.33.1.src.rpm buildah-1.35.4-150400.3.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4068 Recommended update for automake moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for automake fixes the following issue: - check python major version and use imp or importlib accordingly (bsc#1232532). automake-1.15.1-150000.4.13.2.noarch.rpm automake-1.15.1-150000.4.13.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3999 Security update for apache2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2023-45802: Fixed regression with previous fix (bsc#1233165). apache2-2.4.51-150400.6.43.1.src.rpm apache2-2.4.51-150400.6.43.1.x86_64.rpm apache2-devel-2.4.51-150400.6.43.1.x86_64.rpm apache2-doc-2.4.51-150400.6.43.1.noarch.rpm apache2-prefork-2.4.51-150400.6.43.1.x86_64.rpm apache2-utils-2.4.51-150400.6.43.1.x86_64.rpm apache2-worker-2.4.51-150400.6.43.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4201 Recommended update for libsolv, libzypp, zypper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, libzypp, zypper fixes the following issues: - Fix replaces_installed_package using the wrong solvable id when checking the noupdate map - Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard - Add rpm_query_idarray query function - Support rpm's "orderwithrequires" dependency - BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451) - RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451) - The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393) - Don't try to download missing raw metadata if cache is not writable (bsc#1225451) libsolv-0.7.31-150400.3.32.2.src.rpm True libsolv-devel-0.7.31-150400.3.32.2.x86_64.rpm True libsolv-tools-0.7.31-150400.3.32.2.x86_64.rpm True libsolv-tools-base-0.7.31-150400.3.32.2.x86_64.rpm True libzypp-17.35.14-150400.3.98.2.src.rpm True libzypp-17.35.14-150400.3.98.2.x86_64.rpm True libzypp-devel-17.35.14-150400.3.98.2.x86_64.rpm True perl-solv-0.7.31-150400.3.32.2.x86_64.rpm True python3-solv-0.7.31-150400.3.32.2.x86_64.rpm True ruby-solv-0.7.31-150400.3.32.2.x86_64.rpm True zypper-1.14.78-150400.3.67.3.src.rpm True zypper-1.14.78-150400.3.67.3.x86_64.rpm True zypper-log-1.14.78-150400.3.67.3.noarch.rpm True zypper-needs-restarting-1.14.78-150400.3.67.3.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4053 Security update for ucode-intel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - Update for functional issues. New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3 - Intel CPU Microcode was updated to the 20241029 release Update for functional issues. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14 ucode-intel-20241112-150200.50.1.src.rpm ucode-intel-20241112-150200.50.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4117 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 (bsc#1232747), including fixes for: - CVE-2024-44308: Fixed arbitrary code execution by not allocating DFG register after a slow path (bsc#1233631). - CVE-2024-44309: Fixed a data isolation bypass vulnerability (bsc#1233632). - CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. - CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. WebKitGTK-4.0-lang-2.46.3-150400.4.97.1.noarch.rpm WebKitGTK-4.1-lang-2.46.3-150400.4.97.1.noarch.rpm WebKitGTK-6.0-lang-2.46.3-150400.4.97.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.46.3-150400.4.97.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.46.3-150400.4.97.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.46.3-150400.4.97.1.x86_64.rpm libwebkit2gtk-4_0-37-2.46.3-150400.4.97.1.x86_64.rpm libwebkit2gtk-4_1-0-2.46.3-150400.4.97.1.x86_64.rpm libwebkitgtk-6_0-4-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.46.3-150400.4.97.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.46.3-150400.4.97.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.46.3-150400.4.97.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.46.3-150400.4.97.1.x86_64.rpm webkit2gtk3-2.46.3-150400.4.97.1.src.rpm webkit2gtk3-devel-2.46.3-150400.4.97.1.x86_64.rpm webkit2gtk3-soup2-2.46.3-150400.4.97.1.src.rpm webkit2gtk3-soup2-devel-2.46.3-150400.4.97.1.x86_64.rpm webkit2gtk4-2.46.3-150400.4.97.1.src.rpm webkitgtk-6_0-injected-bundles-2.46.3-150400.4.97.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4078 Security update for glib2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glib2 fixes the following issues: - CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282). glib2-2.70.5-150400.3.17.1.src.rpm glib2-devel-2.70.5-150400.3.17.1.x86_64.rpm glib2-lang-2.70.5-150400.3.17.1.noarch.rpm glib2-tools-2.70.5-150400.3.17.1.x86_64.rpm libgio-2_0-0-2.70.5-150400.3.17.1.x86_64.rpm libglib-2_0-0-2.70.5-150400.3.17.1.x86_64.rpm libgmodule-2_0-0-2.70.5-150400.3.17.1.x86_64.rpm libgmodule-2_0-0-32bit-2.70.5-150400.3.17.1.x86_64.rpm libgobject-2_0-0-2.70.5-150400.3.17.1.x86_64.rpm libgthread-2_0-0-2.70.5-150400.3.17.1.x86_64.rpm libgio-2_0-0-32bit-2.70.5-150400.3.17.1.x86_64.rpm libglib-2_0-0-32bit-2.70.5-150400.3.17.1.x86_64.rpm libgobject-2_0-0-32bit-2.70.5-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-503 Security update for ovmf important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ovmf fixes the following issues: - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. (bsc#1225889) - CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages. (bsc#1218879) - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880) - CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881) - CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882) - CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883) - CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message. (bsc#1218884) - CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message. (bsc#1218885) - CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886) - CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887) ovmf-202202-150400.5.15.1.src.rpm ovmf-202202-150400.5.15.1.x86_64.rpm ovmf-tools-202202-150400.5.15.1.x86_64.rpm qemu-ovmf-x86_64-202202-150400.5.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4184 Recommended update for suseconnect-ng moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Integrating uptime-tracker - Honor auto-import-gpg-keys flag on migration (bsc#1231328) - Only send labels if targetting SCC - Skip the docker auth generation on RMT (bsc#1231185) - Add --set-labels to register command to set labels at registration time on SCC - Add a new function to display suse-uptime-tracker version - Add a command to show the info being gathered libsuseconnect-1.13.0-150400.3.42.1.x86_64.rpm suseconnect-ng-1.13.0-150400.3.42.1.src.rpm suseconnect-ng-1.13.0-150400.3.42.1.x86_64.rpm suseconnect-ruby-bindings-1.13.0-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4360 Security update for docker important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Allow a parallel docker-stable RPM to exists in repositories. - Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1> - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348) - Mark docker-buildx as required since classic "docker build" has been deprecated since Docker 23.0. (bsc#1230331) - Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333) - Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294 - This update includes fixes for: * CVE-2024-41110. bsc#1228324 * CVE-2023-47108. bsc#1217070 bsc#1229806 * CVE-2023-45142. bsc#1228553 bsc#1229806 - Update to Docker 26.1.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2614> - Update to Docker 26.1.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2610> - Update --add-runtime to point to correct binary path. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-26.1.5_ce-150000.212.1.src.rpm docker-26.1.5_ce-150000.212.1.x86_64.rpm docker-bash-completion-26.1.5_ce-150000.212.1.noarch.rpm docker-rootless-extras-26.1.5_ce-150000.212.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-36 Recommended update for rust moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust fixes the following issues: This update ships rust 1.81, 1.82 and 1.83 for SUSE Linux Enterprise Server 15 SP3 LTSS, SP4 LTSS and SP5 and SP6. cargo-1.83.0-150400.24.33.1.x86_64.rpm cargo1.79-1.79.0-150300.7.9.1.x86_64.rpm cargo1.81-1.81.0-150300.7.7.1.x86_64.rpm cargo1.82-1.82.0-150300.7.7.1.x86_64.rpm cargo1.83-1.83.0-150300.7.4.1.x86_64.rpm rust-1.83.0-150400.24.33.1.src.rpm rust-1.83.0-150400.24.33.1.x86_64.rpm rust1.79-1.79.0-150300.7.9.1.nosrc.rpm rust1.79-1.79.0-150300.7.9.1.x86_64.rpm rust1.79-src-1.79.0-150300.7.9.1.noarch.rpm rust1.81-1.81.0-150300.7.7.1.nosrc.rpm rust1.81-1.81.0-150300.7.7.1.x86_64.rpm rust1.81-src-1.81.0-150300.7.7.1.noarch.rpm rust1.82-1.82.0-150300.7.7.1.nosrc.rpm rust1.82-1.82.0-150300.7.7.1.x86_64.rpm rust1.82-src-1.82.0-150300.7.7.1.noarch.rpm rust1.83-1.83.0-150300.7.4.1.nosrc.rpm rust1.83-1.83.0-150300.7.4.1.x86_64.rpm rust1.83-src-1.83.0-150300.7.4.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4173 Security update for postgresql, postgresql16, postgresql17 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc#1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. - bsc#1219340: The last fix was not correct. Improve it by removing the dependency again and call fillup only if it is installed. postgresql16 was updated to 16.6: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. * https://www.postgresql.org/docs/release/16.6/ postgresql16 was updated to 16.5: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/16.5/ - Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17. * https://www.postgresql.org/about/news/p-2910/ postgresql17 is shipped in version 17.2: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/17.1/ * https://www.postgresql.org/docs/release/17.2/ Upgrade to 17.2: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. Upgrade to 17.0: * New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. * New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. * Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. * Logical replication enhancements, including: + Failover control + pg_createsubscriber, a utility that creates logical replicas from physical standbys + pg_upgrade now preserves replication slots on both publishers and subscribers * New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. * pg_basebackup now supports incremental backup. * COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. * https://www.postgresql.org/about/news/p-2936/ * https://www.postgresql.org/docs/17/release-17.html libecpg6-17.2-150200.5.5.1.x86_64.rpm libpq5-17.2-150200.5.5.1.x86_64.rpm libpq5-32bit-17.2-150200.5.5.1.x86_64.rpm postgresql-17-150400.4.18.1.noarch.rpm postgresql-17-150400.4.18.1.src.rpm postgresql-contrib-17-150400.4.18.1.noarch.rpm postgresql-devel-17-150400.4.18.1.noarch.rpm postgresql-docs-17-150400.4.18.1.noarch.rpm postgresql-llvmjit-17-150400.4.18.1.noarch.rpm postgresql-llvmjit-devel-17-150400.4.18.1.noarch.rpm postgresql-plperl-17-150400.4.18.1.noarch.rpm postgresql-plpython-17-150400.4.18.1.noarch.rpm postgresql-pltcl-17-150400.4.18.1.noarch.rpm postgresql-server-17-150400.4.18.1.noarch.rpm postgresql-server-devel-17-150400.4.18.1.noarch.rpm postgresql16-16.6-150200.5.21.1.src.rpm postgresql16-16.6-150200.5.21.1.x86_64.rpm postgresql16-contrib-16.6-150200.5.21.1.x86_64.rpm postgresql16-devel-16.6-150200.5.21.1.x86_64.rpm postgresql16-docs-16.6-150200.5.21.1.noarch.rpm postgresql16-plperl-16.6-150200.5.21.1.x86_64.rpm postgresql16-plpython-16.6-150200.5.21.1.x86_64.rpm postgresql16-pltcl-16.6-150200.5.21.1.x86_64.rpm postgresql16-server-16.6-150200.5.21.1.x86_64.rpm postgresql16-server-devel-16.6-150200.5.21.1.x86_64.rpm postgresql17-17.2-150200.5.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4092 Recommended update for bmake moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bmake fixes the following issue: - Fix variable used in rules to build shared libs on Linux (bsc#1233508). bmake-20200606-150400.3.3.2.src.rpm bmake-20200606-150400.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4289 Recommended update for python-rpm-macros moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-rpm-macros fixes the following issue: - Update to version 20241120 (bsc#1233151) python-rpm-generators-20241120.6ae645f-150400.3.18.1.noarch.rpm python-rpm-macros-20241120.6ae645f-150400.3.18.1.noarch.rpm python-rpm-macros-20241120.6ae645f-150400.3.18.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4174 Security update for postgresql15 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). postgresql15-15.10-150200.5.33.1.src.rpm postgresql15-15.10-150200.5.33.1.x86_64.rpm postgresql15-contrib-15.10-150200.5.33.1.x86_64.rpm postgresql15-devel-15.10-150200.5.33.1.x86_64.rpm postgresql15-docs-15.10-150200.5.33.1.noarch.rpm postgresql15-plperl-15.10-150200.5.33.1.x86_64.rpm postgresql15-plpython-15.10-150200.5.33.1.x86_64.rpm postgresql15-pltcl-15.10-150200.5.33.1.x86_64.rpm postgresql15-server-15.10-150200.5.33.1.x86_64.rpm postgresql15-server-devel-15.10-150200.5.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4176 Security update for postgresql14 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). postgresql14-14.15-150200.5.50.1.src.rpm postgresql14-14.15-150200.5.50.1.x86_64.rpm postgresql14-contrib-14.15-150200.5.50.1.x86_64.rpm postgresql14-devel-14.15-150200.5.50.1.x86_64.rpm postgresql14-docs-14.15-150200.5.50.1.noarch.rpm postgresql14-plperl-14.15-150200.5.50.1.x86_64.rpm postgresql14-plpython-14.15-150200.5.50.1.x86_64.rpm postgresql14-pltcl-14.15-150200.5.50.1.x86_64.rpm postgresql14-server-14.15-150200.5.50.1.x86_64.rpm postgresql14-server-devel-14.15-150200.5.50.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4175 Security update for postgresql13 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql13 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). postgresql13-13.18-150200.5.64.1.src.rpm postgresql13-13.18-150200.5.64.1.x86_64.rpm postgresql13-contrib-13.18-150200.5.64.1.x86_64.rpm postgresql13-devel-13.18-150200.5.64.1.x86_64.rpm postgresql13-docs-13.18-150200.5.64.1.noarch.rpm postgresql13-llvmjit-13.18-150200.5.64.1.x86_64.rpm postgresql13-llvmjit-devel-13.18-150200.5.64.1.x86_64.rpm postgresql13-plperl-13.18-150200.5.64.1.x86_64.rpm postgresql13-plpython-13.18-150200.5.64.1.x86_64.rpm postgresql13-pltcl-13.18-150200.5.64.1.x86_64.rpm postgresql13-server-13.18-150200.5.64.1.x86_64.rpm postgresql13-server-devel-13.18-150200.5.64.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4086 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 (bsc#1233695): * CVE-2024-11691: Memory corruption in Apple GPU drivers * CVE-2024-11692: Select list elements could be shown over another site * CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696: Unhandled Exception in Add-on Signature Verification * CVE-2024-11697: Inproper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 MozillaFirefox-128.5.0-150200.152.161.1.src.rpm MozillaFirefox-128.5.0-150200.152.161.1.x86_64.rpm MozillaFirefox-devel-128.5.0-150200.152.161.1.noarch.rpm MozillaFirefox-translations-common-128.5.0-150200.152.161.1.x86_64.rpm MozillaFirefox-translations-other-128.5.0-150200.152.161.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4204 Security update for docker-stable important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker-stable fixes the following issues: - CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324). Bug fixes: - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348). - Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker (bsc#1230331, bsc#1230333). - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks (bsc#1221916). - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files (bsc#1214855). docker-stable-24.0.9_ce-150000.1.5.1.src.rpm docker-stable-24.0.9_ce-150000.1.5.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4107 Security update for python-waitress important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-waitress fixes the following issues: - CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up (bsc#1232554) python-waitress-1.4.3-150000.3.9.1.src.rpm python3-waitress-1.4.3-150000.3.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4093 Security update for python-virtualenv important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-virtualenv fixes the following issues: - CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706) python-virtualenv-20.22.0-150400.9.6.1.src.rpm python311-virtualenv-20.22.0-150400.9.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4106 Security update for tomcat critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 * Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status (bsc#1233434) * Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt) + Add: 55470: Add debug logging that reports the class path when a ClassNotFoundException occurs in the digester or the web application class loader. Based on a patch by Ralf Hauser. (markt) + Update: 69374: Properly separate between table header and body in DefaultServlet's listing. (michaelo) + Update: 69373: Make DefaultServlet's HTML listing file last modified rendering better (flexible). (michaelo) + Update: Improve HTML output of DefaultServlet. (michaelo) + Code: Refactor RateLimitFilter to use FilterBase as the base class. The primary advantage for doing this is less code to process init-param values. (markt) + Update: 69370: DefaultServlet's HTML listing uses incorrect labels. (michaelo) + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm) + Fix: Add missing WebDAV Lock-Token header in the response when locking a folder. (remm) + Fix: Invalid WebDAV lock requests should be rejected with 400. (remm) + Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm) + Fix: Verify that destination is not locked for a WebDAV copy operation. (remm) + Fix: Send 415 response to WebDAV MKCOL operations that include a request body since this is optional and unsupported. (remm) + Fix: Enforce DAV: namespace on WebDAV XML elements. (remm) + Fix: Do not allow a new WebDAV lock on a child resource if a parent collection is locked (RFC 4918 section 6.1). (remm) + Fix: WebDAV Delete should remove any existing lock on successfully deleted resources. (remm) + Update: Remove WebDAV lock null support in accordance with RFC 4918 section 7.3 and annex D. Instead, a lock on a non-existing resource will create an empty file locked with a regular lock. (remm) + Update: Rewrite implementation of WebDAV shared locks to comply with RFC 4918. (remm) + Update: Implement WebDAV If header using code from the Apache Jackrabbit project. (remm) + Add: Add PropertyStore interface in the WebDAV Servlet, to allow implementation of dead properties storage. The store used can be configured using the 'propertyStore' init parameter of the WebDAV servlet. A simple non-persistent implementation is used if no custom store is configured. (remm) + Update: Implement WebDAV PROPPATCH method using the newly added PropertyStore. (remm) + Fix: Cache not found results when searching for web application class loader resources. This addresses performance problems caused by components such as java.sql.DriverManager which, in some circumstances, will search for the same class repeatedly. In a large web application this can cause performance problems. The size of the cache can be controlled via the new notFoundClassResourceCacheSize on the StandardContext. (markt) + Fix: Stop after INITIALIZED state should be a noop since it is possible for subcomponents to be in FAILED after init. (remm) + Fix: Fix incorrect web resource cache size calculations when there are concurrent PUT and DELETE requests for the same resource. (markt) + Add: Add debug logging for the web resource cache so the current size can be tracked as resources are added and removed. (markt) + Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens with urn:uuid: as recommended by RFC 4918, and remove secret init parameter. (remm) + Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the same path caused corruption of the FileResource where some of the fields were set as if the file exists and some as set as if it does not. This resulted in inconsistent metadata. (markt) + Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on GET and HEAD requests. Also skip requests where the application has set Cache-Control: no-store. (markt) + Fix: 69419: Improve the performance of ServletRequest.getAttribute() when there are multiple levels of nested includes. Based on a patch provided by John Engebretson. (markt) + Add: All applications to send an early hints informational response by calling HttpServletResponse.sendError() with a status code of 103. (schultz) + Fix: Ensure that the Jakarta Authentication CallbackHandler only creates one GenericPrincipal in the Subject. (markt) + Fix: If the Jakarta Authentication process fails with an Exception, explicitly set the HTTP response status to 500 as the ServerAuthContext may not have set it. (markt) + Fix: When persisting the Jakarta Authentication provider configuration, create any necessary parent directories that don't already exist. (markt) + Fix: Correct the logic used to detect errors when deleting temporary files associated with persisting the Jakarta Authentication provider configuration. (markt) + Fix: When processing Jakarta Authentication callbacks, don't overwrite a Principal obtained from the PasswordValidationCallback with null if the CallerPrincipalCallback does not provide a Principal. (markt) + Fix: Avoid store config backup loss when storing one configuration more than once per second. (remm) + Fix: 69359: WebdavServlet duplicates getRelativePath() method from super class with incorrect Javadoc. (michaelo) + Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and DefaultServlet. (michaelo) + Fix: Make WebdavServlet properly return the Allow header when deletion of a resource is not allowed. (michaelo) + Fix: Add log warning if non wildcard mappings are used with the WebdavServlet. (remm) + Fix: 69361: Ensure that the order of entries in a multi-status response to a WebDAV is consistent with the order in which resources were processed. (markt) + Fix: 69362: Provide a better multi-status response when deleting a collection via WebDAV fails. Empty directories that cannot be deleted will now be included in the response. (markt) + Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to ensure that the correct path is used when the WebDAV servlet is mounted at a sub-path within the web application. (markt) + Fix: Improve performance of ApplicationHttpRequest.parseParameters(). Based on sample code and test cases provided by John Engebretson. (markt) + Add: Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints(). This method will be added to the Servlet API (removing the need for the cast) in Servlet 6.2 onwards. (markt) + Fix: 69214: Do not reject a CORS request that uses POST but does not include a content-type header. Tomcat now correctly processes this as a simple CORS request. Based on a patch suggested by thebluemountain. (markt) + Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather than Subject.doAs() when available. (markt) * Coyote + Fix: Return null SSL session id on zero length byte array returned from the SSL implementation. (remm) + Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm) + Fix: Create the HttpParser in Http11Processor if it is not present on the AbstractHttp11Protocol to provide better lifecycle robustness for regular HTTP/1.1. The new behavior was introduced on a previous refactoring to improve HTTP/2 performance. (remm) + Fix: OpenSSLContext will now throw a KeyManagementException if something is known to have gone wrong in the init method, which is the behavior documented by javax.net.ssl.SSLContext.init. This makes error handling more consistent. (remm) + Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to generate Date headers for HTTP responses) generates the correct string for the given input. Prior to this change, the output may have been wrong by one second in some cases. Pull request #751 provided by Chenjp. (markt) + Add: Add server and serverRemoveAppProvidedValues to the list of attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector it is nested within. (markt) + Fix: Avoid possible crashes when using Apache Tomcat Native, caused by destroying SSLContext objects through GC after APR has been terminated. (remm) + Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer fields no longer need to be received before the headers of the subsequent stream nor are trailer fields for an in-progress stream swallowed if the Connector is paused before the trailer fields are received. (markt) + Fix: Ensure the request and response are not recycled too soon for an HTTP/2 stream when a stream level error is detected during the processing of incoming HTTP/2 frames. This could lead to incorrect processing times appearing in the access log. (markt) + Fix: Fix 69320, a regression in the fix for 69302 that meant the HTTP/2 processing was likely to be broken for all clients once any client sent an HTTP/2 reset frame. (markt) + Fix: Correct a regression in the fix for non-blocking reads of chunked request bodies that caused InputStream.available() to return a non-zero value when there was no data to read. In some circumstances this could cause a blocking read to block waiting for more data rather than return the data it had already received. (markt) + Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor. The default behaviour is unchanged. (markt) + Fix: Ensure that Tomcat sends a TLS close_notify message after receiving one from the client when using the OpenSSLImplementation. (markt) + Fix: 69301: Fix trailer headers replacing non-trailer headers when writing response headers to the access log. Based on a patch and test case provided by hypnoce. (markt) + Fix: 69302: If an HTTP/2 client resets a stream before the request body is fully written, ensure that any ReadListener is notified via a call to ReadListener.onErrror(). (markt) + Fix: Correct regressions in the refactoring that added recycling of the coyote request and response to the HTTP/2 processing. (markt) + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native. OpenSSL support may be enabled by adding the org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server element when using Java 22 or later. (remm) + Fix: Ensure that HTTP/2 stream input buffers are only created when there is a request body to be read. (markt) + Code: Refactor creation of HttpParser instances from the Processor level to the Protocol level since the parser configuration depends on the protocol and the parser is, otherwise, stateless. (markt) + Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. (markt) * Jasper + Fix: Add back tag release method as deprecated in the runtime for compatibility with old generated code. (remm) + Fix: 69399: Fix regression caused by the improvement 69333 which caused the tag release to be called when using tag pooling, and to be skipped when not using it. Patch submitted by Michal Sobkiewicz. (remm) + Fix: 69381: Improve method lookup performance in expression language. When the required method has no arguments there is no need to consider casting or coercion and the method lookup process can be simplified. Based on pull request #770 by John Engebretson. + Fix: 69382: Improve the performance of the JSP include action by re-using results of relatively expensive method calls in the generated code rather than repeating them. Patch provided by John Engebretson. (markt) + Fix: 69398: Avoid unnecessary object allocation in PageContextImpl. Based on a suggestion by John Engebretson. (markt) + Fix: 69406: When using StringInterpreterEnum, do not throw an IllegalArgumentException when an invalid Enum is encountered. Instead, resolve the value at runtime. Patch provided by John Engebretson. (markt) + Fix: 69429: Optimise EL evaluation of method parameters for methods that do not accept any parameters. Patch provided by John Engebretson. (markt) + Fix: 69333: Remove unnecessary code from generated JSPs. (markt) + Fix: 69338: Improve the performance of processing expressions that include AND or OR operations with more than two operands and expressions that use not empty. (markt) + Fix: 69348: Reduce memory consumption in ELContext by using lazy initialization for the data structure used to track lambda arguments. (markt) + Fix: Switch the TldScanner back to logging detailed scan results at debug level rather than trace level. (markt) * Web applications + Fix: The manager webapp will now be able to access certificates again when OpenSSL is used. (remm) + Fix: Documentation. Align the logging configuration documentation with the current defaults. (markt) * WebSocket + Fix: If a blocking message write exceeds the timeout, don't attempt the write again before throwing the exception. (markt) + Fix: An EncodeException being thrown during a message write should not automatically cause the connection to close. The application should handle the exception and make the decision whether or not to close the connection. (markt) * jdbc-pool + Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException rather than the application seeing the original SQLException. Fixed by pull request #744 provided by Michael Clarke. (markt) + Fix: 69279: Correct a regression in the fix for 69206 that meant that methods that previously returned a null ResultSet were returning a proxy with a null delegate. Fixed by pull request #745 provided by Huub de Beer. (markt) + Fix: 69206: Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. Based on pull request #742 provided by Michael Clarke. * Other + Update: Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt) + Update: Update Byte Buddy to 1.15.10. (markt) + Update: Update CheckStyle to 10.20.0. (markt) + Add: Improvements to German translations. (remm) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Chinese translations by Ch_jp. (markt) + Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default. (markt) + Fix: Change the default log handler level to ALL so log messages are not dropped by default if a logger is configured to use trace (FINEST) level logging. (markt) + Update: Update Hamcrest to 3.0. (markt) + Update: Update EasyMock to 5.4.0. (markt) + Update: Update Byte Buddy to 1.15.0. (markt) + Update: Update CheckStyle to 10.18.0. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.10.0. (markt) + Add: Improvements to Spanish translations by Fernando. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Fix: Fix packaging regression with missing osgi information following addition of the test-only build target. (remm) + Update: Update Tomcat Native to 1.3.1. (markt) + Update: Update Byte Buddy to 1.14.18. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) tomcat-9.0.97-150200.71.1.noarch.rpm tomcat-9.0.97-150200.71.1.src.rpm tomcat-admin-webapps-9.0.97-150200.71.1.noarch.rpm tomcat-el-3_0-api-9.0.97-150200.71.1.noarch.rpm tomcat-jsp-2_3-api-9.0.97-150200.71.1.noarch.rpm tomcat-lib-9.0.97-150200.71.1.noarch.rpm tomcat-servlet-4_0-api-9.0.97-150200.71.1.noarch.rpm tomcat-webapps-9.0.97-150200.71.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4102 Recommended update for yast2-auth-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-auth-server fixes the following issues: - Version update v4.4.1 - Fix y2log path in popup messages (bsc#1207831). yast2-auth-server-4.4.1-150400.3.3.2.noarch.rpm yast2-auth-server-4.4.1-150400.3.3.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4133 Recommended update for mariadb moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mariadb fixes the following issues: - Update to 10.6.20: https://mariadb.com/kb/en/mariadb-10-6-20-release-notes/ https://mariadb.com/kb/en/mariadb-10-6-20-changelog/ https://mariadb.com/kb/en/mariadb-10-6-19-release-notes/ https://mariadb.com/kb/en/mariadb-10-6-19-changelog/ - Update list of skipped tests libmariadbd-devel-10.6.20-150400.3.36.1.x86_64.rpm libmariadbd19-10.6.20-150400.3.36.1.x86_64.rpm mariadb-10.6.20-150400.3.36.1.src.rpm mariadb-10.6.20-150400.3.36.1.x86_64.rpm mariadb-client-10.6.20-150400.3.36.1.x86_64.rpm mariadb-errormessages-10.6.20-150400.3.36.1.noarch.rpm mariadb-tools-10.6.20-150400.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4190 Recommended update for lshw moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lshw fixes the following issue: - Update to version B.02.20 (jsc#9912): * update changelog * update data files * get rid of GTK deprecation warning * get rid of some snprintf warnings * Add support for 100Gbit interfaces lshw-B.02.20-150200.3.18.2.src.rpm lshw-B.02.20-150200.3.18.2.x86_64.rpm lshw-lang-B.02.20-150200.3.18.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4353 Recommended update for certification-sles-eal4 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for certification-sles-eal4 fixes the following issue: - Version update 15.2+git20241127.462985a * Provide script to disable userspace openssl ARM CE crypto extensions (bsc#1233866). certification-sles-eal4-15.2+git20241127.462985a-150200.5.21.2.src.rpm certification-sles-eal4-15.2+git20241127.462985a-150200.5.21.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4280 Recommended update for guava moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues: guava was updated from version 33.1.0 to 33.2.1: - Added some artifact aliases - Changed how internet addresses are handled to preserve more information. This might require code updates if you were relying on the old behavior (consult the package changelog for more details). - Fixed a compilation issue under Gradle. - Fixed a potential crash when building ImmutableMap. - Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC). google-errorprone, checker-qual, j2objc-annotations: - google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they are required by this guava update - google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS products, as it's required by this guava update: * Added new checks for common Java coding errors * Improvement of existing checks * Performance and infrastructure improvements * Various bugs were fixed checker-qual-3.22.0-150200.5.7.2.noarch.rpm checker-qual-3.22.0-150200.5.7.2.src.rpm google-errorprone-annotations-2.26.1-150200.5.8.1.noarch.rpm google-errorprone-annotations-2.26.1-150200.5.8.1.src.rpm guava-33.2.1-150200.3.13.2.noarch.rpm guava-33.2.1-150200.3.13.2.src.rpm j2objc-annotations-2.2-150200.5.5.2.noarch.rpm j2objc-annotations-2.2-150200.5.5.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4238 Recommended update for python-kiwi important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Fixed boot support for ISO media on Power PC architecture - Update documentation configuration to match with latest theme - Set grub-bls default to false for SUSE Linux Enterprise 15 (bsc#1233196) dracut-kiwi-lib-9.24.43-150100.3.90.1.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.90.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.90.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.90.1.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.90.1.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.90.1.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.90.1.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.90.1.x86_64.rpm kiwi-tools-9.24.43-150100.3.90.1.x86_64.rpm python-kiwi-9.24.43-150100.3.90.1.src.rpm python3-kiwi-9.24.43-150100.3.90.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4304 Security update for qemu important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qemu fixes the following issues: - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) - CVE-2024-8354: Fixed assertion failure in usb_ep_get() in usb (bsc#1230834) - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915) qemu-6.2.0-150400.37.37.3.src.rpm qemu-6.2.0-150400.37.37.3.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.37.3.x86_64.rpm qemu-audio-alsa-6.2.0-150400.37.37.3.x86_64.rpm qemu-audio-pa-6.2.0-150400.37.37.3.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.37.3.x86_64.rpm qemu-block-curl-6.2.0-150400.37.37.3.x86_64.rpm qemu-block-iscsi-6.2.0-150400.37.37.3.x86_64.rpm qemu-block-rbd-6.2.0-150400.37.37.3.x86_64.rpm qemu-block-ssh-6.2.0-150400.37.37.3.x86_64.rpm qemu-chardev-baum-6.2.0-150400.37.37.3.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.37.3.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-usb-host-6.2.0-150400.37.37.3.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.37.3.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.37.3.noarch.rpm qemu-ksm-6.2.0-150400.37.37.3.x86_64.rpm qemu-kvm-6.2.0-150400.37.37.3.x86_64.rpm qemu-lang-6.2.0-150400.37.37.3.x86_64.rpm qemu-tools-6.2.0-150400.37.37.3.x86_64.rpm qemu-ui-curses-6.2.0-150400.37.37.3.x86_64.rpm qemu-ui-gtk-6.2.0-150400.37.37.3.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.37.3.x86_64.rpm qemu-ui-spice-app-6.2.0-150400.37.37.3.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.37.3.x86_64.rpm qemu-x86-6.2.0-150400.37.37.3.x86_64.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.37.3.noarch.rpm qemu-sgabios-8-150400.37.37.3.noarch.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.37.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4202 Security update for java-1_8_0-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u432 (icedtea-3.33.0): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) java-1_8_0-openjdk-1.8.0.432-150000.3.100.1.src.rpm java-1_8_0-openjdk-1.8.0.432-150000.3.100.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.432-150000.3.100.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.432-150000.3.100.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.432-150000.3.100.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4338 Recommended update for systemd important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd fixes the following issues: - core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272) - core/unit: add get_timeout_start_usec in UnitVTable and define it for service - sd-bus: make bus_add_match_full accept timeout - udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610) - sd-device: add helper to read a unsigned int attribute libsystemd0-249.17-150400.8.46.1.x86_64.rpm libsystemd0-32bit-249.17-150400.8.46.1.x86_64.rpm libudev1-249.17-150400.8.46.1.x86_64.rpm libudev1-32bit-249.17-150400.8.46.1.x86_64.rpm systemd-249.17-150400.8.46.1.src.rpm systemd-249.17-150400.8.46.1.x86_64.rpm systemd-container-249.17-150400.8.46.1.x86_64.rpm systemd-coredump-249.17-150400.8.46.1.x86_64.rpm systemd-devel-249.17-150400.8.46.1.x86_64.rpm systemd-doc-249.17-150400.8.46.1.x86_64.rpm systemd-lang-249.17-150400.8.46.1.noarch.rpm systemd-sysvinit-249.17-150400.8.46.1.x86_64.rpm udev-249.17-150400.8.46.1.x86_64.rpm systemd-32bit-249.17-150400.8.46.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4324 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.5.1 ESR (bsc#1234326): - Fixed an issue that prevented some websites from loading when using SSL Inspection. (bmo#1933747) MozillaFirefox-128.5.1-150200.152.164.1.src.rpm MozillaFirefox-128.5.1-150200.152.164.1.x86_64.rpm MozillaFirefox-devel-128.5.1-150200.152.164.1.noarch.rpm MozillaFirefox-translations-common-128.5.1-150200.152.164.1.x86_64.rpm MozillaFirefox-translations-other-128.5.1-150200.152.164.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4322 Recommended update for nvidia-open-driver-G06-signed moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nvidia-open-driver-G06-signed fixes the following issues: - For CUDA update version to 565.57.01 - Add 'dummy' firmware package on SLE to work around update issues. On SLE, the firmware is installed directly from an NVIDIA-hosted repo. - Improve handling of conflicts between different flavors (gfx vs. CUDA) (bsc#1233332). - Update to 550.135 (bsc#1233673) * fixes wrong logic for checking supported architectures kernel-firmware-nvidia-gspx-G06-cuda-565.57.01-150400.9.76.1.x86_64.rpm nv-prefer-signed-open-driver-565.57.01-150400.9.76.1.x86_64.rpm nvidia-open-driver-G06-signed-550.135-150400.9.76.1.src.rpm nvidia-open-driver-G06-signed-cuda-565.57.01-150400.9.76.1.src.rpm nvidia-open-driver-G06-signed-cuda-default-devel-565.57.01-150400.9.76.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-565.57.01_k5.14.21_150400.22-150400.9.76.1.x86_64.rpm nvidia-open-driver-G06-signed-default-devel-550.135-150400.9.76.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.135_k5.14.21_150400.22-150400.9.76.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4370 Recommended update for plymouth moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for plymouth fixes the following issues: - Ensure Plymouth supports hotplugging a second monitor in any order, displaying the same content on both screens (bsc#1231214) libply-boot-client5-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm libply-splash-core5-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm libply-splash-graphics5-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm libply5-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-0.9.5~git20210406.e554475-150400.3.15.1.src.rpm plymouth-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-devel-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-dracut-0.9.5~git20210406.e554475-150400.3.15.1.noarch.rpm plymouth-lang-0.9.5~git20210406.e554475-150400.3.15.1.noarch.rpm plymouth-plugin-label-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-plugin-label-ft-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-plugin-script-0.9.5~git20210406.e554475-150400.3.15.1.x86_64.rpm plymouth-scripts-0.9.5~git20210406.e554475-150400.3.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4281 Optional update for fuse3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for fuse3 provides missing -devel packages for SLE 15 SP4. fuse3-3.10.5-150400.3.2.1.src.rpm fuse3-3.10.5-150400.3.2.1.x86_64.rpm fuse3-devel-3.10.5-150400.3.2.1.x86_64.rpm libfuse3-3-3.10.5-150400.3.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4363 Recommended update for hwdata moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hwdata fixes the following issue: - Version update v0.390 * Update pci and vendor ids hwdata-0.390-150000.3.74.2.noarch.rpm hwdata-0.390-150000.3.74.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4212 Security update for obs-scm-bridge important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for obs-scm-bridge fixes the following issues: Updated to version 0.5.4: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) obs-scm-bridge-0.5.4-150100.3.6.1.noarch.rpm obs-scm-bridge-0.5.4-150100.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4306 Security update for java-1_8_0-ibm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU (bsc#1232064): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) Other issues fixed in past releases: - CVE-2024-3933: Fixed evaluate constant byteLenNode of arrayCopyChild (bsc#1225470) java-1_8_0-ibm-1.8.0_sr8.35-150000.3.95.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.35-150000.3.95.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.35-150000.3.95.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.35-150000.3.95.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.35-150000.3.95.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4375 Recommended update for publicsuffix moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for publicsuffix fixes the following issues: - Update to version 20241202: * remove `upli.io` (#2302) * added o365 sub domain (#2291) * tools/internal/parser: enforce suffix ordering in the ICANN section (#2295) * chore: Fix Alphabetizing for the ICANN section (#2287) * remove `mcpe.me` (#2294) * util: gTLD data autopull updates for 2024-11-27T15:18:00 UTC (#2293) * Update `.EG` Section (#2290) * Adding RUB domain (#2292) * Update `.TW` Section (#2289) * Update `.CV` Section (#2286) * Update company name and email address (#2285) * Update `.GE` Section (#2283) * Update `.BO` (#2276) * Update `.DM` Block (#2277) * Update `.MG` Section (#2274) * chore: Update `.AF` Section link and sorting (#2279) * chore: Update `.CW` Section comments (#2281) * update `.tt` section (#2272) * remove `betainabox.com` (#2259) * Update `.AZ` comments and fix sorting (#2275) * alphabetise `.tm` section + add confirmation comment (#2268) * Update `.RE` Section (#2271) * Update `.CO` Section (#2269) * Update `.PL` comments and fix alphabetical sorting (#2270) * Update `.SG` Section (#2273) * Update 2nd levels for .JO (Jordan) section (#2264) * remove `nom.ad` (#2263) * Update .IS (#2266) * Update .AU Section (#2267) * Heyflow GmbHs domains heyflow.page and heyflow.site * Adding LODMAN regional domains * Master to main for the remote action in the website remote * chore(pr_template): remove syntax check (#2252) * Add pages-research.it.hs-heilbronn.de (#2253) * Update deploy-site.yml * remove `corpnet.work`, update contact info (#2247) * add `co.bz` (#2249) * move `wdh.app` to new section (#2246) * remove `bci.dnstrace.pro` (#2245) * remove `onred.one` (#2244) * util: gTLD data autopull updates for 2024-10-31T15:17:41 UTC (#2242) * Add home.arpa (#2220) * Add `taveusercontent.com` (#2239) * Add ip-ddns.com and ddns-ip.net (#2234) * Add grafana-dev.net to public suffix list (#2188) * chore: remove 2nd level comment for `.sk` (#2238) * Remove `presse.ci` and `md.ci`, other ccTLD stubs not associated w respective registry (#2198) * update `.io` section (#2236) * Remove `gov.cu` (#2233) * Remove Handshake suffixes (#2222) * internal/parser: add PublicSuffix and RegisteredDomain methods to List (#2228) * Add cloud-ip.biz and ip-dynamic.org for ClouDNS (#2202) * Add co.ss (#2144) * Add `org.ao`, `edu.ao`, `gov.ao` ccTLD (ICANN section) (#2145) * util: gTLD data autopull updates for 2024-10-17T15:16:22 UTC (#2226) * chore: update is-a.dev contact info (#2225) * Remove bloxcms.com in public suffix list - no longer needed (#2224) * Remove ddns5.com (#2221) * Make TXT validation use local git history (#2217) * Improve psltool PR check (#2218) * Remove beta.tailscale.net (#2216) * util: gTLD data autopull updates for 2024-10-15T15:17:29 UTC (#2219) * Remove `museum.mw` (#2203) * Update `.NA` entries (#2204) * Remove `ne.pw` (#2200) * Remove inactive or expired yombo domains (#2173) * Remove old Python PR checker * Add medusajs.app domain to public list (#2211) * Remove Banzai Cloud (#2215) * tools/internal/github: correctly handle github's mergeability updates (#2214) * tools/internal/parser: check TXT records (#2213) * remove `preview.wdh.app`, `t.hrsn.dev`, `t.hrsn.net` (#2208) * Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors (#2201) * remove `paris.eu.org` (#2147) * remove `blogspot.mr` (#2100) * Adding ArvanCloud arvanedge.ir Compute Domain to public suffix list (#2205) * remove `q-a.eu.org` (#2146) * AWS Submissions to the Public Suffix List - Q3 2024 (#2032) * Remove `bounty-full.com` to rollback #104 (#2163) * Add back `cnpy.gdn` to restore #633 (#2194) * Remove `cnpy.gdn` to rollback #633 (#2174) * Br 20240930 update (#2192) * add mittwald product domains (#2171) * util: gTLD data autopull updates for 2024-09-26T15:17:07 UTC (#2191) * Remove `certmgr.org` to roll back #225 (#2164) * Remove dyn53.io to rollback #820 (#2161) * Remove `forte.id` to rollback #1081 (#2166) * Remove `daplie.me` to rollback commit a4d8335 (#2162) * remove exception in CI for duplicate sections (#2180) * combine duplicate sections (#2168) * tools/internal/domain: add functions to render a domain as punycode (#2179) * tools/psltool: allow checking the PSL for an arbitrary commit on github (#2177) * tools/internal/github: support loading PR diffs for merged PRs (#2176) * tools/internal: wrap use of collators in mutexes (#2175) * Add `hf.space` and `static.hf.space` to `public_suffix_list.dat` (#2157) * Update `prvcy.page` contact email (#2182) * Add shopware.shop to public suffix list (#2187) * Remove domain:ktistory.com from PSL (#2181) * rename `William Harrison` to `Harrison Network` (#2183) * Remove *.sensiosite.cloud and *.s5y.io (#2167) * Remove `mycd.eu` to rollback #233 (#2165) * docs(pr_template): fix grammar error + small changes (#2169) * add `hrsn.dev` (#2170) * add `t.hrsn.dev` (#2155) * docs(pr_template): various fixes and comment updates (#2156) * util: gTLD data autopull updates for 2024-09-13T15:16:52 UTC (#2154) * Apply formatting using `psltool fmt` (#2152) * update contact for dweb.link and libp2p.direct (#2105) * Automatically run psltool validate (#2151) * Add v0.build and vusercontent.net (#2121) * Cleanup (#2150) * chore: remove 6 domains from Now-DNS section (#2113) * Remove old Jelastic domains (from #1095) (#2148) * Add `ctfcloud.net` domain (#2073) * remove `mc.eu.org` (#2099) * Add gob.cu nat.cu (#1695) (#2143) * remove `dapps.earth` section (#2124) * Remove `autocode.dev` (Rollback #1617) (#2141) * remove `magnet.page` (#2142) * Apply formatting using `psltool fmt` (#2140) * Minor formatting fix (#2139) * Add psltool fmt check for PRs (#2137) * Replace Legacy Wikipedia URLs with IANA Page Links in ICANN Section Comments (#2135) (#2138) * UPDATE HOSTBIP DOMAIN NAMES (2024) +biz.ng +plc.ng -edu.scot -sch.so (#2127) * Adding oraclecloudapps.com from Oracle Autonomous Database (#2130) * Remove flap.id (#2132) * Remove discontinued CentralNic entries (#2136) * Apply formatting using `psltool fmt` (#2134) * Add new action to manually run formatter (#2133) * add `nyat.app` (#2122) * Remove `publishproxy.com` (#294) (#2131) * Update public_suffix_list.dat (#2128) * Remove `fireweb.app` (#2129) * Update contact information for `nyc.mn` (#2125) * Fix syntax inconsistency (#2126) * add `preview.wdh.app` and `t.hrsn.net` (#2119) * Move Domains Under OpenHost (#2115) * util: gTLD data autopull updates for 2024-08-25T15:14:38 UTC (#2111) * remove `bip.sh` (#2063) * Add routingthecloud.com/.net/.org (#2107) * remove Revitalised Limited section (#2101) * chore: update contact info + revert wildcard change for `wdh.app` (#2108) * remove `blogsite.xyz` (#2098) * Add additional readthedocs domain: readthedocs-hosted.com (#2110) * Add MathWorks domains (#1983) * remove localzone.xyz (#2104) * add `is-a-good.dev` (#2095) * util: gTLD data autopull updates for 2024-08-12T15:17:08 UTC (#2103) * merge `wdh.app` entries together using wildcard (#2094) * add `is-a-fullstack.dev` under Open Domains (#2096) * Fix newline handling of automatic ICANN updater (#2093) * util: gTLD data autopull updates for 2024-08-10T15:15:39 UTC (#2097) * Add IONOS product domains (#2083) * add ggff.net and filegear-sg.me from l53.net (#2085) * add `wdh.app` (#2067) * add libp2p.direct (#2084) * add sn.mynetname.net domain (#2090) * Update public_suffix_list.dat (#2076) * Run 'psltool fmt' to reformat PSL to canonical form (#2088) * tools/psltool: support for analyzing a github PR (#2087) * tools/internal/parser: add more offline, diff-aware validations (#2089) * Add `mafelo.net` (#2082) * remove `devcdnaccesso.com` (#2065) * remove `t3l3p0rt.net` and `tele.amune.org` (#2066) * remove `bitbridge.net` (#2064) * remove static.land from public_suffix_list.dat (#2081) * Remove wedeploy domains (#2077) * update for .PK ccTLD (#2068) * Remove `awsmppl.com` (expired domain) (#2070) * update contact email for `is-a.dev` (#2074) * remove old domains (#2058) * Update README.md * remove cloudcontrol.com (#2072) * tools/internal/parser: add diff support (#2071) * remove`graphox.us` (#2062) * Remove `pagefrontapp.com` (expired domain) (#2059) * tools/psltool: CLI for editing and validating PSL files (#2069) * Remove `mozilla-iot.org` (#2050) * Remove Shift Crypto AG (#2055) * Remove `backplaneapp.io` to rollback #267 (expired domain) (#2060) * remove `pcloud.host` (#2052) * Remove `mintere.site` to rollback #993 (#2056) * remove `cya.gg` (#2053) * remove `nid.io` (#2054) * remove Cyclic Software section (#2051) * Remove `onflashdrive.app` (related to #1401) (#2048) * Remove impertrix domains to rollback #1060 (#2047) * Remove filegear regional domains (#2049) * remove `c.la` (#2044) - Update to version 20240722: * PSL Private Section Domains WHOIS Checker (#2014) * Add servebolt.cloud to PLS (#2026) * Add `p.tawk.email` and `p.tawkto.email` domains (#2016) * Remove domain no longer under Supabase control. (#2037) * tools/internal/parser: implement automatic reformatting (#2036) * util: gTLD data autopull updates for 2024-07-12T15:14:39 UTC (#2034) * Add dhosting.pl Sp. z o.o. shared domains: dfirma.pl, dkonto.pl, you2.pl (#2024) * tools/internal/parser: rework metadata extraction for more accurate reformatting (#2027) * AWS Submissions to the Public Suffix List - Q2 2024 (#1954) * aero: remove extra word between TLD name and URL (#2029) * tools/internal/parser: rewrite parser to output a syntax tree (#2025) * Add removal notice to PR template (#2023) * remove Rakuten Games, Inc related entries (#2022) * add `hatenablog.com` etc (#1948) * Add cyber_Folks S.A. shared domain - cfolks.pl (#2017) * tools/internal/parser: minor parser cleanups (#2021) * Add Craft Docs Domain (#2006) * util: gTLD data autopull updates for 2024-06-29T15:13:33 UTC (#2020) * Merge WebPros domains in the same section (#2013) * Add `durumis.com` (#1978) * tools/internal/parser: validate the sort order of the private section (#2012) * Update comments on aland.fi (#2019) * Remove instantcloud.cn (#2015) * tools/internal/parser: detect and report section markers within suffix blocks (#2011) * tools/internal/parser: remove workarounds for fixed PSL blocks (#2010) * Add Raidboxes GmbH to the list (#2004) * Add missing URL schemes to URLs (#2008) * Add closing chevron to contact email address. (#2007) * tool/internal/parser: sanitize input to clean, valid UTF-8 (#2005) * Add `obl.ong` (#1830) * Salesforce crm dev (#1941) * Add wpsquared.site and wp2.host to private section (#1957) (#1957) * Add netfy.app (#1991) * Remove expired domains: `ro.im`, `cn.vu` (#2003) * tools/internal/parser: refactor to separate text processing from parser main logic (#1999) * Replace unicode fullwidth colon with a regular ascii colon. (#2001) * Add missing spaces after '//' on prequalifyme.today block (#2000) * Add `as.sh.cn` (#1992) * tools: add a validating parser for PSL files (#1987) * Clarify request to list third-party limits in PR template * util: gTLD data autopull updates for 2024-06-13T15:15:16 UTC (#1994) * Reattach of.by to the Belarus ccTLD block (#1995) * add madethis.site (#1979) * mytuleap.com, tuleap-partners.com: update contact information (#1845) * Add Strapi domains (#1982) * Add relay.evervault.app and relay.evervault.dev (#1959) * add .ind.mom (#1984) * Add 6 new domains to Lukanet Ltd Private domains (#1977) * Add heiyu.space (#1980) - Update to version 20240603: * Add Cloudflare CNAME setup domains (#1963) * util: gTLD data autopull updates for 2024-05-31T15:16:08 UTC (#1988) * Add `hypernode.io` domain (#1970) * Add `wixstudio.com` (#1971) * Fix set union (#1986) * Bump dnspython from 2.5.0 to 2.6.1 in /tools/pr_checker (#1985) * Add Github workflow to check _psl DNS entries on PRs (#1933) * Clean up list to fix rule sorting within orgs (#1968) - Update to version 20240513: * Add Expo domains (#1975) * Add `*.hosted.app` (#1947) * Add Clever Cloud's domains for customers (#1974) * Add web.val.run and express.val.run to PSL (#1964) * add notion site to etld (#1958) * Add `box.ca` (Whatbox) (#1950) * Add observablehq.cloud (#1934) * Add "zeabur.app" (#1865) * Add `sheezy.games` (#1945) * util: gTLD data autopull updates for 2024-05-04T15:12:50 UTC (#1973) * Create a Security Policy (#1856) * Add examples of limitations to PR template (#1929) * Update `prvcy.page` (#1859) * Remove Lightmaker Property Manager, Inc. domain (#1820) * Adding regional domain bielsko.pl (#1749) * add xmit.dev (#1972) * Remove `ghost.io` (#1969) * Add aaa.vodka (#1795) * Add ngo.us for the NGO.US Registry (#1821) * AWS Submissions to the Public Suffix List - Q1 2024 (#1919) * Add shop.brendly.hr (#1762) - Update to version 20240419: * add qnap entries to existing section (`myqnapcloud.cn` , `mycloudnas.com`, `mynascloud.com`) (#1837) * Update public_suffix_list.dat (#1966) * drop old domains (#1960) * Jouwweb public suffixes (#1935) * Add `us.kg` (#1755) * Replacement for PR #1741 (#1962) * Add `rt.ht` (#1860) * Add cloudscale.ch domains (#1589) - Update to version 20240410: * Removing `ravendb.me` (#1841) * Updating psl: Adding myfritz.link (follow up PR#77) (#1761) * Add `framer.ai` (#1831) * chore: add `is-a.dev` (#1949) * Add StackBlitz (#1939) * Add `unison-services.cloud` (#1839) * Add `is-cool.dev`, `is-local.org`, `is-not-a.dev` and `localplayer.dev` (#1672) * Add grayjayleagues.com (#1742) * Add `runcontainers.dev` for Libre IT Ltd (#1783) * Add `heliohost.us`, `helioho.st`(#1825) * Remove `123sait.ru` (#1844) * Add MyDNS.JP Dynamic DNS Service (#1937) * add `scrypted.io` (#1826) * Add `darklang.io` (#1880) * Update `cloudns.net` dynamic dns domains listing (#1593) * Add wildcard to `snowflake.app` and `privatelink.snowflake.app` (#1743) * Add `preview.csb.app` and `csb.app` (#1648) * Add `nimsite.uk` (#1797) * add getlocalcert.net domains (#1798) * Add wadl.top (#1924) * ADD: `can.re` (#1651) * Add cdn77-storage.com and rsc.contentproxy9.cz (#1882) * add `srv.us`, `xmit.co` * Add at.emf.camp (#1955) * util: gTLD data autopull updates for 2024-03-28T15:13:37 UTC (#1952) - Update to version 20240326: * Add `*.ir.md` (#1625) * Update name for info.cx (#1616) * add `nftstorage.link` (#1548) * GD - graphic.design (#1940) * Removing wildcard for cloudapp.azure.com (#1944) - Update to version 20240306: * util: gTLD data autopull updates for 2024-03-06T15:14:58 UTC (#1943) - Update to version 20240303: * add `*.my.canvasite.cn` and `*.my.canva.site` (#1739) * Add on.crisp.email (Crisp IM SAS) (#1904) * add `ngrok.pro` (#1895) * Add adaptable.app domain (#1824) * Add STACKIT free customer subdomains (#1785) * Add `modx.dev` (#1804) * Add `ewp.live` (EasyWP) (#1773) * Add convex.site (#1767) * Add `involve.me` user domains (#1731) * Add `replit.app` and `replit.dev` (#1679) * Add f5.si (#1664) * Add *.c.ts.net. (#1618) * Add `webflow.io` and `webflowtest.io` (#1722) * Add 3 Streak domains (#1720) * add myradweb.net and servername.us to Rad Web Hosting (#1760) - Update to version 20240212: * Add cprapid.com suffix to private section (#1892) * util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932) * Added Cyclic Software (#1737) * Update public_suffix_list.dat for scw.cloud subdomains (#1740) * Update public_suffix_list.dat (#1926) * Add ZAP-Hosting cloud domain (#1907) * Add `flutterflow.app` (#1666) * Update public_suffix_list.dat (#1614) * Brave Submissions to the Public Suffix List - Q4 2023 (#1872) * Add pley.games (#1881) * Add panel.dev (#1916) * add 12CHARS to private domains (#1915) * Azure updates for Microsoft Corporate Domains (#1891) * Remove blog.kg from private section (#1840) * AWS Submissions to the Public Suffix List - Q4 2023 (#1876) * Homebase requested the addition of id.pub kin.one kin.pub (#1768) * Replace run.app and a.run.app with *.run.app (#1928) * Add pages.gay (#1920) * Update Platform.sh domains (#1792) * fix(adobe): add aem.live and aem.page domains (#1874) * Update code builder domains with the canary (#1802) * Add atmeta.com to PSL and consolidate Meta entries (#1736) * util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923) - Update to version 20240123: * util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921) - Update to version 20240107: * Remove homeoffice.gov.uk (#1909) * util: gTLD data autopull updates for 2024-01-06T15:12:04 UTC (#1918) - Update to version 20231213: * util: gTLD data autopull updates for 2023-12-12T15:13:54 UTC (#1910) * util: gTLD data autopull updates for 2023-12-06T15:14:08 UTC (#1908) * Place -v after -C in github actions workflows (#1906) * Introduce Go Modules to tooling (#1901) * util: gTLD data autopull updates for 2023-11-21T15:13:46 UTC (#1902) * Handle EBEROs: Use DelegationDate alongside ContractTerminated (#1894) * util: gTLD data autopull updates for 2023-11-18T15:11:52 UTC (#1898) - Update to version 20231108: * Update public_suffix_list.dat (#1848) * util: gTLD data autopull updates for 2023-11-03T15:13:18 UTC (#1887) * Add `torun.pl` (#1684) - Update to version 20231028: * util: gTLD data autopull updates for 2023-10-28 * AWS Submissions to the Public Suffix List - Q3 2023 * Add <4-8>.azurestaticapps.net DNS suffix - Update to version 20230930: * util: gTLD data autopull updates for 2023-09-30T15:11:25 UTC * Update .fr list, move some subspaces to PRIVATE section listing of smallregistry.net * Remove k12.de.us * Add wix.run - Update to version 20230826: * util: gTLD data autopull updates for 2023-08-26T15:11:07 UTC (#1835) * util: gTLD data autopull updates for 2023-08-23T15:12:41 UTC (#1832) * Update tld-update.yml (#1827) * util: gTLD data autopull updates for 2023-08-12T15:10:57 UTC (#1829) * util: gTLD data autopull updates for 2023-08-09T15:14:39 UTC (#1828) * tools: include IANA TLD URL in new gtld updates. (#1817) * util: gTLD data autopull updates for 2023-08-05T15:11:19 UTC (#1822) * Update tld-update.yml to automatically add labels when autopull catches deltas and generates PR (#1815) * ci: update test workflow triggers to include PRs. (#1818) * util: gTLD data autopull updates for 2023-08-02T15:11:59 UTC (#1816) * unbroke URL assembly * Add IANA DB URL instead of blanking out contract date * tools: skip contract date rendering, small CI fixups. (#1812) * util: gTLD data autopull updates for 2023-07-28T15:13:22 UTC (#1805) - Update to version 20230717: * Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598) * Add storipress.app (#1583) - Update to version 20230709: * util: gTLD data autopull updates for 2023-07-08T15:13:17 UTC (#1796) * util: gTLD data autopull updates for 2023-07-01T15:13:05 UTC (#1791) * AWS Submissions to the Public Suffix List - Q1 2023 (#1600) - Update to version 20230616: * Add 63 geographical domains for .vn ccTLD (#1776) * util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778) * util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777) - Update to version 20230613: * Add `{id,io,ai}.vn` for .vn ccTLD in ICANN Section (#1771) * util: gTLD data autopull updates for 2023-06-10T15:11:56 UTC (#1774) publicsuffix-20241202-150000.3.18.2.noarch.rpm publicsuffix-20241202-150000.3.18.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4259 Recommended update for go1.23 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.23 fixes the following issues: - go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. (bsc#1229122) * go#70644 crypto/rsa: new key generation prohibitively slow under race detector * go#70645 proposal: go/types: add Scope.Node convenience getter * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 * go#70654 cmd/go: Incorrect output from go list * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes * go#70658 x/net/http2: stuck extended CONNECT requests * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-mips * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header * go#70665 x/tools/gopls: refactor.extract.variable fails at package level * go#70666 x/tools/gopls: panic in GetIfaceStubInfo * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates * go#70668 proposal: x/mobile: better support for unrecovered panics * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 * go#70677 all: remote file server I/O flakiness with "Bad fid" errors on plan9 * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link go1.23-1.23.4-150000.1.15.1.src.rpm go1.23-1.23.4-150000.1.15.1.x86_64.rpm go1.23-doc-1.23.4-150000.1.15.1.x86_64.rpm go1.23-race-1.23.4-150000.1.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4260 Recommended update for go1.22 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.22 fixes the following issues: - go1.22.10 (released 2024-12-03) includes fixes to the runtime and the syscall package. (bsc#1218424) * go#70201 syscall: SyscallN always escapes the variadic argument * go#70238 time: TestLoadFixed failures * go#70474 sync/atomic: TestNilDeref flaky failure on windows-386 with runtime fatal error go1.22-1.22.10-150000.1.36.1.src.rpm go1.22-1.22.10-150000.1.36.1.x86_64.rpm go1.22-doc-1.22.10-150000.1.36.1.x86_64.rpm go1.22-race-1.22.10-150000.1.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4352 Security update for libsoup important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) Other fixes: - websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - fix an intermittent test failure (glgo#GNOME/soup#399). - Increase test timeout on s390x. The http2-body-stream test can be slow and sometimes times out in our builds. libsoup-3.0.4-150400.3.3.1.src.rpm libsoup-3_0-0-3.0.4-150400.3.3.1.x86_64.rpm libsoup-devel-3.0.4-150400.3.3.1.x86_64.rpm libsoup-lang-3.0.4-150400.3.3.1.noarch.rpm typelib-1_0-Soup-3_0-3.0.4-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4381 Recommended update for net-snmp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for net-snmp fixes the following issues: - Ensure logrotate reloads the configuration instead of restarting the service to prevent downtime (bsc#1232030) libsnmp40-5.9.4-150300.15.14.1.x86_64.rpm net-snmp-5.9.4-150300.15.14.1.src.rpm net-snmp-5.9.4-150300.15.14.1.x86_64.rpm net-snmp-devel-5.9.4-150300.15.14.1.x86_64.rpm perl-SNMP-5.9.4-150300.15.14.1.x86_64.rpm snmp-mibs-5.9.4-150300.15.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-210 Recommended update for python311 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - Updated to version 3.11.11 - Remove -IVendor/ from python-config (bsc#1231795) libpython3_11-1_0-3.11.11-150400.9.41.2.x86_64.rpm python311-3.11.11-150400.9.41.3.src.rpm python311-3.11.11-150400.9.41.3.x86_64.rpm python311-base-3.11.11-150400.9.41.2.x86_64.rpm python311-core-3.11.11-150400.9.41.2.src.rpm python311-curses-3.11.11-150400.9.41.3.x86_64.rpm python311-dbm-3.11.11-150400.9.41.3.x86_64.rpm python311-devel-3.11.11-150400.9.41.2.x86_64.rpm python311-doc-3.11.11-150400.9.41.2.x86_64.rpm python311-doc-devhelp-3.11.11-150400.9.41.2.x86_64.rpm python311-documentation-3.11.11-150400.9.41.2.src.rpm python311-idle-3.11.11-150400.9.41.3.x86_64.rpm python311-tk-3.11.11-150400.9.41.3.x86_64.rpm python311-tools-3.11.11-150400.9.41.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4349 Security update for libsoup2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) libsoup-2_4-1-2.74.2-150400.3.3.1.x86_64.rpm libsoup2-2.74.2-150400.3.3.1.src.rpm libsoup2-devel-2.74.2-150400.3.3.1.x86_64.rpm libsoup2-lang-2.74.2-150400.3.3.1.noarch.rpm typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4340 Recommended update for libzypp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp fixes the following issues: NOTE: This update was retracted because it broke functionality of the new CDN. - Url query part: `=` is a safe char in value (bsc#1234304) - RpmDb: Recognize rpmdb.sqlite as database file - cmake: check location of fcgi header and adjust include accordingly. On Debian and derivatives the fcgi headers are not stored in a fastcgi/ subdirectory libzypp-17.35.15-150400.3.101.1.src.rpm True libzypp-17.35.15-150400.3.101.1.x86_64.rpm True libzypp-devel-17.35.15-150400.3.101.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-96 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 (bsc#1234851): Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption - CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption Other fixes: - Fix the build with GBM and release logs disabled. - Fix several crashes and rendering issues. - Improve memory consumption and performance of Canvas getImageData. - Fix preserve-3D intersection rendering. - Fix video dimensions since GStreamer 1.24.9. - Fix the HTTP-based remote Web Inspector not loading in Chromium. - Fix content filters not working on about:blank iframes. - Fix several crashes and rendering issues. WebKitGTK-4.0-lang-2.46.5-150400.4.103.1.noarch.rpm WebKitGTK-4.1-lang-2.46.5-150400.4.103.1.noarch.rpm WebKitGTK-6.0-lang-2.46.5-150400.4.103.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.46.5-150400.4.103.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.46.5-150400.4.103.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.46.5-150400.4.103.1.x86_64.rpm libwebkit2gtk-4_0-37-2.46.5-150400.4.103.1.x86_64.rpm libwebkit2gtk-4_1-0-2.46.5-150400.4.103.1.x86_64.rpm libwebkitgtk-6_0-4-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.46.5-150400.4.103.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.46.5-150400.4.103.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.46.5-150400.4.103.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.46.5-150400.4.103.1.x86_64.rpm webkit2gtk3-2.46.5-150400.4.103.1.src.rpm webkit2gtk3-devel-2.46.5-150400.4.103.1.x86_64.rpm webkit2gtk3-soup2-2.46.5-150400.4.103.1.src.rpm webkit2gtk3-soup2-devel-2.46.5-150400.4.103.1.x86_64.rpm webkit2gtk4-2.46.5-150400.4.103.1.src.rpm webkitgtk-6_0-injected-bundles-2.46.5-150400.4.103.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4346 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808). - CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220). - CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187). - CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070). - CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293). - CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479). - CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490). - CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491). - CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555). - CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557). - CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561). The following non-security bugs were fixed: - Update config files (bsc#1218644). - Update config files. Enabled IDPF for ARM64 (bsc#1221309) - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) kernel-default-5.14.21-150400.24.144.1.nosrc.rpm True kernel-default-5.14.21-150400.24.144.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.144.1.150400.24.70.1.src.rpm True kernel-default-base-5.14.21-150400.24.144.1.150400.24.70.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.144.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.144.1.noarch.rpm True kernel-docs-5.14.21-150400.24.144.1.noarch.rpm True kernel-docs-5.14.21-150400.24.144.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.144.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.144.1.src.rpm True kernel-obs-build-5.14.21-150400.24.144.1.x86_64.rpm True kernel-source-5.14.21-150400.24.144.1.noarch.rpm True kernel-source-5.14.21-150400.24.144.1.src.rpm True kernel-syms-5.14.21-150400.24.144.1.src.rpm True kernel-syms-5.14.21-150400.24.144.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.144.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-76 Recommended update for containerd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: containerd was updated from version 1.7.21 to 1.7.23: - Changes in version 1.7.23: * Highlights: + Added error definition aliases + Allow proxy plugins to have capabilities + Revert a previous errdefs package migration * Container Runtime Interface (CRI): + Added check for CNI plugins before tearing down pod network * Image Distribution: + Fixed the race condition during GC of snapshots when client retries * Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23 - Changes in version 1.7.22: * Highlights: + Build and Release Toolchain + Updated Go (go1.22.7 and go1.23.1) * Container Runtime Interface (CRI): + Added a fix for decreasing cumulative stats * Runtime: + Fixed bug where init exits were being dropped + Update runc binary to 1.1.14 * Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22 containerd-1.7.23-150000.120.1.src.rpm containerd-1.7.23-150000.120.1.x86_64.rpm containerd-ctr-1.7.23-150000.120.1.x86_64.rpm containerd-devel-1.7.23-150000.120.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4332 Recommended update for go1.23-openssl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.23-openssl fixes the following issues: - Write three digit version to file VERSION which sets go env GOVERSION. Fixes bsc#1233306. * Go toolchain file VERSION sets the immutable value for go env GOVERSION * go1.x-openssl toolchains have used a bespoke fourth digit to represent the upstream patch set release number, e.g. go1.22.9-1-openssl-fips. This digit has not been needed. * Some Go applications including helm break when this fourth digit is present in VERSION, with error: go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local) * Keep the fourth digit in the packaging for now, it will be dropped in the next toolchain version update. go1.23-openssl-1.23.2.2-150000.1.6.1.src.rpm go1.23-openssl-1.23.2.2-150000.1.6.1.x86_64.rpm go1.23-openssl-doc-1.23.2.2-150000.1.6.1.x86_64.rpm go1.23-openssl-race-1.23.2.2-150000.1.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4325 Recommended update for go1.22-openssl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.22-openssl fixes the following issues: - Write three digit version to file VERSION which sets go env GOVERSION. Fixes bsc#1233306. * Go toolchain file VERSION sets the immutable value for go env GOVERSION * go1.x-openssl toolchains have used a bespoke fourth digit to represent the upstream patch set release number, e.g. go1.22.9-1-openssl-fips. This digit has not been needed. * Some Go applications including helm break when this fourth digit is present in VERSION, with error: go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local) * Keep the fourth digit in the packaging for now, it will be dropped in the next toolchain version update. go1.22-openssl-1.22.9.1-150000.1.9.1.src.rpm go1.22-openssl-1.22.9.1-150000.1.9.1.x86_64.rpm go1.22-openssl-doc-1.22.9.1-150000.1.9.1.x86_64.rpm go1.22-openssl-race-1.22.9.1-150000.1.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4327 Security update for python-aiohttp important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726). python-aiohttp-3.9.3-150400.10.30.1.src.rpm python311-aiohttp-3.9.3-150400.10.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4415 Recommended update for binutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for binutils fixes the following issues: Update to current 2.43.1 branch [PED-10254, PED-10306]: * s390 - Add arch15 instructions * various fixes from upstream: PR32153, PR32171, PR32189, PR32196, PR32191, PR32109, PR32372, PR32387 binutils-2.43-150100.7.52.1.src.rpm binutils-2.43-150100.7.52.1.x86_64.rpm binutils-devel-2.43-150100.7.52.1.x86_64.rpm libctf-nobfd0-2.43-150100.7.52.1.x86_64.rpm libctf0-2.43-150100.7.52.1.x86_64.rpm binutils-devel-32bit-2.43-150100.7.52.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4391 Recommended update for docker-stable moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-stable-24.0.9_ce-150000.1.8.1.src.rpm docker-stable-24.0.9_ce-150000.1.8.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-122 Security update for rsync important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsync fixes the following issues: NOTE: This update was retracted as one of the fixes was broken. A new update will be issued. - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) rsync-3.2.3-150400.3.12.1.src.rpm rsync-3.2.3-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4392 Security update for emacs important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894) emacs-27.2-150400.3.20.2.src.rpm emacs-27.2-150400.3.20.2.x86_64.rpm emacs-el-27.2-150400.3.20.2.noarch.rpm emacs-info-27.2-150400.3.20.2.noarch.rpm emacs-nox-27.2-150400.3.20.2.x86_64.rpm emacs-x11-27.2-150400.3.20.2.x86_64.rpm etags-27.2-150400.3.20.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4414 Security update for gdb moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdb fixes the following issues: Mention changes in GDB 14: * GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which includes a new 512 bit lookup table register named ZT0. * GDB now supports the AArch64 Scalable Matrix Extension (SME), which includes a new matrix register named ZA, a new thread register TPIDR2 and a new vector length register SVG (streaming vector granule). GDB also supports tracking ZA state across signal frames. Some features are still under development or are dependent on ABI specs that are still in alpha stage. For example, manual function calls with ZA state don't have any special handling, and tracking of SVG changes based on DWARF information is still not implemented, but there are plans to do so in the future. * GDB now recognizes the NO_COLOR environment variable and disables styling according to the spec. See https://no-color.org/. Styling can be re-enabled with "set style enabled on". * The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string. * GDB now has some support for integer types larger than 64 bits. * Multi-target feature configuration. GDB now supports the individual configuration of remote targets' feature sets. Based on the current selection of a target, the commands 'set remote <name>-packet (on|off|auto)' and 'show remote <name>-packet' can be used to configure a target's feature packet and to display its configuration, respectively. * GDB has initial built-in support for the Debugger Adapter Protocol. * For the break command, multiple uses of the 'thread' or 'task' keywords will now give an error instead of just using the thread or task id from the last instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an error rather than using 'thread 2'. * For the watch command, multiple uses of the 'task' keyword will now give an error instead of just using the task id from the last instance of the keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than using 'task 2'. The 'thread' keyword already gave an error when used multiple times with the watch command, this remains unchanged. * The 'set print elements' setting now helps when printing large arrays. If an array would otherwise exceed max-value-size, but 'print elements' is set such that the size of elements to print is less than or equal to 'max-value-size', GDB will now still print the array, however only 'max-value-size' worth of data will be added into the value history. * For both the break and watch commands, it is now invalid to use both the 'thread' and 'task' keywords within the same command. For example the following commnds will now give an error: break foo thread 1 task 1 watch var thread 2 task 3 * The printf command now accepts a '%V' output format which will format an expression just as the 'print' command would. Print options can be placed withing '[...]' after the '%V' to modify how the value is printed. E.g: printf "%V", some_array printf "%V[-array-indexes on]", some_array will print the array without, or with array indexes included, just as the array would be printed by the 'print' command. This functionality is also available for dprintf when dprintf-style is 'gdb'. * When the printf command requires a string to be fetched from the inferior, GDB now uses the existing 'max-value-size' setting to the limit the memory allocated within GDB. The default 'max-value-size' is 64k. To print longer strings you should increase 'max-value-size'. * The Ada 2022 Enum_Rep and Enum_Val attributes are now supported. * The Ada 2022 target name symbol ('@') is now supported by the Ada expression parser. * The 'list' command now accepts '.' as an argument, which tells GDB to print the location around the point of execution within the current frame. If the inferior hasn't started yet, the command will print around the beginning of the 'main' function. * Using the 'list' command with no arguments in a situation where the command would attempt to list past the end of the file now warns the user that the end of file has been reached, refers the user to the newly added '.' argument * Breakpoints can now be inferior-specific. This is similar to the existing thread-specific breakpoint support. Breakpoint conditions can include the 'inferior' keyword followed by an inferior id (as displayed in the 'info inferiors' output). It is invalid to use the 'inferior' keyword with either the 'thread' or 'task' keywords when creating a breakpoint. * New convenience function "$_shell", to execute a shell command and return the result. This lets you run shell commands in expressions. Some examples: (gdb) p $_shell("true") $1 = 0 (gdb) p $_shell("false") $2 = 1 (gdb) break func if $_shell("some command") == 0 * New commands: * set debug breakpoint on|off show debug breakpoint Print additional debug messages about breakpoint insertion and removal. * maintenance print record-instruction [ N ] Print the recorded information for a given instruction. If N is not given prints how GDB would undo the last instruction executed. If N is negative, prints how GDB would undo the N-th previous instruction, and if N is positive, it prints how GDB will redo the N-th following instruction. * maintenance info frame-unwinders List the frame unwinders currently in effect, starting with the highest priority. * maintenance wait-for-index-cache Wait until all pending writes to the index cache have completed. * set always-read-ctf on|off show always-read-ctf When off, CTF is only read if DWARF is not present. When on, CTF is read regardless of whether DWARF is present. Off by default. * info main Get main symbol to identify entry point into program. * set tui mouse-events [on|off] show tui mouse-events When on (default), mouse clicks control the TUI and can be accessed by Python extensions. When off, mouse clicks are handled by the terminal, enabling terminal-native text selection. * MI changes: * MI version 1 has been removed. * mi now reports 'no-history' as a stop reason when hitting the end of the reverse execution history. * When creating a thread-specific breakpoint using the '-p' option, the -break-insert command would report the 'thread' field twice in the reply. The content of both fields was always identical. This has now been fixed; the 'thread' field will be reported just once for thread-specific breakpoints, or not at all for breakpoints without a thread restriction. The same is also true for the 'task' field of an Ada task-specific breakpoint. * It is no longer possible to create a thread-specific breakpoint for a thread that doesn't exist using '-break-insert -p ID'. Creating breakpoints for non-existent threads is not allowed when using the CLI, that the MI allowed it was a long standing bug, which has now been fixed. * The '--simple-values' argument to the '-stack-list-arguments','-stack-list-locals', '-stack-list-variables', and '-var-list-children' commands now takes reference types into account: that is, a value is now considered simple if it is neither an array, structure, or union, nor a reference to an array, structure, or union. (Previously all references were considered simple.) Support for this feature can be verified by using the '-list-features' command, which should contain "simple-values-ref-types". * The -break-insert command now accepts a '-g thread-group-id' option to allow for the creation of inferior-specific breakpoints. * The bkpt tuple, which appears in breakpoint-created notifications, and in the result of the -break-insert command can now include an optional 'inferior' field for both the main breakpoint, and each location, when the breakpoint is inferior-specific. * Python API: * gdb.ThreadExitedEvent added. Emits a ThreadEvent. * The gdb.unwinder.Unwinder.name attribute is now read-only. * The name argument passed to gdb.unwinder.Unwinder.__init__ must now be of type 'str' otherwise a TypeError will be raised. * The gdb.unwinder.Unwinder.enabled attribute can now only accept values of type 'bool'. Changing this attribute will now invalidate GDB's frame-cache, which means GDB will need to rebuild its frame-cache when next required - either with, or without the particular unwinder, depending on how 'enabled' was changed. * New methods added to the gdb.PendingFrame class. These methods have the same behaviour as the corresponding methods on gdb.Frame. The new methods are: * gdb.PendingFrame.name: Return the name for the frame's function, or None. * gdb.PendingFrame.is_valid: Return True if the pending frame object is valid. * gdb.PendingFrame.pc: Return the $pc register value for this frame. * gdb.PendingFrame.language: Return a string containing the language for this frame, or None. * gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line object for the current location within the pending frame, or None. * gdb.PendingFrame.block: Return a gdb.Block for the current pending frame, or None. * gdb.PendingFrame.function: Return a gdb.Symbol for the current pending frame, or None. * The frame-id passed to gdb.PendingFrame.create_unwind_info can now use either an integer or a gdb.Value object for each of its 'sp', 'pc', and 'special' attributes. * A new class gdb.unwinder.FrameId has been added. Instances of this class are constructed with 'sp' (stack-pointer) and 'pc' (program-counter) values, and can be used as the frame-id when calling gdb.PendingFrame.create_unwind_info. * It is now no longer possible to sub-class the gdb.disassembler.DisassemblerResult type. * The Disassembler API from the gdb.disassembler module has been extended to include styling support: * The DisassemblerResult class can now be initialized with a list of parts. Each part represents part of the disassembled instruction along with the associated style information. This list of parts can be accessed with the new DisassemblerResult.parts property. * New constants gdb.disassembler.STYLE_* representing all the different styles part of an instruction might have. * New methods DisassembleInfo.text_part and DisassembleInfo.address_part which are used to create the new styled parts of a disassembled instruction. * Changes are backwards compatible, the older API can still be used to disassemble instructions without styling. * New function gdb.execute_mi(COMMAND, [ARG]...), that invokes a GDB/MI command and returns the output as a Python dictionary. * New function gdb.block_signals(). This returns a context manager that blocks any signals that GDB needs to handle itself. * New class gdb.Thread. This is a subclass of threading.Thread that calls gdb.block_signals in its "start" method. * gdb.parse_and_eval now has a new "global_context" parameter. This can be used to request that the parse only examine global symbols. * gdb.Inferior now has a new "arguments" attribute. This holds the command-line arguments to the inferior, if known. * gdb.Inferior now has a new "main_name" attribute. This holds the name of the inferior's "main", if known. * gdb.Inferior now has new methods "clear_env", "set_env", and "unset_env". These can be used to modify the inferior's environment before it is started. * gdb.Value now has the 'assign' method. * gdb.Value now has the 'to_array' method. This converts an array-like Value to an array. * gdb.Progspace now has the new method "objfile_for_address". This returns the gdb.Objfile, if any, that covers a given address. * gdb.Breakpoint now has an "inferior" attribute. If the Breakpoint object is inferior specific then this attribute holds the inferior-id (an integer). If the Breakpoint object is not inferior specific, then this field contains None. This field can be written too. * gdb.Type now has the "is_array_like" and "is_string_like" methods. These reflect GDB's internal idea of whether a type might be array- or string-like, even if they do not have the corresponding type code. * gdb.ValuePrinter is a new class that can be used as the base class for the result of applying a pretty-printer. As a base class, it signals to gdb that the printer may implement new pretty-printer methods. * New attribute Progspace.symbol_file. This attribute holds the gdb.Objfile that corresponds to Progspace.filename (when Progspace.filename is not None), otherwise, this attribute is itself None. * New attribute Progspace.executable_filename. This attribute holds a string containing a file name set by the "exec-file" or "file" commands, or None if no executable file is set. This isn't the exact string passed by the user to these commands; the file name will have been partially resolved to an absolute file name. * A new executable_changed event registry is available. This event emits ExecutableChangedEvent objects, which have 'progspace' (a gdb.Progspace) and 'reload' (a Boolean) attributes. This event is emitted when gdb.Progspace.executable_filename changes. * New event registries gdb.events.new_progspace and gdb.events.free_progspace, these emit NewProgspaceEvent and FreeProgspaceEvent event types respectively. Both of these event types have a single 'progspace' attribute, which is the gdb.Progspace that is either being added to GDB, or removed from GDB. * gdb.LazyString now implements the __str__ method. * New method gdb.Frame.static_link that returns the outer frame of a nested function frame. gdb-14.2-150400.15.20.1.src.rpm gdb-14.2-150400.15.20.1.x86_64.rpm gdbserver-14.2-150400.15.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4404 Recommended update for libzypp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp fixes the following issues: - Url: queryparams without value should not have a trailing "=" libzypp-17.35.16-150400.3.105.1.src.rpm True libzypp-17.35.16-150400.3.105.1.x86_64.rpm True libzypp-devel-17.35.16-150400.3.105.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4434 Recommended update for rmt-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: * Fixed an issue where custom sync/mirror timer config was overwritten on package update * Fixed an issue where the column size for repository and file paths was too small (bsc#1229152) * suseconnect client user-agents are now forwarded to SCC * rmt-server-pubcloud: * Fixed an issue with LTSS product verification (bsc#1230154) * Fixed an issue with activations check when no product info is available (bsc#1230157) * Fixed an issue with Azure SCC connection (bsc#1233314) * Deny access of Azure Basic type images to LTSS * Fixed an issue where SLE Micro systems could not access SLES repositories (bsc#1230419) * Fixed an issue where system token rotation was not skipped in read-only APIs * Fixed an issue where RMT didn't handle the new dl.suse.com CDN domain (bsc#1234641) * Fixed an issue where RMT metadata was not correctly cleaned up after repo update (bsc#1233308) * Fixed an issue with packages that have a path longer 255 characters (bsc#1229152) rmt-server-2.20-150400.3.34.1.src.rpm rmt-server-2.20-150400.3.34.1.x86_64.rpm rmt-server-config-2.20-150400.3.34.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-6 Security update for python-Jinja2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Jinja2 fixes the following issues: - CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808) - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) python-Jinja2-3.1.2-150400.12.11.1.src.rpm python311-Jinja2-3.1.2-150400.12.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-29 Security update for python-Jinja2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Jinja2 fixes the following issues: - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) python-Jinja2-2.10.1-150000.3.18.1.src.rpm python3-Jinja2-2.10.1-150000.3.18.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-14 Recommended update for python3-Flask important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-Flask fixes the following issues: - Use alternatives for /usr/bin/flask to avoid conflict with python311-Flask package (bsc#1233954) python3-Flask-1.0.4-150400.10.1.noarch.rpm python3-Flask-1.0.4-150400.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-58 Security update for tomcat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application (bsc#1234664) + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435) - Catalina + Add: Add option to serve resources from subpath only with WebDAV Servlet like with DefaultServlet. (michaelo) + Fix: Add special handling for the protocols attribute of SSLHostConfig in storeconfig. (remm) + Fix: 69442: Fix case sensitive check on content-type when parsing request parameters. (remm) + Code: Refactor duplicate code for extracting media type and subtype from content-type into a single method. (markt) + Fix: Compatibility of generated embedded code with components where constructors or property related methods throw a checked exception. (remm) + Fix: The previous fix for inconsistent resource metadata during concurrent reads and writes was incomplete. (markt) + Fix: 69444: Ensure that the javax.servlet.error.message request attribute is set when an application defined error page is called. (markt) + Fix: Avoid quotes for numeric values in the JSON generated by the status servlet. (remm) + Add: Add strong ETag support for the WebDAV and default servlet, which can be enabled by using the useStrongETags init parameter with a value set to true. The ETag generated will be a SHA-1 checksum of the resource content. (remm) + Fix: Use client locale for directory listings. (remm) + Fix: 69439: Improve the handling of multiple Cache-Control headers in the ExpiresFilter. Based on pull request #777 by Chenjp. (markt) + Fix: 69447: Update the support for caching classes the web application class loader cannot find to take account of classes loaded from external repositories. Prior to this fix, these classes could be incorrectly marked as not found. (markt) + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by users will not be removed and any header present in a HEAD request will also be present in the equivalent GET request. There may be some headers, as per RFC 9110, section 9.3.2, that are present in a GET request that are not present in the equivalent HEAD request. (markt) + Fix: 69471: Log instances of CloseNowException caught by ApplicationDispatcher.invoke() at debug level rather than error level as they are very likely to have been caused by a client disconnection or similar I/O issue. (markt) + Add: Add a test case for the fix for 69442. Also refactor references to application/x-www-form-urlencoded. Based on pull request #779 by Chenjp. (markt) + Fix: 69476: Catch possible ISE when trying to report PUT failure in the DefaultServlet. (remm) + Add: Add support for RateLimit header fields for HTTP (draft) in the RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt) + Add: #787: Add regression tests for 69478. Pull request provided by Thomas Krisch. (markt) + Fix: The default servlet now rejects HTTP range requests when two or more of the requested ranges overlap. Based on pull request #782 provided by Chenjp. (markt) + Fix: Enhance Content-Range verification for partial PUT requests handled by the default servlet. Provided by Chenjp in pull request #778. (markt) + Fix: Harmonize DataSourceStore lookup in the global resources to optionally avoid the comp/env prefix which is usually not used there. (remm) + Fix: As required by RFC 9110, the HTTP Range header will now only be processed for GET requests. Based on pull request #790 provided by Chenjp. (markt) + Fix: Deprecate the useAcceptRanges initialisation parameter for the default servlet. It will be removed in Tomcat 12 onwards where it will effectively be hard coded to true. (markt) + Add: Add DataSource based property storage for the WebdavServlet. (remm) - Coyote + Fix: Align encodedSolidusHandling with the Servlet specification. If the pass-through mode is used, any %25 sequences will now also be passed through to avoid errors and/or corruption when the application decodes the path. (markt) - Jasper + Fix: Further optimise EL evaluation of method parameters. Patch provided by Paolo B. (markt) + Fix: Follow-up to the fix for 69381. Apply the optimisation for method lookup performance in expression language to an additional location. (markt) - Web applications + Fix: Documentation. Remove references to the ResourceParams element. Support for ResourceParams was removed in Tomcat 5.5.x. (markt) + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter. The attribute is internalProxies rather than allowedInternalProxies. Pull request #786 (markt) + Fix: Examples. Fix broken links when Servlet Request Info example is called via a URL that includes a pathInfo component. (markt) + Fix: Examples. Expand the obfuscation of session cookie values in the request header example to JSON responses. (markt) + Add: Examples. Add the ability to delete session attributes in the servlet session example. (markt) + Add: Examples. Add a hard coded limit of 10 attributes per session for the servlet session example. (markt) + Add: Examples. Add the ability to delete session attributes and add a hard coded limit of 10 attributes per session for the JSP form authentication example. (markt) + Add: Examples. Limit the shopping cart example to only allow adding the pre-defined items to the cart. (markt) + Fix: Examples. Remove JSP calendar example. (markt) - Other + Fix: 69465: Fix warnings during native image compilation using the Tomcat embedded JARs. (markt) + Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt) + Update: Update EasyMock to 5.5.0. (markt) + Update: Update Checkstyle to 10.20.2. (markt) + Update: Update BND to 7.1.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Korean translations. (markt) + Add: Improvements to Chinese translations. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) tomcat-9.0.98-150200.74.1.noarch.rpm tomcat-9.0.98-150200.74.1.src.rpm tomcat-admin-webapps-9.0.98-150200.74.1.noarch.rpm tomcat-el-3_0-api-9.0.98-150200.74.1.noarch.rpm tomcat-jsp-2_3-api-9.0.98-150200.74.1.noarch.rpm tomcat-lib-9.0.98-150200.74.1.noarch.rpm tomcat-servlet-4_0-api-9.0.98-150200.74.1.noarch.rpm tomcat-webapps-9.0.98-150200.74.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-59 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.6.0 ESR * Fixed: Various security fixes. MFSA 2025-02 (bsc#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 - Firefox Extended Support Release 128.5.2 ESR * Fixed: Fixed a crash experienced by Windows users with Qihoo 360 Total Security Antivirus software installed (bmo#1934258) MozillaFirefox-128.6.0-150200.152.167.1.src.rpm MozillaFirefox-128.6.0-150200.152.167.1.x86_64.rpm MozillaFirefox-devel-128.6.0-150200.152.167.1.noarch.rpm MozillaFirefox-translations-common-128.6.0-150200.152.167.1.x86_64.rpm MozillaFirefox-translations-other-128.6.0-150200.152.167.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-71 Security update for dnsmasq important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dnsmasq fixes the following issues: - Version update to 2.90: - CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823) - CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826) - CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358) dnsmasq-2.90-150400.16.3.1.src.rpm dnsmasq-2.90-150400.16.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-68 Recommended update for scap-security-guide moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: - replace two date injections by SOURCE_DATE_EPOCH to make reproducible. (bsc#1230361) - updated to 0.1.75 (jsc#ECO-3319) - Add new product kylinserver10 - Create OL10 product - Update PCI-DSS control file for version 4.0.1 - Add Ism profile for ol8, ol9 - Release SLMicro5 product - Various updates for SLE 12/15 scap-security-guide-0.1.75-150000.1.89.1.noarch.rpm scap-security-guide-0.1.75-150000.1.89.1.src.rpm scap-security-guide-debian-0.1.75-150000.1.89.1.noarch.rpm scap-security-guide-redhat-0.1.75-150000.1.89.1.noarch.rpm scap-security-guide-ubuntu-0.1.75-150000.1.89.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-69 Security update for gstreamer-plugins-base important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415) - CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450) - CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453) - CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456) - CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459) - CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460) - CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455) gstreamer-plugins-base-1.20.1-150400.3.11.1.src.rpm gstreamer-plugins-base-1.20.1-150400.3.11.1.x86_64.rpm gstreamer-plugins-base-devel-1.20.1-150400.3.11.1.x86_64.rpm gstreamer-plugins-base-lang-1.20.1-150400.3.11.1.noarch.rpm libgstallocators-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstapp-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstaudio-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstfft-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstgl-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstpbutils-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstriff-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstrtp-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstrtsp-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstsdp-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgsttag-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm libgstvideo-1_0-0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1.x86_64.rpm typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-67 Security update for gstreamer-plugins-good important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-good fixes the following issues: - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421) - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414) - CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a. (boo#1234417) - CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462) - CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473) - CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476) - CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading to out-of-bounds read. (boo#1234477) - CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424) - CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425) - CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read. (boo#1234426) - CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427) - CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428) - CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432) - CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433) - CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449) - CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449) - CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447) - CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446) - CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434) - CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435) - CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436) - CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439) - CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440) gstreamer-plugins-good-1.20.1-150400.3.9.1.src.rpm gstreamer-plugins-good-1.20.1-150400.3.9.1.x86_64.rpm gstreamer-plugins-good-lang-1.20.1-150400.3.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-70 Security update for gstreamer important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer fixes the following issues: - CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449) gstreamer-1.20.1-150400.3.3.1.src.rpm gstreamer-1.20.1-150400.3.3.1.x86_64.rpm gstreamer-devel-1.20.1-150400.3.3.1.x86_64.rpm gstreamer-lang-1.20.1-150400.3.3.1.noarch.rpm gstreamer-utils-1.20.1-150400.3.3.1.x86_64.rpm libgstreamer-1_0-0-1.20.1-150400.3.3.1.x86_64.rpm typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-162 Security update for redis important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for redis fixes the following issues: - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. (bsc#1235387) redis-6.2.6-150400.3.31.1.src.rpm redis-6.2.6-150400.3.31.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-148 Recommended update for cryptsetup moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cryptsetup fixes the following issue: - luksFormat succeeds despite creating corrupt device (bsc#1234273). * Add a better warning if luksFormat ends with image without any space for data. * Print warning early if LUKS container is too small for activation. cryptsetup-2.4.3-150400.3.6.2.src.rpm cryptsetup-2.4.3-150400.3.6.2.x86_64.rpm cryptsetup-lang-2.4.3-150400.3.6.2.noarch.rpm cryptsetup-ssh-2.4.3-150400.3.6.2.x86_64.rpm libcryptsetup-devel-2.4.3-150400.3.6.2.x86_64.rpm libcryptsetup12-2.4.3-150400.3.6.2.x86_64.rpm libcryptsetup12-32bit-2.4.3-150400.3.6.2.x86_64.rpm libcryptsetup12-hmac-2.4.3-150400.3.6.2.x86_64.rpm libcryptsetup12-hmac-32bit-2.4.3-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-169 Recommended update for gnome-shell-extension-desktop-icons moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnome-shell-extension-desktop-icons fixes the following issue: - Update desktop-icons-show-iso-file-icon and desktop-icon-gnome-41 (bsc#1227104). gnome-shell-extension-desktop-icons-20.10.0-150400.4.8.2.noarch.rpm gnome-shell-extension-desktop-icons-20.10.0-150400.4.8.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-719 Recommended update for Maven moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: * Bug fixes and improved support of dynamic types * Dependency upgrades (ASM, Maven core, and notably the removal of commons-io) * Improved error handling by logging instead of failing * Improved dependency usage tracking maven-dependency-plugin was updated from version 3.6.0 to 3.8.1: - Key changes across versions: * Dependency upgrades on maven-dependency-analyzer and Doxia * Deprecated dependency:sources in favor of dependency:resolve-sources * Documentation improvements * New dependency analysis goal to check for invalid exclusions * New JSON output option for dependency:tree * Performance improvements * Several bug fixes addressing: + The handling of silent parameters + The display of the optional flag in the tree + The clarity of some error messages maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0: - Key changes across versions: * New features: + Passing the input filename to the parser + Adding a timezone field to the site descriptor + Configuring parsers per markup * Improvements: + Clarifying site descriptor properties + Requiring a skin if a site descriptor (site.xml) has been provided + Optimization of resource handling + Overhauled locale support + Refinined menu item display + Use of Maven Resolver for artifact resolution + Enhanced Velocity context population + Automating anchor creation * Internal changes: + Migration from Plexus to Sisu + Upgraded to Java 8 + Removal of deprecated components and features (such as Maven 1.x support, Google-related properties) + Simplified the site model + Improved the DocumentRenderer interface/DocumentRenderingContext class API * Several bug fixes addressing: + The Plexus to Sisu migration + Decoration model injection + Anchor creation + XML character escaping + Handling of 0-byte site descriptors maven-doxia was updated from version 1.12.0 to 2.0.0: - Key changes across versions: * Improved HTML5 Support: + Obsolete attributes and elements were removed + CSS styles are now used for styling + XHTML5 is now the default HTML implementation, and XHTML(4) is deprecated * Improved Markdown Support: + A new Markdown sink allows converting content to Markdown. + Support for various Markdown features like blockquotes, footnotes, and metadata has been added * General Improvements: + Dependencies were updated + Doxia was upgraded to Java 8 + Logging and Doxia ID generation were streamlined + Migration from Plexus to Sisu + Removed deprecated modules and code * Several bug fixes addressing: + HTML5 incorrect output such as tables, styling and missing or improperly handled attributes + Markdown formatting issues + Issues with plexus migration + Incorrect generation of unique IDs + Incorrect anchor generation for document titles + Ignored element classes maven-invoker-plugin was updated from version 3.2.2 to 3.8.1: - Key changes across versions: * Commons-lang3 was removed * Custom Maven executables, external POM files, and more CLI options are now supported * Deprecated code was cleaned up * Doxia was updated, improving HTML generation and adding Markdown support * Groovy was updated, adding support for JDK 19 * Improved Reporting and Time Handling * Enhanced syntax support for invoker properties and Maven options * Java 8 is now the minimum supported version * Maven 3.6.3 is now the minimum supported version * Several dependencies were updated or removed * Snapshot update behavior can be controlled * Several bug fixes addressing issues with: + Dependency resolution + Environment variables + File handling + Report generation + Threading maven-invoker was updated from version 3.1.0 to 3.3.0: - Key changes across versions: * Added several CLI options. * Added support to disable snapshot updates. * Added test for inherited environment * Custom Maven executables * Deprecated code was removed * External POM files * Fixed issues with builder IDs * Improved timeout handling * Java 8 is now a requirement * Tests were migrated to JUnit 5 maven-javadoc-plugin was updated from version 3.6.0 to 3.11.1: - Key changes across versions: * Addressed test cleanup and inconsistent default value * Automatic release detection for older JDKs * Clarified documentation * Dependency upgrades of org.codehaus.plexus:plexus-java and Doxia * Deprecated the "old" parameter * Improvements include handling of Java 12+ links, user settings with invoker, and default author value. * Simplified integration tests. * Upgraded maven-plugin parent * Various bug fixes related to: + Toolchains issues + Empty JAR creation + JDK 10 compatibility + Reactor build failures + Unit test issues + Null pointer exception + Issues with skipped reports + Stale file detection + Log4j dependency dowload + Test repository creation maven-parent was updated from version 40 to 43: - Key changes across versions: * Potentially breaking changes: + Removed dependency on `maven-plugin-annotations` to better support Maven 4 plugins + Removed `checkstyle.violation.ignore` * Improved Java 21 support * Empty Surefire and PMD reports are now skipped * Disabled annotation processing by compiler * Various code cleanup and project restructuring tasks maven-plugin-tools was updated from version 3.13.0 to 3.15.1: - Key changes across versions: * Doxia and Velocity Engine upgrades * New report-no-fork goal 'report-no-fork' which will not invoke process-classes * Deprecation of o.a.m.plugins.annotations.Component * Improved Maven 3 and Maven 4 support maven-reporting-api was updated from version 3.1.1 to 4.0.0: - Key changes across versions: * API: Allow MavenReportRenderer.render() and MavenReport.canGenerateReport() to throw exceptions * Require locales to be non-null * Improve the MavenReport interface and AbstractMavenReport class * Removed unused default-report.xml file maven-reporting-implementation was updated from version 3.2.0 to 4.0.0: - Key changes across versions include: * Addressed issues with duplicate calls to canGenerateReport() * New features such markup output support, flexible section handling and verbatim source rendering * Numerous improvements to skinning, rendering, parameter handling, timestamp population and logging * Upgrade to Java 8 maven-surefire was updated from version 3.2.5 to 3.5.2: - Key changes across versions include: * Addressed issues with JUnit5 test reporting, serialization, classpath handling and compatibility with newer JDKs. * Refined handling of system properties, commons-io usage, parallel test execution and report generation. * Updated Doxia and commons-compress dependencies * Improved documentation, including FAQ fixes plexus-velocity was updated to version 2.1.0: - Upgraded Velocity Engine to 2.3 - Moved to JUnit5 velocity-engine: - New package velocity-engine-core implemented at version 2.4 maven-doxia-2.0.0-150200.4.18.11.src.rpm maven-doxia-core-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-module-apt-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-module-fml-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-module-xdoc-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-module-xhtml5-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-sink-api-2.0.0-150200.4.18.11.noarch.rpm maven-doxia-sitetools-2.0.0-150200.3.18.3.noarch.rpm maven-doxia-sitetools-2.0.0-150200.3.18.3.src.rpm maven-invoker-3.3.0-150200.3.7.5.noarch.rpm maven-invoker-3.3.0-150200.3.7.5.src.rpm maven-javadoc-plugin-3.11.1-150200.4.21.2.noarch.rpm maven-javadoc-plugin-3.11.1-150200.4.21.2.src.rpm maven-plugin-annotations-3.15.1-150200.3.15.12.noarch.rpm maven-plugin-tools-3.15.1-150200.3.15.12.src.rpm maven-reporting-api-4.0.0-150200.3.10.12.noarch.rpm maven-reporting-api-4.0.0-150200.3.10.12.src.rpm maven-surefire-3.5.2-150200.3.9.20.12.noarch.rpm maven-surefire-3.5.2-150200.3.9.20.12.src.rpm maven-surefire-plugin-3.5.2-150200.3.9.20.2.noarch.rpm maven-surefire-plugins-3.5.2-150200.3.9.20.2.src.rpm maven-surefire-provider-junit-3.5.2-150200.3.9.20.12.noarch.rpm maven-surefire-provider-testng-3.5.2-150200.3.9.20.12.noarch.rpm plexus-velocity-2.1.0-150200.3.10.3.noarch.rpm plexus-velocity-2.1.0-150200.3.10.3.src.rpm velocity-engine-core-2.4-150200.5.3.3.noarch.rpm velocity-engine-core-2.4-150200.5.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-144 Security update for git important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601). git-2.35.3-150300.10.48.1.src.rpm git-2.35.3-150300.10.48.1.x86_64.rpm git-arch-2.35.3-150300.10.48.1.x86_64.rpm git-core-2.35.3-150300.10.48.1.x86_64.rpm git-cvs-2.35.3-150300.10.48.1.x86_64.rpm git-daemon-2.35.3-150300.10.48.1.x86_64.rpm git-doc-2.35.3-150300.10.48.1.noarch.rpm git-email-2.35.3-150300.10.48.1.x86_64.rpm git-gui-2.35.3-150300.10.48.1.x86_64.rpm git-svn-2.35.3-150300.10.48.1.x86_64.rpm git-web-2.35.3-150300.10.48.1.x86_64.rpm gitk-2.35.3-150300.10.48.1.x86_64.rpm perl-Git-2.35.3-150300.10.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-212 Recommended update for tpm2.0-abrmd moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tpm2.0-abrmd fixes the following issues: - make sure that udev workers have finished before daemon-reload (bsc#1231071) libtss2-tcti-tabrmd0-2.4.0-150400.3.3.1.x86_64.rpm tpm2.0-abrmd-2.4.0-150400.3.3.1.src.rpm tpm2.0-abrmd-2.4.0-150400.3.3.1.x86_64.rpm tpm2.0-abrmd-devel-2.4.0-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-203 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853). - CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846). - CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963). - CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224). - CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697). The following non-security bugs were fixed: - Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139) - KVM: x86: fix sending PV IPI (git-fixes). - fixup "rpm: support gz and zst compression methods" once more (bsc#1190428, bsc#1190358) - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge. - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642]. - supported.conf: add bsc1185010 dependency - supported.conf: hyperv_drm (jsc#sle-19733) - usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes). - usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes). - x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes). - x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes). - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes). - x86/fpu: Remove unused supervisor only offsets (git-fixes). - x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes). - x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes). - x86/mce: Allow instrumentation during task work queueing (git-fixes). - x86/mce: Mark mce_end() noinstr (git-fixes). - x86/mce: Mark mce_panic() noinstr (git-fixes). - x86/mce: Mark mce_read_aux() noinstr (git-fixes). - x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes). - x86/sgx: Free backing memory after faulting the enclave page (git-fixes). - x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes). - x86/uaccess: Move variable into switch case statement (git-fixes). - x86: Annotate call_on_stack() (git-fixes). kernel-default-5.14.21-150400.24.147.1.nosrc.rpm True kernel-default-5.14.21-150400.24.147.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1.src.rpm True kernel-default-base-5.14.21-150400.24.147.1.150400.24.72.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.147.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.147.1.noarch.rpm True kernel-docs-5.14.21-150400.24.147.1.noarch.rpm True kernel-docs-5.14.21-150400.24.147.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.147.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.147.1.src.rpm True kernel-obs-build-5.14.21-150400.24.147.1.x86_64.rpm True kernel-source-5.14.21-150400.24.147.1.noarch.rpm True kernel-source-5.14.21-150400.24.147.1.src.rpm True kernel-syms-5.14.21-150400.24.147.1.src.rpm True kernel-syms-5.14.21-150400.24.147.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.147.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-223 Feature update for zypper, libzypp low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for zypper, libzypp fixes the following issues: - info: Allow to query a specific version (jsc#PED-11268) To query for a specific version simply append "-<version>" or "-<version>-<release>" to the "<name>" pattern. Note that the edition part must always match exactly. - version 1.14.79 libzypp-17.35.16-150400.3.107.1.src.rpm True libzypp-17.35.16-150400.3.107.1.x86_64.rpm True libzypp-devel-17.35.16-150400.3.107.1.x86_64.rpm True zypper-1.14.79-150400.3.70.1.src.rpm True zypper-1.14.79-150400.3.70.1.x86_64.rpm True zypper-log-1.14.79-150400.3.70.1.noarch.rpm True zypper-needs-restarting-1.14.79-150400.3.70.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-219 Recommended update for lttng-tools important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lttng-tools fixes the following issues: - Fix lttng-sessiond segfault during session destruction (bsc#1234266) liblttng-ctl0-2.12.2-150300.3.9.1.x86_64.rpm lttng-tools-2.12.2-150300.3.9.1.src.rpm lttng-tools-2.12.2-150300.3.9.1.x86_64.rpm lttng-tools-devel-2.12.2-150300.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-438 Recommended update for bouncycastle, jsch, ed25519-java moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bouncycastle, jsch and ed25519-java fixes the following issues: bouncycastle was updated from version 1.78 to 1.79: - Bugfixes to address issues with: * Ed25519 signatures * Elephant cipher handling of large messages * CMSSignedData signer replacement * ERSInputStreamData hashing * CRL loading * EC curve name lookups * PhotonBeetle and Xoodyak digest resetting * OCSP caching * Java 21 provider service handling * CMS version calculation * Incorrect PGP armored output version strings * PGP algorithm lookups - New Features and Functionalities: * Object Identifiers have been added for ML-KEM, ML-DSA, and SLH-DSA. * The PQC algorithms, ML-KEM, ML-DSA (including pre-hash), and SLH-DSA (including pre-hash) have been added to the BC provider and the lightweight API. * A new spec, ContextParameterSpec, has been added to support signature contexts for ML-DSA and SLH-DSA. * BCJSSE: Added support for security property "jdk.tls.server.defaultDHEParameters" (disabled in FIPS mode). * BCJSSE: Added support for signature_algorithms_cert configuration via "org.bouncycastle.jsse.client.SignatureSchemesCert" and "org.bouncycastle.jsse.server.SignatureSchemesCert" system properties or BCSSLParameters property "SignatureSchemesCert". * BCJSSE: Added support for boolean system property "org.bouncycastle.jsse.fips.allowGCMCiphersIn12" (false by default). * (D)TLS: Removed redundant verification of self-generated RSA signatures. * CompositePrivateKeys now support the latest revision of the composite signature draft. * Delta Certificates now support the latest revision of the delta certificate extension draft. * A general KeyIdentifier class, encapsulating both PGP KeyID and the PGP key fingerprint has been added to the PGP API. * Support for the LibrePGP PreferredEncryptionModes signature subpacket has been added to the PGP API. * Support for Version 6 signatures, including salts, has been added to the PGP API. * Support for the PreferredKeyServer signature supacket has been added to the PGP API. * Support for RFC 9269, "Using KEMs in Cryptographic Message Syntax (CMS)", has been added to the CMS API. * Support for the Argon2 S2K has been added to the PGP API. * The system property "org.bouncycastle.pemreader.lax" has been introduced for situations where the BC PEM parsing is now too strict. * The system property "org.bouncycastle.ec.disable_f2m" has been introduced to allow F2m EC support to be disabled. jsch was updated from version 0.2.15 to 0.2.22: - Key changes across these versions: * Authentication and logging improvements * Date handling improvements using java.time classes * DHGEX prime modulus enforcement * Expanded KEX algorithm support, this requires Bouncy Castle * Fixed a GSSAPI authentication issue * Fixed possible rekeying timeouts * Fixed SignatureECDSAN private key handling * Improved handling of negated patterns * Introduction of JSchProxyException * Modernized fingerprint output * More accurate ext-info logging * PBKDF2 algorithm additions (SHA512/256 & SHA512/224) ed25519-java: - Fixed minor build issues bouncycastle-1.79-150200.3.32.2.noarch.rpm bouncycastle-1.79-150200.3.32.2.src.rpm bouncycastle-pg-1.79-150200.3.32.2.noarch.rpm bouncycastle-pkix-1.79-150200.3.32.2.noarch.rpm bouncycastle-util-1.79-150200.3.32.2.noarch.rpm ed25519-java-0.3.0-150200.5.6.1.noarch.rpm ed25519-java-0.3.0-150200.5.6.1.src.rpm jsch-0.2.22-150200.11.16.2.noarch.rpm jsch-0.2.22-150200.11.16.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-200 Security update for pam_u2f important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam_u2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517) pam_u2f-1.2.0-150400.4.5.1.src.rpm pam_u2f-1.2.0-150400.4.5.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-196 Security update for dhcp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dhcp fixes the following issues: - Fixed dhcp not starting in case group nogroup is missing (bsc#1192020) dhcp-4.3.6.P1-150000.6.22.1.src.rpm dhcp-4.3.6.P1-150000.6.22.1.x86_64.rpm dhcp-client-4.3.6.P1-150000.6.22.1.x86_64.rpm dhcp-devel-4.3.6.P1-150000.6.22.1.x86_64.rpm dhcp-relay-4.3.6.P1-150000.6.22.1.x86_64.rpm dhcp-server-4.3.6.P1-150000.6.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-204 Recommended update for rpmlint moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - backport whitelisting for gnome-remote-desktop added to SLE-15-SP7 (bsc#1235551). Note that the .conf file is *not* detected by rpmlint, it seems it no longer looks in the right directories. To be on the safe side I still added it to the whitelisting. rpmlint-1.10-150000.7.90.1.noarch.rpm rpmlint-1.10-150000.7.90.1.src.rpm rpmlint-mini-1.10-150400.23.26.2.src.rpm rpmlint-mini-1.10-150400.23.26.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-543 Recommended update for salt important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Revert setting SELinux context for minion service (bsc#1233667) - Removed System V init support - Fix the condition of alternatives for Tumbleweed and Leap 16 - Build all python bindings for all flavors - Make minion reconnecting on changing master IP (bsc#1228182) - Handle logger exception when flushing already closed file - Include passlib as a recommended dependency - Make Salt Bundle more tolerant to long running jobs (bsc#1228690) python3-netaddr-0.7.19-150400.9.3.1.noarch.rpm True python3-netaddr-0.7.19-150400.9.3.1.src.rpm True python3-salt-3006.0-150400.8.72.2.x86_64.rpm True salt-3006.0-150400.8.72.2.src.rpm True salt-3006.0-150400.8.72.2.x86_64.rpm True salt-api-3006.0-150400.8.72.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.72.2.noarch.rpm True salt-cloud-3006.0-150400.8.72.2.x86_64.rpm True salt-doc-3006.0-150400.8.72.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.72.2.noarch.rpm True salt-master-3006.0-150400.8.72.2.x86_64.rpm True salt-minion-3006.0-150400.8.72.2.x86_64.rpm True salt-proxy-3006.0-150400.8.72.2.x86_64.rpm True salt-ssh-3006.0-150400.8.72.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.72.2.x86_64.rpm True salt-syndic-3006.0-150400.8.72.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.72.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.72.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-165 Security update for rsync important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsync fixes the following issues: - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) - CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475) rsync-3.2.3-150400.3.17.1.src.rpm rsync-3.2.3-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-525 Security update for SUSE Manager Client Tools moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: - Added MAC based terminal naming option (jsc#SUMA-314) golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): - Security issues fixed: * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling (bsc#1232970) - Highlights of other changes: * Performance: + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and remote write operations. + Default GOGC value lowered to 75 for better memory management. + Option to limit memory usage from dropped targets added. * New Features: + Experimental OpenTelemetry ingestion. + Automatic memory limit handling. + Native histogram support, including new functions, UI enhancements, and improved scraping. + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option. + Expanded service discovery options with added metadata and support for new services. + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping. * Bug Fixes: + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery. * For a detailed list of changes consult the package changelog or https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3 grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649): - Security issues fixed: * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto (bsc#1234554) * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301) * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024) - Potential breaking changes in version 10: * In panels using the `extract fields` transformation, where one of the extracted names collides with one of the already existing ields, the extracted field will be renamed. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. To resolve this either: update transformation or field override. * For the existing backend mode users who have Transformations with the `time` field, might see their transformations are not working. Those panels that have broken transformations will fail to render. This is because we changed the field key. To resolve this either: Remove the affected panel and re-create it; Select the `Time` field again; Edit the `time` field as `Time` for transformation in `panel.json` or `dashboard.json` * The following data source permission endpoints have been removed: `GET /datasources/:datasourceId/permissions` `POST /api/datasources/:datasourceId/permissions` `DELETE /datasources/:datasourceId/permissions` `POST /datasources/:datasourceId/enable-permissions` `POST /datasources/:datasourceId/disable-permissions` + Please use the following endpoints instead: `GET /api/access-control/datasources/:uid` for listing data source permissions `POST /api/access-control/datasources/:uid/users/:id`, `POST /api/access-control/datasources/:uid/teams/:id` and `POST /api/access-control/datasources/:uid/buildInRoles/:id` for adding or removing data source permissions * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your provider. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. Dashboard information can be retrieved from the `/dashboard/...` APIs. * The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID` * Removed all components for the old panel header design. * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/ for more details * OAuth role mapping enforcement: This change impacts GitHub, Gitlab, Okta, and Generic OAuth. To avoid overriding manually set roles, enable the skip_org_role_sync option in the Grafana configuration for your OAuth provider before upgrading * Angular has been deprecated * Grafana legacy alerting has been deprecated * API keys are migrating to service accounts * The experimental “dashboard previews” feature is removed * Usernames are now case-insensitive by default * Grafana OAuth integrations do not work anymore with email lookups * The “Alias” field in the CloudWatch data source is removed * Athena data source plugin must be updated to version >=2.9.3 * Redshift data source plugin must be updated to version >=1.8.3 * DoiT International BigQuery plugin no longer supported * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0 for more details - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/: spacecmd was updated to version 5.0.11-0: - Updated translation strings supportutils-plugin-salt was updated to version 1.2.3: - Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145) - Provide backwards-compatible scripts version supportutils-plugin-susemanager-client was updated to version 5.0.4-0: - Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145) uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: - Security issues fixed: * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) - Other changes and bugs fixed: * Version 0.1.27-0 + Bump the default image tag to 5.0.3 + IsInstalled function fix + Run systemctl daemon-reload after changing the container image config (bsc#1233279) + Coco-replicas-upgrade + Persist search server indexes (bsc#1231759) + Sync deletes files during migration (bsc#1233660) + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079) + Add --registry back to mgrpxy (bsc#1233202) + Only add java.hostname on migrated server if not present + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104) + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630) + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123) * Version 0.1.26-0 + Ignore all zypper caches during migration (bsc#1232769) + Use the uyuni network for all podman containers (bsc#1232817) * Version 0.1.25-0 + Don't migrate enabled systemd services, recreate them (bsc#1232575) * Version 0.1.24-0 + Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) supportutils-plugin-salt-1.2.3-150000.3.16.1.noarch.rpm supportutils-plugin-salt-1.2.3-150000.3.16.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-272 Recommended update for hplip important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hplip fixes the following issues: This update for hplip fixes the following issues: Update to hplip 3.24.4 (jsc#PED-5846) - Added support for new printers: * HP OfficeJet 8120 All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet Pro 9720 Series * HP OfficeJet Pro 9730 Series * HP OfficeJet Pro 9130b series * HP OfficeJet Pro 9120b series * HP OfficeJet Pro 9110b series * HP Color LaserJet Enterprise Flow MFP X58045z * HP Color LaserJet Enterprise Flow MFP X58045zs * HP Color LaserJet Enterprise MFP X58045dn * HP Color LaserJet Enterprise MFP X58045 * HP LaserJet Pro P1106 plus * HP LaserJet Pro P1108 plus * HP LaserJet Tank MFP 1602a * HP LaserJet Tank MFP 1602w * HP LaserJet Tank MFP 1604w * HP LaserJet Tank MFP 2602dn * HP LaserJet Tank MFP 2602sdn * HP LaserJet Tank MFP 2602sdw * HP LaserJet Tank MFP 2602dw * HP LaserJet Tank MFP 2604dw * HP LaserJet Tank MFP 2604sdw * HP LaserJet Tank MFP 2603dw * HP LaserJet Tank MFP 2603sdw * HP LaserJet Tank MFP 2605sdw * HP LaserJet Tank MFP 2606dn * HP LaserJet Tank MFP 2606sdn * HP LaserJet Tank MFP 2606sdw * HP LaserJet Tank MFP 2606dw * HP LaserJet Tank MFP 2606dc * HP LaserJet Tank MFP 1005 * HP LaserJet Tank MFP 1005w * HP LaserJet Tank MFP 1005nw * HP LaserJet Tank 1502a * HP LaserJet Tank 1502w * HP LaserJet Tank 1504w * HP LaserJet Tank 2502dw * HP LaserJet Tank 2502dn * HP LaserJet Tank 2504dw * HP LaserJet Tank 2503dw * HP LaserJet Tank 2506dw * HP LaserJet Tank 2506d * HP LaserJet Tank 2506dn * HP LaserJet Tank 1020 * HP LaserJet Tank 1020w * HP LaserJet Tank 1020nw * HP LaserJet Pro 4001ne * HP LaserJet Pro 4001n * HP LaserJet Pro 4001dne * HP LaserJet Pro 4001dn * HP LaserJet Pro 4001dwe * HP LaserJet Pro 4001dw * HP LaserJet Pro 4001d * HP LaserJet Pro 4001de * HP LaserJet Pro 4002ne * HP LaserJet Pro 4002n * HP LaserJet Pro 4002dne * HP LaserJet Pro 4002dn * HP LaserJet Pro 4002dwe * HP LaserJet Pro 4002dw * HP LaserJet Pro 4002d * HP LaserJet Pro 4002de * HP LaserJet Pro 4003dn * HP LaserJet Pro 4003dw * HP LaserJet Pro 4003n * HP LaserJet Pro 4003d * HP LaserJet Pro 4004d * HP LaserJet Pro 4004dn * HP LaserJet Pro 4004dw * HP LaserJet Pro MFP 4101dwe * HP LaserJet Pro MFP 4101dw * HP LaserJet Pro MFP 4101fdn * HP LaserJet Pro MFP 4101fdne * HP LaserJet Pro MFP 4101fdw * HP LaserJet Pro MFP 4101fdwe * HP LaserJet Pro MFP 4102dwe * HP LaserJet Pro MFP 4102dw * HP LaserJet Pro MFP 4102fdn * HP LaserJet Pro MFP 4102fdw * HP LaserJet Pro MFP 4102fdwe * HP LaserJet Pro MFP 4102fdne * HP LaserJet Pro MFP 4102fnw * HP LaserJet Pro MFP 4102fnwe * HP LaserJet Pro MFP 4103dw * HP LaserJet Pro MFP 4103dn * HP LaserJet Pro MFP 4103fdn * HP LaserJet Pro MFP 4103fdw * HP LaserJet Pro MFP 4104dw * HP LaserJet Pro MFP 4104fdw * HP LaserJet Pro MFP 4104fdn * HP ScanJet Pro 3600 f1 * HP ScanJet Pro N4600 fnw1 * HP ScanJet Pro 2600 f1 * HP ScanJet Enterprise Flow N6600 fnw1 * HP Color LaserJet Managed MFP E785dn * HP Color LaserJet Managed MFP E78523dn * HP Color LaserJet Managed MFP E78528dn * HP Color LaserJet Managed MFP E786dn * HP Color LaserJet Managed MFP E786 Core Printer * HP Color LaserJet Managed MFP E78625dn * HP Color LaserJet Managed FlowMFP E786z * HP Color LaserJet Managed Flow MFP E78625z * HP Color LaserJet Managed MFP E78630dn * HP Color LaserJet Managed Flow MFP E78630z * HP Color LaserJet Managed MFP E78635dn * HP Color LaserJet Managed Flow MFP E78635z * HP LaserJet Managed MFP E731dn * HP LaserJet Managed MFP E731 Core Printer * HP LaserJet Managed MFP E73130dn * HP LaserJet Managed Flow MFP E731z * HP LaserJet Managed Flow MFP E73130z * HP LaserJet Managed MFP E73135dn * HP LaserJet Managed Flow MFP E73135z * HP LaserJet Managed MFP E73140dn * HP LaserJet Managed Flow MFP E73140z * HP Color LaserJet Managed MFP E877dn * HP Color LaserJet Managed MFP E877 Core Printer * HP Color LaserJet Managed MFP E87740dn * HP Color LaserJet Managed Flow MFP E877z * HP Color LaserJet Managed Flow MFP E87740z * HP Color LaserJet Managed MFP E87750dn * HP Color LaserJet Managed Flow MFP E87750z * HP Color LaserJet Managed MFP E87760dn * HP Color LaserJet Managed Flow MFP E87760z * HP Color LaserJet Managed MFP E87770dn * HP Color LaserJet Managed Flow MFP E87770z * HP LaserJet Managed MFP E826dn * HP LaserJet Managed MFP E826 Core Printer * HP LaserJet Managed MFP E82650dn * HP LaserJet Managed Flow MFP E826z * HP LaserJet Managed Flow MFP E82650z * HP LaserJet Managed MFP E82660dn * HP LaserJet Managed Flow MFP E82660z * HP LaserJet Managed MFP E82670dn * HP LaserJet Managed Flow MFP E82670z * HP LaserJet Managed MFP E730dn * HP LaserJet Managed MFP E73025dn * HP LaserJet Managed MFP E73030dn * HP LaserJet Pro MFP 3101fdwe * HP LaserJet Pro MFP 3101fdw * HP LaserJet Pro MFP 3102fdwe * HP LaserJet Pro MFP 3102fdw * HP LaserJet Pro MFP 3103fdw * HP LaserJet Pro MFP 3104fdw * HP LaserJet Pro MFP 3101fdne * HP LaserJet Pro MFP 3101fdn * HP LaserJet Pro MFP 3102fdne * HP LaserJet Pro MFP 3102fdn * HP LaserJet Pro MFP 3103fdn * HP LaserJet Pro MFP 3104fdn * HP LaserJet Pro 3001dwe * HP LaserJet Pro 3001dw * HP LaserJet Pro 3002dwe * HP LaserJet Pro 3002dw * HP LaserJet Pro 3003dw * HP LaserJet Pro 3004dw * HP LaserJet Pro 3001dne * HP LaserJet Pro 3001dn * HP LaserJet Pro 3002dne * HP LaserJet Pro 3002dn * HP LaserJet Pro 3003dn * HP LaserJet Pro 3004dn * HP Smart Tank 520_540 series * HP Smart Tank 580-590 series * HP Smart Tank 5100 series * HP Smart Tank 210-220 series * HP Color LaserJet Enterprise 6700dn * HP Color LaserJet Enterprise 6700 * HP Color LaserJet Enterprise 6701dn * HP Color LaserJet Enterprise 6701 * HP Color LaserJet Enterprise X654dn * HP Color LaserJet Enterprise X65455dn * HP Color LaserJet Enterprise X654 * HP Color LaserJet Enterprise X65465dn * HP Color LaserJet Enterprise X654 65 PPM * HP Color LaserJet Enterprise X654 55 to 65ppm License * HP Color LaserJet Enterprise X654 Down License * HP Color LaserJet Enterprise MFP 6800dn * HP Color LaserJet Enterprise Flow MFP 6800zf * HP Color LaserJet Enterprise Flow MFP 6800zfsw * HP Color LaserJet Enterprise Flow MFP 6800zfw+ * HP Color LaserJet Enterprise MFP 6800 * HP Color LaserJet Enterprise MFP 6801 * HP Color LaserJet Enterprise MFP 6801 zfsw * HP Color LaserJet Enterprise Flow MFP 6801zfw+ * HP Color LaserJet Enterprise MFP X677 55 to 65ppm License * HP Color LaserJet Enterprise MFP X677 65ppm * HP Color LaserJet Enterprise MFP X677s * HP Color LaserJet Enterprise Flow MFP X677z * HP Color LaserJet Enterprise MFP X67765dn * HP Color LaserJet Enterprise Flow MFP X67765zs * HP Color LaserJet Enterprise Flow MFP X67765z+ * HP Color LaserJet Enterprise MFP X677 * HP Color LaserJet Enterprise MFP X67755dn * HP Color LaserJet Enterprise Flow MFP X67755zs * HP Color LaserJet Enterprise Flow MFP X67755z+ * HP Color LaserJet Enterprise MFP X677dn * HP Color LaserJet Enterprise Flow MFP X677zs * HP Color LaserJet Enterprise Flow MFP X677z+ * HP Color LaserJet Enterprise 5700dn * HP Color LaserJet Enterprise 5700 * HP Color LaserJet Enterprise X55745dn * HP Color LaserJet Enterprise X55745 * HP Color LaserJet Enterprise MFP 5800dn * HP Color LaserJet Enterprise MFP 5800f * HP Color LaserJet Enterprise Flow MFP 5800zf * HP Color LaserJet Enterprise MFP 5800 * HP Color LaserJet Enterprise MFP X57945 * HP Color LaserJet Enterprise Flow MFP X57945zs * HP Color LaserJet Enterprise MFP X57945dn * HP Color LaserJet Enterprise Flow MFP X57945z * HP Color LaserJet Pro MFP 4301fdne * HP Color LaserJet Pro MFP 4301fdwe * HP Color LaserJet Pro MFP 4301cdwe * HP Color LaserJet Pro MFP 4301cfdne * HP Color LaserJet Pro MFP 4301cfdwe * HP Color LaserJet Pro MFP 4302dwe * HP Color LaserJet Pro MFP 4302fdne * HP Color LaserJet Pro MFP 4302fdwe * HP Color LaserJet Pro MFP 4302cdwe * HP Color LaserJet Pro MFP 4302fdn * HP Color LaserJet Pro MFP 4302fdw * HP Color LaserJet Pro MFP 4303dw * HP Color LaserJet Pro MFP 4303fdn * HP Color LaserJet Pro MFP 4303fdw * HP Color LaserJet Pro MFP 4303cdw * HP Color LaserJet Pro MFP 4303cfdn * HP Color LaserJet Pro MFP 4303cfdw * HP Color LaserJet Pro 4201dne * HP Color LaserJet Pro 4201dwe * HP Color LaserJet Pro 4201cdne * HP Color LaserJet Pro 4201cdwe * HP Color LaserJet Pro 4202dne * HP Color LaserJet Pro 4202dwe * HP Color LaserJet Pro 4202dn * HP Color LaserJet Pro 4202dw * HP Color LaserJet Pro 4203dn * HP Color LaserJet Pro 4203dw * HP Color LaserJet Pro 4203cdn * HP Color LaserJet Pro 4203cdw * HP DeskJet 2800 All-in-One Printer series * HP DeskJet 2800e All-in-One Printer series * HP DeskJet Ink Advantage 2800 All-in-One Printer series * HP DeskJet 4200 All-in-One Printer series * HP DeskJet 4200e All-in-One Printer series * HP DeskJet Ink Advantage 4200 All-in-One Printer series * HP DeskJet Ink Advantage Ultra 4900 All-in-One Printer series * HP OfficeJet Pro 9130b series * HP OfficeJet Pro 9120b series * HP OfficeJet Pro 9110b series * HP Color LaserJet Enterprise Flow MFP X58045z * HP Color LaserJet Enterprise Flow MFP X58045zs * HP Color LaserJet Enterprise MFP X58045dn * HP Color LaserJet Enterprise MFP X58045 * HP LaserJet Pro P1106 plus * HP LaserJet Pro P1108 plus * HP OfficeJet 8120 All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet Pro 9720 Series * HP OfficeJet Pro 9730 Series - Bug fixes: * hpmud: sanitize printer serial number (bsc#1209401, lp#2012262) - hppsfilter: booklet printing: change insecure fixed /tmp file paths (bsc#1214399) hplip-3.24.4-150400.3.17.1.src.rpm hplip-3.24.4-150400.3.17.1.x86_64.rpm hplip-devel-3.24.4-150400.3.17.1.x86_64.rpm hplip-hpijs-3.24.4-150400.3.17.1.x86_64.rpm hplip-sane-3.24.4-150400.3.17.1.x86_64.rpm hplip-udev-rules-3.24.4-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-267 Security update for podman important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698) - Load ip_tables and ip6_tables kernel module (bsc#1214612) * Required for rootless mode as a regular user has no permission to load kernel modules - CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499) - CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208) - CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) - CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677) - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270) - Refactor network backend dependencies: * podman requires either netavark or cni-plugins. On ALP, require netavark, otherwise prefer netavark but don't force it. * This fixes missing cni-plugins in some scenarios * Default to netavark everywhere where it's available podman-4.9.5-150400.4.35.1.src.rpm podman-4.9.5-150400.4.35.1.x86_64.rpm podman-docker-4.9.5-150400.4.35.1.noarch.rpm podman-remote-4.9.5-150400.4.35.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-588 Security update for grub2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) grub2-2.06-150400.11.55.2.src.rpm grub2-2.06-150400.11.55.2.x86_64.rpm grub2-i386-pc-2.06-150400.11.55.2.noarch.rpm grub2-snapper-plugin-2.06-150400.11.55.2.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.55.2.noarch.rpm grub2-x86_64-efi-2.06-150400.11.55.2.noarch.rpm grub2-x86_64-xen-2.06-150400.11.55.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233 Security update for nodejs18 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs18 fixes the following issues: Update to 18.20.6: - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) nodejs18-18.20.6-150400.9.33.1.src.rpm nodejs18-18.20.6-150400.9.33.1.x86_64.rpm nodejs18-devel-18.20.6-150400.9.33.1.x86_64.rpm nodejs18-docs-18.20.6-150400.9.33.1.noarch.rpm npm18-18.20.6-150400.9.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-338 Security update for java-11-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 java-11-openjdk-11.0.26.0-150000.3.122.1.src.rpm java-11-openjdk-11.0.26.0-150000.3.122.1.x86_64.rpm java-11-openjdk-demo-11.0.26.0-150000.3.122.1.x86_64.rpm java-11-openjdk-devel-11.0.26.0-150000.3.122.1.x86_64.rpm java-11-openjdk-headless-11.0.26.0-150000.3.122.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-339 Security update for java-17-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 (January 2025 CPU): Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8071693: Introspector ignores default interface methods - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 "FAILED: listening is successfully stopped without starting listening" - JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails - JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with "RuntimeException: Could not find class leak" - JDK-8268364: jmethod clearing should be done during unloading - JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee - JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN - JDK-8271456: Avoid looking up standard charsets in "java.desktop" module - JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags - JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags - JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs - JDK-8272746: ZipFile can't open big file (NegativeArraySizeException) - JDK-8273914: Indy string concat changes order of operations - JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution - JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop - JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with "SocketTimeoutException: Read timed out" - JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test - JDK-8280131: jcmd reports "Module jdk.jfr not found." when "jdk.management.jfr" is missing - JDK-8281379: Assign package declarations to all jtreg test cases under gc - JDK-8282578: AIOOBE in javax.sound.sampled.Clip - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts - JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11 - JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem - JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable - JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer - JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around - JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with "Test failed: should be unloaded" - JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests - JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023 - JDK-8292309: Fix "java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java" test - JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes - JDK-8293877: Rewrite MineField test - JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory - JDK-8294726: Update URLs in minefield tests - JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher - JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java - JDK-8295859: Update Manual Test Groups - JDK-8296709: WARNING: JNI call made without checking exceptions - JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker - JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones - JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated - JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP - JDK-8303697: ProcessTools doesn't print last line of process output - JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java - JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally - JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose - JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out - JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate - JDK-8307297: Move some DnD tests to open - JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM - JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1 - JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options - JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI - JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK- - JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests - JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04 - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313638: Add test for dump of resolved references - JDK-8313854: Some tests in serviceability area fail on localized Windows platform - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..) - JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags - JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags - JDK-8314831: NMT tests ignore vm flags - JDK-8315097: Rename createJavaProcessBuilder - JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags - JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm - JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm - JDK-8316446: 4 sun/management/jdp tests ignore VM flags - JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags - JDK-8316464: 3 sun/tools tests ignore VM flags - JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829 - JDK-8316581: Improve performance of Symbol::print_value_on() - JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm - JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm - JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm - JDK-8317738: CodeCacheFullCountTest failed with "VirtualMachineError: Out of space in CodeCache for method handle intrinsic" - JDK-8318964: Fix build failures caused by 8315097 - JDK-8319574: Exec/process tests should be marked as flagless - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319651: Several network tests ignore vm flags when start java process - JDK-8319817: Charset constructor should make defensive copy of aliases - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320675: PrinterJob/SecurityDialogTest.java hangs - JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321543: Update NSS to version 3.96 - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322766: Micro bench SSLHandshake should use default algorithms - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 - JDK-8324841: PKCS11 tests still skip execution - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325616: JFR ZGC Allocation Stall events should record stack traces - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8326948: Force English locale for timeout formatting - JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug - JDK-8327474: Review use of java.io.tmpdir in jdk tests - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8328957: Update PKCS11Test.java to not use hardcoded path - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330464: hserr generic events - add entry for the before_exit calls - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8330814: Cleanups for KeepAliveCache tests - JDK-8331142: Add test for number of loader threads in BasicDirectoryModel - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS - JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock - JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only - JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer - JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' - JDK-8331863: DUIterator_Fast used before it is constructed - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null - JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' - JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int' - JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335904: Fix invalid comment in ShenandoahLock - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336342: Fix known X11 library locations in sysroot - JDK-8336343: Add more known sysroot library locations for ALSA - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338286: GHA: Demote x86_32 to hotspot build only - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags - JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8 - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14 java-17-openjdk-17.0.14.0-150400.3.51.1.src.rpm java-17-openjdk-17.0.14.0-150400.3.51.1.x86_64.rpm java-17-openjdk-demo-17.0.14.0-150400.3.51.1.x86_64.rpm java-17-openjdk-devel-17.0.14.0-150400.3.51.1.x86_64.rpm java-17-openjdk-headless-17.0.14.0-150400.3.51.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-285 Security update for go1.24 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.24 fixes the following issues: This update ships go1.24rc2 (bsc#1236217). - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) - CVE-2025-22865: Avoid panic when parsing partial PKCS#1 private keys (bsc#1236361) - CVE-2024-45340: Restore netrc preferences for GOAUTH and fix domain lookup (bsc#1236360) go1.24-1.24rc2-150000.1.3.1.src.rpm go1.24-1.24rc2-150000.1.3.1.x86_64.rpm go1.24-doc-1.24rc2-150000.1.3.1.x86_64.rpm go1.24-race-1.24rc2-150000.1.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-280 Security update for go1.23 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.23 fixes the following issues: - Update to go1.23.5 (bsc#1229122) - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) go1.23-1.23.5-150000.1.18.1.src.rpm go1.23-1.23.5-150000.1.18.1.x86_64.rpm go1.23-doc-1.23.5-150000.1.18.1.x86_64.rpm go1.23-race-1.23.5-150000.1.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-281 Security update for go1.22 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.22 fixes the following issues: - Update to go1.22.11 (bsc#1218424) - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) go1.22-1.22.11-150000.1.39.1.src.rpm go1.22-1.22.11-150000.1.39.1.x86_64.rpm go1.22-doc-1.22.11-150000.1.39.1.x86_64.rpm go1.22-race-1.22.11-150000.1.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-361 Recommended update for libzypp, zypper moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - Create '.keep_packages' in the package cache dir to enforce keeping downloaded packages of all repos cached there (bsc#1232458) - Fix missing UID checks in repomanager workflow - Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp - Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply to lxc and lxd containers as well - Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - lr: Show the repositories keep-packages flag (bsc#1232458) It is shown in the details view or by using -k,--keep-packages. In addition libyzpp supports to enforce keeping downloaded packages of all repos within a package cache by creating a '.keep_packages' file there - Try to refresh update repos first to have updated GPG keys on the fly (bsc#1234752) An update repo may contain a prolonged GPG key for the GA repo. Refreshing the update repo first updates a trusted key on the fly and avoids a 'key has expired' warning being issued when refreshing the GA repo - Refresh: restore legacy behavior and suppress Exception reporting as non-root (bsc#1235636) libzypp-17.35.19-150400.3.110.1.src.rpm True libzypp-17.35.19-150400.3.110.1.x86_64.rpm True libzypp-devel-17.35.19-150400.3.110.1.x86_64.rpm True zypper-1.14.81-150400.3.73.1.src.rpm True zypper-1.14.81-150400.3.73.1.x86_64.rpm True zypper-log-1.14.81-150400.3.73.1.noarch.rpm True zypper-needs-restarting-1.14.81-150400.3.73.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-282 Security update for nginx important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack (bsc#1216171) - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information (bsc#1229155) nginx-1.21.5-150400.3.6.1.src.rpm nginx-1.21.5-150400.3.6.1.x86_64.rpm nginx-source-1.21.5-150400.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-562 Security update for glibc low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) glibc-2.31-150300.92.1.src.rpm glibc-2.31-150300.92.1.x86_64.rpm glibc-devel-2.31-150300.92.1.x86_64.rpm glibc-devel-static-2.31-150300.92.1.x86_64.rpm glibc-extra-2.31-150300.92.1.x86_64.rpm glibc-i18ndata-2.31-150300.92.1.noarch.rpm glibc-info-2.31-150300.92.1.noarch.rpm glibc-lang-2.31-150300.92.1.noarch.rpm glibc-locale-2.31-150300.92.1.x86_64.rpm glibc-locale-base-2.31-150300.92.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.92.1.x86_64.rpm glibc-profile-2.31-150300.92.1.x86_64.rpm glibc-utils-2.31-150300.92.1.x86_64.rpm glibc-utils-src-2.31-150300.92.1.src.rpm nscd-2.31-150300.92.1.x86_64.rpm glibc-32bit-2.31-150300.92.1.x86_64.rpm glibc-devel-32bit-2.31-150300.92.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-341 Security update for libxml2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) libxml2-2-2.9.14-150400.5.35.1.x86_64.rpm libxml2-2.9.14-150400.5.35.1.src.rpm libxml2-devel-2.9.14-150400.5.35.1.x86_64.rpm libxml2-python-2.9.14-150400.5.35.1.src.rpm libxml2-tools-2.9.14-150400.5.35.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.35.1.x86_64.rpm python311-libxml2-2.9.14-150400.5.35.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.35.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-350 Security update for xrdp important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xrdp fixes the following issues: - CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769) libpainter0-0.9.13.1-150200.4.33.1.x86_64.rpm librfxencode0-0.9.13.1-150200.4.33.1.x86_64.rpm xrdp-0.9.13.1-150200.4.33.1.src.rpm xrdp-0.9.13.1-150200.4.33.1.x86_64.rpm xrdp-devel-0.9.13.1-150200.4.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-325 Security update for clamav important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clamav fixes the following issues: New version 1.4.2: * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242) - New version 1.4.1: * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html - New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html - New version 1.3.2: * CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service condition. * Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. * Fix unit test caused by expiring signing certificate. * Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. * Fixed an unaligned pointer dereference issue on select architectures. * Fixes to Jenkins CI pipeline. - New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - New version: 1.3.0: * Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default, but may be optionally disabled. * Added file type recognition for compiled Python ('.pyc') files. * Improved support for decrypting PDFs with empty passwords. * Fixed a warning when scanning some HTML files. * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan. - New version: 1.2.0: * Added support for extracting Universal Disk Format (UDF) partitions. * Added an option to customize the size of ClamAV's clean file cache. * Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes. * Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror. * Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree. * PID and socket are now located under /run/clamav/clamd.pid and /run/clamav/clamd.sock . * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature. - New version 1.1.0: * https://blog.clamav.net/2023/05/clamav-110-released.html * Added the ability to extract images embedded in HTML CSS <style> blocks. * Updated to Sigtool so that the '--vba' option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA. * Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and FailIfCvdOlderThan to clamd.conf * Added a new function 'cl_cvdgetage()' to the libclamav API. * Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API. - bsc#1180296: Integrate clamonacc as a service. - New version 1.0.1 LTS (including changes in 0.104 and 0.105): * As of ClamAV 0.104, CMake is required to build ClamAV. * As of ClamAV 0.105, Rust is now required to compile ClamAV. * Increased the default limits for file and scan size: * MaxScanSize: 100M to 400M * MaxFileSize: 25M to 100M * StreamMaxLength: 25M to 100M * PCREMaxFileSize: 25M to 100M * MaxEmbeddedPE: 10M to 40M * MaxHTMLNormalize: 10M to 40M * MaxScriptNormalize: 5M to 20M * MaxHTMLNoTags: 2M to 8M * Added image fuzzy hash subsignatures for logical signatures. * Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. * Overhauled the implementation of the all-match feature. * Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction. * Added a new function to the public API for unpacking CVD signature archives. * The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. * For a full list of changes see the release announcements: * https://blog.clamav.net/2022/11/clamav-100-lts-released.html * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html * https://blog.clamav.net/2021/09/clamav-01040-released.html - Build clamd with systemd support. * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) * CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized da (bsc#1103032) - Package huge .html documentation in a separate subpackage. - Update to 0.103.7 (bsc#1202986) - Zip parser: tolerate 2-byte overlap in file entries - Fix bug with logical signature Intermediates feature - Update to UnRAR v6.1.7 - Patch UnRAR: allow skipping files in solid archives - Patch UnRAR: limit dict winsize to 1GB - Use a split-provides for clamav-milter instead of recommending it. - Package clamav-milter in a subpackage - Remove virus signatures upon uninstall - Check for database existence before starting clamd - Restart clamd when it exits - Don't daemonize freshclam, but use a systemd timer instead to trigger updates clamav-1.4.2-150200.8.3.1.src.rpm clamav-1.4.2-150200.8.3.1.x86_64.rpm clamav-devel-1.4.2-150200.8.3.1.x86_64.rpm clamav-docs-html-1.4.2-150200.8.3.1.noarch.rpm clamav-milter-1.4.2-150200.8.3.1.x86_64.rpm libclamav12-1.4.2-150200.8.3.1.x86_64.rpm libclammspack0-1.4.2-150200.8.3.1.x86_64.rpm libfreshclam3-1.4.2-150200.8.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-378 Optional update for cronie low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libOpenCL1 fixes the following issue: - Ship existing libOpenCL1 to more products. libOpenCL1-2.3.1-150100.8.17.1.x86_64.rpm libOpenCL1-32bit-2.3.1-150100.8.17.1.x86_64.rpm ocl-icd-2.3.1-150100.8.17.1.src.rpm ocl-icd-devel-2.3.1-150100.8.17.1.x86_64.rpm ocl-icd-devel-32bit-2.3.1-150100.8.17.1.x86_64.rpm opencl-headers-2.2+git.20211214-150000.3.5.1.noarch.rpm opencl-headers-2.2+git.20211214-150000.3.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-340 Security update for rsync moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. rsync-3.2.3-150400.3.20.1.src.rpm rsync-3.2.3-150400.3.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-399 Recommended update for java-1_8_0-openjdk moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - Update to version jdk8u442 (icedtea-3.34.0) * Security fixes + No CVE from the January 2025 CPU affects jdk8u432, nonetheless this release contains defense-in-depth fixes * Import of OpenJDK 8 u442 build 06 + Zero name_index item of MethodParameters attribute cause MalformedParameterException + (fs) java/nio/file/Files/probeContentType/ParallelProbes.java should use othervm mode + Swing: Invalid position of candidate pop-up of InputMethod in Hi-DPI on Windows + Upgrade to LittleCMS 2.12 + Open source several Swing Text related tests + Enhanced Building of Processes + Add an operation mode to the jar command when extracting to not overwriting existing files + Enhance mask blit functionality redux + GHA: some of bundles may not get removed + [8u] Profiler crashes at guarantee(is_result_safe || is_in_asgct()): unsafe access to zombie method + Replace ThreadLocalStorage::thread with Thread::current_or_null in jdk8 java-1_8_0-openjdk-1.8.0.442-150000.3.103.2.src.rpm java-1_8_0-openjdk-1.8.0.442-150000.3.103.2.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.442-150000.3.103.2.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.442-150000.3.103.2.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.442-150000.3.103.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-344 Security update for orc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files (bsc#1228184) liborc-0_4-0-0.4.28-150000.3.9.1.x86_64.rpm orc-0.4.28-150000.3.9.1.src.rpm orc-0.4.28-150000.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-319 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - Update to version 1.35.5 - CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. (bsc#1236272) buildah-1.35.5-150400.3.36.1.src.rpm buildah-1.35.5-150400.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-375 Recommended update for rmt-server moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Allow users to configure the SUMA product tree base URL to download 'product_tree.json' from host other than 'scc.suse.com' (bsc#1234844) - Update Micro check due to Micro 6.0 and 6.1 identifier (bsc#1230419) - Remove obsolete repositories and associations from rmt during SCC sync (bsc#1232808) - Do not re-download repomd metadata if already exists and be the latest version - rmt-server-pubcloud: * Update Zypper path allowing check to handle paid extensions (i.e. LTSS) (bsc#1230157) * Add data export engine rmt-server-2.21-150400.3.37.1.src.rpm rmt-server-2.21-150400.3.37.1.x86_64.rpm rmt-server-config-2.21-150400.3.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-370 Security update for curl moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) curl-8.0.1-150400.5.62.1.src.rpm curl-8.0.1-150400.5.62.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.62.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.62.1.x86_64.rpm libcurl4-8.0.1-150400.5.62.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-349 Security update for openssl-1_1 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136) libopenssl-1_1-devel-1.1.1l-150400.7.78.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.78.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.78.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.78.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.78.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.78.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.78.1.src.rpm openssl-1_1-1.1.1l-150400.7.78.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-374 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox to 128.7esr fixes the following issues: * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 MozillaFirefox-128.7.0-150200.152.170.1.src.rpm MozillaFirefox-128.7.0-150200.152.170.1.x86_64.rpm MozillaFirefox-devel-128.7.0-150200.152.170.1.noarch.rpm MozillaFirefox-translations-common-128.7.0-150200.152.170.1.x86_64.rpm MozillaFirefox-translations-other-128.7.0-150200.152.170.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-384 Security update for bind important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bind fixes the following issues: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) bind-9.16.50-150400.5.46.1.src.rpm bind-9.16.50-150400.5.46.1.x86_64.rpm bind-doc-9.16.50-150400.5.46.1.noarch.rpm bind-utils-9.16.50-150400.5.46.1.x86_64.rpm python3-bind-9.16.50-150400.5.46.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-388 Security update for openssl-3 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). libopenssl-3-devel-3.0.8-150400.4.72.1.x86_64.rpm libopenssl3-3.0.8-150400.4.72.1.x86_64.rpm openssl-3-3.0.8-150400.4.72.1.src.rpm openssl-3-3.0.8-150400.4.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-474 Recommended update for rust moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust fixes the following issues: - Update to version 1.84.0 - for details see the rust1.84 package Version 1.84.0 (2025-01-09) ========================== Language -------- - Allow `#[deny]` inside `#[forbid]` as a no-op - Show a warning when `-Ctarget-feature` is used to toggle features that can lead to unsoundness due to ABI mismatches - Use the next-generation trait solver in coherence - Allow coercions to drop the principal of trait objects - Support `/` as the path separator for `include!()` in all cases on Windows - Taking a raw ref (`raw (const|mut)`) of a deref of a pointer (`*ptr`) is now safe - Stabilize s390x inline assembly - Stabilize Arm64EC inline assembly - Lint against creating pointers to immediately dropped temporaries - Execute drop glue when unwinding in an `extern "C"` function Compiler -------- - Add `--print host-tuple` flag to print the host target tuple and affirm the "target tuple" terminology over "target triple" - Declaring functions with a calling convention not supported on the current target now triggers a hard error - Set up indirect access to external data for `loongarch64-unknown-linux-{musl,ohos}` - Enable XRay instrumentation for LoongArch Linux targets - Extend the `unexpected_cfgs` lint to also warn in external macros - Stabilize WebAssembly `multivalue`, `reference-types`, and `tail-call` target features - Added Tier 2 support for the `wasm32v1-none` target Libraries --------- - Implement `From<&mut {slice}>` for `Box/Rc/Arc<{slice}>` - Move `<float>::copysign`, `<float>::abs`, `<float>::signum` to `core` - Add `LowerExp` and `UpperExp` implementations to `NonZero` - Implement `FromStr` for `CString` and `TryFrom<CString>` for `String` - `std::os::darwin` has been made public Stabilized APIs --------------- - `Ipv6Addr::is_unique_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unique_local - `Ipv6Addr::is_unicast_link_local` https://doc.rust-lang.org/stable/core/net/struct.Ipv6Addr.html#method.is_unicast_link_local - `core::ptr::with_exposed_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance.html - `core::ptr::with_exposed_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.with_exposed_provenance_mut.html - `<ptr>::addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.addr - `<ptr>::expose_provenance` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.expose_provenance - `<ptr>::with_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.with_addr - `<ptr>::map_addr` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.map_addr - `<int>::isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.isqrt - `<int>::checked_isqrt` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.checked_isqrt - `<uint>::isqrt` https://doc.rust-lang.org/stable/core/primitive.u32.html#method.isqrt - `NonZero::isqrt` https://doc.rust-lang.org/stable/core/num/struct.NonZero.html#impl-NonZero%3Cu128%3E/method.isqrt - `core::ptr::without_provenance` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance.html - `core::ptr::without_provenance_mut` https://doc.rust-lang.org/stable/core/ptr/fn.without_provenance_mut.html - `core::ptr::dangling` https://doc.rust-lang.org/stable/core/ptr/fn.dangling.html - `core::ptr::dangling_mut` https://doc.rust-lang.org/stable/core/ptr/fn.dangling_mut.html - `Pin::as_deref_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.as_deref_mut - `AtomicBool::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicBool.html#method.from_ptr - `AtomicPtr::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicPtr.html#method.from_ptr - `AtomicU8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU8.html#method.from_ptr - `AtomicU16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU16.html#method.from_ptr - `AtomicU32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU32.html#method.from_ptr - `AtomicU64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicU64.html#method.from_ptr - `AtomicUsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicUsize.html#method.from_ptr - `AtomicI8::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI8.html#method.from_ptr - `AtomicI16::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI16.html#method.from_ptr - `AtomicI32::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI32.html#method.from_ptr - `AtomicI64::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicI64.html#method.from_ptr - `AtomicIsize::from_ptr` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicIsize.html#method.from_ptr - `<ptr>::is_null` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_null-1 - `<ptr>::as_ref` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_ref-1 - `<ptr>::as_mut` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.as_mut - `Pin::new` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new - `Pin::new_unchecked` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.new_unchecked - `Pin::get_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_ref - `Pin::into_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.into_ref - `Pin::get_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_mut - `Pin::get_unchecked_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.get_unchecked_mut - `Pin::static_ref` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_ref - `Pin::static_mut` https://doc.rust-lang.org/stable/core/pin/struct.Pin.html#method.static_mut Cargo ----- - Stabilize MSRV-aware resolver config - Stabilize resolver v3 Rustdoc ------- - rustdoc-search: improve type-driven search Compatibility Notes ------------------- - Enable by default the `LSX` target feature for LoongArch Linux targets - The unstable `-Zprofile` flag (“gcov-style” coverage instrumentation) has been removed. This does not affect the stable flags for coverage instrumentation (`-Cinstrument-coverage`) and profile-guided optimization (`-Cprofile-generate`, `-Cprofile-use`), which are unrelated and remain available. - Support for the target named `wasm32-wasi` has been removed as the target is now named `wasm32-wasip1`. This completes the transition plan for this target following the introduction of `wasm32-wasip1` in Rust 1.78. Compiler warnings on use of `wasm32-wasi` introduced in Rust 1.81 are now gone as well as the target is removed. - The syntax `&pin (mut|const) T` is now parsed as a type which in theory could affect macro expansion results in some edge cases - Legacy syntax for calling `std::arch` functions is no longer permitted to declare items or bodies (such as closures, inline consts, or async blocks). - Declaring functions with a calling convention not supported on the current target now triggers a hard error - The next-generation trait solver is now enabled for coherence, fixing multiple soundness issues cargo-1.84.0-150400.24.36.1.x86_64.rpm cargo1.84-1.84.0-150300.7.4.3.x86_64.rpm rust-1.84.0-150400.24.36.1.src.rpm rust-1.84.0-150400.24.36.1.x86_64.rpm rust1.84-1.84.0-150300.7.4.3.nosrc.rpm rust1.84-1.84.0-150300.7.4.3.x86_64.rpm rust1.84-src-1.84.0-150300.7.4.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-485 Recommended update for rpmlint moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - backport whitelisting for tuned ppd service (bsc#1236016) rpmlint-1.10-150000.7.93.1.noarch.rpm rpmlint-1.10-150000.7.93.1.src.rpm rpmlint-mini-1.10-150400.23.28.1.src.rpm rpmlint-mini-1.10-150400.23.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-508 Recommended update for findutils moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for findutils fixes the following issue: - fix crash when file system loop was encountered (bsc#1231472). findutils-4.8.0-150300.3.3.2.src.rpm findutils-4.8.0-150300.3.3.2.x86_64.rpm findutils-lang-4.8.0-150300.3.3.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-507 Recommended update for open-iscsi moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-iscsi fixes the following issues: - Fix device discovery failure on systems with a large number of devices (bsc#1235606). - Fix issue with yast restarting iscsid service without restarting the iscsid socket, this upsets systemd and it is already fixed in upstream (bsc#1206132). - Branched SLE-15-SP3 from Factory. No longer in sync with Tumbleweed. - Backported upstream commit, which sets 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157). - Updated year in SPEC file iscsiuio-0.7.8.6-150400.39.11.2.x86_64.rpm libopeniscsiusr0_2_0-2.1.7-150400.39.11.2.x86_64.rpm open-iscsi-2.1.7-150400.39.11.2.src.rpm open-iscsi-2.1.7-150400.39.11.2.x86_64.rpm open-iscsi-devel-2.1.7-150400.39.11.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-576 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025). - CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433). - CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764). - CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818). - CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814). - CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920). - CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969). The following non-security bugs were fixed: - NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847). - NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847). - NFS: Improve heuristic for readdirplus (bsc#1231847). - NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). kernel-default-5.14.21-150400.24.150.1.nosrc.rpm True kernel-default-5.14.21-150400.24.150.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.150.1.150400.24.74.1.src.rpm True kernel-default-base-5.14.21-150400.24.150.1.150400.24.74.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.150.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.150.1.noarch.rpm True kernel-docs-5.14.21-150400.24.150.1.noarch.rpm True kernel-docs-5.14.21-150400.24.150.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.150.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.150.1.src.rpm True kernel-obs-build-5.14.21-150400.24.150.1.x86_64.rpm True kernel-source-5.14.21-150400.24.150.1.noarch.rpm True kernel-source-5.14.21-150400.24.150.1.src.rpm True kernel-syms-5.14.21-150400.24.150.1.src.rpm True kernel-syms-5.14.21-150400.24.150.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.150.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-548 Security update for libtasn1 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) libtasn1-4.13-150000.4.11.1.src.rpm libtasn1-4.13-150000.4.11.1.x86_64.rpm libtasn1-6-4.13-150000.4.11.1.x86_64.rpm libtasn1-devel-4.13-150000.4.11.1.x86_64.rpm libtasn1-6-32bit-4.13-150000.4.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-590 Security update for netty, netty-tcnative important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037) - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038) Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final. Other fixes: - Fix recycling in CodecOutputList. - StreamBufferingEncoder: do not send header frame with priority by default. - Notify event loop termination future of unexpected exceptions. - Fix AccessControlException in GlobalEventExecutor. - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency. - Support BouncyCastle FIPS for reading PEM files. - Dns: correctly encode DnsPtrRecord. - Provide Brotli settings without com.aayushatharva.brotli4j dependency. - Make DefaultResourceLeak more resilient against OOM. - OpenSslSession: add support to defensively check for peer certs. - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException. - Correcly handle comments appended to nameserver declarations. - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header. - PcapWriteHandler: allow output of PCAP files larger than 2GB. - Fix bugs in BoundedInputStream. - Fix HTTP header validation bug. - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...). - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced. - Only try to use Zstd and Brotli if the native libs can be loaded. - Bump BlockHound version to 1.0.10.RELEASE. - Add details to TooLongFrameException message. - AdaptivePoolingAllocator: correctly reuse chunks. - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core. - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue. - Fix several memory management (leaks and missing checks) issues. netty-tcnative-2.0.70-150200.3.25.1.src.rpm netty-tcnative-2.0.70-150200.3.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-610 Recommended update for clamav moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clamav fixes the following issue: - Fix location of license files (bsc#1236949). clamav-1.4.2-150200.8.6.2.src.rpm clamav-1.4.2-150200.8.6.2.x86_64.rpm clamav-devel-1.4.2-150200.8.6.2.x86_64.rpm clamav-docs-html-1.4.2-150200.8.6.2.noarch.rpm clamav-milter-1.4.2-150200.8.6.2.x86_64.rpm libclamav12-1.4.2-150200.8.6.2.x86_64.rpm libclammspack0-1.4.2-150200.8.6.2.x86_64.rpm libfreshclam3-1.4.2-150200.8.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-509 Recommended update for go1.24 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.24 fixes the following issues: go1.24 (released 2025-02-11) is a major release of Go. go1.24.x minor releases will be provided through February 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.24 arrives six months after Go 1.23. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1236217) * Language change: Go 1.24 now fully supports generic type aliases: a type alias may be parameterized like a defined type. See the language spec for details. For now, the feature can be disabled by setting GOEXPERIMENT=noaliastypeparams; but the aliastypeparams setting will be removed for Go 1.25. * go command: Go modules can now track executable dependencies using tool directives in go.mod. This removes the need for the previous workaround of adding tools as blank imports to a file conventionally named "tools.go". The go tool command can now run these tools in addition to tools shipped with the Go distribution. * go command: The new -tool flag for go get causes a tool directive to be added to the current module for named packages in addition to adding require directives. * go command: The new tool meta-pattern refers to all tools in the current module. This can be used to upgrade them all with go get tool or to install them into your GOBIN directory with go install tool. * go command: Executables created by go run and the new behavior of go tool are now cached in the Go build cache. This makes repeated executions faster at the expense of making the cache larger. See go#69290. * go command: The go build and go install commands now accept a -json flag that reports build output and failures as structured JSON output on standard output. For details of the reporting format, see go help buildjson. Furthermore, go test -json now reports build output and failures in JSON, interleaved with test result JSON. These are distinguished by new Action types, but if they cause problems in a test integration system, you can revert to the text build output with GODEBUG setting gotestjsonbuildtext=1. * go command: The new GOAUTH environment variable provides a flexible way to authenticate private module fetches. See go help goauth for more information. * go command: The go build command now sets the main module's version in the compiled binary based on the version control system tag and/or commit. A +dirty suffix will be appended if there are uncommitted changes. Use the -buildvcs=false flag to omit version control information from the binary. * go command: The new GODEBUG setting toolchaintrace=1 can be used to trace the go command's toolchain selection process. * cgo: cgo supports new annotations for C functions to improve run time performance. cgo noescape cFunctionName tells the compiler that memory passed to the C function cFunctionname does not escape. cgo nocallback cFunctionName tells the compiler that the C function cFunctionName does not call back to any Go functions. * cgo: cgo currently refuses to compile calls to a C function which has multiple incompatible declarations. For instance, if f is declared as both void f(int) and void f(double), cgo will report an error instead of possibly generating an incorrect call sequence for f(0). New in this release is a better detector for this error condition when the incompatible declarations appear in different files. See go#67699. * objdump: The objdump tool now supports dissassembly on 64-bit LoongArch (GOARCH=loong64), RISC-V (GOARCH=riscv64), and S390X (GOARCH=s390x). * vet: The new tests analyzer reports common mistakes in declarations of tests, fuzzers, benchmarks, and examples in test packages, such as malformed names, incorrect signatures, or examples that document non-existent identifiers. Some of these mistakes may cause tests not to run. This analyzer is among the subset of analyzers that are run by go test. * vet: The existing printf analyzer now reports a diagnostic for calls of the form fmt.Printf(s), where s is a non-constant format string, with no other arguments. Such calls are nearly always a mistake as the value of s may contain the % symbol; use fmt.Print instead. See go#60529. This check tends to produce findings in existing code, and so is only applied when the language version (as specified by the go.mod go directive or //go:build comments) is at least Go 1.24, to avoid causing continuous integration failures when updating to the 1.24 Go toolchain. * vet: The existing buildtag analyzer now reports a diagnostic when there is an invalid Go major version build constraint within a //go:build directive. For example, //go:build go1.23.1 refers to a point release; use //go:build go1.23 instead. See go#64127. * vet: The existing copylock analyzer now reports a diagnostic when a variable declared in a 3-clause "for" loop such as for i := iter(); done(i); i = next(i) { ... } contains a sync.Locker, such as a sync.Mutex. Go 1.22 changed the behavior of these loops to create a new variable for each iteration, copying the value from the previous iteration; this copy operation is not safe for locks. See go#66387. * GOCACHEPROG: The cmd/go internal binary and test caching mechanism can now be implemented by child processes implementing a JSON protocol between the cmd/go tool and the child process named by the GOCACHEPROG environment variable. This was previously behind a GOEXPERIMENT. For protocol details, see the documentation. * Runtime: Several performance improvements to the runtime have decreased CPU overheads by 2-3% on average across a suite of representative benchmarks. Results may vary by application. These improvements include a new builtin map implementation based on Swiss Tables, more efficient memory allocation of small objects, and a new runtime-internal mutex implementation. * Runtime: The new builtin map implementation and new runtime-internal mutex may be disabled by setting GOEXPERIMENT=noswissmap and GOEXPERIMENT=nospinbitmutex at build time respectively. * Compiler: The compiler already disallowed defining new methods with receiver types that were cgo-generated, but it was possible to circumvent that restriction via an alias type. Go 1.24 now always reports an error if a receiver denotes a cgo-generated type, whether directly or indirectly (through an alias type). * Linker: The linker now generates a GNU build ID (the ELF NT_GNU_BUILD_ID note) on ELF platforms and a UUID (the Mach-O LC_UUID load command) on macOS by default. The build ID or UUID is derived from the Go build ID. It can be disabled by the -B none linker flag, or overridden by the -B 0xNNNN linker flag with a user-specified hexadecimal value. * Bootstrap: As mentioned in the Go 1.22 release notes, Go 1.24 now requires Go 1.22.6 or later for bootstrap. We expect that Go 1.26 will require a point release of Go 1.24 or later for bootstrap. * Standard library: Directory-limited filesystem access: The new os.Root type provides the ability to perform filesystem operations within a specific directory. The os.OpenRoot function opens a directory and returns an os.Root. Methods on os.Root operate within the directory and do not permit paths that refer to locations outside the directory, including ones that follow symbolic links out of the directory. The methods on os.Root mirror most of the file system operations available in the os package, including for example os.Root.Open, os.Root.Create, os.Root.Mkdir, and os.Root.Stat, * Standard library: new benchmark function: Benchmarks may now use the faster and less error-prone testing.B.Loop method to perform benchmark iterations like for b.Loop() { ... } in place of the typical loop structures involving b.N like for range b.N. This offers two significant advantages: 1) The benchmark function will execute exactly once per -count, so expensive setup and cleanup steps execute only once, and 2) Function call parameters and results are kept alive, preventing the compiler from fully optimizing away the loop body. * Standard library: Improved finalizers: The new runtime.AddCleanup function is a finalization mechanism that is more flexible, more efficient, and less error-prone than runtime.SetFinalizer. AddCleanup attaches a cleanup function to an object that will run once the object is no longer reachable. However, unlike SetFinalizer, multiple cleanups may be attached to a single object, cleanups may be attached to interior pointers, cleanups do not generally cause leaks when objects form a cycle, and cleanups do not delay the freeing of an object or objects it points to. New code should prefer AddCleanup over SetFinalizer. * Standard library: New weak package: The new weak package provides weak pointers. Weak pointers are a low-level primitive provided to enable the creation of memory-efficient structures, such as weak maps for associating values, canonicalization maps for anything not covered by package unique, and various kinds of caches. For supporting these use-cases, this release also provides runtime.AddCleanup and maphash.Comparable. * Standard library: New crypto/mlkem package: The new crypto/mlkem package implements ML-KEM-768 and ML-KEM-1024. ML-KEM is a post-quantum key exchange mechanism formerly known as Kyber and specified in FIPS 203. * Standard library: New crypto/hkdf, crypto/pbkdf2, and crypto/sha3 packages: The new crypto/hkdf package implements the HMAC-based Extract-and-Expand key derivation function HKDF, as defined in RFC 5869. The new crypto/pbkdf2 package implements the password-based key derivation function PBKDF2, as defined in RFC 8018. The new crypto/sha3 package implements the SHA-3 hash function and SHAKE and cSHAKE extendable-output functions, as defined in FIPS 202. All three packages are based on pre-existing golang.org/x/crypto/... packages. * FIPS: release includes a new set of mechanisms to facilitate FIPS 140-3 compliance. See https://go.dev/doc/security/fips140 The Go Cryptographic Module is a set of internal standard library packages that are transparently used to implement FIPS 140-3 approved algorithms. Applications require no changes to use the Go Cryptographic Module for approved algorithms. * FIPS: The new GOFIPS140 environment variable can be used to select the Go Cryptographic Module version to use in a build. The new fips140 GODEBUG setting can be used to enable FIPS 140-3 mode at runtime. * FIPS: Go 1.24 includes Go Cryptographic Module version v1.0.0, which is currently under test with a CMVP-accredited laboratory. * Standard library: New experimental testing/synctest package: The new experimental testing/synctest package provides support for testing concurrent code. The synctest.Run function starts a group of goroutines in an isolated "bubble". Within the bubble, time package functions operate on a fake clock. The synctest.Wait function waits for all goroutines in the current bubble to block. The synctest package is experimental and must be enabled by setting GOEXPERIMENT=synctest at build time. The package API is subject to change in future releases. See issue go#67434 for more information and to provide feeback. * archive: The (*Writer).AddFS implementations in both archive/zip and archive/tar now write a directory header for an empty directory. * bytes: The bytes package adds several functions that work with iterators. * bytes: Lines returns an iterator over the newline-terminated lines in a byte slice. * bytes: SplitSeq returns an iterator over all subslices of a byte slice split around a separator. * bytes: SplitAfterSeq returns an iterator over subslices of a byte slice split after each instance of a separator. * bytes: FieldsSeq returns an iterator over subslices of a byte slice split around runs of whitespace characters, as defined by unicode.IsSpace. * bytes: FieldsFuncSeq returns an iterator over subslices of a byte slice split around runs of Unicode code points satisfying a predicate. * crypto/aes: The value returned by NewCipher no longer implements the NewCTR, NewGCM, NewCBCEncrypter, and NewCBCDecrypter methods. These methods were undocumented and not available on all architectures. Instead, the Block value should be passed directly to the relevant crypto/cipher functions. For now, crypto/cipher still checks for those methods on Block values, even if they are not used by the standard library anymore. * crypto/aes: The Stream implementation returned by NewCTR when used with crypto/aes is now several times faster on amd64 and arm64. * crypto/cipher: The new NewGCMWithRandomNonce function returns an AEAD that implements AES-GCM by generating a random nonce during Seal and prepending it to the ciphertext. * crypto/cipher: NewOFB, NewCFBEncrypter, and NewCFBDecrypter are now deprecated. OFB and CFB mode are not authenticated, which generally enables active attacks to manipulate and recover the plaintext. It is recommended that applications use AEAD modes instead. If an unauthenticated Stream mode is required, use NewCTR instead. * crypto/ecdsa: PrivateKey.Sign now produces a deterministic signature according to RFC 6979 if the random source is nil. * crypto/md5: The value returned by md5.New now also implements the encoding.BinaryAppender interface. * crypto/rand: The Read function is now guaranteed not to fail. It will always return nil as the error result. If Read were to encounter an error while reading from Reader, the program will irrecoverably crash. Note that the platform APIs used by the default Reader are documented to always succeed, so this change should only affect programs that override the Reader variable. One exception are Linux kernels before version 3.17, where the default Reader still opens /dev/urandom and may fail. * crypto/rand: On Linux 6.11 and later, Reader now uses the getrandom system call via vDSO. This is several times faster, especially for small reads. * crypto/rand: On OpenBSD, Reader now uses arc4random_buf(3). * crypto/rand: The new Text function can be used to generate cryptographically secure random text strings. * crypto/rsa: GenerateKey now returns an error if a key of less than 1024 bits is requested. All Sign, Verify, Encrypt, and Decrypt methods now return an error if used with a key smaller than 1024 bits. Such keys are insecure and should not be used. GODEBUG setting rsa1024min=0 restores the old behavior, but we recommend doing so only if necessary and only in tests, for example by adding a //go:debug rsa1024min=0 line to a test file. A new GenerateKey example provides an easy-to-use standard 2048-bit test key. * crypto/rsa: It is now safe and more efficient to call PrivateKey.Precompute before PrivateKey.Validate. Precompute is now faster in the presence of partially filled out PrecomputedValues, such as when unmarshaling a key from JSON. * crypto/rsa: The package now rejects more invalid keys, even when Validate is not called, and GenerateKey may return new errors for broken random sources. The Primes and Precomputed fields of PrivateKey are now used and validated even when some values are missing. See also the changes to crypto/x509 parsing and marshaling of RSA keys described below. * crypto/rsa: SignPKCS1v15 and VerifyPKCS1v15 now support SHA-512/224, SHA-512/256, and SHA-3. * crypto/rsa: GenerateKey now uses a slightly different method to generate the private exponent (Carmichael's totient instead of Euler's totient). Rare applications that externally regenerate keys from only the prime factors may produce different but compatible results. * crypto/rsa: Public and private key operations are now up to two times faster on wasm. * crypto/sha1: The value returned by sha1.New now also implements the encoding.BinaryAppender interface. * crypto/sha256: The values returned by sha256.New and sha256.New224 now also implement the encoding.BinaryAppender interface. * crypto/sha512: The values returned by sha512.New, sha512.New384, sha512.New512_224 and sha512.New512_256 now also implement the encoding.BinaryAppender interface. * crypto/subtle: The new WithDataIndependentTiming function allows the user to run a function with architecture specific features enabled which guarantee specific instructions are data value timing invariant. This can be used to make sure that code designed to run in constant time is not optimized by CPU-level features such that it operates in variable time. Currently, WithDataIndependentTiming uses the PSTATE.DIT bit on arm64, and is a no-op on all other architectures. GODEBUG setting dataindependenttiming=1 enables the DIT mode for the entire Go program. * crypto/subtle: The XORBytes output must overlap exactly or not at all with the inputs. Previously, the behavior was otherwise undefined, while now XORBytes will panic. * crypto/tls: The TLS server now supports Encrypted Client Hello (ECH). This feature can be enabled by populating the Config.EncryptedClientHelloKeys field. * crypto/tls: The new post-quantum X25519MLKEM768 key exchange mechanism is now supported and is enabled by default when Config.CurvePreferences is nil. GODEBUG setting tlsmlkem=0 reverts the default. * crypto/tls: Support for the experimental X25519Kyber768Draft00 key exchange has been removed. * crypto/tls: Key exchange ordering is now handled entirely by the crypto/tls package. The order of Config.CurvePreferences is now ignored, and the contents are only used to determine which key exchanges to enable when the field is populated. * crypto/tls: The new ClientHelloInfo.Extensions field lists the IDs of the extensions received in the Client Hello message. This can be useful for fingerprinting TLS clients. * crypto/x509: The x509sha1 GODEBUG setting has been removed. Certificate.Verify no longer supports SHA-1 based signatures. * crypto/x509: OID now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * crypto/x509: The default certificate policies field has changed from Certificate.PolicyIdentifiers to Certificate.Policies. When parsing certificates, both fields will be populated, but when creating certificates policies will now be taken from the Certificate.Policies field instead of the Certificate.PolicyIdentifiers field. This change can be reverted with GODEBUG setting x509usepolicies=0. * crypto/x509: CreateCertificate will now generate a serial number using a RFC 5280 compliant method when passed a template with a nil Certificate.SerialNumber field, instead of failing. * crypto/x509: Certificate.Verify now supports policy validation, as defined in RFC 5280 and RFC 9618. The new VerifyOptions.CertificatePolicies field can be set to an acceptable set of policy OIDs. Only certificate chains with valid policy graphs will be returned from Certificate.Verify. * crypto/x509: MarshalPKCS8PrivateKey now returns an error instead of marshaling an invalid RSA key. (MarshalPKCS1PrivateKey doesn't have an error return, and its behavior when provided invalid keys continues to be undefined.) * crypto/x509: ParsePKCS1PrivateKey and ParsePKCS8PrivateKey now use and validate the encoded CRT values, so might reject invalid RSA keys that were previously accepted. Use GODEBUG setting x509rsacrt=0 to revert to recomputing the CRT values. * debug/elf: The debug/elf package adds support for handling symbol versions in dynamic ELF (Executable and Linkable Format) files. The new File.DynamicVersions method returns a list of dynamic versions defined in the ELF file. The new File.DynamicVersionNeeds method returns a list of dynamic versions required by this ELF file that are defined in other ELF objects. Finally, the new Symbol.HasVersion and Symbol.VersionIndex fields indicate the version of a symbol. * encoding: Two new interfaces, TextAppender and BinaryAppender, have been introduced to append the textual or binary representation of an object to a byte slice. These interfaces provide the same functionality as TextMarshaler and BinaryMarshaler, but instead of allocating a new slice each time, they append the data directly to an existing slice. These interfaces are now implemented by standard library types that already implemented TextMarshaler and/or BinaryMarshaler. * encoding/json: When marshaling, a struct field with the new omitzero option in the struct field tag will be omitted if its value is zero. If the field type has an IsZero() bool method, that will be used to determine whether the value is zero. Otherwise, the value is zero if it is the zero value for its type. The omitzero field tag is clearer and less error-prone than omitempty when the intent is to omit zero values. In particular, unlike omitempty, omitzero omits zero-valued time.Time values, which is a common source of friction. * encoding/json: If both omitempty and omitzero are specified, the field will be omitted if the value is either empty or zero (or both). * encoding/json: UnmarshalTypeError.Field now includes embedded structs to provide more detailed error messages. * go/types: All go/types data structures that expose sequences using a pair of methods such as Len() int and At(int) T now also have methods that return iterators, allowing you to simplify code. The methods are: Interface.EmbeddedTypes, Interface.ExplicitMethods, Interface.Methods, MethodSet.Methods, Named.Methods, Scope.Children, Struct.Fields, Tuple.Variables, TypeList.Types, TypeParamList.TypeParams, Union.Terms. * hash/adler32: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/crc32: The values returned by New and NewIEEE now also implement the encoding.BinaryAppender interface. * hash/crc64: The value returned by New now also implements the encoding.BinaryAppender interface. * hash/fnv: The values returned by New32, New32a, New64, New64a, New128 and New128a now also implement the encoding.BinaryAppender interface. * hash/maphash: The new Comparable and WriteComparable functions can compute the hash of any comparable value. These make it possible to hash anything that can be used as a Go map key. * log/slog: The new DiscardHandler is a handler that is never enabled and always discards its output. * log/slog: Level and LevelVar now implement the encoding.TextAppender interface. * math/big: Float, Int and Rat now implement the encoding.TextAppender interface. * math/rand: Calls to the deprecated top-level Seed function no longer have any effect. To restore the old behavior use GODEBUG setting randseednop=0. For more background see proposal go#67273. * math/rand/v2: ChaCha8 and PCG now implement the encoding.BinaryAppender interface. * net: ListenConfig now uses MPTCP by default on systems where it is supported (currently on Linux only). * net: IP now implements the encoding.TextAppender interface. * net/http: Transport's limit on 1xx informational responses received in response to a request has changed. It previously aborted a request and returned an error after receiving more than 5 1xx responses. It now returns an error if the total size of all 1xx responses exceeds the Transport.MaxResponseHeaderBytes configuration setting. * net/http: In addition, when a request has a net/http/httptrace.ClientTrace.Got1xxResponse trace hook, there is now no limit on the total number of 1xx responses. The Got1xxResponse hook may return an error to abort a request. * net/http: Transport and Server now have an HTTP2 field which permits configuring HTTP/2 protocol settings. * net/http: The new Server.Protocols and Transport.Protocols fields provide a simple way to configure what HTTP protocols a server or client use. * net/http: The server and client may be configured to support unencrypted HTTP/2 connections. * net/http: When Server.Protocols contains UnencryptedHTTP2, the server will accept HTTP/2 connections on unencrypted ports. The server can accept both HTTP/1 and unencrypted HTTP/2 on the same port. * net/http: When Transport.Protocols contains UnencryptedHTTP2 and does not contain HTTP1, the transport will use unencrypted HTTP/2 for http:// URLs. If the transport is configured to use both HTTP/1 and unencrypted HTTP/2, it will use HTTP/1. * net/http: Unencrypted HTTP/2 support uses "HTTP/2 with Prior Knowledge" (RFC 9113, section 3.3). The deprecated "Upgrade: h2c" header is not supported. * net/netip: Addr, AddrPort and Prefix now implement the encoding.BinaryAppender and encoding.TextAppender interfaces. * net/url: URL now also implements the encoding.BinaryAppender interface. * os/user: On Windows, Current can now be used in Windows Nano Server. The implementation has been updated to avoid using functions from the NetApi32 library, which is not available in Nano Server. * os/user: On Windows, Current, Lookup and LookupId now support the following built-in service user accounts: NT AUTHORITY\SYSTEM, NT AUTHORITY\LOCAL SERVICE, NT AUTHORITY\NETWORK SERVICE * os/user: On Windows, Current has been made considerably faster when the current user is joined to a slow domain, which is the usual case for many corporate users. The new implementation performance is now in the order of milliseconds, compared to the previous implementation which could take several seconds, or even minutes, to complete. * os/user: On Windows, Current now returns the process owner user when the current thread is impersonating another user. Previously, it returned an error. * regexp: Regexp now implements the encoding.TextAppender interface. * runtime: The GOROOT function is now deprecated. In new code prefer to use the system path to locate the "go" binary, and use go env GOROOT to find its GOROOT. * strings: The strings package adds several functions that work with iterators. * strings: Lines returns an iterator over the newline-terminated lines in a string. * strings: SplitSeq returns an iterator over all substrings of a string split around a separator. * strings: SplitAfterSeq returns an iterator over substrings of a string split after each instance of a separator. * strings: FieldsSeq returns an iterator over substrings of a string split around runs of whitespace characters, as defined by unicode.IsSpace. * strings: FieldsFuncSeq returns an iterator over substrings of a string split around runs of Unicode code points satisfying a predicate. * sync: The implementation of sync.Map has been changed, improving performance, particularly for map modifications. For instance, modifications of disjoint sets of keys are much less likely to contend on larger maps, and there is no longer any ramp-up time required to achieve low-contention loads from the map. If you encounter any problems, set GOEXPERIMENT=nosynchashtriemap at build time to switch back to the old implementation and please file an issue. * testing: The new T.Context and B.Context methods return a context that's canceled after the test completes and before test cleanup functions run. * testing: The new T.Chdir and B.Chdir methods can be used to change the working directory for the duration of a test or benchmark. * text/template: Templates now support range-over-func and range-over-int. * time: Time now implements the encoding.BinaryAppender and encoding.TextAppender interfaces. * Linux port: As announced in the Go 1.23 release notes, Go 1.24 requires Linux kernel version 3.2 or later. * Darwin port: Go 1.24 is the last release that will run on macOS 11 Big Sur. Go 1.25 will require macOS 12 Monterey or later. * WebAssembly: The go:wasmexport compiler directive is added for Go programs to export functions to the WebAssembly host. * WebAssembly: On WebAssembly System Interface Preview 1 (GOOS=wasip1 GOARCH=wasm), Go 1.24 supports building a Go program as a reactor/library, by specifying the -buildmode=c-shared build flag. * WebAssembly: More types are now permitted as argument or result types for go:wasmimport functions. Specifically, bool, string, uintptr, and pointers to certain types are allowed (see the documentation for detail), along with 32-bit and 64-bit integer and float types, and unsafe.Pointer, which are already allowed. These types are also permitted as argument or result types for go:wasmexport functions. * WebAssembly: The support files for WebAssembly have been moved to lib/wasm from misc/wasm. * Windows: The 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been marked broken. See issue go#70705 for details. go1.24-1.24.0-150000.1.9.1.src.rpm go1.24-1.24.0-150000.1.9.1.x86_64.rpm go1.24-doc-1.24.0-150000.1.9.1.x86_64.rpm go1.24-race-1.24.0-150000.1.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-621 Recommended update for btrfsmaintenance moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for btrfsmaintenance fixes the following issue: - reset cron OnCalendar for generated drop-in files (bsc#1233068). btrfsmaintenance-0.4.2-150100.3.6.2.noarch.rpm btrfsmaintenance-0.4.2-150100.3.6.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-599 Security update for emacs important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom "man" URI schemes allow for shell command injections. (bsc#1237091) emacs-27.2-150400.3.23.2.src.rpm emacs-27.2-150400.3.23.2.x86_64.rpm emacs-el-27.2-150400.3.23.2.noarch.rpm emacs-info-27.2-150400.3.23.2.noarch.rpm emacs-nox-27.2-150400.3.23.2.x86_64.rpm emacs-x11-27.2-150400.3.23.2.x86_64.rpm etags-27.2-150400.3.23.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-618 Security update for postgresql17 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). libecpg6-17.4-150200.5.10.1.x86_64.rpm libpq5-17.4-150200.5.10.1.x86_64.rpm libpq5-32bit-17.4-150200.5.10.1.x86_64.rpm postgresql17-17.4-150200.5.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-636 Security update for postgresql16 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). postgresql16-16.8-150200.5.26.1.src.rpm postgresql16-16.8-150200.5.26.1.x86_64.rpm postgresql16-contrib-16.8-150200.5.26.1.x86_64.rpm postgresql16-devel-16.8-150200.5.26.1.x86_64.rpm postgresql16-docs-16.8-150200.5.26.1.noarch.rpm postgresql16-plperl-16.8-150200.5.26.1.x86_64.rpm postgresql16-plpython-16.8-150200.5.26.1.x86_64.rpm postgresql16-pltcl-16.8-150200.5.26.1.x86_64.rpm postgresql16-server-16.8-150200.5.26.1.x86_64.rpm postgresql16-server-devel-16.8-150200.5.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-633 Security update for postgresql15 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). postgresql15-15.12-150200.5.38.1.src.rpm postgresql15-15.12-150200.5.38.1.x86_64.rpm postgresql15-contrib-15.12-150200.5.38.1.x86_64.rpm postgresql15-devel-15.12-150200.5.38.1.x86_64.rpm postgresql15-docs-15.12-150200.5.38.1.noarch.rpm postgresql15-plperl-15.12-150200.5.38.1.x86_64.rpm postgresql15-plpython-15.12-150200.5.38.1.x86_64.rpm postgresql15-pltcl-15.12-150200.5.38.1.x86_64.rpm postgresql15-server-15.12-150200.5.38.1.x86_64.rpm postgresql15-server-devel-15.12-150200.5.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-632 Security update for postgresql14 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql14 fixes the following issues: Upgrade to 14.17: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). postgresql14-14.17-150200.5.55.1.src.rpm postgresql14-14.17-150200.5.55.1.x86_64.rpm postgresql14-contrib-14.17-150200.5.55.1.x86_64.rpm postgresql14-devel-14.17-150200.5.55.1.x86_64.rpm postgresql14-docs-14.17-150200.5.55.1.noarch.rpm postgresql14-plperl-14.17-150200.5.55.1.x86_64.rpm postgresql14-plpython-14.17-150200.5.55.1.x86_64.rpm postgresql14-pltcl-14.17-150200.5.55.1.x86_64.rpm postgresql14-server-14.17-150200.5.55.1.x86_64.rpm postgresql14-server-devel-14.17-150200.5.55.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-619 Security update for postgresql13 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql13 fixes the following issues: Upgrade to 13.20: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). postgresql13-13.20-150200.5.69.1.src.rpm postgresql13-13.20-150200.5.69.1.x86_64.rpm postgresql13-contrib-13.20-150200.5.69.1.x86_64.rpm postgresql13-devel-13.20-150200.5.69.1.x86_64.rpm postgresql13-docs-13.20-150200.5.69.1.noarch.rpm postgresql13-llvmjit-13.20-150200.5.69.1.x86_64.rpm postgresql13-llvmjit-devel-13.20-150200.5.69.1.x86_64.rpm postgresql13-plperl-13.20-150200.5.69.1.x86_64.rpm postgresql13-plpython-13.20-150200.5.69.1.x86_64.rpm postgresql13-pltcl-13.20-150200.5.69.1.x86_64.rpm postgresql13-server-13.20-150200.5.69.1.x86_64.rpm postgresql13-server-devel-13.20-150200.5.69.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-591 Security update for ucode-intel moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250211 release (bsc#1237096) - CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. - CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. - CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability. - CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E | EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13 | RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11 | SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ### New Disclosures Updated in Prior Releases | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 ucode-intel-20250211-150200.53.1.src.rpm True ucode-intel-20250211-150200.53.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-597 Recommended update for netavark moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netavark, aardvark-dns fixes the following issues: - Update netavark to version 1.12.2 aardvark-dns-1.12.2-150400.9.11.1.src.rpm aardvark-dns-1.12.2-150400.9.11.1.x86_64.rpm netavark-1.12.2-150400.9.13.1.src.rpm netavark-1.12.2-150400.9.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-578 Security update for openvswitch important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvswitch fixes the following issues: - CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet (bsc#1236353). libopenvswitch-2_14-0-2.14.2-150400.24.26.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.26.1.x86_64.rpm openvswitch-2.14.2-150400.24.26.1.src.rpm openvswitch-2.14.2-150400.24.26.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.26.1.x86_64.rpm openvswitch-ipsec-2.14.2-150400.24.26.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.26.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.26.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.26.1.x86_64.rpm ovn-20.06.2-150400.24.26.1.x86_64.rpm ovn-central-20.06.2-150400.24.26.1.x86_64.rpm ovn-devel-20.06.2-150400.24.26.1.x86_64.rpm ovn-docker-20.06.2-150400.24.26.1.x86_64.rpm ovn-host-20.06.2-150400.24.26.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.26.1.x86_64.rpm python3-ovs-2.14.2-150400.24.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-605 Security update for openssh moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). openssh-8.4p1-150300.3.42.1.src.rpm openssh-8.4p1-150300.3.42.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.42.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.42.1.x86_64.rpm openssh-clients-8.4p1-150300.3.42.1.x86_64.rpm openssh-common-8.4p1-150300.3.42.1.x86_64.rpm openssh-fips-8.4p1-150300.3.42.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.42.1.x86_64.rpm openssh-server-8.4p1-150300.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-602 Security update for helm important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for helm fixes the following issues: Update to version 3.17.1: - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318). - CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482). helm-3.17.1-150000.1.41.1.src.rpm helm-3.17.1-150000.1.41.1.x86_64.rpm helm-bash-completion-3.17.1-150000.1.41.1.noarch.rpm helm-zsh-completion-3.17.1-150000.1.41.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-625 Recommended update for tcsh moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tcsh fixes the following issues: - Do not interfere Meta with Carriage Return (bsc#1170527). - Key-binding: support also other variants of terminals like xterm-256color. tcsh-6.20.00-150000.4.18.2.src.rpm tcsh-6.20.00-150000.4.18.2.x86_64.rpm tcsh-lang-6.20.00-150000.4.18.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-678 Recommended update for libzypp, zypper important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) - Drop zypp-CheckAccessDeleted in favor of 'zypper ps' - Fix Repoverification plugin not being executed - Refresh: Fetch the master index file before key and signature (bsc#1236820) - Deprecate RepoReports we do not trigger - Let zypper dup fail in case of (temporarily) unaccessible repos (bsc#1228434, bsc#1236939) - New system-architecture command (bsc#1236384) - Change versioncmp command to return exit code according to the comparison result libzypp-17.36.1-150400.3.113.1.src.rpm True libzypp-17.36.1-150400.3.113.1.x86_64.rpm True libzypp-devel-17.36.1-150400.3.113.1.x86_64.rpm True zypper-1.14.84-150400.3.76.1.src.rpm True zypper-1.14.84-150400.3.76.1.x86_64.rpm True zypper-log-1.14.84-150400.3.76.1.noarch.rpm True zypper-needs-restarting-1.14.84-150400.3.76.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-638 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.6 (bsc#1236946): - CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user. - CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection. - CVE-2025-24158: Processing web content may lead to a denial-of-service. - CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash. Already fixed in previous releases: - CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption. - CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution. - CVE-2024-54658: Processing web content may lead to a denial-of-service. WebKitGTK-4.0-lang-2.46.6-150400.4.106.1.noarch.rpm WebKitGTK-4.1-lang-2.46.6-150400.4.106.1.noarch.rpm WebKitGTK-6.0-lang-2.46.6-150400.4.106.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.46.6-150400.4.106.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.46.6-150400.4.106.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.46.6-150400.4.106.1.x86_64.rpm libwebkit2gtk-4_0-37-2.46.6-150400.4.106.1.x86_64.rpm libwebkit2gtk-4_1-0-2.46.6-150400.4.106.1.x86_64.rpm libwebkitgtk-6_0-4-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.106.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.106.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.106.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.106.1.x86_64.rpm webkit2gtk3-2.46.6-150400.4.106.1.src.rpm webkit2gtk3-devel-2.46.6-150400.4.106.1.x86_64.rpm webkit2gtk3-soup2-2.46.6-150400.4.106.1.src.rpm webkit2gtk3-soup2-devel-2.46.6-150400.4.106.1.x86_64.rpm webkit2gtk4-2.46.6-150400.4.106.1.src.rpm webkitgtk-6_0-injected-bundles-2.46.6-150400.4.106.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-690 Security update for ovmf important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ovmf fixes the following issues: - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084). ovmf-202202-150400.5.18.1.src.rpm ovmf-202202-150400.5.18.1.x86_64.rpm ovmf-tools-202202-150400.5.18.1.x86_64.rpm qemu-ovmf-x86_64-202202-150400.5.18.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-674 Security update for java-1_8_0-ibm moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 (bsc#1236470): - CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API (bsc#1236278). java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.40-150000.3.98.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.40-150000.3.98.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.40-150000.3.98.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.40-150000.3.98.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-748 Security update for libxml2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). libxml2-2-2.9.14-150400.5.38.1.x86_64.rpm libxml2-2.9.14-150400.5.38.1.src.rpm libxml2-devel-2.9.14-150400.5.38.1.x86_64.rpm libxml2-python-2.9.14-150400.5.38.1.src.rpm libxml2-tools-2.9.14-150400.5.38.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.38.1.x86_64.rpm python311-libxml2-2.9.14-150400.5.38.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-741 Security update for procps important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). libprocps8-3.3.17-150000.7.42.1.x86_64.rpm procps-3.3.17-150000.7.42.1.src.rpm procps-3.3.17-150000.7.42.1.x86_64.rpm procps-devel-3.3.17-150000.7.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-736 Security update for ruby2.5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440) Other fixes: - [ruby/uri] Fix quadratic backtracking on invalid relative URI - [ruby/time] Make RFC2822 regexp linear - [ruby/time] Fix quadratic backtracking on invalid time - merge some parts of CGI 0.1.1 libruby2_5-2_5-2.5.9-150000.4.36.1.x86_64.rpm ruby2.5-2.5.9-150000.4.36.1.src.rpm ruby2.5-2.5.9-150000.4.36.1.x86_64.rpm ruby2.5-devel-2.5.9-150000.4.36.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150000.4.36.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150000.4.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1150 Recommended update for apache-commons-io moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) apache-commons-io-2.18.0-150200.3.15.1.noarch.rpm apache-commons-io-2.18.0-150200.3.15.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-758 Security update for libxkbfile moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxkbfile fixes the following issues: - CVE-2025-26595: Fixed buffer overflow in XkbVModMaskText() (bsc#1237429). libxkbfile-1.0.9-150000.3.3.1.src.rpm libxkbfile-devel-1.0.9-150000.3.3.1.x86_64.rpm libxkbfile1-1.0.9-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-732 Security update for xorg-x11-server important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435). xorg-x11-server-1.20.3-150400.38.54.1.src.rpm xorg-x11-server-1.20.3-150400.38.54.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.54.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-757 Security update for libX11 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). libX11-1.6.5-150000.3.36.1.src.rpm libX11-6-1.6.5-150000.3.36.1.x86_64.rpm libX11-data-1.6.5-150000.3.36.1.noarch.rpm libX11-devel-1.6.5-150000.3.36.1.x86_64.rpm libX11-xcb1-1.6.5-150000.3.36.1.x86_64.rpm libX11-xcb1-32bit-1.6.5-150000.3.36.1.x86_64.rpm libX11-6-32bit-1.6.5-150000.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-830 Recommended update for timezone moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for timezone fixes the following issues: - Update to 2025a: * Paraguay adopts permanent -03 starting spring 2024 * Improve pre-1991 data for the Philippines * Etc/Unknown is now reserved * Improve historical data for Mexico, Mongolia, and Portugal * System V names are now obsolescent * The main data form now uses %z * The code now conforms to RFC 8536 for early timestamps * Support POSIX.1-2024, which removes asctime_r and ctime_r * Assume POSIX.2-1992 or later for shell scripts * SUPPORT_C89 now defaults to 1 timezone-2025a-150000.75.31.1.src.rpm timezone-2025a-150000.75.31.1.x86_64.rpm timezone-java-2025a-150000.75.31.1.noarch.rpm timezone-java-2025a-150000.75.31.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-815 Optional update for python-cheroot, python-tempora low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-cheroot, python-tempora fixes the following issue: - Use update-alternatives for cheroot and tempora binaries (bsc#1223694) python-cheroot-6.5.5-150200.5.8.1.src.rpm python-tempora-1.8-150200.3.6.1.src.rpm python3-cheroot-6.5.5-150200.5.8.1.noarch.rpm python3-tempora-1.8-150200.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-836 Recommended update for lftp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lftp fixes the following issues: - Fix a crash that ocurred when lftp is run on s390x with an IBM crypto card installed. The issue has been reported to upstream (bsc#1213984). lftp-4.9.2-150400.3.3.2.src.rpm lftp-4.9.2-150400.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-788 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Security Vulnerabilities fixed in Firefox ESR 128.8 (MFSA 2025-16) (bsc#1237683) - CVE-2024-43097: Overflow when growing an SkRegion's RunArray - CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process - CVE-2025-1931: Use-after-free in WebTransportChild - CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access - CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs - CVE-2025-1934: Unexpected GC during RegExp bailout processing - CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar - CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents - CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 - CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 MozillaFirefox-128.8.0-150200.152.173.1.src.rpm MozillaFirefox-128.8.0-150200.152.173.1.x86_64.rpm MozillaFirefox-devel-128.8.0-150200.152.173.1.noarch.rpm MozillaFirefox-translations-common-128.8.0-150200.152.173.1.x86_64.rpm MozillaFirefox-translations-other-128.8.0-150200.152.173.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-839 Recommended update for libzypp, zypper important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - Disable zypp.conf:download.use_deltarpm by default Measurements show that you don't benefit from using deltarpms unless your network connection is very slow. That's why most distributions even stop offering deltarpms. The default remains unchanged on SUSE-15.6 and older. - Make sure repo variables are evaluated in the right context (bsc#1237044) - Introducing MediaCurl2 a alternative HTTP backend. This patch adds MediaCurl2 as a testbed for experimenting with a more simple way to download files. Set ZYPP_CURL2=1 in the environment to use it. - Filesystem usrmerge must not be done in singletrans mode (bsc#1236481, bsc#1189788) - Commit will amend the backend in case the transaction would perform a filesystem usrmerge. - Workaround bsc#1216091 on Code16. - Annonunce --root in commands not launching a Target (bsc#1237044) libzypp-17.36.3-150400.3.116.1.src.rpm True libzypp-17.36.3-150400.3.116.1.x86_64.rpm True libzypp-devel-17.36.3-150400.3.116.1.x86_64.rpm True zypper-1.14.85-150400.3.79.1.src.rpm True zypper-1.14.85-150400.3.79.1.x86_64.rpm True zypper-log-1.14.85-150400.3.79.1.noarch.rpm True zypper-needs-restarting-1.14.85-150400.3.79.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-772 Security update for skopeo important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for skopeo fixes the following issues: - CVE-2025-27144: excessive memory consumption by Go JOSE when parsing compact JWS or JWE input containing a large number of '.' characters (bsc#1237613). skopeo-1.14.4-150300.11.19.1.src.rpm skopeo-1.14.4-150300.11.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-773 Recommended update for rust, rust1.85 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust, rust1.85 fixes the following issues: Rust Version 1.85.0 (2025-02-20) ========================== Language -------- - The 2024 Edition is now stable. See the edition guide https://doc.rust-lang.org/nightly/edition-guide/rust-2024/index.html for more details. - Stabilize async closures See RFC 3668 https://rust-lang.github.io/rfcs/3668-async-closures.html for more details. - Stabilize `#[diagnostic::do_not_recommend]` - Add `unpredictable_function_pointer_comparisons` lint to warn against function pointer comparisons - Lint on combining `#[no_mangle]` and `#[export_name]` attributes. Compiler -------- - The unstable flag `-Zpolymorphize` has been removed, see https://github.com/rust-lang/compiler-team/issues/810 for some background. Platform Support ---------------- - Promote `powerpc64le-unknown-linux-musl` to tier 2 with host tools Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Panics in the standard library now have a leading `library/` in their path - `std::env::home_dir()` on Windows now ignores the non-standard `$HOME` environment variable It will be un-deprecated in a subsequent release. - Add `AsyncFn*` to the prelude in all editions. Stabilized APIs --------------- - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `ptr::fn_addr_eq` https://doc.rust-lang.org/std/ptr/fn.fn_addr_eq.html - `io::ErrorKind::QuotaExceeded` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.QuotaExceeded - `io::ErrorKind::CrossesDevices` https://doc.rust-lang.org/stable/std/io/enum.ErrorKind.html#variant.CrossesDevices - `{float}::midpoint` https://doc.rust-lang.org/core/primitive.f32.html#method.midpoint - Unsigned `{integer}::midpoint` https://doc.rust-lang.org/std/primitive.u64.html#method.midpoint - `NonZeroU*::midpoint` https://doc.rust-lang.org/std/num/type.NonZeroU32.html#method.midpoint - impl `std::iter::Extend` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.Extend.html#impl-Extend%3C(A,)%3E-for-(EA,) - `FromIterator<(A, ...)>` for tuples with arity 1 through 12 https://doc.rust-lang.org/stable/std/iter/trait.FromIterator.html#impl-FromIterator%3C(EA,)%3E-for-(A,) - `std::task::Waker::noop` https://doc.rust-lang.org/stable/std/task/struct.Waker.html#method.noop These APIs are now stable in const contexts: - `mem::size_of_val` https://doc.rust-lang.org/stable/std/mem/fn.size_of_val.html - `mem::align_of_val` https://doc.rust-lang.org/stable/std/mem/fn.align_of_val.html - `Layout::for_value` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.for_value - `Layout::align_to` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.align_to - `Layout::pad_to_align` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.pad_to_align - `Layout::extend` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.extend - `Layout::array` https://doc.rust-lang.org/stable/std/alloc/struct.Layout.html#method.array - `std::mem::swap` https://doc.rust-lang.org/stable/std/mem/fn.swap.html - `std::ptr::swap` https://doc.rust-lang.org/stable/std/ptr/fn.swap.html - `NonNull::new` https://doc.rust-lang.org/stable/std/ptr/struct.NonNull.html#method.new - `HashMap::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashMap.html#method.with_hasher - `HashSet::with_hasher` https://doc.rust-lang.org/stable/std/collections/struct.HashSet.html#method.with_hasher - `BuildHasherDefault::new` https://doc.rust-lang.org/stable/std/hash/struct.BuildHasherDefault.html#method.new - `<float>::recip` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.recip - `<float>::to_degrees` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_degrees - `<float>::to_radians` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.to_radians - `<float>::max` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.max - `<float>::min` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.min - `<float>::clamp` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.clamp - `<float>::abs` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.abs - `<float>::signum` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.signum - `<float>::copysign` https://doc.rust-lang.org/stable/std/primitive.f32.html#method.copysign - `MaybeUninit::write` https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.write Cargo ----- - Add future-incompatibility warning against keywords in cfgs and add raw-idents - Stabilize higher precedence trailing flags - Pass `CARGO_CFG_FEATURE` to build scripts Rustdoc ----- - Doc comment on impl blocks shows the first line, even when the impl block is collapsed Compatibility Notes ------------------- - `rustc` no longer treats the `test` cfg as a well known check-cfg, instead it is up to the build systems and users of `--check-cfg`[^check-cfg] to set it as a well known cfg using `--check-cfg=cfg(test)`. his is done to enable build systems like Cargo to set it conditionally, as not all source files are suitable for unit tests. Cargo (for now) unconditionally sets the `test` cfg as a well known cfg ^check-cfg]: https://doc.rust-lang.org/nightly/rustc/check-cfg.html - Disable potentially incorrect type inference if there are trivial and non-trivial where-clauses - `std::env::home_dir()` has been deprecated for years, because it can give surprising results in some Windows configurations if the `HOME` environment variable is set (which is not the normal configuration on Windows). We had previously avoided changing its behavior, out of concern for compatibility with code depending on this non-standard configuration. Given how long this function has been deprecated, we're now fixing its behavior as a bugfix. A subsequent release will remove the deprecation for this function. - Make `core::ffi::c_char` signedness more closely match that of the platform-default `char` This changed `c_char` from an `i8` to `u8` or vice versa on many Tier 2 and 3 targets (mostly Arm and RISC-V embedded targets). The new definition may result in compilation failures but fixes compatibility issues with C. The `libc` crate matches this change as of its 0.2.169 release. - When compiling a nested `macro_rules` macro from an external crate, the content of the inner `macro_rules` is now built with the edition of the external crate, not the local crate. - Increase `sparcv9-sun-solaris` and `x86_64-pc-solaris` Solaris baseline to 11.4. - Show `abi_unsupported_vector_types` lint in future breakage reports - Error if multiple super-trait instantiations of `dyn Trait` need associated types to be specified but only one is provided - Change `powerpc64-ibm-aix` default `codemodel` to large Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Build `x86_64-unknown-linux-gnu` with LTO for C/C++ code (e.g., `jemalloc`) cargo-1.85.0-150400.24.39.1.x86_64.rpm cargo1.85-1.85.0-150300.7.3.1.x86_64.rpm rust-1.85.0-150400.24.39.1.src.rpm rust-1.85.0-150400.24.39.1.x86_64.rpm rust1.85-1.85.0-150300.7.3.1.nosrc.rpm rust1.85-1.85.0-150300.7.3.1.x86_64.rpm rust1.85-src-1.85.0-150300.7.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-801 Security update for pcp moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pcp fixes the following issues: - Version upgrade 6.2.0 (bsc#1217826, PED#8192, CVE-2023-6917). - Performance CoPilot 6 is not starting due to missing pmlogger_daily.timer (bsc#1222815). libpcp-devel-6.2.0-150400.5.12.3.x86_64.rpm libpcp3-6.2.0-150400.5.12.3.x86_64.rpm libpcp_gui2-6.2.0-150400.5.12.3.x86_64.rpm libpcp_import1-6.2.0-150400.5.12.3.x86_64.rpm libpcp_mmv1-6.2.0-150400.5.12.3.x86_64.rpm libpcp_trace2-6.2.0-150400.5.12.3.x86_64.rpm libpcp_web1-6.2.0-150400.5.12.3.x86_64.rpm pcp-6.2.0-150400.5.12.3.src.rpm pcp-6.2.0-150400.5.12.3.x86_64.rpm pcp-conf-6.2.0-150400.5.12.3.noarch.rpm pcp-devel-6.2.0-150400.5.12.3.x86_64.rpm pcp-doc-6.2.0-150400.5.12.3.noarch.rpm pcp-import-iostat2pcp-6.2.0-150400.5.12.3.noarch.rpm pcp-import-mrtg2pcp-6.2.0-150400.5.12.3.noarch.rpm pcp-import-sar2pcp-6.2.0-150400.5.12.3.noarch.rpm pcp-system-tools-6.2.0-150400.5.12.3.x86_64.rpm perl-PCP-LogImport-6.2.0-150400.5.12.3.x86_64.rpm perl-PCP-LogSummary-6.2.0-150400.5.12.3.x86_64.rpm perl-PCP-MMV-6.2.0-150400.5.12.3.x86_64.rpm perl-PCP-PMDA-6.2.0-150400.5.12.3.x86_64.rpm python3-pcp-6.2.0-150400.5.12.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-786 Security update for podman important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641) podman-4.9.5-150400.4.41.1.src.rpm podman-4.9.5-150400.4.41.1.x86_64.rpm podman-docker-4.9.5-150400.4.41.1.noarch.rpm podman-remote-4.9.5-150400.4.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-841 Recommended update for Mesa-demo moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Mesa-demo fixes the following issue: - added "-egl" subpackage for common EGL-based demos including eglinfo, eglgears, egltri, peglgears, xeglgears, xeglthreads (bsc#1235680). Mesa-demo-8.3.0-150000.3.3.2.src.rpm Mesa-demo-x-8.3.0-150000.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-798 Security update for emacs important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894). emacs-27.2-150400.3.26.1.src.rpm emacs-27.2-150400.3.26.1.x86_64.rpm emacs-el-27.2-150400.3.26.1.noarch.rpm emacs-info-27.2-150400.3.26.1.noarch.rpm emacs-nox-27.2-150400.3.26.1.x86_64.rpm emacs-x11-27.2-150400.3.26.1.x86_64.rpm etags-27.2-150400.3.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-797 Recommended update for python-M2Crypto moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-M2Crypto fixes the following issues: - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove python-M2Crypto.keyring, because PyPI broke GPG support python-M2Crypto-0.44.0-150400.3.12.1.src.rpm python-M2Crypto-doc-0.44.0-150400.3.12.1.noarch.rpm python311-M2Crypto-0.44.0-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-800 Recommended update for python3-M2Crypto moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-M2Crypto fixes the following issues: - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove python-M2Crypto.keyring, because PyPI broke GPG support - Build for modern python stack on SLE/Leap - require setuptools - Make tests running again. - Remove unnecessary fdupes call - Add python-typing as a dependency - SLE12 requires swig3 for a successful build, too python3-M2Crypto-0.44.0-150400.13.1.src.rpm python3-M2Crypto-0.44.0-150400.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-835 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033). - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677). - CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139). The following non-security bugs were fixed: - idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316). - ipv4/tcp: do not use per netns ctl sockets (bsc#1237693). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup "mana" debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes). - x86/kvm: fix is_stale_page_fault() (bsc#1236675). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). kernel-default-5.14.21-150400.24.153.1.nosrc.rpm True kernel-default-5.14.21-150400.24.153.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.153.1.150400.24.76.1.src.rpm True kernel-default-base-5.14.21-150400.24.153.1.150400.24.76.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.153.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.153.1.noarch.rpm True kernel-docs-5.14.21-150400.24.153.1.noarch.rpm True kernel-docs-5.14.21-150400.24.153.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.153.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.153.1.src.rpm True kernel-obs-build-5.14.21-150400.24.153.1.x86_64.rpm True kernel-source-5.14.21-150400.24.153.1.noarch.rpm True kernel-source-5.14.21-150400.24.153.1.src.rpm True kernel-syms-5.14.21-150400.24.153.1.src.rpm True kernel-syms-5.14.21-150400.24.153.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.153.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-820 Recommended update for mozilla-nss moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: - FIPS: Do not pass in bad targetKeyLength parameters when checking for FIPS approval after keygen. This was causing false rejections. - FIPS: Approve RSA signature verification mechanisms with PKCS padding and legacy moduli (bsc#1222834). libfreebl3-3.101.2-150400.3.54.1.x86_64.rpm libfreebl3-32bit-3.101.2-150400.3.54.1.x86_64.rpm libsoftokn3-3.101.2-150400.3.54.1.x86_64.rpm libsoftokn3-32bit-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-3.101.2-150400.3.54.1.src.rpm mozilla-nss-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-32bit-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-certs-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-devel-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-sysinit-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-tools-3.101.2-150400.3.54.1.x86_64.rpm mozilla-nss-certs-32bit-3.101.2-150400.3.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-812 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237681) buildah-1.35.5-150400.3.42.1.src.rpm buildah-1.35.5-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1035 Recommended update for suse-build-key moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: - Changed and extented the SUSE Linux Enterprise 15 and 16 signing keys to use SHA256 GPG UIDs instead of SHA1. (bsc#1237294 bsc#1236779 jsc#PED-12321) - gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc - gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc - suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted suse-build-key-12.0-150000.8.58.1.noarch.rpm suse-build-key-12.0-150000.8.58.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1082 Recommended update for python-kiwi moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Fixed bundle extension for archives and vagrant types - Fixed file references in kiwi bundler result files (bsc#1221790, bsc#1236504) - On multipath systems find and use the underlying child device instead of using the parent device dracut-kiwi-lib-9.24.43-150100.3.93.1.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.93.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.93.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.93.1.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.93.1.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.93.1.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.93.1.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.93.1.x86_64.rpm kiwi-tools-9.24.43-150100.3.93.1.x86_64.rpm python-kiwi-9.24.43-150100.3.93.1.src.rpm python3-kiwi-9.24.43-150100.3.93.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-900 Recommended update for rust1.84 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust1.84 fixes the following issues: Version 1.84.1 (2025-01-30) ========================== - Fix ICE 132920 in duplicate-crate diagnostics. - Fix errors for overlapping impls in incremental rebuilds. - Fix slow compilation related to the next-generation trait solver. - Fix debuginfo when LLVM's location discriminator value limit is exceeded. - Fixes for building Rust from source: - Only try to distribute `llvm-objcopy` if llvm tools are enabled. - Add Profile Override for Non-Git Sources. - Resolve symlinks of LLVM tool binaries before copying them. - Make it possible to use ci-rustc on tarball sources. cargo1.84-1.84.1-150300.7.7.1.x86_64.rpm rust1.84-1.84.1-150300.7.7.1.nosrc.rpm rust1.84-1.84.1-150300.7.7.1.x86_64.rpm rust1.84-src-1.84.1-150300.7.7.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1352 Feature update for ansible and ansible-core moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ansible and ansible-core fixes the following issues: ansible: - Implementation of new Ansible 11 at version 11.3.0 (jsc#PED-10678, jsc#PED-11950) ansible-core: - Implementation of new ansible-core at version 2.18.3 (jsc#PED-10678, jsc#PED-11950) ansible-11.3.0-150400.10.3.2.noarch.rpm ansible-11.3.0-150400.10.3.2.src.rpm ansible-core-2.18.3-150400.9.3.2.noarch.rpm ansible-core-2.18.3-150400.9.3.2.src.rpm python-resolvelib-1.1.0-150400.9.5.2.src.rpm python311-resolvelib-1.1.0-150400.9.5.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1039 Recommended update for csp-billing-adapter moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for csp-billing-adapter, python311-pluggy fixes the following issues - Update to vrsion 1.3.0 - Add batch metering workflow for SaaS billing - Also ships python311-pluggy without source change. python-pluggy-1.0.0-150400.14.5.1.src.rpm python311-pluggy-1.0.0-150400.14.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857 Security update for build important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) Other fixes: - Fixed behaviour when using "--shell" aka "osc shell" option in a VM build. Startup is faster and permissions stay intact now. - fixes for POSIX compatibility for obs-docker-support adn mkbaselibs - Add support for apk in docker/podman builds - Add support for 'wget' in Docker images - Fix debian support for Dockerfile builds - Fix preinstallimages in containers - mkosi: add back system-packages used by build-recipe directly - pbuild: parse the Release files for debian repos - mkosi: drop most systemd/build-packages deps and use obs_scm directory as source if present - improve source copy handling - Introduce --repos-directory and --containers-directory options - productcompose: support of building against a baseiso - preinstallimage: avoid inclusion of build script generated files - preserve timestamps on sources copy-in for kiwi and productcompose - alpine package support updates - tumbleweed config update - debian: Support installation of foreign architecture packages (required for armv7l setups) - Parse unknown timezones as UTC - Apk (Alpine Linux) format support added - Implement default value in parameter expansion - Also support supplements that use & as "and" - Add workaround for skopeo's argument parser - add cap-htm=off on power9 - Fixed usage of chown calls - Remove leading `go` from `purl` locators - container related: * Implement support for the new <containers> element in kiwi recipes * Fixes for SBOM and dependencies of multi stage container builds * obs-docker-support: enable dnf and yum substitutions - Arch Linux: * fix file path for Arch repo * exclude unsupported arch * Use root as download user - build-vm-qemu: force sv48 satp mode on riscv64 - mkosi: * Create .sha256 files after mkosi builds * Always pass --image-version to mkosi - General improvements and bugfixes (mkosi, pbuild, appimage/livebuild, obs work detection, documention, SBOM) - Support slsa v1 in unpack_slsa_provenance - generate_sbom: do not clobber spdx supplier - Harden export_debian_orig_from_git (bsc#1230469) - SBOM generation: - Adding golang introspection support - Adding rust binary introspection support - Keep track of unknwon licenses and add a "hasExtractedLicensingInfos" section - Also normalize licenses for cyclonedx - Make generate_sbom errors fatal - general improvements - Fix noprep building not working because the buildir is removed - kiwi image: also detect a debian build if /var/lib/dpkg/status is present - Do not use the Encode module to convert a code point to utf8 - Fix personality syscall number for riscv - add more required recommendations for KVM builds - set PACKAGER field in build-recipe-arch - fix writing _modulemd.yaml - pbuild: support --release and --baselibs option - container: - copy base container information from the annotation into the containerinfo - track base containers over multiple stages - always put the base container last in the dependencies - providing fileprovides in createdirdeps tool - Introduce buildflag nochecks - productcompose: support __all__ option - config update: tumbleweed using preinstallexpand - minor improvements - tumbleweed build config update - support the %load macro - improve container filename generation (docker) - fix hanging curl calls during build (docker) - productcompose: fix milestone query - tumbleweed build config update - 15.6 build config fixes - sourcerpm & sourcedep handling fixes - productcompose: - Fix milestone handling - Support bcntsynctag - Adding debian support to generate_sbom - Add syscall for personality switch on loongarch64 kernel - vm-build: ext3 & ext4: fix disk space allocation - mkosi format updates, not fully working yet - pbuild exception fixes - Fixes for current fedora and centos distros - Don't copy original dsc sources if OBS-DCH-RELEASE set - Unbreak parsing of sources/patches - Support ForceMultiVersion in the dockerfile parser - Support %bcond of rpm 4.17.1 - Add a hack for systemd 255.3, creating an empty /etc/os-release if missing after preinstall. - docker: Fix HEAD request in dummyhttpserver - pbuild: Make docker-nobasepackages expand flag the default - rpm: Support a couple of builtin rpm macros - rpm: Implement argument expansion for define/with/bcond... - Fix multiline macro handling - Accept -N parameter of %autosetup - documentation updates - various code cleanup and speedup work. - ProductCompose: multiple improvements - Add buildflags:define_specfile support - Fix copy-in of git subdirectory sources - pbuild: Speed up XML parsing - pubild: product compose support - generate_sbom: add help option - podman: enforce runtime=runc - Implement direct conflicts from the distro config - changelog2spec: fix time zone handling - Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts - spec file cleanup - documentation updates - productcompose: - support schema 0.1 - support milestones - Leap 15.6 config - SLE 15 SP6 config - productcompose: follow incompatible flavor syntax change - pbuild: support for zstd - fixed handling for cmdline parameters via kernel packages - productcompose: * BREAKING: support new schema * adapt flavor architecture parsing - productcompose: * support filtered package lists * support default architecture listing * fix copy in binaries in VM builds^ - obsproduct build type got renamed to productcompose - Support zstd compressed rpm-md meta data (bsc#1217269) - Added Debian 12 configuration - First ObsProduct build format support - fix SLE 15 SP5 build configuration - Improve user agent handling for obs repositories - Docker: - Support flavor specific build descriptions via Dockerfile.$flavor - support "PlusRecommended" hint to also provide recommended packages - use the name/version as filename if both are known - Produce docker format containers by default - pbuild: Support for signature authentification of OBS resources - Fix wiping build root for --vm-type podman - Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv - build-vm-kvm: use -cpu host on riscv64 - small fixes and cleanups - Added parser for BcntSyncTag in sources - pbuild: * fix dependency expansion for build types other than spec * Reworked cycle handling code * add --extra-packs option * add debugflags option - Pass-through --buildtool-opt - Parse Patch and Source lines more accurately - fix tunefs functionality - minor bugfixes - --vm-type=podman added (supports also root-less builds) - Also support build constraints in the Dockerfile - minor fixes - Add SUSE ALP build config - BREAKING: Record errors when parsing the project config former behaviour was undefined - container: Support compression format configuration option - Don't setup ccache with --no-init - improved loongarch64 support - sbom: SPDX supplier tag added - kiwi: support different versions per profile - preinstallimage: fail when recompression fails - Add support for recommends and supplements dependencies - Support the "keepfilerequires" expand flag - add '--buildtool-opt=OPTIONS' to pass options to the used build tool - distro config updates * ArchLinux * Tumbleweed - documentation updates - openSUSE Tumbleweed: sync config and move to suse_version 1699. - universal post-build hook, just place a file in /usr/lib/build/post_build.d/ - mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3) - KiwiProduct: add --use-newest-package hint if the option is set - Dockerfile support: * export multibuild flavor as argument * allow parameters in FROM .. scratch lines * include OS name in build result if != linux - Workaround directory->symlink usrmerge problems for cross arch sysroot - multiple fixes for SBOM support - KIWI VM image SBOM support added build-20250306-150200.19.1.noarch.rpm build-20250306-150200.19.1.src.rpm build-mkbaselibs-20250306-150200.19.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-999 Recommended update for rsync moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsync fixes the following issues: - Broken rsyncd after protocol bump, regression reported (bsc#1237187). rsync-3.2.3-150400.3.23.3.src.rpm rsync-3.2.3-150400.3.23.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1242 Recommended update for aaa_base moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - SP6 logrotate and rcsyslog binary (bsc#1236033) - Update detection for systemd in rc.status - Mountpoint for cgroup changed with cgroup2 - If a user switches the login shell respect the already set PATH environment (bsc#1235481) aaa_base-84.87+git20180409.04c9dae-150300.10.28.2.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.28.2.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.28.2.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.28.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-979 Security update for zvbi important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for zvbi fixes the following issues: - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222). - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299). - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312). - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319). - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320). libzvbi0-0.2.35-150000.4.3.1.x86_64.rpm zvbi-0.2.35-150000.4.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1029 Security update for ed25519-java important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ed25519-java fixes the following issues: - CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability (bsc#1239551) ed25519-java-0.3.0-150200.5.9.1.noarch.rpm ed25519-java-0.3.0-150200.5.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-998 Security update for freetype2 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). freetype2-2.10.4-150000.4.18.1.src.rpm freetype2-devel-2.10.4-150000.4.18.1.x86_64.rpm ft2demos-2.10.4-150000.4.18.1.nosrc.rpm ftdump-2.10.4-150000.4.18.1.x86_64.rpm libfreetype6-2.10.4-150000.4.18.1.x86_64.rpm libfreetype6-32bit-2.10.4-150000.4.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1317 Recommended update for salt moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Adapted to removal of hex attribute in pygit2 v1.15.0 (bsc#1230642) - Added DEB822 apt repository format support - Detect openEuler as RedHat family OS - Enhanced batch async and fixed some detected issues - Enhanced smart JSON parsing when garbage is present (bsc#1231605) - Ensure the correct crypt module is loaded - Fixed aptpkg 'NoneType object has no attribute split' error - Fixed crash due wrong client reference on `SaltMakoTemplateLookup` - Fixed error to stat '/root/.gitconfig' on gitfs (bsc#1230944, bsc#1234881, bsc#1220905) - Fixed issue of using update-alternatives with alts - Fixed issues running on Python 3.12 and 3.13 - Fixed tests failures after "repo.saltproject.io" deprecation - Fixed virt_query outputter and added support for block devices - Fixed virtual grains for VMs running on Nutanix AHV (bsc#1234022) - Implemented multiple inventory for ansible.targets - Made _auth calls visible with master stats - Made Salt-SSH work with all SSH passwords (bsc#1215484) - Made x509 module compatible with M2Crypto 0.44.0 - Moved logrotate config to /usr/etc/logrotate.d where possible - Removed deprecated code from x509.certificate_managed test mode - Repaired mount.fstab_present always returning pending changes - Set virtual grain in Podman systemd container - Enhancements of Salt packaging: * Use update-alternatives for all salt scripts * Use flexible dependencies for the subpackages * Made salt-minion to require flavored zypp-plugin * Made zyppnotify to use update-alternatives * Dropped unused yumnotify plugin * Added dependency to python3-dnf-plugins-core for RHEL based python3-salt-3006.0-150400.8.75.3.x86_64.rpm True salt-3006.0-150400.8.75.3.src.rpm True salt-3006.0-150400.8.75.3.x86_64.rpm True salt-api-3006.0-150400.8.75.3.x86_64.rpm True salt-bash-completion-3006.0-150400.8.75.3.noarch.rpm True salt-cloud-3006.0-150400.8.75.3.x86_64.rpm True salt-doc-3006.0-150400.8.75.3.x86_64.rpm True salt-fish-completion-3006.0-150400.8.75.3.noarch.rpm True salt-master-3006.0-150400.8.75.3.x86_64.rpm True salt-minion-3006.0-150400.8.75.3.x86_64.rpm True salt-proxy-3006.0-150400.8.75.3.x86_64.rpm True salt-ssh-3006.0-150400.8.75.3.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.75.3.x86_64.rpm True salt-syndic-3006.0-150400.8.75.3.x86_64.rpm True salt-transactional-update-3006.0-150400.8.75.3.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.75.3.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1037 Security update for podman important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). podman-4.9.5-150400.4.44.1.src.rpm podman-4.9.5-150400.4.44.1.x86_64.rpm podman-docker-4.9.5-150400.4.44.1.noarch.rpm podman-remote-4.9.5-150400.4.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-994 Security update for php8 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php8 fixes the following issues: - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664) - CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) apache2-mod_php8-8.0.30-150400.4.54.1.src.rpm apache2-mod_php8-8.0.30-150400.4.54.1.x86_64.rpm php8-8.0.30-150400.4.54.1.src.rpm php8-8.0.30-150400.4.54.1.x86_64.rpm php8-bcmath-8.0.30-150400.4.54.1.x86_64.rpm php8-bz2-8.0.30-150400.4.54.1.x86_64.rpm php8-calendar-8.0.30-150400.4.54.1.x86_64.rpm php8-cli-8.0.30-150400.4.54.1.x86_64.rpm php8-ctype-8.0.30-150400.4.54.1.x86_64.rpm php8-curl-8.0.30-150400.4.54.1.x86_64.rpm php8-dba-8.0.30-150400.4.54.1.x86_64.rpm php8-devel-8.0.30-150400.4.54.1.x86_64.rpm php8-dom-8.0.30-150400.4.54.1.x86_64.rpm php8-embed-8.0.30-150400.4.54.1.src.rpm php8-embed-8.0.30-150400.4.54.1.x86_64.rpm php8-enchant-8.0.30-150400.4.54.1.x86_64.rpm php8-exif-8.0.30-150400.4.54.1.x86_64.rpm php8-fastcgi-8.0.30-150400.4.54.1.src.rpm php8-fastcgi-8.0.30-150400.4.54.1.x86_64.rpm php8-fileinfo-8.0.30-150400.4.54.1.x86_64.rpm php8-fpm-8.0.30-150400.4.54.1.src.rpm php8-fpm-8.0.30-150400.4.54.1.x86_64.rpm php8-ftp-8.0.30-150400.4.54.1.x86_64.rpm php8-gd-8.0.30-150400.4.54.1.x86_64.rpm php8-gettext-8.0.30-150400.4.54.1.x86_64.rpm php8-gmp-8.0.30-150400.4.54.1.x86_64.rpm php8-iconv-8.0.30-150400.4.54.1.x86_64.rpm php8-intl-8.0.30-150400.4.54.1.x86_64.rpm php8-ldap-8.0.30-150400.4.54.1.x86_64.rpm php8-mbstring-8.0.30-150400.4.54.1.x86_64.rpm php8-mysql-8.0.30-150400.4.54.1.x86_64.rpm php8-odbc-8.0.30-150400.4.54.1.x86_64.rpm php8-opcache-8.0.30-150400.4.54.1.x86_64.rpm php8-openssl-8.0.30-150400.4.54.1.x86_64.rpm php8-pcntl-8.0.30-150400.4.54.1.x86_64.rpm php8-pdo-8.0.30-150400.4.54.1.x86_64.rpm php8-pgsql-8.0.30-150400.4.54.1.x86_64.rpm php8-phar-8.0.30-150400.4.54.1.x86_64.rpm php8-posix-8.0.30-150400.4.54.1.x86_64.rpm php8-readline-8.0.30-150400.4.54.1.x86_64.rpm php8-shmop-8.0.30-150400.4.54.1.x86_64.rpm php8-snmp-8.0.30-150400.4.54.1.x86_64.rpm php8-soap-8.0.30-150400.4.54.1.x86_64.rpm php8-sockets-8.0.30-150400.4.54.1.x86_64.rpm php8-sodium-8.0.30-150400.4.54.1.x86_64.rpm php8-sqlite-8.0.30-150400.4.54.1.x86_64.rpm php8-sysvmsg-8.0.30-150400.4.54.1.x86_64.rpm php8-sysvsem-8.0.30-150400.4.54.1.x86_64.rpm php8-sysvshm-8.0.30-150400.4.54.1.x86_64.rpm php8-test-8.0.30-150400.4.54.1.src.rpm php8-test-8.0.30-150400.4.54.1.x86_64.rpm php8-tidy-8.0.30-150400.4.54.1.x86_64.rpm php8-tokenizer-8.0.30-150400.4.54.1.x86_64.rpm php8-xmlreader-8.0.30-150400.4.54.1.x86_64.rpm php8-xmlwriter-8.0.30-150400.4.54.1.x86_64.rpm php8-xsl-8.0.30-150400.4.54.1.x86_64.rpm php8-zip-8.0.30-150400.4.54.1.x86_64.rpm php8-zlib-8.0.30-150400.4.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1025 Security update for php7 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php7 fixes the following issues: - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664) - CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) apache2-mod_php7-7.4.33-150400.4.48.1.src.rpm apache2-mod_php7-7.4.33-150400.4.48.1.x86_64.rpm php7-7.4.33-150400.4.48.1.src.rpm php7-7.4.33-150400.4.48.1.x86_64.rpm php7-bcmath-7.4.33-150400.4.48.1.x86_64.rpm php7-bz2-7.4.33-150400.4.48.1.x86_64.rpm php7-calendar-7.4.33-150400.4.48.1.x86_64.rpm php7-cli-7.4.33-150400.4.48.1.x86_64.rpm php7-ctype-7.4.33-150400.4.48.1.x86_64.rpm php7-curl-7.4.33-150400.4.48.1.x86_64.rpm php7-dba-7.4.33-150400.4.48.1.x86_64.rpm php7-devel-7.4.33-150400.4.48.1.x86_64.rpm php7-dom-7.4.33-150400.4.48.1.x86_64.rpm php7-enchant-7.4.33-150400.4.48.1.x86_64.rpm php7-exif-7.4.33-150400.4.48.1.x86_64.rpm php7-fastcgi-7.4.33-150400.4.48.1.src.rpm php7-fastcgi-7.4.33-150400.4.48.1.x86_64.rpm php7-fileinfo-7.4.33-150400.4.48.1.x86_64.rpm php7-fpm-7.4.33-150400.4.48.1.src.rpm php7-fpm-7.4.33-150400.4.48.1.x86_64.rpm php7-ftp-7.4.33-150400.4.48.1.x86_64.rpm php7-gd-7.4.33-150400.4.48.1.x86_64.rpm php7-gettext-7.4.33-150400.4.48.1.x86_64.rpm php7-gmp-7.4.33-150400.4.48.1.x86_64.rpm php7-iconv-7.4.33-150400.4.48.1.x86_64.rpm php7-intl-7.4.33-150400.4.48.1.x86_64.rpm php7-json-7.4.33-150400.4.48.1.x86_64.rpm php7-ldap-7.4.33-150400.4.48.1.x86_64.rpm php7-mbstring-7.4.33-150400.4.48.1.x86_64.rpm php7-mysql-7.4.33-150400.4.48.1.x86_64.rpm php7-odbc-7.4.33-150400.4.48.1.x86_64.rpm php7-opcache-7.4.33-150400.4.48.1.x86_64.rpm php7-openssl-7.4.33-150400.4.48.1.x86_64.rpm php7-pcntl-7.4.33-150400.4.48.1.x86_64.rpm php7-pdo-7.4.33-150400.4.48.1.x86_64.rpm php7-pgsql-7.4.33-150400.4.48.1.x86_64.rpm php7-phar-7.4.33-150400.4.48.1.x86_64.rpm php7-posix-7.4.33-150400.4.48.1.x86_64.rpm php7-readline-7.4.33-150400.4.48.1.x86_64.rpm php7-shmop-7.4.33-150400.4.48.1.x86_64.rpm php7-snmp-7.4.33-150400.4.48.1.x86_64.rpm php7-soap-7.4.33-150400.4.48.1.x86_64.rpm php7-sockets-7.4.33-150400.4.48.1.x86_64.rpm php7-sodium-7.4.33-150400.4.48.1.x86_64.rpm php7-sqlite-7.4.33-150400.4.48.1.x86_64.rpm php7-sysvmsg-7.4.33-150400.4.48.1.x86_64.rpm php7-sysvsem-7.4.33-150400.4.48.1.x86_64.rpm php7-sysvshm-7.4.33-150400.4.48.1.x86_64.rpm php7-tidy-7.4.33-150400.4.48.1.x86_64.rpm php7-tokenizer-7.4.33-150400.4.48.1.x86_64.rpm php7-xmlreader-7.4.33-150400.4.48.1.x86_64.rpm php7-xmlrpc-7.4.33-150400.4.48.1.x86_64.rpm php7-xmlwriter-7.4.33-150400.4.48.1.x86_64.rpm php7-xsl-7.4.33-150400.4.48.1.x86_64.rpm php7-zip-7.4.33-150400.4.48.1.x86_64.rpm php7-zlib-7.4.33-150400.4.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-975 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2025-24201: Fixed out-of-bounds write vulnerability due to that WebGL context primitive restart can be toggled from WebContent process (bsc#1239547). WebKitGTK-4.0-lang-2.46.6-150400.4.109.1.noarch.rpm WebKitGTK-4.1-lang-2.46.6-150400.4.109.1.noarch.rpm WebKitGTK-6.0-lang-2.46.6-150400.4.109.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.46.6-150400.4.109.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.46.6-150400.4.109.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.46.6-150400.4.109.1.x86_64.rpm libwebkit2gtk-4_0-37-2.46.6-150400.4.109.1.x86_64.rpm libwebkit2gtk-4_1-0-2.46.6-150400.4.109.1.x86_64.rpm libwebkitgtk-6_0-4-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.46.6-150400.4.109.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.46.6-150400.4.109.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.46.6-150400.4.109.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.46.6-150400.4.109.1.x86_64.rpm webkit2gtk3-2.46.6-150400.4.109.1.src.rpm webkit2gtk3-devel-2.46.6-150400.4.109.1.x86_64.rpm webkit2gtk3-soup2-2.46.6-150400.4.109.1.src.rpm webkit2gtk3-soup2-devel-2.46.6-150400.4.109.1.x86_64.rpm webkit2gtk4-2.46.6-150400.4.109.1.src.rpm webkitgtk-6_0-injected-bundles-2.46.6-150400.4.109.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1027 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483). - CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779). - CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109). - CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073). - CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115). The following non-security bugs were fixed: - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). kernel-default-5.14.21-150400.24.158.1.nosrc.rpm True kernel-default-5.14.21-150400.24.158.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.158.1.150400.24.78.1.src.rpm True kernel-default-base-5.14.21-150400.24.158.1.150400.24.78.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.158.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.158.1.noarch.rpm True kernel-docs-5.14.21-150400.24.158.1.noarch.rpm True kernel-docs-5.14.21-150400.24.158.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.158.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.158.1.src.rpm True kernel-obs-build-5.14.21-150400.24.158.1.x86_64.rpm True kernel-source-5.14.21-150400.24.158.1.noarch.rpm True kernel-source-5.14.21-150400.24.158.1.src.rpm True kernel-syms-5.14.21-150400.24.158.1.src.rpm True kernel-syms-5.14.21-150400.24.158.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.158.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1160 Recommended update for vim moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 vim was updated to 9.1.1176. Changes: * wrong indent when expanding multiple lines * inconsistent behaviour with exclusive selection and motion commands * filetype: ABNF files are not detected * [security]: overflow with 'nostartofline' and Ex command in tag file * wildmenu highlighting in popup can be improved * using global variable for get_insert()/get_lambda_name() * wrong flags passed down to nextwild() * mark '] wrong after copying text object * command-line auto-completion hard with wildmenu * diff: regression with multi-file diff blocks * [security]: code execution with tar.vim and special crafted tar files * $MYVIMDIR is set too late * completion popup not cleared in cmdline * preinsert requires bot "menu" and "menuone" to be set * Ctrl-Y does not work well with "preinsert" when completing items * $MYVIMDIR may not always be set * :verbose set has wrong file name with :compiler! * command completion wrong for input() * Mode message not cleared after :silent message * Vim9: not able to use autoload class accross scripts * build error on Haiku * Patch v9.1.1151 causes problems * too many strlen() calls in getchar.c * :hi completion may complete to wrong value * Unix Makefile does not support Brazilian lang for the installer * Vim9: finding imported scripts can be further improved * preview-window does not scroll correctly * Vim9: wrong context being used when evaluating class member * multi-line completion has wrong indentation for last line * no way to create raw strings from a blob * illegal memory access when putting a register * Misplaced comment in readfile() * filetype: m17ndb files are not detected * [fifo] is not displayed when editing a fifo * cmdline completion for :hi is too simplistic * ins_str() is inefficient by calling STRLEN() * Match highlighting marks a buffer region as changed * 'suffixesadd' doesn't work with multiple items * filetype: Guile init file not recognized * filetype: xkb files not recognized everywhere * Mark positions wrong after triggering multiline completion * potential out-of-memory issue in search.c * 'listchars' "precedes" is not drawn on Tabs. * missing out-of-memory test in buf_write() * patch 9.1.1119 caused a regression with imports * preinsert text is not cleaned up correctly * patch 9.1.1121 used a wrong way to handle enter * cannot loop through pum menu with multiline items * No test for 'listchars' "precedes" with double-width char * popup hi groups not falling back to defaults * too many strlen() calls in findfile.c * Enter does not insert newline with "noselect" * Vim9: Not able to use an autoloaded class from another autoloaded script * Vim9: super not supported in lambda expressions * [security]: use-after-free in str_to_reg() * enabling termguicolors automatically confuses users * Inconsistencies in get_next_or_prev_match() * Vim9: variable not found in transitive import * cmdexpand.c hard to read * 'smoothscroll' gets stuck with 'listchars' "eol" * cannot loop through completion menu with fuzzy * Vim9: no support for protected new() method * CI: using Ubuntu 22.04 Github runners * if_perl: still some compile errors with Perl 5.38 gvim-9.1.1176-150000.5.72.1.x86_64.rpm vim-9.1.1176-150000.5.72.1.src.rpm vim-9.1.1176-150000.5.72.1.x86_64.rpm vim-data-9.1.1176-150000.5.72.1.noarch.rpm vim-data-common-9.1.1176-150000.5.72.1.noarch.rpm vim-small-9.1.1176-150000.5.72.1.x86_64.rpm xxd-9.1.1176-150000.5.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1193 Security update for apparmor moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). apache2-mod_apparmor-3.0.4-150400.5.12.2.x86_64.rpm apparmor-3.0.4-150400.5.12.2.src.rpm apparmor-abstractions-3.0.4-150400.5.12.2.noarch.rpm apparmor-docs-3.0.4-150400.5.12.2.noarch.rpm apparmor-parser-3.0.4-150400.5.12.2.x86_64.rpm apparmor-parser-lang-3.0.4-150400.5.12.2.noarch.rpm apparmor-profiles-3.0.4-150400.5.12.2.noarch.rpm apparmor-utils-3.0.4-150400.5.12.2.noarch.rpm apparmor-utils-lang-3.0.4-150400.5.12.2.noarch.rpm libapparmor-3.0.4-150400.5.12.2.src.rpm libapparmor-devel-3.0.4-150400.5.12.2.x86_64.rpm libapparmor1-3.0.4-150400.5.12.2.x86_64.rpm libapparmor1-32bit-3.0.4-150400.5.12.2.x86_64.rpm pam_apparmor-3.0.4-150400.5.12.2.x86_64.rpm pam_apparmor-32bit-3.0.4-150400.5.12.2.x86_64.rpm perl-apparmor-3.0.4-150400.5.12.2.x86_64.rpm python3-apparmor-3.0.4-150400.5.12.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1125 Security update for libxslt important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) libxslt-1.1.34-150400.3.6.1.src.rpm libxslt-devel-1.1.34-150400.3.6.1.x86_64.rpm libxslt-tools-1.1.34-150400.3.6.1.x86_64.rpm libxslt1-1.1.34-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1008 Security update for python-gunicorn important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-gunicorn fixes the following issues: - CVE-2024-6827: Fixed improper validation of the 'Transfer-Encoding' header value can allow for HTTP request smuggling attacks (bsc#1239830) python-gunicorn-20.1.0-150400.12.9.1.src.rpm python311-gunicorn-20.1.0-150400.12.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1126 Security update for tomcat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT (bsc#1239302) - Update to Tomcat 9.0.102 * Fixes: + launch with java 17 (bsc#1239676) * Catalina + Fix: Weak etags in the If-Range header should not match as strong etags are required. (remm) + Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt) + Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt) + Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt) + Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt) + Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm) + Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header. (remm) + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm) * Cluster + Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt) * Coyote + Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm) + Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm) + Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt) * Other + Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt) + Update: Update Byte Buddy to 1.17.1. (markt) + Update: Update Checkstyle to 10.21.3. (markt) + Update: Update SpotBugs to 4.9.1. (markt) + Update: Update JSign to 7.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm) - Update to Tomcat 9.0.99 * Catalina + Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm) + Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt) + Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm) + Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt) + Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm) + Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm) + Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm) + Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based on a patch submitted by Chenjp. (remm) + Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt) + Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm) + Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt) + Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt) + Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt) + Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt) + Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt) + Fix: Enhance lifecycle of temporary files used by partial PUT. (remm) * Coyote + Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt) + Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt) + Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normal usage. (markt) + Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt) + Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt) + Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm) + Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt) + Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt) * Jasper + Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt) + Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt) + Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt) * Web applications + Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt) + Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt) * Other + Update: Update to Commons Daemon 1.4.1. (markt) + Update: Update the internal fork of Commons Pool to 2.12.1. (markt) + Update: Update Byte Buddy to 1.16.1. (markt) + Update: Update UnboundID to 7.0.2. (markt) + Update: Update Checkstyle to 10.21.2. (markt) + Update: Update SpotBugs to 4.9.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Chinese translations by leeyazhou. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) tomcat-9.0.102-150200.78.1.noarch.rpm tomcat-9.0.102-150200.78.1.src.rpm tomcat-admin-webapps-9.0.102-150200.78.1.noarch.rpm tomcat-el-3_0-api-9.0.102-150200.78.1.noarch.rpm tomcat-jsp-2_3-api-9.0.102-150200.78.1.noarch.rpm tomcat-lib-9.0.102-150200.78.1.noarch.rpm tomcat-servlet-4_0-api-9.0.102-150200.78.1.noarch.rpm tomcat-webapps-9.0.102-150200.78.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1014 Security update for buildah important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239339). buildah-1.35.5-150400.3.45.1.src.rpm buildah-1.35.5-150400.3.45.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1054 Security update for mercurial important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mercurial fixes the following issues: - CVE-2025-2361: Fixed improper sanitization of user-controlled input passed via the cmd parameter in the Mercurial SCM Web Interface (bsc#1239685) mercurial-5.9.1-150400.3.6.1.src.rpm mercurial-5.9.1-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1131 Security update for openvpn important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed incorrect handling of null bytes and invalid characters in control messages (bsc#1235147) openvpn-2.5.6-150400.3.9.1.src.rpm openvpn-2.5.6-150400.3.9.1.x86_64.rpm openvpn-auth-pam-plugin-2.5.6-150400.3.9.1.x86_64.rpm openvpn-devel-2.5.6-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1062 Security update for docker, docker-stable important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) docker-27.5.1_ce-150000.218.1.src.rpm docker-27.5.1_ce-150000.218.1.x86_64.rpm docker-bash-completion-27.5.1_ce-150000.218.1.noarch.rpm docker-rootless-extras-27.5.1_ce-150000.218.1.noarch.rpm docker-stable-24.0.9_ce-150000.1.15.1.src.rpm docker-stable-24.0.9_ce-150000.1.15.1.x86_64.rpm docker-stable-bash-completion-24.0.9_ce-150000.1.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1197 Recommended update for scap-security-guide low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 his update for scap-security-guide fixes the following issues: - updated to 0.1.76 (jsc#ECO-3319) - Add new product for Ubuntu 24.04 and draft CIS profiles - Add pyproject.toml for the ssg package - AlmaLinux OS 9 as a new product - Documentation for ssg library - Extend SSG library to more easily collect profile selections - Extend SSG with functions to manage variables scap-security-guide-0.1.76-150000.1.92.1.noarch.rpm scap-security-guide-0.1.76-150000.1.92.1.src.rpm scap-security-guide-debian-0.1.76-150000.1.92.1.noarch.rpm scap-security-guide-redhat-0.1.76-150000.1.92.1.noarch.rpm scap-security-guide-ubuntu-0.1.76-150000.1.92.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1140 Recommended update for rust1.85 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust1.85 fixes the following issues: Version 1.85.1 (2025-03-18) ========================== - Fix the doctest-merging feature of the 2024 Edition. - Relax some `target_feature` checks when generating docs. - Fix errors in `std::fs::rename` on Windows 10, version 1607. - Downgrade bootstrap `cc` to fix custom targets. - Skip submodule updates when building Rust from a source tarball. cargo1.85-1.85.1-150300.7.6.1.x86_64.rpm rust1.85-1.85.1-150300.7.6.1.nosrc.rpm rust1.85-1.85.1-150300.7.6.1.x86_64.rpm rust1.85-src-1.85.1-150300.7.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1138 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 (bsc#1240083): * CVE-2025-3028: Use-after-free triggered by XSLTProcessor * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 MozillaFirefox-128.9.0-150200.152.176.1.src.rpm MozillaFirefox-128.9.0-150200.152.176.1.x86_64.rpm MozillaFirefox-devel-128.9.0-150200.152.176.1.noarch.rpm MozillaFirefox-translations-common-128.9.0-150200.152.176.1.x86_64.rpm MozillaFirefox-translations-other-128.9.0-150200.152.176.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1127 Security update for ghostscript important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doc_common.c (bsc#1240075) - CVE-2025-27832: Fixed compression buffer overflow in NPDL device for contrib/japanese/gdevnpdl.c (bsc#1240077) - CVE-2025-27835: Fixed buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c (bsc#1240080) - CVE-2025-27836: Fixed Print buffer overflow in BJ10V device in contrib/japanese/gdev10v.c (bsc#1240081) ghostscript-9.52-150000.203.1.src.rpm ghostscript-9.52-150000.203.1.x86_64.rpm ghostscript-devel-9.52-150000.203.1.x86_64.rpm ghostscript-x11-9.52-150000.203.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1192 Recommended update for hwinfo moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hwinfo fixes the following issues: - Avoid reporting of spurious usb storage devices (bsc#1223330) - Do not overdo usb device de-duplication (bsc#1239663) hwinfo-21.87-150400.3.15.1.src.rpm hwinfo-21.87-150400.3.15.1.x86_64.rpm hwinfo-devel-21.87-150400.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1128 Security update for ffmpeg-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2020-22037: Fixed unchecked return value of the init_vlc function (bsc#1186756) - CVE-2024-12361: Fixed null pointer dereference (bsc#1237358) - CVE-2024-35368: Fixed double free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028) - CVE-2024-36613: Fixed integer overflow in the DXA demuxer of the libavformat library (bsc#1235092) - CVE-2025-0518: Fixed memory leak due to unchecked sscanf return value (bsc#1236007) - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371) - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382) - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351) Other fixes: - Build with SVT-AV1 3.0.0. - Update to release 4.4.5: * Adjust bconds to build the package in SLFO without xvidcore. * Add 0001-libavcodec-arm-mlpdsp_armv5te-fix-label-format-to-wo.patch (bsc#1229338) * Add ffmpeg-c99.patch so that the package conforms to the C99 standard and builds on i586 with GCC 14. * No longer build against libmfx; build against libvpl (bsc#1230983, bsc#1219494) * Drop libmfx dependency from our product (jira #PED-10024) * Update patch to build with glslang 14 * Disable vmaf integration as ffmpeg-4 cannot handle vmaf>=3 * Copy codec list from ffmpeg-6 * Resolve build failure with binutils >= 2.41. (bsc#1215945) - Update to version 4.4.4: * avcodec/012v: Order operations for odd size handling * avcodec/alsdec: The minimal block is at least 7 bits * avcodec/bink: - Avoid undefined out of array end pointers in binkb_decode_plane() - Fix off by 1 error in ref end * avcodec/eac3dec: avoid float noise in fixed mode addition to overflow * avcodec/eatgq: : Check index increments in tgq_decode_block() * avcodec/escape124: - Fix signdness of end of input check - Fix some return codes * avcodec/ffv1dec: - Check that num h/v slices is supported - Fail earlier if prior context is corrupted - Restructure slice coordinate reading a bit * avcodec/mjpegenc: take into account component count when writing the SOF header size * avcodec/mlpdec: Check max matrix instead of max channel in noise check * avcodec/motionpixels: Mask pixels to valid values * avcodec/mpeg12dec: Check input size * avcodec/nvenc: - Fix b-frame DTS behavior with fractional framerates - Fix vbv buffer size in cq mode * avcodec/pictordec: Remove mid exit branch * avcodec/pngdec: Check deloco index more exactly * avcodec/rpzaenc: stop accessing out of bounds frame * avcodec/scpr3: Check bx * avcodec/scpr: Test bx before use * avcodec/snowenc: Fix visual weight calculation * avcodec/speedhq: Check buf_size to be big enough for DC * avcodec/sunrast: Fix maplength check * avcodec/tests/snowenc: - Fix 2nd test - Return a failure if DWT/IDWT mismatches - Unbreak DWT tests * avcodec/tiff: Ignore tile_count * avcodec/utils: - Allocate a line more for VC1 and WMV3 - Ensure linesize for SVQ3 - Use 32pixel alignment for bink * avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things * avcodec/vp3: Add missing check for av_malloc * avcodec/wavpack: - Avoid undefined shift in get_tail() - Check for end of input in wv_unpack_dsd_high() * avcodec/xpmdec: Check size before allocation to avoid truncation * avfilter/vf_untile: swap the chroma shift values used for plane offsets * avformat/id3v2: Check taglen in read_uslt() * avformat/mov: Check samplesize and offset to avoid integer overflow * avformat/mxfdec: Use 64bit in remainder * avformat/nutdec: Add check for avformat_new_stream * avformat/replaygain: avoid undefined / negative abs * swscale/input: Use more unsigned intermediates * swscale/output: Bias 16bps output calculations to improve non overflowing range * swscale: aarch64: Fix yuv2rgb with negative stride * Use https for repository links - Update to version 4.4.3: * Stable bug fix release, mainly codecs, filter and format fixes. - Add patch to detect SDL2 >= 2.1.0 (bsc#1202848): - Update to version 4.4.2: * Stable bug fix release, mainly codecs, filter and format fixes. - Add conflicts for ffmpeg-5's tools - Enable Vulkan filters - Fix OS version check, so nvcodec is enabled for Leap too. - Disamble libsmbclient usage (can always be built with --with-smbclient): the usecase of ffmpeg directly accessing smb:// shares is quite constructed (most users will have their smb shares mounted). - Update to version 4.4.1: * Stable bug fix release, mainly codecs and format fixes. ffmpeg-4-4.4.5-150400.3.46.1.src.rpm libavcodec58_134-4.4.5-150400.3.46.1.x86_64.rpm libavformat58_76-4.4.5-150400.3.46.1.x86_64.rpm libavutil56_70-4.4.5-150400.3.46.1.x86_64.rpm libpostproc55_9-4.4.5-150400.3.46.1.x86_64.rpm libswresample3_9-4.4.5-150400.3.46.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1164 Security update for giflib important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) giflib-5.2.2-150000.4.16.1.src.rpm giflib-devel-5.2.2-150000.4.16.1.x86_64.rpm libgif7-5.2.2-150000.4.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1319 Recommended update for golang-github-prometheus-node_exporter, system-user-prometheus moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for golang-github-prometheus-node_exporter and system-user-prometheus fixes the following issues: golang-github-prometheus-node_exporter was updated from version 1.7.0 to version 1.9.0 (jsc#PED-12485): - Packaging improvements: * Use `systemd-sysusers` to configure the user in a dedicated 'system-user-prometheus' subpackage (bsc#1235516) * Remove `systemd` and `shadow` hard requirements - Version 1.9.0: * [CHANGE] meminfo: Convert linux implementation to use procfs lib * [CHANGE] Update logging to use Go log/slog * [FEATURE] filesystem: Add node_filesystem_mount_info metric * [FEATURE] btrfs: Add metrics for commit statistics * [FEATURE] interrupts: Add collector include/exclude filtering * [FEATURE] interrupts: Add "exclude zeros" filtering * [FEATURE] slabinfo: Add filters for slab name. * [FEATURE] pressure: add IRQ PSI metrics * [FEATURE] hwmon: Add include and exclude filter for sensors * [FEATURE] filesystem: Add NetBSD support * [FEATURE] netdev: Add ifAlias label * [FEATURE] hwmon: Add Support for GPU Clock Frequencies * [FEATURE] Add exclude[] URL parameter * [FEATURE] Add AIX support * [FEATURE] filesystem: Add fs-types/mount-points include flags * [FEATURE] netstat: Add collector for tcp packet counters for FreeBSD. * [ENHANCEMENT] ethtool: Add logging for filtering flags * [ENHANCEMENT] netstat: Add TCPRcvQDrop to default metrics * [ENHANCEMENT] diskstats: Add block device rotational * [ENHANCEMENT] cpu: Support CPU online status * [ENHANCEMENT] arp: optimize interface name resolution * [ENHANCEMENT] textfile: Allow specifiying multiple directoryglobs * [ENHANCEMENT] filesystem: Add reporting of purgeable space on MacOS * [ENHANCEMENT] ethtool: Skip full scan of NetClass directories * [BUGFIX] zfs: Prevent procfs integer underflow * [BUGFIX] pressure: Fix collection on systems that do not expose a full CPU stat * [BUGFIX] cpu: Fix FreeBSD 32-bit host support and plug memory leak * [BUGFIX] hwmon: Add safety check to hwmon read * [BUGFIX] zfs: Allow space in dataset name - Version 1.8.2: * [BUGFIX] Fix CPU pressure metric collection - Version 1.8.1: * [BUGFIX] Fix CPU seconds on Solaris * [BUGFIX] Sign Darwin/MacOS binaries * [BUGFIX] Fix pressure collector nil reference - Version 1.8.0: * [CHANGE] exec_bsd: Fix labels for vm.stats.sys.v_syscall sysctl * [CHANGE] diskstats: Ignore zram devices on linux systems * [CHANGE] textfile: Avoid inconsistent help-texts * [CHANGE] os: Removed caching of modtime/filename of os-release file * [FEATURE] xfrm: Add new collector * [FEATURE] watchdog: Add new collector * [ENHANCEMENT] cpu_vulnerabilities: Add mitigation information label * [ENHANCEMENT] nfsd: Handle new wdeleg_getattr attribute * [ENHANCEMENT] netstat: Add TCPOFOQueue to default netstat metrics * [ENHANCEMENT] filesystem: surface device errors * [ENHANCEMENT] os: Add support end parsing * [ENHANCEMENT] zfs: Log mib when sysctl read fails on FreeBSD * [ENHANCEMENT] fibre_channel: update procfs to take into account optional attributes * [BUGFIX] cpu: Fix debug log in cpu collector * [BUGFIX] hwmon: Fix hwmon nil ptr * [BUGFIX] hwmon: Fix hwmon error capture * [BUGFIX] zfs: Revert "Add ZFS freebsd per dataset stats * [BUGFIX] ethtool: Sanitize ethtool metric name keys * [BUGFIX] fix: data race of NetClassCollector metrics initialization system-user-prometheus: - Implemented `system-user-prometheus` as new requirement for `golang-github-prometheus-node_exporter` golang-github-prometheus-node_exporter-1.9.0-150100.3.32.3.src.rpm golang-github-prometheus-node_exporter-1.9.0-150100.3.32.3.x86_64.rpm system-user-prometheus-1.0.0-150000.14.2.noarch.rpm system-user-prometheus-1.0.0-150000.14.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1354 Recommended update for iproute2 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for iproute2 fixes the following issues: - Avoid false cgroup warnings (bsc#1234383) iproute2-5.14-150400.3.3.1.src.rpm iproute2-5.14-150400.3.3.1.x86_64.rpm iproute2-arpd-5.14-150400.3.3.1.x86_64.rpm iproute2-bash-completion-5.14-150400.3.3.1.x86_64.rpm libnetlink-devel-5.14-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1141 Security update for go1.23 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.23 fixes the following issues: - Update to go1.23.8 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) go1.23-1.23.8-150000.1.27.1.src.rpm go1.23-1.23.8-150000.1.27.1.x86_64.rpm go1.23-doc-1.23.8-150000.1.27.1.x86_64.rpm go1.23-race-1.23.8-150000.1.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1292 Recommended update for timezone moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for timezone fixes the following issues: - Version update 2025b * New zone for Aysen Region in Chile (America/Coyhaique) which moves from -04/-03 to -03 - Refresh patches for philippines historical data and china tzdata timezone-2025b-150000.75.34.2.src.rpm timezone-2025b-150000.75.34.2.x86_64.rpm timezone-java-2025b-150000.75.34.2.noarch.rpm timezone-java-2025b-150000.75.34.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1195 Security update for the Linux Kernel important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918). - CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919). - CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207). - CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890). - CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911). The following non-security bugs were fixed: - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016). - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969). - btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969). - gfs2: Fix inode height consistency check (git-fixes). - mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195). - net: mana: Support holes in device list reply msg (bsc#1240133). kernel-default-5.14.21-150400.24.161.1.nosrc.rpm True kernel-default-5.14.21-150400.24.161.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.161.1.150400.24.80.1.src.rpm True kernel-default-base-5.14.21-150400.24.161.1.150400.24.80.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.161.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.161.1.noarch.rpm True kernel-docs-5.14.21-150400.24.161.1.noarch.rpm True kernel-docs-5.14.21-150400.24.161.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.161.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.161.1.src.rpm True kernel-obs-build-5.14.21-150400.24.161.1.x86_64.rpm True kernel-source-5.14.21-150400.24.161.1.noarch.rpm True kernel-source-5.14.21-150400.24.161.1.src.rpm True kernel-syms-5.14.21-150400.24.161.1.src.rpm True kernel-syms-5.14.21-150400.24.161.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.161.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1294 Security update for rubygem-bundler important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rubygem-bundler fixes the following issues: - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34 ruby2.5-rubygem-bundler-2.2.34-150000.3.11.1.x86_64.rpm rubygem-bundler-2.2.34-150000.3.11.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1201 Security update for expat important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do expat-2.7.1-150400.3.28.1.src.rpm expat-2.7.1-150400.3.28.1.x86_64.rpm libexpat-devel-2.7.1-150400.3.28.1.x86_64.rpm libexpat1-2.7.1-150400.3.28.1.x86_64.rpm libexpat1-32bit-2.7.1-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1217 Recommended update for ca-certificates-mozilla important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ca-certificates-mozilla fixes the following issues: - Reenable the distrusted certs for now. as these only distrust "new issued" certs starting after a certain date, while old certs should still work. (bsc#1240343) ca-certificates-mozilla-2.74-150200.41.1.noarch.rpm ca-certificates-mozilla-2.74-150200.41.1.src.rpm ca-certificates-mozilla-prebuilt-2.74-150200.41.2.noarch.rpm ca-certificates-mozilla-prebuilt-2.74-150200.41.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1350 Recommended update for rust, rust1.86 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rust, rust1.86 fixes the following issues: Changes in rust1.86: Version 1.86.0 (2025-04-03) ========================== Language -------- - Stabilize upcasting trait objects to supertraits. - Allow safe functions to be marked with the `#[target_feature]` attribute. - The `missing_abi` lint now warns-by-default. - Rust now lints about double negations, to catch cases that might have intended to be a prefix decrement operator (`--x`) as written in other languages. This was previously a clippy lint, `clippy::double_neg`, and is [now available directly in Rust as `double_negations`. - More pointers are now detected as definitely not-null based on their alignment in const eval. - Empty `repr()` attribute applied to invalid items are now correctly rejected. - Inner attributes `#![test]` and `#![rustfmt::skip]` are no longer accepted in more places than intended. Compiler -------- - Debug-assert that raw pointers are non-null on access. - Change `-O` to mean `-C opt-level=3` instead of `-C opt-level=2` to match Cargo's defaults. - Fix emission of `overflowing_literals` under certain macro environments. Platform Support ---------------- - Replace `i686-unknown-redox` target with `i586-unknown-redox`. - Increase baseline CPU of `i686-unknown-hurd-gnu` to Pentium 4. - New tier 3 targets: - `{aarch64-unknown,x86_64-pc}-nto-qnx710_iosock` For supporting Neutrino QNX 7.1 with `io-socket` network stack. - `{aarch64-unknown,x86_64-pc}-nto-qnx800` For supporting Neutrino QNX 8.0 (`no_std`-only). - `{x86_64,i686}-win7-windows-gnu` Intended for backwards compatibility with Windows 7. `{x86_64,i686}-win7-windows-msvc` are the Windows MSVC counterparts that already exist as Tier 3 targets. - `amdgcn-amd-amdhsa` - `x86_64-pc-cygwin` - `{mips,mipsel}-mti-none-elf` Initial bare-metal support. - `m68k-unknown-none-elf` - `armv7a-nuttx-{eabi,eabihf}`, `aarch64-unknown-nuttx`, and `thumbv7a-nuttx-{eabi,eabihf}` Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - The type of `FromBytesWithNulError` in `CStr::from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, FromBytesWithNulError>` was changed from an opaque struct to an enum, allowing users to examine why the conversion failed. - Remove `RustcDecodable` and `RustcEncodable`. - Deprecate libtest's `--logfile` option. - On recent versions of Windows, `std::fs::remove_file` will now remove read-only files. Stabilized APIs --------------- - `{float}::next_down` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_down - `{float}::next_up` https://doc.rust-lang.org/stable/std/primitive.f64.html#method.next_up - `<[_]>::get_disjoint_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_mut - `<[_]>::get_disjoint_unchecked_mut` https://doc.rust-lang.org/stable/std/primitive.slice.html#method.get_disjoint_unchecked_mut - `slice::GetDisjointMutError` https://doc.rust-lang.org/stable/std/slice/enum.GetDisjointMutError.html - `HashMap::get_disjoint_mut` https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_mut - `HashMap::get_disjoint_unchecked_mut` https://doc.rust-lang.org/std/collections/hash_map/struct.HashMap.html#method.get_disjoint_unchecked_mut - `NonZero::count_ones` https://doc.rust-lang.org/stable/std/num/struct.NonZero.html#method.count_ones - `Vec::pop_if` https://doc.rust-lang.org/std/vec/struct.Vec.html#method.pop_if - `sync::Once::wait` https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait - `sync::Once::wait_force` https://doc.rust-lang.org/stable/std/sync/struct.Once.html#method.wait_force - `sync::OnceLock::wait` https://doc.rust-lang.org/stable/std/sync/struct.OnceLock.html#method.wait These APIs are now stable in const contexts: - `hint::black_box` https://doc.rust-lang.org/stable/std/hint/fn.black_box.html - `io::Cursor::get_mut` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.get_mut - `io::Cursor::set_position` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.set_position - `str::is_char_boundary` https://doc.rust-lang.org/stable/std/primitive.str.html#method.is_char_boundary - `str::split_at` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at - `str::split_at_checked` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_checked - `str::split_at_mut` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut - `str::split_at_mut_checked` https://doc.rust-lang.org/stable/std/primitive.str.html#method.split_at_mut_checked Cargo ----- - When merging, replace rather than combine configuration keys that refer to a program path and its arguments. - Error if both `--package` and `--workspace` are passed but the requested package is missing. This was previously silently ignored, which was considered a bug since missing packages should be reported. - Deprecate the token argument in `cargo login` to avoid shell history leaks. - Simplify the implementation of `SourceID` comparisons. This may potentially change behavior if the canonicalized URL compares differently in alternative registries. Rustdoc ----- - Add a sans-serif font setting. Compatibility Notes ------------------- - The `wasm_c_abi` future compatibility warning is now a hard error. Users of `wasm-bindgen` should upgrade to at least version 0.2.89, otherwise compilation will fail. - Remove long-deprecated no-op attributes `#![no_start]` and `#![crate_id]`. - The future incompatibility lint `cenum_impl_drop_cast` has been made into a hard error. This means it is now an error to cast a field-less enum to an integer if the enum implements `Drop`. - SSE2 is now required for "i686" 32-bit x86 hard-float targets; disabling it causes a warning that will become a hard error eventually. To compile for pre-SSE2 32-bit x86, use a "i586" target instead. Internal Changes ---------------- These changes do not affect any public interfaces of Rust, but they represent significant improvements to the performance or internals of rustc and related tools. - Build the rustc on AArch64 Linux with ThinLTO + PGO. The ARM 64-bit compiler (AArch64) on Linux is now optimized with ThinLTO and PGO, similar to the optimizations we have already performed for the x86-64 compiler on Linux. This should make it up to 30% faster. cargo-1.86.0-150400.24.42.1.x86_64.rpm cargo1.86-1.86.0-150300.7.5.1.x86_64.rpm rust-1.86.0-150400.24.42.1.src.rpm rust-1.86.0-150400.24.42.1.x86_64.rpm rust1.86-1.86.0-150300.7.5.1.nosrc.rpm rust1.86-1.86.0-150300.7.5.1.x86_64.rpm rust1.86-src-1.86.0-150300.7.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1326 Security update for pgadmin4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pgadmin4 fixes the following issues: - CVE-2025-27152: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) - CVE-2023-1907: Fixed an issue which could result in users being authenticated in another user's session if two users authenticate simultaneously via ldap (bsc#1234840) - CVE-2024-4068: Fixed a possible memory exhaustion (bsc#1224295) pgadmin4-4.30-150300.3.18.1.src.rpm pgadmin4-4.30-150300.3.18.1.x86_64.rpm pgadmin4-doc-4.30-150300.3.18.1.noarch.rpm pgadmin4-web-4.30-150300.3.18.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1336 Security update for webkit2gtk3 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) WebKitGTK-4.0-lang-2.48.1-150400.4.115.2.noarch.rpm WebKitGTK-4.1-lang-2.48.1-150400.4.115.2.noarch.rpm WebKitGTK-6.0-lang-2.48.1-150400.4.115.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.48.1-150400.4.115.2.x86_64.rpm libjavascriptcoregtk-4_1-0-2.48.1-150400.4.115.2.x86_64.rpm libjavascriptcoregtk-6_0-1-2.48.1-150400.4.115.2.x86_64.rpm libwebkit2gtk-4_0-37-2.48.1-150400.4.115.2.x86_64.rpm libwebkit2gtk-4_1-0-2.48.1-150400.4.115.2.x86_64.rpm libwebkitgtk-6_0-4-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-WebKit2-4_1-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.48.1-150400.4.115.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.48.1-150400.4.115.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.48.1-150400.4.115.2.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.48.1-150400.4.115.2.x86_64.rpm webkit2gtk3-2.48.1-150400.4.115.2.src.rpm webkit2gtk3-devel-2.48.1-150400.4.115.2.x86_64.rpm webkit2gtk3-soup2-2.48.1-150400.4.115.2.src.rpm webkit2gtk3-soup2-devel-2.48.1-150400.4.115.2.x86_64.rpm webkit2gtk4-2.48.1-150400.4.115.2.src.rpm webkitgtk-6_0-injected-bundles-2.48.1-150400.4.115.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1324 Security update for apache2-mod_auth_openidc important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893) apache2-mod_auth_openidc-2.3.8-150100.3.31.1.src.rpm apache2-mod_auth_openidc-2.3.8-150100.3.31.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1369 Security update for ruby2.5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) Other fixes: - Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) libruby2_5-2_5-2.5.9-150000.4.41.1.x86_64.rpm ruby2.5-2.5.9-150000.4.41.1.src.rpm ruby2.5-2.5.9-150000.4.41.1.x86_64.rpm ruby2.5-devel-2.5.9-150000.4.41.1.x86_64.rpm ruby2.5-devel-extra-2.5.9-150000.4.41.1.x86_64.rpm ruby2.5-stdlib-2.5.9-150000.4.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1332 Security update for rekor important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rekor fixes the following issues: - CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519) - CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053) - CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191) - CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327) - CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638) - CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468) Other fixes: - Update to version 1.3.10: * Features - Added --client-signing-algorithms flag (#1974) * Fixes / Misc - emit unpopulated values when marshalling (#2438) - pkg/api: better logs when algorithm registry rejects a key (#2429) - chore: improve mysql readiness checks (#2397) - Added --client-signing-algorithms flag (#1974) - Update to version 1.3.9 (jsc#SLE-23476): * Cache checkpoint for inactive shards (#2332) * Support per-shard signing keys (#2330) - Update to version 1.3.8: * Bug Fixes - fix zizmor issues (#2298) - remove unneeded value in log message (#2282) * Quality Enhancements - chore: relax go directive to permit 1.22.x - fetch minisign from homebrew instead of custom ppa (#2329) - fix(ci): simplify GOVERSION extraction - chore(deps): bump actions pins to latest - Updates go and golangci-lint (#2302) - update builder to use go1.23.4 (#2301) - clean up spaces - log request body on 500 error to aid debugging (#2283) - Update to version 1.3.7: * New Features - log request body on 500 error to aid debugging (#2283) - Add support for signing with Tink keyset (#2228) - Add public key hash check in Signed Note verification (#2214) - update Trillian TLS configuration (#2202) - Add TLS support for Trillian server (#2164) - Replace docker-compose with plugin if available (#2153) - Add flags to backfill script (#2146) - Unset DisableKeepalive for backfill HTTP client (#2137) - Add script to delete indexes from Redis (#2120) - Run CREATE statement in backfill script (#2109) - Add MySQL support to backfill script (#2081) - Run e2e tests on mysql and redis index backends (#2079) * Bug Fixes - remove unneeded value in log message (#2282) - Add error message when computing consistency proof (#2278) - fix validation error handling on API (#2217) - fix error in pretty-printed inclusion proof from verify subcommand (#2210) - Fix index scripts (#2203) - fix failing sharding test - Better error handling in backfill script (#2148) - Batch entries in cleanup script (#2158) - Add missing workflow for index cleanup test (#2121) - hashedrekord: fix schema $id (#2092) rekor-1.3.10-150400.4.25.1.src.rpm rekor-1.3.10-150400.4.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1333 Security update for cosign important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cosign fixes the following issues: - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file (bsc#1227031) - CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to potentially dangerous situations (bsc#1232985) - CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's Parsing (bsc#1237682) - CVE-2025-22870: cosign: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238693) - CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239204) - CVE-2025-22869: cosign: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239337) Other fixes: - Update to version 2.5.0 (jsc#SLE-23476): * Update sigstore-go to pick up bug fixes (#4150) * Update golangci-lint to v2, update golangci-lint-action (#4143) * Feat/non filename completions (#4115) * update builder to use go1.24.1 (#4116) * Add support for new bundle specification for attesting/verifying OCI image attestations (#3889) * Remove cert log line (#4113) * cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111) * bump to latest scaffolding release for testing (#4099) * increase 2e2_test docker compose tiemout to 180s (#4091) * Fix replace with compliant image mediatype (#4077) * Add TSA certificate related flags and fields for cosign attest (#4079) - Update to version 2.4.3 (jsc#SLE-23476): * Enable fetching signatures without remote get. (#4047) * Bump sigstore/sigstore to support KMS plugins (#4073) * sort properly Go imports (#4071) * sync comment with parameter name in function signature (#4063) * fix go imports order to be alphabetical (#4062) * fix comment typo and imports order (#4061) * Feat/file flag completion improvements (#4028) * Udpate builder to use go1.23.6 (#4052) * Refactor verifyNewBundle into library function (#4013) * fix parsing error in --only for cosign copy (#4049) * Fix codeowners syntax, add dep-maintainers (#4046) - Update to version 2.4.2 (jsc#SLE-23476): - Updated open-policy-agent to 1.1.0 library (#4036) - Note that only Rego v0 policies are supported at this time - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006) - Add support for verifying root checksum in cosign initialize (#3953) - Detect if user supplied a valid protobuf bundle (#3931) - Add a log message if user doesn't provide --trusted-root (#3933) - Support mTLS towards container registry (#3922) - Add bundle create helper command (#3901) - Add trusted-root create helper command (#3876) Bug Fixes: - fix: set tls config while retaining other fields from default http transport (#4007) - policy fuzzer: ignore known panics (#3993) - Fix for multiple WithRemote options (#3982) - Add nightly conformance test workflow (#3979) - Fix copy --only for signatures + update/align docs (#3904) cosign-2.5.0-150400.3.27.1.src.rpm cosign-2.5.0-150400.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1357 Security update for erlang critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for erlang fixes the following issues: - CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH (bsc#1241300) erlang-23.3.4.19-150300.3.20.1.src.rpm erlang-23.3.4.19-150300.3.20.1.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1428 Recommended update for go1.24 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.24 fixes the following issues: - Fixed random segmentation faults (bsc#1240764) go1.24-1.24.2-150000.1.20.1.src.rpm go1.24-1.24.2-150000.1.20.1.x86_64.rpm go1.24-doc-1.24.2-150000.1.20.1.x86_64.rpm go1.24-race-1.24.2-150000.1.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1436 Security update for MozillaFirefox important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621): * CVE-2025-2817: Potential privilege escalation in Firefox Updater * CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS * CVE-2025-4083: Process isolation bypass using `javascript:` URI links in cross-origin frames * CVE-2025-4084: Potential local code execution in "copy as cURL" command * CVE-2025-4087: Unsafe attribute access during XPath parsing * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 MozillaFirefox-128.10.0-150200.152.179.1.src.rpm MozillaFirefox-128.10.0-150200.152.179.1.x86_64.rpm MozillaFirefox-devel-128.10.0-150200.152.179.1.noarch.rpm MozillaFirefox-translations-common-128.10.0-150200.152.179.1.x86_64.rpm MozillaFirefox-translations-other-128.10.0-150200.152.179.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1430 Security update for python-h11 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-h11 fixes the following issues: - CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request smuggling. (bsc#1241872) python-h11-0.14.0-150400.9.6.1.src.rpm python311-h11-0.14.0-150400.9.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1420 Security update for redis important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for redis fixes the following issues: - CVE-2025-21605: Fixed an output buffer denial of service. (bsc#1241708) redis-6.2.6-150400.3.34.1.src.rpm redis-6.2.6-150400.3.34.1.x86_64.rpm