Container summary for bci/openjdk-devel

• Package rebuilt to account for the new jakarta-inject dependency

• Fixed build with jakarta-inject, which was introduced as a new google-guice dependency

• Use plexus-metadata-generator executable directly to simplify build classpath

• Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more

• Added dependency on jakarta-inject, needed by google-guice 6.0.0

• Added dependency on plexus-xml where relevant

• Changes in version 2.2.0:

• Changes in version 2.1.1:

• Changes in version 4.0.0:

• Changes in version 3.0.1:

• Require the new plexus-xml package to fix build

• Provide plexus-containers-container-default for easier update
• Add dependency on plexus-xml where relevant
• Changes of sisu version 0.9.0.M3:

• Changes of sisu version 0.9.0.M2:

• Changes of sisu.inject version 9.0.M1:

• Changes of sisu.plexus version 0.9.0.M2:

• Changes of sisu.plexus version 0.9.0.M1:

• Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project

This update for shadow fixes the following issues:

• CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

This update of libxkbcommon fixes the following issue:

• ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322)

This update for patterns-base fixes the following issues:
Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt.
Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries.

This update for mozilla-nss fixes the following issues:

• Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
• Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358).

• FIPS: added safe memsets (bsc#1222811)
• FIPS: restrict AES-GCM (bsc#1222830)
• FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
• FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
• FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)

• Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918)

• bmo#1905691 - ChaChaXor to return after the function

• GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.

• add diagnostic assertions for SFTKObject refcount.
• freeing the slot in DeleteCertAndKey if authentication failed
• fix formatting issues.
• Add Firmaprofesional CA Root-A Web to NSS.
• remove invalid acvp fuzz test vectors.
• pad short P-384 and P-521 signatures gtests.
• remove unused FreeBL ECC code.
• pad short P-384 and P-521 signatures.
• be less strict about ECDSA private key length.
• Integrate HACL* P-521.
• Integrate HACL* P-384.
• memory leak in create_objects_from_handles.
• ensure all input is consumed in a few places in mozilla::pkix
• SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
• clean up escape handling
• Use lib::pkix as default validator instead of the old-one
• Need to add high level support for PQ signing.
• Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
• SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
• Allow for non-full length ecdsa signature when using softoken
• Modification of .taskcluster.yml due to mozlint indent defects
• Implement support for PBMAC1 in PKCS#12
• disable VLA warnings for fuzz builds.
• remove redundant AllocItem implementation.
• add PK11_ReadDistrustAfterAttribute.
• - Clang-formatting of SEC_GetMgfTypeByOidTag update
• Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
• sftk_getParameters(): Fix fallback to default variable after error with configfile.
• Switch to the mozillareleases/image_builder image

• switch from ec_field_GFp to ec_field_plain

• merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
• remove ckcapi.
• avoid a potential PK11GenericObject memory leak.
• Remove incomplete ESDH code.
• Decrypt RSA OAEP encrypted messages.
• Fix certutil CRLDP URI code.
• Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
• Add ability to encrypt and decrypt CMS messages using ECDH.
• Correct Templates for key agreement in smime/cmsasn.c.
• Moving the decodedCert allocation to NSS.
• Allow developers to speed up repeated local execution of NSS tests that depend on certificates.

• Removing check for message len in ed25519 (bmo#1325335)
• add ed25519 to SECU_ecName2params. (bmo#1884276)
• add EdDSA wycheproof tests. (bmo#1325335)
• nss/lib layer code for EDDSA. (bmo#1325335)
• Adding EdDSA implementation. (bmo#1325335)
• Exporting Certificate Compression types (bmo#1881027)
• Updating ACVP docker to rust 1.74 (bmo#1880857)
• Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
• Add NSS_CMSRecipient_IsSupported. (bmo#1877730)

• (CVE-2023-5388) Timing attack against RSA decryption in TLS
• Certificate Compression: enabling the check that the compression was advertised
• Move Windows workers to nss-1/b-win2022-alpha
• Remove Email trust bit from OISTE WISeKey Global Root GC CA
• Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
• Certificate Compression: Updating nss_bogo_shim to support Certificate compression
• TLS Certificate Compression (RFC 8879) Implementation
• Add valgrind annotations to freebl kyber operations for constant-time execution tests
• Set nssckbi version number to 2.66
• Add Telekom Security roots
• Add D-Trust 2022 S/MIME roots
• Remove expired Security Communication RootCA1 root
• move keys to a slot that supports concatenation in PK11_ConcatSymKeys
• remove unmaintained tls-interop tests
• bogo: add support for the -ipv6 and -shim-id shim flags
• bogo: add support for the -curves shim flag and update Kyber expectations
• bogo: adjust expectation for a key usage bit test
• mozpkix: add option to ignore invalid subject alternative names
• Fix selfserv not stripping `publicname:` from -X value
• take ownership of ecckilla shims
• add valgrind annotations to freebl/ec.c
• PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
• Update zlib to 1.3.1

• make Xyber768d00 opt-in by policy
• add libssl support for xyber768d00
• add PK11_ConcatSymKeys
• add Kyber and a PKCS#11 KEM interface to softoken
• add a FreeBL API for Kyber
• part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
• part 1: add a script for vendoring kyber from pq-crystals repo
• Removing the calls to RSA Blind from loader.*
• fix worker type for level3 mac tasks
• RSA Blind implementation
• Remove DSA selftests
• read KWP testvectors from JSON
• Backed out changeset dcb174139e4f
• Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
• Wrap CC shell commands in gyp expansions

• Use pypi dependencies for MacOS worker in ./build_gyp.sh
• p7sign: add -a hash and -u certusage (also p7verify cleanups)
• add a defensive check for large ssl_DefSend return values
• Add dependency to the taskcluster script for Darwin
• Upgrade version of the MacOS worker for the CI

• Bump builtins version number.
• Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
• Remove 4 DigiCert (Symantec/Verisign) Root Certificates
• Remove 3 TrustCor Root Certificates from NSS.
• Remove Camerfirma root certificates from NSS.
• Remove old Autoridad de Certificacion Firmaprofesional Certificate.
• Add four Commscope root certificates to NSS.
• Add TrustAsia Global Root CA G3 and G4 root certificates.
• Include P-384 and P-521 Scalar Validation from HACL*
• Include P-256 Scalar Validation from HACL*.
• After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
• Add means to provide library parameters to C_Initialize
• add OSXSAVE and XCR0 tests to AVX2 detection.
• Typo in ssl3_AppendHandshakeNumber
• Introducing input check of ssl3_AppendHandshakeNumber
• Fix Invalid casts in instance.c

• Updated code and commit ID for HACL*
• update ACVP fuzzed test vector: refuzzed with current NSS
• Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
• NSS needs a database tool that can dump the low level representation of the database
• declare string literals using char in pkixnames_tests.cpp
• avoid implicit conversion for ByteString
• update rust version for acvp docker
• Moving the init function of the mpi_ints before clean-up in ec.c
• P-256 ECDH and ECDSA from HACL*
• Add ACVP test vectors to the repository
• Stop relying on std::basic_string
• Transpose the PPC_ABI check from Makefile to gyp

• Update zlib in NSS to 1.3.
• softoken: iterate hashUpdate calls for long inputs.
• regenerate NameConstraints test certificates (bsc#1214980).

• Set nssckbi version number to 2.62
• Add 4 Atos TrustedRoot Root CA certificates to NSS
• Add 4 SSL.com Root CA certificates
• Add Sectigo E46 and R46 Root CA certificates
• Add LAWtrust Root CA2 (4096)
• Remove E-Tugra Certification Authority root
• Remove Camerfirma Chambers of Commerce Root.
• Remove Hongkong Post Root CA 1
• Remove E-Tugra Global Root CA ECC v3 and RSA v3
• Avoid redefining BYTE_ORDER on hppa Linux

• Implementation of the HW support check for ADX instruction
• Removing the support of Curve25519
• Fix comment about the addition of ticketSupportsEarlyData
• Adding args to enable-legacy-db build
• dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
• Initialize flags in slot structures
• Improve the length check of RSA input to avoid heap overflow
• Followup Fixes
• avoid processing unexpected inputs by checking for m_exptmod base sign
• add a limit check on order_k to avoid infinite loop
• Update HACL* to commit 5f6051d2
• add SHA3 to cryptohi and softoken
• HACL SHA3
• Disabling ASM C25519 for A but X86_64

• GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
• clean up escape handling.
• remove redundant AllocItem implementation.
• Disable ASM support for Curve25519.
• Disable ASM support for Curve25519 for all but X86_64.

SUSE-CU-2024:3266-1

SUSE-CU-2024:3195-1

SUSE-CU-2024:3112-1

This update for krb5 fixes the following issues:

• CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
• CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

SUSE-CU-2024:3010-1

This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5.
This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro.

SUSE-CU-2024:2966-1

This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:

• CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).
• CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).
• CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).
• CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
• CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

• Fix CPU summary showing old data. (bsc#1121753)

• library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures
• library: Just check for SIGLOST and don't delete it
• library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
• library: Use size_t for alloc functions CVE-2018-1126
• library: Increase comm size to 64
• pgrep: Fix stack-based buffer overflow CVE-2018-1125
• pgrep: Remove >15 warning as comm can be longer
• ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
• ps: Increase command name selection field to 64
• top: Don't use cwd for location of config CVE-2018-1122
• update translations
• library: build on non-glibc systems
• free: fix scaling on 32-bit systems
• Revert 'Support running with child namespaces'
• library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
• doc: Document I idle state in ps.1 and top.1
• free: fix some of the SI multiples
• kill: -l space between name parses correctly
• library: dont use vm_min_free on non Linux
• library: don't strip off wchan prefixes (ps & top)
• pgrep: warn about 15+ char name only if -f not used
• pgrep/pkill: only match in same namespace by default
• pidof: specify separator between pids
• pkill: Return 0 only if we can kill process
• pmap: fix duplicate output line under '-x' option
• ps: avoid eip/esp address truncations
• ps: recognizes SCHED_DEADLINE as valid CPU scheduler
• ps: display NUMA node under which a thread ran
• ps: Add seconds display for cputime and time
• ps: Add LUID field
• sysctl: Permit empty string for value
• sysctl: Don't segv when file not available
• sysctl: Read and write large buffers
• top: add config file support for XDG specification
• top: eliminated minor libnuma memory leak
• top: show fewer memory decimal places (configurable)
• top: provide command line switch for memory scaling
• top: provide command line switch for CPU States
• top: provides more accurate cpu usage at startup
• top: display NUMA node under which a thread ran
• top: fix argument parsing quirk resulting in SEGV
• top: delay interval accepts non-locale radix point
• top: address a wishlist man page NLS suggestion
• top: fix potential distortion in 'Mem' graph display
• top: provide proper multi-byte string handling
• top: startup defaults are fully customizable
• watch: define HOST_NAME_MAX where not defined
• vmstat: Fix alignment for disk partition format
• watch: Support ANSI 39,49 reset sequences

This update for procps fixes the following issues:

• Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

This update for procps fixes the following issues:

• Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)

This update for procps fixes the following issues:

• Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

This update for procps fixes the following issues:

• Support up to 2048 CPU as well. (bsc#1185417)

This update for procps fixes the following issues:

• Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468)

This update for procps fixes the following issues:

• Fix 'free' command reporting misleading 'used' value (bsc#1181475)

This update for procps fixes the following issues:

• Improve memory handling/usage (bsc#1206412)
• Make sure that correct library version is installed (bsc#1206412)

This update for procps fixes the following issue:

• Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

This update for gawk fixes the following issues:

• CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

This update for procps fixes the following issues:

• Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

• For support up to 2048 CPU as well (bsc#1185417)
• Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
• Get the first CPU summary correct (bsc#1121753)
• Enable pidof for SLE-15 as this is provided by sysvinit-tools
• Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build
• Do not truncate output of w with option -n
• Prefer logind over utmp (jsc#PED-3144)
• Don't install translated man pages for non-installed binaries (uptime, kill).
• Fix directory for Ukrainian man pages translations.
• Move localized man pages to lang package.

• Update to procps-ng-3.3.17

• Package translations in procps-lang.

• Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

• Enable pidof by default

• Update to procps-ng-3.3.16

This update for Java fixes the following issues:
maven-file-management:

• Use sisu-plexus instead of plexus-containers-container-default
• Added dependency on plexus-xml where relevant
• Removed unnecessary dependency on xmvn tools and parent pom

• Do not add PROVIDED dependency on plexus-container-default
• Use sisu-plexus instead of plexus-containers-container-default
• Removed unnecessary dependency on xmvn tools and parent pom

• Use sisu-plexus instead of plexus-containers-container-default
• Fixed build with both sisu-plexus and plexus-containers-container-default
• Require the new plexus-xml package to fix build

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers
• Checked exception converted to raw runtime
• PrettyPrintXmlWriter output is platform dependent
• Deprecated StringUtils.unifyLineSeparator
• Fixed environment variable with null value
• Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers
• Use sisu-plexus instead of plexus-containers-container-default
• Fixed the code to build both with sisu-plexus and plexus-containers-container-default.

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers
• Use sisu-plexus instead of plexus-containers-container-default

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers

• Use sisu-plexus instead of plexus-containers-container-default

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers
• Use sisu-plexus instead of plexus-containers-container-default

• Removed unnecessary dependency on plexus-containers-container-default
• Add dependency on plexus-xml where relevant
• Build with source and target levels 8

• Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers
• Use sisu-plexus instead of plexus-containers-container-default

• Fixed build with maven-plugin-plugin
• Fixed build with snakeyaml 2.2

SUSE-CU-2024:2890-1

SUSE-CU-2024:2868-1

SUSE-CU-2024:2836-1

This update for byte-buddy, javadoc-parser, jurand, modulemaker-maven-plugin, open-test-reporting, plexus-xml fixes the following issues:
byte-buddy:

• New RPM package implementation at version 1.14.13

• New RPM package implementation at version 0.3.1

• New RPM package implementation at version 1.3.2

• New RPM package implementation at version 1.11

• New RPM package implementation at version 0.1.0-M2

• New RPM package implementation at version 3.0.0

This update for Java fixes the following issues:
javadoc-parser:

• Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes)

• Build against the plexus-build-api0 package containing sonatype plexus build api
• Version 3.3.2: * Changes:

• Version 3.3.1:

• Version 3.3.0:

• Build against the plexus-build-api0 package containing sonatype plexus build api
• Added dependency on plexus-xml where relevant

• Build against the new codehaus plexus build api 1.2.0
• Build all modello plugins
• Version 2.4.0:

• Version 2.3.0:

• Version 2.2.0:

• Add dependency on plexus-xml where relevant

• Version 1.2.0:

• New package

• Deliver plexus-xml RPM package to meet new dependency requirements (no source changes)

This update for Gradle and Maven fixes the following issues:
gradle-bootstrap:

• Regenerate to account for the new plexus-xml dependency

• Fixed build with the `plexus-xml` split from plexus-utils

• Added dependency on `plexus-xml` where relevant
• Removed unnecessary dependency on xmvn tools and parent pom

• Added dependency on `plexus-xml` where relevant

This update for gcc13 fixes the following issues:
Update to GCC 13.3 release

• Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18.
• Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
• Make requirement to lld version specific to avoid requiring the meta-package.

SUSE-CU-2024:2781-1

This update for openssl-1_1 fixes the following issues:

• CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)

SUSE-CU-2024:2703-1

This update for jitterentropy fixes the following issues:

• Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command.

• add FIPS 140 hints to man page
• simplify the test tool to search for optimal configurations
• fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
• enhancement: add ARM64 assembler code to read high-res timer

SUSE-CU-2024:2637-1

SUSE-CU-2024:2605-1

This update for google-errorprone, guava fixes the following issues:
guava:

• guava was updated to version 33.1.0:

• Fix version mismatch in the ant build files.
• The binaries are compatible with java 1.8

• google-errorprone and google-errorprone-annotations were updated to version 2.26.1:

• Do not require maven-javadoc-plugin as it's not being used

SUSE-CU-2024:2568-1

SUSE-CU-2024:2515-1

SUSE-CU-2024:2465-1

This update for glibc fixes the following issues:

• CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
• CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
• CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
• CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
• CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)

• Avoid creating userspace live patching prologue for _start routine (bsc#1221940)

SUSE-CU-2024:2416-1

SUSE-CU-2024:2361-1

This update for ant, hamcrest, junit fixes the following issues:
ant, ant-antlr, ant-junit5, ant-junit:

• Put hamcrest on the classpath of ant-junit module

• Version 2.2:

• Generate anew the ant build system using the maven pom.xml
• Fetch sources from github by source service and filter out stale hamcrest binaries.
• Port to hamcrest 2.2 unconditionally
• Removed deprecated assertThat
• Let ant build with --release 8 if the compiler knows that option. This allows us to avoid incompatible exception declarations in ObjectInputStream.GetField.get(String,Object) in java >= 20

This update for e2fsprogs fixes the following issues:
EA Inode handling fixes:

• ext2fs: avoid re-reading inode multiple times (bsc#1223596)
• e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
• e2fsck: add more checks for ea inode consistency (bsc#1223596)
• e2fsck: fix golden output of several tests (bsc#1223596)

This update for git fixes the following issues:

• CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168).
• CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170).
• CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171).
• CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172).
• CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).

This update for openssl-1_1 fixes the following issues:

• CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).

This update for util-linux fixes the following issues:

• Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)
• lscpu: Add more ARM cores (bsc#1223605)
• Document that chcpu -g is not supported on IBM z/VM (bsc#1218609)

This update for glib2 fixes the following issues:

• CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).

This update for Java fixes thefollowing issues:
apiguardian was updated to vesion 1.1.2:

• Added LICENSE/NOTICE to the generated jar
• Allow @API to be declared at the package level
• Explain usage of Status.DEPRECATED
• Include OSGi metadata in manifest

• New package implementation needed by Junit5

• `byte-buddy` is required by `assertj-core`
• Changes in version v1.14.16:

• Changes in version v1.14.15:

• Changes of v1.14.14:

• Improvements and potentially breaking changes:

• Other changes:

• `hamcrest-core` has been replaced by `hamcrest` (no source changes)

• Require hamcrest >= 2.2

• Conditional execution based on OS architectures
• Configurable cleanup mode for @TempDir
• Configurable thread mode for @Timeout
• Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf
• Dry-run mode for test execution
• Failure threshold for @RepeatedTest
• Fixed build with the latest open-test-reporting milestone
• Fixed dependencies in module-info.java files
• Fixed unreported exception error that is fatal with JDK 21
• Improved configurability of parallel execution
• New @SelectMethod support in test @Suite classes.
• New ConsoleLauncher subcommand for test discovery without execution
• New convenience base classes for implementing ArgumentsProvider and ArgumentConverter
• New IterationSelector
• New LauncherInterceptor SPI
• New NamespacedHierarchicalStore for use in third-party test engines
• New TempDirFactory SPI for customizing how temporary directories are created
• New testfeed details mode for ConsoleLauncher
• New TestInstancePreConstructCallback extension API
• Numerous bug fixes and minor improvements
• Parameter injection for @MethodSource methods
• Promotion of various experimental APIs to stable
• Reusable parameter resolution for custom extension methods via ExecutableInvoker
• Stacktrace pruning to hide internal JUnit calls
• The binaries are compatible with java 1.8
• Various improvements to ConsoleLauncher
• XML reports in new Open Test Reporting format

• Security issues fixed:

• Other changes and bugs fixed: * Fixed wrong entries in changelog (bsc#1224410) * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom`

• New standalone RPM package implementation, originally part of `jdom` source package
• Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools.
• The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation
• Despite the major version bump, this should be a drop in replacement for almost every project. The two major possible incompatibilities are: * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6. * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively it will need to add explicit dependencies to build.

• Included jopt-simple to Package Hub 15 SP5 (no source changes)

• New Opcodes.V23 constant for Java 23
• Bugs fixed * Fixed unit test regression in dex2jar. * Fixed 'ClassNode#outerClass' with incorrect JavaDocs. * asm-bom packaging should be 'pom'. * The Textifier prints a supplementary space at the end of each method that throws at least one exception.

• Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime dependencies of Junit5 (no source changes)

• New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only)

• New standalone RPM package implementation, originally part of `jdom` source package
• The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes.
• The copy() method is now covariant.
• Adds Automatic-Moduole-Name to jar
• Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime.
• Eliminate usage of com.sun classes to make XOM compatible with JDK 16.
• Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance.

This update for aaa_base fixes the following issues:

• Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)

SUSE-CU-2024:2215-1

This update for perl fixes the following issues:
Security issues fixed:

• CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
• CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)

• make Net::FTP work with TLS 1.3 (bsc#1213638)

SUSE-CU-2024:2133-1

This update for coreutils fixes the following issues:

• ls: avoid triggering automounts (bsc#1221632)

SUSE-CU-2024:2071-1

SUSE-CU-2024:2001-1

This update for less fixes the following issues:

• CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)

SUSE-CU-2024:1964-1

SUSE-CU-2024:1917-1

This update for java-11-openjdk fixes the following issues:

• CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
• CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
• CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
• CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984)
• CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)

• Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23

• Removed the possibility to use the system timezone-java (bsc#1213470)

SUSE-CU-2024:1867-1

This update for python39 fixes the following issues:

• Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886)

This update for aaa_base fixes the following issues:

• home and end button not working from ssh client (bsc#1221407)
• use autosetup in prep stage of specfile
• drop the stderr redirection for csh (bsc#1221361)
• drop sysctl.d/50-default-s390.conf (bsc#1211721)
• make sure the script does not exit with 1 if a file with content is found (bsc#1222547)

SUSE-CU-2024:1815-1

SUSE-CU-2024:1777-1

This update for ca-certificates fixes the following issue:

• Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed

SUSE-CU-2024:1655-1

This update for glibc fixes the following issues:

• iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

SUSE-CU-2024:1569-1

SUSE-CU-2024:1498-1

SUSE-CU-2024:1455-1

This update for glibc fixes the following issues:

• duplocale: protect use of global locale (bsc#1220441, BZ #23970)

This update for gcc13 fixes the following issues:

• Fix unwinding for JIT code. [bsc#1221239]
• Revert libgccjit dependency change. [bsc#1220724]
• Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520]
• Add support for -fmin-function-alignment. [bsc#1214934]
• Use %{_target_cpu} to determine host and build.
• Fix for building TVM. [bsc#1218492]
• Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031]
• Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
• Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
• Fixed building mariadb on i686. [bsc#1217667]
• Avoid update-alternatives dependency for accelerator crosses.
• Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence.
• Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450]

SUSE-CU-2024:1382-1

This update for expat fixes the following issues:

• CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
• CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)

This update for ncurses fixes the following issues:

• CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

This update for curl fixes the following issues:

• CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
• CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)

This update for nghttp2 fixes the following issues:

• CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)

This update for util-linux fixes the following issues:

• CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)

This update for less fixes the following issues:

• CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).

SUSE-CU-2024:1250-1

SUSE-CU-2024:1249-1

This update for sed fixes the following issues:

• 'sed -i' now creates temporary files with correct umask (bsc#1221218)

SUSE-CU-2024:1130-1

This update for krb5 fixes the following issues:

• CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
• CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
• CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).

SUSE-CU-2024:1079-1

This update for git fixes the following issues:

• Do not replace apparmor configuration (bsc#1216545)

SUSE-CU-2024:1053-1

This update for shadow fixes the following issues:

• Fix chage date miscalculation (bsc#1176006)
• Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307
• Remove pam_keyinit from PAM config files (bsc#1203823)

This update for coreutils fixes the following issues:

• tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

SUSE-CU-2024:993-1

This update for giflib fixes the following issues:
Update to version 5.2.2

• Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
• #138 Documentation for obsolete utilities still installed
• #139: Typo in 'LZW image data' page ('110_2 = 4_10')
• #140: Typo in 'LZW image data' page ('LWZ')
• #141: Typo in 'Bits and bytes' page ('filed')
• Note as already fixed SF issue #143: cannot compile under mingw
• #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
• #145: Remove manual pages installation for binaries that are not installed too
• #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
• #147 [PATCH] Fixes to doc/whatsinagif/ content
• #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
• Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
• Declared Won't-fix on SF issue 149: Out of source builds no longer possible
• #151: A heap-buffer-overflow in gif2rgb.c:294:45
• #152: Fix some typos on the html documentation and man pages
• #153: Fix segmentation faults due to non correct checking for args
• #154: Recover the giffilter manual page
• #155: Add gifsponge docs
• #157: An OutofMemory-Exception or Memory Leak in gif2rgb
• #158: There is a null pointer problem in gif2rgb
• #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
• #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
• #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
• #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
• #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c

This update for aaa_base fixes the following issues:

• Silence the output in the case of broken symlinks (bsc#1218232)

This update for glibc fixes the following issues:
Security issues fixed:

• qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

• getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
• aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

This update for audit fixes the following issue:

• Fix plugin termination when using systemd service units (bsc#1215377)

SUSE-CU-2024:826-1

This update for libssh fixes the following issues:

• Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)

SUSE-CU-2024:790-1

SUSE-CU-2024:769-1

This update for Java fixes the following issues:
apache-commons-codec was updated to version 1.16.1:

• Changes in version 1.16.1:

• Changes in version 1.16.0:

• Changes in version 1.26:

• Changes in version 1.25:

• Changes in version 1.24:

• Changes in version 1.23:

• Changes in version 1.22:

• Changes in version 2.15.1:

• Changes in version 2.15.0:

• Changes in version 2.14.0:

• Syncing the version with javapackages-tools 6.2.0
• Remove unnecessary dependencies

• Changes in version 3.9.6:

• Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in apache-commons-compress

• Changes in version 1.11.1:

• Changes in version 3.3.0:

• Changes from version 3.6.0:

• Changes from version 3.5.0:

• Restore binary compat for MavenReport

• Changes in version 3.2.0:

• Changes in version 1.9.18:

• Changes in version 3.3.1:

• Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18

• Modify the xmvn-install script to work with new apache-commons-compress
• Recompiling RPM package to resolve package building issues with maven-lib

SUSE-CU-2024:750-1

SUSE-CU-2024:717-1

This update for rpm fixes the following issues:

• backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752)

SUSE-CU-2024:673-1

This update for openssl-1_1 fixes the following issues:

• CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

This update for libxml2 fixes the following issues:

• CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).

This update for Java fixes the following issues:
plexus-archiver was updated from version 4.2.1 to 4.8.0:

• Changes of 4.8.0:

• Changes of 4.7.1:

• Changes of 4.7.0:

• Changes of 4.6.3:

• Changes of 4.6.2:

• Changes of 4.6.1:

• Changes of 4.6.0:

• Changes of 4.5.0:

• Changes of 4.4.0:

• Changes of 4.3.0:

• Changes of 4.2.7:

• Changes of 4.2.6:

• Changes of 4.2.5:

• Changes of 4.2.4:

• Changes of 4.2.2:

• Changes of version 9.6: