SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-218 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-samba-client fixes the following issues: - Fixed an issue when untranslated text appears in Windows Domain Membership Expert settings dialog. (bsc#1197936) yast2-samba-client-4.4.4-150400.3.3.1.noarch.rpm yast2-samba-client-4.4.4-150400.3.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1867 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of fwupdate fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). - Update the email address of security team in SBAT (bsc#1221301) - elf_aarch64_efi.lds: set the memory permission explicitly to avoid ld warning like "LOAD segment with RWX permissions" fwupdate-12-150100.11.15.2.src.rpm fwupdate-12-150100.11.15.2.x86_64.rpm fwupdate-devel-12-150100.11.15.2.x86_64.rpm fwupdate-efi-12-150100.11.15.2.x86_64.rpm libfwup1-12-150100.11.15.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-647 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for icu fixes the following issue: - No source changes, this just synchronizes the changelog with the latest implemented changes and correspondent ids. icu-60.2-150000.3.15.4.src.rpm libicu60_2-60.2-150000.3.15.4.x86_64.rpm libicu60_2-ledata-60.2-150000.3.15.4.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1910 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) gstreamer-plugins-base-1.20.1-150400.3.8.2.src.rpm gstreamer-plugins-base-1.20.1-150400.3.8.2.x86_64.rpm gstreamer-plugins-base-devel-1.20.1-150400.3.8.2.x86_64.rpm gstreamer-plugins-base-lang-1.20.1-150400.3.8.2.noarch.rpm libgstallocators-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstapp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstaudio-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstfft-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstgl-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstpbutils-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstriff-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstrtp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstrtsp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstsdp-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgsttag-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm libgstvideo-1_0-0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstApp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstAudio-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGL-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstRtp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstSdp-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstTag-1_0-1.20.1-150400.3.8.2.x86_64.rpm typelib-1_0-GstVideo-1_0-1.20.1-150400.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-472 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing (bsc#1216118). - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120). - CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119). - CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649) - CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208) The following non-security issues were fixed: - Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402). Find the full release notes at: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html tomcat-9.0.85-150200.57.1.noarch.rpm tomcat-9.0.85-150200.57.1.src.rpm tomcat-admin-webapps-9.0.85-150200.57.1.noarch.rpm tomcat-el-3_0-api-9.0.85-150200.57.1.noarch.rpm tomcat-jsp-2_3-api-9.0.85-150200.57.1.noarch.rpm tomcat-lib-9.0.85-150200.57.1.noarch.rpm tomcat-servlet-4_0-api-9.0.85-150200.57.1.noarch.rpm tomcat-webapps-9.0.85-150200.57.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-560 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: plexus-archiver was updated from version 4.2.1 to 4.8.0: - Changes of 4.8.0: * Security issues fixed: + CVE-2023-37460: Avoid override target symlink by standard file in AbstractUnArchiver (bsc#1215973) * New features and improvements: + Added tzst alias for tar.zst archiver/unarchived * Bugs fixed: + Detect permissions for addFile * Maintenance: + Removed public modifier from JUnit 5 tests + Use https in scm/url + Removed junit-jupiter-engine from project dependencies + Removed parent and reports menu from site + Cleanup after "veryLargeJar" test + Override project.url - Changes of 4.7.1: * Bugs fixed: + Don't apply umask on unknown perms (Win) - Changes of 4.7.0: * New features and improvements: + add umask support and use 022 in RB mode + Use NIO Files for creating temporary files + Deprecate the JAR Index feature (JDK-8302819) + Added Archiver aliases for tar.* * Maintenance: + Use JUnit TempDir to manage temporary files in tests + Override uId and gId for Tar in test + Bump maven-resources-plugin from 2.7 to 3.3.1 - Changes of 4.6.3: * New features and improvements: + Fixed path traversal vulnerability The vulnerability affects only directories whose name begins with the same prefix as the destination directory. For example malicious archive may extract file in /opt/directory instead of /opt/dir. - Changes of 4.6.2: * Bugs fixed: + Fixed regression in handling symbolic links - Changes of 4.6.1: * Bugs fixed: + Normalize file separators before warning about equal archive entries - Changes of 4.6.0: * New features and improvements: + keep file/directory permissions in Reproducible Builds mode - Changes of 4.5.0: * New features and improvements: + Added zstd (un)archiver support * Bugs fixed: + Fixed UnArchiver#isOverwrite not working as expected - Changes of 4.4.0: * New features and improvements: + Drop legacy plexus API and use only JSR330 components - Changes of 4.3.0: * New features and improvements: + Require Java 8 + Refactor to use FileTime API + Rename setTime method to setZipEntryTime + Convert InputStreamSupplier to lambdas * Bugs fixed: + Reproducible Builds not working when using modular jar - Changes of 4.2.7: * New features and improvements: + Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file - Changes of 4.2.6: * New features and improvements: + FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used + Code cleanup - Changes of 4.2.5: * New features and improvements: + Speed improvements * Bugs fixed: + Fixed use of a mismatching Unicode path extra field in zip unarchiving - Changes of 4.2.4: * Bugs fixed: + Fixed unjustified warning about casing for directory entries - Changes of 4.2.2: * Bugs fixed: + DirectoryArchiver fails for symlinks if a parent directory doesn't exist objectweb-asm was updated to version 9.6: - Changes of version 9.6: * New Opcodes.V22 constant for Java 22 * Bugs fixed: + Analyzer produces frames that have different locals than those detected by JRE bytecode verifier + Invalid stackmap generated when the instruction stream has new instruction after invokespecial to <init> + Analyzer can fail to catch thrown exceptions + `asm-analysis` Frame allocates an array unnecessarily inside `executeInvokeInsn` + Fixed bug in `CheckFrameAnalyzer` with static methods - Changes of version 9.5: * New Opcodes.V21 constant for Java 21 * New readBytecodeInstructionOffset hook in ClassReader * Added more detailed exception messages * Javadoc improvements and fixes * Bugs fixed: + Silent removal of zero-valued entries from the line-number table - Changes of version 9.4: * Changes: + New Opcodes.V20 constant for Java 20 + Added more checks in CheckClassAdapter + Javadoc improvements and fixes + `module-info` classes can be built without Gradle and Bnd + Parent POM updated to `org.ow2:ow2:1.5.1` * Bugs fixed: +`CheckClassAdapter` is no longer transparent for MAXLOCALS + Added public `getDelegate` method to all visitor classes + Analyzer does not compute optimal maxLocals for static methods + Fixed `SignatureWriter` when a generic type has a depth over 30 + Skip remap inner class name if not changed in Remapper maven-archiver was updated from version 3.5.0 to 3.6.1: - Changes of 3.6.1: * New Features: + Deprecated the JAR Index feature (JDK-8302819) * Task: + Refreshed download page + Prefer JDK features over plexus-utils, plexus-io - Changes of 3.6.0: * Task: + Require Java 8 + Drop m-shared-utils from deps maven-assembly-plugin was updated from version 3.3.0 to 3.6.0: - Changes of 3.6.0: * Bugs fixed: + finalName as readonly parameter makes common usecases very complicated + Symbolic links get copied with absolute path + Warning if using Maven 3.9.1 + Minimal default Manifest configuration of jar archiver should be respected * New Features: + Support Zstandard compression format * Improvements: + In RB mode, apply 022 umask to ignore environment group write umask + Added system requirements history * Task: + Dropped deprecated repository element + Support running build on Java 20 + Refresh download page + Cleanup declared dependencies + Avoid using deprecated methods of `plexus-archiver` - Changes of 3.5.0: * Bugs fixed: + File permissions removed during assembly:single since 3.2.0 - Changes of 3.4.2: * Bugs fixed: + Fixed Excludes filtering * Task: + Fixed examples to refer to https instead of http - Changes of 3.4.1: * Bugs fixed: + Fixed error build with shared assemblies - Changes of 3.4.0: * Bugs fixed: + dependencySet includes filter with classifier breaks include of artifacts without classifier * Task: + Speed improvements + Update plugin (requires Maven 3.2.5+) + Assembly plugin resolves too much, even plugins used to build dependencies + Deprecated the repository element in assembly descriptor + Upgraded to Java 8, drop unused dependencies maven-common-artifact-filters was updated from version 3.0.1 to 3.3.2: - Changes of 3.3.2: * Bugs fixed: + PatternIncludesArtifactFilters raising NPE for patterns w/ wildcards and artifactoid w/ null on any coordinate - Changes of 3.3.1: * Bugs fixed: + Pattern w/ 4 elements may be GATV or GATC - Changes of 3.3.0: * Bugs fixed: + null passed to DependencyFilter in EclipseAetherFilterTransformerTest + PatternIncludesArtifactFilter#include(Artifact) + Common Artifact Filters pattern parsing with classifier is broken * Task: + Sanitized dependencies + Upgraded to Maven Parent 36, to Maven 3.2.5, to Java 8 and clean up dependencies - Changes of 3.2.0: * Improvements: + Big speed improvements for patterns that do not contain any wildcard - Changes of 3.1.1: * Bugs fixed: + Updated JIRA URL for maven-common-artifact-filters * Improvements: + Made build Reproducible - Changes of 3.1.0: * Bugs fixed: + Several filters do not preserve order of artifacts filtered maven-compiler-plugin was updated from version 3.10.1 to 3.11.0: Changes of 3.11.0: * New features and improvements: + Added a useModulePath switch to the testCompile mojo + Allow dependency exclusions for 'annotationProcessorPaths' + Use maven-resolver to resolve 'annotationProcessorPaths' dependencies + Upgrade plexus-compiler to improve compiling message + compileSourceRoots parameter should be writable + Change showWarnings to true by default + Warn about warn-config conflicting values + Update default source/target from 1.7 to 1.8 + Display recompilation causes + Added some parameter to pattern from stale source calculation + Added dedicated option for implicit javac flag * Bugs fixed: + Fixed incorrect detection of dependency change + Test with Maven 3.9.0 and fix the failing IT + Resolved all annotation processor dependencies together + Defining maven.compiler.release as empty string ends with NumberFormatException in testCompileMojo + Fixed missing dirs in createMissingPackageInfoClasses + Set Xcludes in config passed to actual compiler maven-dependency-analyzer was updated from version 1.10 to 1.13.2: - Changes of 1.13.2: * Changes and bugs fixed: + Made mvn dependency:analyze work with OpenJDK 11 + Fixed jdk8 incompatibility at runtime (NoSuchMethodError) + Upgraded asm to 8.0.1 + Use try with resources to avoid leaks + dependency:analyze recommends test scope for test-only artifacts that have non-test scope + remove reference to deprecated public mutable field + Updated JIRA URL + dependency:analyze should recommend narrower scope where possible + Remove dependency on jmock + Inline deprecated field + Added more JavaDoc + Handle different classes from same artifact used by model and test code + Included class names in used undeclared dependencies + Check maximum allowed Maven version + Get rid of maven-plugin-testing-tools for IT test + Require Maven 3.2.5+ + Analyze project classes only once + Fixed array parsing + CONSTANT_METHOD_TYPE should not add to classes + Inner classes are in same compilation unit as container class + Upgraded Parent to 36 + Cleanup IT tests + Replace Codehaus Plexus utils with java.nio.file.Files and Apache Commons + Fixed bug with "non-test scoped test only dependencies found" + Bump asm from 9.4 to 9.5 + Refresh download page + Upgrade Parent to 39 + Build on JDK 19, 20 + Prefer JDK classes to Plexus utils + Replaced System.out by logger + Fixed java.lang.RuntimeException: Unknown constant pool type + Switched to JUnit 5 + Dependency improvements maven-dependency-plugin was updated from version 3.1.2 to 3.6.0: - Changes in 3.6.0: * Bugs fixed: + Obsolete example of -Dverbose on web page + Unsupported verbose option still appears in docs + dependency:go-offline does not use repositories from parent pom in reactor build + Fixed possible NPE + `dependency:analyze-only` goal fails on OpenJDK 14 + FileWriter and FileReader should be replaced + Dependency Plugin go-offline doesn't respect artifact classifier + analyze-only failed: Unsupported class file major version 60 (Java 16) + analyze-only failed: Unsupported class file major version 61 (Java 17) + copy-dependencies fails when using excludeScope=test + mvn dependency:analyze detected wrong transitive dependency + dependency plugin does not work with JDK 16 + skip dependency analyze in ear packaging + Non-test dependency reported as Non-test scoped test only dependency + 'Dependency not found' with 3.2.0 and Java-17 while analyzing + Tree plugin does not terminate with 3.2.0 + Minor improvement - continue + analyze-only failed: PermittedSubclasses requires ASM9 + Broken Link to "Introduction to Dependency Mechanism Page" + Sealed classes not supported + Dependency tree in verbose mode for war is empty + Javadoc was not updated to reflect that :tree's verbose option is now ok + error dependency:list (caused by postgresql dependency) + :list-classes does not skip if skip is set + :list-classes does not use GAV parameters * New Features: + Reintroduce the verbose option for dependency:tree + List classes in a given artifact + dependency:analyze should recommend narrower scope where possible + Added analyze parameter "ignoreUnusedRuntime" + Allow ignoring non-test-scoped dependencies + Added a <stripType> option to unpack goals + Allow auto-ignore of all non-test scoped dependencies used only in test scope * Improvements: + Unused method o.a.m.p.d.t.TreeMojo.containsVersion + Minor improvements + GitHub Action build improvement + dependency:analyze should list the classes that cause a used undeclared dependency + Improve documentation of analyze - Non-test scoped + Turn warnings into errors instead of failOnWarning + maven-dependency-plugin should leverage plexus-build-api to support IDEs + TestListClassesMojo logs too much + Use outputDirectory from AbstractMavenReport + Removed not used dependencies / Replace parts + list-repositories - improvements + warns about depending on plexus-container-default + Replace AnalyzeReportView with a new AnalyzeReportRenderer * Task: + Removed no longer required exclusions + Java 1.8 as minimum + Explicitly start and end tables with Doxia Sinks in report renderers + Replace Maven shared StringUtils with Commons Lang3 + Removed unused and ignored parameter - useJvmChmod + Removed custom plexus configuration + Code refactor - UnpackUtil + Refresh download page maven-dependency-tree was updated from version 3.0.1 to 3.2.1: - Changes in 3.2.1: * Bugs fixed: + DependencyCollectorBuilder does not collect dependencies when artifact has 'war' packaging + Transitive provided dependencies are not removed from collected dependency graph * New Features: + DependencyCollectorBuilder more configurable * Improvements: + DependencyGraphBuilder does not provide verbose tree + DependencyGraphBuilders shouldn't need reactorProjects for resolving dependencies + Maven31DependencyGraphBuilder should not download dependencies other than the pom + Fixed `plexus-component-annotation` in line with `plexus-component-metadata` + Upgraded parent to 31 + Added functionality to collect raw dependencies in Maven 3+ + Annotate DependencyNodes with dependency management metadata + Require Java 8 + Upgrade `org.eclipse.aether:aether-util` dependency in org.apache.maven.shared:maven-dependency-tree + Added Exclusions to DependencyNode + Made build Reproducible + Migrate plexus component to JSR-330 + Drop maven 3.0 compatibility * Dependency upgrade: + Upgrade shared-component to version 33 + Upgrade Parent to 36 + Bump maven-shared-components from 36 to 37 - Removed unnecessary dependency on xmvn tools and parent pom maven-enforcer was updated to version 3.4.1: - Update to version 3.4.1: * Bugs fixed: + In a multi module project "bannedDependencies" rule tries to resolve project artifacts from external repository + Require Release Dependencies ignorant about aggregator build + banDuplicatePomDependencyVersions does not check managementDependencies + Beanshell rule is not thread-safe + RequireSnapshotVersion not compatible with CI Friendly Versions (${revision}) + NPE when using new <?m2e execute ?> syntax with maven-enforcer-plugin + Broken links on Maven Enforcer Plugin site + RequirePluginVersions not recognizing versions-from-properties + [REGRESSION] RequirePluginVersions fails when versions are inherited + requireFilesExist rule should be case sensitive + Broken Links on Project Home Page + TestRequireOS uses hamcrest via transitive dependency + plexus-container-default in enforcer-api is very outdated + classifier not included in output of failes RequireUpperBoundDeps test + Exclusions are not considered when looking at parent for requireReleaseDeps + requireUpperBoundDeps does not fail when packaging is 'war' + DependencyConvergence in 3.0.0 fails on provided scoped dependencies + NPE on requireReleaseDeps with non-matching includes + RequireUpperBoundDeps now follow scope provided transitive dependencies + Use currently build artifacts in IT tests + requireReleaseDeps does not support optional dependencies or runtime scope + Enforcer 3.0.0 breaks with Maven 3.8.4 + Version 3.1.0 is not enforcing bannedDependencies rules + DependencyConvergence treats provided dependencies are runtime dependencies + Plugin shouldn't use NullPointerException for non-exceptional code flow + NPE in RequirePluginVersions + ReactorModuleConvergence not cached in reactor + RequireUpperBoundDeps fails on provided dependencies since 3.2.1 + Problematic dependency resolution by new 'banDynamicVersions' rule + banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one + Filtering dependency tree by scope + Upgrading to 3.0.0 causes 'Could not build dependency tree' with repositories some unknown protocol + DependencyConvergence in 3.1.0 fails when using version ranges + Semantics of 'ignores' parameter of 'banDynamicVersions' is inverted + Omission of 'excludedScopes' parameter of 'banDynamicVersions' causes NPE + ENFORCER: plugin-info and mojo pages not found * New Features: + requireUpperBounds deps should have includes + Introduce RequireTextFileChecksum with line separator normalization + allow no rules + show rules processed + DependencyConvergence should support including/excluding certain dependencies + Support declaring external banned dependencies in an external file/URL + Maven enforcer rule which checks that all dependencies have an explicit scope set + Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set + Rule for no version ranges, version placeholders or SNAPSHOT versions + Allow one of many files in RequireFiles rules to pass + Skip specific rules + New Enforcer API + New Enforcer API - RuleConfigProvider + Move Built-In Rules to new API * Improvements: + wildcard ignore in requireReleaseDeps + Improve documentation about writing own Enforcer Rule + RequireActiveProfile should respect inherited activated profiles + Upgrade maven-dependency-tree to 3.x + Improve dependency resolving in multiple modules project + requireUpperBoundDeps: add [<scope>] and colors to the output + Example for writing a custom rule should be upgraded + Along with JavaVersion, allow enforcement of the JavaVendor + Included Java vendor in display-info output + requireMavenVersion x.y.z is processed as (,x.y.z] instead of [x.y.z,) + Consistently format artifacts same as dependency:tree + Made build Reproducible + Added support for excludes/includes in requireJavaVendor rule + Introduce Maven Enforcer Extension + Extends RequirePluginVersions with banMavenDefaults + Shared GitHub Actions + Log at ERROR level when <fail> is set + Reuse getDependenciesToCheck results across rules + Violation messages can be really hard to find in a multi module project + Clarify class loading for custom Enforcer rules + Using junit jupiter bom instead of single artifacts. + Get rid of maven-dependency-tree dependency + Allow 8 as JDK version for requireJavaVersion + Improve error message for rule "requireJavaVersion" + Include Java Home in Message for Java Rule Failures + Manage all Maven Core dependencies as provided + Mange rules configuration by plugin + Deprecate 'rules' property and introduce 'enforcer.rules' as a replacement + Change success message from executed to passed + EnforcerLogger: Provide isDebugEnabled(), isErrorEnabled(), isWarnEnabled() and isInfoEnabled() + Properly declare dependencies * Test: + Regression test for dependency convergence problem fixed in 3.0.0 * Task: + Removed reference to travis or switch to travis.com + Fixed maven assembly links + Require Java 8 + Verify working with Maven 4 + Code cleanup + Refresh download page + Deprecate display-info mojo + Refresh site descriptors + Superfluous blanks in BanDuplicatePomDependencyVersions + Rename ResolveUtil to ResolverUtil maven-plugin-tools was updated from version 3.6.0 to version 3.9.0: - Changes of version 3.9.0: * Bugs fixed: + Fixed *-mojo.xml (in PluginXdocGenerator) is overwritten when multiple locales are defined + Generated table by PluginXdocGenerator does not contain default attributes * Improvements: + Omit empty line in generated help goal output if plugin description is empty + Use Plexus I18N rather than fiddling with * Task: + Removed reporting from maven-plugin-plugin: create maven-plugin-report-plugin * Dependency upgrade: + Upgrade plugins and components (in ITs) - Changes of version 3.8.2: * Improvements: + Used Resolver API, get rid of localRepository * Dependency upgrade: + Bump httpcore from 4.4.15 to 4.4.16 + Bump httpclient from 4.5.13 to 4.5.14 + Bump antVersion from 1.10.12 to 1.10.13 + Bump slf4jVersion from 1.7.5 to 1.7.36 + Bump plexus-java from 1.1.1 to 1.1.2 + Bump plexus-archiver from 4.6.1 to 4.6.3 + Bump jsoup from 1.15.3 to 1.15.4 + Bump asmVersion from 9.4 to 9.5 + Bump assertj-core from 3.23.1 to 3.24.2 - Changes of version 3.8.1: * Bugs fixed: + Javadoc reference containing a link label with spaces are not detected + JavadocLinkGenerator.createLink: Support nested binary class names + ERROR during build of m-plugin-report-p and m-plugin-p: Dependencies in wrong scope + "Executes as an aggregator plugin" documentation: s/plugin/goal/ + Maven scope warning should be logged at WARN level + Fixed Temporary File Information Disclosure Vulnerability * New features: + Support mojos using the new maven v4 api * Improvements: + Plugin descriptor should contain the requiredJavaVersion/requiredMavenVersion + Execute annotation only supports standard lifecycle phases due to use of enum + Clarify deprecation of all extractors but the maven-plugin-tools-annotations * Dependency upgrade: + Update to Maven Parent POM 39 + Bump junit-bom from 5.9.1 to 5.9.2 + Bump plexus-archiver from 4.5.0 to 4.6.1 - Changes of version 3.7.1: * Bugs fixed: + Maven scope warning should be logged at WARN level - Changes of version 3.7.0: * Bugs fixed: + The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets + Report-Mojo doesn't respect input encoding + Generating site reports for plugin results in NoSuchMethodError + JDK Requirements in plugin-info.html: Consider property "maven.compiler.release" + Parameters documentation inheriting @ since from Mojo can be confusing + Don't emit warning for missing javadoc URL of primitives + Don't emit warning for missing javadoc URI if no javadoc sources are configured + Parameter description should be taken from annotated item * New Features: + Added link to javadoc in configuration description page for user defined types of Mojos. + Allow only @ Deprecated annotation without @ deprecated javadoc tag + add system requirements history section + report: allow to generate usage section in plugin-info.html with true + Allow @ Parameter on setters methods + Extract plugin report into its own plugin + report: Expose generics information of Collection and Map types * Improvement: + plugin-info.html should contain a better Usage section + Do not overwrite generate files with no content change + Upgrade to JUnit 5 and @ Inject annotations + Support for java 20 - ASM 9.4 + Don't print empty Memory, Disk Space in System Requirements + simplification in helpmojo build + Get rid of plexus-compiler-manager from tests + Use Maven core artifacts in provided scope + report and descriptor goal need to evaluate Javadoc comments differently + Allow to reference aggregator javadoc from plugin report * Task: + Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations + Update level to Java 8 + Deprecate scripting support for mojos + Deprecate requirements parameter in report Mojo + Removed duplicate code from PluginReport + Prepare for Doxia (Sitetools) 2.0.0 + Fixed documentation for maven-plugin-report-plugin + Removed deprecated items from new maven-plugin-report-plugin + Improve site build + Improve dependency management + Plugin generator generation fails when the parent class comes from a different project * Dependency upgrade: + Upgrade Maven Reporting API/Impl to 3.1.0 + Upgrade Parent to 36 + Upgrade project dependencies after JDK 1.8 + Bump maven-parent from 36 to 37 + Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl to 3.2.0 + Upgrade plexus-utils to 3.5.0 - Changes of version 3.6.4: * Restored compatibility with Maven 3 ecosystem * Upgraded dependencies - Changes of version 3.6.3: * Added prerequisites to plugin pom * Exclude dependency in provided scope from plugin descriptor * Get rid of String.format use * Fixed this logging as well * Simplify documentation * Exclude maven-archiver and maven-jxr from warning - Changes of version 3.6.2: * Deprecated unused requiresReports flag * Check that Maven dependencies are provided scope * Update ITs * Use shared gh action * Deprecate unsupported Mojo descriptor items * Weed out ITs * Upgrade to maven 3.x and avoid using deprecated API * Drop legacy dependencies * Use shared gh action - v1 * Fixed wording in javadoc - Changes of version 3.6.1: * What's Changed: * Added missing @OverRide and make methods static * Upgraded to JUnit 4.12 * Upgraded parent POM and other dependencies * Updated plugins * Upgraded Doxia Sitetools to 1.9.2 to remove dependency on Struts * removed Maven 2 info * Removed unneeded dependency * Tighten the dependency tree * Ignore .checkstyle * Strict dependencies for maven-plugin-tools-annotations * Improved @execute(goal...) docs * Improve @execute(lifecycle...) docs plexus-compiler was updated from version 2.11.1 to 2.14.2: - Changes of 2.14.2: * Removed: + Drop J2ObjC compiler * New features and improvements: + Update AspectJ Compiler to 1.9.21 to support Java 21 + Require JDK 17 for build + Improve locking on JavacCompiler + Include 'parameter' and 'preview' describe log + Switch to SISU annotations and plugin, fixes #217 + Support jdk 21 + Require Maven 3.5.4+ + Require Java 11 for plexus-compiler-eclipse an javac-errorprone and aspectj compilers + Added support to run its with Java 20 * Bugs fixed: + Fixed javac memory leak + Validate zip file names before extracting (Zip Slip) + Restore AbstractCompiler#getLogger() method + Return empty list for not existing source root location + Improve javac error output parsing - Changes of 2.13.0: * New features and improvements: + Fully ignore any possible jdk bug + MCOMPILER-402: Added implicitOption to CompilerConfiguration + Added a custom compile argument replaceProcessorPathWithProcessorModulePath to force the plugin replace processorPath with processormodulepath + describe compiler configuration on run + simplify "Compiling" info message: display relative path * Bugs fixed: + Respect CompilerConfiguration.sourceFiles in EclipseJavaCompiler + Avoid NPE in AspectJCompilerTest on AspectJ 1.9.8+ * Dependency updates: + Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6 + Bump error_prone_core from 2.11.0 to 2.13.1 + Bump github/codeql-action from 1 to 2 + Bump ecj from 3.28.0 to 3.29.0 + Bump release-drafter/release-drafter from 5.18.1 to 5.19.0 + Bump ecj from 3.29.0 to 3.30.0 + Bump maven-invoker-plugin from 3.2.2 to 3.3.0 + Bump maven-enforcer-plugin from 3.0.0 to 3.1.0 + Bump error_prone_core from 2.13.1 to 2.14.0 + Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7 + Bump ecj from 3.31.0 to 3.32.0 + Bump junit-bom from 5.9.0 to 5.9.1 + Bump ecj from 3.30.0 to 3.31.0 + Bump groovy from 3.0.12 to 3.0.13 + Bump groovy-json from 3.0.12 to 3.0.13 + Bump groovy-xml from 3.0.12 to 3.0.13 + Bump animal-sniffer-maven-plugin from 1.21 to 1.22 + Bump error_prone_core from 2.14.0 to 2.15.0 + Bump junit-bom from 5.8.2 to 5.9.0 + Bump groovy-xml from 3.0.11 to 3.0.12 + Bump groovy-json from 3.0.11 to 3.0.12 + Bump groovy from 3.0.11 to 3.0.12 * Maintenance: + Require Maven 3.2.5 maven-archiver-3.6.1-150200.3.7.3.noarch.rpm maven-archiver-3.6.1-150200.3.7.3.src.rpm maven-common-artifact-filters-3.3.2-150200.3.7.3.noarch.rpm maven-common-artifact-filters-3.3.2-150200.3.7.3.src.rpm maven-compiler-plugin-3.11.0-150200.3.7.1.noarch.rpm maven-compiler-plugin-3.11.0-150200.3.7.1.src.rpm maven-plugin-annotations-3.9.0-150200.3.7.3.noarch.rpm maven-plugin-tools-3.9.0-150200.3.7.3.src.rpm objectweb-asm-9.6-150200.3.11.3.noarch.rpm objectweb-asm-9.6-150200.3.11.3.src.rpm plexus-archiver-4.8.0-150200.3.7.2.noarch.rpm plexus-archiver-4.8.0-150200.3.7.2.src.rpm plexus-compiler-2.14.2-150200.3.9.2.noarch.rpm plexus-compiler-2.14.2-150200.3.9.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-87 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pesign fixes the following issue: - Create pesign-systemd subpackage to remove systemd dependency (jsc#PED-7256) pesign-0.112-150000.4.18.1.src.rpm pesign-0.112-150000.4.18.1.x86_64.rpm pesign-systemd-0.112-150000.4.18.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-853 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qrencode fixes the following issues: - update to 4.1.1 (jsc#PED-7296): * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. libqrencode4-4.1.1-150000.3.3.1.x86_64.rpm qrencode-4.1.1-150000.3.3.1.src.rpm qrencode-devel-4.1.1-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-88 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an "else" part sometimes leading to unsolved dependencies libsolv-0.7.27-150400.3.11.2.src.rpm True libsolv-devel-0.7.27-150400.3.11.2.x86_64.rpm True libsolv-tools-0.7.27-150400.3.11.2.x86_64.rpm True libzypp-17.31.27-150400.3.49.1.src.rpm True libzypp-17.31.27-150400.3.49.1.x86_64.rpm True libzypp-devel-17.31.27-150400.3.49.1.x86_64.rpm True perl-solv-0.7.27-150400.3.11.2.x86_64.rpm True python3-solv-0.7.27-150400.3.11.2.x86_64.rpm True ruby-solv-0.7.27-150400.3.11.2.x86_64.rpm True zypper-1.14.68-150400.3.40.2.src.rpm True zypper-1.14.68-150400.3.40.2.x86_64.rpm True zypper-log-1.14.68-150400.3.40.2.noarch.rpm True zypper-needs-restarting-1.14.68-150400.3.40.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4902 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump openssh-8.4p1-150300.3.27.1.src.rpm openssh-8.4p1-150300.3.27.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.27.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.27.1.x86_64.rpm openssh-clients-8.4p1-150300.3.27.1.x86_64.rpm openssh-common-8.4p1-150300.3.27.1.x86_64.rpm openssh-fips-8.4p1-150300.3.27.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.27.1.x86_64.rpm openssh-server-8.4p1-150300.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-169 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to 545.29.06 - no longer try to overwrite NVreg_OpenRmEnableUnsupportedGpus driver NVreg_OpenRmEnableUnsupportedGpus driver option setting (disable it), Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 545.29.06 kernel-firmware-nvidia-gspx-G06-545.29.06-150400.9.18.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-545.29.06-150400.9.18.1.x86_64.rpm nvidia-open-driver-G06-signed-545.29.06-150400.9.35.2.src.rpm nvidia-open-driver-G06-signed-default-devel-545.29.06-150400.9.35.2.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-545.29.06_k5.14.21_150400.24.100-150400.9.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-217 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sssd fixes the following issues: - Only send cldap-ping to our local domain; (bsc#1217319); (gh#SSSD/sssd#5822); - Do not write kdc info file for GC lookup; (bsc#1217319); (gh#SSSD/sssd#5956); - sssd Unable to obtain cached rules filling up sssd_sudo.log; (bsc#1216907); libipa_hbac-devel-2.5.2-150400.4.24.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.24.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.24.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.24.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.24.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.24.1.x86_64.rpm sssd-2.5.2-150400.4.24.1.src.rpm sssd-2.5.2-150400.4.24.1.x86_64.rpm sssd-ad-2.5.2-150400.4.24.1.x86_64.rpm sssd-common-2.5.2-150400.4.24.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.24.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.24.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.24.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.24.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.24.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.24.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.24.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.24.1.x86_64.rpm sssd-tools-2.5.2-150400.4.24.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-611 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This feature provides supportutils-plugin-pmem, a supportconfig plugin for servers with pmem memory: - New package targeting SUSE:SLE-15-SP3:Update (jsc#PED-3251). This is a support utils plugin to gather information on ndctl (NVDIMM) & ipmctl (Intel pmem) tools for issue diagnosis. ipmctl-03.00.00.0423-150400.3.2.2.src.rpm ipmctl-03.00.00.0423-150400.3.2.2.x86_64.rpm ipmctl-devel-03.00.00.0423-150400.3.2.2.x86_64.rpm libndctl-devel-71.1-150400.10.5.1.x86_64.rpm libndctl6-71.1-150400.10.5.1.x86_64.rpm ndctl-71.1-150400.10.5.1.src.rpm ndctl-71.1-150400.10.5.1.x86_64.rpm supportutils-plugin-pmem-0.0.1-150300.7.5.1.noarch.rpm supportutils-plugin-pmem-0.0.1-150300.7.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-68 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsyslog fixes the following issues: - Restart daemon after modules packages have been updated (bsc#1217292) rsyslog-8.2306.0-150400.5.24.1.src.rpm rsyslog-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-gssapi-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-gtls-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-mmnormalize-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-mysql-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-pgsql-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-relp-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-snmp-8.2306.0-150400.5.24.1.x86_64.rpm rsyslog-module-udpspoof-8.2306.0-150400.5.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-8 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for samba fixes the following issues: - Add "net offlinejoin composeodj" command (bsc#1214076) libsamba-policy-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm libsamba-policy-python3-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm libsamba-policy0-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-4.15.13+git.710.7032820fcd-150400.3.34.2.src.rpm samba-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ad-dc-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ad-dc-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ceph-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-devel-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-devel-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-dsdb-modules-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-gpupdate-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-ldb-ldap-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-python3-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-tool-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-winbind-libs-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-client-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm samba-libs-32bit-4.15.13+git.710.7032820fcd-150400.3.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-26 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: Mozilla NSS was updated to NSS 3.90.1 * regenerate NameConstraints test certificates. * add OSXSAVE and XCR0 tests to AVX2 detection. libfreebl3-3.90.1-150400.3.35.2.x86_64.rpm libfreebl3-32bit-3.90.1-150400.3.35.2.x86_64.rpm libsoftokn3-3.90.1-150400.3.35.2.x86_64.rpm libsoftokn3-32bit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-3.90.1-150400.3.35.2.src.rpm mozilla-nss-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-32bit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-certs-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-devel-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-sysinit-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-tools-3.90.1-150400.3.35.2.x86_64.rpm mozilla-nss-certs-32bit-3.90.1-150400.3.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4928 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974). * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). * CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901). * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123). * CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863). - Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230) * CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled * CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 MozillaFirefox-115.6.0-150200.152.120.1.src.rpm MozillaFirefox-115.6.0-150200.152.120.1.x86_64.rpm MozillaFirefox-devel-115.6.0-150200.152.120.1.noarch.rpm MozillaFirefox-translations-common-115.6.0-150200.152.120.1.x86_64.rpm MozillaFirefox-translations-other-115.6.0-150200.152.120.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-5 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213). - CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792). gstreamer-plugins-bad-1.20.1-150400.3.15.1.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-6 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh2_org fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127). libssh2-1-1.11.0-150000.4.22.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.22.1.x86_64.rpm libssh2_org-1.11.0-150000.4.22.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-214 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd fixes the following issues: - resolved: actually check authenticated flag of SOA transaction - core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive - core: Add trace logging to mount_add_device_dependencies() - core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460) - core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies - core: wrap some long comment - utmp-wtmp: Handle EINTR gracefully when waiting to write to tty - utmp-wtmp: Fix error in case isatty() fails - homed: Handle EINTR gracefully when waiting for device node - resolved: Handle EINTR returned from fd_wait_for_event() better - sd-netlink: Handle EINTR from poll() gracefully, as success - varlink: Handle EINTR gracefully when waiting for EIO via ppoll() - stdio-bridge: Don't be bothered with EINTR - sd-bus: Handle EINTR return from bus_poll() (bsc#1215241) - core: Replace slice dependencies as they get added (bsc#1214668) libsystemd0-249.17-150400.8.40.1.x86_64.rpm True libsystemd0-32bit-249.17-150400.8.40.1.x86_64.rpm True libudev1-249.17-150400.8.40.1.x86_64.rpm True libudev1-32bit-249.17-150400.8.40.1.x86_64.rpm True systemd-249.17-150400.8.40.1.src.rpm True systemd-249.17-150400.8.40.1.x86_64.rpm True systemd-container-249.17-150400.8.40.1.x86_64.rpm True systemd-coredump-249.17-150400.8.40.1.x86_64.rpm True systemd-devel-249.17-150400.8.40.1.x86_64.rpm True systemd-doc-249.17-150400.8.40.1.x86_64.rpm True systemd-lang-249.17-150400.8.40.1.noarch.rpm True systemd-sysvinit-249.17-150400.8.40.1.x86_64.rpm True udev-249.17-150400.8.40.1.x86_64.rpm True systemd-32bit-249.17-150400.8.40.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033). - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032). - CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870). - CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1218032, bsc#1215868). WebKitGTK-4.0-lang-2.42.4-150400.4.70.3.noarch.rpm WebKitGTK-4.1-lang-2.42.4-150400.4.70.3.noarch.rpm WebKitGTK-6.0-lang-2.42.4-150400.4.70.3.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.4-150400.4.70.3.x86_64.rpm libjavascriptcoregtk-4_1-0-2.42.4-150400.4.70.3.x86_64.rpm libjavascriptcoregtk-6_0-1-2.42.4-150400.4.70.3.x86_64.rpm libwebkit2gtk-4_0-37-2.42.4-150400.4.70.3.x86_64.rpm libwebkit2gtk-4_1-0-2.42.4-150400.4.70.3.x86_64.rpm libwebkitgtk-6_0-4-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2-4_1-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.4-150400.4.70.3.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk3-2.42.4-150400.4.70.3.src.rpm webkit2gtk3-devel-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk3-soup2-2.42.4-150400.4.70.3.src.rpm webkit2gtk3-soup2-devel-2.42.4-150400.4.70.3.x86_64.rpm webkit2gtk4-2.42.4-150400.4.70.3.src.rpm webkitgtk-6_0-injected-bundles-2.42.4-150400.4.70.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-12 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postfix fixes the following issues: - CVE-2023-51764: Fixed SMTP smuggling attack (bsc#1218304). postfix-3.5.9-150300.5.15.1.src.rpm postfix-3.5.9-150300.5.15.1.x86_64.rpm postfix-bdb-3.5.9-150300.5.15.1.src.rpm postfix-bdb-3.5.9-150300.5.15.1.x86_64.rpm postfix-bdb-lmdb-3.5.9-150300.5.15.1.x86_64.rpm postfix-devel-3.5.9-150300.5.15.1.x86_64.rpm postfix-doc-3.5.9-150300.5.15.1.noarch.rpm postfix-ldap-3.5.9-150300.5.15.1.x86_64.rpm postfix-mysql-3.5.9-150300.5.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-35 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-paramiko fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#bsc#1218168). - Update to 3.4.0. python-paramiko-3.4.0-150400.13.6.1.src.rpm python-paramiko-doc-3.4.0-150400.13.6.1.noarch.rpm python311-paramiko-3.4.0-150400.13.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-131 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sanlock fixes the following issues: - Update to sanlock 3.8.5 (jsc#PED-7338) - python: Replace distutils with setuptools - sanlock: fix memory leak of lockspace renewal_history - sanlock: fix pthread_create error check - sanlock: use helper to set max_sectors_kb - Add support for 4k sector size (bsc#1215229) - Dropped patches: sanlock-old_blkid, suse-fix-link-errors, sanlock-python3 - Add hardening to systemd services (bsc#1181400) libsanlock1-3.8.5-150000.4.6.1.x86_64.rpm sanlock-3.8.5-150000.4.6.1.src.rpm sanlock-3.8.5-150000.4.6.1.x86_64.rpm sanlock-devel-3.8.5-150000.4.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-108 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2-mod_jk fixes the following issues: - Fix a typo to restrict the symbols to export by the module (bsc#1206261) apache2-mod_jk-1.2.49-150100.6.9.1.src.rpm apache2-mod_jk-1.2.49-150100.6.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-146 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for btrfsprogs fixes the following issue: - btrfs-progs: fix defrag -c option parsing (bsc#1218029) btrfsprogs-5.14-150400.5.6.1.src.rpm btrfsprogs-5.14-150400.5.6.1.x86_64.rpm btrfsprogs-udev-rules-5.14-150400.5.6.1.noarch.rpm libbtrfs-devel-5.14-150400.5.6.1.x86_64.rpm libbtrfs0-5.14-150400.5.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-125 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option libsuseconnect-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150400.3.19.1.src.rpm suseconnect-ng-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm suseconnect-ruby-bindings-1.5.0~git0.d27a8e2-150400.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-158 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-Spreadsheet-ParseExcel fixes the following issues: - CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet (bsc#1218414). perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1.noarch.rpm perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-230 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for adcli fixes the following issues: - Populate Samba's secrets database using offline domain join (bsc#1214076) - Write SID before secret to Samba's db (bsc#1214076) adcli-0.8.2-150400.17.6.1.src.rpm adcli-0.8.2-150400.17.6.1.x86_64.rpm adcli-doc-0.8.2-150400.17.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-136 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) pam-1.3.0-150000.6.66.1.src.rpm pam-1.3.0-150000.6.66.1.x86_64.rpm pam-devel-1.3.0-150000.6.66.1.x86_64.rpm pam-devel-32bit-1.3.0-150000.6.66.1.x86_64.rpm pam-doc-1.3.0-150000.6.66.1.noarch.rpm pam-extra-1.3.0-150000.6.66.1.x86_64.rpm pam-32bit-1.3.0-150000.6.66.1.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.66.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-223 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for md_monitor fixes the following issues: - Update to version 6.6+11+gcbb8940: - Fix deadlock because of locking itself (bsc#1197160) - Remove the obsolete md_dev from md_list (bsc#1193465) - Flush the log file after writing each message - Fix locking of dev->lock in lookup_md_component() (bsc#1197160) - Replace pselect with ppoll (bsc#1161872) - Add systemd service file for systemd with increased TaskMax and LimitNOFILE (bsc#1104770) - Fix crash on MonitorStatus (bsc#1096363, bsc#1081286) - Ignore NewArray message if does not exists yet (bsc#1091619) - Fix crash in display_md_status (bsc#1081286) - Ignore inactive arrays (bsc#1068175, bsc#1079253) - Store alias in struct md_dev to avoid lookup errors (bsc#1068175,bsc#1079253) md_monitor-6.6+11+gcbb8940-150000.3.6.1.src.rpm md_monitor-6.6+11+gcbb8940-150000.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2890 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqt5-qtbase fixes the following issues: - CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413). - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426) - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120) Other fixes: - Add patch from upstream to fix a regression in the ODBC driver (bsc#1227513, QTBUG-112375) - Add upstream patch to fix a potential overflow in assemble_hpack_block() libQt5Concurrent-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Concurrent5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Core-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Core-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Core5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5DBus-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5DBus-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5DBus5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Gui-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Gui-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Gui5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5KmsSupport-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5KmsSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Network-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Network-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Network5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGL-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGL-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5OpenGL5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformHeaders-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformSupport-devel-static-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PlatformSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5PrintSupport-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5PrintSupport-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5PrintSupport5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Sql5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-mysql-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-postgresql-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-sqlite-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Sql5-unixODBC-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Test-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Test-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Test5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Widgets-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Widgets-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm libQt5Widgets5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Xml-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libQt5Xml5-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-5.15.2+kde294-150400.6.15.1.src.rpm libqt5-qtbase-common-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-devel-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-platformtheme-gtk3-5.15.2+kde294-150400.6.15.1.x86_64.rpm libqt5-qtbase-private-headers-devel-5.15.2+kde294-150400.6.15.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-58 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wireshark fixes the following issues: - Updated to Wireshark 3.6.20: - CVE-2024-0208: Fixed a crash in the GVCP dissector (bsc#1218504). - CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector (bsc#1218505). libwireshark15-3.6.20-150000.3.109.1.x86_64.rpm libwiretap12-3.6.20-150000.3.109.1.x86_64.rpm libwsutil13-3.6.20-150000.3.109.1.x86_64.rpm wireshark-3.6.20-150000.3.109.1.src.rpm wireshark-3.6.20-150000.3.109.1.x86_64.rpm wireshark-devel-3.6.20-150000.3.109.1.x86_64.rpm wireshark-ui-qt-3.6.20-150000.3.109.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-100 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - ZDI-CAN-22300: Fixed a buffer overflow in the AV1 video plugin (bsc#1218534). gstreamer-plugins-bad-1.20.1-150400.3.18.1.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.18.1.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.18.1.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.18.1.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-105 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 and efibootmgr fixes the following issues: grub2: - Deliver missing grub2-arm64-efi and grub2-powerpc-ieee1275 to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr: - Deliver missing efibootmgr to SUSE Manager 4.3 (no source changes) (bsc#1217237) efibootmgr-17-150400.3.2.2.src.rpm efibootmgr-17-150400.3.2.2.x86_64.rpm grub2-2.06-150400.11.43.2.src.rpm grub2-2.06-150400.11.43.2.x86_64.rpm grub2-i386-pc-2.06-150400.11.43.2.noarch.rpm grub2-snapper-plugin-2.06-150400.11.43.2.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.43.2.noarch.rpm grub2-x86_64-efi-2.06-150400.11.43.2.noarch.rpm grub2-x86_64-xen-2.06-150400.11.43.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-111 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: Security fixes: - CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582) - CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access (bsc#1218583) - CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584) - CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585) Other: - Fix vmware graphics driver crash (bsc#1218176) - Fix xserver crash when Xinerama is enabled (bsc#1218240) xorg-x11-server-1.20.3-150400.38.40.1.src.rpm xorg-x11-server-1.20.3-150400.38.40.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.40.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.40.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-261 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for conmon fixes the following issues: - New upstream release 2.1.10 Bug fixes: * Fix incorrect free in conn_sock * logging: Respect log-size-max immediately after open - Add patch for fixing regression in v2.1.9 (https://github.com/containers/conmon/issues/475 and https://github.com/containers/conmon/issues/477) - New upstream release 2.1.9 ### Bug fixes * fix some issues flagged by SAST scan * src: fix write after end of buffer * src: open all files with O_CLOEXEC * oom-score: restore oom score before running exit command ### Features * Forward more messages on the sd-notify socket * logging: -l passthrough accepts TTYs * [bsc#1215806] - Update to version 2.1.8: * stdio: ignore EIO for terminals (bsc#1217773) * ensure console socket buffers are properly sized * conmon: drop return after pexit() * ctrl: make accept4 failures fatal * logging: avoid opening /dev/null for each write * oom: restore old OOM score * Use default umask 0022 * cli: log parsing errors to stderr * Changes to build conmon for riscv64 * Changes to build conmon for ppc64le * Fix close_other_fds on FreeBSD conmon-2.1.10-150400.3.17.1.src.rpm conmon-2.1.10-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-139 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: go1.21.6 (released 2024-01-09) includes fixes to the compiler, the runtime, and the crypto/tls, maps, and runtime/pprof packages. (bsc#1212475) * x/build,os/signal: TestDetectNohup and TestNohup fail on replacement darwin LUCI builders * runtime: ReadMemStats fatal error: mappedReady and other memstats are not equal * cmd/compile: linux/s390x: inlining bug in s390x * maps: maps.Clone reference semantics when cloning a map with large value types * runtime: excessive memory use between 1.21.0 -> 1.21.1 * cmd/compile: max/min builtin broken when used with string(byte) conversions * runtime/pprof: incorrect function names for generics functions * crypto: upgrade to BoringCrypto fips-20220613 and enable TLS 1.3 * runtime: race condition raised with parallel tests, panic(nil) and -race container-suseconnect-2.4.0-150000.4.48.1.src.rpm container-suseconnect-2.4.0-150000.4.48.1.x86_64.rpm go1.21-1.21.6-150000.1.21.1.src.rpm go1.21-1.21.6-150000.1.21.1.x86_64.rpm go1.21-doc-1.21.6-150000.1.21.1.x86_64.rpm go1.21-race-1.21.6-150000.1.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-880 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for installation-images fixes the following issues: - Include complete system-role-common-criteria package (bsc#1217968, bsc#1218652) - Change HMC console name from ttyS1 to ttysclp0 (bsc#1203405) installation-images-SLES-16.57.29-150400.3.19.1.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.29-150400.3.19.1.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.29-150400.3.19.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-140 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code libssh-0.9.8-150400.3.3.1.src.rpm libssh-config-0.9.8-150400.3.3.1.x86_64.rpm libssh-devel-0.9.8-150400.3.3.1.x86_64.rpm libssh4-0.9.8-150400.3.3.1.x86_64.rpm libssh4-32bit-0.9.8-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-156 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335). - CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253). - CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938). - CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). The following non-security bugs were fixed: - Reviewed and added more information to README.SUSE (jsc#PED-5021). - Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184). - Drop drm/bridge lt9611uxc patches that have been reverted on stable trees - KVM: s390/mm: Properly reset no-dat (bsc#1218056). - KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933). - KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322). - NFS: Fix O_DIRECT locking issues (bsc#1211162). - NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162). - NFS: Fix a potential data corruption (bsc#1211162). - NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162). - NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162). - NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162). - NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162). - NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162). - NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692). - Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459) - block: fix revalidate performance regression (bsc#1216057). - bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234). - ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980). - ceph: fix type promotion bug on 32bit systems (bsc#1217982). - clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217). - clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217). - clocksource: Handle negative skews in "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve "skew is too large" messages (bsc#1215885 bsc#1217217). - clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217). - clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217). - clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217). - clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217). - dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659). - libceph: use kernel_connect() (bsc#1217981). - mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515). - net/smc: Fix pos miscalculation in statistics (bsc#1218139). - net/tg3: fix race condition in tg3_reset_task() (bsc#1217801). - nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162). - remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569). - s390/vx: fix save/restore of fpu kernel context (bsc#1218357). - scsi: lpfc: use unsigned type for num_sge (bsc#1214747). - swiotlb: fix a braino in the alignment check fix (bsc#1216559). - swiotlb: fix slot alignment checks (bsc#1216559). - tracing: Disable preemption when using the filter buffer (bsc#1217036). - tracing: Fix a possible race when disabling buffered events (bsc#1217036). - tracing: Fix a warning when allocating buffered events fails (bsc#1217036). - tracing: Fix incomplete locking when disabling buffered events (bsc#1217036). - tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036). - tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036). - uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978). - vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). - x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790). - x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217). - x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217). - x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217). kernel-default-5.14.21-150400.24.103.1.nosrc.rpm True kernel-default-5.14.21-150400.24.103.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1.src.rpm True kernel-default-base-5.14.21-150400.24.103.1.150400.24.48.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.103.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.103.1.noarch.rpm True kernel-docs-5.14.21-150400.24.103.1.noarch.rpm True kernel-docs-5.14.21-150400.24.103.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.103.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.103.1.src.rpm True kernel-obs-build-5.14.21-150400.24.103.1.x86_64.rpm True kernel-source-5.14.21-150400.24.103.1.noarch.rpm True kernel-source-5.14.21-150400.24.103.1.src.rpm True kernel-syms-5.14.21-150400.24.103.1.src.rpm True kernel-syms-5.14.21-150400.24.103.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.103.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-427 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) supportutils-3.1.28-150300.7.35.24.1.noarch.rpm supportutils-3.1.28-150300.7.35.24.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-518 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690) - CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810) - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-3-devel-3.0.8-150400.4.49.1.x86_64.rpm libopenssl3-3.0.8-150400.4.49.1.x86_64.rpm openssl-3-3.0.8-150400.4.49.1.src.rpm openssl-3-3.0.8-150400.4.49.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-233 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-module-tools fixes the following issues: - Update to version 15.4.19 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) suse-module-tools-15.4.19-150400.3.17.1.src.rpm suse-module-tools-15.4.19-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-628 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-lldp fixes the following issues: - open-lldp was updated to version v1.1+77.75e83b6fb98e: * Fixed issue with `lldpad.service` failing in login/sched nodes (bsc#1212749) * Fixed various NULL pointer dereference issues * dcbx: Fixed memory vulnerability (UAF) * dcbx: Fixed leak when receiving legacy TLVs with mismatched mode * lldp: Reject frames with duplicate TLVs * dcbx: Free manifest in rchange callback * dcbx: Avoid memory leak if ifup is called twice * ctrl_iface: Fixed a memory leak in ctrl_iface_deinit * lldp: Avoid sending uninitialized data * Reverted "Use interface index instead of name in libconfig" * agent: Reset frame status on message delete * basman: Use return address when pulling address * 8021Qaz: Check for rx block validity * 8021qaz: Fixed squelch initialization errors * macvtap: Fixed error condition * vdp22: converted command parsing to null term liblldp_clif1-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm open-lldp-1.1+77.75e83b6-150300.3.6.1.src.rpm open-lldp-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm open-lldp-devel-1.1+77.75e83b6-150300.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-440 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: - updated to 0.1.71 (jsc#ECO-3319) - Add RHEL 9 STIG - Add support for Debian 12 - Update PCI-DSS profile for RHEL - lots of bugfixes and improvements for SLE - removed left over file, patch upstreamed in 0.1.69 scap-security-guide-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-0.1.71-150000.1.75.1.src.rpm scap-security-guide-debian-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-redhat-0.1.71-150000.1.75.1.noarch.rpm scap-security-guide-ubuntu-0.1.71-150000.1.75.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-204 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bluez fixes the following issues: - CVE-2023-50229: Fixed an out of bounds write in the primary version counter for the Phone Book Access Profile implementation (bsc#1218300). - CVE-2023-50230: Fixed an out of bounds write in the secondary version counter for the Phone Book Access Profile implementation (bsc#1218301). bluez-5.62-150400.4.19.1.src.rpm bluez-5.62-150400.4.19.1.x86_64.rpm bluez-deprecated-5.62-150400.4.19.1.x86_64.rpm bluez-devel-5.62-150400.4.19.1.x86_64.rpm libbluetooth3-5.62-150400.4.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1764 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jackson fixes the following issues: jackson-annotations was upgraded to version 2.16.1: - Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling - Allow per-type configuration of strict type id handling - Added JsonTypeInfo.Value object (backport from 3.0) - Added new JsonTypeInfo.Id.SIMPLE_NAME jackson-bom was upgraded to version 2.16.1: - Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through "de-sugaring" jackson-core was upgraded to version 2.16.1: - NPE in Version.equals() if snapshot-info null - NPE in "FastDoubleParser", method "JavaBigDecimalParser.parseBigDecimal()" - JsonPointer.append(JsonPointer.tail()) includes the original pointer - Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16 - Improve error message for StreamReadConstraints violations - JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES - Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest - Allow all array elements in JsonPointerBasedFilter - Indicate explicitly blocked sources as "REDACTED" instead of "UNKNOWN" in JsonLocation - Start using AssertJ in unit tests - Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON) - Add configurable limit for the maximum number of bytes/chars of content to parse before failing - Add configurable limit for the maximum length of Object property names to parse before failing - Add configurable processing limits for JSON generator (StreamWriteConstraints) - Compare _snapshotInfo in Version - Add JsonGeneratorDecorator to allow decorating JsonGenerators - Add full set of BufferRecyclerPool implementations - Add configurable error report behavior via ErrorReportConfiguration - Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs - Allow pluggable buffer recycling via new RecyclerPool extension point - Change parsing error message to mention -INF jackson-databind was upgraded to version 2.16.1: - JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument - Primitive array deserializer not being captured by DeserializerModifier - JsonNode.findValues() and findParents() missing expected values in 2.16.0 - Incorrect deserialization for BigDecimal numbers - Add a way to configure caches Jackson uses - Mix-ins do not work for Enums - Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes - Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY - Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double - @JsonIgnoreProperties not working with @JsonValue - Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing - Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route - Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling - Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE) - Incorrect target type when disabling coercion, trying to deserialize String from Array/Object - @JsonProperty on constructor parameter changes default field serialization order - Create new JavaType subtype IterationType (extending SimpleType) - Use JsonTypeInfo.Value for annotation handling - Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON) - Optimize ObjectNode findValue(s) and findParent(s) fast paths - Locale "" is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled - Add guardrail setting for TypeParser handling of type parameters - Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled - Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used - Use @JsonProperty and lowercase feature when serializing Enums despite using toString() - Use @JsonProperty over EnumNamingStrategy for Enum serialization - Actually cache EnumValues#internalMap - ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE - Provide the "ObjectMapper.treeToValue(TreeNode, TypeReference)" method - Expose NativeImageUtil.isRunningInNativeImage() method - Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName() - Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors - java.desktop module is no longer optional - ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+ - Support sequenced collections (JDK 21) - Add withObjectProperty(String), withArrayProperty(String) in JsonNode - Change JsonNode.withObject(String) to work similar to withArray() wrt argument - Log WARN if deprecated subclasses of PropertyNamingStrategy is used - NPE when transforming a tree to a model class object, at ArrayNode.elements() - Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type) - Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums - Do not rewind position when serializing direct ByteBuffer - Exception when deserialization of private record with default constructor - BeanDeserializer updates currentValue incorrectly when deserialising empty Object jackson-dataformats-binary was upgraded to version 2.16.1: - (ion) NullPointerException in IonParser.nextToken() - (smile) Remove Smile-specific buffer-recycling jackson-modules-base was upgraded to version 2.16.1: - (afterburner) Disable when running in native-image - (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations - (blackbird) BlackBird proxy object error in Java 17 - (blackbird) Disable when running in native-image - (guice) Add guice7 (jakarta.inject) module jackson-parent was upgraded to version 2.16: - Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin) jackson-parent, fasterxml-oss-parent: - Added to SUSE Manager 4.3 as it is needed by `jackson-modules-base` jackson-annotations-2.16.1-150200.3.14.4.noarch.rpm jackson-annotations-2.16.1-150200.3.14.4.src.rpm jackson-core-2.16.1-150200.3.14.7.noarch.rpm jackson-core-2.16.1-150200.3.14.7.src.rpm jackson-databind-2.16.1-150200.3.18.1.noarch.rpm jackson-databind-2.16.1-150200.3.18.1.src.rpm jackson-dataformat-cbor-2.16.1-150200.3.13.6.noarch.rpm jackson-dataformats-binary-2.16.1-150200.3.13.6.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-210 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for erlang fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218192) erlang-23.3.4.19-150300.3.14.1.src.rpm erlang-23.3.4.19-150300.3.14.1.x86_64.rpm erlang-epmd-23.3.4.19-150300.3.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-252 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. (bsc#1218845) - CVE-2024-0409: Fixed SELinux context corruption. (bsc#1218846) xorg-x11-server-1.20.3-150400.38.43.1.src.rpm xorg-x11-server-1.20.3-150400.38.43.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.43.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.43.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-638 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). gnutls-3.7.3-150400.4.41.3.src.rpm gnutls-3.7.3-150400.4.41.3.x86_64.rpm libgnutls-devel-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.41.3.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.41.3.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.41.3.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.41.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-295 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) runc-1.1.11-150000.58.1.src.rpm runc-1.1.11-150000.58.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-325 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.10 (January 2024 CPU): - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). - CVE-2024-20932: Fixed an incorrect handling of ZIP files with duplicate entries (bsc#1218908). - CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html java-17-openjdk-17.0.10.0-150400.3.36.1.src.rpm java-17-openjdk-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-demo-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-devel-17.0.10.0-150400.3.36.1.x86_64.rpm java-17-openjdk-headless-17.0.10.0-150400.3.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-465 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for numatop fixes the following issues: - update to version 2.4 * Support EMR processors (jsc#PED-6059, jsc#PED-6038) * Support Power10 processors (jsc#PED-5450, jsc#PED-5667) * Support Zen3, Zen4 processors numatop-2.4-150100.3.9.1.src.rpm numatop-2.4-150100.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-547 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - remove Erlang-related tests (bsc#1218850) rpmlint-1.10-150000.7.81.1.noarch.rpm rpmlint-1.10-150000.7.81.1.src.rpm rpmlint-mini-1.10-150400.23.18.2.src.rpm rpmlint-mini-1.10-150400.23.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-219 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rsyslog fixes the following issues: - suppress installation errors when systemd is not running (bsc#1218799) rsyslog-8.2306.0-150400.5.27.1.src.rpm rsyslog-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-gssapi-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-gtls-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-mmnormalize-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-mysql-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-pgsql-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-relp-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-snmp-8.2306.0-150400.5.27.1.x86_64.rpm rsyslog-module-udpspoof-8.2306.0-150400.5.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-225 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant and ant-contrib fixes the following issues: ant: - ant was updated from version 1.10.13 to 1.10.14: * Changes that could break older environments: + Resource#compareTo now invokes getName rather than toString as the later may be costly (for example in the case of a StringResource). + When using Java 18 or higher, Ant will no longer use Java SecurityManager because it has been deprecated for removal and by default is disallowed to be set at runtime https://openjdk.org/jeps/411. This will mean that the "<permissions>" type is no longer functional when using Java 18 or higher. Furthermore, when using Java 18 or higher, if the build executes tasks that call "java.lang.System.exit()" and if those tasks aren't running in a forked VM of their own, then such tasks will now kill the entire Ant build process. It is recommended that such tasks be updated to launch in a forked VM so that the System.exit() call will not impact the JVM in which Ant process runs. * Fixed bugs: + Log only the stylesheet name in the xslt task. + junitlauncher task's "test" and "listener" elements which take a "outputDir" property were incorrectly resolving the outputDir against the current working directory instead of the project's basedir. + regexmapper would, in some cases, incorrectly consume backslash characters from the "to" attribute, resulting in missing backslashes in the output. + <fixcrlf>, <replace> and <replaceregexp> now try to preserve the file permissions of the files they modify. + junitlauncher task would fail if a forked test timed out even if haltOnFailure was set to false. + Fixed a bug in org.apache.tools.zip.ZipOutputStream where, even when "zip64Mode" is set to "always", ZipOutputStream may not create a CEN extra field data for the entry. + legacy-xml listener of junitlauncher task wouldn't report certain failures involving junit jupiter dynamic tests. + allow.class which was introduced in Ant 1.10.13 release, has been removed from this 1.10.14 release. This class was introduced in context of the SecurityManager changes in Ant 1.10.13, which have now been reverted in Ant 1.10.14, since they caused several regressions. * Other changes: + <fork> element of the junitlauncher task now has a new optional "java" attribute which can be used to point to a different Java installation for runnning the forked tests. + Made sure <echoproperties> sorts the echoed properties on JDK9+ as well. + org.apache.tools.ant.taskdefs.Recorder class now introduces a setLogLevel(LogLevel level) method. + The <fork> element of junitlaunchertask now allows a "forkMode" attribute. forkMode=perTestClass can now be used to launch each test class in a separate forked JVM. ant-contrib: - Package was rebuilt against ant version 1.10.14 to prevent installation issues (no source changes) ant-1.10.14-150200.4.18.2.noarch.rpm ant-1.10.14-150200.4.18.2.src.rpm ant-antlr-1.10.14-150200.4.18.2.noarch.rpm ant-antlr-1.10.14-150200.4.18.2.src.rpm ant-apache-bcel-1.10.14-150200.4.18.2.noarch.rpm ant-apache-bsf-1.10.14-150200.4.18.2.noarch.rpm ant-apache-log4j-1.10.14-150200.4.18.2.noarch.rpm ant-apache-oro-1.10.14-150200.4.18.2.noarch.rpm ant-apache-regexp-1.10.14-150200.4.18.2.noarch.rpm ant-apache-resolver-1.10.14-150200.4.18.2.noarch.rpm ant-commons-logging-1.10.14-150200.4.18.2.noarch.rpm ant-contrib-1.0b3-150200.11.12.2.noarch.rpm ant-contrib-1.0b3-150200.11.12.2.src.rpm ant-jakartamail-1.10.14-150200.4.18.2.noarch.rpm ant-javamail-1.10.14-150200.4.18.2.noarch.rpm ant-jdepend-1.10.14-150200.4.18.2.noarch.rpm ant-jmf-1.10.14-150200.4.18.2.noarch.rpm ant-junit-1.10.14-150200.4.18.2.noarch.rpm ant-junit-1.10.14-150200.4.18.2.src.rpm ant-manual-1.10.14-150200.4.18.2.noarch.rpm ant-scripts-1.10.14-150200.4.18.2.noarch.rpm ant-swing-1.10.14-150200.4.18.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-845 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for release-notes-sles fixes the following issues: - Added note about sched parameter deprecation (bsc#1216929) - Added note about set-hostname deprecation (bsc#1215156) - Added note about Xen Dom0 suspend/resume (bsc#1210490) release-notes-sles-15.4.20240119-150400.3.24.5.noarch.rpm release-notes-sles-15.4.20240119-150400.3.24.5.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-188 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) libsuseconnect-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm suseconnect-ng-1.6.0~git0.31371c8-150400.3.22.1.src.rpm suseconnect-ng-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm suseconnect-ruby-bindings-1.6.0~git0.31371c8-150400.3.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-229 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.7.0 ESR (MFSA2024-02) (bsc#1218955): - CVE-2024-0741: Out of bounds write in ANGLE - CVE-2024-0742: Failure to update user input timestamp - CVE-2024-0746: Crash when listing printers on Linux - CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set - CVE-2024-0749: Phishing site popup could show local origin in address bar - CVE-2024-0750: Potential permissions request bypass via clickjacking - CVE-2024-0751: Privilege escalation through devtools - CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain - CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 MozillaFirefox-115.7.0-150200.152.123.1.src.rpm MozillaFirefox-115.7.0-150200.152.123.1.x86_64.rpm MozillaFirefox-devel-115.7.0-150200.152.123.1.noarch.rpm MozillaFirefox-translations-common-115.7.0-150200.152.123.1.x86_64.rpm MozillaFirefox-translations-other-115.7.0-150200.152.123.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-631 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for texlive-specs-a fixes the following issues: - Replace arara.jar in arara.tar.xz with a updated log4j to silent some simple screening tools reporting vulnerable log4j version even if even log4j is not used that way (bsc#1218601) texlive-12many-2021.189.0.0.3svn15878-150400.20.3.1.noarch.rpm texlive-2up-2021.189.1.3asvn55076-150400.20.3.1.noarch.rpm texlive-Asana-Math-2021.189.0.000.958svn50999-150400.20.3.1.noarch.rpm texlive-Asana-Math-fonts-2021.189.0.000.958svn50999-150400.20.3.1.noarch.rpm texlive-ESIEEcv-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-GS1-2021.189.22svn44822-150400.20.3.1.noarch.rpm texlive-HA-prosper-2021.189.4.21svn15878-150400.20.3.1.noarch.rpm texlive-IEEEconf-2021.189.1.4svn15878-150400.20.3.1.noarch.rpm texlive-IEEEtran-2021.189.1.8bsvn51065-150400.20.3.1.noarch.rpm texlive-MemoirChapStyles-2021.189.1.7esvn25918-150400.20.3.1.noarch.rpm texlive-SIstyle-2021.189.2.3asvn54080-150400.20.3.1.noarch.rpm texlive-SIunits-2021.189.1.36svn15878-150400.20.3.1.noarch.rpm texlive-Tabbing-2021.189.svn17022-150400.20.3.1.noarch.rpm texlive-Type1fonts-2021.189.2.14svn19603-150400.20.3.1.noarch.rpm texlive-a0poster-2021.189.1.22bsvn54071-150400.20.3.1.noarch.rpm texlive-a2ping-2021.189.2.84psvn52964-150400.20.3.1.noarch.rpm texlive-a4wide-2021.189.svn20943-150400.20.3.1.noarch.rpm texlive-a5comb-2021.189.4svn17020-150400.20.3.1.noarch.rpm texlive-aaai-named-2021.189.svn52470-150400.20.3.1.noarch.rpm texlive-aalok-2021.189.0.0.2svn57728-150400.20.3.1.noarch.rpm texlive-aastex-2021.189.6.3.1svn58057-150400.20.3.1.noarch.rpm texlive-abbr-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-abc-2021.189.2.0bsvn41157-150400.20.3.1.noarch.rpm texlive-abnt-2021.189.svn55471-150400.20.3.1.noarch.rpm texlive-abntex2-2021.189.1.9.7svn49248-150400.20.3.1.noarch.rpm texlive-abraces-2021.189.2.0svn58761-150400.20.3.1.noarch.rpm texlive-abstract-2021.189.1.2asvn15878-150400.20.3.1.noarch.rpm texlive-abstyles-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-academicons-2021.189.1.9.0svn56119-150400.20.3.1.noarch.rpm texlive-academicons-fonts-2021.189.1.9.0svn56119-150400.20.3.1.noarch.rpm texlive-accanthis-2021.189.svn32089-150400.20.3.1.noarch.rpm texlive-accanthis-fonts-2021.189.svn32089-150400.20.3.1.noarch.rpm texlive-accents-2021.189.1.4svn51497-150400.20.3.1.noarch.rpm texlive-accessibility-2021.189.2.0.3svn55777-150400.20.3.1.noarch.rpm texlive-accfonts-2021.189.0.0.25svn18835-150400.20.3.1.noarch.rpm texlive-accsupp-2021.189.0.0.6svn53052-150400.20.3.1.noarch.rpm texlive-achemso-2021.189.3.13csvn57479-150400.20.3.1.noarch.rpm texlive-acmart-2021.189.1.75svn56946-150400.20.3.1.noarch.rpm texlive-acmconf-2021.189.1.3svn15878-150400.20.3.1.noarch.rpm texlive-acro-2021.189.3.5svn57447-150400.20.3.1.noarch.rpm texlive-acronym-2021.189.1.47svn54758-150400.20.3.1.noarch.rpm texlive-acroterm-2021.189.0.0.1svn20498-150400.20.3.1.noarch.rpm texlive-active-conf-2021.189.0.0.3asvn15878-150400.20.3.1.noarch.rpm texlive-actuarialangle-2021.189.2.1svn51376-150400.20.3.1.noarch.rpm texlive-actuarialsymbol-2021.189.1.1svn54080-150400.20.3.1.noarch.rpm texlive-addfont-2021.189.1.1svn58559-150400.20.3.1.noarch.rpm texlive-addliga-2021.189.1.0svn50912-150400.20.3.1.noarch.rpm texlive-addlines-2021.189.0.0.3svn49326-150400.20.3.1.noarch.rpm texlive-adfathesis-2021.189.2.42svn26048-150400.20.3.1.noarch.rpm texlive-adforn-2021.189.1.1bsvn54512-150400.20.3.1.noarch.rpm texlive-adforn-fonts-2021.189.1.1bsvn54512-150400.20.3.1.noarch.rpm texlive-adfsymbols-2021.189.1.2bsvn54512-150400.20.3.1.noarch.rpm texlive-adfsymbols-fonts-2021.189.1.2bsvn54512-150400.20.3.1.noarch.rpm texlive-adhocfilelist-2021.189.svn29349-150400.20.3.1.noarch.rpm texlive-adigraph-2021.189.1.7.1svn49862-150400.20.3.1.noarch.rpm texlive-adjmulticol-2021.189.1.2svn54157-150400.20.3.1.noarch.rpm texlive-adjustbox-2021.189.1.3svn56291-150400.20.3.1.noarch.rpm texlive-adobemapping-2021.189.svn51787-150400.20.3.1.noarch.rpm texlive-adrconv-2021.189.1.4svn46817-150400.20.3.1.noarch.rpm texlive-adtrees-2021.189.1.1svn51618-150400.20.3.1.noarch.rpm texlive-advdate-2021.189.svn20538-150400.20.3.1.noarch.rpm texlive-ae-2021.189.1.4svn15878-150400.20.3.1.noarch.rpm texlive-aeguill-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-aesupp-2021.189.1svn58253-150400.20.3.1.noarch.rpm texlive-aesupp-fonts-2021.189.1svn58253-150400.20.3.1.noarch.rpm texlive-afm2pl-2021.189.svn54074-150400.20.3.1.noarch.rpm texlive-afparticle-2021.189.1.3svn35900-150400.20.3.1.noarch.rpm texlive-afthesis-2021.189.2.7svn15878-150400.20.3.1.noarch.rpm texlive-aguplus-2021.189.1.6bsvn17156-150400.20.3.1.noarch.rpm texlive-aiaa-2021.189.3.6svn15878-150400.20.3.1.noarch.rpm texlive-aichej-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-ajl-2021.189.svn34016-150400.20.3.1.noarch.rpm texlive-akktex-2021.189.0.0.3.2svn26055-150400.20.3.1.noarch.rpm texlive-akletter-2021.189.1.5isvn15878-150400.20.3.1.noarch.rpm texlive-akshar-2021.189.0.0.2svn56277-150400.20.3.1.noarch.rpm texlive-albatross-2021.189.0.0.3.0svn57416-150400.20.3.1.noarch.rpm texlive-alegreya-2021.189.svn54512-150400.20.3.1.noarch.rpm texlive-alegreya-fonts-2021.189.svn54512-150400.20.3.1.noarch.rpm texlive-aleph-2021.189.svn57972-150400.20.3.1.noarch.rpm texlive-alertmessage-2021.189.1.1svn38055-150400.20.3.1.noarch.rpm texlive-alfaslabone-2021.189.0.0.0.1svn57452-150400.20.3.1.noarch.rpm texlive-alfaslabone-fonts-2021.189.0.0.0.1svn57452-150400.20.3.1.noarch.rpm texlive-alg-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-algobox-2021.189.1.3svn52204-150400.20.3.1.noarch.rpm texlive-algolrevived-2021.189.1.052svn56864-150400.20.3.1.noarch.rpm texlive-algolrevived-fonts-2021.189.1.052svn56864-150400.20.3.1.noarch.rpm texlive-algorithm2e-2021.189.5.2svn44846-150400.20.3.1.noarch.rpm texlive-algorithmicx-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-algorithms-2021.189.0.0.1svn42428-150400.20.3.1.noarch.rpm texlive-algpseudocodex-2021.189.1.0svn56125-150400.20.3.1.noarch.rpm texlive-algxpar-2021.189.0.0.91svn56006-150400.20.3.1.noarch.rpm texlive-aligned-overset-2021.189.0.0.1.0svn47290-150400.20.3.1.noarch.rpm texlive-alkalami-2021.189.1.000svn44497-150400.20.3.1.noarch.rpm texlive-alkalami-fonts-2021.189.1.000svn44497-150400.20.3.1.noarch.rpm texlive-allrunes-2021.189.2.1.1svn42221-150400.20.3.1.noarch.rpm texlive-allrunes-fonts-2021.189.2.1.1svn42221-150400.20.3.1.noarch.rpm texlive-almendra-2021.189.svn56035-150400.20.3.1.noarch.rpm texlive-almendra-fonts-2021.189.svn56035-150400.20.3.1.noarch.rpm texlive-almfixed-2021.189.0.0.92svn35065-150400.20.3.1.noarch.rpm texlive-almfixed-fonts-2021.189.0.0.92svn35065-150400.20.3.1.noarch.rpm texlive-alnumsec-2021.189.0.0.03svn15878-150400.20.3.1.noarch.rpm texlive-alpha-persian-2021.189.1.3svn50316-150400.20.3.1.noarch.rpm texlive-alphalph-2021.189.2.6svn53087-150400.20.3.1.noarch.rpm texlive-altfont-2021.189.1.1svn15878-150400.20.3.1.noarch.rpm texlive-ametsoc-2021.189.4.3.2svn36030-150400.20.3.1.noarch.rpm texlive-amiri-2021.189.0.0.113svn55403-150400.20.3.1.noarch.rpm texlive-amiri-fonts-2021.189.0.0.113svn55403-150400.20.3.1.noarch.rpm texlive-amiweb2c-guide-2021.189.1.0svn56878-150400.20.3.1.noarch.rpm texlive-amsaddr-2021.189.1.1svn29630-150400.20.3.1.noarch.rpm texlive-amscdx-2021.189.2.2xsvn51532-150400.20.3.1.noarch.rpm texlive-amscls-2021.189.2.20.6svn55378-150400.20.3.1.noarch.rpm texlive-amscls-doc-2021.189.svn46110-150400.20.3.1.noarch.rpm texlive-amsfonts-2021.189.3.04svn29208-150400.20.3.1.noarch.rpm texlive-amsfonts-fonts-2021.189.3.04svn29208-150400.20.3.1.noarch.rpm texlive-amslatex-primer-2021.189.2.3svn28980-150400.20.3.1.noarch.rpm texlive-amsldoc-it-2021.189.svn45662-150400.20.3.1.noarch.rpm texlive-amsldoc-vn-2021.189.2.0svn21855-150400.20.3.1.noarch.rpm texlive-amsmath-2021.189.svn56514-150400.20.3.1.noarch.rpm texlive-amsmath-it-2021.189.svn22930-150400.20.3.1.noarch.rpm texlive-amsrefs-2021.189.2.14svn30646-150400.20.3.1.noarch.rpm texlive-amstex-2021.189.svn57972-150400.20.3.1.noarch.rpm texlive-amsthdoc-it-2021.189.svn45662-150400.20.3.1.noarch.rpm texlive-animate-2021.189.svn56583-150400.20.3.1.noarch.rpm texlive-annee-scolaire-2021.189.1.6svn55988-150400.20.3.1.noarch.rpm texlive-annotate-2021.189.svn52824-150400.20.3.1.noarch.rpm texlive-anonchap-2021.189.1.1asvn17049-150400.20.3.1.noarch.rpm texlive-anonymous-acm-2021.189.1.0svn55121-150400.20.3.1.noarch.rpm texlive-anonymouspro-2021.189.2.2svn51631-150400.20.3.1.noarch.rpm texlive-anonymouspro-fonts-2021.189.2.2svn51631-150400.20.3.1.noarch.rpm texlive-answers-2021.189.2.16svn35032-150400.20.3.1.noarch.rpm texlive-antanilipsum-2021.189.0.0.8.1svn55250-150400.20.3.1.noarch.rpm texlive-antiqua-2021.189.001.003svn24266-150400.20.3.1.noarch.rpm texlive-antiqua-fonts-2021.189.001.003svn24266-150400.20.3.1.noarch.rpm texlive-antomega-2021.189.0.0.8svn21933-150400.20.3.1.noarch.rpm texlive-antt-2021.189.2.08svn18651-150400.20.3.1.noarch.rpm texlive-antt-fonts-2021.189.2.08svn18651-150400.20.3.1.noarch.rpm texlive-anufinalexam-2021.189.svn26053-150400.20.3.1.noarch.rpm texlive-anyfontsize-2021.189.svn17050-150400.20.3.1.noarch.rpm texlive-anysize-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-aobs-tikz-2021.189.1.0svn32662-150400.20.3.1.noarch.rpm texlive-aomart-2021.189.1.24svn56102-150400.20.3.1.noarch.rpm texlive-apa-2021.189.1.3.4svn54080-150400.20.3.1.noarch.rpm texlive-apa6-2021.189.2.34svn53406-150400.20.3.1.noarch.rpm texlive-apa6e-2021.189.0.0.3svn23350-150400.20.3.1.noarch.rpm texlive-apa7-2021.189.2.10svn58121-150400.20.3.1.noarch.rpm texlive-apacite-2021.189.6.03svn54080-150400.20.3.1.noarch.rpm texlive-apalike-german-2021.189.svn54080-150400.20.3.1.noarch.rpm texlive-apalike2-2021.189.svn54080-150400.20.3.1.noarch.rpm texlive-apnum-2021.189.1.7svn47510-150400.20.3.1.noarch.rpm texlive-appendix-2021.189.1.2csvn53718-150400.20.3.1.noarch.rpm texlive-appendixnumberbeamer-2021.189.1.2svn46317-150400.20.3.1.noarch.rpm texlive-apprendre-a-programmer-en-tex-2021.189.svn57179-150400.20.3.1.noarch.rpm texlive-apprends-latex-2021.189.4.02svn19306-150400.20.3.1.noarch.rpm texlive-apptools-2021.189.1.0svn28400-150400.20.3.1.noarch.rpm texlive-apxproof-2021.189.1.2.1svn56673-150400.20.3.1.noarch.rpm texlive-arabi-2021.189.1.1svn44662-150400.20.3.1.noarch.rpm texlive-arabi-add-2021.189.1.0svn37709-150400.20.3.1.noarch.rpm texlive-arabi-fonts-2021.189.1.1svn44662-150400.20.3.1.noarch.rpm texlive-arabicfront-2021.189.1.1svn51474-150400.20.3.1.noarch.rpm texlive-arabluatex-2021.189.1.20svn54512-150400.20.3.1.noarch.rpm texlive-arabtex-2021.189.3.17svn25711-150400.20.3.1.noarch.rpm texlive-arabtex-fonts-2021.189.3.17svn25711-150400.20.3.1.noarch.rpm texlive-arabxetex-2021.189.1.2.1svn38299-150400.20.3.1.noarch.rpm texlive-aramaic-serto-2021.189.1.0svn30042-150400.20.3.1.noarch.rpm texlive-aramaic-serto-fonts-2021.189.1.0svn30042-150400.20.3.1.noarch.rpm texlive-arara-2021.189.6.1.0svn58764-150400.20.3.1.noarch.rpm texlive-archaeologie-2021.189.2.4.5svn57090-150400.20.3.1.noarch.rpm texlive-archaic-2021.189.svn38005-150400.20.3.1.noarch.rpm texlive-archaic-fonts-2021.189.svn38005-150400.20.3.1.noarch.rpm texlive-archivo-2021.189.0.0.0.2svn57283-150400.20.3.1.noarch.rpm texlive-archivo-fonts-2021.189.0.0.0.2svn57283-150400.20.3.1.noarch.rpm texlive-arcs-2021.189.1svn15878-150400.20.3.1.noarch.rpm texlive-arev-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-arev-fonts-2021.189.svn15878-150400.20.3.1.noarch.rpm texlive-arimo-2021.189.svn42880-150400.20.3.1.noarch.rpm texlive-arimo-fonts-2021.189.svn42880-150400.20.3.1.noarch.rpm texlive-armtex-2021.189.3.0_beta3svn33894-150400.20.3.1.noarch.rpm texlive-armtex-fonts-2021.189.3.0_beta3svn33894-150400.20.3.1.noarch.rpm texlive-specs-a-2021-150400.20.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-736 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sap-installation-wizard fixes the following issues: sap-installation-wizard was updated to version 4.4.13: - Fixed SAP Business One storage configuration failing (bsc#1218918) sap-installation-wizard-4.4.13-150400.3.11.1.src.rpm sap-installation-wizard-4.4.13-150400.3.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-575 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php7 fixes the following issues: - Ensure that package is built using openssl-1_1 apache2-mod_php7-7.4.33-150400.4.31.1.src.rpm apache2-mod_php7-7.4.33-150400.4.31.1.x86_64.rpm php7-7.4.33-150400.4.31.1.src.rpm php7-7.4.33-150400.4.31.1.x86_64.rpm php7-bcmath-7.4.33-150400.4.31.1.x86_64.rpm php7-bz2-7.4.33-150400.4.31.1.x86_64.rpm php7-calendar-7.4.33-150400.4.31.1.x86_64.rpm php7-cli-7.4.33-150400.4.31.1.x86_64.rpm php7-ctype-7.4.33-150400.4.31.1.x86_64.rpm php7-curl-7.4.33-150400.4.31.1.x86_64.rpm php7-dba-7.4.33-150400.4.31.1.x86_64.rpm php7-devel-7.4.33-150400.4.31.1.x86_64.rpm php7-dom-7.4.33-150400.4.31.1.x86_64.rpm php7-enchant-7.4.33-150400.4.31.1.x86_64.rpm php7-exif-7.4.33-150400.4.31.1.x86_64.rpm php7-fastcgi-7.4.33-150400.4.31.1.src.rpm php7-fastcgi-7.4.33-150400.4.31.1.x86_64.rpm php7-fileinfo-7.4.33-150400.4.31.1.x86_64.rpm php7-fpm-7.4.33-150400.4.31.1.src.rpm php7-fpm-7.4.33-150400.4.31.1.x86_64.rpm php7-ftp-7.4.33-150400.4.31.1.x86_64.rpm php7-gd-7.4.33-150400.4.31.1.x86_64.rpm php7-gettext-7.4.33-150400.4.31.1.x86_64.rpm php7-gmp-7.4.33-150400.4.31.1.x86_64.rpm php7-iconv-7.4.33-150400.4.31.1.x86_64.rpm php7-intl-7.4.33-150400.4.31.1.x86_64.rpm php7-json-7.4.33-150400.4.31.1.x86_64.rpm php7-ldap-7.4.33-150400.4.31.1.x86_64.rpm php7-mbstring-7.4.33-150400.4.31.1.x86_64.rpm php7-mysql-7.4.33-150400.4.31.1.x86_64.rpm php7-odbc-7.4.33-150400.4.31.1.x86_64.rpm php7-opcache-7.4.33-150400.4.31.1.x86_64.rpm php7-openssl-7.4.33-150400.4.31.1.x86_64.rpm php7-pcntl-7.4.33-150400.4.31.1.x86_64.rpm php7-pdo-7.4.33-150400.4.31.1.x86_64.rpm php7-pgsql-7.4.33-150400.4.31.1.x86_64.rpm php7-phar-7.4.33-150400.4.31.1.x86_64.rpm php7-posix-7.4.33-150400.4.31.1.x86_64.rpm php7-readline-7.4.33-150400.4.31.1.x86_64.rpm php7-shmop-7.4.33-150400.4.31.1.x86_64.rpm php7-snmp-7.4.33-150400.4.31.1.x86_64.rpm php7-soap-7.4.33-150400.4.31.1.x86_64.rpm php7-sockets-7.4.33-150400.4.31.1.x86_64.rpm php7-sodium-7.4.33-150400.4.31.1.x86_64.rpm php7-sqlite-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvmsg-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvsem-7.4.33-150400.4.31.1.x86_64.rpm php7-sysvshm-7.4.33-150400.4.31.1.x86_64.rpm php7-tidy-7.4.33-150400.4.31.1.x86_64.rpm php7-tokenizer-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlreader-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlrpc-7.4.33-150400.4.31.1.x86_64.rpm php7-xmlwriter-7.4.33-150400.4.31.1.x86_64.rpm php7-xsl-7.4.33-150400.4.31.1.x86_64.rpm php7-zip-7.4.33-150400.4.31.1.x86_64.rpm php7-zlib-7.4.33-150400.4.31.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-224 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache-parent, apache-sshd fixes the following issues: apache-parent was updated from version 28 to 31: - Version 31: * New Features: + Added maven-checkstyle-plugin to pluginManagement * Improvements: + Set minimalMavenBuildVersion to 3.6.3 - the minimum used by plugins + Using an SPDX identifier as the license name is recommended by Maven + Use properties to define the versions of plugins * Bugs fixed: + Updated documentation for previous changes apache-sshd was updated from version 2.7.0 to 2.12.0: - Security issues fixed: * CVE-2023-48795: Implemented OpenSSH "strict key exchange" protocol in apache-sshd version 2.12.0 (bsc#1218189) * CVE-2022-45047: Java unsafe deserialization vulnerability fixed in apache-sshd version 2.9.2 (bsc#1205463) - Other changes in version 2.12.0: * Bugs fixed: + SCP client fails silently when error signalled due to missing file or lacking permissions + Ignore unknown key types from agent or in OpenSSH host keys extension * New Features: + Support GIT protocol-v2 - Other changes in version 2.11.0: * Bugs fixed: + Added configurable timeout(s) to DefaultSftpClient + Compare file keys in ModifiableFileWatcher. + Fixed channel pool in SftpFileSystem. + Use correct default OpenOptions in SftpFileSystemProvider.newFileChannel(). + Use correct lock modes for SFTP FileChannel.lock(). + ScpClient: support issuing commands to a server that uses a non-UTF-8 locale. + SftpInputStreamAsync: fix reporting EOF on zero-length reads. + Work-around a bug in WS_FTP <= 12.9 SFTP clients. + (Regression in 2.10.0) SFTP performance fix: override FilterOutputStream.write(byte[], int, int). + Fixed a race condition to ensure SSH_MSG_CHANNEL_EOF is always sent before SSH_MSG_CHANNEL_CLOSE. + Fixed error handling while flushing queued packets at end of KEX. + Fixed wrong log level on closing an Nio2Session. + Fixed detection of Android O/S from system properties. + Consider all applicable host keys from the known_hosts files. + SftpFileSystem: do not close user session. + ChannelAsyncOutputStream: remove write future when done. + SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile file names in HostConfigEntry. * New Features: + Use KeepAliveHandler global request instance in client as well + Publish snapshot maven artifacts to the Apache Snapshots maven repository. + Bundle sshd-contrib has support classes for the HAProxy protocol V2. - Other changes in version 2.10.0: * Bugs fixed: + Connection attempt not canceled when a connection timeout occurs + Possible OOM in ChannelPipedInputStream + SftpRemotePathChannel.transferFrom(...) ignores position argument + Rooted file system can leak informations + Failed to establish an SSH connection because the server identifier exceeds the int range * Improvements: + Password in clear in SSHD server's logs - Other changes in version 2.9.2: * Bugs fixed: + SFTP worker threads got stuck while processing PUT methods against one specific SFTP server + Use the maximum packet size of the communication partner + ExplicitPortForwardingTracker does not unbind auto-allocated one + Default SshClient FD leak because Selector not closed + Reading again from exhausted ChannelExec#getInvertedOut() throws IOException instead of returning -1 + Keeping error streams and input streams separate after ChannelExec#setRedirectErrorStream(true) is called + Nio2Session.shutdownOutput() should wait for writes in progress * Test: + Research intermittent failure in unit tests using various I/O service factories - Other changes in version 2.9.1: * Bugs fixed: + ClientSession.auth().verify() is terminated with timeout + 2.9.0 release broken on Java 8 + Infinite loop in org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead + Deadlock during session exit + Race condition is logged in ChannelAsyncOutputStream - Other changes in version 2.9.0: * Bugs fixed: + Deadlock on disconnection at the end of key-exchange + Remote port forwarding mode does not handle EOF properly + Public key authentication: wrong signature algorithm used (ed25519 key with ssh-rsa signature) + Client fails window adjust above Integer.MAX_VALUE + class loader fails to load org.apache.sshd.common.cipher.BaseGCMCipher + Shell is not getting closed if the command has already closed the OutputStream it is using. + Sometimes async write listener is not called + Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to SocketTimeoutException + different host key algorithm used on rekey than used for the initial connection + OpenSSH certificate is not properly encoded when critical options are included + TCP/IP remote port forwarding with wildcard IP addresses doesn't work with OpenSSH + UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from an agent * New Features: + Added support for Argon2 encrypted PUTTY key files + Added support for merged inverted output and error streams of remote process * Improvements: + Added support for "limits@openssh.com" SFTP extension + Support host-based pubkey authentication in the client + Send environment variable and open subsystem at the same time for SSH session - Other changes in version 2.8.0: * Bugs fixed: + Fixed wrong server key algorithm choice + Expiration of OpenSshCertificates needs to compare timestamps as unsigned long + SFTP Get downloads empty file from servers which supports EOF indication after data + skip() doesn't work properly in SftpInputStreamAsync + OpenMode and CopyMode is not honored as expected in version > 4 of SFTP api + SftpTransferTest sometimes hangs (failure during rekeying) + Race condition in KEX + Fix the ciphers supported documentation + Update tarLongFileMode to use POSIX + WinsCP transfer failure to Apache SSHD Server + Pubkey auth: keys from ssh-agent are used even if HostConfigEntry.isIdentitiesOnly() is true + Support RSA SHA2 signatures via SSH agent + NOTICE: wrong copyright year range + Wrong creationTime in writeAttrs for SFTP + sshd-netty logs all traffic on INFO level * New Features: + Add support for chacha20-poly1305@openssh.com + Parsing of ~/.ssh/config Host patterns fails with extra whitespace + Support generating OpenSSH client certificates * Improvements: + Add support for curve25519-sha256@libssh.org key exchange + OpenSSH certificates: check certificate type + OpenSSHCertificatesTest: certificates expire in 2030 + Display IdleTimeOut in more user-friendly format + sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in ChannelAsyncOutputStream constructor configurable from outside using variable/config file + Intercepting the server exception message from server in SSHD client + Implement RFC 8332 server-sig-algs on the server + Slow performance listing huge number of files on Apache SSHD server + SFTP: too many LSTAT calls + Support key constraints when adding a key to an SSH agent + Add SFTP server side file custom attributes hook apache-sshd-2.12.0-150200.5.8.1.noarch.rpm apache-sshd-2.12.0-150200.5.8.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-321 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 (January 2024 CPU): - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check (bsc#1218907). - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier (bsc#1218903). - CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM that could lead to corruption of JVM memory (bsc#1218905). - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906). - CVE-2024-20945: Fixed a potential private key leak through debug logs (bsc#1218909). - CVE-2024-20952: Fixed an RSA padding issue and timing side-channel attack against TLS (bsc#1218911). Find the full release notes at: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html java-11-openjdk-11.0.22.0-150000.3.110.1.src.rpm java-11-openjdk-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-demo-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-devel-11.0.22.0-150000.3.110.1.x86_64.rpm java-11-openjdk-headless-11.0.22.0-150000.3.110.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-235 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-pkg-bindings fixes the following issues: - Fixed repository and service probing with libzypp 7.31.26 and newer, fixes broken repository handling (bsc#1218977, bsc#1218399) - 4.4.7 yast2-pkg-bindings-4.4.7-150400.3.9.1.src.rpm yast2-pkg-bindings-4.4.7-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-205 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Pillow fixes the following issues: - CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048) python-Pillow-9.5.0-150400.5.9.1.src.rpm python311-Pillow-9.5.0-150400.5.9.1.x86_64.rpm python311-Pillow-tk-9.5.0-150400.5.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-870 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) glibc-2.31-150300.68.1.src.rpm glibc-2.31-150300.68.1.x86_64.rpm glibc-devel-2.31-150300.68.1.x86_64.rpm glibc-devel-static-2.31-150300.68.1.x86_64.rpm glibc-extra-2.31-150300.68.1.x86_64.rpm glibc-i18ndata-2.31-150300.68.1.noarch.rpm glibc-info-2.31-150300.68.1.noarch.rpm glibc-lang-2.31-150300.68.1.noarch.rpm glibc-locale-2.31-150300.68.1.x86_64.rpm glibc-locale-base-2.31-150300.68.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.68.1.x86_64.rpm glibc-profile-2.31-150300.68.1.x86_64.rpm glibc-utils-2.31-150300.68.1.x86_64.rpm glibc-utils-src-2.31-150300.68.1.src.rpm nscd-2.31-150300.68.1.x86_64.rpm glibc-32bit-2.31-150300.68.1.x86_64.rpm glibc-devel-32bit-2.31-150300.68.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-243 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issues: - Fix performance degradation (bsc#1207987) libblkid-devel-2.37.2-150400.8.23.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.23.1.x86_64.rpm libblkid1-2.37.2-150400.8.23.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.23.1.x86_64.rpm libfdisk1-2.37.2-150400.8.23.1.x86_64.rpm libmount-devel-2.37.2-150400.8.23.1.x86_64.rpm libmount1-2.37.2-150400.8.23.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.23.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.23.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.23.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.23.1.x86_64.rpm libuuid1-2.37.2-150400.8.23.1.x86_64.rpm util-linux-2.37.2-150400.8.23.1.src.rpm util-linux-2.37.2-150400.8.23.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.23.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.23.1.src.rpm util-linux-systemd-2.37.2-150400.8.23.1.x86_64.rpm uuidd-2.37.2-150400.8.23.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.23.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.23.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-268 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) xen-4.16.5_12-150400.4.46.1.src.rpm True xen-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-devel-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-libs-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-domU-4.16.5_12-150400.4.46.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.16.5_12-150400.4.46.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-770 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Update to 550.54.14 * Added vGPU Host and vGPU Guest support. For vGPU Host, please refer to the README.vgpu packaged in the vGPU Host Package for more details. Security issues fixed: * CVE-2024-0074: A user could trigger a NULL ptr dereference. * CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution. * CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution. - create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks also during modprobing the nvidia module; this changes the issue of not having access to /dev/nvidia${devid}, when gfxcard has been replaced by a different gfx card after installing the driver - provide nvidia-open-driver-G06-kmp (jsc#PED-7117) * this makes it easy to replace the package from nVidia's CUDA repository with this presigned package kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.54.14-150400.9.21.1.x86_64.rpm nvidia-open-driver-G06-signed-550.54.14-150400.9.50.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.54.14-150400.9.50.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.54.14_k5.14.21_150400.24.108-150400.9.50.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-322 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-509 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: Security issues fixed: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master (bsc#1219430) - CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file method (bsc#1219431) Bugs fixed: - Ensure that pillar refresh loads beacons from pillar without restart - Fix the aptpkg.py unit test failure - Prefer unittest.mock to python-mock in test suite - Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649) - Revert changes to set Salt configured user early in the stack (bsc#1216284) - Align behavior of some modules when using salt-call via symlink (bsc#1215963) - Fix gitfs "__env__" and improve cache cleaning (bsc#1193948) - Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed python3-salt-3006.0-150400.8.54.1.x86_64.rpm True salt-3006.0-150400.8.54.1.src.rpm True salt-3006.0-150400.8.54.1.x86_64.rpm True salt-api-3006.0-150400.8.54.1.x86_64.rpm True salt-bash-completion-3006.0-150400.8.54.1.noarch.rpm True salt-cloud-3006.0-150400.8.54.1.x86_64.rpm True salt-doc-3006.0-150400.8.54.1.x86_64.rpm True salt-fish-completion-3006.0-150400.8.54.1.noarch.rpm True salt-master-3006.0-150400.8.54.1.x86_64.rpm True salt-minion-3006.0-150400.8.54.1.x86_64.rpm True salt-proxy-3006.0-150400.8.54.1.x86_64.rpm True salt-ssh-3006.0-150400.8.54.1.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.54.1.x86_64.rpm True salt-syndic-3006.0-150400.8.54.1.x86_64.rpm True salt-transactional-update-3006.0-150400.8.54.1.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.54.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-617 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-http-server fixes the following issue: - bsc#1218943 - followup of previous fix - fixed internal issue which caused Server modules not to be displayed at all. - 4.4.3 upgrade yast2-http-server-4.4.3-150400.3.6.1.noarch.rpm yast2-http-server-4.4.3-150400.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-724 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orarun fixes the following issue: - bsc#1217288 - Fixed common.sh checks if $ORACLE_HOME is NOT a directory instead of if it is Oracle Agent won't start orarun-2.1-150400.22.6.1.src.rpm orarun-2.1-150400.22.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-828 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant-contrib fixes the following issues: ant: - Fix unit tests annotated with @CsvSource and @CsvFileSource) ant-contrib: - Recompile RPM package to resolve package building issues with newer versions of `ant` ant-1.10.14-150200.4.22.1.noarch.rpm ant-1.10.14-150200.4.22.1.src.rpm ant-antlr-1.10.14-150200.4.22.1.noarch.rpm ant-antlr-1.10.14-150200.4.22.1.src.rpm ant-apache-bcel-1.10.14-150200.4.22.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.22.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.22.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.22.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.22.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.22.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.22.1.noarch.rpm ant-contrib-1.0b3-150200.11.15.2.noarch.rpm ant-contrib-1.0b3-150200.11.15.2.src.rpm ant-jakartamail-1.10.14-150200.4.22.1.noarch.rpm ant-javamail-1.10.14-150200.4.22.1.noarch.rpm ant-jdepend-1.10.14-150200.4.22.1.noarch.rpm ant-jmf-1.10.14-150200.4.22.1.noarch.rpm ant-junit-1.10.14-150200.4.22.1.noarch.rpm ant-junit-1.10.14-150200.4.22.1.src.rpm ant-manual-1.10.14-150200.4.22.1.noarch.rpm ant-scripts-1.10.14-150200.4.22.1.noarch.rpm ant-swing-1.10.14-150200.4.22.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-739 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pesign fixes the following issue: - Fix errors when installing pesign alone (bsc#1219198) pesign-0.112-150000.4.21.1.src.rpm pesign-0.112-150000.4.21.1.x86_64.rpm pesign-systemd-0.112-150000.4.21.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-303 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc7 fixes the following issues: - Avoid crash when hitting a broken pattern in the s390 backend. - Avoid creating recursive DIE references through DW_AT_abstract_origin when using LTO. [bsc#1216488] cpp7-7.5.0+r278197-150000.4.38.1.x86_64.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.38.1.src.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm cross-nvptx-newlib7-devel-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-7.5.0+r278197-150000.4.38.1.src.rpm gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-ada-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-c++-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-c++-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-fortran-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-fortran-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-info-7.5.0+r278197-150000.4.38.1.noarch.rpm gcc7-locale-7.5.0+r278197-150000.4.38.1.x86_64.rpm gcc7-objc-7.5.0+r278197-150000.4.38.1.x86_64.rpm libada7-7.5.0+r278197-150000.4.38.1.x86_64.rpm libasan4-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libasan4-7.5.0+r278197-150000.4.38.1.x86_64.rpm libcilkrts5-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libcilkrts5-7.5.0+r278197-150000.4.38.1.x86_64.rpm libgfortran4-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libgfortran4-7.5.0+r278197-150000.4.38.1.x86_64.rpm libstdc++6-devel-gcc7-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.38.1.x86_64.rpm libubsan0-32bit-7.5.0+r278197-150000.4.38.1.x86_64.rpm libubsan0-7.5.0+r278197-150000.4.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-480 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) libsolv-0.7.28-150400.3.16.2.src.rpm True libsolv-devel-0.7.28-150400.3.16.2.x86_64.rpm True libsolv-tools-0.7.28-150400.3.16.2.x86_64.rpm True libzypp-17.31.31-150400.3.52.2.src.rpm True libzypp-17.31.31-150400.3.52.2.x86_64.rpm True libzypp-devel-17.31.31-150400.3.52.2.x86_64.rpm True perl-solv-0.7.28-150400.3.16.2.x86_64.rpm True python3-solv-0.7.28-150400.3.16.2.x86_64.rpm True ruby-solv-0.7.28-150400.3.16.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-327 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bouncycastle, jsch fixes the following issues: - Updated jsch to version 0.2.15: - CVE-2023-48795: Fixed a prefix truncation issue that could lead to disclosure of sensitive information (bsc#1218134). - Updated bouncycastle to version 1.77. bouncycastle-1.77-150200.3.24.1.noarch.rpm bouncycastle-1.77-150200.3.24.1.src.rpm bouncycastle-pg-1.77-150200.3.24.1.noarch.rpm bouncycastle-pkix-1.77-150200.3.24.1.noarch.rpm bouncycastle-util-1.77-150200.3.24.1.noarch.rpm jsch-0.2.15-150200.11.13.1.noarch.rpm jsch-0.2.15-150200.11.13.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-792 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be "minimum" - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 timezone-2024a-150000.75.28.1.src.rpm timezone-2024a-150000.75.28.1.x86_64.rpm timezone-java-2024a-150000.75.28.1.noarch.rpm timezone-java-2024a-150000.75.28.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-444 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 suse-build-key-12.0-150000.8.40.1.noarch.rpm suse-build-key-12.0-150000.8.40.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-305 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) cpio-2.13-150400.3.6.1.src.rpm cpio-2.13-150400.3.6.1.x86_64.rpm cpio-lang-2.13-150400.3.6.1.noarch.rpm cpio-mt-2.13-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-455 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squid fixes the following issues: - CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. (bsc#1217654) - CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses. (bsc#1219131) squid-5.7-150400.3.23.1.src.rpm squid-5.7-150400.3.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-320 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xerces-c fixes the following issues: - CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. (bsc#1159552) libxerces-c-3_2-3.2.3-150300.3.6.1.x86_64.rpm libxerces-c-devel-3.2.3-150300.3.6.1.x86_64.rpm xerces-c-3.2.3-150300.3.6.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-726 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: apache-commons-codec was updated to version 1.16.1: - Changes in version 1.16.1: * New features: + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Correct error in Base64 Javadoc + Added minimum Java version in changes.xml + Documentation update for the org.apache.commons.codec.digest.* package + Precompile regular expression in UnixCrypt.crypt(byte[], String) + Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method + Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method + Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method + Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode() + Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method + Deprecated UnixCrypt 0-argument constructor + Deprecated Md5Crypt 0-argument constructor + Deprecated Crypt 0-argument constructor + Deprecated StringUtils 0-argument constructor + Deprecated Resources 0-argument constructor + Deprecated Charsets 0-argument constructor + Deprecated CharEncoding 0-argument constructor - Changes in version 1.16.0: * Remove duplicated words from Javadocs * Use Standard Charset object * Use String.contains() functions * Avoid use toString() or substring() in favor of a simplified expression * Fixed byte-skipping in Base16 decoding * Fixed several typos, improve writing in some javadocs * BaseNCodecOutputStream.eof() should not throw IOException. * Javadoc improvements and cleanups. * Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int). * Added support for Blake3 family of hashes * Added github/codeql-action * Bump actions/cache from v2 to v3.0.10 * Bump actions/setup-java from v1.4.1 to 3.5.1 * Bump actions/checkout from 2.3.2 to 3.1.0 * Bump commons-parent from 52 to 58 * Bump junit from 4.13.1 to 5.9.1 * Bump Java 7 to 8. * Bump japicmp-maven-plugin from 0.14.3 to 0.17.1. * Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds). * Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7 * Bump maven-javadoc-plugin from 3.2.0 to 3.4.1. * Bump animal-sniffer-maven-plugin from 1.19 to 1.22. * Bump maven-pmd-plugin from 3.13.0 to 3.19.0 * Bump pmd from 6.47.0 to 6.52.0. * Bump maven-checkstyle-plugin from 2.17 to 3.2.0 * Bump checkstyle from 8.45.1 to 9.3 * Bump taglist-maven-plugin from 2.4 to 3.0.0 * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. apache-commons-compress was updated to version 1.26: - Changes in version 1.26: * Security issues fixed: + CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress (bsc#1220068) + CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress (bsc#1220070) * New Features: + Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors + Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors + Added and use ArchiveInputStream.getCharset() + Added and use ArchiveEntry.resolveIn(Path) + Added Maven property project.build.outputTimestamp for build reproducibility * Bugs fixed: + Check for invalid PAX values in TarArchiveEntry + Fixed zero size headers in ArjInputStream + Fixes and tests for ArInputStream + Fixes for dump file parsing + Improved CPIO exception detection and handling + Deprecated SkipShieldingInputStream without replacement (nolonger used) + Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class) + Reuse commons-codec, don't duplicate class XXHash32 (deprecated class) + Reuse commons-io, don't duplicate class Charsets (deprecated class) + Reuse commons-io, don't duplicate class IOUtils (deprecated methods) + Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class) + Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods) + Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[]) + Added a null-check for the class loader of OsgiUtils + Added a null-check in Pack200.newInstance(String, String) + Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream + Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int) + FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer + Fixed TAR directory entries being misinterpreted as files + Deprecated unused method FileNameUtils.getBaseName(String) + Deprecated unused method FileNameUtils.getExtension(String) + ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count + Deprecated IOUtils.read(File, byte[]) + Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int) + ZipArchiveOutputStream multi archive updates metadata in incorrect file + Deprecated ByteUtils.InputStreamByteSupplier + Deprecated ByteUtils.fromLittleEndian(InputStream, int) + Deprecated ByteUtils.toLittleEndian(DataOutput, long, int) + Reduce duplication by having ArchiveInputStream extend FilterInputStream + Support preamble garbage in ZipArchiveInputStream + Fixed formatting the lowest expressable DOS time + Dropped reflection from ExtraFieldUtils static initialization + Preserve exception causation in ExtraFieldUtils.register(Class) - Changes in version 1.25: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0 - Changes in version 1.24: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0 - Changes in version 1.23: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0 - Changes in version 1.22: * For the full list of changes please consult: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22 apache-commons-io was updated to version 2.15.1: - Changes in version 2.15.1: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1 - Changes in version 2.15.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0 - Changes in version 2.14.0: * For the full list of changes please consult: https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0 javapackages-meta: - Syncing the version with javapackages-tools 6.2.0 - Remove unnecessary dependencies maven was updated to version 3.9.6: - Changes in version 3.9.6: * Bugs fixed: + Error message when modelVersion is 4.0 is confusing * Improvements: + Colorize transfer messages + Support ${project.basedir} in file profile activation + Allow to exclude plugins from validation * Tasks: + Maven Resolver Provider classes ctor change + Undeprecate wrongly deprecated repository metadata + Deprecated `org.apache.maven.repository.internal.MavenResolverModule` + maven-resolver-provider: introduce NAME constants. * Dependency upgrade: + Updated to Resolver 1.9.16 + Upgraded Sisu version to 0.9.0.M2 + Upgraded Resolver version to 1.9.18 + Upgraded to parent POM 41 + Upgraded default plugin bindings maven-assembly-plugin: - Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress maven-doxia was updated to version 1.12.0: * Changes in version 1.12.0: + Upgraded to FOP 2.2 + Fixed rendering links and paragraphs inside tables + Rewrite .md and .markdown links to .html + Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11 + Escape links to xml based figureGraphics image elements + SECURITY: Use HTTPS to resolve dependencies in Maven Build + Removed old Maven 1 and 2 info + Updated commons-lang to 3.8.1 + Dropped dependency to outdated Log4j + Fixed Java 7 compatibility that was broken + Import tests from maven-site-plugin + Fixed crosslinks starting with a dot in markdown files + Replace deprecated class from commons-lang + Fill in some generic types maven-doxia-sitetools was updated to version 1.11.1: - Changes in version 1.11.1: * Bugs fixed: + CLIRR can't find previous version * Improvements: + Removed all &#xA0; in default-site-macros.vm and replace by a space + Improved documentation on site.xml inheritance vs interpolation * Tasks: + Deprecated Doxia Sitetools Doc Renderer * Dependency upgrade: + Fixed javadoc issues with JDK 8 when generating documentation + Wrong coordinates for jai_core: hyphen should be underscore + Use latest JUnit version 4.13.2 + Upgraded Plexus Utils to 3.3.0 + Upgraded Plexus Interpolation to 1.26 + Upgraded Maven Doxia to 1.10 + Upgraded Maven Doxia to 1.11.1 maven-jar-plugin was updated to version 3.3.0: - Changes in version 3.3.0: * Bugs fixed: + outputTimestamp not applied to module-info; breaks reproducible builds * Task: + Updated plugin (requires Maven 3.2.5+) + Java 8 as minimum * Dependency upgrade: + Upgraded Plexus Utils to 3.3.1 + Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries + Upgraded Parent to 36 + Updated Plexus Utils to 3.4.2 + Upgraded Parent to 37 maven-jar-plugin was updated to version 3.6.0: - Changes from version 3.6.0: * Bugs fixed: + Setting maven.javadoc.isoffline seems to have no effect + javadoc site is broken for projects that contain modules + Alternative doclet page points to an SEO spammy page + [REGRESSION] Transitive dependencies of docletArtifact missing + Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in ResourcesBundleMojo + IOException --> NullPointerException in JavadocUtil.copyResource + JavadocReportTest.testExceptions is broken + javadoc creates invalid --patch-module statements + javadoc plugin can not deal with transitive filename based modules * Improvements: + Clean up deprecated and unpreferred methods in JavadocUtil + Cleanup dependency declarations as best possible + Allow building javadoc "the old fashioned way" after Java 8 * Tasks: + Dropped use of deprecated localRepository mojo parameter + Make build pass with Java 20 + Refresh download page * Dependency upgrade: + Updated to commons-io 2.13.0 + Updated plexus-archiver from 4.7.1 to 4.8.0 + Upgraded Parent to 40 - Changes from version 3.5.0: * Bugs fixed: + Invalid anchors in Javadoc and plugin mojo + Plugin duplicates classes in Java 8 all-classes lists + javadoc site creation ignores configuration parameters * Improvements: + Deprecated parameter "stylesheet" + Parse stderr output and suppress informational lines + Link to Javadoc references from JDK 17 + Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37 * Tasks: + Removed remains of org.codehaus.doxia.sink.Sink * Dependency upgrades: + Upgraded plugins in ITs + Upgraded to Maven 3.2.5 + Updated Maven Archiver to 3.6.0 + Upgraded Maven Reporting API to 3.1.1/Complete with Maven Reporting Impl 3.2.0 + Upgraded commons-text to 1.10.0 + Upgraded Parent to 39 + Upgraded plugins and components maven-reporting-api was updated to version 3.1.1: - Restore binary compat for MavenReport maven-reporting-impl was updated to version 3.2.0: - Changes in version 3.2.0: * Improvement: + Render with a skin when report is run in standalone mode * Dependency upgrades: + Upgraded Maven Reporting API to 3.1.1 + Upgraded plugins and components in project and ITs maven-resolver was updated to version 1.9.18: - Changes in version 1.9.18: * Bugs fixed: + Sporadic AccessDeniedEx on Windows + Undo FileUtils changes that altered non-Windows execution path * Improvements: + Native transport should retry on HTTP 429 (Retry-After) * Task: + Deprecated Guice modules + Get rid of component name string literals, make them constants and reusable + Expose configuration for inhibiting Expect-Continue handshake in 1.x + Refresh download page + Resolver should not override given HTTP transport default use of expect-continue handshake maven-resources-plugin was updated to version 3.3.1: - Changes in version 3.3.1: * Bugs fixed: + Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior + Resource copying not using specified encoding + java.nio.charset.MalformedInputException: Input length = 1 + Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0 + Valid location for directory parameter is always required + Symlinks cause copying resources to fail + FileUtils.copyFile() fails with source file having `lastModified = 0` * New Features: + Added ability to flatten folder structure into target directory when copying resources * Improvements: + Make tests jar reproducible + Describe from and to in "Copying xresources" info message * Task: + Dropped plexus legacy + Updated to parent POM 39, reformat sources + Updated plugin (requires Maven 3.2.5+) + Require Java 8 * Dependency upgrade: + Upgraded maven-plugin parent to 36 + Upgraded Maven Filtering to 3.3.0 + Upgraded plexus-utils to 3.5.1 + Upgraded to maven-filtering 3.3.1 sbt: - Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18 xmvn: - Modify the xmvn-install script to work with new apache-commons-compress - Recompiling RPM package to resolve package building issues with maven-lib apache-commons-codec-1.16.1-150200.3.9.1.noarch.rpm apache-commons-codec-1.16.1-150200.3.9.1.src.rpm apache-commons-compress-1.26.0-150200.3.16.1.noarch.rpm apache-commons-compress-1.26.0-150200.3.16.1.src.rpm apache-commons-configuration2-2.9.0-150200.5.5.1.noarch.rpm apache-commons-configuration2-2.9.0-150200.5.5.1.src.rpm apache-commons-io-2.15.1-150200.3.12.1.noarch.rpm apache-commons-io-2.15.1-150200.3.12.1.src.rpm gradle-local-6.2.0-150200.3.7.1.noarch.rpm ivy-local-6.2.0-150200.3.7.1.noarch.rpm javapackages-meta-6.2.0-150200.3.7.1.src.rpm maven-3.9.6-150200.4.21.2.src.rpm maven-3.9.6-150200.4.21.2.x86_64.rpm maven-doxia-1.12.0-150200.4.7.2.src.rpm maven-doxia-core-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.7.2.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.7.1.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.7.1.src.rpm maven-jar-plugin-3.3.0-150200.3.10.1.noarch.rpm maven-jar-plugin-3.3.0-150200.3.10.1.src.rpm maven-javadoc-plugin-3.6.0-150200.4.10.1.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.10.1.src.rpm maven-lib-3.9.6-150200.4.21.2.x86_64.rpm maven-local-6.2.0-150200.3.7.1.noarch.rpm maven-reporting-api-3.1.1-150200.3.7.1.noarch.rpm maven-reporting-api-3.1.1-150200.3.7.1.src.rpm maven-resolver-1.9.18-150200.3.17.2.src.rpm maven-resolver-api-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-connector-basic-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-impl-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-named-locks-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-spi-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-file-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-http-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-transport-wagon-1.9.18-150200.3.17.2.noarch.rpm maven-resolver-util-1.9.18-150200.3.17.2.noarch.rpm maven-resources-plugin-3.3.1-150200.3.12.1.noarch.rpm maven-resources-plugin-3.3.1-150200.3.12.1.src.rpm xmvn-4.2.0-150200.3.18.1.src.rpm xmvn-4.2.0-150200.3.18.1.x86_64.rpm xmvn-api-4.2.0-150200.3.18.1.noarch.rpm xmvn-connector-4.2.0-150200.3.18.1.noarch.rpm xmvn-connector-4.2.0-150200.3.18.1.src.rpm xmvn-core-4.2.0-150200.3.18.1.noarch.rpm xmvn-install-4.2.0-150200.3.18.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.18.1.x86_64.rpm xmvn-mojo-4.2.0-150200.3.18.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.18.1.src.rpm xmvn-resolve-4.2.0-150200.3.18.1.noarch.rpm xmvn-subst-4.2.0-150200.3.18.1.noarch.rpm xmvn-tools-4.2.0-150200.3.18.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-651 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nftables fixes the following issues: - Enable python311 module (bsc#1219253). libnftables1-0.9.8-150400.6.3.1.x86_64.rpm nftables-0.9.8-150400.6.3.1.src.rpm nftables-0.9.8-150400.6.3.1.x86_64.rpm python3-nftables-0.9.8-150400.6.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-898 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdb fixes the following issues: - Drop libdebuginfod1 BuildRequires/Recommends. The former isn't needed because there's a build requirement on libdebuginfod-devel already, which will pull the shared library. And the latter, because it's bogus since RPM auto generated dependency will take care of that requirement. gdb was released in 13.2: * This version of GDB includes the following changes and enhancements: * Support for the following new targets has been added in both GDB and GDBserver: * GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux* * GNU/Linux/CSKY (gdbserver) csky*-*linux* * The Windows native target now supports target async. * Floating-point support has now been added on LoongArch GNU/Linux. * New commands: * set print nibbles [on|off] * show print nibbles * This controls whether the 'print/t' command will display binary values in groups of four bits, known as "nibbles". The default is 'off'. Various styling-related commands. See the gdb/NEWS file for more details. Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details. * Python API improvements: * New Python API for instruction disassembly. * The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee. * New Python type gdb.BreakpointLocation. * New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address ' * New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'. * New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string. * New method gdb.Frame.language that returns the name of the frame's language. * gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation. * gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does. * The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9]. * GDB/MI changes: * MI version 1 is deprecated, and will be removed in GDB 14. * The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno. * Miscellaneous improvements: * gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF. * New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior. * New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit. * The "info breakpoints" now displays enabled breakpoint locations of disabled breakpoints as in the "y-" state. * The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling. * A new format "/b" has been introduce to provide the old behavior of "/r". * The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new "set style tui-current-position" command. * It is now possible to use the "document" command to document user-defined commands. * Support for memory tag data for AArch64 MTE. * Support Removal notices: * DBX mode has been removed. * Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3. * Support for the following commands has been removed: * set debug aix-solib on|off * show debug aix-solib * set debug solib-frv on|off * show debug solib-frv * Use the "set/show debug solib" commands instead. See the NEWS file for a more complete and detailed list of what this release includes. gdb-13.2-150400.15.14.1.src.rpm gdb-13.2-150400.15.14.1.x86_64.rpm gdbserver-13.2-150400.15.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-911 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for virt-v2v fixes the following issue: - virt-v2v fails due to zstd module compression (bsc#1216068) virt-v2v-1.44.2-150400.3.6.1.src.rpm virt-v2v-1.44.2-150400.3.6.1.x86_64.rpm virt-v2v-bash-completion-1.44.2-150400.3.6.1.noarch.rpm virt-v2v-man-pages-ja-1.44.2-150400.3.6.1.noarch.rpm virt-v2v-man-pages-uk-1.44.2-150400.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-423 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libavif fixes the following issues: - CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found (bsc#1218303). libavif-0.9.3-150400.3.3.1.src.rpm libavif13-0.9.3-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-459 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. runc-1.1.12-150000.61.2.src.rpm runc-1.1.12-150000.61.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-433 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for source-highlight fixes the following issues: Version update to 3.1.9: * changed esc.style to work better with dark theme terminals * updated C and C++ to more recent standards * fixed zsh.lang * added new Python keywords * added Rust * added ixpe * added vim - ships it to missing service packs like SUSE Linux Enterprise 15 SP3. libsource-highlight-devel-3.1.9-150000.3.7.1.x86_64.rpm libsource-highlight4-3.1.9-150000.3.7.1.x86_64.rpm source-highlight-3.1.9-150000.3.7.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-548 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.42.5 (bsc#1219604): - CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution (bsc#1219113). - CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages (bsc#1219604). - CVE-2024-23213: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2023-40414: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). - CVE-2014-1745: Fixed denial-of-service or potentially disclose memory contents while processing maliciously crafted files (bsc#1219604). - CVE-2023-42833: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604). WebKitGTK-4.0-lang-2.42.5-150400.4.75.1.noarch.rpm WebKitGTK-4.1-lang-2.42.5-150400.4.75.1.noarch.rpm WebKitGTK-6.0-lang-2.42.5-150400.4.75.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.42.5-150400.4.75.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.42.5-150400.4.75.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.42.5-150400.4.75.1.x86_64.rpm libwebkit2gtk-4_0-37-2.42.5-150400.4.75.1.x86_64.rpm libwebkit2gtk-4_1-0-2.42.5-150400.4.75.1.x86_64.rpm libwebkitgtk-6_0-4-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.42.5-150400.4.75.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk3-2.42.5-150400.4.75.1.src.rpm webkit2gtk3-devel-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk3-soup2-2.42.5-150400.4.75.1.src.rpm webkit2gtk3-soup2-devel-2.42.5-150400.4.75.1.x86_64.rpm webkit2gtk4-2.42.5-150400.4.75.1.src.rpm webkitgtk-6_0-injected-bundles-2.42.5-150400.4.75.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-466 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for syslinux fixes the following issues: - syslinux RPM package was rebuilt to address issues with aarch64 built binaries syslinux-4.04-150300.17.2.1.src.rpm syslinux-4.04-150300.17.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-425 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-argcomplete fixes the following issues: - Use update-alternatives for package binaries to avoid conflict with python311 stack (bsc#1219305) python-argcomplete-1.9.2-150000.3.5.1.src.rpm python3-argcomplete-1.9.2-150000.3.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-802 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: Parse updater format from XML configuration to ensure install calls can run - team: add new options like link_watch_policy (jsc#PED-7183) - Fix memory leaks in dbus variant destroy and fsm free - xpath: allow underscore in node identifier - vxlan: don't format unknown rtnl attrs (bsc#1219751) wicked-0.6.74-150400.3.13.1.src.rpm wicked-0.6.74-150400.3.13.1.x86_64.rpm wicked-service-0.6.74-150400.3.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-833 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-1_1-devel-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.63.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.63.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.63.1.src.rpm openssl-1_1-1.1.1l-150400.7.63.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-831 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). libopenssl-1_0_0-devel-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.91.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.91.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.91.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.91.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-563 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg contains the following fixes: - Added `libavresample3` and `libavformat57` to subpackages for Package Hub SLE-15-SP5 (bsc#1205435) - Fix RPM package build with new `binutils` ffmpeg-3.4.2-150200.11.34.2.src.rpm libavcodec57-3.4.2-150200.11.34.2.x86_64.rpm libavformat57-3.4.2-150200.11.34.2.x86_64.rpm libavresample3-3.4.2-150200.11.34.2.x86_64.rpm libavutil-devel-3.4.2-150200.11.34.2.x86_64.rpm libavutil55-3.4.2-150200.11.34.2.x86_64.rpm libpostproc-devel-3.4.2-150200.11.34.2.x86_64.rpm libpostproc54-3.4.2-150200.11.34.2.x86_64.rpm libswresample-devel-3.4.2-150200.11.34.2.x86_64.rpm libswresample2-3.4.2-150200.11.34.2.x86_64.rpm libswscale-devel-3.4.2-150200.11.34.2.x86_64.rpm libswscale4-3.4.2-150200.11.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-907 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for audit fixes the following issue: - Fix plugin termination when using systemd service units (bsc#1215377) audit-3.0.6-150400.4.16.1.src.rpm audit-3.0.6-150400.4.16.1.x86_64.rpm audit-audispd-plugins-3.0.6-150400.4.16.1.x86_64.rpm audit-devel-3.0.6-150400.4.16.1.x86_64.rpm audit-secondary-3.0.6-150400.4.16.1.src.rpm libaudit1-3.0.6-150400.4.16.1.x86_64.rpm libauparse0-3.0.6-150400.4.16.1.x86_64.rpm python3-audit-3.0.6-150400.4.16.1.x86_64.rpm system-group-audit-3.0.6-150400.4.16.1.x86_64.rpm libaudit1-32bit-3.0.6-150400.4.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-641 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc7 fixes the following issues: - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. cpp7-7.5.0+r278197-150000.4.41.1.x86_64.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.41.1.src.rpm cross-nvptx-gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm cross-nvptx-newlib7-devel-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-7.5.0+r278197-150000.4.41.1.src.rpm gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-ada-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-c++-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-c++-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-fortran-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-fortran-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-info-7.5.0+r278197-150000.4.41.1.noarch.rpm gcc7-locale-7.5.0+r278197-150000.4.41.1.x86_64.rpm gcc7-objc-7.5.0+r278197-150000.4.41.1.x86_64.rpm libada7-7.5.0+r278197-150000.4.41.1.x86_64.rpm libasan4-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libasan4-7.5.0+r278197-150000.4.41.1.x86_64.rpm libcilkrts5-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libcilkrts5-7.5.0+r278197-150000.4.41.1.x86_64.rpm libgfortran4-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libgfortran4-7.5.0+r278197-150000.4.41.1.x86_64.rpm libstdc++6-devel-gcc7-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libstdc++6-devel-gcc7-7.5.0+r278197-150000.4.41.1.x86_64.rpm libubsan0-32bit-7.5.0+r278197-150000.4.41.1.x86_64.rpm libubsan0-7.5.0+r278197-150000.4.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-515 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429). - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608). The following non-security bugs were fixed: - Store the old kernel changelog entries in kernel-docs package (bsc#1218713). - bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes). - bcache: Remove unnecessary NULL point check in node allocations (git-fixes). - bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes). - bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes). - bcache: avoid oversize memory allocation by small stripe_size (git-fixes). - bcache: check return value from btree_node_alloc_replacement() (git-fixes). - bcache: fixup btree_cache_wait list damage (git-fixes). - bcache: fixup init dirty data errors (git-fixes). - bcache: fixup lock c->root error (git-fixes). - bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes). - bcache: prevent potential division by zero error (git-fixes). - bcache: remove redundant assignment to variable cur_idx (git-fixes). - bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes). - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes). - block: Fix kabi header include (bsc#1218929). - block: free the extended dev_t minor later (bsc#1218930). - clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217). - clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885). - dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes). - dm cache: add cond_resched() to various workqueue loops (git-fixes). - dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes). - dm crypt: add cond_resched() to dmcrypt_write() (git-fixes). - dm crypt: avoid accessing uninitialized tasklet (git-fixes). - dm flakey: do not corrupt the zero page (git-fixes). - dm flakey: fix a crash with invalid table line (git-fixes). - dm flakey: fix logic when corrupting a bio (git-fixes). - dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes). - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes). - dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes). - dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes). - dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes). - dm stats: check for and propagate alloc_percpu failure (git-fixes). - dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes). - dm thin metadata: check fail_io before using data_sm (git-fixes). - dm thin: add cond_resched() to various workqueue loops (git-fixes). - dm thin: fix deadlock when swapping to thin device (bsc#1177529). - dm verity: do not perform FEC for failed readahead IO (git-fixes). - dm verity: fix error handling for check_at_most_once on FEC (git-fixes). - dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes). - dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes). - dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes). - dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes). - dm-verity: align struct dm_verity_fec_io properly (git-fixes). - dm: add cond_resched() to dm_wq_work() (git-fixes). - dm: do not lock fs when the map is NULL during suspend or resume (git-fixes). - dm: do not lock fs when the map is NULL in process of resume (git-fixes). - dm: remove flush_scheduled_work() during local_exit() (git-fixes). - dm: send just one event on resize, not two (git-fixes). - doc/README.KSYMS: Add to repo. - hv_netvsc: rndis_filter needs to select NLS (git-fixes). - intel_idle: add Emerald Rapids Xeon support (bsc#1216016). - kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). - loop: suppress uevents while reconfiguring the device (git-fixes). - nbd: Fix debugfs_create_dir error checking (git-fixes). - nbd: fix incomplete validation of ioctl arg (git-fixes). - nbd: use the correct block_device in nbd_bdev_reset (git-fixes). - nfsd: fix RELEASE_LOCKOWNER (bsc#1218968). - nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349). - null_blk: Always check queue mode setting from configfs (git-fixes). - powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes). - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes). - rbd: decouple header read-in from updating rbd_dev->header (git-fixes). - rbd: decouple parent info read-in from updating rbd_dev (git-fixes). - rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes). - rbd: harden get_lock_owner_info() a bit (git-fixes). - rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes). - rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes). - rbd: move rbd_dev_refresh() definition (git-fixes). - rbd: prevent busy loop when requesting exclusive lock (git-fixes). - rbd: retrieve and check lock owner twice before blocklisting (git-fixes). - rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes). - sched/isolation: add cpu_is_isolated() API (bsc#1217895). - scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097). - scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097). - trace,smp: Add tracepoints around remotelly called functions (bsc#1217895). - vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895). kernel-default-5.14.21-150400.24.108.1.nosrc.rpm True kernel-default-5.14.21-150400.24.108.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2.src.rpm True kernel-default-base-5.14.21-150400.24.108.1.150400.24.50.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.108.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.108.1.noarch.rpm True kernel-docs-5.14.21-150400.24.108.1.noarch.rpm True kernel-docs-5.14.21-150400.24.108.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.108.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.108.1.src.rpm True kernel-obs-build-5.14.21-150400.24.108.1.x86_64.rpm True kernel-source-5.14.21-150400.24.108.1.noarch.rpm True kernel-source-5.14.21-150400.24.108.1.src.rpm True kernel-syms-5.14.21-150400.24.108.1.src.rpm True kernel-syms-5.14.21-150400.24.108.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.108.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-562 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openblas contains the following fixes: - Added `libopenblas_pthreads0` to Package Hub SLE-15-SP4 on architecture s390 (no source changes) (bsc#1217608) libopenblas_openmp0-0.3.20-150400.4.2.1.x86_64.rpm libopenblas_pthreads-devel-0.3.20-150400.4.2.1.x86_64.rpm libopenblas_pthreads0-0.3.20-150400.4.2.1.x86_64.rpm openblas-common-devel-0.3.20-150400.4.2.1.x86_64.rpm openblas_openmp-0.3.20-150400.4.2.1.src.rpm openblas_pthreads-0.3.20-150400.4.2.1.src.rpm openblas_serial-0.3.20-150400.4.2.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-550 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: Upgrade to 16.2: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). libecpg6-16.2-150200.5.10.1.x86_64.rpm libpq5-16.2-150200.5.10.1.x86_64.rpm libpq5-32bit-16.2-150200.5.10.1.x86_64.rpm postgresql16-16.2-150200.5.10.1.src.rpm postgresql16-16.2-150200.5.10.1.x86_64.rpm postgresql16-contrib-16.2-150200.5.10.1.x86_64.rpm postgresql16-devel-16.2-150200.5.10.1.x86_64.rpm postgresql16-docs-16.2-150200.5.10.1.noarch.rpm postgresql16-plperl-16.2-150200.5.10.1.x86_64.rpm postgresql16-plpython-16.2-150200.5.10.1.x86_64.rpm postgresql16-pltcl-16.2-150200.5.10.1.x86_64.rpm postgresql16-server-16.2-150200.5.10.1.x86_64.rpm postgresql16-server-devel-16.2-150200.5.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-551 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql15 fixes the following issues: Upgrade to 15.6: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql15-15.6-150200.5.22.1.src.rpm postgresql15-15.6-150200.5.22.1.x86_64.rpm postgresql15-contrib-15.6-150200.5.22.1.x86_64.rpm postgresql15-devel-15.6-150200.5.22.1.x86_64.rpm postgresql15-docs-15.6-150200.5.22.1.noarch.rpm postgresql15-plperl-15.6-150200.5.22.1.x86_64.rpm postgresql15-plpython-15.6-150200.5.22.1.x86_64.rpm postgresql15-pltcl-15.6-150200.5.22.1.x86_64.rpm postgresql15-server-15.6-150200.5.22.1.x86_64.rpm postgresql15-server-devel-15.6-150200.5.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-552 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql14 fixes the following issues: Upgrade to 14.11: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql14-14.11-150200.5.39.1.src.rpm postgresql14-14.11-150200.5.39.1.x86_64.rpm postgresql14-contrib-14.11-150200.5.39.1.x86_64.rpm postgresql14-devel-14.11-150200.5.39.1.x86_64.rpm postgresql14-docs-14.11-150200.5.39.1.noarch.rpm postgresql14-plperl-14.11-150200.5.39.1.x86_64.rpm postgresql14-plpython-14.11-150200.5.39.1.x86_64.rpm postgresql14-pltcl-14.11-150200.5.39.1.x86_64.rpm postgresql14-server-14.11-150200.5.39.1.x86_64.rpm postgresql14-server-devel-14.11-150200.5.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-522 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql13 fixes the following issues: Upgrade to 13.14: - CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679). postgresql13-13.14-150200.5.53.1.src.rpm postgresql13-13.14-150200.5.53.1.x86_64.rpm postgresql13-contrib-13.14-150200.5.53.1.x86_64.rpm postgresql13-devel-13.14-150200.5.53.1.x86_64.rpm postgresql13-docs-13.14-150200.5.53.1.noarch.rpm postgresql13-llvmjit-13.14-150200.5.53.1.x86_64.rpm postgresql13-llvmjit-devel-13.14-150200.5.53.1.x86_64.rpm postgresql13-plperl-13.14-150200.5.53.1.x86_64.rpm postgresql13-plpython-13.14-150200.5.53.1.x86_64.rpm postgresql13-pltcl-13.14-150200.5.53.1.x86_64.rpm postgresql13-server-13.14-150200.5.53.1.x86_64.rpm postgresql13-server-devel-13.14-150200.5.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-634 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql fixes the following issues: - Require fillup package to properly create the config file (bsc#1219340) postgresql-16-150400.4.12.1.noarch.rpm postgresql-16-150400.4.12.1.src.rpm postgresql-contrib-16-150400.4.12.1.noarch.rpm postgresql-devel-16-150400.4.12.1.noarch.rpm postgresql-docs-16-150400.4.12.1.noarch.rpm postgresql-llvmjit-16-150400.4.12.1.noarch.rpm postgresql-llvmjit-devel-16-150400.4.12.1.noarch.rpm postgresql-plperl-16-150400.4.12.1.noarch.rpm postgresql-plpython-16-150400.4.12.1.noarch.rpm postgresql-pltcl-16-150400.4.12.1.noarch.rpm postgresql-server-16-150400.4.12.1.noarch.rpm postgresql-server-devel-16-150400.4.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-725 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 suse-build-key-12.0-150000.8.43.1.noarch.rpm suse-build-key-12.0-150000.8.43.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-558 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh2_org fixes the following issues: - Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com" when configuring custom method list. [bsc#1218971, CVE-2023-48795] * The strict-kex extension is announced in the list of available KEX methods. However, when the default KEX method list is modified or replaced, the extension is not added back automatically. libssh2-1-1.11.0-150000.4.25.1.x86_64.rpm libssh2-devel-1.11.0-150000.4.25.1.x86_64.rpm libssh2_org-1.11.0-150000.4.25.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-613 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). libxml2-2-2.9.14-150400.5.28.1.x86_64.rpm libxml2-2.9.14-150400.5.28.1.src.rpm libxml2-devel-2.9.14-150400.5.28.1.x86_64.rpm libxml2-python-2.9.14-150400.5.28.1.src.rpm libxml2-tools-2.9.14-150400.5.28.1.x86_64.rpm python3-libxml2-2.9.14-150400.5.28.1.x86_64.rpm python311-libxml2-2.9.14-150400.5.28.1.x86_64.rpm libxml2-2-32bit-2.9.14-150400.5.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-576 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issues: - Fixed a regression caused by incomplete fix for CVE-2022-2132 (bsc#1219187). dpdk-19.11.10-150400.4.12.1.src.rpm dpdk-19.11.10-150400.4.12.1.x86_64.rpm dpdk-devel-19.11.10-150400.4.12.1.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.103-150400.4.12.1.x86_64.rpm dpdk-tools-19.11.10-150400.4.12.1.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-573 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues: abseil-cpp was updated to: Update to 20230802.1: * Add StdcppWaiter to the end of the list of waiter implementations Update to 20230802.0 What's New: * Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target. Update to 20230125.3 Details can be found on: https://github.com/abseil/abseil-cpp/releases/tag/20230125.3 Update to 20230125.2 What's New: The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI. Breaking Changes: Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future. Known Issues The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released. Update to version 20220623.0 What's New: * Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional<T>. Breaking Changes: * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency. Other: * This will be the last release to support C++11. Future releases will require at least C++14. grpc was updated to 1.60: Update to release 1.60 * Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var. * Support for setting proxy for addresses. * Add v1 reflection. update to 1.59.3: * Security - Revocation: Crl backport to 1.59. (#34926) Update to release 1.59.2 * Fixes for CVE-2023-44487 Update to version 1.59.1: * C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552). Update to version 1.59.0: * xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435). * c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185). * Deps: Adding upb as a submodule (gh#grpc/grpc#34199). * EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167). * csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137). * Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198). Update to release 1.58.1 * Reintroduced c-ares 1.14 or later support Update to release 1.58 * ruby extension: remove unnecessary background thread startup wait logic that interferes with forking Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * EventEngine: Change GetDNSResolver to return absl::StatusOr<std::unique_ptr<DNSResolver>>. * Improve server handling of file descriptor exhaustion. * Add a channel argument to set DSCP on streams. Update to release 1.56.2 * Improve server handling of file descriptor exhaustion Update to release 1.56.0 (CVE-2023-32731, bsc#1212180) * core: Add support for vsock transport. * EventEngine: Change TXT lookup result type to std::vector<std::string>. * C++/Authz: support customizable audit functionality for authorization policy. Update to release 1.54.1 * Bring declarations and definitions to be in sync Update to release 1.54 (CVE-2023-32732, bsc#1212182) * XDS: enable XDS federation by default * TlsCreds: Support revocation of intermediate in chain Update to release 1.51.1 * Only a macOS/aarch64-related change Update to release 1.51 * c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability. * Remove support for pthread TLS Update to release 1.50.0 * Core - Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert "Revert "[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)" (#30991)". (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623) * C++ - OpenCensus Plugin: Add measure and views for started RPCs. (#31034) * C# - Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410) Update to release 1.49.1 * All - Update protobuf to v21.6 on 1.49.x. (#31028) * Ruby - Backport "Fix ruby windows ucrt build #31051" to 1.49.x. (#31053) Update to release 1.49.0 * Core - Backport: "stabilize the C2P resolver URI scheme" to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220) * Python - Add type stub generation support to grpcio-tools. (#30498) Update to release 1.48.1 * Backport EventEngine Forkables Update to release 1.48.0 * C++14 is now required * xDS: Workaround to get gRPC clients working with istio Update to release 1.46.3 * backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727 Update to release 1.46 * Added HTTP/1.1 support in httpcli * HTTP2: Add graceful goaway Update to release 1.45.2 * Various fixes related to XDS * HTTP2: Should not run cancelling logic on servers when receiving GOAWAY Update to release 1.45.1 * Switched to epoll1 as a default polling engine for Linux Update to version 1.45.0: * Core: - Backport "Include ADS stream error in XDS error updates (#29014)" to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568]. * C++ - Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407]. Update to release 1.44.0 * Add a trace to list which filters are contained in a channel stack. * Remove grpc_httpcli_context. * xDS: Add support for RBAC HTTP filter. * API to cancel grpc_resolve_address. Update to version 1.43.2: * Fix google-c2p-experimental issue (gh#grpc/grpc#28692). Changes from version 1.43.0: * Core: - Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906). * C++: - OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948). * [C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887). - Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number. Update to release 1.41.0 * xDS: Remove environmental variable guard for security. * xDS Security: Use new way to fetch certificate provider plugin instance config. * xDS server serving status: Use a struct to allow more fields to be added in the future. Update to release 1.39.1 * Fix C# protoc plugin argument parsing on 1.39.x Update to version 1.39.0: * Core - Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331). * C++ - New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728). * PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156). * Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268). Update to release 1.38.0 * Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner. * Fix use-after-unref bug in fault_injection_filter * New gRPC EventEngine Interface * Allow the AWS_DEFAULT_REGION environment variable * s/OnServingStatusChange/OnServingStatusUpdate/ Update to release 1.37.1 * Use URI form of address for channelz listen node * Implementation CSDS (xDS Config Dump) * xDS status notifier * Remove CAS loops in global subchannel pool and simplify subchannel refcounting Update to release 1.36.4 * A fix for DNS SRV lookups on Windows Update to 1.36.1: * Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver * C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API * PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings * Python: * Implement Python Client and Server xDS Creds Update to version 1.34.1: * Backport "Lazily import grpc_tools when using runtime stub/message generation" to 1.34.x (gh#grpc/grpc#25011). * Backport "do not use <PublicSign>true</PublicSign> on non-windows" to 1.34.x (gh#grpc/grpc#24995). Update to version 1.34.0: * Core: - Protect xds security code with the environment variable "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" (gh#grpc/grpc#24782). - Add support for "unix-abstract:" URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert "Revert "Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS"" (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381). * C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362). Update to release 1.33.2 * Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS. * Expose Cronet error message to the application layer. * Remove grpc_channel_ping from surface API. * Do not send BDP pings if there is no receive side activity. Update to version 1.33.1 * Core - Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997). * C++ - Makefile: only support building deps from submodule (gh#grpc/grpc#23957). - Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb. Update to version 1.32.0: * Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in "target uri is not valid" error messages (gh#grpc/grpc#23782). - Fix "cannot send compressed message large than 1024B" in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281). * C++ - Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557). opencensus-proto was updated to 0.3.0+git.20200721: - Update to version 0.3.0+git.20200721: * Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216) - Update to version 0.2.1+git.20190826: * Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209) - Update to version 0.2.1: * Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert "Start 0.3.0 development cycle (#167)" (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60) - Initial version 20180523 protobuf was updated to 25.1: update to 25.1: * Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594) update to 25.0: * Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split("/") returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault - Build with source and target levels 8 * fixes build with JDK21 - Install the pom file with the new %%mvn_install_pom macro - Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time update to 23.4: * Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1 update to 23.3: C++: * Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use. Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only. Csharp: * [C#] Replace regex that validates descriptor names update to 22.5: C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660) update to 22.4: C++: * Fix libprotoc: export useful symbols from .so Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories. Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386 update to v22.3 UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest update to 22.2: Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files update to 22.1: * Add visibility of plugin.proto to python directory * Strip "src" from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number. - update to 22.0: * This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0 update to v21.12: * Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto. update to 21.11: * Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158) update to 21.10:: * Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984) update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private "parsing constructor" to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field. update to 21.6: C++: * Reduce memory consumption of MessageSet parsing update to 21.5: PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages Python: * Fixed comparison of maps in Python. - update to 21.4: * Reduce the required alignment of ArenaString from 8 to 4 - update to 21.3: * C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061) Update to 21.2: - C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936) - Java: - Update protobuf_version.bzl to separate protoc and per-language java … (#9900) - Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates - PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996) - Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799) - Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909) - Update to 3.20.1: - PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0 - Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert "Standardize on Array copyOf" (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)’ - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add "ensure_ascii" parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568) - update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32. - Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10 - Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on "new" buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557) Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461) Update to 3.15.7: C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434) update to 3.15.6: Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have "has" methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include "|null". (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have "has" methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149) - Updated URL to https://github.com/protocolbuffers/protobuf Update to v3.14.0 Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support "\u" escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of "NULL_VALUE" when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for "==" to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked "explicit" (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named "async" or "await". * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span<byte>` type internally * Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter<byte>` or to a `Span<byte>` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty). Update to version 3.12.3; notable changes since 3.11.4: Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the "optional" field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an "optional" label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call "Class#new" over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce <clinit> size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the "GetOptions()" method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407) Update to version 3.11.4; notable changes since 3.9.2: * C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations - Install LICENSE - Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka "cpp api v2") that replaces the old ("cpp api v1") one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it python-abseil was udpated: version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object. version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`. Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward. - Release notes for 0.15.0 * (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+. - Release notes for 0.14.1 * Top-level LICENSE file is now exported in bazel. - Release notes for 0.14.0 * #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main. - Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast. - Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument. - Add Provides python-absl-py python-grpcuio was updated: - Update to version 1.60.0: * No python specfic changes. - Update to version 1.59.2: * No python specific changes. - Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186). - Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797). - Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974). - Build with LTO (don't set _lto_cflags to %nil). - No need to pass '-std=c++17' to build CFLAGS. - Update to version 1.56.2: * [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667) - Switch build to pip/wheel. - Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE) - Upstream only supports python >= 3.7, so adjust BuildRequires accordingly. - Add %{?sle15_python_module_pythons} - Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475). - Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319). - Drop Requires: python-six; not required any more. - Switch Suggests to Recommends. - Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497). - Update to version 1.51.1: * No Linux specific changes. - Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113). - Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818]. - Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498) - Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795]. - update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes. - Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert "Fix prefork handler register's default behavior" [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873]. - Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604]. - Build with system re2; add BuildRequires: pkgconfig(re2). - Update to version 1.44.0: * Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103). - Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958). - update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core. - Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090). - Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058). - Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436). - Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package "xds_protos" (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814). - Update to version 1.37.1: * No user visible changes. - Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394). - Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569). - Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package - Update to version 1.34.1: * Backport "Lazily import grpc_tools when using runtime stub/message generation" to 1.34.x (gh#grpc/grpc#25011). - Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356). - Update to version 1.33.2: * [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574). - Update to version 1.33.1: * [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098). Added re2 package in version 2024-02-01. abseil-cpp-20230802.1-150400.10.4.1.src.rpm abseil-cpp-devel-20230802.1-150400.10.4.1.x86_64.rpm grpc-1.60.0-150400.8.3.2.src.rpm libabsl2308_0_0-20230802.1-150400.10.4.1.x86_64.rpm libgrpc++1_60-1.60.0-150400.8.3.2.x86_64.rpm libgrpc1_60-1.60.0-150400.8.3.2.x86_64.rpm libgrpc37-1.60.0-150400.8.3.2.x86_64.rpm libprotobuf-lite25_1_0-25.1-150400.9.3.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.3.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.3.1.x86_64.rpm libre2-11-20240201-150400.9.3.1.x86_64.rpm libupb37-1.60.0-150400.8.3.2.x86_64.rpm protobuf-25.1-150400.9.3.1.src.rpm protobuf-devel-25.1-150400.9.3.1.x86_64.rpm re2-20240201-150400.9.3.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-553 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvswitch fixes the following issues: - CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c (bsc#1219059). libopenvswitch-2_14-0-2.14.2-150400.24.20.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.20.1.x86_64.rpm openvswitch-2.14.2-150400.24.20.1.src.rpm openvswitch-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-ipsec-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.20.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.20.1.x86_64.rpm ovn-20.06.2-150400.24.20.1.x86_64.rpm ovn-central-20.06.2-150400.24.20.1.x86_64.rpm ovn-devel-20.06.2-150400.24.20.1.x86_64.rpm ovn-docker-20.06.2-150400.24.20.1.x86_64.rpm ovn-host-20.06.2-150400.24.20.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.20.1.x86_64.rpm python3-ovs-2.14.2-150400.24.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-595 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character (bsc#1210638). libpython3_10-1_0-3.10.13-150400.4.39.1.x86_64.rpm python310-3.10.13-150400.4.39.1.src.rpm python310-3.10.13-150400.4.39.1.x86_64.rpm python310-base-3.10.13-150400.4.39.1.x86_64.rpm python310-core-3.10.13-150400.4.39.1.src.rpm python310-curses-3.10.13-150400.4.39.1.x86_64.rpm python310-dbm-3.10.13-150400.4.39.1.x86_64.rpm python310-devel-3.10.13-150400.4.39.1.x86_64.rpm python310-idle-3.10.13-150400.4.39.1.x86_64.rpm python310-tk-3.10.13-150400.4.39.1.x86_64.rpm python310-tools-3.10.13-150400.4.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3218 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for 389-ds fixes the following issues: - Update to version 2.0.20 - CVE-2024-3657: DOS via via specially crafted kerberos AS-REQ request. (bsc#1225512) - CVE-2024-5953: Malformed userPassword hashes may cause a denial of service. (bsc#1226277) - CVE-2024-2199: Malformed userPassword may cause crash at do_modify in slapd/modify.c. (bsc#1225507) - CVE-2024-1062: Fixed a heap overflow leading to denail-of-servce while writing a value larger than 256 chars in log_entry_attr. (bsc#1219836) 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3.src.rpm 389-ds-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm 389-ds-devel-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm lib389-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm libsvrcore0-2.0.20~git9.5e2d637c-150400.3.42.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-592 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php-composer2 fixes the following issues: - CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files (bsc#1219757). php-composer2-2.2.3-150400.3.9.1.noarch.rpm php-composer2-2.2.3-150400.3.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-626 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ecj fixes the following issues: - Allow building ecj with language levels 8 (bsc#1219862) - Distribute the bundled javax17api.jar under maven coordinate of org.eclipse:javax17api:17, so that it can be used if needed ecj-4.23-150200.3.12.1.noarch.rpm ecj-4.23-150200.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-565 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) libsuseconnect-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1.src.rpm suseconnect-ng-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm suseconnect-ruby-bindings-1.7.0~git0.5338270-150400.3.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-590 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bind fixes the following issues: Update to release 9.16.48: Feature Changes: * The IP addresses for B.ROOT-SERVERS.NET have been updated to 170.247.170.2 and 2801:1b8:10::b. Security Fixes: * Validating DNS messages containing a lot of DNSSEC signatures could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50387) [bsc#1219823] * Preparing an NSEC3 closest encloser proof could cause excessive CPU load, leading to a denial-of-service condition. This has been fixed. (CVE-2023-50868) [bsc#1219826] * Parsing DNS messages with many different names could cause excessive CPU load. This has been fixed. (CVE-2023-4408) [bsc#1219851] * Specific queries could cause named to crash with an assertion failure when nxdomain-redirect was enabled. This has been fixed. (CVE-2023-5517) [bsc#1219852] * A bad interaction between DNS64 and serve-stale could cause named to crash with an assertion failure, when both of these features were enabled. This has been fixed. (CVE-2023-5679) [bsc#1219853] * Query patterns that continuously triggered cache database maintenance could cause an excessive amount of memory to be allocated, exceeding max-cache-size and potentially leading to all available memory on the host running named being exhausted. This has been fixed. (CVE-2023-6516) [bsc#1219854] Removed Features: * Support for using AES as the DNS COOKIE algorithm (cookie-algorithm aes;) has been deprecated and will be removed in a future release. Please use the current default, SipHash-2-4, instead. bind-9.16.48-150400.5.40.1.src.rpm bind-9.16.48-150400.5.40.1.x86_64.rpm bind-doc-9.16.48-150400.5.40.1.noarch.rpm bind-utils-9.16.48-150400.5.40.1.x86_64.rpm python3-bind-9.16.48-150400.5.40.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-646 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This feature update adds the following packages: - python-CherryPy - python-cheroot - python-jaraco.collections - python-jaraco.text - python-pytest-forked - python-pytest-services - python-pylons-sphinx-themes - python-scp - python-requests-unixsocket - python-waitress - python-zc.lockfile python-CherryPy-18.9.0-150400.7.3.1.src.rpm python-cheroot-10.0.0-150400.9.3.1.src.rpm python-jaraco.collections-5.0.0-150400.9.3.1.src.rpm python-jaraco.text-3.12.0-150400.9.3.1.src.rpm python-pylons-sphinx-themes-1.0.13-150400.9.3.1.src.rpm python-pytest-forked-1.6.0-150400.12.3.1.src.rpm python-pytest-services-2.2.1-150400.7.3.1.src.rpm python-requests-unixsocket-0.3.0-150400.7.3.1.src.rpm python-scp-0.14.5-150400.12.3.1.src.rpm python-waitress-2.1.2-150400.12.4.1.src.rpm python-waitress-doc-2.1.2-150400.12.4.1.src.rpm python-zc.lockfile-3.0.post1-150400.7.3.1.src.rpm python311-CherryPy-18.9.0-150400.7.3.1.noarch.rpm python311-cheroot-10.0.0-150400.9.3.1.noarch.rpm python311-jaraco.collections-5.0.0-150400.9.3.1.noarch.rpm python311-jaraco.text-3.12.0-150400.9.3.1.noarch.rpm python311-pylons-sphinx-themes-1.0.13-150400.9.3.1.noarch.rpm python311-pytest-forked-1.6.0-150400.12.3.1.noarch.rpm python311-pytest-services-2.2.1-150400.7.3.1.noarch.rpm python311-requests-unixsocket-0.3.0-150400.7.3.1.noarch.rpm python311-scp-0.14.5-150400.12.3.1.noarch.rpm python311-waitress-2.1.2-150400.12.4.1.noarch.rpm python311-waitress-doc-2.1.2-150400.12.4.1.noarch.rpm python311-zc.lockfile-3.0.post1-150400.7.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-614 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752) python-rpm-4.14.3-150400.59.7.1.src.rpm python3-rpm-4.14.3-150400.59.7.1.x86_64.rpm python311-rpm-4.14.3-150400.59.7.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.7.1.x86_64.rpm rpm-4.14.3-150400.59.7.1.src.rpm rpm-4.14.3-150400.59.7.1.x86_64.rpm rpm-build-4.14.3-150400.59.7.1.x86_64.rpm rpm-devel-4.14.3-150400.59.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-596 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) openssh-8.4p1-150300.3.30.1.src.rpm openssh-8.4p1-150300.3.30.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.30.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.30.1.x86_64.rpm openssh-clients-8.4p1-150300.3.30.1.x86_64.rpm openssh-common-8.4p1-150300.3.30.1.x86_64.rpm openssh-fips-8.4p1-150300.3.30.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.30.1.x86_64.rpm openssh-server-8.4p1-150300.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1368 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) shim-15.8-150300.4.20.2.src.rpm shim-15.8-150300.4.20.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-577 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-aiohttp, python-time-machine fixes the following issues: python-aiohttp was updated to version 3.9.3: * Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``) * Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures. From version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829): * Fixed server-side websocket connection leak. * Fixed ``web.FileResponse`` doing blocking I/O in the event loop. * Fixed double compress when compression enabled and compressed file exists in server file responses. * Added runtime type check for ``ClientSession`` ``timeout`` parameter. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Improved validation of paths for static resources requests to the server. * Added support for passing :py:data:`True` to ``ssl`` parameter in ``ClientSession`` while deprecating :py:data:`None`. * Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon. * Fixed examples of ``fallback_charset_resolver`` function in the :doc:`client_advanced` document. * The Sphinx setup was updated to avoid showing the empty changelog draft section in the tagged release documentation builds on Read The Docs. * The changelog categorization was made clearer. The contributors can now mark their fragment files more accurately. * Updated :ref:`contributing/Tests coverage <aiohttp-contributing>` section to show how we use ``codecov``. * Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite. - Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782 update to 3.9.1: * Fixed importing aiohttp under PyPy on Windows. * Fixed async concurrency safety in websocket compressor. * Fixed ``ClientResponse.close()`` releasing the connection instead of closing. * Fixed a regression where connection may get closed during upgrade. -- by :user:`Dreamsorcerer` * Fixed messages being reported as upgraded without an Upgrade header in Python parser. -- by :user:`Dreamsorcerer` update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082) * Introduced ``AppKey`` for static typing support of ``Application`` storage. * Added a graceful shutdown period which allows pending tasks to complete before the application's cleanup is called. * Added `handler_cancellation`_ parameter to cancel web handler on client disconnection. * This (optionally) reintroduces a feature removed in a previous release. * Recommended for those looking for an extra level of protection against denial-of-service attacks. * Added support for setting response header parameters ``max_line_size`` and ``max_field_size``. * Added ``auto_decompress`` parameter to ``ClientSession.request`` to override ``ClientSession._auto_decompress``. * Changed ``raise_for_status`` to allow a coroutine. * Added client brotli compression support (optional with runtime check). * Added ``client_max_size`` to ``BaseRequest.clone()`` to allow overriding the request body size. -- :user:`anesabml`. * Added a middleware type alias ``aiohttp.typedefs.Middleware``. * Exported ``HTTPMove`` which can be used to catch any redirection request that has a location -- :user:`dreamsorcerer`. * Changed the ``path`` parameter in ``web.run_app()`` to accept a ``pathlib.Path`` object. * Performance: Skipped filtering ``CookieJar`` when the jar is empty or all cookies have expired. * Performance: Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``. * Performance: Used timestamp instead of ``datetime`` to achieve faster cookie expiration in ``CookieJar``. * Added support for passing a custom server name parameter to HTTPS connection. * Added support for using Basic Auth credentials from :file:`.netrc` file when making HTTP requests with the * :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is set to ``True``. -- by :user:`yuvipanda`. * Turned access log into no-op when the logger is disabled. * Added typing information to ``RawResponseMessage``. -- by :user:`Gobot1234` * Removed ``async-timeout`` for Python 3.11+ (replaced with ``asyncio.timeout()`` on newer releases). * Added support for ``brotlicffi`` as an alternative to ``brotli`` (fixing Brotli support on PyPy). * Added ``WebSocketResponse.get_extra_info()`` to access a protocol transport's extra info. * Allow ``link`` argument to be set to None/empty in HTTP 451 exception. * Fixed client timeout not working when incoming data is always available without waiting. -- by :user:`Dreamsorcerer`. * Fixed ``readuntil`` to work with a delimiter of more than one character. * Added ``__repr__`` to ``EmptyStreamReader`` to avoid ``AttributeError``. * Fixed bug when using ``TCPConnector`` with ``ttl_dns_cache=0``. * Fixed response returned from expect handler being thrown away. -- by :user:`Dreamsorcerer` * Avoided raising ``UnicodeDecodeError`` in multipart and in HTTP headers parsing. * Changed ``sock_read`` timeout to start after writing has finished, avoiding read timeouts caused by an unfinished write. -- by :user:`dtrifiro` * Fixed missing query in tracing method URLs when using ``yarl`` 1.9+. * Changed max 32-bit timestamp to an aware datetime object, for consistency with the non-32-bit one, and to avoid a ``DeprecationWarning`` on Python 3.12. * Fixed ``EmptyStreamReader.iter_chunks()`` never ending. * Fixed a rare ``RuntimeError: await wasn't used with future`` exception. * Fixed issue with insufficient HTTP method and version validation. * Added check to validate that absolute URIs have schemes. * Fixed unhandled exception when Python HTTP parser encounters unpaired Unicode surrogates. * Updated parser to disallow invalid characters in header field names and stop accepting LF as a request line separator. * Fixed Python HTTP parser not treating 204/304/1xx as an empty body. * Ensure empty body response for 1xx/204/304 per RFC 9112 sec 6.3. * Fixed an issue when a client request is closed before completing a chunked payload. -- by :user:`Dreamsorcerer` * Edge Case Handling for ResponseParser for missing reason value. * Fixed ``ClientWebSocketResponse.close_code`` being erroneously set to ``None`` when there are concurrent async tasks receiving data and closing the connection. * Added HTTP method validation. * Fixed arbitrary sequence types being allowed to inject values via version parameter. -- by :user:`Dreamsorcerer` * Performance: Fixed increase in latency with small messages from websocket compression changes. * Improved Documentation * Fixed the `ClientResponse.release`'s type in the doc. Changed from `comethod` to `method`. * Added information on behavior of base_url parameter in `ClientSession`. * Completed ``trust_env`` parameter description to honor ``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env. * Dropped Python 3.6 support. * Dropped Python 3.7 support. -- by :user:`Dreamsorcerer` * Removed support for abandoned ``tokio`` event loop. * Made ``print`` argument in ``run_app()`` optional. * Improved performance of ``ceil_timeout`` in some cases. * Changed importing Gunicorn to happen on-demand, decreasing import time by ~53%. -- :user:`Dreamsorcerer` * Improved import time by replacing ``http.server`` with ``http.HTTPStatus``. * Fixed annotation of ``ssl`` parameter to disallow ``True``. update to 3.8.6 (bsc#1217181, CVE-2023-47627): * Security bugfixes * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- pjjw-qhg8-p2p9. * https://github.com/aio-libs/aiohttp/security/advisories/GHSA- gfw2-4jvh-wgfg. * Added ``fallback_charset_resolver`` parameter in ``ClientSession`` to allow a user-supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use `fallback_charset_resolver the client * Fixed ``PermissionError`` when ``.netrc`` is unreadable due to permissions. * Fixed output of parsing errors * Fixed sorting in ``filter_cookies`` to use cookie with longest path. Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641) python-aiohttp-3.9.3-150400.10.14.1.src.rpm python311-aiohttp-3.9.3-150400.10.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-757 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2024-24814: Fixed a denial of service when using `OIDCSessionType client-cookie` and manipulating cookies (bsc#1219911). apache2-mod_auth_openidc-2.3.8-150100.3.28.1.src.rpm apache2-mod_auth_openidc-2.3.8-150100.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-938 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sapconf fixes the following issues: sapconf was updated from version 5.0.6 to 5.0.7: - Added requirement of package `sysctl-logger` (jsc#PED-5025) - Suppress error message regarding missing systemd service file during posttrans script sapconf-5.0.7-150000.7.30.1.noarch.rpm sapconf-5.0.7-150000.7.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-884 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for spectre-meltdown-checker fixes the following issues: - updated to 0.46 This release mainly focuses on the detection of the new Zenbleed (CVE-2023-20593) vulnerability, among few other changes that were in line waiting for a release: - feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593) - feat: add the linux-firmware repository as another source for CPU microcode versions - feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2 - fix: docker: adding missing utils (#433) - feat: add support for Guix System kernel - fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443) - fix: a /devnull file was mistakenly created on the filesystem - fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430) - updated to 0.45 - arm64: phytium: Add CPU Implementer Phytium - arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig - chore: ensure vars are set before being dereferenced (set -u compat) - chore: fix indentation - chore: fwdb: update to v220+i20220208 - chore: only attempt to load msr and cpuid module once - chore: read_cpuid: use named constants - chore: readme: framapic is gone, host the screenshots on GitHub - chore: replace 'Vulnerable to' by 'Affected by' in the hw section - chore: speculative execution -> transient execution - chore: update fwdb to v222+i20220208 - chore: update Intel Family 6 models - chore: wording: model not vulnerable -> model not affected - doc: add an FAQ entry about CVE support - doc: add an FAQ.md and update the README.md accordingly - doc: more FAQ and README - doc: readme: make the FAQ entry more visible - feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied - feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208 - feat: add subleaf != 0 support for read_cpuid - feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371) - feat: bsd: for unimplemented CVEs, at least report when CPU is not affected - feat: hw check: add IPRED, RRSBA, BHI features check - feat: implement detection for MCEPSC under BSD - feat: set default TMPDIR for Android (#415) - fix: extract_kernel: don't overwrite kernel_err if already set - fix: has_vmm false positive with pcp - fix: is_ucode_blacklisted: fix some model names - fix: mcedb: v191 changed the MCE table format - fix: refuse to run under MacOS and ESXi - fix: retpoline: detection on 5.15.28+ (#420) - fix: variant4: added case where prctl ssbd status is tagged as 'unknown' spectre-meltdown-checker-0.46-150100.3.9.1.src.rpm spectre-meltdown-checker-0.46-150100.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-827 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - Added dependencies on tomcat `user` and `group`, required by RPM 4.19 (bsc#1219530) - Link ecj.jar into the install instead of copying it tomcat-9.0.85-150200.60.1.noarch.rpm tomcat-9.0.85-150200.60.1.src.rpm tomcat-admin-webapps-9.0.85-150200.60.1.noarch.rpm tomcat-el-3_0-api-9.0.85-150200.60.1.noarch.rpm tomcat-jsp-2_3-api-9.0.85-150200.60.1.noarch.rpm tomcat-lib-9.0.85-150200.60.1.noarch.rpm tomcat-servlet-4_0-api-9.0.85-150200.60.1.noarch.rpm tomcat-webapps-9.0.85-150200.60.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-586 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-24.0.7_ce-150000.193.1.src.rpm docker-24.0.7_ce-150000.193.1.x86_64.rpm docker-bash-completion-24.0.7_ce-150000.193.1.noarch.rpm docker-rootless-extras-24.0.7_ce-150000.193.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-597 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198) libfreebl3-3.90.2-150400.3.39.1.x86_64.rpm libfreebl3-32bit-3.90.2-150400.3.39.1.x86_64.rpm libsoftokn3-3.90.2-150400.3.39.1.x86_64.rpm libsoftokn3-32bit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-3.90.2-150400.3.39.1.src.rpm mozilla-nss-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-32bit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-certs-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-devel-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-sysinit-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-tools-3.90.2-150400.3.39.1.x86_64.rpm mozilla-nss-certs-32bit-3.90.2-150400.3.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-607 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.8.0 ESR (MFSA 2024-06) (bsc#1220048): - CVE-2024-1546: Out-of-bounds memory read in networking channels - CVE-2024-1547: Alert dialog could have been spoofed on another site - CVE-2024-1548: Fullscreen Notification could have been hidden by select element - CVE-2024-1549: Custom cursor could obscure the permission dialog - CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants - CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts - CVE-2024-1552: Incorrect code generation on 32-bit ARM devices - CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 - Recommend libfido2-udev on codestreams that exist, in order to try to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272) MozillaFirefox-115.8.0-150200.152.126.3.src.rpm MozillaFirefox-115.8.0-150200.152.126.3.x86_64.rpm MozillaFirefox-devel-115.8.0-150200.152.126.3.noarch.rpm MozillaFirefox-translations-common-115.8.0-150200.152.126.3.x86_64.rpm MozillaFirefox-translations-other-115.8.0-150200.152.126.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1953 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: scap-security-guide was updated to 0.1.72 (jsc#ECO-3319): - ANSSI BP 028 profile for debian12 (#11368) - Control for BSI APP.4.4 (#11342) - update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks - various fixes to SLE profiles - add openeuler to -redhat package scap-security-guide-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-0.1.72-150000.1.78.2.src.rpm scap-security-guide-debian-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-redhat-0.1.72-150000.1.78.2.noarch.rpm scap-security-guide-ubuntu-0.1.72-150000.1.78.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1476 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-docutils fixes the following issue: - Use update-alternatives for all binary scripts and provide /usr/bin/docutils to avoid conflict with python311-docutils (bsc#1219501) python-docutils-0.14-150000.3.4.1.src.rpm python3-docutils-0.14-150000.3.4.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-730 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs18 fixes the following issues: Update to 18.19.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: undici version 5.28.3 (bsc#1220017). * CVE-2024-24806: libuv version 1.48.0 (bsc#1219724). Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults nodejs18-18.19.1-150400.9.18.2.src.rpm nodejs18-18.19.1-150400.9.18.2.x86_64.rpm nodejs18-devel-18.19.1-150400.9.18.2.x86_64.rpm nodejs18-docs-18.19.1-150400.9.18.2.noarch.rpm npm18-18.19.1-150400.9.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-982 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-rpm-macros fixes the following issue: - Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964) systemd-rpm-macros-15-150000.7.39.1.noarch.rpm systemd-rpm-macros-15-150000.7.39.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-619 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843] Security fixes: - CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843). - CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908). - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911). - CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907). - CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905). - CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903). - CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906). - CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909). java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.20-150000.3.86.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-728 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: ignore proxy-authorization header (bsc#1220017). * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724). nodejs16-16.20.2-150400.3.30.1.src.rpm nodejs16-16.20.2-150400.3.30.1.x86_64.rpm nodejs16-devel-16.20.2-150400.3.30.1.x86_64.rpm nodejs16-docs-16.20.2-150400.3.30.1.noarch.rpm npm16-16.20.2-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-786 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for giflib fixes the following issues: Update to version 5.2.2 * Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880) * #138 Documentation for obsolete utilities still installed * #139: Typo in "LZW image data" page ("110_2 = 4_10") * #140: Typo in "LZW image data" page ("LWZ") * #141: Typo in "Bits and bytes" page ("filed") * Note as already fixed SF issue #143: cannot compile under mingw * #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * #145: Remove manual pages installation for binaries that are not installed too * #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * #147 [PATCH] Fixes to doc/whatsinagif/ content * #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * #151: A heap-buffer-overflow in gif2rgb.c:294:45 * #152: Fix some typos on the html documentation and man pages * #153: Fix segmentation faults due to non correct checking for args * #154: Recover the giffilter manual page * #155: Add gifsponge docs * #157: An OutofMemory-Exception or Memory Leak in gif2rgb * #158: There is a null pointer problem in gif2rgb * #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c giflib-5.2.2-150000.4.13.1.src.rpm giflib-devel-5.2.2-150000.4.13.1.x86_64.rpm libgif7-5.2.2-150000.4.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-795 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sudo fixes the following issues: NOTE: This update has been retracted as some logic was not correct. - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). sudo-1.9.9-150400.4.33.1.src.rpm sudo-1.9.9-150400.4.33.1.x86_64.rpm sudo-devel-1.9.9-150400.4.33.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-819 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). wpa_supplicant-2.9-150000.4.39.1.src.rpm wpa_supplicant-2.9-150000.4.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-994 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rasdaemon fixes the following issues: - Maint: MI300A: rasdaemon: MI300A support patches (jsc#PED-7633) * Fix SMCA bank type decoding * Identify the DIe Number in multidie system * Handle reassigned bit definitions for UMC bank * Add new MA_LLC, USR_DP, and USR_CP bank types * Add support for post-processing MCA errors * Handle reassigned bit definitions for CS SMCA * Update SMCA bank error descriptions rasdaemon-0.6.7.18.git+7ccf12f-150400.4.3.1.src.rpm rasdaemon-0.6.7.18.git+7ccf12f-150400.4.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-817 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jetty-minimal fixes the following issues: - CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak (bsc#1220437). jetty-http-9.4.54-150200.3.25.1.noarch.rpm jetty-io-9.4.54-150200.3.25.1.noarch.rpm jetty-minimal-9.4.54-150200.3.25.1.src.rpm jetty-security-9.4.54-150200.3.25.1.noarch.rpm jetty-server-9.4.54-150200.3.25.1.noarch.rpm jetty-servlet-9.4.54-150200.3.25.1.noarch.rpm jetty-util-9.4.54-150200.3.25.1.noarch.rpm jetty-util-ajax-9.4.54-150200.3.25.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-901 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). libpython3_6m1_0-3.6.15-150300.10.57.1.x86_64.rpm python3-3.6.15-150300.10.57.1.src.rpm python3-3.6.15-150300.10.57.1.x86_64.rpm python3-base-3.6.15-150300.10.57.1.x86_64.rpm python3-core-3.6.15-150300.10.57.1.src.rpm python3-curses-3.6.15-150300.10.57.1.x86_64.rpm python3-dbm-3.6.15-150300.10.57.1.x86_64.rpm python3-devel-3.6.15-150300.10.57.1.x86_64.rpm python3-idle-3.6.15-150300.10.57.1.x86_64.rpm python3-tk-3.6.15-150300.10.57.1.x86_64.rpm python3-tools-3.6.15-150300.10.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-820 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). libpython3_10-1_0-3.10.13-150400.4.42.1.x86_64.rpm python310-3.10.13-150400.4.42.1.src.rpm python310-3.10.13-150400.4.42.1.x86_64.rpm python310-base-3.10.13-150400.4.42.1.x86_64.rpm python310-core-3.10.13-150400.4.42.1.src.rpm python310-curses-3.10.13-150400.4.42.1.x86_64.rpm python310-dbm-3.10.13-150400.4.42.1.x86_64.rpm python310-devel-3.10.13-150400.4.42.1.x86_64.rpm python310-idle-3.10.13-150400.4.42.1.x86_64.rpm python310-tk-3.10.13-150400.4.42.1.x86_64.rpm python310-tools-3.10.13-150400.4.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1889 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for container-suseconnect fixes the following issues: Update to 2.5.0: * Upgrade to go 1.21 * Allow setting of SCC credentials via environment variables * Bump github.com/urfave/cli/v2 from 2.25.7 to 2.27.1 * Use switch instead of else if construction * Add system token header to query SCC subscriptions (bsc#1219855) * Use the FIPS capable go1.21-openssl to build. container-suseconnect-2.5.0-150000.4.53.2.src.rpm container-suseconnect-2.5.0-150000.4.53.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-773 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql-jdbc fixes the following issues: - CVE-2024-1597: Fixed SQL Injection via line comment generation (bsc#1220644). postgresql-jdbc-42.2.25-150400.3.12.1.noarch.rpm postgresql-jdbc-42.2.25-150400.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1177 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for multipath-tools fixes the following issues: - Fixed activation of LVM volume groups during coldplug (bsc#1219142) - Avoid changing SCSI timeouts in "multipath -d" (bsc#1213809) - Fixed dev_loss_tmo even if not set in configuration (bsc#1212440) - Backport of upstream bug fixes (bsc#1220374): * Avoid setting queue_if_no_path on multipath maps for which the no_path_retry timeout has expired * Fixed memory and error handling for code using aio (marginal path code, directio path checker) * libmultipath: fixed max_sectors_kb on adding path * Fixed warnings reported by udevadm verify * libmultipath: use directio checker for LIO targets * multipathd.service: remove "Also=multipathd.socket" * libmultipathd: avoid parsing errors due to unsupported designators * libmultipath: return 'pending' state when port is in transition * multipath.rules: fixed "smart" bug with failed valid path check * libmpathpersist: fixed resource leak in update_map_pr() * libmultipath: keep renames from stopping other multipath actions kpartx-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libdmmp-devel-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libdmmp0_2_0-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm libmpath0-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm multipath-tools-0.9.0+161+suse.a26bd4c-150400.4.19.1.src.rpm multipath-tools-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm multipath-tools-devel-0.9.0+161+suse.a26bd4c-150400.4.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-871 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 gvim-9.1.0111-150000.5.60.1.x86_64.rpm vim-9.1.0111-150000.5.60.1.src.rpm vim-9.1.0111-150000.5.60.1.x86_64.rpm vim-data-9.1.0111-150000.5.60.1.noarch.rpm vim-data-common-9.1.0111-150000.5.60.1.noarch.rpm vim-small-9.1.0111-150000.5.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-782 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638). - CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015). libpython3_11-1_0-3.11.8-150400.9.23.1.x86_64.rpm python311-3.11.8-150400.9.23.1.src.rpm python311-3.11.8-150400.9.23.1.x86_64.rpm python311-base-3.11.8-150400.9.23.1.x86_64.rpm python311-core-3.11.8-150400.9.23.1.src.rpm python311-curses-3.11.8-150400.9.23.1.x86_64.rpm python311-dbm-3.11.8-150400.9.23.1.x86_64.rpm python311-devel-3.11.8-150400.9.23.1.x86_64.rpm python311-doc-3.11.8-150400.9.23.1.x86_64.rpm python311-doc-devhelp-3.11.8-150400.9.23.1.x86_64.rpm python311-documentation-3.11.8-150400.9.23.1.src.rpm python311-idle-3.11.8-150400.9.23.1.x86_64.rpm python311-tk-3.11.8-150400.9.23.1.x86_64.rpm python311-tools-3.11.8-150400.9.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-766 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libssh fixes the following issues: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385) libssh-0.9.8-150400.3.6.1.src.rpm libssh-config-0.9.8-150400.3.6.1.x86_64.rpm libssh-devel-0.9.8-150400.3.6.1.x86_64.rpm libssh4-0.9.8-150400.3.6.1.x86_64.rpm libssh4-32bit-0.9.8-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1468 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) Adding references for already fixed issues: - CVE-2021-38091: Fixed integer overflow in function filter16_sobel in libavfilter/vf_convolution.c (bsc#1190732) - CVE-2021-38090: Fixed integer overflow in function filter16_roberts in libavfilter/vf_convolution.c (bsc#1190731) - CVE-2020-20898: Fixed integer overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724) - CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c (bsc#1190728) - CVE-2020-20900: Fixed buffer overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190727) - CVE-2020-20894: Fixed buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190721) ffmpeg-3.4.2-150200.11.41.1.src.rpm libavcodec57-3.4.2-150200.11.41.1.x86_64.rpm libavformat57-3.4.2-150200.11.41.1.x86_64.rpm libavresample3-3.4.2-150200.11.41.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.41.1.x86_64.rpm libavutil55-3.4.2-150200.11.41.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.41.1.x86_64.rpm libpostproc54-3.4.2-150200.11.41.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.41.1.x86_64.rpm libswresample2-3.4.2-150200.11.41.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.41.1.x86_64.rpm libswscale4-3.4.2-150200.11.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3341 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.23 fixes the following issues: - CVE-2021-25743: escape, meta and control sequences in raw data output to terminal not neutralized. (bsc#1194400) - CVE-2023-2727: bypass of policies imposed by the ImagePolicyWebhook admission plugin. (bsc#1211630) - CVE-2023-2728: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1211631) - CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2024-0793: kube-controller-manager pod crash when processing malformed HPA v1 manifests. (bsc#1219964) - CVE-2024-3177: bypass of the mountable secrets policy enforced by the ServiceAccount admission plugin. (bsc#1222539) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Use -trimpath in non-DBG mode for reproducible builds. (bsc#1062303) - Fix multiple issues for successful `kubeadm init` run. (bsc#1214406) - Update go to version 1.22.5 in build requirements. (bsc#1229858) kubernetes1.24-1.24.17-150400.9.16.1.src.rpm kubernetes1.24-client-1.24.17-150400.9.16.1.x86_64.rpm kubernetes1.24-client-common-1.24.17-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-864 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for fontforge fixes the following issues: - CVE-2024-25081: Fixed command injection via crafted filenames (bsc#1220404). - CVE-2024-25082: Fixed command injection via crafted archives or compressed files (bsc#1220405). fontforge-20200314-150200.3.6.1.src.rpm fontforge-20200314-150200.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1129 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289) expat-2.4.4-150400.3.17.1.src.rpm expat-2.4.4-150400.3.17.1.x86_64.rpm libexpat-devel-2.4.4-150400.3.17.1.x86_64.rpm libexpat1-2.4.4-150400.3.17.1.x86_64.rpm libexpat1-32bit-2.4.4-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-847 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (8317547) (bsc#1218911). - CVE-2024-20921: Fixed range check loop optimization issue (8314307) (bsc#1218905). - CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn (8314284) (bsc#1218906). - CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified byte code execution (8314295) (bsc#1218903). - CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (8314468) (bsc#1218907). - CVE-2024-20945: Fixed logging of digital signature private keys (8316976) (bsc#1218909). Update to version jdk8u402 (icedtea-3.30.0). java-1_8_0-openjdk-1.8.0.402-150000.3.88.1.src.rpm java-1_8_0-openjdk-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.402-150000.3.88.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.402-150000.3.88.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1304 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for eclipse, maven-surefire, tycho fixes the following issues: eclipse received the following security fix: - CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. (bsc#1216992) maven-sunfire was updated from version 2.22.0 to 2.22.2: - Changes in version 2.22.2: * Bugs fixed: + Fixed JUnit Runner that writes to System.out corrupts Surefire’s STDOUT when using JUnit’s Vintage Engine - Changes in version 2.22.1: * Bugs fixed: + Fixed Surefire unable to run testng suites in parallel + Fixed Git wrongly considering PNG files as changed when there is no change + Fixed the surefire XSD published on maven site lacking of some rerun element + Fixed XML Report elements rerunError, rerunFailure, flakyFailure, flakyError + Fixed overriding platform version through project/plugin dependencies + Fixed mixed up characters in standard output + Logs in Parallel Tests are mixed up when `forkMode=never` or `forkCount=0` + MIME type for javascript is now officially application/javascript * Improvements: + Elapsed time in XML Report should satisfy pattern in XSD. + Fix old test resources TEST-*.xml in favor of continuing with SUREFIRE-1550 + Nil element “failureMessage” in failsafe-summary.xml should have self closed tag + Removed obsolete module `surefire-setup-integration-tests` + Support Java 11 + Surefire should support parameterized reportsDirectory * Dependency upgrades: + Upgraded maven-plugins parent to version 32 + Upgraded maven-plugins parent to version 33 tycho received the following bug fixes: - Fixed build against maven-surefire 2.22.1 and newer - Fixed build against newer plexus-compiler - Fixed issues with plexus-archiver 4.4.0 and newer - Require explicitely artifacts that will not be required automatically any more maven-surefire-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-2.22.2-150200.3.9.9.1.src.rpm maven-surefire-plugin-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-plugins-2.22.2-150200.3.9.9.1.src.rpm maven-surefire-provider-junit-2.22.2-150200.3.9.9.1.noarch.rpm maven-surefire-provider-testng-2.22.2-150200.3.9.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-811 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: - Upgrade go to version 1.21.8 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) go1.21-1.21.8-150000.1.27.1.src.rpm go1.21-1.21.8-150000.1.27.1.x86_64.rpm go1.21-doc-1.21.8-150000.1.27.1.x86_64.rpm go1.21-race-1.21.8-150000.1.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1104 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? catatonit-0.1.7-150300.10.5.2.src.rpm catatonit-0.1.7-150300.10.5.2.x86_64.rpm containerd-1.7.10-150000.108.1.src.rpm containerd-1.7.10-150000.108.1.x86_64.rpm containerd-ctr-1.7.10-150000.108.1.x86_64.rpm containerd-devel-1.7.10-150000.108.1.x86_64.rpm docker-24.0.7_ce-150000.198.2.src.rpm docker-24.0.7_ce-150000.198.2.x86_64.rpm docker-bash-completion-24.0.7_ce-150000.198.2.noarch.rpm docker-rootless-extras-24.0.7_ce-150000.198.2.noarch.rpm fuse-overlayfs-1.1.2-150100.3.11.1.src.rpm fuse-overlayfs-1.1.2-150100.3.11.1.x86_64.rpm rootlesskit-1.1.1-150000.1.5.1.src.rpm rootlesskit-1.1.1-150000.1.5.1.x86_64.rpm slirp4netns-1.2.0-150300.8.7.1.src.rpm slirp4netns-1.2.0-150300.8.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1885 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dhcp-tools fixes the following issues: - Fixed license to BSD 2-Clause License dhcp-tools-1.6-150000.3.3.2.src.rpm dhcp-tools-1.6-150000.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1397 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc12 fixes the following issues: - gcc12 D language packages are shipped to PackageHub 15 SP5. cpp12-12.3.0+git1204-150000.1.18.1.x86_64.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.18.1.src.rpm cross-nvptx-gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-12.3.0+git1204-150000.1.18.1.src.rpm gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-PIE-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-c++-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-c++-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-fortran-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-fortran-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-info-12.3.0+git1204-150000.1.18.1.noarch.rpm gcc12-locale-12.3.0+git1204-150000.1.18.1.x86_64.rpm gcc12-testresults-12.3.0+git1204-150000.1.18.1.src.rpm gcc12-testresults-12.3.0+git1204-150000.1.18.1.x86_64.rpm libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.18.1.x86_64.rpm libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1091 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new "rpm-imaevmsign" subpackage (jsc#PED-7246). - Backport signature reserved space handling from upstream. dwz-0.12-150000.3.4.1.src.rpm dwz-0.12-150000.3.4.1.x86_64.rpm evmctl-1.4-150400.3.2.1.x86_64.rpm ima-evm-utils-1.4-150400.3.2.1.src.rpm ima-evm-utils-devel-1.4-150400.3.2.1.x86_64.rpm libimaevm3-1.4-150400.3.2.1.x86_64.rpm python-rpm-4.14.3-150400.59.10.1.src.rpm python3-rpm-4.14.3-150400.59.10.1.x86_64.rpm python311-rpm-4.14.3-150400.59.10.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.10.1.x86_64.rpm rpm-4.14.3-150400.59.10.1.src.rpm rpm-4.14.3-150400.59.10.1.x86_64.rpm rpm-build-4.14.3-150400.59.10.1.x86_64.rpm rpm-devel-4.14.3-150400.59.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1144 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: - CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677) - Update to version 1.34.1 for compatibility with Docker 25.0 (which is not in SLES yet, but will eventually be) (bsc#1219563). See the corresponding release notes: * https://github.com/containers/buildah/releases/tag/v1.34.1 * https://github.com/containers/buildah/releases/tag/v1.34.0 * https://github.com/containers/buildah/releases/tag/v1.33.0 * https://github.com/containers/buildah/releases/tag/v1.32.0 * https://github.com/containers/buildah/releases/tag/v1.31.0 * https://github.com/containers/buildah/releases/tag/v1.30.0 - Require cni-plugins (bsc#1220568) buildah-1.34.1-150400.3.27.1.src.rpm buildah-1.34.1-150400.3.27.1.x86_64.rpm cni-0.7.1-150100.3.18.1.src.rpm cni-0.7.1-150100.3.18.1.x86_64.rpm cni-plugins-0.8.6-150100.3.22.3.src.rpm cni-plugins-0.8.6-150100.3.22.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-877 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sudo fixes the following issues: - CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134). sudo-1.9.9-150400.4.36.1.src.rpm sudo-1.9.9-150400.4.36.1.x86_64.rpm sudo-devel-1.9.9-150400.4.36.1.x86_64.rpm sudo-plugin-python-1.9.9-150400.4.36.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-900 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433). - CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257). - CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350). - CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326). - CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330) - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827). - CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146). The following non-security bugs were fixed: - bpf: Fix verification of indirect var-off stack access (git-fixes). - bpf: Guard stack limits against 32bit overflow (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633). - nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515). - nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064). - nvme: start keep-alive after admin queue setup (bsc#1211515). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). kernel-default-5.14.21-150400.24.111.2.nosrc.rpm True kernel-default-5.14.21-150400.24.111.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1.src.rpm True kernel-default-base-5.14.21-150400.24.111.2.150400.24.52.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.111.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.111.1.noarch.rpm True kernel-docs-5.14.21-150400.24.111.2.noarch.rpm True kernel-docs-5.14.21-150400.24.111.2.nosrc.rpm True kernel-macros-5.14.21-150400.24.111.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.111.1.src.rpm True kernel-obs-build-5.14.21-150400.24.111.1.x86_64.rpm True kernel-source-5.14.21-150400.24.111.1.noarch.rpm True kernel-source-5.14.21-150400.24.111.1.src.rpm True kernel-syms-5.14.21-150400.24.111.1.src.rpm True kernel-syms-5.14.21-150400.24.111.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.111.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-919 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of libtcnative-1-0 rebuilds it against a TLS 1.3 capable openssl 1.1, enabling TLS 1.3 support. libtcnative-1-0-1.2.38-150200.6.2.1.src.rpm libtcnative-1-0-1.2.38-150200.6.2.1.x86_64.rpm libtcnative-1-0-devel-1.2.38-150200.6.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1119 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gradle, gradle-bootstrap fixes the following issues: - CVE-2021-29429: Fixed information disclosure through temporary directory permissions (bsc#1184799). - CVE-2019-15052: Fixed authentication credentials disclosure (bsc#1145903). gradle: - Fixed RPM package building issues due to changed dependencies gradle-bootstrap: - Added missing dependency of aopalliance gradle-4.4.1-150200.3.15.1.src.rpm gradle-4.4.1-150200.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-937 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openvswitch fixes the following issues: - CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc#1219465). libopenvswitch-2_14-0-2.14.2-150400.24.23.1.x86_64.rpm libovn-20_06-0-20.06.2-150400.24.23.1.x86_64.rpm openvswitch-2.14.2-150400.24.23.1.src.rpm openvswitch-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-devel-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-ipsec-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-pki-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-test-2.14.2-150400.24.23.1.x86_64.rpm openvswitch-vtep-2.14.2-150400.24.23.1.x86_64.rpm ovn-20.06.2-150400.24.23.1.x86_64.rpm ovn-central-20.06.2-150400.24.23.1.x86_64.rpm ovn-devel-20.06.2-150400.24.23.1.x86_64.rpm ovn-docker-20.06.2-150400.24.23.1.x86_64.rpm ovn-host-20.06.2-150400.24.23.1.x86_64.rpm ovn-vtep-20.06.2-150400.24.23.1.x86_64.rpm python3-ovs-2.14.2-150400.24.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1139 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Updated to Intel CPU Microcode 20240312 release. (bsc#1221323) - CVE-2023-39368: Protection mechanism failure of bus lock regulator for some Intel Processors may allow an unauthenticated user to potentially enable denial of service via network access - CVE-2023-38575: Non-transparent sharing of return predictor targets between contexts in some Intel Processors may allow an authorized user to potentially enable information disclosure via local access. - CVE-2023-28746: Information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2023-22655 Protection mechanism failure in some 3rd and 4th Generation Intel Xeon Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2023-43490: Incorrect calculation in microcode keying mechanism for some Intel Xeon D Processors with Intel® SGX may allow a privileged user to potentially enable information disclosure via local access. ucode-intel-20240312-150200.38.1.src.rpm ucode-intel-20240312-150200.38.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-942 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Allow "--rollback" flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 libsuseconnect-1.8.0-150400.3.28.1.x86_64.rpm suseconnect-ng-1.8.0-150400.3.28.1.src.rpm suseconnect-ng-1.8.0-150400.3.28.1.x86_64.rpm suseconnect-ruby-bindings-1.8.0-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-969 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-network fixes the following issues: - Guard secret attributes against leaking to the log (bsc#1221194) - Update to version 4.4.60 yast2-network-4.4.60-150400.3.30.1.noarch.rpm yast2-network-4.4.60-150400.3.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-952 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Version 2.15: * Moving system hardware information to systems database table to allow transmitting system information dynamically. (jsc#PED-3734) * Dropping Rails Secrets facilities and related config files (bsc#1215176) * Updated supportconfig script (bsc#1216389) * Support zstd compression for repository metadata (bsc#1218775) * Do not add credential handling to normal repository URLs (bsc#1219153) * Fix for SUSE Liberty registration script to allow RHEL7/SLL7/CentOS7 clients to register to RMT servers * make sure yum that can read repomd.xml correctly is installed (bsc#1221223) * Provide user/group symbol for user created during pre (bsc#1219540) * Disable authentication for license files in pubcloud context * Higher registration sharing timeout * rmt-server-pubcloud: * Extend cache expiration time for BYOS systems (PAYG: 20 min, BYOS: 24 hours) * Include byos parameter when checking subscription validity for BYOS systems with SCC rmt-server-2.15-150400.3.18.2.src.rpm rmt-server-2.15-150400.3.18.2.x86_64.rpm rmt-server-config-2.15-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1002 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 (bsc#1221850). - CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (bmo#1886852). Firefox Extended Support Release 115.9.0 ESR (bsc#1221327): - CVE-2024-0743: Crash in NSS TLS method (bmo#1867408). - CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (bmo#1872920). - CVE-2024-2607: JIT code failed to save return registers on Armv7-A (bmo#1879939). - CVE-2024-2608: Integer overflow could have led to out of bounds write (bmo#1880692). - CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (bmo#1846197). - CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (bmo#1780432). - CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage (bmo#1871112). - CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions (bmo#1876675). - CVE-2024-2612: Self referencing object could have potentially led to a use- after-free (bmo#1879444). - CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093). MozillaFirefox-115.9.1-150200.152.131.1.src.rpm MozillaFirefox-115.9.1-150200.152.131.1.x86_64.rpm MozillaFirefox-devel-115.9.1-150200.152.131.1.noarch.rpm MozillaFirefox-translations-common-115.9.1-150200.152.131.1.x86_64.rpm MozillaFirefox-translations-other-115.9.1-150200.152.131.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2022 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable chrony-4.1-150400.21.5.7.src.rpm chrony-4.1-150400.21.5.7.x86_64.rpm chrony-pool-empty-4.1-150400.21.5.7.noarch.rpm chrony-pool-suse-4.1-150400.21.5.7.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1015 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sed fixes the following issues: - "sed -i" now creates temporary files with correct umask (bsc#1221218) sed-4.4-150300.13.3.1.src.rpm sed-4.4-150300.13.3.1.x86_64.rpm sed-lang-4.4-150300.13.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1286 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for yast2-users fixes the following issue: - Add a missing require in the auto client (bsc#1219422) yast2-users-4.4.16-150400.3.18.2.src.rpm yast2-users-4.4.16-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1487 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.17.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1316 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ibus-pinyin fixes the following issues: - Make system could respond to Super key to swith input engine after input Chinese in ibus-pinyin (bsc#1220235) - Backporting ffe471c9 from upstream, Use single quote inside SQL to avoid the sqlite latest than 3.41.0's syntax fault during building process. python3. ibus-pinyin-1.5.0-150100.6.3.2.src.rpm ibus-pinyin-1.5.0-150100.6.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1010 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-Bootloader fixes the following issues: - Log grub2-install errors correctly (bsc#1221470) - Update to version 0.947 - Support old grub versions that used /usr/lib (bsc#1218842) - Create EFI boot fallback directory if necessary perl-Bootloader-0.947-150400.3.12.1.src.rpm perl-Bootloader-0.947-150400.3.12.1.x86_64.rpm perl-Bootloader-YAML-0.947-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1325 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: - Update to 550.67 Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 550.67 kernel-firmware-nvidia-gspx-G06-550.67-150400.9.24.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.67-150400.9.24.1.x86_64.rpm nvidia-open-driver-G06-signed-550.67-150400.9.53.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.67-150400.9.53.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.67_k5.14.21_150400.24.111-150400.9.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1372 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clone-master-clean-up fixes the following issues: - Added a check that journald.conf file exists (bsc#1221533) clone-master-clean-up-1.12-150100.3.23.1.noarch.rpm clone-master-clean-up-1.12-150100.3.23.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-984 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. runc-1.1.12-150000.64.1.src.rpm runc-1.1.12-150000.64.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1113 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squid fixes the following issues: - CVE-2024-25617: Fixes denial of service in HTTP header parser (bsc#1219960) - CVE-2024-25111: Fixes Chunked Encoding Stack Overflow (bsc#1216715) squid-5.7-150400.3.26.1.src.rpm squid-5.7-150400.3.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3290 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-netaddr fixes the following issue: New python packages: - python311-netaddr libmodulemd-2.13.0-150400.3.3.3.src.rpm libmodulemd2-2.13.0-150400.3.3.3.x86_64.rpm python-gobject-3.44.1-150400.3.9.2.src.rpm python-netaddr-1.2.1-150400.11.3.2.src.rpm python-pycairo-1.23.0-150400.3.5.1.src.rpm python-six-1.16.0-150400.18.9.1.src.rpm python311-gobject-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-Gdk-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-cairo-3.44.1-150400.3.9.2.x86_64.rpm python311-gobject-devel-3.44.1-150400.3.9.2.x86_64.rpm python311-libmodulemd-2.13.0-150400.3.3.3.x86_64.rpm python311-netaddr-1.2.1-150400.11.3.2.noarch.rpm python311-pycairo-1.23.0-150400.3.5.1.x86_64.rpm python311-pycairo-devel-1.23.0-150400.3.5.1.x86_64.rpm python311-six-1.16.0-150400.18.9.1.noarch.rpm typelib-1_0-Modulemd-2_0-2.13.0-150400.3.3.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1100 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvirt fixes the following issues: - CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815) The following non-security bug was fixed: - Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (bsc#1221749). libvirt-8.0.0-150400.7.11.2.src.rpm libvirt-8.0.0-150400.7.11.2.x86_64.rpm libvirt-client-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-config-network-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-config-nwfilter-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-interface-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-libxl-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-network-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-nodedev-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-nwfilter-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-qemu-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-secret-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-core-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-disk-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-logical-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-hooks-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-qemu-8.0.0-150400.7.11.2.x86_64.rpm libvirt-daemon-xen-8.0.0-150400.7.11.2.x86_64.rpm libvirt-devel-8.0.0-150400.7.11.2.x86_64.rpm libvirt-doc-8.0.0-150400.7.11.2.noarch.rpm libvirt-libs-8.0.0-150400.7.11.2.x86_64.rpm libvirt-lock-sanlock-8.0.0-150400.7.11.2.x86_64.rpm libvirt-nss-8.0.0-150400.7.11.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1006 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). krb5-1.19.2-150400.3.9.1.src.rpm krb5-1.19.2-150400.3.9.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.9.1.x86_64.rpm krb5-client-1.19.2-150400.3.9.1.x86_64.rpm krb5-devel-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-kdb-ldap-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.9.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.9.1.x86_64.rpm krb5-server-1.19.2-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1365 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache-commons-configuration2 fixes the following issues: - CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797). - CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793). apache-commons-configuration2-2.10.1-150200.5.8.1.noarch.rpm apache-commons-configuration2-2.10.1-150200.5.8.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1128 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) wicked-0.6.74-150400.3.16.1.src.rpm wicked-0.6.74-150400.3.16.1.x86_64.rpm wicked-service-0.6.74-150400.3.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1058 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). podman-4.4.4-150400.4.22.1.src.rpm podman-4.4.4-150400.4.22.1.x86_64.rpm podman-cni-config-4.4.4-150400.4.22.1.noarch.rpm podman-docker-4.4.4-150400.4.22.1.noarch.rpm podman-remote-4.4.4-150400.4.22.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1341 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tftp fixes the following issue: - Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520) tftp-5.2-150000.5.6.2.src.rpm tftp-5.2-150000.5.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1344 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) PackageKit-1.2.4-150400.3.15.4.src.rpm True PackageKit-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.2.2.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.2.2.src.rpm True PackageKit-devel-1.2.4-150400.3.15.4.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.15.4.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.15.4.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.15.4.x86_64.rpm True libyui-4.3.7-150400.3.5.4.src.rpm True libyui-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.5.4.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-4.3.7-150400.3.5.4.src.rpm True libyui-qt-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.5.4.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.5.4.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-qt16-4.3.7-150400.3.5.4.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.5.4.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.5.4.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.5.4.x86_64.rpm True libyui16-4.3.7-150400.3.5.4.x86_64.rpm True libzypp-17.32.4-150400.3.61.1.src.rpm True libzypp-17.32.4-150400.3.61.1.x86_64.rpm True libzypp-devel-17.32.4-150400.3.61.1.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.15.4.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.11.4.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.11.4.x86_64.rpm True zypper-1.14.71-150400.3.45.2.src.rpm True zypper-1.14.71-150400.3.45.2.x86_64.rpm True zypper-log-1.14.71-150400.3.45.2.noarch.rpm True zypper-needs-restarting-1.14.71-150400.3.45.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1151 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) curl-8.0.1-150400.5.44.1.src.rpm curl-8.0.1-150400.5.44.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.44.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.44.1.x86_64.rpm libcurl4-8.0.1-150400.5.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1253 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] cpp13-13.2.1+git8285-150000.1.9.1.x86_64.rpm cross-nvptx-gcc13-13.2.1+git8285-150000.1.9.1.src.rpm cross-nvptx-gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm cross-nvptx-newlib13-devel-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-13.2.1+git8285-150000.1.9.1.src.rpm gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-PIE-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-c++-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-c++-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-fortran-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-fortran-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm gcc13-info-13.2.1+git8285-150000.1.9.1.noarch.rpm gcc13-locale-13.2.1+git8285-150000.1.9.1.x86_64.rpm libasan8-13.2.1+git8285-150000.1.9.1.x86_64.rpm libasan8-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libatomic1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libatomic1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgcc_s1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgcc_s1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgfortran5-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgfortran5-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgomp1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libgomp1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libhwasan0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libitm1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libitm1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm liblsan0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libobjc4-13.2.1+git8285-150000.1.9.1.x86_64.rpm libobjc4-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libquadmath0-13.2.1+git8285-150000.1.9.1.x86_64.rpm libquadmath0-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc13-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-devel-gcc13-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-locale-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-pp-13.2.1+git8285-150000.1.9.1.x86_64.rpm libstdc++6-pp-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm libtsan2-13.2.1+git8285-150000.1.9.1.x86_64.rpm libubsan1-13.2.1+git8285-150000.1.9.1.x86_64.rpm libubsan1-32bit-13.2.1+git8285-150000.1.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1345 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: - CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386) - CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385) Other fixes: - Update to Tomcat 9.0.87 * Catalina + Fix: Minor performance improvement for building filter chains. Based on ideas from #702 by Luke Miao. (remm) + Fix: Align error handling for Writer and OutputStream. Ensure use of either once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. (markt) + Fix: 68692: The standard thread pool implementations that are configured using the Executor element now implement ExecutorService for better support NIO2. (remm) + Fix: 68495: When restoring a saved POST request after a successful FORM authentication, ensure that neither the URI, the query string nor the protocol are corrupted when restoring the request body. (markt) + Fix: 68721: Workaround a possible cause of duplicate class definitions when using ClassFileTransformers and the transformation of a class also triggers the loading of the same class. (markt) + Fix: The rewrite valve should not do a rewrite if the output is identical to the input. (remm) + Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to allow skipping over the next valve in the Catalina pipeline. (remm) + Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by removing reference to org.apache.catalina.ssi package that is no longer included in the JAR. Based on pull request #684 by Jendrik Johannes. (markt) + Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences are correctly removed from files containing property values when configured to do so. Bug identified by Coverity Scan. (markt) + Add: Add improvements to the CSRF prevention filter including the ability to skip adding nonces for resource name and subtree URL patterns. (schultz) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: 68089: Further improve the performance of request attribute access for ApplicationHttpRequest and ApplicationRequest. (markt) + Fix: 68559: Allow asynchronous error handling to write to the response after an error during asynchronous processing. (markt) * Coyote + Fix: Improve the HTTP/2 stream prioritisation process. If a stream uses all of the connection windows and still has content to write, it will now be added to the backlog immediately rather than waiting until the write attempt for the remaining content. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once a connection is marked to be closed, further asynchronous processing cannot change that. (markt) + Fix: Make asynchronous error handling more robust. Ensure that once the call to AsyncListener.onError() has returned to the container, only container threads can access the AsyncContext. This protects against various race conditions that woudl otherwise occur if application threads continued to access the AsyncContext. + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. In particular, most of the HTTP/2 debug logging has been changed to trace level. (remm) + Fix: Add support for user provided SSLContext instances configured on SSLHostConfigCertificate instances. Based on pull request #673 provided by Hakan Altındağ. (markt) + Fix: Improve the Tomcat Native shutdown process to reduce the likelihood of a JVM crash during Tomcat shutdown. (markt) + Fix: Partial fix for 68558: Cache the result of converting to String for request URI, HTTP header names and the request Content-Type value to improve performance by reducing repeated byte[] to String conversions. (markt) + Fix: Improve error reporting to HTTP/2 clients for header processing errors by reporting problems at the end of the frame where the error was detected rather than at the end of the headers. (markt) + Fix: Remove the remaining reference to a stream once the stream has been recycled. This makes the stream eligible for garbage collection earlier and thereby improves scalability. (markt) * Jasper + Add: Add support for specifying Java 22 (with the value 22) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will used. (markt) + Fix: 68546: Generate optimal size and types for JSP imports maps, as suggested by John Engebretson. (remm) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) * Cluster + Fix: Avoid updating request count stats on async. (remm) * WebSocket + Fix: Correct a regression in the fix for 66508 that could cause an UpgradeProcessor leak in some circumstances. (markt) + Fix: Review usage of debug logging and downgrade trace or data dumping operations from debug level to trace. (remm) + Fix: Ensure that WebSocket connection closure completes if the connection is closed when the server side has used the proprietary suspend/resume feature to suspend the connection. (markt) * Web applications + Add: Add support for responses in JSON format from the examples application RequestHeaderExample. (schultz) * Other + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Update Checkstyle to 10.13.0. (markt) + Update: Update JSign to 6.0. (markt) + Update: Add strings for debug level messages. (remm) + Update: Update Tomcat Native to 1.3.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) apache-commons-daemon-1.3.4-150200.11.14.1.src.rpm apache-commons-daemon-1.3.4-150200.11.14.1.x86_64.rpm apache-commons-dbcp-2.1.1-150200.10.8.1.noarch.rpm apache-commons-dbcp-2.1.1-150200.10.8.1.src.rpm apache-commons-pool2-2.4.2-150200.11.8.1.noarch.rpm apache-commons-pool2-2.4.2-150200.11.8.1.src.rpm geronimo-annotation-1_0-api-1.2-150200.15.8.1.noarch.rpm geronimo-jms-1_1-api-1.2-150200.15.8.1.noarch.rpm geronimo-jta-1_1-api-1.2-150200.15.8.1.noarch.rpm geronimo-specs-1.2-150200.15.8.1.src.rpm geronimo-stax-1_0-api-1.2-150200.15.8.1.noarch.rpm jakarta-taglibs-standard-1.1.1-150000.4.10.1.noarch.rpm jakarta-taglibs-standard-1.1.1-150000.4.10.1.src.rpm tomcat-9.0.87-150200.65.1.noarch.rpm tomcat-9.0.87-150200.65.1.src.rpm tomcat-admin-webapps-9.0.87-150200.65.1.noarch.rpm tomcat-el-3_0-api-9.0.87-150200.65.1.noarch.rpm tomcat-jsp-2_3-api-9.0.87-150200.65.1.noarch.rpm tomcat-lib-9.0.87-150200.65.1.noarch.rpm tomcat-servlet-4_0-api-9.0.87-150200.65.1.noarch.rpm tomcat-webapps-9.0.87-150200.65.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1315 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orarun fixes the following issue: - Fix checking for running agent during shutdown (bsc#1219103) orarun-2.1-150400.22.9.2.src.rpm orarun-2.1-150400.22.9.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1370 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for autofs fixes the following issue: - Don't use initgroups at spawn (bsc#1214710, bsc#1221181) autofs-5.1.3-150000.7.17.2.src.rpm autofs-5.1.3-150000.7.17.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1079 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). netty-tcnative-2.0.65-150200.3.19.1.src.rpm netty-tcnative-2.0.65-150200.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1169 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) libblkid-devel-2.37.2-150400.8.29.1.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.29.1.x86_64.rpm libblkid1-2.37.2-150400.8.29.1.x86_64.rpm libfdisk-devel-2.37.2-150400.8.29.1.x86_64.rpm libfdisk1-2.37.2-150400.8.29.1.x86_64.rpm libmount-devel-2.37.2-150400.8.29.1.x86_64.rpm libmount1-2.37.2-150400.8.29.1.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.29.1.x86_64.rpm libsmartcols1-2.37.2-150400.8.29.1.x86_64.rpm libuuid-devel-2.37.2-150400.8.29.1.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.29.1.x86_64.rpm libuuid1-2.37.2-150400.8.29.1.x86_64.rpm util-linux-2.37.2-150400.8.29.1.src.rpm util-linux-2.37.2-150400.8.29.1.x86_64.rpm util-linux-lang-2.37.2-150400.8.29.1.noarch.rpm util-linux-systemd-2.37.2-150400.8.29.1.src.rpm util-linux-systemd-2.37.2-150400.8.29.1.x86_64.rpm uuidd-2.37.2-150400.8.29.1.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.29.1.x86_64.rpm libmount1-32bit-2.37.2-150400.8.29.1.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1393 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libserf fixes the following issue: - Fix build with openSSL 3 (bsc#1221211) libserf-1-1-1.3.9-150000.4.3.2.x86_64.rpm libserf-1.3.9-150000.4.3.2.src.rpm libserf-devel-1.3.9-150000.4.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1671 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-vm-tools fixes the following issues: - Remove protobuf less than v22 dependency from spec file (bsc#1217478) - Use for updating open-vm-tools to new version (bsc#1222089) - There are no new features in the current open-vm-tools release This is primarily a maintenance release that addresses a few critical problems - Use %patch -P N instead of deprecated %patchN - Own %{_modulesloaddir}: used to be present via udev-mini - kmod - suse-module-tools dependency before - Fix outdated libxmlsec1 dependency version Updates to open-vm-tools for SLES 12 SP4 and SP5 are now being built againt against libxmlsec1-1-1.2.37. Update the spec file to now require libxmlsec1-openssl1 v1.2.37 or above. (bsc#1217796) - limit to protobuf less than v22 for now until build failures have been fixed pam-vmtoolsd patch as instructed by vmware (bsc#1171003). This should fix both (bsc#1171003) and (bsc#1172693) - Update vmtoolsd.service to support cloud-init customization by default (bsc#994598) - Enable vgauth for openSUSE Leap 42.1 (bsc#952645) - Extensive rewrite of the spec file - rename vmware-KMP to vmware-guest-KMP for easier identification libvmtools-devel-12.4.0-150300.49.11.x86_64.rpm libvmtools0-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-12.4.0-150300.49.11.src.rpm open-vm-tools-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-containerinfo-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-desktop-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-salt-minion-12.4.0-150300.49.11.x86_64.rpm open-vm-tools-sdmp-12.4.0-150300.49.11.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1192 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). less-590-150400.3.6.2.src.rpm less-590-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1342 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for unixODBC, libtool and libssh2_org fixes the following issue: - Ship 2 additional 32bit packages: unixODBC-32bit and libssh2-1-32bit for SLES (bsc#1221941). - Fix an issue with Encrypt-then-MAC family. (bsc#1221622) libltdl7-2.4.6-150000.3.6.2.x86_64.rpm libltdl7-32bit-2.4.6-150000.3.6.2.x86_64.rpm libodbc2-2.3.9-150400.16.5.3.x86_64.rpm libodbc2-32bit-2.3.9-150400.16.5.3.x86_64.rpm libssh2-1-1.11.0-150000.4.29.1.x86_64.rpm libssh2-1-32bit-1.11.0-150000.4.29.1.x86_64.rpm libssh2_org-1.11.0-150000.4.29.1.src.rpm libtool-2.4.6-150000.3.6.2.src.rpm libtool-2.4.6-150000.3.6.2.x86_64.rpm libtool-32bit-2.4.6-150000.3.6.2.x86_64.rpm unixODBC-2.3.9-150400.16.5.3.src.rpm unixODBC-2.3.9-150400.16.5.3.x86_64.rpm unixODBC-32bit-2.3.9-150400.16.5.3.x86_64.rpm unixODBC-devel-2.3.9-150400.16.5.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1162 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - CVE-2024-0450: Fixed "quoted-overlap" in zipfile module is python310 (bsc#1221854) - CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 (bsc#1219559) - CVE-2023-6597: Fixed tempfile.TemporaryDirectory fails on removing dir in some edge cases related to symlinks in python310 (bsc#1219666) Other changes: - Revert %autopatch due to missing parameter support (bsc#1189495) - Extended crypto-policies support (bsc#1211301) libpython3_10-1_0-3.10.14-150400.4.45.1.x86_64.rpm python310-3.10.14-150400.4.45.1.src.rpm python310-3.10.14-150400.4.45.1.x86_64.rpm python310-base-3.10.14-150400.4.45.1.x86_64.rpm python310-core-3.10.14-150400.4.45.1.src.rpm python310-curses-3.10.14-150400.4.45.1.x86_64.rpm python310-dbm-3.10.14-150400.4.45.1.x86_64.rpm python310-devel-3.10.14-150400.4.45.1.x86_64.rpm python310-idle-3.10.14-150400.4.45.1.x86_64.rpm python310-tk-3.10.14-150400.4.45.1.x86_64.rpm python310-tools-3.10.14-150400.4.45.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2666 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for trousers fixes the following issue: - fix runtime requirements for stat and udevadm (bsc#1221770) On minimal systems this can cause some scriptlets to fail because of missing tools. libtspi1-0.3.15-150400.3.3.19.x86_64.rpm trousers-0.3.15-150400.3.3.19.src.rpm trousers-0.3.15-150400.3.3.19.x86_64.rpm trousers-devel-0.3.15-150400.3.3.19.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1167 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) libnghttp2-14-1.40.0-150200.17.1.x86_64.rpm libnghttp2-14-32bit-1.40.0-150200.17.1.x86_64.rpm libnghttp2-devel-1.40.0-150200.17.1.x86_64.rpm libnghttp2_asio-devel-1.40.0-150200.17.1.x86_64.rpm libnghttp2_asio1-1.40.0-150200.17.1.x86_64.rpm nghttp2-1.40.0-150200.17.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1206 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: - remove imaevmsign plugin from rpm-ndb [bsc#1222259] python-rpm-4.14.3-150400.59.13.1.src.rpm python3-rpm-4.14.3-150400.59.13.1.x86_64.rpm python311-rpm-4.14.3-150400.59.13.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.13.1.x86_64.rpm rpm-4.14.3-150400.59.13.1.src.rpm rpm-4.14.3-150400.59.13.1.x86_64.rpm rpm-build-4.14.3-150400.59.13.1.x86_64.rpm rpm-devel-4.14.3-150400.59.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1122 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400) Other changes: - go minor release upgrade to 1.21.9 (bsc#1212475) go1.21-1.21.9-150000.1.30.1.src.rpm go1.21-1.21.9-150000.1.30.1.x86_64.rpm go1.21-doc-1.21.9-150000.1.30.1.x86_64.rpm go1.21-race-1.21.9-150000.1.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1258 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Pillow fixes the following issues: - CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262) Other fixes: - Re-enabled build tests for s390x and ppc (bsc#1222553) python-Pillow-9.5.0-150400.5.15.1.src.rpm python311-Pillow-9.5.0-150400.5.15.1.x86_64.rpm python311-Pillow-tk-9.5.0-150400.5.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1260 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xorg-x11-server fixes the following issues: - CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length (bsc#1222309). - CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply (bsc#1222310). - CVE-2024-31082: Fixed ProcAppleDRICreatePixmap to use unswapped length to send reply (bsc#1222311). - CVE-2024-31083: Fixed refcounting of glyphs during ProcRenderAddGlyphs (bsc#1222312). Other fixes: - Fixed regression for security fix for CVE-2024-31083 when using Android Studio (bnc#1222442) xorg-x11-server-1.20.3-150400.38.48.1.src.rpm xorg-x11-server-1.20.3-150400.38.48.1.x86_64.rpm xorg-x11-server-extra-1.20.3-150400.38.48.1.x86_64.rpm xorg-x11-server-sdk-1.20.3-150400.38.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1398 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific "feature" has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones systemd-default-settings-0.10-150300.3.7.1.noarch.rpm systemd-default-settings-0.10-150300.3.7.1.src.rpm systemd-default-settings-branding-SLE-0.10-150300.3.7.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1412 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-fonts fixes the following issues: - Added google-noto-sans-symbols-fonts and google-noto-sans-symbols2-fonts to default installation, to enable terminal display special characters (bsc#1219553) patterns-fonts-20190130-150100.3.3.1.src.rpm patterns-fonts-fonts-20190130-150100.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1321 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920). - CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022). - CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048). - CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938). - CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251). - CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898). - CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927). - CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843). - CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833). - CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320). - CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836). - CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885). - CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839). - CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055). - CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012). - CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840). - CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366). - CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989). - CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990). - CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478). - CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981). - CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551). - CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986). - CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959). - CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439). - CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009). - CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466). - CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443). - CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978). - CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599). - CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878). - CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879). - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926). - CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). The following non-security bugs were fixed: - doc/README.SUSE: Update information about module support status (jsc#PED-5759) - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). kernel-default-5.14.21-150400.24.116.1.nosrc.rpm True kernel-default-5.14.21-150400.24.116.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.116.1.150400.24.54.5.src.rpm True kernel-default-base-5.14.21-150400.24.116.1.150400.24.54.5.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.116.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.116.1.noarch.rpm True kernel-docs-5.14.21-150400.24.116.1.noarch.rpm True kernel-docs-5.14.21-150400.24.116.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.116.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.116.1.src.rpm True kernel-obs-build-5.14.21-150400.24.116.1.x86_64.rpm True kernel-source-5.14.21-150400.24.116.1.noarch.rpm True kernel-source-5.14.21-150400.24.116.1.src.rpm True kernel-syms-5.14.21-150400.24.116.1.src.rpm True kernel-syms-5.14.21-150400.24.116.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.116.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1279 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issue: - Fix syslog making default "ident" from sys.argv (bsc#1222109) libpython3_6m1_0-3.6.15-150300.10.60.1.x86_64.rpm python3-3.6.15-150300.10.60.1.src.rpm python3-3.6.15-150300.10.60.1.x86_64.rpm python3-base-3.6.15-150300.10.60.1.x86_64.rpm python3-core-3.6.15-150300.10.60.1.src.rpm python3-curses-3.6.15-150300.10.60.1.x86_64.rpm python3-dbm-3.6.15-150300.10.60.1.x86_64.rpm python3-devel-3.6.15-150300.10.60.1.x86_64.rpm python3-idle-3.6.15-150300.10.60.1.x86_64.rpm python3-tk-3.6.15-150300.10.60.1.x86_64.rpm python3-tools-3.6.15-150300.10.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1327 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pcp fixes the following issue: - Adding fix for redis server backend exposure (bsc#1222121) libpcp-devel-5.2.5-150400.5.6.3.x86_64.rpm libpcp3-5.2.5-150400.5.6.3.x86_64.rpm libpcp_gui2-5.2.5-150400.5.6.3.x86_64.rpm libpcp_import1-5.2.5-150400.5.6.3.x86_64.rpm libpcp_mmv1-5.2.5-150400.5.6.3.x86_64.rpm libpcp_trace2-5.2.5-150400.5.6.3.x86_64.rpm libpcp_web1-5.2.5-150400.5.6.3.x86_64.rpm pcp-5.2.5-150400.5.6.3.src.rpm pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-conf-5.2.5-150400.5.6.3.x86_64.rpm pcp-devel-5.2.5-150400.5.6.3.x86_64.rpm pcp-doc-5.2.5-150400.5.6.3.noarch.rpm pcp-import-iostat2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-import-mrtg2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-import-sar2pcp-5.2.5-150400.5.6.3.x86_64.rpm pcp-system-tools-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-LogImport-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-LogSummary-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-MMV-5.2.5-150400.5.6.3.x86_64.rpm perl-PCP-PMDA-5.2.5-150400.5.6.3.x86_64.rpm python3-pcp-5.2.5-150400.5.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1270 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010). - CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010). - CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010). - CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010). - CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010). - CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010). Other fixes: - Update to version 2.44.0 (bsc#1222010): + Make the DOM accessibility tree reachable from UI process with GTK4. + Removed the X11 and WPE renderers in favor of DMA-BUF. + Improved vblank synchronization when rendering. + Removed key event reinjection in GTK4 to make keyboard shortcuts work in web sites. + Fix gamepads detection by correctly handling focused window in GTK4. WebKitGTK-4.0-lang-2.44.0-150400.4.78.1.noarch.rpm WebKitGTK-4.1-lang-2.44.0-150400.4.78.1.noarch.rpm WebKitGTK-6.0-lang-2.44.0-150400.4.78.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.0-150400.4.78.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.0-150400.4.78.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.0-150400.4.78.1.x86_64.rpm libwebkit2gtk-4_0-37-2.44.0-150400.4.78.1.x86_64.rpm libwebkit2gtk-4_1-0-2.44.0-150400.4.78.1.x86_64.rpm libwebkitgtk-6_0-4-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.0-150400.4.78.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk3-2.44.0-150400.4.78.1.src.rpm webkit2gtk3-devel-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk3-soup2-2.44.0-150400.4.78.1.src.rpm webkit2gtk3-soup2-devel-2.44.0-150400.4.78.1.x86_64.rpm webkit2gtk4-2.44.0-150400.4.78.1.src.rpm webkitgtk-6_0-injected-bundles-2.44.0-150400.4.78.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1271 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) gnutls-3.7.3-150400.4.44.1.src.rpm gnutls-3.7.3-150400.4.44.1.x86_64.rpm libgnutls-devel-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-32bit-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-hmac-3.7.3-150400.4.44.1.x86_64.rpm libgnutls30-hmac-32bit-3.7.3-150400.4.44.1.x86_64.rpm libgnutlsxx-devel-3.7.3-150400.4.44.1.x86_64.rpm libgnutlsxx28-3.7.3-150400.4.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1448 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-M2Crypto fixes the following issue: - Build for modern python stack - Adds python311-M2Crypto python-M2Crypto-0.40.0-150400.3.9.1.src.rpm python-M2Crypto-doc-0.40.0-150400.3.9.1.noarch.rpm python311-M2Crypto-0.40.0-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1337 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) wicked-0.6.74-150400.3.19.1.src.rpm wicked-0.6.74-150400.3.19.1.x86_64.rpm wicked-service-0.6.74-150400.3.19.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1366 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with "signature unverified: incorrect signature" by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). openssh-8.4p1-150300.3.37.1.src.rpm openssh-8.4p1-150300.3.37.1.x86_64.rpm openssh-askpass-gnome-8.4p1-150300.3.37.1.src.rpm openssh-askpass-gnome-8.4p1-150300.3.37.1.x86_64.rpm openssh-clients-8.4p1-150300.3.37.1.x86_64.rpm openssh-common-8.4p1-150300.3.37.1.x86_64.rpm openssh-fips-8.4p1-150300.3.37.1.x86_64.rpm openssh-helpers-8.4p1-150300.3.37.1.x86_64.rpm openssh-server-8.4p1-150300.3.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1340 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pgadmin4 fixes the following issues: - CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user (bsc#1221172) pgadmin4-4.30-150300.3.12.1.src.rpm pgadmin4-4.30-150300.3.12.1.x86_64.rpm pgadmin4-doc-4.30-150300.3.12.1.noarch.rpm pgadmin4-web-4.30-150300.3.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1434 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. systemd-presets-common-SUSE-15-150100.8.23.1.noarch.rpm systemd-presets-common-SUSE-15-150100.8.23.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053) nodejs18-18.20.1-150400.9.21.3.src.rpm nodejs18-18.20.1-150400.9.21.3.x86_64.rpm nodejs18-devel-18.20.1-150400.9.21.3.x86_64.rpm nodejs18-docs-18.20.1-150400.9.21.3.noarch.rpm npm18-18.20.1-150400.9.21.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1350 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.10.0 ESR (MSFA 2024-19) (bsc#1222535): - CVE-2024-3852: GetBoundName in the JIT returned the wrong object - CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement - CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection - CVE-2024-2609: Permission prompt input delay could expire when not in focus - CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer - CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move - CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows - CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames - CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 MozillaFirefox-115.10.0-150200.152.134.1.src.rpm MozillaFirefox-115.10.0-150200.152.134.1.x86_64.rpm MozillaFirefox-devel-115.10.0-150200.152.134.1.noarch.rpm MozillaFirefox-translations-common-115.10.0-150200.152.134.1.x86_64.rpm MozillaFirefox-translations-other-115.10.0-150200.152.134.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1308 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) nodejs16-16.20.2-150400.3.33.1.src.rpm nodejs16-16.20.2-150400.3.33.1.x86_64.rpm nodejs16-devel-16.20.2-150400.3.33.1.x86_64.rpm nodejs16-docs-16.20.2-150400.3.33.1.noarch.rpm npm16-16.20.2-150400.3.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1392 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sapconf, saptune and sysctl-logger fixes the following issues: sapconf, saptune: - Added requirement for package `sysctl-logger` for SUSE Linux Enterprise 15 Service Pack 4 and Service Pack 5 (jsc#PED-6220, jsc#PED-6221) sysctl-logger: - New implementation at version v0.0.6, needed as required dependency for `sapconf` and `saptune` (jsc#PED-6220) sapconf-5.0.7-150400.16.4.1.noarch.rpm sapconf-5.0.7-150400.16.4.1.src.rpm sysctl-logger-0.0.6-150400.9.3.2.src.rpm sysctl-logger-0.0.6-150400.9.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1429 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ca-certificates-2+git20240416.98ae794-150300.4.3.3.noarch.rpm ca-certificates-2+git20240416.98ae794-150300.4.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1849 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for desktop-data-SLE fixes the following issue: - Fix typo in the desktop files for some of the wallpapers (bsc#1222146) desktop-data-SLE-15-150000.4.3.11.noarch.rpm desktop-data-SLE-15-150000.4.3.11.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1443 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - Fixed issue with emacs-info (bsc#1221769) emacs-27.2-150400.3.14.1.src.rpm emacs-27.2-150400.3.14.1.x86_64.rpm emacs-el-27.2-150400.3.14.1.noarch.rpm emacs-info-27.2-150400.3.14.1.noarch.rpm emacs-nox-27.2-150400.3.14.1.x86_64.rpm emacs-x11-27.2-150400.3.14.1.x86_64.rpm etags-27.2-150400.3.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1531 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter fixes the following issues: - update to 1.7.0 (jsc#PED-7893, jsc#PED-7928): * [FEATURE] Add ZFS freebsd per dataset stats #2753 * [FEATURE] Add cpu vulnerabilities reporting from sysfs #2721 * [ENHANCEMENT] Parallelize stat calls in Linux filesystem collector #1772 * [ENHANCEMENT] Add missing linkspeeds to ethtool collector #2711 * [ENHANCEMENT] Add CPU MHz as the value for node_cpu_info metric #2778 * [ENHANCEMENT] Improve qdisc collector performance #2779 * [ENHANCEMENT] Add include and exclude filter for hwmon collector #2699 * [ENHANCEMENT] Optionally fetch ARP stats via rtnetlink instead of procfs #2777 * [BUFFIX] Fix ZFS arcstats on FreeBSD 14.0+ 2754 * [BUGFIX] Fallback to 32-bit stats in netdev #2757 * [BUGFIX] Close btrfs.FS handle after use #2780 * [BUGFIX] Move RO status before error return #2807 * [BUFFIX] Fix promhttp_metric_handler_errors_total being always active #2808 * [BUGFIX] Fix nfsd v4 index miss #2824 - update to 1.6.1: (no source code changes in this release) - BuildRequire go1.20 - update to 1.6.0: * [CHANGE] Fix cpustat when some cpus are offline #2318 * [CHANGE] Remove metrics of offline CPUs in CPU collector #2605 * [CHANGE] Deprecate ntp collector #2603 * [CHANGE] Remove bcache `cache_readaheads_totals` metrics #2583 * [CHANGE] Deprecate supervisord collector #2685 * [FEATURE] Enable uname collector on NetBSD #2559 * [FEATURE] NetBSD support for the meminfo collector #2570 * [FEATURE] NetBSD support for CPU collector #2626 * [FEATURE] Add FreeBSD collector for netisr subsystem #2668 * [FEATURE] Add softirqs collector #2669 * [ENHANCEMENT] Add suspended as a `node_zfs_zpool_state` #2449 * [ENHANCEMENT] Add administrative state of Linux network interfaces #2515 * [ENHANCEMENT] Log current value of GOMAXPROCS #2537 * [ENHANCEMENT] Add profiler options for perf collector #2542 * [ENHANCEMENT] Allow root path as metrics path #2590 * [ENHANCEMENT] Add cpu frequency governor metrics #2569 * [ENHANCEMENT] Add new landing page #2622 * [ENHANCEMENT] Reduce privileges needed for btrfs device stats #2634 * [ENHANCEMENT] Add ZFS `memory_available_bytes` #2687 * [ENHANCEMENT] Use `SCSI_IDENT_SERIAL` as serial in diskstats #2612 * [ENHANCEMENT] Read missing from netlink netclass attributes from sysfs #2669 * [BUGFIX] perf: fixes for automatically detecting the correct tracefs mountpoints #2553 * [BUGFIX] Fix `thermal_zone` collector noise @2554 * [BUGFIX] Fix a problem fetching the user wire count on FreeBSD 2584 * [BUGFIX] interrupts: Fix fields on linux aarch64 #2631 * [BUGFIX] Remove metrics of offline CPUs in CPU collector #2605 * [BUGFIX] Fix OpenBSD filesystem collector string parsing #2637 * [BUGFIX] Fix bad reporting of `node_cpu_seconds_total` in OpenBSD #2663 - change go_modules archive in _service to use obscpio file golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1.src.rpm golang-github-prometheus-node_exporter-1.7.0-150100.3.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1347 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wireshark fixes the following issues: Security fixes: - CVE-2024-24476: Fixed a denial of service in ws_manuf_lookup_str() (bsc#1220181) Other fixes: - Wireshark 3.6.22: - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-3.6.22.html libwireshark15-3.6.22-150000.3.112.1.x86_64.rpm libwiretap12-3.6.22-150000.3.112.1.x86_64.rpm libwsutil13-3.6.22-150000.3.112.1.x86_64.rpm wireshark-3.6.22-150000.3.112.1.src.rpm wireshark-3.6.22-150000.3.112.1.x86_64.rpm wireshark-devel-3.6.22-150000.3.112.1.x86_64.rpm wireshark-ui-qt-3.6.22-150000.3.112.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1848 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps supportutils-3.1.30-150300.7.35.30.1.noarch.rpm supportutils-3.1.30-150300.7.35.30.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1528 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Convert oscap output to UTF-8 - Make Salt compatible with Python 3.11 - Ignore non-ascii chars in oscap output (bsc#1219001) - Fix detected issues in Salt tests when running on VMs - Make importing seco.range thread safe (bsc#1211649) - Fix problematic tests and allow smooth tests executions on containers - Discover Ansible playbook files as "*.yml" or "*.yaml" files (bsc#1211888) - Provide user(salt)/group(salt) capabilities for RPM 4.19 - Extend dependencies for python3-salt-testsuiteand python3-salt packages - Improve Salt and testsuite packages multibuild - Enable multibuilld and create test flavor - Prevent exceptions with fileserver.update when called via state (bsc#1218482) - Improve pip target override condition with VENV_PIP_TARGET environment variable (bsc#1216850) - Fixed KeyError in logs when running a state that fails python3-salt-3006.0-150400.8.57.2.x86_64.rpm True salt-3006.0-150400.8.57.2.src.rpm True salt-3006.0-150400.8.57.2.x86_64.rpm True salt-api-3006.0-150400.8.57.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.57.2.noarch.rpm True salt-cloud-3006.0-150400.8.57.2.x86_64.rpm True salt-doc-3006.0-150400.8.57.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.57.2.noarch.rpm True salt-master-3006.0-150400.8.57.2.x86_64.rpm True salt-minion-3006.0-150400.8.57.2.x86_64.rpm True salt-proxy-3006.0-150400.8.57.2.x86_64.rpm True salt-ssh-3006.0-150400.8.57.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.57.2.x86_64.rpm True salt-syndic-3006.0-150400.8.57.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.57.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.57.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1436 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - update firmware to version 550.76 (bsc#1222972) Changes in nvidia-open-driver-G06-signed: - Update to 550.76 (bsc#1222972) kernel-firmware-nvidia-gspx-G06-550.76-150400.9.27.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.76-150400.9.27.1.x86_64.rpm nvidia-open-driver-G06-signed-550.76-150400.9.56.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.76-150400.9.56.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.76_k5.14.21_150400.24.116-150400.9.56.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1394 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qemu fixes the following issues: - CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269) - CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889) - CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134) - CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843) - CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845) qemu-6.2.0-150400.37.29.1.src.rpm qemu-6.2.0-150400.37.29.1.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-alsa-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-pa-6.2.0-150400.37.29.1.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-curl-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-iscsi-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-rbd-6.2.0-150400.37.29.1.x86_64.rpm qemu-block-ssh-6.2.0-150400.37.29.1.x86_64.rpm qemu-chardev-baum-6.2.0-150400.37.29.1.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.29.1.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-usb-host-6.2.0-150400.37.29.1.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.29.1.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.29.1.noarch.rpm qemu-ksm-6.2.0-150400.37.29.1.x86_64.rpm qemu-kvm-6.2.0-150400.37.29.1.x86_64.rpm qemu-lang-6.2.0-150400.37.29.1.x86_64.rpm qemu-tools-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-curses-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-gtk-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-spice-app-6.2.0-150400.37.29.1.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.29.1.x86_64.rpm qemu-x86-6.2.0-150400.37.29.1.x86_64.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.29.1.noarch.rpm qemu-sgabios-8-150400.37.29.1.noarch.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.29.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1375 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) glibc-2.31-150300.74.1.src.rpm glibc-2.31-150300.74.1.x86_64.rpm glibc-devel-2.31-150300.74.1.x86_64.rpm glibc-devel-static-2.31-150300.74.1.x86_64.rpm glibc-extra-2.31-150300.74.1.x86_64.rpm glibc-i18ndata-2.31-150300.74.1.noarch.rpm glibc-info-2.31-150300.74.1.noarch.rpm glibc-lang-2.31-150300.74.1.noarch.rpm glibc-locale-2.31-150300.74.1.x86_64.rpm glibc-locale-base-2.31-150300.74.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.74.1.x86_64.rpm glibc-profile-2.31-150300.74.1.x86_64.rpm glibc-utils-2.31-150300.74.1.x86_64.rpm glibc-utils-src-2.31-150300.74.1.src.rpm nscd-2.31-150300.74.1.x86_64.rpm glibc-32bit-2.31-150300.74.1.x86_64.rpm glibc-devel-32bit-2.31-150300.74.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1440 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling (bsc#1222950) python-gunicorn-20.1.0-150400.12.6.1.src.rpm python311-gunicorn-20.1.0-150400.12.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1498 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use "@run driver" + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - "'snprintf': identifier not found" + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in "process reaper" thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to "FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()" + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: "Dumping core ..." is shown despite claiming that "# No core dump will be written." + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8" + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with "AssertionError: All pixels are not black" + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with "isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN" + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with "List wasn't garbage collected" + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias "all" for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) java-11-openjdk-11.0.23.0-150000.3.113.1.src.rpm java-11-openjdk-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-demo-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-devel-11.0.23.0-150000.3.113.1.x86_64.rpm java-11-openjdk-headless-11.0.23.0-150000.3.113.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1499 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with "Expected two batches of Active Setting events" + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only" + JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails "assert(event->should_commit()) failed: invariant" from compiled frame" + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with "can't seal package nu.xom" + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: "control input must dominate current control" assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias "all" for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). java-17-openjdk-17.0.11.0-150400.3.42.1.src.rpm java-17-openjdk-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-demo-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-devel-17.0.11.0-150400.3.42.1.x86_64.rpm java-17-openjdk-headless-17.0.11.0-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1471 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp fixes the following issues: - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) libzypp-17.32.5-150400.3.64.1.src.rpm True libzypp-17.32.5-150400.3.64.1.x86_64.rpm True libzypp-devel-17.32.5-150400.3.64.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1472 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for squidGuard fixes the following issues: - Add libyui to SUMA Server 4.3 (bsc#1223146) libyui-4.3.7-150400.3.7.1.src.rpm libyui-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-pkg-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-pkg-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-pkg16-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-ncurses-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses-tools-4.3.7-150400.3.7.1.x86_64.rpm libyui-ncurses16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-4.3.7-150400.3.7.1.src.rpm libyui-qt-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-graph-4.3.7-150400.3.7.1.src.rpm libyui-qt-graph-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-graph16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-pkg-4.3.7-150400.3.7.1.src.rpm libyui-qt-pkg-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-pkg16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-qt-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui-qt16-4.3.7-150400.3.7.1.x86_64.rpm libyui-rest-api-4.3.7-150400.3.7.1.src.rpm libyui-rest-api-devel-4.3.7-150400.3.7.1.x86_64.rpm libyui-rest-api16-4.3.7-150400.3.7.1.x86_64.rpm libyui16-4.3.7-150400.3.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1464 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jasper fixes the following issues: - CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155). jasper-2.0.14-150000.3.34.1.src.rpm libjasper-devel-2.0.14-150000.3.34.1.x86_64.rpm libjasper4-2.0.14-150000.3.34.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1451 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with "Exceeded _node_regs array" (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to version jdk8u412 (icedtea-3.31.0) (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Import of OpenJDK 8 u412 build 08 + JDK-8011180: Delete obsolete scripts + JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build + JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios + JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X + JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows + JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) + JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache + JDK-8168518: rcache interop with krb5-1.15 + JDK-8183503: Update hotspot tests to allow for unique test classes directory + JDK-8186095: upgrade to jtreg 4.2 b08 + JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH + JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails + JDK-8208655: use JTreg skipped status in hotspot tests + JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 + JDK-8208706: compiler/tiered/ /ConstantGettersTransitionsTest.java fails to compile + JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system + JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + JDK-8224768: Test ActalisCA.java fails + JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits + JDK-8251551: Use .md filename extension for README + JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired + JDK-8270280: security/infra/java/security/cert/ /CertPathValidator/certification/LetsEncryptCA.java OCSP response error + JDK-8270517: Add Zero support for LoongArch + JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/ /security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled + JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test + JDK-8288132: Update test artifacts in QuoVadis CA interop tests + JDK-8297955: LDAP CertStore should use LdapName and not String for DNs + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8308592: Framework for CA interoperability testing + JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set + JDK-8320713: Bump update version of OpenJDK: 8u412 + JDK-8321060: [8u] hotspot needs to recognise VS2022 + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test "api/java_awt/interactive/ /SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + JDK-8323202: [8u] Remove get_source.sh and hgforest.sh + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324530: Build error with gcc 10 + JDK-8325150: (tz) Update Timezone Data to 2024a * Bug fixes + Support make 4.4 - Do not recommend timezone-java8 (bsc#1213470) - Use %patch -P N instead of deprecated %patchN. java-1_8_0-openjdk-1.8.0.412-150000.3.91.1.src.rpm java-1_8_0-openjdk-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.412-150000.3.91.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.412-150000.3.91.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1481 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Support bzip2 compressed repositories (bsc#1222122) - Remove automatic backup generation for repodata within repository - Add support for Debian repositories using flat or nested structures (jsc#PED-3684) rmt-server-2.16-150400.3.21.1.src.rpm rmt-server-2.16-150400.3.21.1.x86_64.rpm rmt-server-config-2.16-150400.3.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1470 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070) - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235) - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272) ffmpeg-4-4.4-150400.3.24.1.src.rpm libavcodec58_134-4.4-150400.3.24.1.x86_64.rpm libavformat58_76-4.4-150400.3.24.1.x86_64.rpm libavutil56_70-4.4-150400.3.24.1.x86_64.rpm libpostproc55_9-4.4-150400.3.24.1.x86_64.rpm libswresample3_9-4.4-150400.3.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1441 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for liblouis fixes the following issues: - Add s390x-support patch to fix issues with python bindings on big endian machines (gh#liblouis/liblouis#1552, bsc#1198348) - Run python tests in %check liblouis-3.20.0-150400.3.16.3.src.rpm liblouis-data-3.20.0-150400.3.16.3.noarch.rpm liblouis-devel-3.20.0-150400.3.16.3.x86_64.rpm liblouis20-3.20.0-150400.3.16.3.x86_64.rpm python3-louis-3.20.0-150400.3.16.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1474 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Fix occasional stuck on poll() loop (bsc#1217119) cups-2.2.7-150000.3.54.1.src.rpm cups-2.2.7-150000.3.54.1.x86_64.rpm cups-client-2.2.7-150000.3.54.1.x86_64.rpm cups-config-2.2.7-150000.3.54.1.x86_64.rpm cups-ddk-2.2.7-150000.3.54.1.x86_64.rpm cups-devel-2.2.7-150000.3.54.1.x86_64.rpm libcups2-2.2.7-150000.3.54.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.54.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.54.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.54.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.54.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3295 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gstreamer-plugins-bad fixes the following issues: - Dropped support for libmfx to fix the following CVEs: * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) gstreamer-plugins-bad-1.20.1-150400.3.23.2.src.rpm gstreamer-plugins-bad-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-devel-1.20.1-150400.3.23.2.x86_64.rpm gstreamer-plugins-bad-lang-1.20.1-150400.3.23.2.noarch.rpm libgstadaptivedemux-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstbadaudio-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstcodecparsers-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstcodecs-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstinsertbin-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstisoff-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstmpegts-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstphotography-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstplay-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstplayer-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstsctp-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgsturidownloader-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstva-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstvulkan-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstwayland-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm libgstwebrtc-1_0-0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstPlay-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.23.2.x86_64.rpm typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.23.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1473 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issues: - Fix printing only one copy of a postscript file instead of multiple (bsc#1211401, bsc#1173345) cups-filters-1.25.0-150200.3.9.1.src.rpm cups-filters-1.25.0-150200.3.9.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1467 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tracker fixes the following issue: - Initialize FTS tokenizer earlier to fix regressions with sqlite (bsc#1222949) libtracker-sparql-3_0-0-3.2.1-150400.3.6.2.x86_64.rpm tracker-3.2.1-150400.3.6.2.src.rpm tracker-data-files-3.2.1-150400.3.6.2.x86_64.rpm tracker-devel-3.2.1-150400.3.6.2.x86_64.rpm typelib-1_0-Tracker-3_0-3.2.1-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1475 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2024-31948: Fixed denial of service due to malformed Prefix SID attribute in BGP Update packet (bsc#1222518) frr-7.4-150300.4.23.1.src.rpm frr-7.4-150300.4.23.1.x86_64.rpm frr-devel-7.4-150300.4.23.1.x86_64.rpm libfrr0-7.4-150300.4.23.1.x86_64.rpm libfrr_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrcares0-7.4-150300.4.23.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.23.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.23.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.23.1.x86_64.rpm libfrrzmq0-7.4-150300.4.23.1.x86_64.rpm libmlag_pb0-7.4-150300.4.23.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1503 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdb fixes the following issues: - Fix crashing by handling varstring==nullptr (bsc#1222188) gdb-13.2-150400.15.17.1.src.rpm gdb-13.2-150400.15.17.1.x86_64.rpm gdbserver-13.2-150400.15.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1778 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) systemd-presets-branding-SLE-15.1-150100.20.14.1.noarch.rpm systemd-presets-branding-SLE-15.1-150100.20.14.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2801 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 RETRACTED: This update for docker fixes the following issues: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-25.0.6_ce-150000.203.1.src.rpm docker-25.0.6_ce-150000.203.1.x86_64.rpm docker-bash-completion-25.0.6_ce-150000.203.1.noarch.rpm docker-rootless-extras-25.0.6_ce-150000.203.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1535 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for flatpak fixes the following issues: - CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization (bsc#1223110) flatpak-1.12.8-150400.3.6.1.src.rpm flatpak-1.12.8-150400.3.6.1.x86_64.rpm flatpak-devel-1.12.8-150400.3.6.1.x86_64.rpm flatpak-zsh-completion-1.12.8-150400.3.6.1.x86_64.rpm libflatpak0-1.12.8-150400.3.6.1.x86_64.rpm system-user-flatpak-1.12.8-150400.3.6.1.x86_64.rpm typelib-1_0-Flatpak-1_0-1.12.8-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1538 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Changes in kernel-firmware-nvidia-gspx-G06: - Update to 550.78 Changes in nvidia-open-driver-G06-signed: - Update to 550.78 kernel-firmware-nvidia-gspx-G06-550.78-150400.9.30.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.78-150400.9.30.1.x86_64.rpm nvidia-open-driver-G06-signed-550.78-150400.9.59.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.78-150400.9.59.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.78_k5.14.21_150400.24.116-150400.9.59.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1557 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) python-rpm-4.14.3-150400.59.16.1.src.rpm python3-rpm-4.14.3-150400.59.16.1.x86_64.rpm python311-rpm-4.14.3-150400.59.16.1.x86_64.rpm rpm-32bit-4.14.3-150400.59.16.1.x86_64.rpm rpm-4.14.3-150400.59.16.1.src.rpm rpm-4.14.3-150400.59.16.1.x86_64.rpm rpm-build-4.14.3-150400.59.16.1.x86_64.rpm rpm-devel-4.14.3-150400.59.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1637 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) libprotobuf-lite25_1_0-25.1-150400.9.6.1.x86_64.rpm libprotobuf25_1_0-25.1-150400.9.6.1.x86_64.rpm libprotoc25_1_0-25.1-150400.9.6.1.x86_64.rpm protobuf-25.1-150400.9.6.1.src.rpm protobuf-devel-25.1-150400.9.6.1.x86_64.rpm python-apipkg-3.0.1-150400.12.6.1.src.rpm python-cachetools-5.3.1-150400.8.6.1.src.rpm python-certifi-2023.7.22-150400.12.6.2.src.rpm python-cffi-1.15.1-150400.8.7.2.src.rpm python-charset-normalizer-3.1.0-150400.9.7.2.src.rpm python-cryptography-41.0.3-150400.16.19.1.src.rpm python-google-auth-2.27.0-150400.6.7.1.src.rpm python-idna-3.4-150400.11.6.1.src.rpm python-iniconfig-2.0.0-150400.10.6.1.src.rpm python-py-1.11.0-150400.12.7.2.src.rpm python-pyOpenSSL-23.2.0-150400.3.10.1.src.rpm python-pyasn1-0.5.0-150400.12.7.2.src.rpm python-pyasn1-modules-0.3.0-150400.12.7.1.src.rpm python-pycparser-2.21-150400.12.7.2.src.rpm python-pytz-2023.3-150400.6.6.1.src.rpm python-requests-2.31.0-150400.6.8.1.src.rpm python-rsa-4.9-150400.12.7.1.src.rpm python-setuptools-67.7.2-150400.3.12.1.src.rpm python-urllib3-2.0.7-150400.7.14.1.src.rpm python311-apipkg-3.0.1-150400.12.6.1.noarch.rpm python311-cachetools-5.3.1-150400.8.6.1.noarch.rpm python311-certifi-2023.7.22-150400.12.6.2.noarch.rpm python311-cffi-1.15.1-150400.8.7.2.x86_64.rpm python311-charset-normalizer-3.1.0-150400.9.7.2.noarch.rpm python311-cryptography-41.0.3-150400.16.19.1.x86_64.rpm python311-google-auth-2.27.0-150400.6.7.1.noarch.rpm python311-idna-3.4-150400.11.6.1.noarch.rpm python311-iniconfig-2.0.0-150400.10.6.1.noarch.rpm python311-py-1.11.0-150400.12.7.2.noarch.rpm python311-pyOpenSSL-23.2.0-150400.3.10.1.noarch.rpm python311-pyasn1-0.5.0-150400.12.7.2.noarch.rpm python311-pyasn1-modules-0.3.0-150400.12.7.1.noarch.rpm python311-pycparser-2.21-150400.12.7.2.noarch.rpm python311-pytz-2023.3-150400.6.6.1.noarch.rpm python311-requests-2.31.0-150400.6.8.1.noarch.rpm python311-rsa-4.9-150400.12.7.1.noarch.rpm python311-setuptools-67.7.2-150400.3.12.1.noarch.rpm python311-urllib3-2.0.7-150400.7.14.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1497 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for skopeo fixes the following issues: - Update to version 1.14.2: * [release-1.14] Bump Skopeo to v1.14.2 * [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563) - Update to version 1.14.1: * Bump to v1.14.1 * fix(deps): update module github.com/containers/common to v0.57.2 * fix(deps): update module github.com/containers/image/v5 to v5.29.1 * chore(deps): update dependency containers/automation_images to v20240102 * Fix libsubid detection * fix(deps): update module golang.org/x/term to v0.16.0 * fix(deps): update golang.org/x/exp digest to 02704c9 * chore(deps): update dependency containers/automation_images to v20231208 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containers/common to v0.57.1 * fix(deps): update golang.org/x/exp digest to 6522937 * DOCS: add Gentoo in install.md * DOCS: Update to add Arch Linux in install.md * fix(deps): update module golang.org/x/term to v0.15.0 * Bump to v1.14.1-dev - Update to version 1.14.0: * Bump to v1.14.0 * fix(deps): update module github.com/containers/common to v0.57.0 * chore(deps): update dependency containers/automation_images to v20231116 * fix(deps): update module github.com/containers/image/v5 to v5.29.0 * Add documentation and smoke tests for the new --compat-auth-file options * Update c/image and c/common to latest * fix(deps): update module github.com/containers/storage to v1.51.0 * fix(deps): update module golang.org/x/term to v0.14.0 * fix(deps): update module github.com/spf13/cobra to v1.8.0 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2 * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1 * fix(deps): update github.com/containers/common digest to 3e5caa0 * chore(deps): update module google.golang.org/grpc to v1.57.1 [security] * fix(deps): update module github.com/containers/ocicrypt to v1.1.9 * Update github.com/klauspost/compress to v1.17.2 * chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security] * Fix ENTRYPOINT documentation, drop others. * Remove unused environment variables in Cirrus * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0 * chore(deps): update dependency containers/automation_images to v20231004 * chore(deps): update module golang.org/x/net to v0.17.0 [security] * copy: Note support for `zstd:chunked` * fix(deps): update module golang.org/x/term to v0.13.0 * fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible * fix(deps): update github.com/containers/common digest to 745eaa4 * Packit: switch to @containers/packit-build team for copr failure notification comments * Packit: tag @lsm5 on copr build failures * vendor of containers/common * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5 * fix(deps): update module github.com/containers/common to v0.56.0 * Cirrus: Remove multi-arch skopeo image builds * fix(deps): update module github.com/containers/image/v5 to v5.28.0 * Increase the golangci-lint timeout * fix(deps): update module github.com/containers/storage to v1.50.2 * fix(deps): update module github.com/containers/storage to v1.50.1 * fix(deps): update golang.org/x/exp digest to 9212866 * Fix a man page link * fix(deps): update github.com/containers/image/v5 digest to 58d5eb6 * GHA: Closed issue/PR comment-lock test * fix(deps): update module github.com/containers/common to v0.55.4 * fix(deps): update module github.com/containers/storage to v1.49.0 * rpm: spdx compatible license field * chore(deps): update dependency golangci/golangci-lint to v1.54.2 * chore(deps): update dependency containers/automation_images to v20230816 * Packit: set eln target correctly * packit: Build PRs into default packit COPRs * DOCS: Update Go version requirement info * DOCS: Add information about the cross-build * fix(deps): update module github.com/containers/ocicrypt to v1.1.8 * fix(deps): update module github.com/containers/common to v0.55.3 * Update c/image after https://github.com/containers/image/pull/2070 * chore(deps): update dependency golangci/golangci-lint to v1.54.1 * chore(deps): update dependency containers/automation_images to v20230809 * fix(deps): update golang.org/x/exp digest to 352e893 * chore(deps): update dependency containers/automation_images to v20230807 * Update to Go 1.19 * fix(deps): update module golang.org/x/term to v0.11.0 * Update c/image for golang.org/x/exp * RPM: define gobuild macro for rhel/centos stream * Fix handling the unexpected return value combination from IsRunningImageAllowed * Close the PolicyContext, as required by the API * Use globalOptions.getPolicyContext instead of an image-targeted SystemContext * Packit: remove pre-sync action * fix(deps): update module github.com/containers/common to v0.55.2 * proxy: Change the imgid to uint64 * [CI:BUILD] Packit: install golist before updating downstream spec * Update module golang.org/x/term to v0.10.0 * Bump to v1.14.0-dev * Bump to v1.13.0 - Bump go version to 1.21 (bsc#1215611) - Update to version 1.13.2: * [release-1.13] Bump to v1.13.2 * [release-1.31] Bump c/common v0.55.3 * Packit: remove pre-sync action * [release-1.13] Bump to v1.13.2-dev - Update to version 1.13.1: * [release-1.13] Bump to v1.13.1 * [release-1.13] Bump c/common to v0.55.2 * [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec * [release-1.13] Bump to v1.13.1-dev - Update to version 1.13.0: * Bump to v1.13.0 * proxy: Policy verification of OCI Image before pulling * Update module github.com/opencontainers/image-spec to v1.1.0-rc4 * Update module github.com/containers/common to v0.55.1 * Update module github.com/containers/common to v0.54.0 * Update module github.com/containers/image/v5 to v5.26.0 * [CI:BUILD] RPM: fix ELN builds * Update module github.com/containers/storage to v1.47.0 * Packit: easier to read distro conditionals * Update dependency golangci/golangci-lint to v1.53.3 * Help Renovate manage the golangci-lint version * Minor: Cleanup renovate configuration * Update dependency containers/automation_images to v20230614 * Update module golang.org/x/term to v0.9.0 * [CI:BUILD] Packit: add jobs for downstream Fedora package builds * Update module github.com/sirupsen/logrus to v1.9.3 * Update dependency containers/automation_images to v20230601 * Update golang.org/x/exp digest to 2e198f4 * Update github.com/containers/image/v5 digest to e14c1c5 * Update module github.com/stretchr/testify to v1.8.4 * Update module github.com/stretchr/testify to v1.8.3 * Update dependency containers/automation_images to v20230517 * Update module github.com/sirupsen/logrus to v1.9.2 * Update module github.com/docker/distribution to v2.8.2+incompatible * Trigger an update of the ostree_ext container image * Update c/image with https://github.com/containers/image/pull/1944 * Update module github.com/containers/common to v0.53.0 * Update module golang.org/x/term to v0.8.0 * Update dependency containers/automation_images to v20230426 * Update golang.org/x/exp digest to 47ecfdc * Emphasize the semantics of --preserve-digests a tiny bit * Improve the static build documentation a tiny bit * Bump to v1.12.1-dev skopeo-1.14.2-150300.11.8.1.src.rpm skopeo-1.14.2-150300.11.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1578 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100) libipa_hbac-devel-2.5.2-150400.4.27.1.x86_64.rpm libipa_hbac0-2.5.2-150400.4.27.1.x86_64.rpm libsss_certmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_certmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_idmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_idmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_nss_idmap-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_nss_idmap0-2.5.2-150400.4.27.1.x86_64.rpm libsss_simpleifp-devel-2.5.2-150400.4.27.1.x86_64.rpm libsss_simpleifp0-2.5.2-150400.4.27.1.x86_64.rpm python3-sssd-config-2.5.2-150400.4.27.1.x86_64.rpm sssd-2.5.2-150400.4.27.1.src.rpm sssd-2.5.2-150400.4.27.1.x86_64.rpm sssd-ad-2.5.2-150400.4.27.1.x86_64.rpm sssd-common-2.5.2-150400.4.27.1.x86_64.rpm sssd-common-32bit-2.5.2-150400.4.27.1.x86_64.rpm sssd-dbus-2.5.2-150400.4.27.1.x86_64.rpm sssd-ipa-2.5.2-150400.4.27.1.x86_64.rpm sssd-kcm-2.5.2-150400.4.27.1.x86_64.rpm sssd-krb5-2.5.2-150400.4.27.1.x86_64.rpm sssd-krb5-common-2.5.2-150400.4.27.1.x86_64.rpm sssd-ldap-2.5.2-150400.4.27.1.x86_64.rpm sssd-proxy-2.5.2-150400.4.27.1.x86_64.rpm sssd-tools-2.5.2-150400.4.27.1.x86_64.rpm sssd-winbind-idmap-2.5.2-150400.4.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1539 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252) bouncycastle-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-1.78.1-150200.3.29.1.src.rpm bouncycastle-pg-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-pkix-1.78.1-150200.3.29.1.noarch.rpm bouncycastle-util-1.78.1-150200.3.29.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1598 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) less-590-150400.3.9.1.src.rpm less-590-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1556 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2024-0450: Fixed "quoted-overlap" issue inside the zipfile module (bsc#1221854). - CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666). - CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559). Bug fixes: - Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260). - Revert use of %autopatch (bsc#1189495). - Use the system-wide crypto-policies (bsc#1211301). libpython3_11-1_0-3.11.9-150400.9.26.1.x86_64.rpm python311-3.11.9-150400.9.26.1.src.rpm python311-3.11.9-150400.9.26.1.x86_64.rpm python311-base-3.11.9-150400.9.26.1.x86_64.rpm python311-core-3.11.9-150400.9.26.1.src.rpm python311-curses-3.11.9-150400.9.26.1.x86_64.rpm python311-dbm-3.11.9-150400.9.26.1.x86_64.rpm python311-devel-3.11.9-150400.9.26.1.x86_64.rpm python311-doc-3.11.9-150400.9.26.1.x86_64.rpm python311-doc-devhelp-3.11.9-150400.9.26.1.x86_64.rpm python311-documentation-3.11.9-150400.9.26.1.src.rpm python311-idle-3.11.9-150400.9.26.1.x86_64.rpm python311-tk-3.11.9-150400.9.26.1.x86_64.rpm python311-tools-3.11.9-150400.9.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1895 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) glibc-2.31-150300.83.1.src.rpm glibc-2.31-150300.83.1.x86_64.rpm glibc-devel-2.31-150300.83.1.x86_64.rpm glibc-devel-static-2.31-150300.83.1.x86_64.rpm glibc-extra-2.31-150300.83.1.x86_64.rpm glibc-i18ndata-2.31-150300.83.1.noarch.rpm glibc-info-2.31-150300.83.1.noarch.rpm glibc-lang-2.31-150300.83.1.noarch.rpm glibc-locale-2.31-150300.83.1.x86_64.rpm glibc-locale-base-2.31-150300.83.1.x86_64.rpm glibc-locale-base-32bit-2.31-150300.83.1.x86_64.rpm glibc-profile-2.31-150300.83.1.x86_64.rpm glibc-utils-2.31-150300.83.1.x86_64.rpm glibc-utils-src-2.31-150300.83.1.src.rpm nscd-2.31-150300.83.1.x86_64.rpm glibc-32bit-2.31-150300.83.1.x86_64.rpm glibc-devel-32bit-2.31-150300.83.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1876 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.src.rpm aaa_base-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm aaa_base-extras-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm aaa_base-malloccheck-84.87+git20180409.04c9dae-150300.10.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1763 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant, hamcrest, junit fixes the following issues: ant, ant-antlr, ant-junit5, ant-junit: - Put hamcrest on the classpath of ant-junit module hamcrest was updated to version 2.2: - Version 2.2: * This version simplifies the packaging of Hamcrest into a single jar. Other big changes include Java 9 module compatibility, along with numerous other improvements and bug fixes. * Breaking Changes: + Although the class API has not changed since Hamcrest 1.3, the way that the project is packaged has changed. Refer to the Hamcrest Distributables documentation for more information, and in particular the section on Upgrading from Hamcrest 1.x + The org.hamcrest.Factory annotation has been removed (it should not be used in client code) * Improvements: + AllOf/AnyOf: Pass the matchers to constructor using varargs + Matchers.anyOf: Fixed generic bounds compatibility for JDK 11 + AssertionError message is unhelpful when match fails for byte type + Use platform specific line breaks + The build now checks for consistent use of spaces * Bugs fixed and other changes: + Fixed compatibility issue for development with Android D8 + Fixed typo in license name + 1.3 compatible constructors for string matchers + Fixed for split packages with Java 9 modules + Documentation updates + Added implementation for CharSequence length matcher + Fixed for TypeSafeDiagnosingMatcher can't detect generic types for subclass + Renamed IsCollectionContaining to IsIterableContaining + Make Hamcrest an OSGI bundle + Added StringRegularExpression matcher + Fixed StringContainsInOrder to detect if a repeated pattern is missing + Added ArrayAsIterableMatcher + Fixed description for IsEqualIgnoringCase + Fixed JavaDoc examples + Upgraded to Java 7 + Build with Gradle + Deprecate IsCollectionContaining and IsArrayContainingXXX + Removed deprecated methods from previous release + Improve mismatch description of hasItem/hasItems + General improvements to mismatch descriptions + Several JavaDoc improvements and corrections + Deprecated several matcher factory methods of the for "isXyz" + Fixed address doclint errors reported in JDK 1.8 + Fixed Iterable contains in order is null-safe + Added equalToObject() (i.e. unchecked) method + Fixed arrayContaining(null, null) cause NullPointerException * Fixed string matching on regular expressions * Fixed isCloseTo() shows wrong delta in mismatch description * Fixed add untyped version of equalTo, named equalToObject * Implement IsEmptyMap, IsMapWithSize * Fixed IsArray.describeMismatchSafely() should use Matcher.describeMismatch * Added Matcher implementation for files * Fixed NPE in IsIterableContainingInOrder junit: - Generate anew the ant build system using the maven pom.xml - Fetch sources from github by source service and filter out stale hamcrest binaries. - Port to hamcrest 2.2 unconditionally - Removed deprecated assertThat - Let ant build with --release 8 if the compiler knows that option. This allows us to avoid incompatible exception declarations in ObjectInputStream.GetField.get(String,Object) in java >= 20 ant-1.10.14-150200.4.25.1.noarch.rpm ant-1.10.14-150200.4.25.1.src.rpm ant-antlr-1.10.14-150200.4.25.1.noarch.rpm ant-antlr-1.10.14-150200.4.25.1.src.rpm ant-apache-bcel-1.10.14-150200.4.25.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.25.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.25.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.25.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.25.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.25.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.25.1.noarch.rpm ant-jakartamail-1.10.14-150200.4.25.1.noarch.rpm ant-javamail-1.10.14-150200.4.25.1.noarch.rpm ant-jdepend-1.10.14-150200.4.25.1.noarch.rpm ant-jmf-1.10.14-150200.4.25.1.noarch.rpm ant-junit-1.10.14-150200.4.25.1.noarch.rpm ant-junit-1.10.14-150200.4.25.1.src.rpm ant-manual-1.10.14-150200.4.25.1.noarch.rpm ant-scripts-1.10.14-150200.4.25.1.noarch.rpm ant-swing-1.10.14-150200.4.25.1.noarch.rpm junit-4.13.2-150200.3.11.2.noarch.rpm junit-4.13.2-150200.3.11.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-33664 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format PackageKit-1.2.4-150400.3.17.10.src.rpm True PackageKit-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.4.9.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.4.9.src.rpm True PackageKit-devel-1.2.4-150400.3.17.10.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.17.10.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.17.10.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.17.10.x86_64.rpm True libsolv-0.7.29-150400.3.22.4.src.rpm True libsolv-devel-0.7.29-150400.3.22.4.x86_64.rpm True libsolv-tools-0.7.29-150400.3.22.4.x86_64.rpm True libsolv-tools-base-0.7.29-150400.3.22.4.x86_64.rpm True libyui-4.3.7-150400.3.9.9.src.rpm True libyui-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.9.9.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.9.10.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.9.10.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.9.10.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.9.9.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-4.3.7-150400.3.9.9.src.rpm True libyui-qt-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.9.9.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.9.10.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.9.10.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.9.10.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-qt16-4.3.7-150400.3.9.9.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.9.9.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.9.9.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.9.9.x86_64.rpm True libyui16-4.3.7-150400.3.9.9.x86_64.rpm True libzypp-17.34.1-150400.3.71.7.src.rpm True libzypp-17.34.1-150400.3.71.7.x86_64.rpm True libzypp-devel-17.34.1-150400.3.71.7.x86_64.rpm True perl-solv-0.7.29-150400.3.22.4.x86_64.rpm True python3-solv-0.7.29-150400.3.22.4.x86_64.rpm True ruby-solv-0.7.29-150400.3.22.4.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.17.10.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.13.10.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.13.10.x86_64.rpm True zypper-1.14.73-150400.3.50.10.src.rpm True zypper-1.14.73-150400.3.50.10.x86_64.rpm True zypper-log-1.14.73-150400.3.50.10.noarch.rpm True zypper-needs-restarting-1.14.73-150400.3.50.10.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1611 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - rpmlint-checks: whitelist permissions.d entry in CheckSUIDPermissions for commoncriteria (bsc#1223682) rpmlint-1.10-150000.7.84.1.noarch.rpm rpmlint-1.10-150000.7.84.1.src.rpm rpmlint-mini-1.10-150400.23.20.1.src.rpm rpmlint-mini-1.10-150400.23.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1641 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725). - CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612). - CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878) - CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). The following non-security bugs were fixed: - Call flush_delayed_fput() from nfsd main-loop (bsc#1223380). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - scsi: Update max_hw_sectors on rescan (bsc#1216223). kernel-default-5.14.21-150400.24.119.1.nosrc.rpm True kernel-default-5.14.21-150400.24.119.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1.src.rpm True kernel-default-base-5.14.21-150400.24.119.1.150400.24.56.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.119.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.119.1.noarch.rpm True kernel-docs-5.14.21-150400.24.119.1.noarch.rpm True kernel-docs-5.14.21-150400.24.119.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.119.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.119.1.src.rpm True kernel-obs-build-5.14.21-150400.24.119.1.x86_64.rpm True kernel-source-5.14.21-150400.24.119.1.noarch.rpm True kernel-source-5.14.21-150400.24.119.1.src.rpm True kernel-syms-5.14.21-150400.24.119.1.src.rpm True kernel-syms-5.14.21-150400.24.119.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.119.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1665 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) coreutils-8.32-150400.9.6.1.src.rpm coreutils-8.32-150400.9.6.1.x86_64.rpm coreutils-doc-8.32-150400.9.6.1.noarch.rpm coreutils-lang-8.32-150400.9.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1624 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). python-Werkzeug-1.0.1-150300.3.8.1.src.rpm python3-Werkzeug-1.0.1-150300.3.8.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1591 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). python-Werkzeug-2.3.6-150400.6.9.1.src.rpm python311-Werkzeug-2.3.6-150400.6.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1786 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for lasso fixes the following issues: - Fix segmentation fault causing the test suite to fail, build was failing for SLE 15 SP5 (bsc#1205335) - Patch written by Petr Gajdos, reviewed, approved and merged upstream fix-bsc-1205335 lasso-2.6.1-150200.19.4.src.rpm liblasso3-2.6.1-150200.19.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1947 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). - CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388). libopenssl-3-devel-3.0.8-150400.4.54.1.x86_64.rpm libopenssl3-3.0.8-150400.4.54.1.x86_64.rpm openssl-3-3.0.8-150400.4.54.1.src.rpm openssl-3-3.0.8-150400.4.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1949 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). libopenssl-1_1-devel-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.66.2.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.66.2.x86_64.rpm openssl-1_1-1.1.1l-150400.7.66.2.src.rpm openssl-1_1-1.1.1l-150400.7.66.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1592 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). ffmpeg-4-4.4-150400.3.27.1.src.rpm libavcodec58_134-4.4-150400.3.27.1.x86_64.rpm libavformat58_76-4.4-150400.3.27.1.x86_64.rpm libavutil56_70-4.4-150400.3.27.1.x86_64.rpm libpostproc55_9-4.4-150400.3.27.1.x86_64.rpm libswresample3_9-4.4-150400.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1593 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). ffmpeg-3.4.2-150200.11.44.1.src.rpm libavcodec57-3.4.2-150200.11.44.1.x86_64.rpm libavformat57-3.4.2-150200.11.44.1.x86_64.rpm libavresample3-3.4.2-150200.11.44.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.44.1.x86_64.rpm libavutil55-3.4.2-150200.11.44.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.44.1.x86_64.rpm libpostproc54-3.4.2-150200.11.44.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.44.1.x86_64.rpm libswresample2-3.4.2-150200.11.44.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.44.1.x86_64.rpm libswscale4-3.4.2-150200.11.44.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1603 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Make "man" a recommended package instead of required to fix installation issues with SLE Micro python3-salt-3006.0-150400.8.60.1.x86_64.rpm True salt-3006.0-150400.8.60.1.src.rpm True salt-3006.0-150400.8.60.1.x86_64.rpm True salt-api-3006.0-150400.8.60.1.x86_64.rpm True salt-bash-completion-3006.0-150400.8.60.1.noarch.rpm True salt-cloud-3006.0-150400.8.60.1.x86_64.rpm True salt-doc-3006.0-150400.8.60.1.x86_64.rpm True salt-fish-completion-3006.0-150400.8.60.1.noarch.rpm True salt-master-3006.0-150400.8.60.1.x86_64.rpm True salt-minion-3006.0-150400.8.60.1.x86_64.rpm True salt-proxy-3006.0-150400.8.60.1.x86_64.rpm True salt-ssh-3006.0-150400.8.60.1.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.60.1.x86_64.rpm True salt-syndic-3006.0-150400.8.60.1.x86_64.rpm True salt-transactional-update-3006.0-150400.8.60.1.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.60.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1588 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 go1.21-1.21.10-150000.1.33.1.src.rpm go1.21-1.21.10-150000.1.33.1.x86_64.rpm go1.21-doc-1.21.10-150000.1.33.1.x86_64.rpm go1.21-race-1.21.10-150000.1.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1868 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330). - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401). apache2-2.4.51-150400.6.17.1.src.rpm apache2-2.4.51-150400.6.17.1.x86_64.rpm apache2-devel-2.4.51-150400.6.17.1.x86_64.rpm apache2-doc-2.4.51-150400.6.17.1.noarch.rpm apache2-prefork-2.4.51-150400.6.17.1.x86_64.rpm apache2-utils-2.4.51-150400.6.17.1.x86_64.rpm apache2-worker-2.4.51-150400.6.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1827 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove "missed config" generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when "lower" interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. wicked-0.6.75-150400.3.24.1.src.rpm wicked-0.6.75-150400.3.24.1.x86_64.rpm wicked-service-0.6.75-150400.3.24.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1660 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam_pkcs11 fixes the following issue: - Fix 0001-Set-slot_num-configuration-parameter-to-0-by-default (bsc#1221255) pam_pkcs11-0.6.10-150100.3.3.2.src.rpm pam_pkcs11-0.6.10-150100.3.3.2.x86_64.rpm pam_pkcs11-32bit-0.6.10-150100.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2065 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: - Update to version 2.44.2 - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071) WebKitGTK-4.0-lang-2.44.2-150400.4.83.2.noarch.rpm WebKitGTK-4.1-lang-2.44.2-150400.4.83.2.noarch.rpm WebKitGTK-6.0-lang-2.44.2-150400.4.83.2.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.2-150400.4.83.2.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.2-150400.4.83.2.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.2-150400.4.83.2.x86_64.rpm libwebkit2gtk-4_0-37-2.44.2-150400.4.83.2.x86_64.rpm libwebkit2gtk-4_1-0-2.44.2-150400.4.83.2.x86_64.rpm libwebkitgtk-6_0-4-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.2-150400.4.83.2.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk3-2.44.2-150400.4.83.2.src.rpm webkit2gtk3-devel-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk3-soup2-2.44.2-150400.4.83.2.src.rpm webkit2gtk3-soup2-devel-2.44.2-150400.4.83.2.x86_64.rpm webkit2gtk4-2.44.2-150400.4.83.2.src.rpm webkitgtk-6_0-injected-bundles-2.44.2-150400.4.83.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1762 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) perl-5.26.1-150300.17.17.1.src.rpm perl-5.26.1-150300.17.17.1.x86_64.rpm perl-base-5.26.1-150300.17.17.1.x86_64.rpm perl-core-DB_File-5.26.1-150300.17.17.1.x86_64.rpm perl-doc-5.26.1-150300.17.17.1.noarch.rpm perl-base-32bit-5.26.1-150300.17.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1631 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-argcomplete and python-Twisted fixes the following issue: - Fix update-alternatives (bsc#1224109) python-argcomplete-1.9.2-150000.3.8.1.src.rpm python3-Twisted-22.2.0-150400.18.1.src.rpm python3-Twisted-22.2.0-150400.18.1.x86_64.rpm python3-argcomplete-1.9.2-150000.3.8.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1770 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking - CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types - CVE-2024-4770: Use-after-free could occur when printing to PDF - CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 MozillaFirefox-115.11.0-150200.152.137.2.src.rpm MozillaFirefox-115.11.0-150200.152.137.2.x86_64.rpm MozillaFirefox-devel-115.11.0-150200.152.137.2.noarch.rpm MozillaFirefox-translations-common-115.11.0-150200.152.137.2.x86_64.rpm MozillaFirefox-translations-other-115.11.0-150200.152.137.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1797 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ipset fixes the following issue: - Fix build with latest kernel (bsc#1223370) ipset-7.15-150400.12.6.4.src.rpm ipset-7.15-150400.12.6.4.x86_64.rpm ipset-devel-7.15-150400.12.6.4.x86_64.rpm libipset13-7.15-150400.12.6.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1956 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for google-errorprone, guava fixes the following issues: guava: - guava was updated to version 33.1.0: * Changes of version 33.1.0: + Updated our Error Prone dependency to 2.26.1, which includes a JPMS-ready jar of annotations. If you use the Error Prone annotations in a modular build of your own code, you may need to add a requires line for them. + base: Added a Duration overload for Suppliers.memoizeWithExpiration. + base: Deprecated the remaining two overloads of Throwables.propagateIfPossible. They won't be deleted, but we recommend migrating off them. + cache: Fixed a bug that could cause false "recursive load" reports during refresh. + graph: Changed the return types of transitiveClosure() and reachableNodes() to Immutable* types. reachableNodes() already returned an immutable object (even though that was not reflected in the declared return type); transitiveClosure() used to return a mutable object. The old signatures remain available, so this change does not break binary compatibility. + graph: Changed the behavior of views returned by graph accessor methods that take a graph element as input: They now throw IllegalStateException when that element is removed from the graph. + hash: Optimized Checksum-based hash functions for Java 9+. + testing: Exposed FakeTicker Duration methods to Android users. + util.concurrent: Deprecated the constructors of UncheckedExecutionException and ExecutionError that don't accept a cause. We won't remove these constructors, but we recommend migrating off them, as users of those classes often assume that instances will contain a cause. + util.concurrent: Improved the correctness of racy accesses for J2ObjC users. * Changes of version 33.0.0: + This version of guava-android contains some package-private methods whose signature includes the Java 8 Collector API. This is a test to identify any problems before we expose those methods publicly to users. Please report any problems that you encounter. + Changed various classes to catch Exception instead of RuntimeException even when only RuntimeException is theoretically possible. This can help code that throws undeclared exceptions, as some bytecode rewriters (e.g., Robolectric) and languages (e.g., Kotlin) do. + Added an Automatic-Module-Name to failureaccess, Guava's one strong runtime dependency. + reflect: In guava-android only, removed Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). These methods never worked in an Android VM, and to reflect that, they were born @Deprecated, @Beta, and @DoNotCall. They're now preventing us from rolling out some new Android compatibility testing. This is the only binary-incompatible change in this release, and it should have no effect in practice. Still, we bump the major version number to follow Semantic Versioning. + util.concurrent: Changed our implementations to avoid eagerly initializing loggers during class loading. This can help performance, especially under Android. * Changes of version 32.1.3: + Changed Gradle Metadata to include dependency versions directly. This may address "Could not find some-dependency" errors that some users have reported (which might be a result of users' excluding guava-parent). + collect: Changed Multisets.unmodifiableMultiset(set) .removeIf(predicate) to throw an exception always, even if nothing matches predicate. + graph: Fixed the behavior of Graph/ValueGraph views for a node when that node is removed from the graph. + io: Fixed Files.createTempDir and FileBackedOutputStream under Windows services, a rare use case. (The fix actually covers only Java 9+ because Java 8 would require an additional approach. Let us know if you need support under Java 8.) + net: Made MediaType.parse allow and skip over whitespace around the / and = separator tokens in addition to the ; separator, for which it was already being allowed. + util.concurrent: Tweaked Futures.getChecked constructor-selection behavior: The method continues to prefer to call constructors with a String parameter, but now it breaks ties based on whether the constructor has a Throwable parameter. Beyond that, the choice of constructor remains undefined. (For this and other reasons, we discourage the use of getChecked.) * Changes of version 32.1.2: + Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. + Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. + collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. + net: Optimized InternetDomainName construction. * Changes of version 32.1.1: + Fixed our broken Gradle metadata from 32.1.0. Sorry again for the trouble. If you use Gradle, please still read the release notes from that version: You may still see errors from the new checking that the metadata enables, and the release notes discuss how to fix those errors. * Changes of version 32.1.0: + collect: Tweaked more nullness annotations. + hash: Enhanced crc32c() to use Java's hardware-accelerated implementation where available. + util.concurrent: Added Duration-based default methods to ListeningExecutorService. + Began updating Javadoc to focus less on APIs that have been superseded by additions to the JDK. We're also looking to add more documentation that directs users to JDK equivalents for our APIs. Further PRs welcome! + Fixed some problems with using Guava from a Java Agent. (But we don't test that configuration, and we don't know how well we'll be able to keep it working.) + Fixed BootstrapMethodError when using CacheBuilder from a custom system class loader. (As with the previous item, we're not sure how well we'll be able to keep this use case working.) + Suppressed a harmless unusable-by-js warning seen by users of guava-gwt. - Fix version mismatch in the ant build files. - The binaries are compatible with java 1.8 google-errorprone, google-errorprone-annotations: - google-errorprone and google-errorprone-annotations were updated to version 2.26.1: * Changes of version 2.26.1: + Fixes the module name: from 'com.google.errorprone.annotation' to 'com.google.errorprone.annotations'. Amends the OSGi build not to include 'Automatic-Module-Name' in the MANIFEST.MF for the 'annotations' project. * Changes of version 2.26.0: + The 'annotations' artifact now includes a module-info.java for Java Platform Module System support. + Disabled checks passed to -XepPatchChecks are now ignored, instead of causing a crash. + New checks: - SystemConsoleNull: Null-checking System.console() is not a reliable way to detect if the console is connected to a terminal. - EnumOrdinal: Discourage uses of Enum.ordinal() + Closed issues: - Add module-info.java - 2.19.x: Exception thrown when a disabled check is passed to -XepPatchChecks - Ignore disabled checks passed to -XepPatchChecks - feat: add jpms definition for annotations - Add the 'compile' goal for 'compile-java9' * Changes of version 2.25.0: + New checks: - JUnitIncompatibleType: Detects incompatible types passed to an assertion, similar to TruthIncompatibleType - RedundantSetterCall: Detects fields set twice in the same chained expression. Generalization of previous ProtoRedundantSet check to also handle AutoValue. + Closed issues: - Crash in UnnecessaryStringBuilder - Fix typos - Add support for specifying badEnclosingTypes for BadImport via flags - Some BugPattern docs are missing code examples - Remove incorrect statement from BugPattern index doc - Do not report NonFinalStaticField findings for fields modified in @BeforeAll methods * Changes of version 2.24.1: + Add an assertion to try to help debug * Changes of version 2.24.0: + New checks: - MultipleNullnessAnnotations: Discourage multiple nullness annotations - NullableTypeParameter: Discourage nullness annotations on type parameters - NullableWildcard: Discourage nullness annotations on wildcards - SuperCallToObjectMethod: Generalization of SuperEqualsIsObjectEquals, now covers hashCode * Changes of version 2.23.0: + New checks: DuplicateDateFormatField, NonFinalStaticField, StringCharset, StringFormatWithLiteral, SuperEqualsIsObjectEquals + Bug fixes and improvements * Changes of version 2.22.0: + New checks: - ClosingStandardOutputStreams: Prevents accidentally closing System.{out,err} with try-with-resources - TruthContainsExactlyElementsInUsage: containsExactly is preferred over containsExactlyElementsIn when creating new iterables - UnnecessaryAsync: detects unnecessary use of async primitives in local (and hence single-threaded) scopes - ReturnAtTheEndOfVoidFunction: detects unnecessary return statements at the end of void functions - MultimapKeys: Suggests using keySet() instead of iterating over Multimap.keys(), which does not collapse duplicates + Bug fixes and improvements: - Don't complain about literal IP addresses in AddressSelection - Prevent SuggestedFixes#renameMethod from modifying return type declaration - Fix UnusedVariable false positives for private record parameters - When running in conservative mode, no longer assume that implementations of Map.get, etc. return null - CanIgnoreReturnValueSuggester: Support additional exempting method annotations - UnusedVariable: exclude junit5's @RegisterExtension - Support running all available patch checks - Upgrade java-diff-utils 4.0 -> 4.12 - Flag unused Refaster template parameters - Support @SuppressWarnings("all") - Prevent Refaster UMemberSelect from matching method parameters - MissingDefault : Don't require // fall out comments on expression switches - Skip UnnecessaryLambda findings for usages in enhanced for loops - Fix bug where nested MissingBraces violations' suggested fixes result in broken code - Add support for specifying exemptPrefixes/exemptNames for UnusedVariable via flags - UnusedMethod: Added exempting variable annotations * Changes of version 2.21.1: + Handle overlapping ranges in suppressedRegions + Add AddressSelection to discourage APIs that convert a hostname to a single address * Changes of version 2.21.0: + New Checkers: - AttemptedNegativeZero: Prevents accidental use of -0, which is the same as 0. The floating-point negative zero is -0.0. - ICCProfileGetInstance: Warns on uses of ICC_Profile.getInstance(String), due to JDK-8191622. - MutableGuiceModule: Fields in Guice modules should be final. - NullableOptional: Discourages @Nullable-annotated Optionals. - OverridingMethodInconsistentArgumentNamesChecker: Arguments of overriding method are inconsistent with overridden method. + Fixed issues: - Avoid MemberName IOOBE on lambda parameters inside overriding methods - Improve LockOnNonEnclosingClassLiteral documentation - Security scan reported high CVE for com.google.guava:guava:31.1-jre - Upgrade guava to 32.0.1 - Proposal: checker to prevent other checkers from calling javac methods that changed across JDKs - Add support in ASTHelpersSuggestions for getEnclosedElements * Changes of version 2.20.0: + This release is compatible with early-access builds of JDK 21. + New Checkers: InlineTrivialConstant, UnnecessaryStringBuilder, BanClassLoader, DereferenceWithNullBranch, DoNotUseRuleChain, LockOnNonEnclosingClassLiteral, MissingRefasterAnnotation, NamedLikeContextualKeyword, NonApiType + Fixes issues: - Introduce MissingRefasterAnnotation checker - Fix minor typo in URepeated - Drop unused constant Template#AUTOBOXING_DEFAULT - Introduce command-line flag -XepAllSuggestionsAsWarnings - JDK21 compatibility - Add OSGi runtime metadata to error-prone's MANIFEST.MF files - Use EISOP Checker Framework version 3.34.0-eisop1 - NotJavadoc pattern does not allow Javadoc on module declarations - ErrorProneInjector incorrectly picks up the no-args constructor - Several high CVEs related to dependency com.google.protobuf:protobuf-java:3.19.2 - Upgrade protobuf-java to 3.19.6 * Changes of version 2.19.1: + This release fixes a binary compatibility issue when running on JDK 11 * Changes of version 2.19.0: + New Checkers: NotJavadoc, StringCaseLocaleUsage, UnnecessaryTestMethodPrefix + Fixes issues: - Exclude inner classes annotated with @Nested from ClassCanBeStatic rule - Optimize VisitorState#getSymbolFromName - ClassCanBeStatic: Exclude JUnit @Nested classes - BadImport: flag static import of newInstance methods - Support given for enforcing DirectInvocationOnMock: issue 3396 - Handle yield statement case in ASTHelpers#targetType - Should ASTHelpers.getSymbol(Tree) be annotated with @Nullable? - Fix '@' character in javadoc code snippets - Replace guava cache with caffeine - Discourage APIs locale-dependent APIs like String.to{Lower,Upper}Case - Introduce StringCaseLocaleUsage check * Changes of version 2.18.0: + New Checkers: InjectOnBugCheckers, LabelledBreakTarget, UnusedLabel, YodaCondition + Fixes issues: - @SuppressWarnings("InlineFormatString") doesn't work - Refaster: support method invocation type argument inlining - java.lang.IllegalArgumentException: Cannot edit synthetic AST nodes with specific record constructor - Rename class to match filename - Optimize VisitorState#getSymbolFromName - refactor: refactor bad smell UnusedLabel - LambdaFunctionalInterface crash with IllegalArgumentException when processing an enum constructor taking a lambda - Fix JDK 20-ea build compatibility - UngroupedOverloads: ignore generated constructors - [errorprone 2.17.0] NPE in StatementSwitchToExpressionSwitch.analyzeSwitchTree - StatementSwitchToExpressionSwitch: handle empty statement blocks - StatementSwitchToExpressionSwitch: only trigger on compatible target versions - Fix Finalize bugpattern to match protected finalize() - Make MemoizeConstantVisitorStateLookups check suppressible * Changes of version 2.17.0: + New Checkers: AvoidObjectArrays, Finalize, IgnoredPureGetter, ImpossibleNullComparison, MathAbsoluteNegative, NewFileSystem, StatementSwitchToExpressionSwitch, UnqualifiedYield + Fixed issues: - InvalidParam warning on Javadoc for Java record components - UnusedMethod flags @JsonValue methods as unused - UnusedMethod: Add more JPA lifecycle annotations or make annotations configurable - UnusedMethod: Support additional exempting method annotations - Have InvalidParam support records - Fix -XepDisableAllWarnings flag when passed on its own - ASTHelpersSuggestions does not flag call to packge() on com.sun.tools.javac.code.Symbol.ClassSymbol - @SupressWarnings on record compact constructor causes crash * Changes of version 2.16.0: + New Checkers: ASTHelpersSuggestions, CanIgnoreReturnValueSuggester, LenientFormatStringValidation, UnnecessarilyUsedValue + Fixed issues: - Avoid using non-ASCII Unicode characters outside of comments and literals - NullPointerException thrown during analysis - NPE analysing new style switch statement (2.14.0) - ImmutableChecker handles null types - Drop pre-JDK 11 logic from Refaster's Inliner class * Changes of version 2.15.0: + New Checkers: BuilderReturnThis, CanIgnoreReturnValueSuggester, CannotMockFinalClass, CannotMockFinalMethod, DirectInvocationOnMock, ExtendsObject, MockNotUsedInProduction, NoCanIgnoreReturnValueOnClasses, NullArgumentForNonNullParameter, SelfAlwaysReturnsThis, UnsafeWildcard, UnusedTypeParameter * Changes of version 2.14.0: + New checkers: BanJNDI, EmptyTopLevelDeclaration, ErroneousBitwiseExpression, FuzzyEqualsShouldNotBeUsedInEqualsMethod, Interruption, NullableOnContainingClass * Changes of version 2.13.1: + Fix a crash in UnnecessaryBoxedVariable + Include the unicode character in the diagnostic message * Changes of version 2.13.0: + Handle all annotations with the simple name Generated in -XepDisableWarningsInGeneratedCode + Reconcile BugChecker#isSuppressed with suppression handling in ErrorProneScanner + Fix a bug in enclosingPackage + Improve performance of fix application + Implicitly treat @AutoBuilder setter methods as @CanIgnoreReturnValue. + Remove some obsolete checks (PublicConstructorForAbstractClass, HashCodeToString) * Changes of version 2.12.1: + This release adds an infrastructure optimization to AppliedFix source code processing. * Changes of version 2.12.0: + New checks: BoxedPrimitiveEquality, DoubleBraceInitialization, IgnoredPureGetter, LockOnBoxedPrimitive, IncorrectMainMethod, LongDoubleConversion, RobolectricShadowDirectlyOn, StaticAssignmentOfThrowable, UnnecessaryLongToIntConversion, Varifier - Do not require maven-javadoc-plugin as it's not being used guava-33.1.0-150200.3.10.1.noarch.rpm guava-33.1.0-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1890 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-wsl fixes the following issues: - `wslg.conf` is now provided by a new package named `patterns-wsl-tmpfiles` which is required by `patterns-wsl-systemd`: * WSL uses `/etc/zypp/zypp.conf:solver.onlyRequires = true` by default - Ensure creation of the file `wslg.conf` if it doesn't exist patterns-wsl-20240327-150400.3.11.1.src.rpm patterns-wsl-base-20240327-150400.3.11.1.noarch.rpm patterns-wsl-gui-20240327-150400.3.11.1.noarch.rpm patterns-wsl-systemd-20240327-150400.3.11.1.noarch.rpm patterns-wsl-tmpfiles-20240327-150400.3.11.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1940 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow "--rollback" flag to run on readonly filesystem (bsc#1220679) libsuseconnect-1.9.0-150400.3.31.2.x86_64.rpm suseconnect-ng-1.9.0-150400.3.31.2.src.rpm suseconnect-ng-1.9.0-150400.3.31.2.x86_64.rpm suseconnect-ruby-bindings-1.9.0-150400.3.31.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1872 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-tqdm fixes the following issues: Update to version 4.66.4: * rich: fix completion * cli: eval safety (CVE-2024-34062, bsc#1223880) * pandas: add DataFrame.progress_map * notebook: fix HTML padding * keras: fix resuming training when verbose>=2 * fix format_num negative fractions missing leading zero * fix Python 3.12 DeprecationWarning on import python-tqdm-4.66.4-150400.9.12.1.src.rpm python-tqdm-bash-completion-4.66.4-150400.9.12.1.noarch.rpm python311-tqdm-4.66.4-150400.9.12.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1771 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel® Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel® Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel® Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. ucode-intel-20240514-150200.41.1.src.rpm ucode-intel-20240514-150200.41.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1807 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). git-2.35.3-150300.10.39.1.src.rpm git-2.35.3-150300.10.39.1.x86_64.rpm git-arch-2.35.3-150300.10.39.1.x86_64.rpm git-core-2.35.3-150300.10.39.1.x86_64.rpm git-cvs-2.35.3-150300.10.39.1.x86_64.rpm git-daemon-2.35.3-150300.10.39.1.x86_64.rpm git-doc-2.35.3-150300.10.39.1.noarch.rpm git-email-2.35.3-150300.10.39.1.x86_64.rpm git-gui-2.35.3-150300.10.39.1.x86_64.rpm git-svn-2.35.3-150300.10.39.1.x86_64.rpm git-web-2.35.3-150300.10.39.1.x86_64.rpm gitk-2.35.3-150300.10.39.1.x86_64.rpm perl-Git-2.35.3-150300.10.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1861 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-sqlparse fixes the following issues: - CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603). python3-sqlparse-0.4.2-150300.12.1.noarch.rpm python3-sqlparse-0.4.2-150300.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2568 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline (not applicable to mockito-android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the "inline bytecode" principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation - Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. - Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions - New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method. - byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: - Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java - Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove Trusted*Inspector classes from main sources tree - Changes of version 2.0: * Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class<? super T> type instead of Class<T> * CustomClassLoaderConstructor takes LoaderOptions * Check input parameters for non-null values testng was updated to version 7.10.1: - Security issues fixed: * CVE-2022-4065: Fixed Zip Slip Vulnerability (bsc#1205628) - Changes of version 7.10.1: * Fixed maven build with junit5 - Changes of version 7.10.0: * Minor discrepancy fixes * Deleting TestNG eclipse plugin specific classes * Remove deprecated JUnit related support in TestNG * Handle exceptions in emailable Reporter * Added wrapperbot and update workflow order * Support ITestNGFactory customisation * Streamlined data provider listener invocation * Streamlined Guice Module creation in concurrency. * Copy test result attributes when unexpected failures * chore: use explicit dependency versions instead of refreshVersions * Removed Ant * Support ordering of listeners * Added errorprone * Allow custom thread pool executors to be wired in. * Allow data providers to be non cacheable * Use Locks instead of synchronised keyword * Document pgp artifact signing keys * Added Unique Id for all test class instances * Added issue management workflows * Map object to configurations * Allow listeners to be disabled at runtime * Streamlined Data Provider execution * Honour inheritance when parsing listener factories * Tweaks around accessing SuiteResult * Streamlined random generation * Streamlined dependencies for configurations - Changes of version 7.9.0: * Fixed maps containing nulls can be incorrectly considered equal * Test Results as artifacts for failed runs * Fixed data races * Dont honour params specified in suite-file tag * Decouple SuiteRunner and TestRunner * Disable Native DI for BeforeSuite methods * Streamlined running Parallel Dataproviders+retries * Removed extra whitespace in log for Configuration.createMethods() * Added the link for TestNG Documentation's GitHub Repo in README.md * FirstTimeOnlyConfig methods + Listener invocations * Added overrideGroupsFromCliInParentChildXml test * Ensure thread safety for attribute access * Added @inherited to the Listeners annotation * Restrict Group inheritance to Before|AfterGroups * Ensure ITestResult injected to @AfterMethod is apt * Support suite level thread pools for data provider * Favour CompletableFuture instead of PoolService * Favour FutureTask for concurrency support * Shared Threadpool for normal/datadriven tests. * Abort for invalid combinations - Changes of version 7.8.0: * [Feature] Not exception but warning if some (not all) of the given test names are not found in suite files. * [Feature] Generate testng-results.xml per test suite * [Feature] Allow test classes to define "configfailurepolicy" at a per class level * XmlTest index is not set for test suites invoked with YAML * Listener's onAfterClass is called before @afterclass configuration methods are executed. * After upgrading to TestNG 7.5.0, setting ITestResult.status to FAILURE doesn't fail the test anymore * JUnitReportReporter should capture the test case output at the test case level * TestNG.xml doesn't honour Parallel value of a clone * before configuration and before invocation should be 'SKIP' when beforeMethod is 'skip' * Test listeners specified in parent testng.xml file are not included in testng-failed.xml file * Discrepancies with DataProvider and Retry of failed tests * Skipped Tests with DataProvider appear as failed * testng-results xml reports config skips from base classes as ignored * Feature: Check that specific object present in List * Upgraded snakeyaml to 2.0 - Changes of version 7.7.1: * Streamline overloaded assertion methods for Groovy - Changes of version 7.7.0: * Replace FindBugs by SpotBugs * Gradle: Drop forUseAtConfigurationTime() * Added ability to provide custom message to assertThrows\expectThrows methods * Only resolve hostname once * Prevent overlogging of debug msgs in Graph impl * Streamlined dataprovider invoking in abstract classes * Streamlined TestResult due to expectedExceptions * Unexpected test runs count with retry analyzer * Make PackageUtils compliant with JPMS * Ability to retry a data provider during failures * Fixing bug with DataProvider retry * Added config key for callback discrepancy behavior * Fixed FileAlreadyExistsException error on copy * JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted #2825 * Changing assertion message of the osgitest * Enhancing the Matrix * Avoid Compilation errors on Semeru JDK flavour. * Add addition yml extension * Support getting dependencies info for a test * Honour regex in dependsOnMethods * Ensure All tests run all the time * Deprecate support for running Spock Tests * Streamline dependsOnMethods for configurations * Ensure ITestContext available for JUnit4 tests * Deprecate support for running JUnit tests * Changes of 7.6.1 * Fix Files.copy() such that parent dirs are created * Remove deprecated utility methods - Changes of version 7.6.0: * Remove redundant Parameter implementation * Upgraded to JDK11 * Move SimpleBaseTest to be Kotlin based * Restore testnames when using suites in suite. * Moving ClassHelperTests into Kotlin * IHookable and IConfigurable callback discrepancy * Minor refactoring * Add additional condition for assertEqualsNoOrder * beforeConfiguration() listener method should be invoked for skipped configurations as well * Keep the initial order of listeners * SuiteRunner could not be initial by default Configuration * Enable Dataprovider failures to be considered. * BeforeGroups should run before any matched test * Fixed possible StringIndexOutOfBoundsException exception in XmlReporter * DataProvider: possibility to unload dataprovider class, when done with it * Fixed possibilty that AfterGroups method is invoked before all tests * Fixed equals implementation for WrappedTestNGMethod * Wire-In listeners consistently * Streamline AfterClass invocation * Show FQMN for tests in console * Honour custom attribute values in TestNG default reports snakeyaml-2.2-150200.3.15.1.noarch.rpm snakeyaml-2.2-150200.3.15.1.src.rpm testng-7.10.1-150200.3.10.1.noarch.rpm testng-7.10.1-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2000 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: javadoc-parser: - Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes) maven-filtering was updated to version 3.3.2: - Build against the plexus-build-api0 package containing sonatype plexus build api - Version 3.3.2: * Changes: + pick correct hamcrest dependency + Prefer commons lang to plexus utils + MSHARED-1214: move tag back to HEAD + MSHARED-1216: Use caching output stream + Bump org.codehaus.plexus:plexus-utils from 3.0.16 to 3.0.24 in /src/test/resources + Fix typos and grammar + Fix 'licenced' typo in PR template + refactor IncrementalResourceFilteringTest + MSHARED-1340: Require Maven 3.6.3+ + Bump commons-io:commons-io from 2.11.0 to 2.15.1 + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 + MSHARED-1339: Bump org.apache.maven.shared:maven-shared-components from 39 to 41 + MSHARED-1290: Fix PropertyUtils cycle detection results in false positives + MSHARED-1285: use an up-to-date scanner instead the newscanner + Bump org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 + Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 + Bump release-drafter/release-drafter from 5 to 6 + Bump org.junit.jupiter:junit-jupiter-api from 5.10.1 to 5.10.2 + MSHARED-1351: Fix console message when origin is baseDir + MSHARED-1050: Fix ConcurrentModificationException for maven-filtering + MSHARED-1330: Always overwrite files - Version 3.3.1: * Changes: + MSHARED-1175: Copying x resources from rel/path to rel/path + MSHARED-1213: Bug: filtering existing but 0 byte file + MSHARED-1199: Upgrade parent pom to 39 + MSHARED-1112: Ignore setting permissions on non existing dest files/symlinks + MSHARED-1144: remove rendundant error message - Version 3.3.0: * Changes: + Fixed cloning of MavenResourcesExecution's instances using copyOf() method + MRESOURCES-258: Copying and filtering logic is delegated to FileUtils + replace deprecated methods + replace deprecated code in favor of Java 7 core and apache commons libraries declare dependencies + MSHARED-1080: Parent POM 36, Java8, drop legacy. maven-plugin-tools: - Build against the plexus-build-api0 package containing sonatype plexus build api - Added dependency on plexus-xml where relevant modello was updated to version 2.4.0: - Build against the new codehaus plexus build api 1.2.0 - Build all modello plugins - Version 2.4.0: * New features and improvements: + Keep license structure + Support addition of license header to generated files + Make generated code - Java 8 based by default + threadsafety * Bugs fixed: + Revert snakeyaml to 1.33 (as 2.x is not fully compatible with 1.x). - Version 2.3.0: * Changes: + Kill off dead Plexus + Fix for #366 - Version 2.2.0: * Changes: + Parse javadoc tags in xdoc generator (only @since is supported atm) + Use generic in Xpp3Reader for JDK 5+ + Get rid of usage deprecated Reader/WriterFactory + Make spotless plugin work with Java 21 + Support java source property being discovered as 1.x + Fix thread safety issues by not using singletons for generators + Improve discovering javaSource based on maven.compiler properties, default as 8 + Switch Plexus Annotation to JSR-330 + Make spotless plugin work with Java 21 - Add dependency on plexus-xml where relevant plexus-build-api was updated to version 1.2.0: - Version 1.2.0: * Potentially breaking changes: + change package to org.codehaus.plexus.build * New features and improvements: + Convert to JSR 330 component + Bump sisu-maven-plugin from 0.3.5 to 0.9.0.M2 + Switch to parent 13 and reformat + Use a CachingOutputStream when using the build context + Reuse plexus-pom action for CI + Add README and LICENSE + Remove ThreadBuildContext * Bugs fixed: + Store Objects in the DefaultContext in a map + Let the DefaultBuildContext delegate to the legacy build-api plexus-build-api0 was implemented at version 0.0.8: - New package plexus-xml: - Deliver plexus-xml RPM package to meet new dependency requirements (no source changes) maven-filtering-3.3.2-150200.3.7.2.noarch.rpm maven-filtering-3.3.2-150200.3.7.2.src.rpm maven-plugin-annotations-3.13.0-150200.3.12.2.noarch.rpm maven-plugin-tools-3.13.0-150200.3.12.2.src.rpm plexus-build-api-1.2.0-150200.3.7.1.noarch.rpm plexus-build-api-1.2.0-150200.3.7.1.src.rpm plexus-build-api0-0.0.8-150200.5.5.2.noarch.rpm plexus-build-api0-0.0.8-150200.5.5.2.src.rpm plexus-xml-3.0.0-150200.5.5.1.noarch.rpm plexus-xml-3.0.0-150200.5.5.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2479 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of "quoted-overlap" zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) libpython3_6m1_0-3.6.15-150300.10.65.1.x86_64.rpm python3-3.6.15-150300.10.65.2.src.rpm python3-3.6.15-150300.10.65.2.x86_64.rpm python3-base-3.6.15-150300.10.65.1.x86_64.rpm python3-core-3.6.15-150300.10.65.1.src.rpm python3-curses-3.6.15-150300.10.65.2.x86_64.rpm python3-dbm-3.6.15-150300.10.65.2.x86_64.rpm python3-devel-3.6.15-150300.10.65.1.x86_64.rpm python3-idle-3.6.15-150300.10.65.2.x86_64.rpm python3-tk-3.6.15-150300.10.65.2.x86_64.rpm python3-tools-3.6.15-150300.10.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1859 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): - CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). - CVE-2024-21094: Fixed C2 compilation fails with "Exceeded _node_regs array" (bsc#1222986). - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). - CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). - CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). - CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.25-150000.3.89.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1880 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). python-requests-2.25.1-150300.3.9.1.src.rpm python3-requests-2.25.1-150300.3.9.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2034 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issue: - Fix dpdk_nic_bind 'python': No such file or directory (bsc#1219990) * Add requires for 'which' as dpdk-tools has its dependency dpdk-19.11.10-150400.4.15.13.src.rpm dpdk-19.11.10-150400.4.15.13.x86_64.rpm dpdk-devel-19.11.10-150400.4.15.13.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.119-150400.4.15.13.x86_64.rpm dpdk-tools-19.11.10-150400.4.15.13.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.15.13.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1791 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bpftool fixes the following issue: - Enable showing info for processes holding BPF map/prog/link/btf FDs (jsc#PED-8375) bpftool-5.14.21-150400.9.7.2.src.rpm bpftool-5.14.21-150400.9.7.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2108 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). containerd-1.7.17-150000.111.3.src.rpm containerd-1.7.17-150000.111.3.x86_64.rpm containerd-ctr-1.7.17-150000.111.3.x86_64.rpm containerd-devel-1.7.17-150000.111.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1907 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586) - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ffmpeg-4-4.4-150400.3.32.1.src.rpm libavcodec58_134-4.4-150400.3.32.1.x86_64.rpm libavformat58_76-4.4-150400.3.32.1.x86_64.rpm libavutil56_70-4.4-150400.3.32.1.x86_64.rpm libpostproc55_9-4.4-150400.3.32.1.x86_64.rpm libswresample3_9-4.4-150400.3.32.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1995 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libteam fixes the following issue: - teamd: lw: arp_ping: bitmask VID in VLAN BPF filter (bsc#1224798) libteam-1.27-150000.4.15.2.src.rpm libteam-devel-1.27-150000.4.15.2.x86_64.rpm libteam-tools-1.27-150000.4.15.2.x86_64.rpm libteam5-1.27-150000.4.15.2.x86_64.rpm libteamdctl0-1.27-150000.4.15.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1898 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for iputils fixes the following issues: - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) - "arping: Fix 1s delay on exit for unsolicited arpings", Backport upstream fix (bsc#1224877) iputils-20211215-150400.3.8.2.src.rpm iputils-20211215-150400.3.8.2.x86_64.rpm rarpd-20211215-150400.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1802 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) e2fsprogs-1.46.4-150400.3.6.2.src.rpm e2fsprogs-1.46.4-150400.3.6.2.x86_64.rpm e2fsprogs-devel-1.46.4-150400.3.6.2.x86_64.rpm libcom_err-devel-1.46.4-150400.3.6.2.x86_64.rpm libcom_err-devel-static-1.46.4-150400.3.6.2.x86_64.rpm libcom_err2-1.46.4-150400.3.6.2.x86_64.rpm libcom_err2-32bit-1.46.4-150400.3.6.2.x86_64.rpm libext2fs-devel-1.46.4-150400.3.6.2.x86_64.rpm libext2fs-devel-static-1.46.4-150400.3.6.2.x86_64.rpm libext2fs2-1.46.4-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2366 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for freeradius-server fixes the following issues: - CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414). freeradius-server-3.0.25-150400.4.7.1.src.rpm freeradius-server-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-devel-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-krb5-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-ldap-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-libs-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-mysql-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-perl-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-postgresql-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-python3-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-sqlite-3.0.25-150400.4.7.1.x86_64.rpm freeradius-server-utils-3.0.25-150400.4.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1806 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110). xdg-desktop-portal-1.10.1-150400.3.6.1.src.rpm xdg-desktop-portal-1.10.1-150400.3.6.1.x86_64.rpm xdg-desktop-portal-devel-1.10.1-150400.3.6.1.x86_64.rpm xdg-desktop-portal-lang-1.10.1-150400.3.6.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1914 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-DBD-SQLite fixes the following issues: - Remove sqlite files when building with system libraries * Avoiding having wrong sqlite version when checking with the perl module (bsc#1218946) perl-DBD-SQLite-1.66-150300.3.12.1.src.rpm perl-DBD-SQLite-1.66-150300.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2684 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added "Provides: nss" so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in "certutil dump keys with explicit default trust flags" * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. libfreebl3-3.101.2-150400.3.48.1.x86_64.rpm libfreebl3-32bit-3.101.2-150400.3.48.1.x86_64.rpm libsoftokn3-3.101.2-150400.3.48.1.x86_64.rpm libsoftokn3-32bit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-3.101.2-150400.3.48.1.src.rpm mozilla-nss-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-32bit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-certs-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-devel-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-sysinit-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-tools-3.101.2-150400.3.48.1.x86_64.rpm mozilla-nss-certs-32bit-3.101.2-150400.3.48.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3150 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-PyNaCl, python3-paramiko fixes the following issues: - Upgrade python3-PyNaCl from 1.4.0 to 1.5.0 - upgrade python3-paramiko from 2.4.3 to 3.4.0 python3-PyNaCl-1.5.0-150400.9.3.17.src.rpm python3-PyNaCl-1.5.0-150400.9.3.17.x86_64.rpm python3-paramiko-3.4.0-150400.9.3.3.noarch.rpm python3-paramiko-3.4.0-150400.9.3.3.src.rpm python3-paramiko-doc-3.4.0-150400.9.3.3.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1874 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version 3.25.3: - New package implementation needed by Junit5 byte-buddy was updated to version v1.14.16: - `byte-buddy` is required by `assertj-core` - Changes in version v1.14.16: * Update ASM and introduce support for Java 23. - Changes in version v1.14.15: * Allow attaching from root on J9. - Changes of v1.14.14: * Adjust type validation to accept additional names that are legal in the class file format. * Fix dynamic attach on Windows when a service user is active. * Avoid failure when using Android's strict mode. dom4j was updated to version 2.1.4: - Improvements and potentially breaking changes: * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): + http://xml.org/sax/properties/external-general-entities + http://xml.org/sax/properties/external-parameter-entities - Other changes: * Do not depend on jtidy, since it is not used during build * Fixed license to Plexus * JPMS: Add the Automatic-Module-Name attribute to the manifest. * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j` * Updated pull-parser version * Reuse the writeAttribute method in writeAttributes * Support build on OS with non-UTF8 as default charset * Gradle: add an automatic module name * Use Correct License Name "Plexus" * Possible vulnerability of DocumentHelper.parseText() to XML injection * CVS directories left in the source tree * XMLWriter does not escape supplementary unicode characters correctly * writer.writeOpen(x) doesn't write namespaces * Fixed concurrency problem with QNameCache * All dependencies are optional * SAXReader: hardcoded namespace features * Validate QNames * StringIndexOutOfBoundsException in XMLWriter.writeElementContent() * TreeNode has grown some generics * QName serialization fix * DocumentException initialize with nested exception * Accidentally occurring error in a multi-threaded test * Added compatibility with W3C DOM Level 3 * Use Java generics hamcrest: - `hamcrest-core` has been replaced by `hamcrest` (no source changes) junit had the following change: - Require hamcrest >= 2.2 junit5 was updated to version 5.10.2: - Conditional execution based on OS architectures - Configurable cleanup mode for @TempDir - Configurable thread mode for @Timeout - Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf - Dry-run mode for test execution - Failure threshold for @RepeatedTest - Fixed build with the latest open-test-reporting milestone - Fixed dependencies in module-info.java files - Fixed unreported exception error that is fatal with JDK 21 - Improved configurability of parallel execution - New @SelectMethod support in test @Suite classes. - New ConsoleLauncher subcommand for test discovery without execution - New convenience base classes for implementing ArgumentsProvider and ArgumentConverter - New IterationSelector - New LauncherInterceptor SPI - New NamespacedHierarchicalStore for use in third-party test engines - New TempDirFactory SPI for customizing how temporary directories are created - New testfeed details mode for ConsoleLauncher - New TestInstancePreConstructCallback extension API - Numerous bug fixes and minor improvements - Parameter injection for @MethodSource methods - Promotion of various experimental APIs to stable - Reusable parameter resolution for custom extension methods via ExecutableInvoker - Stacktrace pruning to hide internal JUnit calls - The binaries are compatible with java 1.8 - Various improvements to ConsoleLauncher - XML reports in new Open Test Reporting format jdom: - Security issues fixed: * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request (bsc#1187446) - Other changes and bugs fixed: * Fixed wrong entries in changelog (bsc#1224410) * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom` jaxen was implemented at version 2.0.0: - New standalone RPM package implementation, originally part of `jdom` source package - Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools. - The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation - Despite the major version bump, this should be a drop in replacement for almost every project. The two major possible incompatibilities are: * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6. * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively it will need to add explicit dependencies to build. jopt-simple: - Included jopt-simple to Package Hub 15 SP5 (no source changes) objectweb-asm was updated to version 9.7: - New Opcodes.V23 constant for Java 23 - Bugs fixed * Fixed unit test regression in dex2jar. * Fixed 'ClassNode#outerClass' with incorrect JavaDocs. * asm-bom packaging should be 'pom'. * The Textifier prints a supplementary space at the end of each method that throws at least one exception. open-test-reporting: - Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime dependencies of Junit5 (no source changes) saxpath was implemented at version 1.0 FCS: - New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only) xom was implemented at version 1.3.9: - New standalone RPM package implementation, originally part of `jdom` source package - The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes. - The copy() method is now covariant. - Adds Automatic-Moduole-Name to jar - Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime. - Eliminate usage of com.sun classes to make XOM compatible with JDK 16. - Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance. dom4j-2.1.4-150200.12.10.2.noarch.rpm dom4j-2.1.4-150200.12.10.2.src.rpm hamcrest-2.2-150200.12.17.2.noarch.rpm hamcrest-2.2-150200.12.17.2.src.rpm jaxen-2.0.0-150200.5.3.1.noarch.rpm jaxen-2.0.0-150200.5.3.1.src.rpm jdom-1.1.3-150200.12.8.2.noarch.rpm jdom-1.1.3-150200.12.8.2.src.rpm junit-4.13.2-150200.3.15.2.noarch.rpm junit-4.13.2-150200.3.15.2.src.rpm objectweb-asm-9.7-150200.3.15.2.noarch.rpm objectweb-asm-9.7-150200.3.15.2.src.rpm xom-1.3.9-150200.5.3.3.noarch.rpm xom-1.3.9-150200.5.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2003 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) cups-2.2.7-150000.3.59.1.src.rpm cups-2.2.7-150000.3.59.1.x86_64.rpm cups-client-2.2.7-150000.3.59.1.x86_64.rpm cups-config-2.2.7-150000.3.59.1.x86_64.rpm cups-ddk-2.2.7-150000.3.59.1.x86_64.rpm cups-devel-2.2.7-150000.3.59.1.x86_64.rpm libcups2-2.2.7-150000.3.59.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.59.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.59.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.59.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.59.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.59.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2256 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for maven-surefire, tycho fixes the following issues: maven-surefire was updated to version 3.2.5: - Version 3.2.5: * Bugs fixed: + Surefire evaluates parameter jvm before skip + StatelessXmlReporter#getTestProblems() does not properly reflect report schema structure + Surefire ITs fail when project directory contains space + JaCoCo 0.8.11 fails with old TestNG releases on Java 17+ * Improvements: + Support flakyFailure and flakyError in TestSuiteXmlParser + Document minimum supported Java version for Toolchains - Version 3.2.3: * Bugs fixed: + Additional class path ordering broken since 3.2.0 + additionalClasspathElement with UNC path not working with Maven Failsafe Plugin + OutOfMemoryError raised when parsing files with huge stderr/stdout output in surefire-report-parser + SurefireForkChannel#getForkNodeConnectionString() returns invalid URI string if localHost resolves to IPv6 * Dependency upgrade: + Upgrade to HtmlUnit 3.8.0 + Upgrade to Parent 41 + Upgrade plugins and components (in ITs) - Version 3.2.2: * Bugs fixed: + Use maven-plugin-report-plugin only in plugins modules + Downgrade plexus-xml to 3.0.0 * Dependency updates: + Bump org.codehaus.plexus:plexus-java from 1.1.2 to 1.2.0 - Version 3.2.1: * New features and improvements: + Support forkNumber in environment variables + Use junit-bom instead of single JUnit 5 versions + Support adding additional Maven dependencies to the test runtime classpath + Clarified classpathDependencyExcludes + Log starter implementation on DEBUG level * Bugs fixed: + Fix module dependencies for compile only dependencies * Documentation updates: + Fix TestNG web site URL - Version 3.1.2: * Changes: + Use ChoiceFormat to selective render percentage and elapsed time in SurefireReportRenderer + Simplify serialization/deserialization of elapsed time + Potential NPE in WrappedReportEntry when #getElapsed() is called + Replace StringUtils#isEmpty(String) and #isNotEmpty(String) - Version 3.1.0: * Bugs fixed: + Cannot release Surefire on Windows * Improvements: + Replace SurefireReportGenerator with a new SurefireReportRenderer + Replace LocalizedProperties with (Custom)I18N approach from MPIR - Version 3.0.0: * New features and improvements: + Get rid of localRepository from surefire mojo parameter, use Resolver API * Bugs fixed: + Sanitize failIfNoSpecifiedTests prefix in failsafe + Fix reporting of skipped parameterized test * Documentation updates: + Refresh download page tycho: - Fixed build with maven-plugin-plugin >= 3.11 - Require at least maven-surefire 3 for build - Added dependency on plexus-xml where relevant maven-surefire-3.2.5-150200.3.9.12.8.noarch.rpm maven-surefire-3.2.5-150200.3.9.12.8.src.rpm maven-surefire-plugin-3.2.5-150200.3.9.12.1.noarch.rpm maven-surefire-plugins-3.2.5-150200.3.9.12.1.src.rpm maven-surefire-provider-junit-3.2.5-150200.3.9.12.8.noarch.rpm maven-surefire-provider-testng-3.2.5-150200.3.9.12.8.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2284 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gmavenplus-plugin, istack-commons, replacer, xmvn fixes the following issues: gmavenplus-plugin, istack-commons, replacer, xmvn: - Fixed build with `maven-plugin-plugin` xmvn-4.2.0-150200.3.21.2.src.rpm xmvn-4.2.0-150200.3.21.2.x86_64.rpm xmvn-api-4.2.0-150200.3.21.1.noarch.rpm xmvn-connector-4.2.0-150200.3.21.1.noarch.rpm xmvn-connector-4.2.0-150200.3.21.1.src.rpm xmvn-core-4.2.0-150200.3.21.1.noarch.rpm xmvn-install-4.2.0-150200.3.21.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.21.2.x86_64.rpm xmvn-mojo-4.2.0-150200.3.21.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.21.1.src.rpm xmvn-resolve-4.2.0-150200.3.21.1.noarch.rpm xmvn-subst-4.2.0-150200.3.21.1.noarch.rpm xmvn-tools-4.2.0-150200.3.21.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2079 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Gradle and Maven fixes the following issues: gradle-bootstrap: - Regenerate to account for the new plexus-xml dependency gradle: - Fixed build with the `plexus-xml` split from plexus-utils maven-artifact-transfer: - Added dependency on `plexus-xml` where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-assembly-plugin, maven-doxia, maven-doxia-sitetools, maven-install-plugin, maven-javadoc-plugin, maven-plugin-testing, maven-resolver, maven: - Added dependency on `plexus-xml` where relevant gradle-4.4.1-150200.3.18.1.src.rpm gradle-4.4.1-150200.3.18.1.x86_64.rpm maven-3.9.6-150200.4.24.2.src.rpm maven-3.9.6-150200.4.24.2.x86_64.rpm maven-artifact-transfer-0.13.1-150200.3.7.1.noarch.rpm maven-artifact-transfer-0.13.1-150200.3.7.1.src.rpm maven-doxia-1.12.0-150200.4.10.5.src.rpm maven-doxia-core-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.10.5.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.10.2.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.10.2.src.rpm maven-javadoc-plugin-3.6.0-150200.4.13.2.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.13.2.src.rpm maven-lib-3.9.6-150200.4.24.2.x86_64.rpm maven-resolver-1.9.18-150200.3.20.1.src.rpm maven-resolver-api-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-connector-basic-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-impl-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-named-locks-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-spi-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-file-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-http-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-transport-wagon-1.9.18-150200.3.20.1.noarch.rpm maven-resolver-util-1.9.18-150200.3.20.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2118 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rpmlint fixes the following issues: - Support python >= 3.7 pyc parsing. (bsc#1225343) rpmlint-1.10-150000.7.87.1.noarch.rpm rpmlint-1.10-150000.7.87.1.src.rpm rpmlint-mini-1.10-150400.23.22.5.src.rpm rpmlint-mini-1.10-150400.23.22.5.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1991 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for unbound fixes the following issues: unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy Changes: * Removed DLV. The DLV has been decommisioned since unbound 1.5.4 and has been advised to stop using it since. The use of dlv options displays a warning. * Remove EDNS lame procedure, do not re-query without EDNS after timeout. * Add DNS over HTTPS * libunbound has been upgraded to major version 8 Security Fixes: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU. [bsc#1219826] * CVE-2022-30698: Novel "ghost domain names" attack by introducing subdomain delegations. [bsc#1202033] * CVE-2022-30699: Novel "ghost domain names" attack by updating almost expired delegation information. [bsc#1202031] * CVE-2022-3204: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack). [bsc#1203643] Packaging Changes: * Use prefixes instead of sudo in unbound.service * Remove no longer necessary BuildRequires: libfstrm-devel and libprotobuf-c-devel libunbound8-1.20.0-150100.10.13.1.x86_64.rpm unbound-1.20.0-150100.10.13.1.src.rpm unbound-anchor-1.20.0-150100.10.13.1.x86_64.rpm unbound-devel-1.20.0-150100.10.13.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1908 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg fixes the following issues: - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) ffmpeg-3.4.2-150200.11.47.1.src.rpm libavcodec57-3.4.2-150200.11.47.1.x86_64.rpm libavformat57-3.4.2-150200.11.47.1.x86_64.rpm libavresample3-3.4.2-150200.11.47.1.x86_64.rpm libavutil-devel-3.4.2-150200.11.47.1.x86_64.rpm libavutil55-3.4.2-150200.11.47.1.x86_64.rpm libpostproc-devel-3.4.2-150200.11.47.1.x86_64.rpm libpostproc54-3.4.2-150200.11.47.1.x86_64.rpm libswresample-devel-3.4.2-150200.11.47.1.x86_64.rpm libswresample2-3.4.2-150200.11.47.1.x86_64.rpm libswscale-devel-3.4.2-150200.11.47.1.x86_64.rpm libswscale4-3.4.2-150200.11.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2255 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: maven-file-management: - Use sisu-plexus instead of plexus-containers-container-default - Added dependency on plexus-xml where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-io: - Do not add PROVIDED dependency on plexus-container-default - Use sisu-plexus instead of plexus-containers-container-default - Removed unnecessary dependency on xmvn tools and parent pom maven2: - Use sisu-plexus instead of plexus-containers-container-default - Fixed build with both sisu-plexus and plexus-containers-container-default - Require the new plexus-xml package to fix build maven-shared-utils was updated to version 3.3.4: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers - Checked exception converted to raw runtime - PrettyPrintXmlWriter output is platform dependent - Deprecated StringUtils.unifyLineSeparator - Fixed environment variable with null value - Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0 plexus-ant-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default - Fixed the code to build both with sisu-plexus and plexus-containers-container-default. plexus-bsh-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-cli: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers plexus-i18n: - Use sisu-plexus instead of plexus-containers-container-default plexus-resources: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-sec-dispatcher: - Removed unnecessary dependency on plexus-containers-container-default - Add dependency on plexus-xml where relevant - Build with source and target levels 8 plexus-velocity: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default tesla-polyglot: - Fixed build with maven-plugin-plugin - Fixed build with snakeyaml 2.2 maven-artifact-2.2.1-150200.3.7.3.noarch.rpm maven-file-management-3.0.0-150200.3.7.3.noarch.rpm maven-file-management-3.0.0-150200.3.7.3.src.rpm maven-shared-io-3.0.0-150200.3.7.2.noarch.rpm maven-shared-io-3.0.0-150200.3.7.2.src.rpm maven-shared-utils-3.3.4-150200.3.7.2.noarch.rpm maven-shared-utils-3.3.4-150200.3.7.2.src.rpm maven2-2.2.1-150200.3.7.3.src.rpm plexus-i18n-1.0~beta10-150200.3.7.2.noarch.rpm plexus-i18n-1.0~beta10-150200.3.7.2.src.rpm plexus-sec-dispatcher-2.0-150200.3.7.3.noarch.rpm plexus-sec-dispatcher-2.0-150200.3.7.3.src.rpm plexus-velocity-1.2-150200.3.7.2.noarch.rpm plexus-velocity-1.2-150200.3.7.2.src.rpm tesla-polyglot-0.4.5-150200.3.7.2.src.rpm tesla-polyglot-common-0.4.5-150200.3.7.2.noarch.rpm tesla-polyglot-common-0.4.5-150200.3.7.2.src.rpm tesla-polyglot-groovy-0.4.5-150200.3.7.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2620 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ant, lucene, mysql-connector-java, univocity-parsers fixes the following issues: ant: - Add forgotten open-test-reporting/events to ant.d/junitlauncher lucene was updated from version 8.5.0 to 8.11.2: - API Changes: * SimpleFSDirectory is deprecated in favor of NIOFSDirectory. * Removed ability to set DocumentsWriterPerThreadPool on IndexWriterConfig. The DocumentsWriterPerThreadPool is a packaged protected final class which made it impossible to customize. * MergeScheduler#merge doesn't accept a parameter if a new merge was found anymore. * SortFields are now responsible for writing themselves into index headers if they are used as index sorts. * Deprecate SimpleBindings#add(SortField). * MergeScheduler is now decoupled from IndexWriter. Instead it accepts a MergeSource interface that offers the basic methods to acquire pending merges, run the merge and do accounting around it. * QueryVisitor.consumeTermsMatching() now takes a Supplier<ByteRunAutomaton> to enable queries that build large automata to provide them lazily. TermsInSetQuery switches to using this method to report matching terms. * DocValues.emptySortedNumeric() no longer takes a maxDoc parameter * CodecUtil#checkFooter(IndexInput, Throwable) now throws a CorruptIndexException if checksums mismatch or if checksums can't be verified. * TieredMergePolicy#setMaxMergeAtOnceExplicit is deprecated and the number of segments that get merged via explicit merges is unlimited by default. * Lucene's facet module's DocValuesOrdinalsReader.decode method is now public, making it easier for applications to decode facet ordinals into their corresponding labels * Field comparators for numeric fields and _doc were moved to their own package. TopFieldCollector sets TotalHits.relation to GREATER_THAN_OR_EQUAL_TO, as soon as the requested total hits threshold is reached, even though in some cases no skipping optimization is applied and all hits are collected. * IndexingChain now accepts individual primitives rather than a DocumentsWriterPerThread instance in order to create a new DocConsumer. * Removed deprecation warning from IndexWriter#getFieldNames(). * Change the getValue method from IntTaxonomyFacets to be protected instead of private. Users can now access the count of an ordinal directly without constructing an extra FacetLabel. Also use variable length arguments for the getOrdinal call in TaxonomyReader. * DrillSideways allows sub-classes to provide "drill down" FacetsCollectors. They may provide a null collector if they choose to bypass "drill down" facet collection. * Add a new Directory reader open API from indexCommit and a custom comparator for sorting leaf readers * Replaced the ScoreCachingWrappingScorer ctor with a static factory method that ensures unnecessary wrapping doesn't occur. - New Features: * Grouping by range based on values from DoubleValuesSource and LongValuesSource * Add IndexWriter merge-on-commit feature to selectively merge small segments on commit, subject to a configurable timeout, to improve search performance by reducing the number of small segments for searching * Add IndexWriter merge-on-refresh feature to selectively merge small segments on getReader, subject to a configurable timeout, to improve search performance by reducing the number of small segments for searching. * Doc values now allow configuring how to trade compression for retrieval speed. * Add FacetsConfig option to control which drill-down terms are indexed for a FacetLabel * RegExpQuery added case insensitive matching option. * Add CJKWidthCharFilter and its factory * Add utility class to retrieve facet labels from the taxonomy index for a facet field so such fields do not also have to be redundantly stored * Allow sorting an index after it was created. With SortingCodecReader, existing unsorted segments can be wrapped and merged into a fresh index using IndexWriter#addIndices API. * Custom order for leaves in IndexReader and IndexWriter * Added smoothingScore method and default implementation to Scorable abstract class. The smoothing score allows scorers to calculate a score for a document where the search term or subquery is not present. The smoothing score acts like an idf so that documents that do not have terms or subqueries that are more frequent in the index are not penalized as much as documents that do not have less frequent terms or subqueries and prevents scores which are the product or terms or subqueries from going to zero. Added the implementation of the Indri AND and the IndriDirichletSimilarity from the academic Indri search engine: http://www.lemurproject.org/indri.php. * New LatLonPoint query that accepts an array of LatLonGeometries. * New XYPoint query that accepts an array of XYGeometries. * TypeAsSynonymFilter has been enhanced support ignoring some types, and to allow the generated synonyms to copy some or all flags from the original token * A token filter to drop tokens that match all specified flags. * PatternTypingFilter has been added to allow setting a type attribute on tokens based on a configured set of regular expressions * FeatureField supports newLinearQuery that for scoring uses raw indexed values of features without any transformation. * LatLonPoint query support for spatial relationships. * New tool for creating a deterministic index to enable benchmarking changes on a consistent multi-segment index even when they require re-indexing. * New facet counting implementation for general string doc value fields (SortedSetDocValues / SortedDocValues) not created through FacetsConfig * The SimpleText codec now writes skip lists. * Analyzer and stemmer for Telugu language - Improvements: * Use same code-path for updateDocuments and updateDocument in IndexWriter and DocumentsWriter. * Update dictionary version for Ukrainian analyzer to 4.9.1 * PerFieldDocValuesFormat should not get the DocValuesFormat on a field that has no doc values. * Removed ThreadState abstraction from DocumentsWriter which allows pooling of DWPT directly and improves the approachability of the IndexWriter code. * Add an ID to SegmentCommitInfo in order to compare commits for equality and make snapshots incremental on generational files. * TotalHits' relation will be EQUAL_TO when the number of hits is lower than TopDocsColector's numHits * Metadata of the terms dictionary moved to its own file, with the '.tmd' extension. This allows checksums of metadata to be verified when opening indices and helps saveseeks when opening an index. * SegmentInfos#readCommit now always returns a CorruptIndexException if the content of the file is invalid. * Make FunctionScoreQuery use ScoreMode.COMPLETE for creating the inner query weight when ScoreMode.TOP_DOCS is requested. * Make FacetsConfig.DELIM_CHAR publicly accessible * UniformSplit supports encodable fields metadata. * Improved truncation detection for points. * Let MultiCollector handle minCompetitiveScore * Add a new ExpressionValueSource which will enforce only one value per name per hit in dependencies, ExpressionFunctionValues will no longer recompute already computed values * Fix CheckIndex to print an invalid non-zero norm as unsigned long when detecting corruption. * FieldInfo#checkConsistency called twice from Lucene50(60)FieldInfosFormat#read; Removed the (redundant?) assert and do these checks for real. * In BooleanQuery rewrite, always remove MatchAllDocsQuery filter clauses when possible. * Improve coverage for Asserting* test classes: make sure to handle singleton doc values, and sometimes exercise Weight#scorer instead of Weight#bulkScorer for top-level queries. * Include StoredFieldsWriter in DWPT accounting to ensure that it's heap consumption is taken into account when IndexWriter stalls or should flush DWPTs. * Include TermVectorsWriter in DWPT accounting to ensure that it's heap consumption is taken into account when IndexWriter stalls or should flush DWPTs. * In query shapes over shape fields, skip points while traversing the BKD tree when the relationship with the document is already known. * Use more compact datastructures to represent sorted doc-values in memory when sorting a segment before flush and in SortingCodecReader. * WordDelimiterGraphFilter should order tokens at the same position by endOffset to emit longer tokens first. The same graph is produced. * Optimize facet counting for single-valued SSDV / StringValueFacetCounts. * GlobalOrdinalsWithScore should not compute occurrences when the provided min is 1. * ICUNormalizer2CharFilter no longer requires normalization-inert characters as boundaries for incremental processing, vastly improving worst-case performance. * ExitableTermsEnum should sample timeout and interruption check before calling next(). * Make CheckIndex concurrent by parallelizing index check across segments. * Add compression to terms dict from SortedSet/Sorted DocValues. * Binary doc values fields now expose their configured compression mode in the attributes of the field info. * BM25FQuery was extended to handle similarities beyond BM25Similarity. It was renamed to CombinedFieldQuery to reflect its more general scope. * Reduce index size by increasing allowable exceptions in PForUtil from 3 to 7. * Hunspell support improvements: add API for spell-checking and suggestions, support compound words, fix various behavior differences between Java and C++ implementations, improve performance * The BEST_SPEED compression mode now trades more compression ratio in exchange of faster reads. * Enable bulk merge for stored fields with index sort. * Allow DrillSideways users to provide their own CollectorManager without also requiring them to provide an ExecutorService. * Extend DrillSideways to support exposing FacetCollectors directly. * Support for multi-value fields in LongRangeFacetCounts and DoubleRangeFacetCounts. * Added QueryProfilerIndexSearcher and ProfilerCollector to support debugging query execution strategy and timing. * Operations.getCommonSuffix/Prefix(Automaton) is now much more efficient, from a worst case exponential down to quadratic cost in the number of states + transitions in the Automaton. These methods no longer use the costly determinize method, removing the risk of TooComplexToDeterminizeException * Operations.determinize now throws TooComplexToDeterminizeException based on too much "effort" spent determinizing rather than a precise state count on the resulting returned automaton, to better handle adversarial cases like det(rev(regexp("(.*a){2000}"))) that spend lots of effort but result in smallish eventual returned automata. * Stop sorting determinize powersets unnecessarily. * Evaluate score in DrillSidewaysScorer.doQueryFirstScoring * Decrease default for LRUQueryCache's skipCacheFactor to 10. This prevents caching a query clause when it is much more expensive than running the top-level query. * Make QueryCache respect Accountable queries - Optimizations: * UniformSplit keeps FST off-heap. * DoubleValuesSource and QueryValueSource now use a TwoPhaseIterator if one is provided by the Query. * UsageTrackingQueryCachingPolicy no longer caches DocValuesFieldExistsQuery. * FST.Arc.BitTable reads directly FST bytes. Arc is lightweight again and FSTEnum traversal faster. * Fail precommit on unparameterised log messages and examine for wasted work/objects * Speed up geometry queries by specialising Component2D spatial operations. Instead of using a generic relate method for all relations, we use specialize methods for each one. In addition, the type of triangle is computed at deserialization time, therefore we can be more selective when decoding points of a triangle. * Build always trees with full leaves and lower the default value for maxPointsPerLeafNode to 512. * Points now write their index in a separate file. * Add an ability for field comparators to skip non-competitive documents. Creating a TopFieldCollector with totalHitsThreshold less than Integer.MAX_VALUE instructs Lucene to skip non-competitive documents whenever possible. For numeric sort fields the skipping functionality works when the same field is indexed both with doc values and points. To indicate that the same data is stored in these points and doc values SortField#setCanUsePoints method should be used. * ConstantValuesSource now shares a single DoubleValues instance across all segments * Stored fields now get higer compression ratios on highly compressible data. * FunctionMatchQuery now accepts a "matchCost" optimization hint. * Indexing with an index sort is now faster by not compressing temporary representations of the data. * Enhance DocComparator to provide an iterator over competitive documents when searching with "after". This iterator can quickly position on the desired "after" document skipping all documents and segments before "after". * QueryParser: re-use the LookaheadSuccess exception. * WANDScorer now supports queries that have a 'minimumNumberShouldMatch' configured. * Reduced memory usage for OrdinalMap when a segment has all values. * Faster decoding of postings for some numbers of bits per value. * Substantially improve RAM efficiency of how MemoryIndex stores postings in memory, and reduced a bit of RAM overhead in IndexWriter's internal postings book-keeping * Speed up merging of stored fields and term vectors for smaller segments. * Performance improvement for BKD index building * Improved memory efficiency of IndexWriter's RAM buffer, in particular in the case of many fields and many indexing threads. * Lucene90DocValuesFormat was using too many bits per value when compressing via gcd, unnecessarily wasting index storage. * Rewrite empty DisjunctionMaxQuery to MatchNoDocsQuery. * Slightly faster segment merging for sorted indices. * Improve IntroSorter with 3-ways partitioning * FacetsCollector will not request scores if it does not use them - Bugs fixed: * Fix corruption of the new gen field infos when doc values updates are applied on a segment created externally and added to the index with IndexWriter#addIndexes(Directory). * Holding levenshtein automata on FuzzyQuery can end up blowing up query caches which use query objects as cache keys, so building the automata is now delayed to search time again. * Fix wrong NGramFilterFactory argument name for preserveOriginal option * DocValuesRewriteMethod.visit wasn't visiting its embedded query * DocTermsIndexDocValues assumed it was operating on a SortedDocValues (single valued) field when it could be multi-valued used with a SortedSetSelector * Ensure IW processes all internal events before it closes itself on a rollback. * Return default value from objectVal when doc doesn't match the query in QueryValueSource * Fix for potential NPE in TermFilteredPresearcher for empty fields * Wait for #addIndexes merges when aborting merges. * Ensure CMS updates it's thread accounting datastructures consistently. CMS today releases it's lock after finishing a merge before it re-acquires it to update the thread accounting datastructures. This causes threading issues where concurrently finishing threads fail to pick up pending merges causing potential thread starvation on forceMerge calls * Single-document monitor runs were using the less efficient MultiDocumentBatch implementation. * Fix equality check in ExpressionValueSource#rewrite. This fixes rewriting of inner value sources. * IndexWriter incorrectly calls closeMergeReaders twice when the merged segment is 100% deleted. * Tessellator might build illegal polygons when several holes share the shame vertex. * Tessellator might build illegal polygons when several holes share are connected to the same vertex. * Fix ordered intervals over interleaved terms * The UnifiedHighlighter was closing the underlying reader when there were multiple term-vector fields. This was a regression in 8.6.0. * Prevent DWPTDeleteQueue from referencing itself and leaking memory. The queue passed an implicit this reference to the next queue instance on flush which leaked about 500byte of memory on each full flush, commit or getReader call. * Fix a regression where the unified highlighter didn't produce highlights on fuzzy queries that correspond to exact matches. * Fix NRTCachingDirectory to use Directory#fileLength to check if a file already exists instead of opening an IndexInput on the file which might throw a AccessDeniedException in some Directory implementations. * Fixed a bug in IndexSortSortedNumericDocValuesRangeQuery where it could violate the DocIdSetIterator contract. * Include field in ComplexPhraseQuery's toString() * Fix TermRangeQuery when there is no upper bound and the lower bound is the empty string excluded. This would previously match no strings at all while it should match all non-empty strings. * Fix NPE in SpanWeight#explain when no scoring is required and SpanWeight has null Similarity.SimScorer. * DocumentsWriter was only stalling threads for 1 second allowing documents to be indexed even the DocumentsWriter wasn't able to keep up flushing. Unless IW can't make progress due to an ill behaving DWPT this issue was barely noticeable. * Japanese tokenizer should discard the compound token instead of disabling the decomposition of long tokens when discardCompoundToken is activated. * Make Component2D#withinPoint implementations consistent with ShapeQuery logic. * Wrap boolean queries generated by shape fields with a Constant score query. * Fix per-field memory leak in IndexWriter.deleteAll(). Reset next available internal field number to 0 on FieldInfos.clear(), to avoid wasting FieldInfo references. * BM25FQuery - Mask encoded norm long value in array lookup. * When encoding triangles in ShapeField, make sure generated triangles are CCW by rotating triangle points before checking triangle orientation. * Fix deadlock in TermsEnum.EMPTY that occurs when trying to initialize TermsEnum and BaseTermsEnum at the same time * NPE on a degenerate query in MinimumShouldMatchIntervalsSource $MinimumMatchesIterator.getSubMatches(). * DoubleValuesSource.fromQuery (also used by FunctionScoreQuery.boostByQuery) could throw an exception when the query implements TwoPhaseIterator and when the score is requested repeatedly. * BytesRefHash.equals/find is now thread safe, fixing a Luwak/Monitor bug causing registered queries to sometimes fail to match. * Fix Circle2D intersectsLine t-value (distance) range clamp * Fixed parameter use in RadixSelector. * LongValueFacetCounts should count each document at most once when determining the total count for a dimension. Prior to this fix, multi-value docs could contribute a > 1 count to the dimension count. * Fixed performance regression for boolean queries that configure a minimum number of matching clauses. * FlattenGraphFilter is now more robust when handling incoming holes in the input token graph * Duplicate long values in a document field should only be counted once when using SortedNumericDocValuesFields * Do not throw NullPointerException while trying to handle another exception in ReplicaNode.start * Fix DrillSideways correctness bug * Fix edge case failure in TestStringValueFacetCounts * CombinedFieldQuery can fail with an exception when document is missing some fields. * Respect ignoreCase in CommonGramsFilterFactory * DocComparator should not skip docs with the same docID on multiple sorts with search after * Fix CombinedFieldQuery equals and hashCode, which ensures query rewrites don't drop CombinedFieldQuery clauses. * Correct CombinedFieldQuery scoring when there is a single field. * Counting bug fixed in StringValueFacetCounts. * Ensure DrillSidewaysQuery instances never get cached. * Skip deleted docs when accumulating facet counts for all docs * KoreanTokenizer should check the max backtrace gap on whitespaces. * Sort optimization can wrongly skip the first document of each segment * MultiCollector now handles single leaf collector that wants to skip low-scoring hits but the combined score mode doesn't allow it * Missing calculating the bytes used of DocsWithFieldSet in NormValuesWriter * Missing calculating the bytes used of DocsWithFieldSet and currentValues in SortedSetDocValuesWriter * Sort optimization with search_after can wrongly skip documents whose values are equal to the last value of the previous page * Sort optimization with a chunked bulk scorer can wrongly skip documents * ConcurrentSortedSetDocValuesFacetCounts shouldn't share liveDocs Bits across threads * NumericLeafComparator to define getPointValues * Ensure that the minimum competitive score does not decrease in concurrent search * Highlighter: WeightedSpanTermExtractor.extractWeightedSpanTerms to Query#rewrite multiple times if necessary * Make sure SparseFixedBitSet#or updates ramBytesUsed - Documentation: * Add a performance warning to AttributeSource.captureState javadocs - Changes in runtime behaviour: * SortingCodecReader now doesn't cache doc values fields anymore. Previously, SortingCodecReader used to cache all doc values fields after they were loaded into memory. This reader should only be used to sort segments after the fact using IndexWriter#addIndices. * Other changes: * Always keep FST off-heap. FSTLoadMode, Reader attributes and openedFromWriter removed. * Checksums of the terms index are now verified when LeafReader#checkIntegrity is called rather than when opening the index. * Update Javadoc about normalizeEntry in the Kuromoji DictionaryBuilder. * Make TestLatLonMultiPolygonShapeQueries more resilient for CONTAINS queries. * Adjust TestLucene60PointsFormat#testEstimatePointCount2Dims so it does not fail when a point is shared by multiple leaves. * ByteBufferIndexInput was refactored to work on top of the ByteBuffer API. * Make LineFileDocs's random seeking more efficient, making tests using LineFileDocs faster * Refactors SimpleBindings to improve type safety and cycle detection * Change the way the multi-dimensional BKD tree builder generates the intermediate tree representation to be equal to the one dimensional case to avoid unnecessary tree and leaves rotation. * poll_mirrors.py release script can handle HTTPS mirrors. * Fix or suppress 13 resource leak precommit warnings in lucene/replicator * Always keep BKD index off-heap. BKD reader does not implement Accountable any more. * Refactor BKD point configuration into its own class. * Make TestXYMultiPolygonShapeQueries more resilient for CONTAINS queries. * Move LockFactory stress test to be a unit/integration test. * Removes some unused code and replaces the Point implementation on ShapeField/ShapeQuery random tests. * Removed the pure Maven build. It is no longer possible to build artifacts using Maven (this feature was no longer working correctly). Due to migration to Gradle for Lucene/Solr 9.0, the maintenance of the Maven build was no longer reasonable. POM files are generated for deployment to Maven Central only. Please use "ant generate-maven-artifacts" to produce and deploy artifacts to any repository. * Migrate Maven tasks to use "maven-resolver-ant-tasks" instead of the no longer maintained "maven-ant-tasks". * Upgrade jetty to 9.4.41 * Fix WANDScorer assertion error. * Add docs/links to GermanAnalyzer describing how to decompound nouns * Update Jetty to 9.4.34 mysql-connector-java was updated to version 8.4.0: - Removed OpenTelemetry support, which was added upstream - Avoid producing dupplicate maven data - Changes in version 8.4.0: * Added support for VECTOR data type. * Fixed tests failing due to removal of deprecated features. * Fixed join condition for retrieval of imported primary keys. * GPL License Exception Update. * Updated SyntaxRegressionTest.java. * Replaced StringBuffer with StringBuilder in ValueEncoders * Fixed DatabaseMetaData that specifies incorrect extra name characters. * Fixed setting the FetchSize on a Statement object does not affect. * Fixed GETPARAMETERBINDINGS() ON A PS RETURNS NPE WHEN NOT ALL PARAMETERS ARE BOUND. * Removed support for FIDO authentication * Only call Messages.getString(...) when it's needed (when the SQLException is thrown) * CLIENT HANG WHEN LOADBALANCESTRATEGY IS BESTRESPONSETIME. - Includes changes from 8.3.0: * Fixed redundant "Reset stmt" when setting useServerPrepStmts&cachePrepStmts to true * Fixed COMMENT PARSING IS NOT PROPER IN CONNECTOR JDBC. * Fixed setting a large timeout leads to errors when executing SQL. * Upgrade 3rd party libraries and tools. * Upgrade Protocol Buffers dependency to protobuf*java-3.25.1. * Fixed issue with mysql-connector-j 8.0.33 connector (XDEVAPI) - getsession is slow. * Fixed CallableStatement::getParameterMetaData reports incorrect parameterCount. * Fixed executeUpdate throws SQLException on queries that are only comments. * getWarnings() of StatementImpl contains all warnings. * Fixed Unexpected list of permitted ciphers. * Fixed jdbc.MysqlParameterMetadata#isNullable doesnt check whether to be simple. * Fixed Parameter metadata inferred incorrectly when procedure or function doesn't exist. * Fixed execution of a stored procedure if exists function with same name. - Changes in version 8.2.0: * Added the missing implementation for Connection.releaseSavepoint() * Connector/J now supports WebAuthn Authentication. See Connecting Using Web Authentication (WebAuthn) Authentication for details. * The auto-deserialization function for BLOB objects, deprecated since release 8.1.0, is now removed. * The SessionStateChanges objects failed to provide proper values for section state changes. This was because Connector/J parsed the OK_Packet incorrectly, and this patch fixes the issue. * Using javax.sql.rowset.CachedRowSet#getDate() or javax.sql.rowset.CachedRowSet#getTimestamp() on DATETIME fields resulted in a ClassCastException. It was because the default return type of DATETIME fields by ResultSet.getObject() was java.time.LocalDateTime instead of java.sql.Timestamp. To prevent the exception, a new connection property, treatMysqlDatetimeAsTimestamp, now allows the return type of DATETIME by ResultSet.getObject() to be changed to java.sql.Timestamp * Obtaining a connection from a MysqlConnectionPoolDataSource made Connector/J reset its connection state unless the connection property paranoid was set to be true. During the reset, the autocommit mode of the session was restored to the default value specified on the server by the system variable autocommit, while the JDBC specification mandates that autocommit be always enabled for a freshly created connection. With this patch, the connection reset will always enable autocommit in the situation. - Changes in version 8.1.0: * Deprecated autoDeserialize feature. * Fix KeyManagementException: FIPS mode: only SunJSSE TrustManagers may be used. * Fixed Issue in JDBC PreparedStatement on adding NO_BACKSLASH_ESCAPES in sql_mode. univocity-parsers: - Add Automatic-Module-Name to the manifest ant-1.10.14-150200.4.28.1.noarch.rpm ant-1.10.14-150200.4.28.1.src.rpm ant-antlr-1.10.14-150200.4.28.1.noarch.rpm ant-antlr-1.10.14-150200.4.28.1.src.rpm ant-apache-bcel-1.10.14-150200.4.28.1.noarch.rpm ant-apache-bsf-1.10.14-150200.4.28.1.noarch.rpm ant-apache-log4j-1.10.14-150200.4.28.1.noarch.rpm ant-apache-oro-1.10.14-150200.4.28.1.noarch.rpm ant-apache-regexp-1.10.14-150200.4.28.1.noarch.rpm ant-apache-resolver-1.10.14-150200.4.28.1.noarch.rpm ant-commons-logging-1.10.14-150200.4.28.1.noarch.rpm ant-jakartamail-1.10.14-150200.4.28.1.noarch.rpm ant-javamail-1.10.14-150200.4.28.1.noarch.rpm ant-jdepend-1.10.14-150200.4.28.1.noarch.rpm ant-jmf-1.10.14-150200.4.28.1.noarch.rpm ant-junit-1.10.14-150200.4.28.1.noarch.rpm ant-junit-1.10.14-150200.4.28.1.src.rpm ant-manual-1.10.14-150200.4.28.1.noarch.rpm ant-scripts-1.10.14-150200.4.28.1.noarch.rpm ant-swing-1.10.14-150200.4.28.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1987 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for skopeo fixes the following issues: - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123) skopeo-1.14.4-150300.11.11.1.src.rpm skopeo-1.14.4-150300.11.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2085 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-requests fixes the following issue: - Allow the usage of "verify" parameter as a directory. (bsc#1225912) python-requests-2.25.1-150300.3.12.2.src.rpm python3-requests-2.25.1-150300.3.12.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2023 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd "inetd" mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on "socat /tmp/x\"x/x -" Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file socat-1.8.0.0-150400.14.3.1.src.rpm socat-1.8.0.0-150400.14.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2005 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues: Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356). - CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356). kernel-firmware-nvidia-gspx-G06-550.90.07-150400.9.33.1.nosrc.rpm kernel-firmware-nvidia-gspx-G06-550.90.07-150400.9.33.1.x86_64.rpm nvidia-open-driver-G06-signed-550.90.07-150400.9.62.1.src.rpm nvidia-open-driver-G06-signed-default-devel-550.90.07-150400.9.62.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-550.90.07_k5.14.21_150400.24.119-150400.9.62.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2077 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gdk-pixbuf fixes the following issues: gdk-pixbuf was updated to version 2.42.12: - Security issues fixed: * CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276) - Changes in version 2.42.12: + ani: Reject files with multiple INA or IART chunks, + ani: validate chunk size, + Updated translations. - Enable other image loaders such as xpm and xbm (bsc#1223903) - Changes in version 2.42.11: + Disable fringe loaders by default. + Introspection fixes. + Updated translations. - Changes in version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Fixed loading of larger images - Avoid Bash specific syntax in baselibs postscript (bsc#1195391) gdk-pixbuf-2.42.12-150400.5.9.1.src.rpm gdk-pixbuf-devel-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-lang-2.42.12-150400.5.9.1.noarch.rpm gdk-pixbuf-query-loaders-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-query-loaders-32bit-2.42.12-150400.5.9.1.x86_64.rpm gdk-pixbuf-thumbnailer-2.42.12-150400.5.9.1.x86_64.rpm libgdk_pixbuf-2_0-0-2.42.12-150400.5.9.1.x86_64.rpm typelib-1_0-GdkPixbuf-2_0-2.42.12-150400.5.9.1.x86_64.rpm typelib-1_0-GdkPixdata-2_0-2.42.12-150400.5.9.1.x86_64.rpm libgdk_pixbuf-2_0-0-32bit-2.42.12-150400.5.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1985 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mariadb fixes the following issues: - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - CVE-2023-22084: Fixed a vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server (bsc#1217405). - Update to 10.6.18. libmariadbd-devel-10.6.18-150400.3.33.1.x86_64.rpm libmariadbd19-10.6.18-150400.3.33.1.x86_64.rpm mariadb-10.6.18-150400.3.33.1.src.rpm mariadb-10.6.18-150400.3.33.1.x86_64.rpm mariadb-client-10.6.18-150400.3.33.1.x86_64.rpm mariadb-errormessages-10.6.18-150400.3.33.1.noarch.rpm mariadb-tools-10.6.18-150400.3.33.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1986 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content-Type. (bsc#1225997) rmt-server-2.17-150400.3.25.1.src.rpm rmt-server-2.17-150400.3.25.1.x86_64.rpm rmt-server-config-2.17-150400.3.25.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2189 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). kernel-default-5.14.21-150400.24.122.2.nosrc.rpm True kernel-default-5.14.21-150400.24.122.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.122.2.150400.24.58.2.src.rpm True kernel-default-base-5.14.21-150400.24.122.2.150400.24.58.2.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.122.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.122.1.noarch.rpm True kernel-docs-5.14.21-150400.24.122.2.noarch.rpm True kernel-docs-5.14.21-150400.24.122.2.nosrc.rpm True kernel-macros-5.14.21-150400.24.122.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.122.2.src.rpm True kernel-obs-build-5.14.21-150400.24.122.2.x86_64.rpm True kernel-source-5.14.21-150400.24.122.1.noarch.rpm True kernel-source-5.14.21-150400.24.122.1.src.rpm True kernel-syms-5.14.21-150400.24.122.1.src.rpm True kernel-syms-5.14.21-150400.24.122.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.122.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2518 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Speed up salt.matcher.confirm_top by using __context__ - Do not call the async wrapper calls with the separate thread - Prevent OOM with high amount of batch async calls (bsc#1216063) - Add missing contextvars dependency in salt.version - Skip tests for unsupported algorithm on old OpenSSL version - Remove redundant `_file_find` call to the master - Prevent possible exception in tornado.concurrent.Future._set_done - Make reactor engine less blocking the EventPublisher - Make salt-master self recoverable on killing EventPublisher - Improve broken events catching and reporting - Make logging calls lighter - Remove unused import causing delays on starting salt-master - Mark python3-CherryPy as recommended package for the testsuite python3-salt-3006.0-150400.8.63.2.x86_64.rpm True salt-3006.0-150400.8.63.2.src.rpm True salt-3006.0-150400.8.63.2.x86_64.rpm True salt-api-3006.0-150400.8.63.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.63.2.noarch.rpm True salt-cloud-3006.0-150400.8.63.2.x86_64.rpm True salt-doc-3006.0-150400.8.63.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.63.2.noarch.rpm True salt-master-3006.0-150400.8.63.2.x86_64.rpm True salt-minion-3006.0-150400.8.63.2.x86_64.rpm True salt-proxy-3006.0-150400.8.63.2.x86_64.rpm True salt-ssh-3006.0-150400.8.63.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.63.2.x86_64.rpm True salt-syndic-3006.0-150400.8.63.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.63.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.63.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2069 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - Fix --no-joliet option and add warning about too long Joliet file names - Add more mkisofs log output in verbosity level 3 - Ensure mksusecd error code is preserved - Add info about Joliet file name limit to man page - Fix integrating software modules containing debuginfo packages (bsc#1226047) - Increase initrd xz compression level - Enforce de-duplication in mkisofs - Deal with systems where /tmp is a symlink (bsc#1221603) - Support usrmerged kmod package (bsc#1221603) - Handle compressed firmware files (bsc#1214789) - Allow also xz and zstd compression in repodata (bsc#1218706) - Allow --instsys option for Live media - Calculate EFI boot image size correctly - If initrd/kernel are in two different location on the medium, update in both locations - isohybrid: remove outdated 1024 cylinders warning - Default to GPT if source ISO uses it - Add --signature-file option and rewrite signature embedding - Fix --instsys option handling (bsc#1213606) - Add --rescue option to allow modifying the rescue system - Add --volume1 option to allow setting separate labels for both ISO file systems (bsc#1213185) mksusecd-2.18-150400.3.18.2.src.rpm mksusecd-2.18-150400.3.18.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2061 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window - CVE-2024-5692: Bypass of file name restrictions during saving - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas - CVE-2024-5696: Memory Corruption in Text Fragments - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 MozillaFirefox-115.12.0-150200.152.140.2.src.rpm MozillaFirefox-115.12.0-150200.152.140.2.x86_64.rpm MozillaFirefox-devel-115.12.0-150200.152.140.2.noarch.rpm MozillaFirefox-translations-common-115.12.0-150200.152.140.2.x86_64.rpm MozillaFirefox-translations-other-115.12.0-150200.152.140.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2052 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libaom fixes the following issues: - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). libaom-3.2.0-150400.3.6.1.src.rpm libaom3-3.2.0-150400.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2090 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122) - CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136) podman-4.9.5-150400.4.27.1.src.rpm podman-4.9.5-150400.4.27.1.x86_64.rpm podman-docker-4.9.5-150400.4.27.1.noarch.rpm podman-remote-4.9.5-150400.4.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2039 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) apache2-mod_php8-8.0.30-150400.4.43.1.src.rpm apache2-mod_php8-8.0.30-150400.4.43.1.x86_64.rpm php8-8.0.30-150400.4.43.1.src.rpm php8-8.0.30-150400.4.43.1.x86_64.rpm php8-bcmath-8.0.30-150400.4.43.1.x86_64.rpm php8-bz2-8.0.30-150400.4.43.1.x86_64.rpm php8-calendar-8.0.30-150400.4.43.1.x86_64.rpm php8-cli-8.0.30-150400.4.43.1.x86_64.rpm php8-ctype-8.0.30-150400.4.43.1.x86_64.rpm php8-curl-8.0.30-150400.4.43.1.x86_64.rpm php8-dba-8.0.30-150400.4.43.1.x86_64.rpm php8-devel-8.0.30-150400.4.43.1.x86_64.rpm php8-dom-8.0.30-150400.4.43.1.x86_64.rpm php8-embed-8.0.30-150400.4.43.1.src.rpm php8-embed-8.0.30-150400.4.43.1.x86_64.rpm php8-enchant-8.0.30-150400.4.43.1.x86_64.rpm php8-exif-8.0.30-150400.4.43.1.x86_64.rpm php8-fastcgi-8.0.30-150400.4.43.1.src.rpm php8-fastcgi-8.0.30-150400.4.43.1.x86_64.rpm php8-fileinfo-8.0.30-150400.4.43.1.x86_64.rpm php8-fpm-8.0.30-150400.4.43.1.src.rpm php8-fpm-8.0.30-150400.4.43.1.x86_64.rpm php8-ftp-8.0.30-150400.4.43.1.x86_64.rpm php8-gd-8.0.30-150400.4.43.1.x86_64.rpm php8-gettext-8.0.30-150400.4.43.1.x86_64.rpm php8-gmp-8.0.30-150400.4.43.1.x86_64.rpm php8-iconv-8.0.30-150400.4.43.1.x86_64.rpm php8-intl-8.0.30-150400.4.43.1.x86_64.rpm php8-ldap-8.0.30-150400.4.43.1.x86_64.rpm php8-mbstring-8.0.30-150400.4.43.1.x86_64.rpm php8-mysql-8.0.30-150400.4.43.1.x86_64.rpm php8-odbc-8.0.30-150400.4.43.1.x86_64.rpm php8-opcache-8.0.30-150400.4.43.1.x86_64.rpm php8-openssl-8.0.30-150400.4.43.1.x86_64.rpm php8-pcntl-8.0.30-150400.4.43.1.x86_64.rpm php8-pdo-8.0.30-150400.4.43.1.x86_64.rpm php8-pgsql-8.0.30-150400.4.43.1.x86_64.rpm php8-phar-8.0.30-150400.4.43.1.x86_64.rpm php8-posix-8.0.30-150400.4.43.1.x86_64.rpm php8-readline-8.0.30-150400.4.43.1.x86_64.rpm php8-shmop-8.0.30-150400.4.43.1.x86_64.rpm php8-snmp-8.0.30-150400.4.43.1.x86_64.rpm php8-soap-8.0.30-150400.4.43.1.x86_64.rpm php8-sockets-8.0.30-150400.4.43.1.x86_64.rpm php8-sodium-8.0.30-150400.4.43.1.x86_64.rpm php8-sqlite-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvmsg-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvsem-8.0.30-150400.4.43.1.x86_64.rpm php8-sysvshm-8.0.30-150400.4.43.1.x86_64.rpm php8-test-8.0.30-150400.4.43.1.src.rpm php8-test-8.0.30-150400.4.43.1.x86_64.rpm php8-tidy-8.0.30-150400.4.43.1.x86_64.rpm php8-tokenizer-8.0.30-150400.4.43.1.x86_64.rpm php8-xmlreader-8.0.30-150400.4.43.1.x86_64.rpm php8-xmlwriter-8.0.30-150400.4.43.1.x86_64.rpm php8-xsl-8.0.30-150400.4.43.1.x86_64.rpm php8-zip-8.0.30-150400.4.43.1.x86_64.rpm php8-zlib-8.0.30-150400.4.43.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2038 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) apache2-mod_php7-7.4.33-150400.4.37.1.src.rpm apache2-mod_php7-7.4.33-150400.4.37.1.x86_64.rpm php7-7.4.33-150400.4.37.1.src.rpm php7-7.4.33-150400.4.37.1.x86_64.rpm php7-bcmath-7.4.33-150400.4.37.1.x86_64.rpm php7-bz2-7.4.33-150400.4.37.1.x86_64.rpm php7-calendar-7.4.33-150400.4.37.1.x86_64.rpm php7-cli-7.4.33-150400.4.37.1.x86_64.rpm php7-ctype-7.4.33-150400.4.37.1.x86_64.rpm php7-curl-7.4.33-150400.4.37.1.x86_64.rpm php7-dba-7.4.33-150400.4.37.1.x86_64.rpm php7-devel-7.4.33-150400.4.37.1.x86_64.rpm php7-dom-7.4.33-150400.4.37.1.x86_64.rpm php7-enchant-7.4.33-150400.4.37.1.x86_64.rpm php7-exif-7.4.33-150400.4.37.1.x86_64.rpm php7-fastcgi-7.4.33-150400.4.37.1.src.rpm php7-fastcgi-7.4.33-150400.4.37.1.x86_64.rpm php7-fileinfo-7.4.33-150400.4.37.1.x86_64.rpm php7-fpm-7.4.33-150400.4.37.1.src.rpm php7-fpm-7.4.33-150400.4.37.1.x86_64.rpm php7-ftp-7.4.33-150400.4.37.1.x86_64.rpm php7-gd-7.4.33-150400.4.37.1.x86_64.rpm php7-gettext-7.4.33-150400.4.37.1.x86_64.rpm php7-gmp-7.4.33-150400.4.37.1.x86_64.rpm php7-iconv-7.4.33-150400.4.37.1.x86_64.rpm php7-intl-7.4.33-150400.4.37.1.x86_64.rpm php7-json-7.4.33-150400.4.37.1.x86_64.rpm php7-ldap-7.4.33-150400.4.37.1.x86_64.rpm php7-mbstring-7.4.33-150400.4.37.1.x86_64.rpm php7-mysql-7.4.33-150400.4.37.1.x86_64.rpm php7-odbc-7.4.33-150400.4.37.1.x86_64.rpm php7-opcache-7.4.33-150400.4.37.1.x86_64.rpm php7-openssl-7.4.33-150400.4.37.1.x86_64.rpm php7-pcntl-7.4.33-150400.4.37.1.x86_64.rpm php7-pdo-7.4.33-150400.4.37.1.x86_64.rpm php7-pgsql-7.4.33-150400.4.37.1.x86_64.rpm php7-phar-7.4.33-150400.4.37.1.x86_64.rpm php7-posix-7.4.33-150400.4.37.1.x86_64.rpm php7-readline-7.4.33-150400.4.37.1.x86_64.rpm php7-shmop-7.4.33-150400.4.37.1.x86_64.rpm php7-snmp-7.4.33-150400.4.37.1.x86_64.rpm php7-soap-7.4.33-150400.4.37.1.x86_64.rpm php7-sockets-7.4.33-150400.4.37.1.x86_64.rpm php7-sodium-7.4.33-150400.4.37.1.x86_64.rpm php7-sqlite-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvmsg-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvsem-7.4.33-150400.4.37.1.x86_64.rpm php7-sysvshm-7.4.33-150400.4.37.1.x86_64.rpm php7-tidy-7.4.33-150400.4.37.1.x86_64.rpm php7-tokenizer-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlreader-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlrpc-7.4.33-150400.4.37.1.x86_64.rpm php7-xmlwriter-7.4.33-150400.4.37.1.x86_64.rpm php7-xsl-7.4.33-150400.4.37.1.x86_64.rpm php7-zip-7.4.33-150400.4.37.1.x86_64.rpm php7-zlib-7.4.33-150400.4.37.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2142 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: scap-security-guid was updated to 0.1.73 (jsc#ECO-3319) - CMP 2417: Implement PCI-DSS v4.0 outline for OpenShift (#11651) - Update all RHEL ANSSI BP028 profiles to be aligned with configuration recommendations version 2.0 - Generate rule references from control files (#11540) - Initial implementation of STIG V1R1 profile for Ubuntu 22.04 LTS (#11820) scap-security-guide-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-0.1.73-150000.1.81.1.src.rpm scap-security-guide-debian-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-redhat-0.1.73-150000.1.81.1.noarch.rpm scap-security-guide-ubuntu-0.1.73-150000.1.81.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2088 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) libopenssl-3-devel-3.0.8-150400.4.57.1.x86_64.rpm libopenssl3-3.0.8-150400.4.57.1.x86_64.rpm openssl-3-3.0.8-150400.4.57.1.src.rpm openssl-3-3.0.8-150400.4.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2089 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) libopenssl-1_1-devel-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.69.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.69.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.69.1.src.rpm openssl-1_1-1.1.1l-150400.7.69.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2744 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) libsuseconnect-1.11.0-150400.3.36.4.x86_64.rpm suseconnect-ng-1.11.0-150400.3.36.4.src.rpm suseconnect-ng-1.11.0-150400.3.36.4.x86_64.rpm suseconnect-ruby-bindings-1.11.0-150400.3.36.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2171 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libarchive fixes the following issues: - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). bsdtar-3.5.1-150400.3.15.1.x86_64.rpm libarchive-3.5.1-150400.3.15.1.src.rpm libarchive-devel-3.5.1-150400.3.15.1.x86_64.rpm libarchive13-3.5.1-150400.3.15.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2106 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for php-composer2 fixes the following issues: - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181). - CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182). php-composer2-2.2.3-150400.3.12.1.noarch.rpm php-composer2-2.2.3-150400.3.12.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2180 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for vte fixes the following issues: - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape. (bsc#1226134) libvte-2_91-0-0.66.2-150400.3.5.1.x86_64.rpm typelib-1_0-Vte-2.91-0.66.2-150400.3.5.1.x86_64.rpm vte-0.66.2-150400.3.5.1.src.rpm vte-devel-0.66.2-150400.3.5.1.x86_64.rpm vte-lang-0.66.2-150400.3.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2231 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for autofs fixes the following issues: - Don't use the intr option on NFS mounts by default, it's been ignored by the kernel for a long time now (bsc#1225130) autofs-5.1.3-150000.7.20.1.src.rpm autofs-5.1.3-150000.7.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2226 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - Apache ignores headers sent by CGI scripts (bsc#1226217) apache2-2.4.51-150400.6.20.1.src.rpm apache2-2.4.51-150400.6.20.1.x86_64.rpm apache2-devel-2.4.51-150400.6.20.1.x86_64.rpm apache2-doc-2.4.51-150400.6.20.1.noarch.rpm apache2-prefork-2.4.51-150400.6.20.1.x86_64.rpm apache2-utils-2.4.51-150400.6.20.1.x86_64.rpm apache2-worker-2.4.51-150400.6.20.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2170 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gnome-settings-daemon fixes the following issues: - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). gnome-settings-daemon-41.0-150400.3.3.1.src.rpm gnome-settings-daemon-41.0-150400.3.3.1.x86_64.rpm gnome-settings-daemon-devel-41.0-150400.3.3.1.x86_64.rpm gnome-settings-daemon-lang-41.0-150400.3.3.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2224 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: - Fix condition enabling shenandoah GC (bsc#1226274) - Disable shenandoah for all distributions, since the shenandoah hotspot tarball is rather out of sync java-1_8_0-openjdk-1.8.0.412-150000.3.94.1.src.rpm java-1_8_0-openjdk-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.412-150000.3.94.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.412-150000.3.94.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2198 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) ghostscript-9.52-150000.191.1.src.rpm ghostscript-9.52-150000.191.1.x86_64.rpm ghostscript-devel-9.52-150000.191.1.x86_64.rpm ghostscript-x11-9.52-150000.191.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2196 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] wicked-0.6.75-150400.3.27.1.src.rpm wicked-0.6.75-150400.3.27.1.x86_64.rpm wicked-service-0.6.75-150400.3.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2245 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2023-38406: Fixed nlri length of zero mishandling, aka "flowspec overflow". (bsc#1216900) - CVE-2023-47235: Fixed a crash on malformed BGP UPDATE message with an EOR, because the presence of EOR does not lead to a treat-as-withdraw outcome. (bsc#1216896) - CVE-2023-47234: Fixed a crash on crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data. (bsc#1216897) - CVE-2023-38407: Fixed attempts to read beyond the end of the stream during labeled unicast parsing. (bsc#1216899) frr-7.4-150300.4.26.1.src.rpm frr-7.4-150300.4.26.1.x86_64.rpm frr-devel-7.4-150300.4.26.1.x86_64.rpm libfrr0-7.4-150300.4.26.1.x86_64.rpm libfrr_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrcares0-7.4-150300.4.26.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.26.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.26.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.26.1.x86_64.rpm libfrrzmq0-7.4-150300.4.26.1.x86_64.rpm libmlag_pb0-7.4-150300.4.26.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2253 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds containerd-1.7.17-150000.114.1.src.rpm containerd-1.7.17-150000.114.1.x86_64.rpm containerd-ctr-1.7.17-150000.114.1.x86_64.rpm containerd-devel-1.7.17-150000.114.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2296 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for jakarta-inject fixes the following issues: - New pacakge implementation at version 2.0.1 jakarta-inject-2.0.1-150200.5.3.3.noarch.rpm jakarta-inject-2.0.1-150200.5.3.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3178 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) PackageKit-1.2.4-150400.3.20.2.src.rpm True PackageKit-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-branding-SLE-12.0-150400.15.7.2.noarch.rpm True PackageKit-branding-SLE-12.0-150400.15.7.2.src.rpm True PackageKit-devel-1.2.4-150400.3.20.2.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.20.2.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.20.2.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.20.2.x86_64.rpm True libsolv-0.7.30-150400.3.27.2.src.rpm True libsolv-devel-0.7.30-150400.3.27.2.x86_64.rpm True libsolv-tools-0.7.30-150400.3.27.2.x86_64.rpm True libsolv-tools-base-0.7.30-150400.3.27.2.x86_64.rpm True libyui-4.3.7-150400.3.12.1.src.rpm True libyui-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-pkg-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-pkg-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-pkg16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-ncurses-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses-tools-4.3.7-150400.3.12.1.x86_64.rpm True libyui-ncurses16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-4.3.7-150400.3.12.1.src.rpm True libyui-qt-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-graph-4.3.7-150400.3.12.1.src.rpm True libyui-qt-graph-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-graph16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-pkg-4.3.7-150400.3.12.1.src.rpm True libyui-qt-pkg-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-pkg16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-qt-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-qt16-4.3.7-150400.3.12.1.x86_64.rpm True libyui-rest-api-4.3.7-150400.3.12.1.src.rpm True libyui-rest-api-devel-4.3.7-150400.3.12.1.x86_64.rpm True libyui-rest-api16-4.3.7-150400.3.12.1.x86_64.rpm True libyui16-4.3.7-150400.3.12.1.x86_64.rpm True libzypp-17.35.8-150400.3.85.1.src.rpm True libzypp-17.35.8-150400.3.85.1.x86_64.rpm True libzypp-devel-17.35.8-150400.3.85.1.x86_64.rpm True perl-solv-0.7.30-150400.3.27.2.x86_64.rpm True python3-solv-0.7.30-150400.3.27.2.x86_64.rpm True python3-zypp-plugin-0.6.4-150400.13.4.1.noarch.rpm True ruby-solv-0.7.30-150400.3.27.2.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.20.2.x86_64.rpm True yast2-pkg-bindings-4.4.7-150400.3.16.1.src.rpm True yast2-pkg-bindings-4.4.7-150400.3.16.1.x86_64.rpm True zypp-plugin-0.6.4-150400.13.4.1.src.rpm True zypper-1.14.76-150400.3.57.16.src.rpm True zypper-1.14.76-150400.3.57.16.x86_64.rpm True zypper-log-1.14.76-150400.3.57.16.noarch.rpm True zypper-needs-restarting-1.14.76-150400.3.57.16.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2283 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) libndp-1.6-150000.3.3.1.src.rpm libndp-devel-1.6-150000.3.3.1.x86_64.rpm libndp0-1.6-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2292 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path (bsc#1226945). - CVE-2024-33870: Fixed a format string injection that could lead to command execution (bsc#1226944). - CVE-2024-33869: Fixed a path validation bypass that could lead to path traversal (bsc#1226946). ghostscript-9.52-150000.194.1.src.rpm ghostscript-9.52-150000.194.1.x86_64.rpm ghostscript-devel-9.52-150000.194.1.x86_64.rpm ghostscript-x11-9.52-150000.194.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2402 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xkbcomp fixes the following issue: - fix keyboard layouts in XWayland applications when having several keyboard layouts enabled (bsc#1219505) xkbcomp-1.4.1-150000.3.3.2.src.rpm xkbcomp-1.4.1-150000.3.3.2.x86_64.rpm xkbcomp-devel-1.4.1-150000.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2567 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for emacs fixes the following issues: - CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode (bsc#1226957). emacs-27.2-150400.3.17.1.src.rpm emacs-27.2-150400.3.17.1.x86_64.rpm emacs-el-27.2-150400.3.17.1.noarch.rpm emacs-info-27.2-150400.3.17.1.noarch.rpm emacs-nox-27.2-150400.3.17.1.x86_64.rpm emacs-x11-27.2-150400.3.17.1.x86_64.rpm etags-27.2-150400.3.17.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2647 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: antinject was updated to version 1.0.5: - Don't distribute as jakarta.inject:jakarta-inject-api artifact to prevent conflicts with the version 2.x that actually has classes in jakarta.inject namespace and thus is incompatible - Switched to sources in https://github.com/jakartaee/inject/ - Changes in version 1.0.5: * This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module. This is a multi-release jar - Changes in version 1.0.4: * This is a 1.0.4 service release with a multi-release jar that adds the module-info class to META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the javax.inject module. - Changes in version 1.0.3: * This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. * It adds the Automatic-Module-Name=java.inject to the api jar manifest. - Changes in version 1.0.2: * Set Automatic-Module-Name to java.inject * Added OSGi bundle headers - Changes in version 1.0.1: * Added Automatic-Module-Name of jakarta.inject - Changes in version 1.0: * First Injection API release for Jakarta EE cdi-api: - Use the javax.inject artifact google-guice was updated to version 6.0.0: - Changes in version 6.0.0: * JEE Jakarta Transition: + Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec (after the javax -> jakarta JEE transition). Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0 that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject or com.google.inject Providers. + The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces respectively. + Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is passed to bind(..).toProvider. * Guice Core: + Adds jakarta.inject support. + Support Java 21 (via updating ASM to 9.5 and other changes). + Improve AOP support on JVMs such as Azul. + Fix a deadlock or crash associated with recursively loading just-in-time bindings. + Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources. + Fix an endloop loop (that can OOM) in singleton lock cycle detection. + Fix tests to pass on Windows, despite the different line separator. + Improvements to OSGi metadata. + Mark the JSR305 dependency as optional (since it's not required at runtime). + Fix Binder.requestInjection(TypeLiteral<T>, T) to use the TypeLiteral. + Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation + Add a way to tell if a class is "enhanced" by Guice, and retrieve the original class. + Ensure the order of bind(...) statements does not matter when referring to JIT bindings. + Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass isn't required. + Mark the error_prone_annotations dependency as optional. * Servlet: + Fix an NPE if contextPath is null * Persist: + Persist had a number of changes, some of which are backwards incompatible. Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks). Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets setAutoBeginWorkOnEntityManagerCreation to true. + EntityManager provisioning no longer automatically starts an unit of work. + Ignore multiple start/stop calls, rather than throwing an exception. + Support manually initiated rollbacks. + Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions. gradle-bootstrap: - Package rebuilt to account for the new jakarta-inject dependency gradle: - Fixed build with jakarta-inject, which was introduced as a new google-guice dependency maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire: - Use plexus-metadata-generator executable directly to simplify build classpath maven-javadoc-plugin: - Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more modello: - Added dependency on jakarta-inject, needed by google-guice 6.0.0 plexus-component-metadata and plexus-containers were updated to version 2.2.0: - Added dependency on plexus-xml where relevant * This will be needed for smooth upgrade to plexus-utils 4.0.0 - Changes in version 2.2.0: * Improved documentation to switch to Sisu * Cleaned up poms after parent upgrade * Improved plexus-component metadata - removed dependency to plexus-container-default * Added deprecation information to Plexus components * Require Java 8 * Dropped plexus-container-default artefact * Require Maven 3.6.3+ * Switched to Junit5 * Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2 - Changes in version 2.1.1: * Last version before deprecation * Requires Java 7 and Maven 3.2.5+ * Upgraded ASM to 9.2 * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 plexus-utils was updated to version 4.0.0: - Changes in version 4.0.0: * Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate plexus-xml: if you need them, just use this new artifact\ * Other changes: + Fixed false difference detected with CachingOutputStream/CachingWriter when streams are flushed + Dependency updates + Switched to Junit 5 plexus-xml was update to version 3.0.1: - Changes in version 3.0.1: * Bugs fixed: + Allow nulls for write elements in MXSerializer + Removed special chars from xml output * Dependency updates: + Bumped org.codehaus.plexus:plexus from 17 to 18 + Bumped release-drafter/release-drafter from 5 to 6 + Bumped parent to 17 and updates * Maintenance: + Switched to Junit 5 + Switched to shared gh actions setup from master branch sbt: - Require the new plexus-xml package to fix build sisu was updated to version 0.9.0.M3: - Provide plexus-containers-container-default for easier update - Add dependency on plexus-xml where relevant - Changes of sisu version 0.9.0.M3: * Annotated new method * Updated workflow to run on Java 21 * Build with final Java 21 on GitHub * Switched to JUnit5 * Disabled annotation processor by default * Do not silently fail in case of class scanning exceptions * Updated to ASM 9.7 * Updated CONTRIBUTING.md * Aligned Plexus ASM version * Renamed release profile * Fixed Jacoco coverage repots in Sonar * Added a method to allow LifecycleManager to free keys * Licence change: From EPL1 to EPL2 * Updated documentation for exposed core extensions, fix anchors * Trigger Sonarcloud analysis from GHA - Changes of sisu version 0.9.0.M2: * Fixed SpaceScanner to use latest ASM API version * 3.7 is not an officially supported version therefore specify3.8 instead * Provide script to help upgrade embedded copy of ASM * ASM_9_4 * Require Java 8 * Sisu specific PreConstruct/PreDestroy annotations * Updated build plugins * ASM 9.5 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project * Create a 'no_asm' jar at release time which doesn't embed ASM - Changes of sisu.inject version 9.0.M1: * Fixed CDI related issues * Build with Eclipse/Tycho 2.5.0 and Java 11 * Raise problem reporting logs to DEBUG, fixes #36 * Upgraded internal copy of ASM to 9.2 * Implemented PathTypeConverter * Added JUnit 5 annotations to InjectedTest setUp/tearDown * Fixed static parameters binding lookup * Run injection tests against multiple versions of Guice * Support using @priority on Providers * Use read lock when subscribing to publishers… * Cache binding lookups for single bean providers * Use AtomicReferenceFieldUpdater as it works better for large numbers of instances * Enabled Java CI workflow * Enabled CodeQL analysis * Replaced potentially-expensive regex with simple tokenizer * Allow Main to boot with extra bindings * Re-enabled various resource-related unit tests * Reworked globber pattern strategy to avoid use of regex * Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering - Changes of sisu.plexus version 0.9.0.M2: * Make build work with Java17 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project - Changes of sisu.plexus version 0.9.0.M1: * Aligned logback with sisu.inject * Build with Eclipse/Tycho 2.5.0 and Java 11 * Support configuration of collections with complex generic types * Enabled Java CI workflow * Enabled CodeQL analysis sisu-mojos: - Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project atinject-1+20211017gitd06ce18-150200.3.13.1.noarch.rpm atinject-1+20211017gitd06ce18-150200.3.13.1.src.rpm cdi-api-2.0.2-150200.3.11.2.noarch.rpm cdi-api-2.0.2-150200.3.11.2.src.rpm google-guice-6.0.0-150200.3.10.4.noarch.rpm google-guice-6.0.0-150200.3.10.4.src.rpm gradle-4.4.1-150200.3.21.2.src.rpm gradle-4.4.1-150200.3.21.2.x86_64.rpm maven-3.9.8-150200.4.27.2.src.rpm maven-3.9.8-150200.4.27.2.x86_64.rpm maven-artifact-transfer-0.13.1-150200.3.12.1.noarch.rpm maven-artifact-transfer-0.13.1-150200.3.12.1.src.rpm maven-doxia-1.12.0-150200.4.15.4.src.rpm maven-doxia-core-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-logging-api-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-apt-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-fml-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-fo-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xdoc-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xhtml-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-module-xhtml5-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-sink-api-1.12.0-150200.4.15.4.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.15.1.noarch.rpm maven-doxia-sitetools-1.11.1-150200.3.15.1.src.rpm maven-javadoc-plugin-3.6.0-150200.4.18.1.noarch.rpm maven-javadoc-plugin-3.6.0-150200.4.18.1.src.rpm maven-lib-3.9.8-150200.4.27.2.x86_64.rpm maven-resolver-1.9.20-150200.3.23.2.src.rpm maven-resolver-api-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-connector-basic-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-impl-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-named-locks-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-spi-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-file-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-http-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-transport-wagon-1.9.20-150200.3.23.2.noarch.rpm maven-resolver-util-1.9.20-150200.3.23.2.noarch.rpm maven-surefire-3.2.5-150200.3.9.17.4.noarch.rpm maven-surefire-3.2.5-150200.3.9.17.4.src.rpm maven-surefire-plugin-3.2.5-150200.3.9.17.1.noarch.rpm maven-surefire-plugins-3.2.5-150200.3.9.17.1.src.rpm maven-surefire-provider-junit-3.2.5-150200.3.9.17.4.noarch.rpm maven-surefire-provider-testng-3.2.5-150200.3.9.17.4.noarch.rpm plexus-component-metadata-2.2.0-150200.3.9.2.noarch.rpm plexus-component-metadata-2.2.0-150200.3.9.2.src.rpm plexus-containers-2.2.0-150200.3.9.2.src.rpm plexus-containers-component-annotations-2.2.0-150200.3.9.2.noarch.rpm plexus-utils-4.0.1-150200.3.11.2.noarch.rpm plexus-utils-4.0.1-150200.3.11.2.src.rpm plexus-xml-3.0.1-150200.5.8.2.noarch.rpm plexus-xml-3.0.1-150200.5.8.2.src.rpm sisu-0.9.0.M3-150200.3.9.2.src.rpm sisu-inject-0.9.0.M3-150200.3.9.2.noarch.rpm sisu-plexus-0.9.0.M3-150200.3.9.2.noarch.rpm xmvn-4.2.0-150200.3.24.2.src.rpm xmvn-4.2.0-150200.3.24.2.x86_64.rpm xmvn-api-4.2.0-150200.3.24.2.noarch.rpm xmvn-connector-4.2.0-150200.3.24.2.noarch.rpm xmvn-connector-4.2.0-150200.3.24.2.src.rpm xmvn-core-4.2.0-150200.3.24.2.noarch.rpm xmvn-install-4.2.0-150200.3.24.2.noarch.rpm xmvn-minimal-4.2.0-150200.3.24.2.x86_64.rpm xmvn-mojo-4.2.0-150200.3.24.2.noarch.rpm xmvn-mojo-4.2.0-150200.3.24.2.src.rpm xmvn-resolve-4.2.0-150200.3.24.2.noarch.rpm xmvn-subst-4.2.0-150200.3.24.2.noarch.rpm xmvn-tools-4.2.0-150200.3.24.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2322 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). krb5-1.19.2-150400.3.12.1.src.rpm krb5-1.19.2-150400.3.12.1.x86_64.rpm krb5-32bit-1.19.2-150400.3.12.1.x86_64.rpm krb5-client-1.19.2-150400.3.12.1.x86_64.rpm krb5-devel-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-kdb-ldap-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-preauth-otp-1.19.2-150400.3.12.1.x86_64.rpm krb5-plugin-preauth-pkinit-1.19.2-150400.3.12.1.x86_64.rpm krb5-server-1.19.2-150400.3.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2308 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issues: Updated to version 1.21.12 (bsc#1212475): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). go1.21-1.21.12-150000.1.39.1.src.rpm go1.21-1.21.12-150000.1.39.1.x86_64.rpm go1.21-doc-1.21.12-150000.1.39.1.x86_64.rpm go1.21-race-1.21.12-150000.1.39.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2495 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert "build initrd without systemd" (bsc#1195775)" - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). kernel-default-5.14.21-150400.24.125.1.nosrc.rpm True kernel-default-5.14.21-150400.24.125.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1.src.rpm True kernel-default-base-5.14.21-150400.24.125.1.150400.24.60.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.125.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.125.1.noarch.rpm True kernel-docs-5.14.21-150400.24.125.1.noarch.rpm True kernel-docs-5.14.21-150400.24.125.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.125.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.125.1.src.rpm True kernel-obs-build-5.14.21-150400.24.125.1.x86_64.rpm True kernel-source-5.14.21-150400.24.125.1.noarch.rpm True kernel-source-5.14.21-150400.24.125.1.src.rpm True kernel-syms-5.14.21-150400.24.125.1.src.rpm True kernel-syms-5.14.21-150400.24.125.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.125.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2324 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issue: - "cups-filters: Poppler for color PDF as grayscale via PS level 1: huge output makes printing slow" (bsc#1225040) cups-filters-1.25.0-150200.3.12.3.src.rpm cups-filters-1.25.0-150200.3.12.3.x86_64.rpm cups-filters-devel-1.25.0-150200.3.12.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2409 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). - CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879). libvpx-1.11.0-150400.3.7.1.src.rpm libvpx-devel-1.11.0-150400.3.7.1.x86_64.rpm libvpx7-1.11.0-150400.3.7.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2408 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). libvpx-1.6.1-150000.6.16.1.src.rpm libvpx4-1.6.1-150000.6.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2664 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for open-vm-tools fixes the following issues: - There are no new features in the open-vm-tools release (bsc#1227181). This is primarily a maintenance release that addresses a few critical problems, including: - A Github pull request and associated issue has been handled. Please see the Resolved Issues section of the Release Notes - A number of issues flagged by Coverity and ShellCheck have been addressed - A vmtoolsd process hang related to nested logging from an RPC Channel error has been fixed libvmtools-devel-12.4.5-150300.52.6.x86_64.rpm libvmtools0-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-12.4.5-150300.52.6.src.rpm open-vm-tools-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-containerinfo-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-desktop-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-salt-minion-12.4.5-150300.52.6.x86_64.rpm open-vm-tools-sdmp-12.4.5-150300.52.6.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2313 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netty3 fixes the following issues: - CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045). netty3-3.10.6-150200.3.10.1.noarch.rpm netty3-3.10.6-150200.3.10.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2325 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) libhandle1-5.13.0-150400.3.10.2.x86_64.rpm xfsprogs-5.13.0-150400.3.10.2.src.rpm xfsprogs-5.13.0-150400.3.10.2.x86_64.rpm xfsprogs-devel-5.13.0-150400.3.10.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2399 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316): - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS - CVE-2024-6603: Memory corruption in thread creation - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 Other fixes: - Fix GNOME search provider (bsc#1225278) MozillaFirefox-115.13.0-150200.152.143.1.src.rpm MozillaFirefox-115.13.0-150200.152.143.1.x86_64.rpm MozillaFirefox-devel-115.13.0-150200.152.143.1.noarch.rpm MozillaFirefox-translations-common-115.13.0-150200.152.143.1.x86_64.rpm MozillaFirefox-translations-other-115.13.0-150200.152.143.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2486 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update rebuilds libssh2_org against openssl 1.1.1, enabling ed25519 support. (bsc#1227490) libssh2-1-1.11.0-150200.9.2.1.x86_64.rpm libssh2-1-32bit-1.11.0-150200.9.2.1.x86_64.rpm libssh2-devel-1.11.0-150200.9.2.1.x86_64.rpm libssh2_org-1.11.0-150200.9.2.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2697 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints "cannot be preloaded" (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) dracut-055+suse.357.g905645c2-150400.3.34.2.src.rpm dracut-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-fips-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-ima-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.357.g905645c2-150400.3.34.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2624 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) apache2-2.4.51-150400.6.29.1.src.rpm apache2-2.4.51-150400.6.29.1.x86_64.rpm apache2-devel-2.4.51-150400.6.29.1.x86_64.rpm apache2-doc-2.4.51-150400.6.29.1.noarch.rpm apache2-prefork-2.4.51-150400.6.29.1.x86_64.rpm apache2-utils-2.4.51-150400.6.29.1.x86_64.rpm apache2-worker-2.4.51-150400.6.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2406 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key suse-build-key-12.0-150000.8.46.2.noarch.rpm suse-build-key-12.0-150000.8.46.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2688 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) python-cssselect-1.0.3-150400.3.7.4.src.rpm python-toml-0.10.2-150300.3.2.6.src.rpm python3-cssselect-1.0.3-150400.3.7.4.noarch.rpm python3-toml-0.10.2-150300.3.2.6.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2485 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for tomcat fixes the following issues: Updated to version 9.0.91: - CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). tomcat-9.0.91-150200.68.1.noarch.rpm tomcat-9.0.91-150200.68.1.src.rpm tomcat-admin-webapps-9.0.91-150200.68.1.noarch.rpm tomcat-el-3_0-api-9.0.91-150200.68.1.noarch.rpm tomcat-jsp-2_3-api-9.0.91-150200.68.1.noarch.rpm tomcat-lib-9.0.91-150200.68.1.noarch.rpm tomcat-servlet-4_0-api-9.0.91-150200.68.1.noarch.rpm tomcat-webapps-9.0.91-150200.68.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3423 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355) - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) xen-4.16.6_04-150400.4.62.1.src.rpm True xen-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-devel-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-libs-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-domU-4.16.6_04-150400.4.62.1.x86_64.rpm True xen-tools-xendomains-wait-disk-4.16.6_04-150400.4.62.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2625 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for p7zip fixes the following issues: - CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358) - CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359) p7zip-16.02-150200.14.12.1.src.rpm p7zip-16.02-150200.14.12.1.x86_64.rpm p7zip-full-16.02-150200.14.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2644 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-lxml fixes the following issues: - Fixed compatibility with system libexpat in tests (bsc#1222075) python-lxml-4.9.3-150400.8.8.1.src.rpm python311-lxml-4.9.3-150400.8.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2640 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for certmonger fixes the following issues: - Add a SUSE specific patch which prevents the restart of the cert request for an external ca (bsc#1221406) - Remove obsolete build dependencies libfreebl3-hmac and libsoftokn3-hmac certmonger-0.79.13-150400.3.6.2.src.rpm certmonger-0.79.13-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2718 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqb fixes the following issue: - ipc: Retry receiving credentials if the the message is short (bsc#1224183) libqb-2.0.4+20211112.a2691b9-150400.4.6.2.src.rpm libqb-devel-2.0.4+20211112.a2691b9-150400.4.6.2.x86_64.rpm libqb100-2.0.4+20211112.a2691b9-150400.4.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2609 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) suse-build-key-12.0-150000.8.49.2.noarch.rpm suse-build-key-12.0-150000.8.49.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2671 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) cups-2.2.7-150000.3.62.1.src.rpm cups-2.2.7-150000.3.62.1.x86_64.rpm cups-client-2.2.7-150000.3.62.1.x86_64.rpm cups-config-2.2.7-150000.3.62.1.x86_64.rpm cups-ddk-2.2.7-150000.3.62.1.x86_64.rpm cups-devel-2.2.7-150000.3.62.1.x86_64.rpm libcups2-2.2.7-150000.3.62.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.62.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.62.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.62.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.62.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.62.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2651 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server fixes the following issues: - Version 2.18 * Move temporary storage of downloaded files to the repo directory to avoid filling up /tmp partition * Fixes for RES7-LTSS and OL7-LTSS clients * Instance Verification: re-setting the repository and registry cache path to the right value; update the cache scrubber paths rmt-server-2.18-150400.3.28.1.src.rpm rmt-server-2.18-150400.3.28.1.x86_64.rpm rmt-server-config-2.18-150400.3.28.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2642 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for Java fixes the following issues: maven-shared-utils was updated to version 3.4.2: - Changes in version 3.4.2: * New features and improvements: + Made Commandline.addSystemEnvironment public and deprecated + Deprecated IsEmpty/IsNotEmpty methods + Deprecated newXmlWriter + Deprecated redundant isEmptyString method + Deprecated join methods now available in Java 8 String class + FileUtils: avoid getCanonicalPath() + Added build() method and document toString() method + Optionally inherit system environment variables by Commandline + Dropped plexus container default * Bugs Fixed: + Removed trim parameter + Fixed blocking in StreamFeeder + Ignore MessageUtilsTest methods on unsupported platforms + Make copyFile succeed with source file having lastModified() = 0 + XmlWriterUtil platform independent and consistent + Poll data from input stream plexus-io was updated to version 3.2.0 to 3.4.2: - New features and improvements: * Drop legacy and make components pure JSR330 * Restore speed improvements * Plexus IO build is now reproducible * Various speed improvements * Plexus IO now requires Java 8 - Dependency updates: * Update sisu.inject to 0.9.0.M2 * Bumped guice from 5.1.0 to 6.0.0 * Bumped commons-io:commons-io from 2.11.0 to 2.15.1 * Bumped plexus-utils from 3.5.0 to 4.0.0 * Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 - Bugs fixed: * Fix symbolic link are being resolved into absolute path * Fix symbolic links to directories are not recognized as directories * Fix issue related to symbolic link tests issue plexus-interpolation was updated to version 1.27.0: - New features and improvements: * Added support for PPC64LE * Added dependabot and release drafter configuration * Moved to Junit5 - Dependency updates: * Bumped plexus from 7 to 16 * Bumped maven-bundle-plugin from 3.0.1 to 5.1.9 plexus-cli was updated to version 1.7: - Changes: * Bumped plexus-components from 6.5 to 10.0 * Bumped checkstyle from 9.2 to 9.2.1 * Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1 * Bumped checkstyle from 9.2.1 to 9.3 * Bumped commons-cli from 1.0 to 1.5.0 * Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0 * Bumped maven-shared-resources from 4 to 5 * Bumped apache/maven-gh-actions-shared from 1 to 3 * Updated to Parent pom 15 * Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0 * Reuse plexus-pom action for CI * Bumped org.codehaus.plexus:plexus from 15 to 16 * Replace plexus-container-default with Sisu Plexus * Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 plexus-cipher was updated to version 2.1.0: - Changes: * Switched to java.util.Base64 * Moved code to Java 8 * Fixed insecure cryptography in PBECipher.java * Enabled missed decryption test and adjust to new algorithm plexus-archiver was updated to version 4.9.2: - New features and improvements: * Allow copy all files without timestamp checking by DirectoryArchiver * Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet * Various dependencies were upgraded plexus-interactivity was updated to version 1.3: - New features and improvements: + Ensure prompter does not double colon + Java 8 as mininum + Moved off plexus - Other changes: * The class previously in plexus-interactivity-jdom artifact is folded into the main plexus-interactivity-api. maven-shared-incremental: - `sisu-plexus` is now used instead of the old `plexus-component-api` - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-incremental-1.1-150200.3.7.2.noarch.rpm maven-shared-incremental-1.1-150200.3.7.2.src.rpm maven-shared-utils-3.4.2-150200.3.10.1.noarch.rpm maven-shared-utils-3.4.2-150200.3.10.1.src.rpm plexus-archiver-4.9.2-150200.3.10.1.noarch.rpm plexus-archiver-4.9.2-150200.3.10.1.src.rpm plexus-cipher-2.1.0-150200.3.7.1.noarch.rpm plexus-cipher-2.1.0-150200.3.7.1.src.rpm plexus-interactivity-1.3-150200.3.7.1.src.rpm plexus-interactivity-api-1.3-150200.3.7.1.noarch.rpm plexus-interpolation-1.27.0-150200.3.7.2.noarch.rpm plexus-interpolation-1.27.0-150200.3.7.2.src.rpm plexus-io-3.4.2-150200.3.7.1.noarch.rpm plexus-io-3.4.2-150200.3.7.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2682 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for netavark and aardvark-dns fixes the following issues: - Update aardvark-dns from 1.5.0 to 1.10.0 (bsc#1224122) - Update netavark from 1.5.0 to 1.10.3 (bsc#1224122) aardvark-dns-1.10.0-150400.9.8.1.src.rpm aardvark-dns-1.10.0-150400.9.8.1.x86_64.rpm netavark-1.10.3-150400.9.8.1.src.rpm netavark-1.10.3-150400.9.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2628 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). java-17-openjdk-17.0.12.0-150400.3.45.1.src.rpm java-17-openjdk-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-demo-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-devel-17.0.12.0-150400.3.45.1.x86_64.rpm java-17-openjdk-headless-17.0.12.0-150400.3.45.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2629 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). java-11-openjdk-11.0.24.0-150000.3.116.1.src.rpm java-11-openjdk-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-demo-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-devel-11.0.24.0-150000.3.116.1.x86_64.rpm java-11-openjdk-headless-11.0.24.0-150000.3.116.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2619 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libgit2 fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) libgit2-1.3.0-150400.3.9.1.src.rpm libgit2-1_3-1.3.0-150400.3.9.1.x86_64.rpm libgit2-devel-1.3.0-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2656 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) git-2.35.3-150300.10.42.1.src.rpm git-2.35.3-150300.10.42.1.x86_64.rpm git-arch-2.35.3-150300.10.42.1.x86_64.rpm git-core-2.35.3-150300.10.42.1.x86_64.rpm git-cvs-2.35.3-150300.10.42.1.x86_64.rpm git-daemon-2.35.3-150300.10.42.1.x86_64.rpm git-doc-2.35.3-150300.10.42.1.noarch.rpm git-email-2.35.3-150300.10.42.1.x86_64.rpm git-gui-2.35.3-150300.10.42.1.x86_64.rpm git-svn-2.35.3-150300.10.42.1.x86_64.rpm git-web-2.35.3-150300.10.42.1.x86_64.rpm gitk-2.35.3-150300.10.42.1.x86_64.rpm perl-Git-2.35.3-150300.10.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2690 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for fence-agents fixes the following issues: - Fix Azure native fencing does not start due to Python version. (bsc#1224797) (jsc#PED-8887) - The updated fence-agents does not include anymore the Azure fence-agents. - If you are on Azure, you need to install in addition the package fence-agents-azure-arm. This package (fence-agents-azure-arm) is only installable with Public Cloud Module enabled which provides the required Python3.11 dependencies. python-pexpect-4.8.0-150400.15.7.3.src.rpm python-ptyprocess-0.7.0-150400.11.5.3.src.rpm python-pycurl-7.45.2-150400.13.6.3.src.rpm python-pycurl-test-7.45.2-150400.13.6.3.src.rpm python311-pexpect-4.8.0-150400.15.7.3.noarch.rpm python311-ptyprocess-0.7.0-150400.11.5.3.noarch.rpm python311-pycurl-7.45.2-150400.13.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2675 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname wicked-0.6.76-150400.3.30.1.src.rpm wicked-0.6.76-150400.3.30.1.x86_64.rpm wicked-service-0.6.76-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2679 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. patterns-base-20200124-150400.20.10.1.src.rpm patterns-base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-apparmor-20200124-150400.20.10.1.x86_64.rpm patterns-base-apparmor-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-base-20200124-150400.20.10.1.x86_64.rpm patterns-base-base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-basesystem-20200124-150400.20.10.1.x86_64.rpm patterns-base-basic_desktop-20200124-150400.20.10.1.x86_64.rpm patterns-base-bootloader-20200124-150400.20.10.1.x86_64.rpm patterns-base-documentation-20200124-150400.20.10.1.x86_64.rpm patterns-base-enhanced_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-enhanced_base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-fips-20200124-150400.20.10.1.x86_64.rpm patterns-base-fips-certified-20200124-150400.20.10.1.x86_64.rpm patterns-base-minimal_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-minimal_base-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-sw_management-20200124-150400.20.10.1.x86_64.rpm patterns-base-sw_management-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-transactional_base-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11-32bit-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11_enhanced-20200124-150400.20.10.1.x86_64.rpm patterns-base-x11_enhanced-32bit-20200124-150400.20.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2658 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). login_defs-4.8.1-150400.10.18.1.noarch.rpm shadow-4.8.1-150400.10.18.1.src.rpm shadow-4.8.1-150400.10.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2886 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records dmidecode-3.6-150400.16.11.2.src.rpm dmidecode-3.6-150400.16.11.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2660 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gtk2 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) gtk2-2.24.33-150400.4.3.1.src.rpm gtk2-data-2.24.33-150400.4.3.1.noarch.rpm gtk2-devel-2.24.33-150400.4.3.1.x86_64.rpm gtk2-lang-2.24.33-150400.4.3.1.noarch.rpm gtk2-tools-2.24.33-150400.4.3.1.x86_64.rpm libgtk-2_0-0-2.24.33-150400.4.3.1.x86_64.rpm libgtk-2_0-0-32bit-2.24.33-150400.4.3.1.x86_64.rpm typelib-1_0-Gtk-2_0-2.24.33-150400.4.3.1.x86_64.rpm gtk2-tools-32bit-2.24.33-150400.4.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2661 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for gtk3 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) gtk3-3.24.34-150400.3.9.1.src.rpm gtk3-data-3.24.34-150400.3.9.1.noarch.rpm gtk3-devel-3.24.34-150400.3.9.1.x86_64.rpm gtk3-devel-doc-3.24.34-150400.3.9.1.x86_64.rpm gtk3-doc-3.24.34-150400.3.9.1.src.rpm gtk3-lang-3.24.34-150400.3.9.1.noarch.rpm gtk3-schema-3.24.34-150400.3.9.1.noarch.rpm gtk3-tools-3.24.34-150400.3.9.1.x86_64.rpm libgtk-3-0-3.24.34-150400.3.9.1.x86_64.rpm typelib-1_0-Gtk-3_0-3.24.34-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2711 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - merge github: openSUSE/mksusecd #75 - update El-Torito UEFI image to match 'EFI' directory (bsc#1227668) mksusecd-2.19-150400.3.21.2.src.rpm mksusecd-2.19-150400.3.21.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2663 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184) liborc-0_4-0-0.4.28-150000.3.6.1.x86_64.rpm orc-0.4.28-150000.3.6.1.src.rpm orc-0.4.28-150000.3.6.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2971 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML fixes the following issues: perl-DBI was updated from version 1.642 to 1.643: - Updated Devel::PPPort and removed redundant compatibility macros - Correct minor typo in documentation - Correct documentation introducing $dbh->selectall_array() - Introduced select and do wrappers earlier in the documentation - Mark as deprecated old API functions which overflow or are affected by Unicode issues - Add new attribute RaiseWarn, similar to RaiseError perl-DBD-SQLite was updated from version 1.66 to 1.74: - Fixed disabling of __perllib_provides - Upgraded SQLite to 3.42.0 - Added missing possible table_type values to POD - Set UTF8CACHE to avoid slowdown with -DDEBUGGING - Lowercase datatype in table column metadata for back-compatibility - Fixed test failure on perl built with -DDEBUGGING - Improve sqlite_load_extension documentation - Add a feature to unregister a created function - Fixed accented characters in POD - Link embedded sqlite devel files to system files - Use the system sqlite rather than the built-in one - Fixed documentation to use the correct attribute with sqlite_ - Modify the fix to silence the sqlite_unicode warning not to check the attribute twice - Fix an encoding issue of naive - Made DBD_SQLITE_STRING_MODE constants exportable - Stop setting THREADSAFE=0 if perl has pthread (ie. 5.20+) - Fixed a memory leak in ::VirtualTable - Introduced "string_mode" handle attribute to fix long-standing issues of sqlite_unicode - Added a dependency from dbdimp.o to the *.inc files included into dbdimp.c - Fixed an offset issue of VirtualTable - Fixed quadmath issues - Added sqlite_txn_state method to see internal state of the backend - Switched to XSLoader - Use quadmath_snprintf if USE_QUADMATH is defined - Use av_fetch instead of av_shift perl-DBD-Pg was update from version 3.10.4 to 3.18.0: - Support new PQclosePrepared function, added in Postgres 17 - Improved documentation about ping always returning a value - New database handle attribute pg_skip_deallocate Prevents any deallocation of automatically prepared statements to support new pgBouncer feature - Fix to handle escaped quotes in connection string - Return number of affected rows from a MERGE command - Added support for Github CI actions - Removed undocumented internal-only pg_pid_number attribute - Small warning in docs about PG_CHAR - Added new attribute "pg_int8_as_string", for backwards compatibility. - Added a META.json file; rename META.yml to META.yaml - Fix 03smethod.t $sth->last_insert_id skip count for DBI < 1.642 - Documentation improvements for service files - Automatically use 64-bit versions of large object functions when available - Set UTF8 flag as needed for error messages - In tests, do not assume what the default transaction isolation level will be - Make tests smarter about detecting pg_ctl results in different locales - Adjust tests for the fact that reltuples can be -1 in Postgres version 13 and later. This is mostly reflected in the CARDINALITY column for $dbh->statistics_info. - Correctly pull back pg_async status from statement handle. Previously, $dbh->{pg_async} would return undef. - Remove the experimental 'fulltest' Makefile target. - The $dbh->primary_key_info and $dbh->foreign_key_info methods will now always return a statement handle, even with no matches. Previously, they returned undef directly. Callers can check if the returned handle contains any rows. - The $dbh->tables method will always return a list, even if it is empty. - Add pg_lo_tell64, pg_lo_seek64, and pg_lo_truncate64, for anyone dealing with really, really, really large 'large objects'. Requires Postgres 9.3 or better. - Allow test to run again when using a non-superuser to connect - Adjust tests to force loading proper version of DBD::Pg every time. - Removed the long-deprecated _pg_use_catalog method. - Many improvements and changes to the test suite. - Redo the "last_result" internals in dbdimp.c, which fixes a memory leak. - Fixed regression in Perl length() for returned query results - Make $sth->finish() do a little less. Notably, even after calling finish(), pg_error_field will still work on the last action performed. - Tweak tests so Windows boxes pass - Run tests in verbose mode - Prevent DBI from flipping AutoCommit to 'on' after a failed commit - Revert overly aggressive testing shortcut as it can cause installs to fail - Return the table info row last in statistics_info. This fixes statistics_info on pre-8.3 servers. - Fixed ASC_OR_DESC field in statistics_info - Indicate NULL ordering in statistics_info - Adjust Makefile to fix failing 'fulltest' target on BSD systems - Indicate non-key index columns (INCLUDE) in statistics_info - Return an empty result set instead of undef from statistics_info when the requested table doesn't exist and $unique_only is false. - Fixed segfault during st destroy - Improved testing for table_info() - Improved UTF-8 wording in documentaion perl-YAML-LibYAML was updated to version 0.89: - Breaking Change: Set $YAML::XS::LoadBlessed default to false to make it more secure - Fixed disabling of __perllib_provides - Recognise core booleans on Perl 5.36+ at dump time - Fixed YAML::XS pod in cpanminus - Convert doc from Swim to Markdown - Added option ForbidDuplicateKeys - Recognize tied variables - Updated libyaml sources to 0.2.4. Changes affecting YAML::XS are - Output '...' at the stream end after a block scalar with trailing empty lines - Accept '%YAML 1.2' directives (they are ignored and do not change behaviour though) - Fix memory leak when loading invalid YAML - Support aliasing scalars resolved as null or booleans - Add YAML::XS::LibYAML::libyaml_version() - Support standard !!int/!!float tags instead of dying - Fixed double free/core dump when Dump()ing binary data - Update config.h from libyaml - Update libyaml to version 0.2.2. Most important change for users is that plain urls in flow style can be parsed now. Example: `[ http://yaml.org]`. - Added $Indent - number of spaces when dumping - Implemented $LoadCode - Update to libyaml 0.2.1. It's forbidden now to escape single quotes inside double quotes - When disabling $LoadBlessed, return scalars not refs - Save anchors also for blessed scalars - Fixed format specifier/argument mismatch - Fixed a C90-compatibility issue - Prevent warning about unused variables perl-YAML-LibYAML-0.890.0-150000.3.8.2.src.rpm perl-YAML-LibYAML-0.890.0-150000.3.8.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3469 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kubernetes, python-recommonmark, python-Sphinx, python-sphinxcontrib-applehelp, python-sphinxcontrib-jquery contains the following fixes: Changes for python-kubernetes: - add sle15_python_module_pythons, jsc#PED-8481 Changes for python-recommonmark: - Initial shipment for python-recommonmark. Please check changelog for detailed infromation. Changes for python-Sphinx: - Add patch to fix-test-expectation-for-enum-rendering-on-python-3.12.3. (bsc#1223128) - Disable test test_ext_imgconverter. - Add upstream patch to make it work with python 3.11.7 - avoid xdist - not used by upstream and unstable (and not improving the build time by more than 25%) - remove setuptools requires Changes for python-sphinxcontrib-applehelp: - Add fix tests with python-Shpinx 7.2 jsc#PED-8481 Changes for python-sphinxcontrib-jquery: - drop tests-with-sphinx-72 patch in order to - add tests-with-sphinx-72-python312 patch to build with python 312+ - remove tests-with-sphinx-71 patch - Add tests-with-sphinx-72 patch to fix tests with sphinx 7.2. - add tests-with-sphinx-71 patch to fix tests with sphinx 7.1+ - Initial release of 4.1 No source changes rebuild to fulfill python-recommonmark dependencies on 15 SP4 for the following packages: python311-Babel python311-CommonMark  python311-Jinja2 python311-MarkupSafe  python311-alabaster  python311-imagesize python311-snowballstemmer python311-sphinx_rtd_theme python311-sphinxcontrib-devhelp  python311-sphinxcontrib-htmlhelp python311-sphinxcontrib-jsmath python311-sphinxcontrib-qthelp python311-sphinxcontrib-serializinghtml  python311-sphinxcontrib-websupport python-Babel-2.12.1-150400.8.5.1.src.rpm python-CommonMark-0.9.1-150400.9.5.1.src.rpm python-Jinja2-3.1.2-150400.12.8.1.src.rpm python-MarkupSafe-2.1.3-150400.11.5.2.src.rpm python-Sphinx-7.2.6-150400.3.10.1.src.rpm python-alabaster-0.7.13-150400.12.5.1.src.rpm python-imagesize-1.4.1-150400.12.5.1.src.rpm python-snowballstemmer-2.2.0-150400.12.5.1.src.rpm python-sphinx_rtd_theme-1.2.0-150400.12.5.1.src.rpm python-sphinxcontrib-applehelp-1.0.4-150400.3.7.1.src.rpm python-sphinxcontrib-devhelp-1.0.2-150400.3.5.1.src.rpm python-sphinxcontrib-htmlhelp-2.0.1-150400.3.5.1.src.rpm python-sphinxcontrib-jquery-4.1-150400.9.7.1.src.rpm python-sphinxcontrib-jsmath-1.0.1-150400.3.5.1.src.rpm python-sphinxcontrib-qthelp-1.0.3-150400.3.5.1.src.rpm python-sphinxcontrib-serializinghtml-1.1.9-150400.3.8.1.src.rpm python-sphinxcontrib-websupport-1.2.4-150400.13.5.1.src.rpm python311-Babel-2.12.1-150400.8.5.1.noarch.rpm python311-CommonMark-0.9.1-150400.9.5.1.noarch.rpm python311-Jinja2-3.1.2-150400.12.8.1.x86_64.rpm python311-MarkupSafe-2.1.3-150400.11.5.2.x86_64.rpm python311-Sphinx-7.2.6-150400.3.10.1.noarch.rpm python311-Sphinx-latex-7.2.6-150400.3.10.1.noarch.rpm python311-alabaster-0.7.13-150400.12.5.1.noarch.rpm python311-imagesize-1.4.1-150400.12.5.1.noarch.rpm python311-snowballstemmer-2.2.0-150400.12.5.1.noarch.rpm python311-sphinx_rtd_theme-1.2.0-150400.12.5.1.noarch.rpm python311-sphinxcontrib-applehelp-1.0.4-150400.3.7.1.noarch.rpm python311-sphinxcontrib-devhelp-1.0.2-150400.3.5.1.noarch.rpm python311-sphinxcontrib-htmlhelp-2.0.1-150400.3.5.1.noarch.rpm python311-sphinxcontrib-jquery-4.1-150400.9.7.1.noarch.rpm python311-sphinxcontrib-jsmath-1.0.1-150400.3.5.1.noarch.rpm python311-sphinxcontrib-qthelp-1.0.3-150400.3.5.1.noarch.rpm python311-sphinxcontrib-serializinghtml-1.1.9-150400.3.8.1.noarch.rpm python311-sphinxcontrib-websupport-1.2.4-150400.13.5.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2860 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-Twisted fixes the following issues: - CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web (bsc#1228549) - CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response (bsc#1228552) python3-Twisted-22.2.0-150400.21.1.src.rpm python3-Twisted-22.2.0-150400.21.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2782 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sles-ltss-release fixes the following issue: - Update Codestream lifecycle sles-ltss-release-15.4-150400.13.8.1.src.rpm sles-ltss-release-15.4-150400.13.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2880 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549) - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552) python-Twisted-22.10.0-150400.5.23.1.src.rpm python311-Twisted-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-all_non_platform-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-conch-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-conch_nacl-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-contextvars-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-http2-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-serial-22.10.0-150400.5.23.1.noarch.rpm python311-Twisted-tls-22.10.0-150400.5.23.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2927 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) libopenssl-1_1-devel-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl-1_1-devel-32bit-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-32bit-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-hmac-1.1.1l-150400.7.72.1.x86_64.rpm libopenssl1_1-hmac-32bit-1.1.1l-150400.7.72.1.x86_64.rpm openssl-1_1-1.1.1l-150400.7.72.1.src.rpm openssl-1_1-1.1.1l-150400.7.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2931 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) libopenssl-3-devel-3.0.8-150400.4.60.1.x86_64.rpm libopenssl3-3.0.8-150400.4.60.1.x86_64.rpm openssl-3-3.0.8-150400.4.60.1.src.rpm openssl-3-3.0.8-150400.4.60.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2786 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes + JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports + JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage + JDK-8320097: Improve Image transformations + JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling + JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading + JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management + JDK-8323390: Enhance mask blit functionality + JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling + JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 + JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 + JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings + JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited + JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails + JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails + JDK-8205407: [windows, vs<2017] C4800 after 8203197 + JDK-8235834: IBM-943 charset encoder needs updating + JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled + JDK-8256152: tests fail because of ambiguous method resolution + JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 + JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. + JDK-8268916: Tests for AffirmTrust roots + JDK-8278067: Make HttpURLConnection default keep alive timeout configurable + JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 + JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value + JDK-8291638: Keep-Alive timeout of 0 should close connection immediately + JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + JDK-8316138: Add GlobalSign 2 TLS root certificates + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8320005: Allow loading of shared objects with .a extension on AIX + JDK-8324185: [8u] Accept Xcode 12+ builds on macOS + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test + JDK-8326686: Bump update version of OpenJDK: 8u422 + JDK-8327440: Fix "bad source file" error during beaninfo generation + JDK-8328809: [8u] Problem list some CA tests + JDK-8328825: Google CAInterop test failures + JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary + JDK-8331791: [8u] AIX build break from JDK-8320005 backport + JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test + JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes + JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye + JDK-8333669: [8u] GHA: Dead VS2010 download link + JDK-8318039: GHA: Bump macOS and Xcode versions java-1_8_0-openjdk-1.8.0.422-150000.3.97.1.src.rpm java-1_8_0-openjdk-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-demo-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-devel-1.8.0.422-150000.3.97.1.x86_64.rpm java-1_8_0-openjdk-headless-1.8.0.422-150000.3.97.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2869 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ca-certificates-mozilla-2.68-150200.33.1.noarch.rpm ca-certificates-mozilla-2.68-150200.33.1.src.rpm ca-certificates-mozilla-prebuilt-2.68-150200.33.1.noarch.rpm ca-certificates-mozilla-prebuilt-2.68-150200.33.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3286 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for salt fixes the following issues: - Fix rich rule comparison in firewalld module (bsc#1222684) - test_vultrpy: adjust test expectation to prevent failure after Debian 10 EOL - Make auth.pam more robust with Salt Bundle and fix tests - Fix performance of user.list_groups with many remote groups - Fix "status.diskusage" function and exclude some tests for Salt Bundle - Skip certain tests if necessary for some OSes and set flaky ones - Add a timer to delete old env post update for venv-minion - Several fixes for tests to avoid errors and failures in some OSes python3-salt-3006.0-150400.8.66.2.x86_64.rpm True salt-3006.0-150400.8.66.2.src.rpm True salt-3006.0-150400.8.66.2.x86_64.rpm True salt-api-3006.0-150400.8.66.2.x86_64.rpm True salt-bash-completion-3006.0-150400.8.66.2.noarch.rpm True salt-cloud-3006.0-150400.8.66.2.x86_64.rpm True salt-doc-3006.0-150400.8.66.2.x86_64.rpm True salt-fish-completion-3006.0-150400.8.66.2.noarch.rpm True salt-master-3006.0-150400.8.66.2.x86_64.rpm True salt-minion-3006.0-150400.8.66.2.x86_64.rpm True salt-proxy-3006.0-150400.8.66.2.x86_64.rpm True salt-ssh-3006.0-150400.8.66.2.x86_64.rpm True salt-standalone-formulas-configuration-3006.0-150400.8.66.2.x86_64.rpm True salt-syndic-3006.0-150400.8.66.2.x86_64.rpm True salt-transactional-update-3006.0-150400.8.66.2.x86_64.rpm True salt-zsh-completion-3006.0-150400.8.66.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3026 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) supportutils-3.2.8-150300.7.35.33.1.noarch.rpm supportutils-3.2.8-150300.7.35.33.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2799 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) runc-1.1.13-150000.67.1.src.rpm runc-1.1.13-150000.67.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2863 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) bind-9.16.50-150400.5.43.1.src.rpm bind-9.16.50-150400.5.43.1.x86_64.rpm bind-doc-9.16.50-150400.5.43.1.noarch.rpm bind-utils-9.16.50-150400.5.43.1.x86_64.rpm python3-bind-9.16.50-150400.5.43.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3003 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) - CVE-2024-7518: Fullscreen notification dialog can be obscured by document - CVE-2024-7519: Out of bounds memory access in graphics shared memory handling - CVE-2024-7520: Type confusion in WebAssembly - CVE-2024-7521: Incomplete WebAssembly exception handing - CVE-2024-7522: Out of bounds read in editor component - CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims - CVE-2024-7525: Missing permission check when creating a StreamFilter - CVE-2024-7526: Uninitialized memory used by WebGL - CVE-2024-7527: Use-after-free in JavaScript garbage collection - CVE-2024-7528: Use-after-free in IndexedDB - CVE-2024-7529: Document content could partially obscure security prompts - CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel MozillaFirefox-128.1.0-150200.152.146.1.src.rpm MozillaFirefox-128.1.0-150200.152.146.1.x86_64.rpm MozillaFirefox-branding-SLE-128-150200.9.16.1.src.rpm MozillaFirefox-branding-SLE-128-150200.9.16.1.x86_64.rpm MozillaFirefox-devel-128.1.0-150200.152.146.1.noarch.rpm MozillaFirefox-translations-common-128.1.0-150200.152.146.1.x86_64.rpm MozillaFirefox-translations-other-128.1.0-150200.152.146.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2877 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for sles-release fixes the following issue: - Adjust codestream lifecycle sles-release-15.4-150400.58.10.2.src.rpm sles-release-15.4-150400.58.10.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3167 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issue: - s390x: Fix segfault in wcsncmp (bsc#1228043). glibc-2.31-150300.86.3.src.rpm glibc-2.31-150300.86.3.x86_64.rpm glibc-devel-2.31-150300.86.3.x86_64.rpm glibc-devel-static-2.31-150300.86.3.x86_64.rpm glibc-extra-2.31-150300.86.3.x86_64.rpm glibc-i18ndata-2.31-150300.86.3.noarch.rpm glibc-info-2.31-150300.86.3.noarch.rpm glibc-lang-2.31-150300.86.3.noarch.rpm glibc-locale-2.31-150300.86.3.x86_64.rpm glibc-locale-base-2.31-150300.86.3.x86_64.rpm glibc-locale-base-32bit-2.31-150300.86.3.x86_64.rpm glibc-profile-2.31-150300.86.3.x86_64.rpm glibc-utils-2.31-150300.86.3.x86_64.rpm glibc-utils-src-2.31-150300.86.3.src.rpm nscd-2.31-150300.86.3.x86_64.rpm glibc-32bit-2.31-150300.86.3.x86_64.rpm glibc-devel-32bit-2.31-150300.86.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2929 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). The following non-security bugs were fixed: - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - btrfs: sysfs: update fs features directory asynchronously (bsc#1226168). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kernel-binary: vdso: Own module_dir - net/dcb: check for detached device before executing callbacks (bsc#1215587). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/rtas: clean up includes (bsc#1227487). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). kernel-default-5.14.21-150400.24.128.1.nosrc.rpm True kernel-default-5.14.21-150400.24.128.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.128.1.150400.24.62.1.src.rpm True kernel-default-base-5.14.21-150400.24.128.1.150400.24.62.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.128.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.128.1.noarch.rpm True kernel-docs-5.14.21-150400.24.128.1.noarch.rpm True kernel-docs-5.14.21-150400.24.128.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.128.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.128.1.src.rpm True kernel-obs-build-5.14.21-150400.24.128.1.x86_64.rpm True kernel-source-5.14.21-150400.24.128.1.noarch.rpm True kernel-source-5.14.21-150400.24.128.1.src.rpm True kernel-syms-5.14.21-150400.24.128.1.src.rpm True kernel-syms-5.14.21-150400.24.128.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.128.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2967 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). pam-1.3.0-150000.6.71.2.src.rpm pam-1.3.0-150000.6.71.2.x86_64.rpm pam-devel-1.3.0-150000.6.71.2.x86_64.rpm pam-devel-32bit-1.3.0-150000.6.71.2.x86_64.rpm pam-doc-1.3.0-150000.6.71.2.noarch.rpm pam-extra-1.3.0-150000.6.71.2.x86_64.rpm pam-32bit-1.3.0-150000.6.71.2.x86_64.rpm pam-extra-32bit-1.3.0-150000.6.71.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3120 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in "bud and test --unsetlabel" * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert "Reduce official image size" * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base "image" platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP Updating docker will restart the docker service, which may stop some of your docker containers. Do you want to proceed with the update? docker-25.0.6_ce-150000.207.1.src.rpm docker-25.0.6_ce-150000.207.1.x86_64.rpm docker-bash-completion-25.0.6_ce-150000.207.1.noarch.rpm docker-rootless-extras-25.0.6_ce-150000.207.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3057 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21 fixes the following issue: - go1.21.13 (released 2024-08-06) includes fixes to the go command, the covdata command, and the bytes package (bsc#1212475). go1.21-1.21.13-150000.1.42.2.src.rpm go1.21-1.21.13-150000.1.42.2.x86_64.rpm go1.21-doc-1.21.13-150000.1.42.2.x86_64.rpm go1.21-race-1.21.13-150000.1.42.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2966 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). libblkid-devel-2.37.2-150400.8.32.2.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.32.2.x86_64.rpm libblkid1-2.37.2-150400.8.32.2.x86_64.rpm libfdisk-devel-2.37.2-150400.8.32.2.x86_64.rpm libfdisk1-2.37.2-150400.8.32.2.x86_64.rpm libmount-devel-2.37.2-150400.8.32.2.x86_64.rpm libmount1-2.37.2-150400.8.32.2.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.32.2.x86_64.rpm libsmartcols1-2.37.2-150400.8.32.2.x86_64.rpm libuuid-devel-2.37.2-150400.8.32.2.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.32.2.x86_64.rpm libuuid1-2.37.2-150400.8.32.2.x86_64.rpm util-linux-2.37.2-150400.8.32.2.src.rpm util-linux-2.37.2-150400.8.32.2.x86_64.rpm util-linux-lang-2.37.2-150400.8.32.2.noarch.rpm util-linux-systemd-2.37.2-150400.8.32.2.src.rpm util-linux-systemd-2.37.2-150400.8.32.2.x86_64.rpm uuidd-2.37.2-150400.8.32.2.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.32.2.x86_64.rpm libmount1-32bit-2.37.2-150400.8.32.2.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.32.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2922 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to SLE-15-SP2 (bsc#1217102) - Enhancement to PPC secure boot's root device discovery config (bsc#1207230) - Fix regex for Open Firmware device specifier with encoded commas - Fix regular expression in PPC secure boot config to prevent escaped commas from being treated as delimiters when retrieving partition substrings - Use prep_load_env in PPC secure boot config to handle unset host-specific environment variables and ensure successful command execution grub2-2.06-150400.11.46.1.src.rpm grub2-2.06-150400.11.46.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.46.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.46.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.46.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.46.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.46.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3059 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for udisks2 fixes the following issue: - Code patch: fix double free inside the g_static_resource_fini() atexit handler (bsc#1228290). libudisks2-0-2.9.2-150400.3.6.2.x86_64.rpm libudisks2-0-devel-2.9.2-150400.3.6.2.x86_64.rpm typelib-1_0-UDisks-2_0-2.9.2-150400.3.6.2.x86_64.rpm udisks2-2.9.2-150400.3.6.2.src.rpm udisks2-2.9.2-150400.3.6.2.x86_64.rpm udisks2-lang-2.9.2-150400.3.6.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3091 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for webkit2gtk3 fixes the following issues: Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698): - Fix web process cache suspend/resume when sandbox is enabled. - Fix accelerated images dissapearing after scrolling. - Fix video flickering with DMA-BUF sink. - Fix pointer lock on X11. - Fix movement delta on mouse events in GTK3. - Undeprecate console message API and make it available in 2022 API. - Fix several crashes and rendering issues. - Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558. WebKitGTK-4.0-lang-2.44.3-150400.4.88.1.noarch.rpm WebKitGTK-4.1-lang-2.44.3-150400.4.88.1.noarch.rpm WebKitGTK-6.0-lang-2.44.3-150400.4.88.1.noarch.rpm libjavascriptcoregtk-4_0-18-2.44.3-150400.4.88.1.x86_64.rpm libjavascriptcoregtk-4_1-0-2.44.3-150400.4.88.1.x86_64.rpm libjavascriptcoregtk-6_0-1-2.44.3-150400.4.88.1.x86_64.rpm libwebkit2gtk-4_0-37-2.44.3-150400.4.88.1.x86_64.rpm libwebkit2gtk-4_1-0-2.44.3-150400.4.88.1.x86_64.rpm libwebkitgtk-6_0-4-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-JavaScriptCore-4_1-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2-4_1-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_0-2.44.3-150400.4.88.1.x86_64.rpm typelib-1_0-WebKit2WebExtension-4_1-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk-4_0-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk-4_1-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk3-2.44.3-150400.4.88.1.src.rpm webkit2gtk3-devel-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk3-soup2-2.44.3-150400.4.88.1.src.rpm webkit2gtk3-soup2-devel-2.44.3-150400.4.88.1.x86_64.rpm webkit2gtk4-2.44.3-150400.4.88.1.src.rpm webkitgtk-6_0-injected-bundles-2.44.3-150400.4.88.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3054 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python3-setuptools-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-44.1.1-150400.9.9.1.src.rpm python3-setuptools-test-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-test-44.1.1-150400.9.9.1.src.rpm python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch.rpm python3-setuptools-wheel-44.1.1-150400.9.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2907 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python310-setuptools-67.6.1-150400.4.9.1.noarch.rpm python310-setuptools-67.6.1-150400.4.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3055 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) python-setuptools-67.7.2-150400.3.16.1.src.rpm python311-setuptools-67.7.2-150400.3.16.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3141 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Update virtualenv setup - types-pkg_resources got dropped from PyPI - Fixed regression in GRUB_SERIAL_COMMAND setup (bsc#1228808) dracut-kiwi-lib-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.84.1.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.84.1.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.84.1.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.84.1.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.84.1.x86_64.rpm kiwi-tools-9.24.43-150100.3.84.1.x86_64.rpm python-kiwi-9.24.43-150100.3.84.1.src.rpm python3-kiwi-9.24.43-150100.3.84.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2987 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dpdk fixes the following issue: - Provided DPDK modules taint the kernel as unsupported (bsc#1214724, jsc#PED-8431) dpdk-19.11.10-150400.4.18.1.src.rpm dpdk-19.11.10-150400.4.18.1.x86_64.rpm dpdk-devel-19.11.10-150400.4.18.1.x86_64.rpm dpdk-kmp-default-19.11.10_k5.14.21_150400.24.125-150400.4.18.1.x86_64.rpm dpdk-tools-19.11.10-150400.4.18.1.x86_64.rpm libdpdk-20_0-19.11.10-150400.4.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3094 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.26 fixes the following issues: Update kubernetes to version 1.26.15: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Fixed packages required by kubernetes1.26-client installation (bsc#1229008) - Update go to version v1.22.5 (bsc#1229858) - Add upstream patch for reproducible builds (bsc#1062303) kubernetes1.26-1.26.15-150400.9.11.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.11.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3095 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release (bsc#1229129) - CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html) - CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html) - CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html) - CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html) - CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html) Other issues fixed: - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile - update to 20240531: * Update for functional issues. Refer to Intel Pentium Silver and Intel Celeron Processor Specification Update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx ucode-intel-20240813-150200.44.1.src.rpm True ucode-intel-20240813-150200.44.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2980 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kernel-firmware fixes the following issues: CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069) kernel-firmware-20220509-150400.4.28.1.src.rpm True kernel-firmware-all-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-amdgpu-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ath10k-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ath11k-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-atheros-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-bluetooth-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-bnx2-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-brcm-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-chelsio-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-dpaa2-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-i915-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-intel-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-iwlwifi-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-liquidio-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-marvell-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-media-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mediatek-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mellanox-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-mwifiex-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-network-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-nfp-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-nvidia-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-platform-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-prestera-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-qcom-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-qlogic-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-radeon-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-realtek-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-serial-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-sound-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ti-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-ueagle-20220509-150400.4.28.1.noarch.rpm True kernel-firmware-usb-network-20220509-150400.4.28.1.noarch.rpm True ucode-amd-20220509-150400.4.28.1.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3080 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) curl-8.0.1-150400.5.47.1.src.rpm curl-8.0.1-150400.5.47.1.x86_64.rpm libcurl-devel-8.0.1-150400.5.47.1.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.47.1.x86_64.rpm libcurl4-8.0.1-150400.5.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3200 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Other fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) libpython3_11-1_0-3.11.9-150400.9.32.3.x86_64.rpm python311-3.11.9-150400.9.32.4.src.rpm python311-3.11.9-150400.9.32.4.x86_64.rpm python311-base-3.11.9-150400.9.32.3.x86_64.rpm python311-core-3.11.9-150400.9.32.3.src.rpm python311-curses-3.11.9-150400.9.32.4.x86_64.rpm python311-dbm-3.11.9-150400.9.32.4.x86_64.rpm python311-devel-3.11.9-150400.9.32.3.x86_64.rpm python311-doc-3.11.9-150400.9.32.1.x86_64.rpm python311-doc-devhelp-3.11.9-150400.9.32.1.x86_64.rpm python311-documentation-3.11.9-150400.9.32.1.src.rpm python311-idle-3.11.9-150400.9.32.4.x86_64.rpm python311-tk-3.11.9-150400.9.32.4.x86_64.rpm python311-tools-3.11.9-150400.9.32.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2976 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libqt5-qt3d fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204) Other fixes: - Check for a nullptr returned from the shader manager - Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call - Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd. libQt53DAnimation-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DAnimation5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DCore-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DCore5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DExtras-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DExtras5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DInput-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DInput5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DLogic-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DLogic5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuick-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuick5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickAnimation-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickAnimation5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickExtras-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickExtras5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickInput-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickInput5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickRender-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickRender5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickScene2D-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DQuickScene2D5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DRender-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libQt53DRender5-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-5.15.2+kde39-150400.3.3.1.src.rpm libqt5-qt3d-devel-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-imports-5.15.2+kde39-150400.3.3.1.x86_64.rpm libqt5-qt3d-private-headers-devel-5.15.2+kde39-150400.3.3.1.noarch.rpm libqt5-qt3d-tools-5.15.2+kde39-150400.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3119 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138, bsc#1227227) libopenssl-1_0_0-devel-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl10-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl1_0_0-1.0.2p-150000.3.94.1.x86_64.rpm libopenssl1_0_0-hmac-1.0.2p-150000.3.94.1.x86_64.rpm openssl-1_0_0-1.0.2p-150000.3.94.1.src.rpm openssl-1_0_0-1.0.2p-150000.3.94.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3396 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for qemu fixes the following issues: - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) qemu-6.2.0-150400.37.34.1.src.rpm qemu-6.2.0-150400.37.34.1.x86_64.rpm qemu-accel-tcg-x86-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-alsa-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-pa-6.2.0-150400.37.34.1.x86_64.rpm qemu-audio-spice-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-curl-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-iscsi-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-rbd-6.2.0-150400.37.34.1.x86_64.rpm qemu-block-ssh-6.2.0-150400.37.34.1.x86_64.rpm qemu-chardev-baum-6.2.0-150400.37.34.1.x86_64.rpm qemu-chardev-spice-6.2.0-150400.37.34.1.x86_64.rpm qemu-guest-agent-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-qxl-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-gpu-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-display-virtio-vga-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-usb-host-6.2.0-150400.37.34.1.x86_64.rpm qemu-hw-usb-redirect-6.2.0-150400.37.34.1.x86_64.rpm qemu-ipxe-1.0.0+-150400.37.34.1.noarch.rpm qemu-ksm-6.2.0-150400.37.34.1.x86_64.rpm qemu-kvm-6.2.0-150400.37.34.1.x86_64.rpm qemu-lang-6.2.0-150400.37.34.1.x86_64.rpm qemu-tools-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-curses-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-gtk-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-opengl-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-spice-app-6.2.0-150400.37.34.1.x86_64.rpm qemu-ui-spice-core-6.2.0-150400.37.34.1.x86_64.rpm qemu-x86-6.2.0-150400.37.34.1.x86_64.rpm qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.34.1.noarch.rpm qemu-sgabios-8-150400.37.34.1.noarch.rpm qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.34.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2974 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: Security issue fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Non-security issues fixed: - Improve python reproducible builds (bsc#1227999) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) - Fixed executable bits for /usr/bin/idle* (bsc#1227378). libpython3_10-1_0-3.10.14-150400.4.54.1.x86_64.rpm python310-3.10.14-150400.4.54.1.src.rpm python310-3.10.14-150400.4.54.1.x86_64.rpm python310-base-3.10.14-150400.4.54.1.x86_64.rpm python310-core-3.10.14-150400.4.54.1.src.rpm python310-curses-3.10.14-150400.4.54.1.x86_64.rpm python310-dbm-3.10.14-150400.4.54.1.x86_64.rpm python310-devel-3.10.14-150400.4.54.1.x86_64.rpm python310-idle-3.10.14-150400.4.54.1.x86_64.rpm python310-tk-3.10.14-150400.4.54.1.x86_64.rpm python310-tools-3.10.14-150400.4.54.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3118 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dovecot23 fixes the following issues: - CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183) - CVE-2024-23184: Fixed a denial of service parsing messages containing many address headers (bsc#1229184) dovecot23-2.3.15-150200.65.1.src.rpm dovecot23-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-mysql-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-pgsql-2.3.15-150200.65.1.x86_64.rpm dovecot23-backend-sqlite-2.3.15-150200.65.1.x86_64.rpm dovecot23-devel-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-lucene-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-solr-2.3.15-150200.65.1.x86_64.rpm dovecot23-fts-squat-2.3.15-150200.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3009 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for git fixes the following issue: - Fix syntax error with old apparmor versions (bsc#1229029) git-2.35.3-150300.10.45.2.src.rpm git-2.35.3-150300.10.45.2.x86_64.rpm git-arch-2.35.3-150300.10.45.2.x86_64.rpm git-core-2.35.3-150300.10.45.2.x86_64.rpm git-cvs-2.35.3-150300.10.45.2.x86_64.rpm git-daemon-2.35.3-150300.10.45.2.x86_64.rpm git-doc-2.35.3-150300.10.45.2.noarch.rpm git-email-2.35.3-150300.10.45.2.x86_64.rpm git-gui-2.35.3-150300.10.45.2.x86_64.rpm git-svn-2.35.3-150300.10.45.2.x86_64.rpm git-web-2.35.3-150300.10.45.2.x86_64.rpm gitk-2.35.3-150300.10.45.2.x86_64.rpm perl-Git-2.35.3-150300.10.45.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3173 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) apache2-2.4.51-150400.6.34.1.src.rpm apache2-2.4.51-150400.6.34.1.x86_64.rpm apache2-devel-2.4.51-150400.6.34.1.x86_64.rpm apache2-doc-2.4.51-150400.6.34.1.noarch.rpm apache2-prefork-2.4.51-150400.6.34.1.x86_64.rpm apache2-utils-2.4.51-150400.6.34.1.x86_64.rpm apache2-worker-2.4.51-150400.6.34.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3071 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). suse-build-key-12.0-150000.8.52.3.noarch.rpm suse-build-key-12.0-150000.8.52.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3185 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups fixes the following issues: - Fixed cupsd failing to authenticate users when group membership is required (bsc#1226227) cups-2.2.7-150000.3.65.1.src.rpm cups-2.2.7-150000.3.65.1.x86_64.rpm cups-client-2.2.7-150000.3.65.1.x86_64.rpm cups-config-2.2.7-150000.3.65.1.x86_64.rpm cups-ddk-2.2.7-150000.3.65.1.x86_64.rpm cups-devel-2.2.7-150000.3.65.1.x86_64.rpm libcups2-2.2.7-150000.3.65.1.x86_64.rpm libcups2-32bit-2.2.7-150000.3.65.1.x86_64.rpm libcupscgi1-2.2.7-150000.3.65.1.x86_64.rpm libcupsimage2-2.2.7-150000.3.65.1.x86_64.rpm libcupsmime1-2.2.7-150000.3.65.1.x86_64.rpm libcupsppdc1-2.2.7-150000.3.65.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3090 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgp_attr_encap (bsc#1229438) frr-7.4-150300.4.29.1.src.rpm frr-7.4-150300.4.29.1.x86_64.rpm frr-devel-7.4-150300.4.29.1.x86_64.rpm libfrr0-7.4-150300.4.29.1.x86_64.rpm libfrr_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrcares0-7.4-150300.4.29.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.29.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.29.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.29.1.x86_64.rpm libfrrzmq0-7.4-150300.4.29.1.x86_64.rpm libmlag_pb0-7.4-150300.4.29.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3089 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) - CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) - CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) - CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) - CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) - CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) - CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: - Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) - Update to version 1.21.13 (bsc#1212475) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) - Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) go1.21-openssl-1.21.13.1-150000.1.11.1.src.rpm go1.21-openssl-1.21.13.1-150000.1.11.1.x86_64.rpm go1.21-openssl-doc-1.21.13.1-150000.1.11.1.x86_64.rpm go1.21-openssl-race-1.21.13.1-150000.1.11.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3145 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for dracut fixes the following issue: - Version update * fix(convertfs): error in conditional expressions (bsc#1228847). dracut-055+suse.359.geb85610b-150400.3.37.2.src.rpm dracut-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-fips-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-ima-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm dracut-mkinitrd-deprecated-055+suse.359.geb85610b-150400.3.37.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3107 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) libopenssl-3-devel-3.0.8-150400.4.63.1.x86_64.rpm libopenssl3-3.0.8-150400.4.63.1.x86_64.rpm openssl-3-3.0.8-150400.4.63.1.src.rpm openssl-3-3.0.8-150400.4.63.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3123 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for deltarpm fixes the following issues: - Support for threaded zstd compression. - use a tmp file instead of memory to hold the data (bsc#1228948). - fixed C related bugs (incorrect sized memset(), memcpy instead of strcpy, unsigned int). deltarpm-3.6.4-150000.5.3.2.src.rpm deltarpm-3.6.4-150000.5.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3131 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mozilla-nss fixes the following issues: - FIPS: Enforce approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113). libfreebl3-3.101.2-150400.3.51.1.x86_64.rpm libfreebl3-32bit-3.101.2-150400.3.51.1.x86_64.rpm libsoftokn3-3.101.2-150400.3.51.1.x86_64.rpm libsoftokn3-32bit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-3.101.2-150400.3.51.1.src.rpm mozilla-nss-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-32bit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-certs-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-devel-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-sysinit-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-tools-3.101.2-150400.3.51.1.x86_64.rpm mozilla-nss-certs-32bit-3.101.2-150400.3.51.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3206 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for snapper fixes the following issues: - handle content-length of stomp in zypper plugin (bsc#1229142) libsnapper-devel-0.8.16-150300.3.9.1.x86_64.rpm libsnapper5-0.8.16-150300.3.9.1.x86_64.rpm pam_snapper-0.8.16-150300.3.9.1.x86_64.rpm snapper-0.8.16-150300.3.9.1.src.rpm snapper-0.8.16-150300.3.9.1.x86_64.rpm snapper-zypp-plugin-0.8.16-150300.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3097 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) kubernetes1.28-1.28.13-150400.9.8.1.src.rpm kubernetes1.28-client-1.28.13-150400.9.8.1.x86_64.rpm kubernetes1.28-client-common-1.28.13-150400.9.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3098 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.27 fixes the following issues: Update kubernetes to version 1.27.16 - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) kubernetes1.27-1.27.16-150400.9.10.1.src.rpm kubernetes1.27-client-1.27.16-150400.9.10.1.x86_64.rpm kubernetes1.27-client-common-1.27.16-150400.9.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3174 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for bubblewrap and flatpak fixes the following issues: - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent (bsc#1229157) bubblewrap-0.4.1-150200.3.3.1.src.rpm bubblewrap-0.4.1-150200.3.3.1.x86_64.rpm flatpak-1.12.8-150400.3.9.1.src.rpm flatpak-1.12.8-150400.3.9.1.x86_64.rpm flatpak-devel-1.12.8-150400.3.9.1.x86_64.rpm flatpak-zsh-completion-1.12.8-150400.3.9.1.x86_64.rpm libflatpak0-1.12.8-150400.3.9.1.x86_64.rpm system-user-flatpak-1.12.8-150400.3.9.1.x86_64.rpm typelib-1_0-Flatpak-1_0-1.12.8-150400.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3245 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for maven, maven-resolver, sbt, xmvn fixes the following issues: maven-resolver was upgraded to version 1.9.22: - Bugs fixed: * Resolver-Supplier unusable in OSGi runtimes * Invalid Cookie set under proxy conditions * In typical setups, DefaultArtifact copies the same maps over and over again * Memory consumption improvements - New Features: * Import o.e.aether packages with the exact same version in OSGi metadata - Improvements: * Removed excessive strictness of OSGi dependency metadata maven was upgraded to version 3.9.9: - Bugs fixed: * Fixed search for topDirectory when using -f / --file for Maven 3.9.x * Fixed Maven not finding extensions for -f when current dir is root * Fixed warning for com.sun:tools:jar that refers to a non-existing file * Fixed profile activation based on OS properties for "mvn site" * Fixed Resolver wrongly assuming it is deploying a plugin by presence of META-INF/maven/plugins.xml in JAR * Fixed missing or mismatching Trusted Checksum for some artifacts is not properly reported * Fixed regression causing Property not resolved in profile pluginManagement sbt, xmvn: - Minor code improvements maven-3.9.9-150200.4.30.1.src.rpm maven-3.9.9-150200.4.30.1.x86_64.rpm maven-lib-3.9.9-150200.4.30.1.x86_64.rpm maven-resolver-1.9.22-150200.3.26.1.src.rpm maven-resolver-api-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-connector-basic-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-impl-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-named-locks-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-spi-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-file-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-http-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-transport-wagon-1.9.22-150200.3.26.1.noarch.rpm maven-resolver-util-1.9.22-150200.3.26.1.noarch.rpm xmvn-4.2.0-150200.3.27.1.src.rpm xmvn-4.2.0-150200.3.27.1.x86_64.rpm xmvn-api-4.2.0-150200.3.27.1.noarch.rpm xmvn-connector-4.2.0-150200.3.27.1.noarch.rpm xmvn-connector-4.2.0-150200.3.27.1.src.rpm xmvn-core-4.2.0-150200.3.27.1.noarch.rpm xmvn-install-4.2.0-150200.3.27.1.noarch.rpm xmvn-minimal-4.2.0-150200.3.27.1.x86_64.rpm xmvn-mojo-4.2.0-150200.3.27.1.noarch.rpm xmvn-mojo-4.2.0-150200.3.27.1.src.rpm xmvn-resolve-4.2.0-150200.3.27.1.noarch.rpm xmvn-subst-4.2.0-150200.3.27.1.noarch.rpm xmvn-tools-4.2.0-150200.3.27.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3175 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for mksusecd fixes the following issues: - Make some compression settings configurable (bsc#1223982, jsc#PED-8374). - Update documentation. - Fix UEFI image rebuild detection (bsc#1227668). - Allow updating kernel in live initrd. - Allow updating kernel in live root, support resizing live root. mksusecd-3.0-150400.3.24.4.src.rpm mksusecd-3.0-150400.3.24.4.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3180 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for binutils fixes the following issues: Update to current 2.43.1 branch [jsc#PED-10474]: Update to version 2.43: * new .base64 pseudo-op, allowing base64 encoded data as strings * Intel APX: add support for CFCMOV, CCMP, CTEST, zero-upper, NF (APX_F now fully supported) * x86 Intel syntax now warns about more mnemonic suffixes * macros and .irp/.irpc/.rept bodies can use \+ to get at number of times the macro/body was executed * aarch64: support 'armv9.5-a' for -march, add support for LUT and LUT2 * s390: base register operand in D(X,B) and D(L,B) can now be omitted (ala 'D(X,)'); warn when register type doesn't match operand type (use option 'warn-regtype-mismatch=[strict|relaxed|no]' to adjust) * riscv: support various extensions: Zacas, Zcmp, Zfbfmin, Zvfbfmin, Zvfbfwma, Smcsrind/Sscsrind, XCvMem, XCvBi, XCvElw, XSfCease, all at version 1.0; remove support for assembly of privileged spec 1.9.1 (linking support remains) * arm: remove support for some old co-processors: Maverick and FPA * mips: '--trap' now causes either trap or breakpoint instructions to be emitted as per current ISA, instead of always using trap insn and failing when current ISA was incompatible with that * LoongArch: accept .option pseudo-op for fine-grained control of assembly code options; add support for DT_RELR * readelf: now displays RELR relocations in full detail; add -j/--display-section to show just those section(s) content according to their type * objdump/readelf now dump also .eh_frame_hdr (when present) when dumping .eh_frame * gprofng: add event types for AMD Zen3/Zen4 and Intel Ice Lake processors; add minimal support for riscv * linker: - put .got and .got.plt into relro segment - add -z isa-level-report=[none|all|needed|used] to the x86 ELF linker to report needed and used x86-64 ISA levels - add --rosegment option which changes the -z separate-code option so that only one read-only segment is created (instead of two) - add --section-ordering-file <FILE> option to add extra mapping of input sections to output sections - add -plugin-save-temps to store plugin intermediate files permanently Update to version 2.42: * Add support for many aarch64 extensions: SVE2.1, SME2.1, B16B16, RASv2, LSE128, GCS, CHK, SPECRES2, LRCPC3, THE, ITE, D128, XS and flags to enable them: '+fcma', '+jscvt', '+frintts', '+flagm2', '+rcpc2' and '+wfxt' * Add experimantal support for GAS to synthesize call-frame-info for some hand-written asm (--scfi=experimental) on x86-64. * Add support for more x86-64 extensions: APX: 32 GPRs, NDD, PUSH2/POP2, PUSHP/POPP; USER_MSR, AVX10.1, PBNDKB, SM4, SM3, SHA512, AVX-VNNI-INT16. * Add support for more RISC-V extensions: T-Head v2.3.0, CORE-V v1.0, SiFive VCIX v1.0. * BPF assembler: ';' separates statements now, and does not introduce line comments anymore (use '#' or '//' for this). * x86-64 ld: Add '-z mark-plt/-z nomark-plt' to mark PLT entries with dynamic tags. * risc-v ld: Add '--[no-]check-uleb128'. * New linker script directive: REVERSE, to be combined with SORT_BY_NAME or SORT_BY_INIT_PRIORITY, reverses the generated order. * New linker options --warn-execstack-objects (warn only about execstack when input object files request it), and --error-execstack plus --error-rxw-segments to convert the existing warnings into errors. * objdump: Add -Z/--decompress to be used with -s/--full-contents to decompress section contents before displaying. * readelf: Add --extra-sym-info to be used with --symbols (currently prints section name of references section index). * objcopy: Add --set-section-flags for x86_64 to include SHF_X86_64_LARGE. * s390 disassembly: add target-specific disasm option 'insndesc', as in "objdump -M insndesc" to display an instruction description as comment along with the disassembly. - Add binutils-use-less-memory.diff to be a little nicer to 32bit userspace and huge links. [bsc#1216908] - Add libzstd-devel to Requires of binutils-devel. (bsc#1215341) binutils-2.43-150100.7.49.1.src.rpm binutils-2.43-150100.7.49.1.x86_64.rpm binutils-devel-2.43-150100.7.49.1.x86_64.rpm libctf-nobfd0-2.43-150100.7.49.1.x86_64.rpm libctf0-2.43-150100.7.49.1.x86_64.rpm binutils-devel-32bit-2.43-150100.7.49.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3162 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346) - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) - CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) - CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) - CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) - CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046) - CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224) java-1_8_0-ibm-1.8.0_sr8.30-150000.3.92.1.nosrc.rpm java-1_8_0-ibm-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-alsa-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-devel-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm java-1_8_0-ibm-plugin-1.8.0_sr8.30-150000.3.92.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3238 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). libblkid-devel-2.37.2-150400.8.35.2.x86_64.rpm libblkid-devel-static-2.37.2-150400.8.35.2.x86_64.rpm libblkid1-2.37.2-150400.8.35.2.x86_64.rpm libfdisk-devel-2.37.2-150400.8.35.2.x86_64.rpm libfdisk1-2.37.2-150400.8.35.2.x86_64.rpm libmount-devel-2.37.2-150400.8.35.2.x86_64.rpm libmount1-2.37.2-150400.8.35.2.x86_64.rpm libsmartcols-devel-2.37.2-150400.8.35.2.x86_64.rpm libsmartcols1-2.37.2-150400.8.35.2.x86_64.rpm libuuid-devel-2.37.2-150400.8.35.2.x86_64.rpm libuuid-devel-static-2.37.2-150400.8.35.2.x86_64.rpm libuuid1-2.37.2-150400.8.35.2.x86_64.rpm util-linux-2.37.2-150400.8.35.2.src.rpm util-linux-2.37.2-150400.8.35.2.x86_64.rpm util-linux-lang-2.37.2-150400.8.35.2.noarch.rpm util-linux-systemd-2.37.2-150400.8.35.2.src.rpm util-linux-systemd-2.37.2-150400.8.35.2.x86_64.rpm uuidd-2.37.2-150400.8.35.2.x86_64.rpm libblkid1-32bit-2.37.2-150400.8.35.2.x86_64.rpm libmount1-32bit-2.37.2-150400.8.35.2.x86_64.rpm libuuid1-32bit-2.37.2-150400.8.35.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3246 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for beust-jcommander fixes the following issues: - beust-jcommander was upgraded to version 1.83: * Fixed Docs Timestamp * Fixed JCommander does not recognize command by alias * Fixed missing null check * Renamed IRule to IParametersValidator * Added the new interface IRule, and the new rules attribute to @Paramters * Fixed @-syntax not working with command objects * Fixed regression with removed usage methods * Add OSGi entries in MANIFEST.MF during jar creation beust-jcommander-1.83-150200.3.13.1.noarch.rpm beust-jcommander-1.83-150200.3.13.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3234 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for grub2 fixes the following issues: - Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866) - Improved check for disk device when looking for PReP partition grub2-2.06-150400.11.49.1.src.rpm grub2-2.06-150400.11.49.1.x86_64.rpm grub2-i386-pc-2.06-150400.11.49.1.noarch.rpm grub2-snapper-plugin-2.06-150400.11.49.1.noarch.rpm grub2-systemd-sleep-plugin-2.06-150400.11.49.1.noarch.rpm grub2-x86_64-efi-2.06-150400.11.49.1.noarch.rpm grub2-x86_64-xen-2.06-150400.11.49.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3247 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for hamcrest fixes the following issues: - hamcrest was updated to version 3.0: * Breaking Changes: + From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar. * Improvements: + FileMatchersTest simplification + License cleanup hamcrest-3.0-150200.12.20.1.noarch.rpm hamcrest-3.0-150200.12.20.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3186 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for buildah fixes the following issues: Update to version 1.35.4: * CVE-2024-3727 updates (bsc#1224117) * Bump go-jose CVE-2024-28180 * Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: * correctly configure /etc/hosts and resolv.conf * buildah: refactor resolv/hosts setup. * rename the hostFile var to reflect * CVE-2024-24786 protobuf to 1.33 Update to version 1.35.1: * CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) Update to version 1.35.0: * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * Update module go.etcd.io/bbolt to v1.3.9 * Update module github.com/opencontainers/image-spec to v1.1.0 * build --all-platforms: skip some base "image" platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * imagebuildah: fix crash with empty RUN * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * Replace map[K]bool with map[K]struct{} where it makes sense * Bump CI VMs * Replace strings.SplitN with strings.Cut * Document use of containers-transports values in buildah * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * [skip-ci] Update actions/stale action to v9 * Ignore errors if label.Relabel returns ENOSUP buildah-1.35.4-150400.3.30.1.src.rpm buildah-1.35.4-150400.3.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3157 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821) - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block - CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran - CVE-2024-8383: Firefox did not ask before openings news: links in an external application - CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions - CVE-2024-8385: WASM type confusion involving ArrayTypes - CVE-2024-8386: SelectElements could be shown over another site if popups are allowed - CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 MozillaFirefox-128.2.0-150200.152.149.1.src.rpm MozillaFirefox-128.2.0-150200.152.149.1.x86_64.rpm MozillaFirefox-devel-128.2.0-150200.152.149.1.noarch.rpm MozillaFirefox-translations-common-128.2.0-150200.152.149.1.x86_64.rpm MozillaFirefox-translations-other-128.2.0-150200.152.149.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3170 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) libecpg6-16.4-150200.5.16.1.x86_64.rpm libpq5-16.4-150200.5.16.1.x86_64.rpm libpq5-32bit-16.4-150200.5.16.1.x86_64.rpm postgresql16-16.4-150200.5.16.1.src.rpm postgresql16-16.4-150200.5.16.1.x86_64.rpm postgresql16-contrib-16.4-150200.5.16.1.x86_64.rpm postgresql16-devel-16.4-150200.5.16.1.x86_64.rpm postgresql16-docs-16.4-150200.5.16.1.noarch.rpm postgresql16-plperl-16.4-150200.5.16.1.x86_64.rpm postgresql16-plpython-16.4-150200.5.16.1.x86_64.rpm postgresql16-pltcl-16.4-150200.5.16.1.x86_64.rpm postgresql16-server-16.4-150200.5.16.1.x86_64.rpm postgresql16-server-devel-16.4-150200.5.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3168 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 15.8 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql15-15.8-150200.5.30.1.src.rpm postgresql15-15.8-150200.5.30.1.x86_64.rpm postgresql15-contrib-15.8-150200.5.30.1.x86_64.rpm postgresql15-devel-15.8-150200.5.30.1.x86_64.rpm postgresql15-docs-15.8-150200.5.30.1.noarch.rpm postgresql15-plperl-15.8-150200.5.30.1.x86_64.rpm postgresql15-plpython-15.8-150200.5.30.1.x86_64.rpm postgresql15-pltcl-15.8-150200.5.30.1.x86_64.rpm postgresql15-server-15.8-150200.5.30.1.x86_64.rpm postgresql15-server-devel-15.8-150200.5.30.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3169 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql14-14.13-150200.5.47.1.src.rpm postgresql14-14.13-150200.5.47.1.x86_64.rpm postgresql14-contrib-14.13-150200.5.47.1.x86_64.rpm postgresql14-devel-14.13-150200.5.47.1.x86_64.rpm postgresql14-docs-14.13-150200.5.47.1.noarch.rpm postgresql14-plperl-14.13-150200.5.47.1.x86_64.rpm postgresql14-plpython-14.13-150200.5.47.1.x86_64.rpm postgresql14-pltcl-14.13-150200.5.47.1.x86_64.rpm postgresql14-server-14.13-150200.5.47.1.x86_64.rpm postgresql14-server-devel-14.13-150200.5.47.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3171 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresql16 fixes the following issues: - Upgrade to 13.16 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) postgresql13-13.16-150200.5.61.1.src.rpm postgresql13-13.16-150200.5.61.1.x86_64.rpm postgresql13-contrib-13.16-150200.5.61.1.x86_64.rpm postgresql13-devel-13.16-150200.5.61.1.x86_64.rpm postgresql13-docs-13.16-150200.5.61.1.noarch.rpm postgresql13-llvmjit-13.16-150200.5.61.1.x86_64.rpm postgresql13-llvmjit-devel-13.16-150200.5.61.1.x86_64.rpm postgresql13-plperl-13.16-150200.5.61.1.x86_64.rpm postgresql13-plpython-13.16-150200.5.61.1.x86_64.rpm postgresql13-pltcl-13.16-150200.5.61.1.x86_64.rpm postgresql13-server-13.16-150200.5.61.1.x86_64.rpm postgresql13-server-devel-13.16-150200.5.61.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3155 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.26 fixes the following issues: - CVE-2023-45288: Close connections when receiving too many headers. (bsc#1229869) kubernetes1.26-1.26.15-150400.9.14.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.14.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.14.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3242 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). strace-5.14-150400.3.3.2.src.rpm strace-5.14-150400.3.3.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3408 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). The following non-security bugs were fixed: - Bluetooth: L2CAP: Fix deadlock (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()" (bsc#1230413). - Revert "mm, kmsan: fix infinite recursion due to RCU critical section" (bsc#1230413). - Revert "mm/sparsemem: fix race in accessing memory_section->usage" (bsc#1230413). - nvme_core: scan namespaces asynchronously (bsc#1224105). kernel-default-5.14.21-150400.24.133.2.nosrc.rpm True kernel-default-5.14.21-150400.24.133.2.x86_64.rpm True kernel-default-base-5.14.21-150400.24.133.2.150400.24.64.5.src.rpm True kernel-default-base-5.14.21-150400.24.133.2.150400.24.64.5.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.133.2.x86_64.rpm True kernel-devel-5.14.21-150400.24.133.2.noarch.rpm True kernel-docs-5.14.21-150400.24.133.1.noarch.rpm True kernel-docs-5.14.21-150400.24.133.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.133.2.noarch.rpm True kernel-obs-build-5.14.21-150400.24.133.2.src.rpm True kernel-obs-build-5.14.21-150400.24.133.2.x86_64.rpm True kernel-source-5.14.21-150400.24.133.2.noarch.rpm True kernel-source-5.14.21-150400.24.133.2.src.rpm True kernel-syms-5.14.21-150400.24.133.1.src.rpm True kernel-syms-5.14.21-150400.24.133.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.133.2.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3222 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) runc-1.1.14-150000.70.1.src.rpm runc-1.1.14-150000.70.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3221 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) containerd-1.7.21-150000.117.1.src.rpm containerd-1.7.21-150000.117.1.x86_64.rpm containerd-ctr-1.7.21-150000.117.1.x86_64.rpm containerd-devel-1.7.21-150000.117.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3244 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for scap-security-guide fixes the following issues: - Version update (jsc#ECO-3319). - Add Amazon Linux 2023 product - Introduce new remediation type Kickstart - Make PAM macros more flexible to variables - Remove Debian 10 Product - Remove Red Hat Enterprise Linux 7 product - Update CIS RHEL9 control file to v2.0.0 scap-security-guide-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-0.1.74-150000.1.86.2.src.rpm scap-security-guide-debian-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-redhat-0.1.74-150000.1.86.2.noarch.rpm scap-security-guide-ubuntu-0.1.74-150000.1.86.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3358 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ffmpeg-4 fixes the following issues: - Dropped support for libmfx to fix the following CVEs: * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) - CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026) ffmpeg-4-4.4-150400.3.42.1.src.rpm libavcodec58_134-4.4-150400.3.42.1.x86_64.rpm libavformat58_76-4.4-150400.3.42.1.x86_64.rpm libavutil56_70-4.4-150400.3.42.1.x86_64.rpm libpostproc55_9-4.4-150400.3.42.1.x86_64.rpm libswresample3_9-4.4-150400.3.42.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3259 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for rmt-server contains the following fixes: - Version 2.19 * Fix for mirroring products that contain special characters (eg.: '$') in their path * rmt-server-pubcloud: * Support registration of extensions in BYOS mode on top of a PAYG system (hybrid mode) (jsc#PCT-400) * Validate repository and registy access for hybrid systems - Include new script to fix yum-utils issue (jsc#SLL-369) rmt-server-2.19-150400.3.31.3.src.rpm rmt-server-2.19-150400.3.31.3.x86_64.rpm rmt-server-config-2.19-150400.3.31.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3263 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3-dmidecode fixes the following issues: - python3-dmidecode was updated to version 3.12.3 (bsc#1229855): * Added support for SMBIOS3.3.0 python3-dmidecode-3.12.3-150400.21.2.src.rpm python3-dmidecode-3.12.3-150400.21.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3412 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-kiwi fixes the following issues: - Fixed resize of DOS table type on s390 systems (bsc#1228729) dracut-kiwi-lib-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-live-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-oem-dump-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-oem-repart-9.24.43-150100.3.87.2.x86_64.rpm dracut-kiwi-overlay-9.24.43-150100.3.87.2.x86_64.rpm kiwi-man-pages-9.24.43-150100.3.87.2.x86_64.rpm kiwi-pxeboot-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-bootloaders-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-containers-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-core-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-disk-images-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-filesystems-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-image-validation-9.24.43-150100.3.87.2.x86_64.rpm kiwi-systemdeps-iso-media-9.24.43-150100.3.87.2.x86_64.rpm kiwi-tools-9.24.43-150100.3.87.2.x86_64.rpm python-kiwi-9.24.43-150100.3.87.2.src.rpm python3-kiwi-9.24.43-150100.3.87.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3485 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) - Fix wrong numbers used in CommitSummary skipped/failed messages. PackageKit-1.2.4-150400.3.22.1.src.rpm True PackageKit-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-backend-zypp-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-devel-1.2.4-150400.3.22.1.x86_64.rpm True PackageKit-lang-1.2.4-150400.3.22.1.noarch.rpm True libpackagekit-glib2-18-1.2.4-150400.3.22.1.x86_64.rpm True libpackagekit-glib2-devel-1.2.4-150400.3.22.1.x86_64.rpm True libzypp-17.35.11-150400.3.90.1.src.rpm True libzypp-17.35.11-150400.3.90.1.x86_64.rpm True libzypp-devel-17.35.11-150400.3.90.1.x86_64.rpm True typelib-1_0-PackageKitGlib-1_0-1.2.4-150400.3.22.1.x86_64.rpm True zypper-1.14.77-150400.3.62.2.src.rpm True zypper-1.14.77-150400.3.62.2.x86_64.rpm True zypper-log-1.14.77-150400.3.62.2.noarch.rpm True zypper-needs-restarting-1.14.77-150400.3.62.2.noarch.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3300 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) libncurses5-6.1-150000.5.27.1.x86_64.rpm libncurses6-6.1-150000.5.27.1.x86_64.rpm ncurses-6.1-150000.5.27.1.src.rpm ncurses-devel-6.1-150000.5.27.1.x86_64.rpm ncurses-utils-6.1-150000.5.27.1.x86_64.rpm ncurses5-devel-6.1-150000.5.27.1.x86_64.rpm tack-6.1-150000.5.27.1.x86_64.rpm terminfo-6.1-150000.5.27.1.x86_64.rpm terminfo-base-6.1-150000.5.27.1.x86_64.rpm terminfo-iterm-6.1-150000.5.27.1.x86_64.rpm terminfo-screen-6.1-150000.5.27.1.x86_64.rpm libncurses5-32bit-6.1-150000.5.27.1.x86_64.rpm libncurses6-32bit-6.1-150000.5.27.1.x86_64.rpm ncurses-devel-32bit-6.1-150000.5.27.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3331 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for colord fixes the following issue: - Remove script in %pre to change ownership of /var/lib/colord (bsc#1208056). colord-1.4.5-150400.4.6.3.src.rpm colord-color-profiles-1.4.5-150400.4.6.3.x86_64.rpm libcolord-devel-1.4.5-150400.4.6.3.x86_64.rpm libcolord2-1.4.5-150400.4.6.3.x86_64.rpm libcolorhug2-1.4.5-150400.4.6.3.x86_64.rpm typelib-1_0-Colord-1_0-1.4.5-150400.4.6.3.x86_64.rpm typelib-1_0-Colorhug-1_0-1.4.5-150400.4.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3332 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240910 release (bsc#1230400) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. ucode-intel-20240910-150200.47.1.src.rpm True ucode-intel-20240910-150200.47.1.x86_64.rpm True SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3305 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for clamav fixes the following issues: - Update to version 0.103.12 - CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) - CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) clamav-0.103.12-150000.3.53.1.src.rpm clamav-0.103.12-150000.3.53.1.x86_64.rpm clamav-devel-0.103.12-150000.3.53.1.x86_64.rpm libclamav9-0.103.12-150000.3.53.1.x86_64.rpm libfreshclam2-0.103.12-150000.3.53.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3503 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). glibc-2.31-150300.89.2.src.rpm glibc-2.31-150300.89.2.x86_64.rpm glibc-devel-2.31-150300.89.2.x86_64.rpm glibc-devel-static-2.31-150300.89.2.x86_64.rpm glibc-extra-2.31-150300.89.2.x86_64.rpm glibc-i18ndata-2.31-150300.89.2.noarch.rpm glibc-info-2.31-150300.89.2.noarch.rpm glibc-lang-2.31-150300.89.2.noarch.rpm glibc-locale-2.31-150300.89.2.x86_64.rpm glibc-locale-base-2.31-150300.89.2.x86_64.rpm glibc-locale-base-32bit-2.31-150300.89.1.x86_64.rpm glibc-profile-2.31-150300.89.2.x86_64.rpm glibc-utils-2.31-150300.89.2.x86_64.rpm glibc-utils-src-2.31-150300.89.2.src.rpm nscd-2.31-150300.89.2.x86_64.rpm glibc-2.31-150300.89.1.src.rpm glibc-32bit-2.31-150300.89.1.x86_64.rpm glibc-devel-32bit-2.31-150300.89.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3298 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-dnspython fixes the following issue: - Fix CVE-2023-29483 (bsc#1230353). python-dnspython-1.15.0-150000.3.10.2.src.rpm python3-dnspython-1.15.0-150000.3.10.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3316 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for ddclient fixes the following issues: - Remove buildRequires to perl(HTTP::Message::PSGI) not available and needed only for tests. - Add curl as BuildRequires/Requires to be able to use the '-curl' option (eg. in DDCLIENT_OPTIONS in /etc/sysconfig/ddclient). - Minor version update * Added support for domaindiscount24.com * Added support for njal.la * Added support for Cloudflare API tokens * Added support for OVH DynHost. * Added support for ClouDNS. * Added support for dinahosting. * Added support for Gandi LiveDNS. * The freedns protocol (for https://freedns.afraid.org) now supports IPv6 addresses. * New ssl_ca_dir and ssl_ca_file options to specify the location of CA certificates. * New built-in IP discovery service shorthands: + googledomains from https://domains.google + he from https://he.net ip+4only.me, ip6only.me from http://whatismyv6.com + ipify-ipv4 and ipify-ipv6 from https://www.ipify.org + myonlineportal from https://myonlineportal.net + noip-ipv4 and noip-ipv6 from https://www.noip.com + nsupdate.info-ipv4 and nsupdate.info-ipv6 from + https://www.nsupdate.info + zoneedit from https://www.zoneedit.com * Added option -curl to access network with system Curl command instead of the Perl built-in IO::Socket classes. * Added option -{no}web-ssl-validate and -{no}fw-ssl-validateto provide option to disable SSL certificate validation. Note that these only apply for network access when obtaining an IP address with use=web or use=fw (any firewall). Network access to Dynamic DNS servers to set or retrieve IP address will always require certificate validation. * The fw-banlocal option is deprecated and no longer does anything. * The if-skip option is deprecated and no longer does anything. * The default server for the dslreports1 protocol changed from members.dyndns.org to www.dslreports.com. * Removed support for defunct dnsspark service * Removed support for defunct dtdns service * Removed support for defunct Hammernode service - (Bug) ddclient no longer sends info mails add SupplementaryGroups=maildrop to service file (bsc#1191885). - rebase patches - update Source to %{name}-%{version} - Modify the systemd service file so ddclient is run After network-online.target instead of just network.target, since running ddclient without being online is pointless. - Added a Wants statement for the same systemd targets as in After - Added hardening to systemd service(s). - systemd-tmpfiles need updating from /var/run/* to /run/* (bsc#1127387). - fix for unit systemd-tmpfiles-setup.service entered failed state (bsc#881520). - Require perl-Data-Validate-IP. - remove leftover debug line in init script (bsc#267306). ddclient-3.10.0-150000.3.10.3.noarch.rpm ddclient-3.10.0-150000.3.10.3.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3470 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. libpython3_6m1_0-3.6.15-150300.10.72.1.x86_64.rpm python3-3.6.15-150300.10.72.1.src.rpm python3-3.6.15-150300.10.72.1.x86_64.rpm python3-base-3.6.15-150300.10.72.1.x86_64.rpm python3-core-3.6.15-150300.10.72.1.src.rpm python3-curses-3.6.15-150300.10.72.1.x86_64.rpm python3-dbm-3.6.15-150300.10.72.1.x86_64.rpm python3-devel-3.6.15-150300.10.72.1.x86_64.rpm python3-idle-3.6.15-150300.10.72.1.x86_64.rpm python3-tk-3.6.15-150300.10.72.1.x86_64.rpm python3-tools-3.6.15-150300.10.72.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3473 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for postgresq, postgresql-pgagentl fixes the following issues: - Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. (bsc#1230423) postgresql-pgagent is rebuilt with updated requirements. postgresql-16-150400.4.15.2.noarch.rpm postgresql-16-150400.4.15.2.src.rpm postgresql-contrib-16-150400.4.15.2.noarch.rpm postgresql-devel-16-150400.4.15.2.noarch.rpm postgresql-docs-16-150400.4.15.2.noarch.rpm postgresql-llvmjit-16-150400.4.15.2.noarch.rpm postgresql-llvmjit-devel-16-150400.4.15.2.noarch.rpm postgresql-plperl-16-150400.4.15.2.noarch.rpm postgresql-plpython-16-150400.4.15.2.noarch.rpm postgresql-pltcl-16-150400.4.15.2.noarch.rpm postgresql-server-16-150400.4.15.2.noarch.rpm postgresql-server-devel-16-150400.4.15.2.noarch.rpm postgresql13-pgagent-4.0.0-150400.17.2.1.src.rpm postgresql13-pgagent-4.0.0-150400.17.2.1.x86_64.rpm postgresql14-pgagent-4.0.0-150400.17.2.1.src.rpm postgresql14-pgagent-4.0.0-150400.17.2.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3479 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for deltarpm fixes the following issue: - Version update with support for archive files bigger than 2GByte (bsc#1230547). deltarpm-3.6.5-150000.5.6.3.src.rpm deltarpm-3.6.5-150000.5.6.3.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3344 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for kubernetes1.25 fixes the following issues: - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Update go to version 1.22.5 in build requirements. (bsc#1229858) kubernetes1.25-1.25.16-150400.9.16.1.src.rpm kubernetes1.25-client-1.25.16-150400.9.16.1.x86_64.rpm kubernetes1.25-client-common-1.25.16-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3491 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for xerces-c fixes the following issues: - Enable gnuiconv transcoder (bsc#1223088) libxerces-c-3_2-3.2.3-150300.3.9.1.x86_64.rpm libxerces-c-devel-3.2.3-150300.3.9.1.x86_64.rpm xerces-c-3.2.3-150300.3.9.1.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3330 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229, bsc#1229014) libsuseconnect-1.12.0-150400.3.39.2.x86_64.rpm suseconnect-ng-1.12.0-150400.3.39.2.src.rpm suseconnect-ng-1.12.0-150400.3.39.2.x86_64.rpm suseconnect-ruby-bindings-1.12.0-150400.3.39.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3482 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for realmd fixes the following issues: - Use 'additional dns hostnames' with net ads join; (bsc#1230334). - Use 'dnshostname' with net ads join;(bsc#1230334). realmd-0.16.3-150200.3.9.2.src.rpm realmd-0.16.3-150200.3.9.2.x86_64.rpm realmd-lang-0.16.3-150200.3.9.2.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3477 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). curl-8.0.1-150400.5.53.2.src.rpm curl-8.0.1-150400.5.53.2.x86_64.rpm libcurl-devel-8.0.1-150400.5.53.2.x86_64.rpm libcurl4-32bit-8.0.1-150400.5.53.2.x86_64.rpm libcurl4-8.0.1-150400.5.53.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3486 low SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python-looseversion, python-pyzmq, python-msgpack fixes the following issues: - Add python311-looseversion, python311-pyzmq and python311-msgpack. (jsc#PED-5848) python-looseversion-1.3.0-150400.10.3.1.src.rpm python-msgpack-1.0.7-150400.10.3.1.src.rpm python-pyzmq-25.1.2-150400.12.3.1.src.rpm python311-looseversion-1.3.0-150400.10.3.1.noarch.rpm python311-msgpack-1.0.7-150400.10.3.1.x86_64.rpm python311-pyzmq-25.1.2-150400.12.3.1.x86_64.rpm python311-pyzmq-devel-25.1.2-150400.12.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3418 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python311 fixes the following issues: - Update python311 to version 3.11.10. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) - CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) libpython3_11-1_0-3.11.10-150400.9.35.1.x86_64.rpm python311-3.11.10-150400.9.35.1.src.rpm python311-3.11.10-150400.9.35.1.x86_64.rpm python311-base-3.11.10-150400.9.35.1.x86_64.rpm python311-core-3.11.10-150400.9.35.1.src.rpm python311-curses-3.11.10-150400.9.35.1.x86_64.rpm python311-dbm-3.11.10-150400.9.35.1.x86_64.rpm python311-devel-3.11.10-150400.9.35.1.x86_64.rpm python311-doc-3.11.10-150400.9.35.1.x86_64.rpm python311-doc-devhelp-3.11.10-150400.9.35.1.x86_64.rpm python311-documentation-3.11.10-150400.9.35.1.src.rpm python311-idle-3.11.10-150400.9.35.1.x86_64.rpm python311-tk-3.11.10-150400.9.35.1.x86_64.rpm python311-tools-3.11.10-150400.9.35.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3357 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for python310 fixes the following issues: - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704) - CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1229596) - CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227) libpython3_10-1_0-3.10.15-150400.4.57.1.x86_64.rpm python310-3.10.15-150400.4.57.1.src.rpm python310-3.10.15-150400.4.57.1.x86_64.rpm python310-base-3.10.15-150400.4.57.1.x86_64.rpm python310-core-3.10.15-150400.4.57.1.src.rpm python310-curses-3.10.15-150400.4.57.1.x86_64.rpm python310-dbm-3.10.15-150400.4.57.1.x86_64.rpm python310-devel-3.10.15-150400.4.57.1.x86_64.rpm python310-idle-3.10.15-150400.4.57.1.x86_64.rpm python310-tk-3.10.15-150400.4.57.1.x86_64.rpm python310-tools-3.10.15-150400.4.57.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3360 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 container-suseconnect-2.5.0-150000.4.55.1.src.rpm container-suseconnect-2.5.0-150000.4.55.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3489 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for installation-images fixes the following issues: - Rebuilding images with newer grub2 installation-images-SLES-16.57.29-150400.3.21.1.src.rpm tftpboot-installation-SLE-15-SP4-aarch64-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-ppc64le-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-s390x-16.57.29-150400.3.21.1.noarch.rpm tftpboot-installation-SLE-15-SP4-x86_64-16.57.29-150400.3.21.1.noarch.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3472 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libsodium fixes the following issues: libsodium: - Version update from 1.0.16 to 1.0.18 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) * Emscripten: print and printErr functions are overridden to send errors to the console, if there is one * Emscripten: UTF8ToString() is now exported since Pointer_stringify() has been deprecated * Libsodium version detection has been fixed in the CMake recipe * Generic hashing got a 10% speedup on AVX2. * New target: WebAssembly/WASI (compile with dist-builds/wasm32-wasi.sh) * New functions to map a hash to an edwards25519 point or get a random point: core_ed25519_from_hash() and core_ed25519_random() * crypto_core_ed25519_scalar_mul() has been implemented for scalar*scalar (mod L) multiplication * Support for the Ristretto group has been implemented for interoperability with wasm-crypto * Improvements have been made to the test suite * Portability improvements have been made * 'randombytes_salsa20' has been 'renamed to randombytes_internal' * Support for NativeClient has been removed * Most ((nonnull)) attributes have been relaxed to allow 0-length inputs to be NULL. * The -ftree-vectorize and -ftree-slp-vectorize compiler switches are now used, if available, for optimized builds * For the full list of changes please consult the packaged ChangeLog - Disable LTO to bypass build failures on Power PC architecture (bsc#1148184) libsodium-1.0.18-150000.4.8.1.src.rpm libsodium-devel-1.0.18-150000.4.8.1.x86_64.rpm libsodium23-1.0.18-150000.4.8.1.x86_64.rpm libsodium23-32bit-1.0.18-150000.4.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3487 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) logrotate-3.18.1-150400.3.10.1.src.rpm logrotate-3.18.1-150400.3.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3451 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) pam-config-1.1-150200.3.9.1.src.rpm pam-config-1.1-150200.3.9.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3478 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for quagga fixes the following issues: - CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866) - CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438) - CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023) libfpm_pb0-1.1.1-150400.12.8.1.x86_64.rpm libospf0-1.1.1-150400.12.8.1.x86_64.rpm libospfapiclient0-1.1.1-150400.12.8.1.x86_64.rpm libquagga_pb0-1.1.1-150400.12.8.1.x86_64.rpm libzebra1-1.1.1-150400.12.8.1.x86_64.rpm quagga-1.1.1-150400.12.8.1.src.rpm quagga-1.1.1-150400.12.8.1.x86_64.rpm quagga-devel-1.1.1-150400.12.8.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3458 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.24 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.24-1.24.17-150400.9.18.1.src.rpm kubernetes1.24-client-1.24.17-150400.9.18.1.x86_64.rpm kubernetes1.24-client-common-1.24.17-150400.9.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3457 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.25 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.25-1.25.16-150400.9.18.1.src.rpm kubernetes1.25-client-1.25.16-150400.9.18.1.x86_64.rpm kubernetes1.25-client-common-1.25.16-150400.9.18.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3456 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.26 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.26-1.26.15-150400.9.16.1.src.rpm kubernetes1.26-client-1.26.15-150400.9.16.1.x86_64.rpm kubernetes1.26-client-common-1.26.15-150400.9.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3455 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.27 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.27-1.27.16-150400.9.12.1.src.rpm kubernetes1.27-client-1.27.16-150400.9.12.1.x86_64.rpm kubernetes1.27-client-common-1.27.16-150400.9.12.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3454 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update of kubernetes1.28 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). kubernetes1.28-1.28.13-150400.9.10.1.src.rpm kubernetes1.28-client-1.28.13-150400.9.10.1.x86_64.rpm kubernetes1.28-client-common-1.28.13-150400.9.10.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3490 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for perl-XML-LibXSLT fixes the following issues: - testsuite: do not check version of libxslt and libxml2 (bsc#1197798) perl-XML-LibXSLT-1.95-150000.3.3.1.src.rpm perl-XML-LibXSLT-1.95-150000.3.3.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3524 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for frr fixes the following issue: - Arithmetic overflow when parsing attribute of update packet due to regression introduced by the fix for CVE-2017-15865. (bsc#1230866) frr-7.4-150300.4.32.1.src.rpm frr-7.4-150300.4.32.1.x86_64.rpm frr-devel-7.4-150300.4.32.1.x86_64.rpm libfrr0-7.4-150300.4.32.1.x86_64.rpm libfrr_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrcares0-7.4-150300.4.32.1.x86_64.rpm libfrrfpm_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrgrpc_pb0-7.4-150300.4.32.1.x86_64.rpm libfrrospfapiclient0-7.4-150300.4.32.1.x86_64.rpm libfrrsnmp0-7.4-150300.4.32.1.x86_64.rpm libfrrzmq0-7.4-150300.4.32.1.x86_64.rpm libmlag_pb0-7.4-150300.4.32.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3530 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). libpcap-1.10.1-150400.3.6.2.src.rpm libpcap-devel-1.10.1-150400.3.6.2.x86_64.rpm libpcap1-1.10.1-150400.3.6.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3539 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for obs-service-docker_label_helper fixes the following issues: - Support Docker.FLAVOR in _multibuild (bsc#1225985). - Handle LABEL statements with any whitespace and LABEL values containing "=" properly. - Do not ever use "%setup -n ." and use "%setup -c" instead, which creates the appropriate %{name}-%{version} directory expected. - Avoid mangling whitespace by using gsub instead of assigning to fields obs-service-docker_label_helper-0.0-150200.5.9.2.noarch.rpm obs-service-docker_label_helper-0.0-150200.5.9.2.src.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3525 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) libopenssl-3-devel-3.0.8-150400.4.66.1.x86_64.rpm libopenssl3-3.0.8-150400.4.66.1.x86_64.rpm openssl-3-3.0.8-150400.4.66.1.src.rpm openssl-3-3.0.8-150400.4.66.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3527 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). e2fsprogs-1.46.4-150400.3.9.2.src.rpm e2fsprogs-1.46.4-150400.3.9.2.x86_64.rpm e2fsprogs-devel-1.46.4-150400.3.9.2.x86_64.rpm libcom_err-devel-1.46.4-150400.3.9.2.x86_64.rpm libcom_err-devel-static-1.46.4-150400.3.9.2.x86_64.rpm libcom_err2-1.46.4-150400.3.9.2.x86_64.rpm libcom_err2-32bit-1.46.4-150400.3.9.2.x86_64.rpm libext2fs-devel-1.46.4-150400.3.9.2.x86_64.rpm libext2fs-devel-static-1.46.4-150400.3.9.2.x86_64.rpm libext2fs2-1.46.4-150400.3.9.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3519 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979): - CVE-2024-8900: Clipboard write permission bypass - CVE-2024-9392: Compromised content process can bypass site isolation - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects - CVE-2024-9397: Potential directory upload bypass via clickjacking - CVE-2024-9398: External protocol handlers could be enumerated via popups - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service - CVE-2024-9400: Potential memory corruption during JIT compilation - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 MozillaFirefox-128.3.0-150200.152.152.1.src.rpm MozillaFirefox-128.3.0-150200.152.152.1.x86_64.rpm MozillaFirefox-devel-128.3.0-150200.152.152.1.noarch.rpm MozillaFirefox-translations-common-128.3.0-150200.152.152.1.x86_64.rpm MozillaFirefox-translations-other-128.3.0-150200.152.152.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3531 moderate SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for collectd fixes the following issue: - Fixing collectd syntax errors (bsc#1230895) collectd-5.12.0-150400.3.5.2.src.rpm collectd-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-buddyinfo-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-connectivity-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-dbi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ipmi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-java-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-logparser-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-lua-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-mcelog-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-memcachec-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-mysql-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-notify-desktop-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-nut-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-openldap-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ovs-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-pcie-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-pinba-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-postgresql-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-procevent-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-python3-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-smart-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-snmp-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-synproxy-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-sysevent-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-ubi-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-uptime-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-virt-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_influxdb_udp-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_stackdriver-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugin-write_syslog-5.12.0-150400.3.5.2.x86_64.rpm collectd-plugins-all-5.12.0-150400.3.5.2.x86_64.rpm collectd-spamassassin-5.12.0-150400.3.5.2.x86_64.rpm collectd-web-5.12.0-150400.3.5.2.x86_64.rpm collectd-web-js-5.12.0-150400.3.5.2.x86_64.rpm libcollectdclient-devel-5.12.0-150400.3.5.2.x86_64.rpm libcollectdclient1-5.12.0-150400.3.5.2.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3523 critical SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 This update for cups-filters fixes the following issues: - cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocols(bsc#1230939, CVE-2024-47176) cups-filters-1.25.0-150200.3.16.1.src.rpm cups-filters-1.25.0-150200.3.16.1.x86_64.rpm cups-filters-devel-1.25.0-150200.3.16.1.x86_64.rpm SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3547 important SUSE Updates SLE-Product-SLES 15-SP4-LTSS x86 64 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2024-41087: Fix double free on error (bsc#1228466). - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). The following non-security bugs were fixed: - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - kabi: add __nf_queue_get_refs() for kabi compliance. - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016). kernel-default-5.14.21-150400.24.136.1.nosrc.rpm True kernel-default-5.14.21-150400.24.136.1.x86_64.rpm True kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1.src.rpm True kernel-default-base-5.14.21-150400.24.136.1.150400.24.66.1.x86_64.rpm True kernel-default-devel-5.14.21-150400.24.136.1.x86_64.rpm True kernel-devel-5.14.21-150400.24.136.1.noarch.rpm True kernel-docs-5.14.21-150400.24.136.1.noarch.rpm True kernel-docs-5.14.21-150400.24.136.1.nosrc.rpm True kernel-macros-5.14.21-150400.24.136.1.noarch.rpm True kernel-obs-build-5.14.21-150400.24.136.1.src.rpm True kernel-obs-build-5.14.21-150400.24.136.1.x86_64.rpm True kernel-source-5.14.21-150400.24.136.1.noarch.rpm True kernel-source-5.14.21-150400.24.136.1.src.rpm True kernel-syms-5.14.21-150400.24.136.1.src.rpm True kernel-syms-5.14.21-150400.24.136.1.x86_64.rpm True reiserfs-kmp-default-5.14.21-150400.24.136.1.x86_64.rpm True