Container summary for suse/manager/4.3/proxy-httpd

SUSE-CU-2024:5287-1

Container Advisory ID	SUSE-CU-2024:5287-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.52 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.52

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3659-1
Released	Wed Oct 16 15:12:47 2024
Summary	Recommended update for gcc14
Type	recommended
Severity	moderate
References	1188441,1210959,1214915,1219031,1220724,1221601

Description:

This update for gcc14 fixes the following issues:
This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474)
The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories.
To use gcc14 compilers use:

install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages.
override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages.

For a full changelog with all new GCC14 features, check out
https://gcc.gnu.org/gcc-14/changes.html

Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend

Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
Remove timezone Recommends from the libstdc++6 package. [bsc#1221601]
Revert libgccjit dependency change. [bsc#1220724]
Fix libgccjit-devel dependency, a newer shared library is OK.
Fix libgccjit dependency, the corresponding compiler isn't required.
Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031]
Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031]
Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6.

Advisory ID	SUSE-RU-2024:3727-1
Released	Fri Oct 18 15:04:09 2024
Summary	Recommended update for libzypp
Type	recommended
Severity	important
References	1230912,1231043

Description:

This update for libzypp fixes the following issues:

Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043]
Fix hang in curl code with no network connection. [bsc#1230912]

SUSE-CU-2024:5117-1

Container Advisory ID	SUSE-CU-2024:5117-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.49 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.49

The following patches have been included in this update:

SUSE-CU-2024:5061-1

Container Advisory ID	SUSE-CU-2024:5061-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.48 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.48

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3597-1
Released	Fri Oct 11 10:39:52 2024
Summary	Recommended update for bash
Type	recommended
Severity	moderate
References	1227807

Description:

This update for bash fixes the following issues:

Load completion file eveh if a brace expansion is in the command line included (bsc#1227807).

SUSE-CU-2024:5060-1

Container Advisory ID	SUSE-CU-2024:5060-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.47 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.47

The following patches have been included in this update:

SUSE-CU-2024:4891-1

Container Advisory ID	SUSE-CU-2024:4891-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.45 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.45

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3527-1
Released	Fri Oct 4 15:27:07 2024
Summary	Recommended update for e2fsprogs
Type	recommended
Severity	moderate
References	1230145

Description:

This update for e2fsprogs fixes the following issue:

resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145).

SUSE-CU-2024:4840-1

Container Advisory ID	SUSE-CU-2024:4840-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.43 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.43

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3503-1
Released	Tue Oct 1 16:13:07 2024
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1228661

Description:

This update for glibc fixes the following issue:

fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661).

SUSE-CU-2024:4701-1

Container Advisory ID	SUSE-CU-2024:4701-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.41 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.41

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3477-1
Released	Fri Sep 27 15:22:22 2024
Summary	Recommended update for curl
Type	recommended
Severity	moderate
References	1230516

Description:

This update for curl fixes the following issue:

Make special characters in URL work with aws-sigv4 (bsc#1230516).

Advisory ID	SUSE-RU-2024:3485-1
Released	Fri Sep 27 19:54:13 2024
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1228647,1230267

Description:

This update for libzypp, zypper fixes the following issues:

API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267)
single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
Fix wrong numbers used in CommitSummary skipped/failed messages.

SUSE-CU-2024:4700-1

Container Advisory ID	SUSE-CU-2024:4700-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.40 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.40

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3470-1
Released	Fri Sep 27 14:34:46 2024
Summary	Security update for python3
Type	security
Severity	important
References	1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592

Description:

This update for python3 fixes the following issues:

CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)

Bug fixes:

%{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
Remove %suse_update_desktop_file macro as it is not useful any more.

Advisory ID	SUSE-RU-2024:3487-1
Released	Fri Sep 27 19:56:02 2024
Summary	Recommended update for logrotate
Type	recommended
Severity	moderate
References

Description:

This update for logrotate fixes the following issues:

Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)

SUSE-CU-2024:4624-1

Container Advisory ID	SUSE-CU-2024:4624-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.38 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.38

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3451-1
Released	Thu Sep 26 09:10:50 2024
Summary	Recommended update for pam-config
Type	recommended
Severity	moderate
References	1227216

Description:

This update for pam-config fixes the following issues:

Improved check for existence of modules (bsc#1227216)

SUSE-CU-2024:4521-1

Container Advisory ID	SUSE-CU-2024:4521-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.37 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.37

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3428-1
Released	Tue Sep 24 18:46:11 2024
Summary	Security update for apr
Type	security
Severity	moderate
References	1229783,CVE-2023-49582

Description:

This update for apr fixes the following issues:

CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783)

SUSE-CU-2024:4502-1

Container Advisory ID	SUSE-CU-2024:4502-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.36 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.36

The following patches have been included in this update:

SUSE-CU-2024:4418-1

Container Advisory ID	SUSE-CU-2024:4418-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.35 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.35

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3300-1
Released	Wed Sep 18 14:27:53 2024
Summary	Recommended update for ncurses
Type	recommended
Severity	moderate
References	1229028

Description:

This update for ncurses fixes the following issues:

Allow the terminal description based on static fallback entries to be freed (bsc#1229028)

SUSE-CU-2024:4370-1

Container Advisory ID	SUSE-CU-2024:4370-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.33 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.33

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3263-1
Released	Tue Sep 17 07:38:48 2024
Summary	Recommended update for python3-dmidecode
Type	recommended
Severity	moderate
References	1229855

Description:

This update for python3-dmidecode fixes the following issues:

python3-dmidecode was updated to version 3.12.3 (bsc#1229855):

* Added support for SMBIOS3.3.0

SUSE-CU-2024:4346-1

Container Advisory ID	SUSE-CU-2024:4346-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.32 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.32

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3238-1
Released	Fri Sep 13 11:56:14 2024
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1229476

Description:

This update for util-linux fixes the following issue:

Skip aarch64 decode path for rest of the architectures (bsc#1229476).

SUSE-CU-2024:4295-1

Container Advisory ID	SUSE-CU-2024:4295-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.31 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.31

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3211-1
Released	Wed Sep 11 17:40:13 2024
Summary	Security update for curl
Type	security
Severity	moderate
References	1230093,CVE-2024-8096

Description:

This update for curl fixes the following issues:

CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)

Advisory ID	SUSE-SU-2024:3216-1
Released	Thu Sep 12 13:05:20 2024
Summary	Security update for expat
Type	security
Severity	moderate
References	1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492

Description:

This update for expat fixes the following issues:

CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)

SUSE-CU-2024:4169-1

Container Advisory ID	SUSE-CU-2024:4169-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.27 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.27

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:3167-1
Released	Mon Sep 9 12:31:59 2024
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1228043

Description:

This update for glibc fixes the following issue:

s390x: Fix segfault in wcsncmp (bsc#1228043).

Advisory ID	SUSE-RU-2024:3178-1
Released	Mon Sep 9 14:39:12 2024
Summary	Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type	recommended
Severity	important
References	1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971

Description:

This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

Make sure not to statically linked installed tools (bsc#1228787)
MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208)
Export asSolvable for YAST (bsc#1228420)
Export CredentialManager for legacy YAST versions (bsc#1228420)
Fix 4 typos in zypp.conf
Fix typo in the geoip update pipeline (bsc#1228206)
Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
Removed dependency on external find program in the repo2solv tool
Fix return value of repodata.add_solv()
New SOLVER_FLAG_FOCUS_NEW flag
Fix return value of repodata.add_solv() in the bindings
Fix SHA-224 oid in solv_pgpvrfy
Translation: updated .pot file.
Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Fix int overflow in Provider
Fix error reporting on repoindex.xml parse error (bsc#1227625)
Keep UrlResolverPlugin API public
Blacklist /snap executables for 'zypper ps' (bsc#1226014)
Fix handling of buddies when applying locks (bsc#1225267)
Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205)
Show rpm install size before installing (bsc#1224771)
Install zypp/APIConfig.h legacy include
Update soname due to RepoManager refactoring and cleanup
Workaround broken libsolv-tools-base requirements
Strip ssl_clientkey from repo urls (bsc#1226030)
Remove protobuf build dependency
Lazily attach medium during refresh workflows (bsc#1223094)
Refactor RepoManager and add Service workflows
Let_readline_abort_on_Ctrl-C (bsc#1226493)
packages: add '--system' to show @System packages (bsc#222971)
Provide python3-zypp-plugin down to SLE12 (bsc#1081596)

SUSE-CU-2024:4168-1

Container Advisory ID	SUSE-CU-2024:4168-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.26 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.26

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3173-1
Released	Mon Sep 9 12:56:48 2024
Summary	Security update for apache2
Type	security
Severity	important
References	1227276,1227278,1227353,CVE-2024-38473,CVE-2024-38474,CVE-2024-39884

Description:

This update for apache2 fixes the following issues:

CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278)
CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276)
CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353)

SUSE-CU-2024:4106-1

Container Advisory ID	SUSE-CU-2024:4106-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.25 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.25

The following patches have been included in this update:

SUSE-CU-2024:4078-1

Container Advisory ID	SUSE-CU-2024:4078-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.24 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.24

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3149-1
Released	Thu Sep 5 17:05:36 2024
Summary	Security update for systemd
Type	security
Severity	moderate
References	1218297,1221479,1226414,1228091,CVE-2023-7008

Description:

This update for systemd fixes the following issues:

CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)

Other fixes:

Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).

SUSE-CU-2024:3973-1

Container Advisory ID	SUSE-CU-2024:3973-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.23 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.23

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3080-1
Released	Mon Sep 2 16:43:54 2024
Summary	Security update for curl
Type	security
Severity	moderate
References	1228535,CVE-2024-7264

Description:

This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)

SUSE-CU-2024:3972-1

Container Advisory ID	SUSE-CU-2024:3972-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.22 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.22

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3086-1
Released	Tue Sep 3 08:57:32 2024
Summary	Security update for glib2
Type	security
Severity	low
References	1224044,CVE-2024-34397

Description:

This update for glib2 fixes the following issues:

Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).

SUSE-CU-2024:3902-1

Container Advisory ID	SUSE-CU-2024:3902-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.20 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.20

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:3054-1
Released	Wed Aug 28 14:48:31 2024
Summary	Security update for python3-setuptools
Type	security
Severity	important
References	1228105,CVE-2024-6345

Description:

This update for python3-setuptools fixes the following issues:

CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)

SUSE-CU-2024:3820-1

Container Advisory ID	SUSE-CU-2024:3820-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.19 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.19

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2966-1
Released	Mon Aug 19 15:37:07 2024
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1194818

Description:

This update for util-linux fixes the following issue:

agetty: Prevent login cursor escape (bsc#1194818).

Advisory ID	SUSE-RU-2024:2967-1
Released	Mon Aug 19 15:41:29 2024
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1194818

Description:

This update for pam fixes the following issue:

Prevent cursor escape from the login prompt (bsc#1194818).

SUSE-CU-2024:3787-1

Container Advisory ID	SUSE-CU-2024:3787-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.17 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.17

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2927-1
Released	Thu Aug 15 09:02:55 2024
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1226463,1227138,CVE-2024-5535

Description:

This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:

Build with no-afalgeng (bsc#1226463)

SUSE-CU-2024:3783-1

Container Advisory ID	SUSE-CU-2024:3783-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.15 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.15

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2912-1
Released	Wed Aug 14 20:20:13 2024
Summary	Recommended update for cloud-regionsrv-client
Type	recommended
Severity	important
References	1222985,1223571,1224014,1224016,1227308

Description:

This update for cloud-regionsrv-client contains the following fixes:

Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file

Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking

SUSE-CU-2024:3697-1

Container Advisory ID	SUSE-CU-2024:3697-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.14 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.14

The following patches have been included in this update:

Advisory ID	SUSE-OU-2024:2877-1
Released	Mon Aug 12 13:35:20 2024
Summary	Optional update for sles-release
Type	optional
Severity	low
References	1227115

Description:

This update for sles-release fixes the following issue:

Adjust codestream lifecycle

SUSE-CU-2024:3633-1

Container Advisory ID	SUSE-CU-2024:3633-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.12 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.12

The following patches have been included in this update:

SUSE-CU-2024:3560-1

Container Advisory ID	SUSE-CU-2024:3560-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.11 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.11

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2804-1
Released	Wed Aug 7 09:48:29 2024
Summary	Security update for shadow
Type	security
Severity	moderate
References	1228770,CVE-2013-4235

Description:

This update for shadow fixes the following issues:

Fixed not copying of skel files (bsc#1228770)

SUSE-CU-2024:3559-1

Container Advisory ID	SUSE-CU-2024:3559-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.10 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.10

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2791-1
Released	Tue Aug 6 16:35:06 2024
Summary	Recommended update for various 32bit packages
Type	recommended
Severity	moderate
References	1228322

Description:

This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6.

SUSE-CU-2024:3411-1

Container Advisory ID	SUSE-CU-2024:3411-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.8 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.8

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2658-1
Released	Tue Jul 30 15:37:26 2024
Summary	Security update for shadow
Type	security
Severity	important
References	916845,CVE-2013-4235

Description:

This update for shadow fixes the following issues:

CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).

Advisory ID	SUSE-RU-2024:2679-1
Released	Wed Jul 31 09:47:44 2024
Summary	Recommended update for patterns-base
Type	recommended
Severity	moderate
References

Description:

This update for patterns-base fixes the following issues:
Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt.
Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries.

SUSE-CU-2024:3364-1

Container Advisory ID	SUSE-CU-2024:3364-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.7 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.7

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2624-1
Released	Tue Jul 30 09:04:55 2024
Summary	Security update for apache2
Type	security
Severity	important
References	1227268,1227269,1227270,1227271,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39573

Description:

This update for apache2 fixes the following issues:

CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268)
CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269)
CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)

SUSE-CU-2024:3274-1

Container Advisory ID	SUSE-CU-2024:3274-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.4 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.4

The following patches have been included in this update:

SUSE-CU-2024:3229-1

Container Advisory ID	SUSE-CU-2024:3229-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.3 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.3

The following patches have been included in this update:

SUSE-CU-2024:3187-1

Container Advisory ID	SUSE-CU-2024:3187-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.57.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2499-1
Released	Tue Jul 16 13:22:51 2024
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	moderate
References	1216063,1218724,1219317,1219965,1220221,1220259,1220420,1221629,1222225,1222731,1222996,1224004,1224786,1225196,1225416,1225634,1225940,1226035,1226605,1226913,1226958,1227306

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-RU-2024:2520-1
Released	Tue Jul 16 13:47:17 2024
Summary	Maintenance update for SUSE Manager 4.3 Release Notes
Type	recommended
Severity	moderate
References	1216063,1218724,1219317,1219965,1220221,1220259,1220420,1221629,1222225,1222731,1222996,1223850,1223855,1224004,1224786,1225196,1225416,1225634,1225940,1227306

Description:

Maintenance update for SUSE Manager 4.3 Release Notes:
This is a codestream only update

SUSE-CU-2024:3168-1

Container Advisory ID	SUSE-CU-2024:3168-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.25 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.25

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2479-1
Released	Mon Jul 15 10:33:22 2024
Summary	Security update for python3
Type	security
Severity	important
References	1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032

Description:

This update for python3 fixes the following issues:

CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)

SUSE-CU-2024:3159-1

Container Advisory ID	SUSE-CU-2024:3159-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.24 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.24

The following patches have been included in this update:

SUSE-CU-2024:3150-1

Container Advisory ID	SUSE-CU-2024:3150-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.23 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.23

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2322-1
Released	Mon Jul 8 14:54:00 2024
Summary	Security update for krb5
Type	security
Severity	important
References	1227186,1227187,CVE-2024-37370,CVE-2024-37371

Description:

This update for krb5 fixes the following issues:

CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).

SUSE-CU-2024:3043-1

Container Advisory ID	SUSE-CU-2024:3043-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.21 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.21

The following patches have been included in this update:

SUSE-CU-2024:2974-1

Container Advisory ID	SUSE-CU-2024:2974-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.20 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.20

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:2279-1
Released	Tue Jul 2 18:33:22 2024
Summary	Security update for libxml2
Type	security
Severity	low
References	1224282,CVE-2024-34459

Description:

This update for libxml2 fixes the following issues:

CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

SUSE-CU-2024:2949-1

Container Advisory ID	SUSE-CU-2024:2949-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.19 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.19

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2226-1
Released	Wed Jun 26 08:19:16 2024
Summary	Recommended update for apache2
Type	recommended
Severity	important
References	1226217

Description:

This update for apache2 fixes the following issues:

Apache ignores headers sent by CGI scripts (bsc#1226217)

SUSE-CU-2024:2859-1

Container Advisory ID	SUSE-CU-2024:2859-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.18 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.18

The following patches have been included in this update:

Advisory ID	33664
Released	Thu Jun 13 21:03:11 2024
Summary	Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings
Type	recommended
Severity	important
References	1222086,1223430,1223766,1224242

Description:

This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues:

Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242)
Improve updating of installed multiversion packages
Fix decision introspection going into an endless loop in some cases
Split libsolv-tools into libsolv-tools-base [jsc#PED-8153]
Improve checks against corrupt rpm
Fixed check for outdated repo metadata as non-root user (bsc#1222086)
Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153)
Dynamically resolve libproxy (jsc#PED-8153)
Fix download from gpgkey URL (bsc#1223430)
Delay zypp lock until command options are parsed (bsc#1223766)
Unify message format

Advisory ID	SUSE-RU-2024:2086-1
Released	Wed Jun 19 11:48:24 2024
Summary	Recommended update for gcc13
Type	recommended
Severity	moderate
References	1188441

Description:

This update for gcc13 fixes the following issues:
Update to GCC 13.3 release

Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18.
Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441]
Make requirement to lld version specific to avoid requiring the meta-package.

Advisory ID	SUSE-SU-2024:2089-1
Released	Wed Jun 19 12:38:06 2024
Summary	Security update for openssl-1_1
Type	security
Severity	important
References	1225551,CVE-2024-4741

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)

SUSE-CU-2024:2722-1

Container Advisory ID	SUSE-CU-2024:2722-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.15 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.15

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:2024-1
Released	Thu Jun 13 16:15:18 2024
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References	1209627

Description:

This update for jitterentropy fixes the following issues:

Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command.

Updated to 3.4.1

add FIPS 140 hints to man page
simplify the test tool to search for optimal configurations
fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0
enhancement: add ARM64 assembler code to read high-res timer

SUSE-CU-2024:2684-1

Container Advisory ID	SUSE-CU-2024:2684-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.13 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.13

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:11-1
Released	Tue Jan 2 13:24:52 2024
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1029961,1158830,1206798,1209122

Description:

This update for procps fixes the following issues:

Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369)

For support up to 2048 CPU as well (bsc#1185417)
Allow `-´ as leading character to ignore possible errors on systctl entries (bsc#1209122)
Get the first CPU summary correct (bsc#1121753)
Enable pidof for SLE-15 as this is provided by sysvinit-tools
Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build
Do not truncate output of w with option -n
Prefer logind over utmp (jsc#PED-3144)
Don't install translated man pages for non-installed binaries (uptime, kill).
Fix directory for Ukrainian man pages translations.
Move localized man pages to lang package.

Update to procps-ng-3.3.17

* library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops

Package translations in procps-lang.

Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited.

Enable pidof by default

Update to procps-ng-3.3.16

* library: Increment to 8:2:0
No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1
* docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830)

Advisory ID	SUSE-RU-2024:62-1
Released	Mon Jan 8 11:44:47 2024
Summary	Recommended update for libxcrypt
Type	recommended
Severity	moderate
References	1215496

Description:

This update for libxcrypt fixes the following issues:

fix variable name for datamember [bsc#1215496]
added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2

Advisory ID	SUSE-RU-2024:88-1
Released	Thu Jan 11 10:08:20 2024
Summary	Recommended update for libsolv, zypper, libzypp
Type	recommended
Severity	moderate
References	1212160,1215294,1216412,1217593,1217873,1218291

Description:

This update for libsolv, zypper, libzypp fixes the following issues:

Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
CheckAccessDeleted: fix 'running in container' filter (bsc#1218291)
Open rpmdb just once during execution of %posttrans scripts (bsc#1216412)
Make sure reboot-needed is remembered until next boot (bsc#1217873)
Stop using boost version 1 timer library (bsc#1215294)
Updated to version 0.7.27
Add zstd support for the installcheck tool
Add putinowndirpool cache to make file list handling in repo_write much faster
Do not use deprecated headerUnload with newer rpm versions
Support complex deps in SOLVABLE_PREREQ_IGNOREINST
Fix minimization not prefering installed packages in some cases
Reduce memory usage in repo_updateinfoxml
Fix lock-step interfering with architecture selection
Fix choice rule handing for package downgrades
Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies

Advisory ID	SUSE-SU-2024:136-1
Released	Thu Jan 18 09:53:47 2024
Summary	Security update for pam
Type	security
Severity	moderate
References	1217000,1218475,CVE-2024-22365

Description:

This update for pam fixes the following issues:

CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475).
Check localtime_r() return value to fix crashing (bsc#1217000)

Advisory ID	SUSE-SU-2024:140-1
Released	Thu Jan 18 11:34:58 2024
Summary	Security update for libssh
Type	security
Severity	important
References	1211188,1211190,1218126,1218186,1218209,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918

Description:

This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:

Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes

Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code

Advisory ID	SUSE-SU-2024:238-1
Released	Fri Jan 26 10:56:41 2024
Summary	Security update for cpio
Type	security
Severity	moderate
References	1218571,CVE-2023-7207

Description:

This update for cpio fixes the following issues:

CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571).

Advisory ID	SUSE-RU-2024:243-1
Released	Fri Jan 26 13:00:47 2024
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1207987

Description:

This update for util-linux fixes the following issues:

Fix performance degradation (bsc#1207987)

Advisory ID	SUSE-RU-2024:322-1
Released	Fri Feb 2 15:13:26 2024
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1107342,1215434

Description:

This update for aaa_base fixes the following issues:

Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)

Advisory ID	SUSE-RU-2024:480-1
Released	Thu Feb 15 12:35:51 2024
Summary	Recommended update for libsolv
Type	recommended
Severity	important
References	1215698,1218782,1218831,1219442

Description:

This update for libsolv, libzypp fixes the following issues:

build for multiple python versions [jsc#PED-6218]
applydeltaprm: Create target directory if it does not exist (bsc#1219442)
Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698)
CheckAccessDeleted: fix running_in_container detection (bsc#1218782)
Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831)

Advisory ID	SUSE-SU-2024:573-1
Released	Wed Feb 21 09:36:59 2024
Summary	Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2
Type	security
Severity	moderate
References	1133277,1182659,1203378,1208794,1212180,1212182,1214148,1215334,CVE-2023-32731,CVE-2023-32732,CVE-2023-33953,CVE-2023-44487,CVE-2023-4785

Description:

This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:

Add StdcppWaiter to the end of the list of waiter implementations

Update to 20230802.0
What's New:
* Added the nullability library for designating the expected nullability of pointers. Currently these serve as annotations only, but it is expected that compilers will one day be able to use these annotations for diagnostic purposes. * Added the prefetch library as a portable layer for moving data into caches before it is read. * Abseil's hash tables now detect many more programming errors in debug and sanitizer builds. * Abseil's synchronization objects now differentiate absolute waits (when passed an absl::Time) from relative waits (when passed an absl::Duration) when the underlying platform supports differentiating these cases. This only makes a difference when system clocks are adjusted. * Abseil's flag parsing library includes additional methods that make it easier to use when another library also expects to be able to parse flags. * absl::string_view is now available as a smaller target, @com_google_absl//absl/strings:string_view, so that users may use this library without depending on the much larger @com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks (via an extension API). See the logging library documentation for more information. An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil's string formatting functions like absl::StrCat() and absl::StrFormat(). A library for computing CRC32C checksums has been added. Floating-point parsing now uses the Eisel-Lemire algorithm, which provides a significant speed improvement. The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags. Using CMake to install Abseil now makes the installed artifacts (in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools. The legacy spellings of the thread annotation macros/functions (e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete replacement for glog yet. VLOG and DFATAL are examples of features that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type. * Added absl::CordBuffer, a type for buffering data for eventual inclusion an absl::Cord, which is useful for writing zero-copy code. * Added support for command-line flags of type absl::optional.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control whether or not unit tests are built. * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that are experiencing new warnings can use -Wno-deprecated-declatations silence the warnings or use -Wno-error=deprecated-declarations to see warnings but not fail the build. * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some compilers are more strict about where this keyword must appear compared to the pre-C++20 implementation. * Bazel builds now depend on the bazelbuild/bazel-skylib repository. See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60

Implemented dualstack IPv4 and IPv6 backend support, as per draft gRFC A61. xDS support currently guarded by GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
Support for setting proxy for addresses.
Add v1 reflection.

update to 1.59.3:

Security - Revocation: Crl backport to 1.59. (#34926)

Update to release 1.59.2

Fixes for CVE-2023-44487

Update to version 1.59.1:

C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).

Update to version 1.59.0:

xds ssa: Remove environment variable protection for stateful affinity (gh#grpc/grpc#34435).
c-ares: fix spin loop bug when c-ares gives up on a socket that still has data left in its read buffer (gh#grpc/grpc#34185).
Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
EventEngine: Update Cancel contract on closure deletion timeline (gh#grpc/grpc#34167).
csharp codegen: Handle empty base_namespace option value to fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
Ruby: - replace strdup with gpr_strdup (gh#grpc/grpc#34177). - drop ruby 2.6 support (gh#grpc/grpc#34198).

Update to release 1.58.1

Reintroduced c-ares 1.14 or later support

Update to release 1.58

ruby extension: remove unnecessary background thread startup wait logic that interferes with forking

Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)

EventEngine: Change GetDNSResolver to return absl::StatusOr>.
Improve server handling of file descriptor exhaustion.
Add a channel argument to set DSCP on streams.

Update to release 1.56.2

Improve server handling of file descriptor exhaustion

Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)

core: Add support for vsock transport.
EventEngine: Change TXT lookup result type to std::vector.
C++/Authz: support customizable audit functionality for authorization policy.

Update to release 1.54.1

Bring declarations and definitions to be in sync

Update to release 1.54 (CVE-2023-32732, bsc#1212182)

XDS: enable XDS federation by default
TlsCreds: Support revocation of intermediate in chain

Update to release 1.51.1

Only a macOS/aarch64-related change

Update to release 1.51

c-ares DNS resolver: fix logical race between resolution timeout/cancellation and fd readability.
Remove support for pthread TLS

Update to release 1.50.0

Core

- Derive EventEngine from std::enable_shared_from_this. (#31060) - Revert 'Revert '[chttp2] fix stream leak with queued flow control update and absence of writes (#30907)' (#30991)'. (#30992) - [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907) - Remove gpr_codegen. (#30899) - client_channel: allow LB policy to communicate update errors to resolver. (#30809) - FaultInjection: Fix random number generation. (#30623)

- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)

- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371) - Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411) - Grpc.Tools document AdditionalImportDirs. (#30405) - Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1

- Update protobuf to v21.6 on 1.49.x. (#31028)

Ruby

- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0

Core - Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654) - Bump core version. (#30588) - Update OpenCensus to HEAD. (#30567) - Update protobuf submodule to 3.21.5. (#30548) - Update third_party/protobuf to 3.21.4. (#30377) - [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443) - HTTP2: Fix keepalive time throttling. (#30164) - Use AnyInvocable in EventEngine APIs. (#30220)

Python

- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1

Backport EventEngine Forkables

Update to release 1.48.0

C++14 is now required
xDS: Workaround to get gRPC clients working with istio

Update to release 1.46.3

backport: xds: use federation env var to guard new-style resource name parsing (#29725) #29727

Update to release 1.46

Added HTTP/1.1 support in httpcli
HTTP2: Add graceful goaway

Update to release 1.45.2

Various fixes related to XDS
HTTP2: Should not run cancelling logic on servers when receiving GOAWAY

Update to release 1.45.1

Switched to epoll1 as a default polling engine for Linux

Update to version 1.45.0:

Core:

- Backport 'Include ADS stream error in XDS error updates (#29014)' to 1.45.x [gh#grpc/grpc#29121]. - Bump core version to 23.0.0 for upcoming release [gh#grpc/grpc#29026]. - Fix memory leak in HTTP request security handshake cancellation [gh#grpc/grpc#28971]. - CompositeChannelCredentials: Comparator implementation [gh#grpc/grpc#28902]. - Delete custom iomgr [gh#grpc/grpc#28816]. - Implement transparent retries [gh#grpc/grpc#28548]. - Uniquify channel args keys [gh#grpc/grpc#28799]. - Set trailing_metadata_available for recv_initial_metadata ops when generating a fake status [gh#grpc/grpc#28827]. - Eliminate gRPC insecure build [gh#grpc/grpc#25586]. - Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769]. - InsecureCredentials: singleton object [gh#grpc/grpc#28777]. - Add http cancel api [gh#grpc/grpc#28354]. - Memory leak fix on windows in grpc_tcp_create() [gh#grpc/grpc#27457]. - xDS: Rbac filter updates [gh#grpc/grpc#28568].

- Bump the minimum gcc to 5 [gh#grpc/grpc#28786]. - Add experimental API for CRL checking support to gRPC C++ TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0

Add a trace to list which filters are contained in a channel stack.
Remove grpc_httpcli_context.
xDS: Add support for RBAC HTTP filter.
API to cancel grpc_resolve_address.

Update to version 1.43.2:

Fix google-c2p-experimental issue (gh#grpc/grpc#28692).

Changes from version 1.43.0:

Core:

- Remove redundant work serializer usage in c-ares windows code (gh#grpc/grpc#28016). - Support RDS updates on the server (gh#grpc/grpc#27851). - Use WorkSerializer in XdsClient to propagate updates in a synchronized manner (gh#grpc/grpc#27975). - Support Custom Post-handshake Verification in TlsCredentials (gh#grpc/grpc#25631). - Reintroduce the EventEngine default factory (gh#grpc/grpc#27920). - Assert Android API >= v21 (gh#grpc/grpc#27943). - Add support for abstract unix domain sockets (gh#grpc/grpc#27906).

C++:

- OpenCensus: Move metadata storage to arena (gh#grpc/grpc#27948).

[C#] Add nullable type attributes to Grpc.Core.Api (gh#grpc/grpc#27887).
Update package name libgrpc++1 to libgrpc++1_43 in keeping with updated so number.

Update to release 1.41.0

xDS: Remove environmental variable guard for security.
xDS Security: Use new way to fetch certificate provider plugin instance config.
xDS server serving status: Use a struct to allow more fields to be added in the future.

Update to release 1.39.1

Fix C# protoc plugin argument parsing on 1.39.x

Update to version 1.39.0:

Core

- Initialize tcp_posix for CFStream when needed (gh#grpc/grpc#26530). - Update boringssl submodule (gh#grpc/grpc#26520). - Fix backup poller races (gh#grpc/grpc#26446). - Use default port 443 in HTTP CONNECT request (gh#grpc/grpc#26331).

- New iomgr implementation backed by the EventEngine API (gh#grpc/grpc#26026). - async_unary_call: add a Destroy method, called by std::default_delete (gh#grpc/grpc#26389). - De-experimentalize C++ callback API (gh#grpc/grpc#25728).

PHP: stop reading composer.json file just to read the version string (gh#grpc/grpc#26156).

Ruby: Set XDS user agent in ruby via macros (gh#grpc/grpc#26268).

Update to release 1.38.0

Invalidate ExecCtx now before computing timeouts in all repeating timer events using a WorkSerializer or combiner.
Fix use-after-unref bug in fault_injection_filter
New gRPC EventEngine Interface
Allow the AWS_DEFAULT_REGION environment variable
s/OnServingStatusChange/OnServingStatusUpdate/

Update to release 1.37.1

Use URI form of address for channelz listen node
Implementation CSDS (xDS Config Dump)
xDS status notifier
Remove CAS loops in global subchannel pool and simplify subchannel refcounting

Update to release 1.36.4

A fix for DNS SRV lookups on Windows

Update to 1.36.1:

Core: * Remove unnecessary internal pollset set in c-ares DNS resolver * Support Default Root Certs in Tls Credentials * back-port: add env var protection for google-c2p resolver
C++: * Move third party identity C++ api out of experimental namespace * refactor!: change error_details functions to templates * Support ServerContext for callback API
PHP: * support for PSM security * fixed segfault on reused call object * fixed phpunit 8 warnings
Python: * Implement Python Client and Server xDS Creds

Update to version 1.34.1:

Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
Backport 'do not use true on non-windows' to 1.34.x (gh#grpc/grpc#24995).

Update to version 1.34.0:

Core:

Protect xds security code with the environment variable 'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT' (gh#grpc/grpc#24782). - Add support for 'unix-abstract:' URIs to support abstract unix domain sockets (gh#grpc/grpc#24500). - Increment Index when parsing not plumbed SAN fields (gh#grpc/grpc#24601). - Revert 'Revert 'Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS'' (gh#grpc/grpc#24518). - xds: Set status code to INVALID_ARGUMENT when NACKing (gh#grpc/grpc#24516). - Include stddef.h in address_sorting.h (gh#grpc/grpc#24514). - xds: Add support for case_sensitive option in RouteMatch (gh#grpc/grpc#24381).
C++: - Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503). - Experimental support and tests for CreateCustomInsecureChannelWithInterceptorsFromFd (gh#grpc/grpc#24362).

Update to release 1.33.2

Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
Expose Cronet error message to the application layer.
Remove grpc_channel_ping from surface API.
Do not send BDP pings if there is no receive side activity.

Update to version 1.33.1

Core

- Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS (gh#grpc/grpc#24063). - Expose Cronet error message to the application layer (gh#grpc/grpc#24083). - Remove grpc_channel_ping from surface API (gh#grpc/grpc#23894). - Do not send BDP pings if there is no receive side activity (gh#grpc/grpc#22997).

- Makefile: only support building deps from submodule (gh#grpc/grpc#23957).

Add new subpackages - libupb and upb-devel. Currently, grpc sources include also upb sources. Before this change, libupb and upb-devel used to be included in a separate package - upb.

Update to version 1.32.0:

Core - Remove stream from stalled lists on remove_stream (gh#grpc/grpc#23984). - Do not cancel RPC if send metadata size if larger than peer's limit (gh#grpc/grpc#23806). - Don't consider receiving non-OK status as an error for HTTP2 (gh#grpc/grpc#19545). - Keepalive throttling (gh#grpc/grpc#23313). - Include the target_uri in 'target uri is not valid' error messages (gh#grpc/grpc#23782). - Fix 'cannot send compressed message large than 1024B' in cronet_transport (gh#grpc/grpc#23219). - Receive SETTINGS frame on clients before declaring subchannel READY (gh#grpc/grpc#23636). - Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372). - Experimental xDS v3 support (gh#grpc/grpc#23281).

- Upgrade bazel used for all tests to 2.2.0 (gh#grpc/grpc#23902). - Remove test targets and test helper libraries from Makefile (gh#grpc/grpc#23813). - Fix repeated builds broken by re2's cmake (gh#grpc/grpc#23587). - Log the peer address of grpc_cli CallMethod RPCs to stderr (gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:

Update to version 0.3.0+git.20200721:

* Bump version to 0.3.0 * Generate Go types using protocolbuffers/protobuf-go (#218) * Load proto_library() rule. (#216)

Update to version 0.2.1+git.20190826:

* Remove grpc_java dependency and java_proto rules. (#214) * Add C++ targets, especially for gRPC services. (#212) * Upgrade bazel and dependencies to latest. (#211) * Bring back bazel cache to make CI faster. (#210) * Travis: don't require sudo for bazel installation. (#209)

Update to version 0.2.1:

* Add grpc-gateway for metrics service. (#205) * Pin bazel version in travis builds (#207) * Update gen-go files (#199) * Add Web JS as a LibraryInfo.Language option (#198) * Set up Python packaging for PyPI release. (#197) * Add tracestate to links. (#191) * Python proto file generator and generated proto files (#196) * Ruby proto file generator and generated proto files (#192) * Add py_proto_library() rules for envoy/api. (#194) * Gradle: Upgrade dependency versions. (#193) * Update release versions for readme. (#189) * Start 0.3.0 development cycle * Update gen-go files. (#187) * Revert 'Start 0.3.0 development cycle (#167)' (#183) * Revert optimization for metric descriptor and bucket options for now. (#184) * Constant sampler: add option to always follow the parent's decision. (#182) * Document that all maximum values must be specified. (#181) * Fix typo in bucket bounds. (#178) * Restrict people who can approve reviews. This is to ensure code quality. (#177) * Use bazel cache to make CI faster. (#176) * Add grpc generated files to the idea plugin. (#175) * Add Resource to Span (#174) * time is required (#170) * Upgrade protobuf dependency to v3.6.1.3. (#173) * assume Ok Status when not set (#171) * Minor comments fixes (#160) * Start 0.3.0 development cycle (#167) * Update gen-go files. (#162) * Update releasing instruction. (#163) * Fix Travis build. (#165) * Add OpenApi doc for trace agent grpc-gateway (#157) * Add command to generate OpenApi/Swagger doc for grpc-gateway (#156) * Update gen-go files (#155) * Add trace export grpc-gateway config (#77) * Fix bazel build after bazel upgrade (#154) * README: Add gitter, javadoc and godoc badge. (#151) * Update release versions for README. (#150) * Start 0.2.0 development cycle * Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147) * Add resource to protocol (#137) * Fix generating the javadoc. (#144) * Metrics/TimeSeries: start time should not be included while end time should. (#142) * README: Add instructions on using opencensus_proto with Bazel. (#140) * agent/README: update package info. (#138) * Agent: Add metrics service. (#136) * Tracing: Add default limits to TraceConfig. (#133) * Remove a stale TODO. (#134) * README: Add a note about go_proto_library rules. (#135) * add golang bazel build support (#132) * Remove exporter protos from mkgogen. (#128) * Update README and RELEASING. (#130) * Change histogram buckets definition to be OpenMetrics compatible. (#121) * Remove exporter/v1 protos. (#124) * Clean up the README for Agent proto. (#126) * Change Quantiles to ValuesAtPercentile. (#122) * Extend the TraceService service to support export/config for multiple Applications. (#119) * Add specifications on Agent implementation details. (#112) * Update gitignore (#118) * Remove maven support. Not used. (#116) * Add gauge distribution. (#117) * Add support for Summary type and value. (#110) * Add Maven status and instructions on adding dependencies. (#115) * Bump version to 0.0.3-SNAPSHOT * Bump version to 0.0.2 * Update gen-go files. (#114) * Gradle: Add missing source and javadoc rules. (#113) * Add support for float attributes. (#98) * Change from mean to sum in distribution. (#109) * Bump version to v0.0.2-SNAPSHOT * Bump version to v0.0.1 * Add releasing instructions in RELEASING.md. (#106) * Add Gradle build rules for generating gRPC service and releasing to Maven. (#102) * Re-organize proto directory structure. (#103) * Update gen-go files. (#101) * Add a note about interceptors of other libraries. (#94) * agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100) * opencensus/proto: add default Agent port to README (#97) * Update the message names for Config RPC. (#93) * Add details about agent protocol in the README. (#88) * Update gen-go files. (#92) * agent/trace/v1: fix signature for Config and comments too (#91) * Update gen-go files. (#86) * Make tracestate a list instead of a map to preserve ordering. (#84) * Allow MetricDescriptor to be sent only the first time. (#78) * Update mkgogen.sh. (#85) * Add agent trace service proto definitions. (#79) * Update proto and gen-go package names. (#83) * Add agent/common proto and BUILD. (#81) * Add trace_config.proto. (#80) * Build exporters with maven. (#76) * Make clear that cumulative int/float can go only up. (#75) * Add tracestate field to the Span proto. (#74) * gradle wrapper --gradle-version 4.9 (#72) * Change from multiple types of timeseries to have one. (#71) * Move exemplars in the Bucket. (#70) * Update gen-go files. (#69) * Move metrics in the top level directory. (#68) * Remove Range from Distribution. No backend supports this. (#67) * Remove unused MetricSet message. (#66) * Metrics: Add Exemplar to DistributionValue. (#62) * Gauge vs Cumulative. (#65) * Clarifying comment about bucket boundaries. (#64) * Make MetricDescriptor.Type capture the type of the value as well. (#63) * Regenerate the Go artifacts (#61) * Add export service proto (#60)

Initial version 20180523

protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages * Add support for extensions in CRuby, JRuby, and FFI Ruby * Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Editions: Introduce functionality to protoc for generating edition feature set defaults. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Editions: Refactor feature resolution to use an intermediate message. * Publish extension declarations with declaration verifications. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Protoc: parser rejects explicit use of map_entry option * Protoc: validate that reserved range start is before end * Protoc: support identifiers as reserved names in addition to string literals (only in editions) * Drop support for Bazel 5. * Allow code generators to specify whether or not they support editions. C++: * Set `PROTOBUF_EXPORT` on `InternalOutOfLineDeleteMessageLite()` * Update stale checked-in files * Apply PROTOBUF_NOINLINE to declarations of some functions that want it. * Implement proto2/proto3 with editions * Make JSON UTF-8 boundary check inclusive of the largest possible UTF-8 character. * Reduce `Map::size_type` to 32-bits. Protobuf containers can't have more than that * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Fix bug in reflection based Swap of map fields. * Add utf8_validation feature back to the global feature set. * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Add prefetching to arena allocations. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated repeated and map field accessors. * Editions: Migrate edition strings to enum in C++ code. * Create a reflection helper for ExtensionIdentifier. * Editions: Provide an API for C++ generators to specify their features. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated string field accessors. * Editions: Refactor feature resolution to use an intermediate message. * Fixes for 32-bit MSVC. * Publish extension declarations with declaration verifications. * Export the constants in protobuf's any.h to support DLL builds. * Implement AbslStringify for the Descriptor family of types. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated message field accessors. * Editions: Stop propagating partially resolved feature sets to plugins. * Editions: Migrate string_field_validation to a C++ feature * Editions: Include defaults for any features in the generated pool. * Introduce C++ feature for UTF8 validation. * Protoc: validate that reserved range start is before end * Remove option to disable the table-driven parser in protoc. * Lock down ctype=CORD in proto file. * Support split repeated fields. * In OSS mode omit some extern template specializations. * Allow code generators to specify whether or not they support editions. Java: * Implement proto2/proto3 with editions * Remove synthetic oneofs from Java gencode field accessor tables. * Timestamps.parse: Add error handling for invalid hours/minutes in the timezone offset. * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Add missing debugging version info to Protobuf Java gencode when multiple files are generated. * Fix a bad cast in putBuilderIfAbsent when already present due to using the result of put() directly (which is null if it currently has no value) * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Fix a NPE in putBuilderIfAbsent due to using the result of put() directly (which is null if it currently has no value) * Update Kotlin compiler to escape package names * Add MapFieldBuilder and change codegen to generate it and the put{field}BuilderIfAbsent method. * Introduce recursion limit in Java text format parsing * Consider the protobuf.Any invalid if typeUrl.split('/') returns an empty array. * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated. * Fixed Python memory leak in map lookup. * Loosen upb for json name conflict check in proto2 between json name and field * Defines Protobuf compiler version strings as macros and separates out suffix string definition. * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated oneof accessors. * Ensure Timestamp.ToDatetime(tz) has correct offset * Do not check required field for upb python MergeFrom * Setting up version updater to prepare for poison pills and embedding version info into C++, Python and Java gencode. * Merge the protobuf and upb Bazel repos * Comparing a proto message with an object of unknown returns NotImplemented * Emit __slots__ in pyi output as a tuple rather than a list for --pyi_out. * Fix a bug that strips options from descriptor.proto in Python. * Raise warings for message.UnknownFields() usages and navigate to the new add * Add protobuf python keyword support in path for stub generator. * Add tuple support to set Struct * ### Python C-Extension (Default) * Comparing a proto message with an object of unknown returns NotImplemented * Check that ffi-compiler loads before using it to define tasks. UPB (Python/PHP/Ruby C-Extension): * Include .inc files directly instead of through a filegroup * Loosen upb for json name conflict check in proto2 between json name and field * Add utf8_validation feature back to the global feature set. * Do not check required field for upb python MergeFrom * Merge the protobuf and upb Bazel repos * Added malloc_trim() calls to Python allocator so RSS will decrease when memory is freed * Upb: fix a Python memory leak in ByteSize() * Support ASAN detection on clang * Upb: bugfix for importing a proto3 enum from within a proto2 file * Expose methods needed by Ruby FFI using UPB_API * Fix `PyUpb_Message_MergeInternal` segfault

Build with source and target levels 8 * fixes build with JDK21
Install the pom file with the new %%mvn_install_pom macro
Do not install the pom-only artifacts, since the %%mvn_install_pom macro resolves the variables at the install time

update to 23.4:
* Add dllexport_decl for generated default instance. * Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files * Use the same ABI for static and shared libraries on non- Windows platforms * Add a workaround for GCC constexpr bug Objective-C: * Regenerate stale files UPB (Python/PHP/Ruby C-Extension) * Fixed a bug in `upb_Map_Delete()` that caused crashes in map.delete(k) for Ruby when string-keyed maps were in use.
Compiler: * Add missing header to Objective-c generator * Add a workaround for GCC constexpr bug
Java: * Rollback of: Simplify protobuf Java message builder by removing methods that calls the super class only.
Csharp: * [C#] Replace regex that validates descriptor names
update to 22.5:
C++: * Add missing cstdint header * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700) * Avoid using string(JOIN..., which requires cmake 3.12 * Explicitly include GTest package in examples * Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++: * Fix libprotoc: export useful symbols from .so
Python: * Fix bug in _internal_copy_files where the rule would fail in downstream repositories.
Other: * Bump utf8_range to version with working pkg-config (#12584) * Fix declared dependencies for pkg-config * Update abseil dependency and reorder dependencies to ensure we use the version specified in protobuf_deps. * Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension): * Remove src prefix from proto import * Fix .gitmodules to use the correct absl branch * Remove erroneous dependency on googletest
update to 22.2:
Java: * Add version to intra proto dependencies and add kotlin stdlib dependency * Add $ back for osgi header * Remove $ in pom files
update to 22.1: * Add visibility of plugin.proto to python directory * Strip 'src' from file name of plugin.proto * Add OSGi headers to pom files. * Remove errorprone dependency from kotlin protos. * Version protoc according to the compiler version number.

update to 22.0:

* This version includes breaking changes to: Cpp. Please refer to the migration guide for information: https://protobuf.dev/support/migration/#compiler-22 * [Cpp] Migrate to Abseil's logging library. * [Cpp] `proto2::Map::value_type` changes to `std::pair`. * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream, and DefaultFieldComparator classes. * [Cpp] Add a dependency on Abseil (#10416) * [Cpp] Remove all autotools usage (#10132) * [Cpp] Add C++20 reserved keywords * [Cpp] Dropped C++11 Support * [Cpp] Delete Arena::Init * [Cpp] Replace JSON parser with new implementation * [Cpp] Make RepeatedField::GetArena non-const in order to support split RepeatedFields. * long list of bindings specific fixes see https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:

Python: * Fix broken enum ranges (#11171) * Stop requiring extension fields to have a sythetic oneof (#11091) * Python runtime 4.21.10 not works generated code can not load valid proto.

update to 21.11:

Python: * Add license file to pypi wheels (#10936) * Fix round-trip bug (#10158)

update to 21.10::

Java: * Use bit-field int values in buildPartial to skip work on unset groups of fields. (#10960) * Mark nested builder as clean after clear is called (#10984)

update to 21.9: * Ruby: * Replace libc strdup usage with internal impl to restore musl compat (#10818) * Auto capitalize enums name in Ruby (#10454) (#10763) * Other: * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721) * C++: * 21.x No longer define no_threadlocal on OpenBSD (#10743) * Java: * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771) * Refactoring java full runtime to reuse sub-message builders and prepare to migrate parsing logic from parse constructor to builder. * Move proto wireformat parsing functionality from the private 'parsing constructor' to the Builder class. * Change the Lite runtime to prefer merging from the wireformat into mutable messages rather than building up a new immutable object before merging. This way results in fewer allocations and copy operations. * Make message-type extensions merge from wire-format instead of building up instances and merging afterwards. This has much better performance. * Fix TextFormat parser to build up recurring (but supposedly not repeated) sub-messages directly from text rather than building a new sub-message and merging the fully formed message into the existing field.
update to 21.6: C++: * Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP: * Added getContainingOneof and getRealContainingOneof to descriptor. * fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.

update to 21.4:

* Reduce the required alignment of ArenaString from 8 to 4

update to 21.3:

* C++: * Add header search paths to Protobuf-C++.podspec (#10024) * Fixed Visual Studio constinit errors (#10232) * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271) * UPB: * Allow empty package names (fixes behavior regression in 4.21.0) * Fix a SEGV bug when comparing a non-materialized sub-message (#10208) * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name) * for x in mapping now yields keys rather than values, to match Python conventions and the behavior of the old library. * Lookup operations now correctly reject unhashable types as map keys. * We implement repr() to use the same format as dict. * Fix maps to use the ScalarMapContainer class when appropriate * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717) * PHP: * Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041) * Python: * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118) * Bazel: * Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:

C++: - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614) - Escape GetObject macro inside protoc-generated code (#9739) - Update CMake configuration to add a dependency on Abseil (#9793) - Fix cmake install targets (#9822) - Use __constinit only in GCC 12.2 and up (#9936)
Java: - Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
Python: - Increment python major version to 4 in version.json for python upb (#9926) - The C extension module for Python has been rewritten to use the upb library. - This is expected to deliver significant performance benefits, especially when parsing large payloads. There are some minor breaking changes, but these should not impact most users. For more information see: https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
PHP: - [PHP] fix PHP build system (#9571) - Fix building packaged PHP extension (#9727) - fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633) - fix: phpdoc syntax for repeatedfield parameters (#9784) - fix: phpdoc for repeatedfield (#9783) - Change enum string name for reserved words (#9780) - chore: [PHP] fix phpdoc for MapField keys (#9536) - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
Ruby: - Allow pre-compiled binaries for ruby 3.1.0 (#9566) - Implement respond_to? in RubyMessage (#9677) - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722) - Do not use range based UTF-8 validation in truffleruby (#9769) - Improve range handling logic of RepeatedField (#9799)
Other: - Fix invalid dependency manifest when using descriptor_set_out (#9647) - Remove duplicate java generated code (#9909)

Update to 3.20.1:

- PHP: - Fix building packaged PHP extension (#9727) - Fixed composer.json to only advertise compatibility with PHP 7.0+. (#9819) - Ruby: - Disable the aarch64 build on macOS until it can be fixed. (#9816) - Other: - Fix versioning issues in 3.20.0

Update to 3.20.1: - Ruby: - Dropped Ruby 2.3 and 2.4 support for CI and releases. (#9311) - Added Ruby 3.1 support for CI and releases (#9566). - Message.decode/encode: Add recursion_limit option (#9218/#9486) - Allocate with xrealloc()/xfree() so message allocation is visible to the - Ruby GC. In certain tests this leads to much lower memory usage due to more - frequent GC runs (#9586). - Fix conversion of singleton classes in Ruby (#9342) - Suppress warning for intentional circular require (#9556) - JSON will now output shorter strings for double and float fields when possible - without losing precision. - Encoding and decoding of binary format will now work properly on big-endian - systems. - UTF-8 verification was fixed to properly reject surrogate code points. - Unknown enums for proto2 protos now properly implement proto2's behavior of - putting such values in unknown fields. - Java: - Revert 'Standardize on Array copyOf' (#9400) - Resolve more java field accessor name conflicts (#8198) - Fix parseFrom to only throw InvalidProtocolBufferException - InvalidProtocolBufferException now allows arbitrary wrapped Exception types. - Fix bug in FieldSet.Builder.mergeFrom - Flush CodedOutputStream also flushes underlying OutputStream - When oneof case is the same and the field type is Message, merge the - subfield. (previously it was replaced.)’ - Add @CheckReturnValue to some protobuf types - Report original exceptions when parsing JSON - Add more info to @deprecated javadoc for set/get/has methods - Fix initialization bug in doc comment line numbers - Fix comments for message set wire format. - Kotlin: - Add test scope to kotlin-test for protobuf-kotlin-lite (#9518) - Add orNull extensions for optional message fields. - Add orNull extensions to all proto3 message fields. - Python: - Dropped support for Python < 3.7 (#9480) - Protoc is now able to generate python stubs (.pyi) with --pyi_out - Pin multibuild scripts to get manylinux1 wheels back (#9216) - Fix type annotations of some Duration and Timestamp methods. - Repeated field containers are now generic in field types and could be used in type annotations. - Protobuf python generated codes are simplified. Descriptors and message classes' definitions are now dynamic created in internal/builder.py. - Insertion Points for messages classes are discarded. - has_presence is added for FieldDescriptor in python - Loosen indexing type requirements to allow valid index() implementations rather than only PyLongObjects. - Fix the deepcopy bug caused by not copying message_listener. - Added python JSON parse recursion limit (default 100) - Path info is added for python JSON parse errors - Pure python repeated scalar fields will not able to pickle. Convert to list first. - Timestamp.ToDatetime() now accepts an optional tzinfo parameter. If specified, the function returns a timezone-aware datetime in the given time zone. If omitted or None, the function returns a timezone-naive UTC datetime (as previously). - Adds client_streaming and server_streaming fields to MethodDescriptor. - Add 'ensure_ascii' parameter to json_format.MessageToJson. This allows smaller JSON serializations with UTF-8 or other non-ASCII encodings. - Added experimental support for directly assigning numpy scalars and array. - Improve the calculation of public_dependencies in DescriptorPool. - [Breaking Change] Disallow setting fields to numpy singleton arrays or repeated fields to numpy multi-dimensional arrays. Numpy arrays should be indexed or flattened explicitly before assignment. - Compiler: - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Rework allocations to power-of-two byte sizes. - Migrate IsDefault(const std::string*) and UnsafeSetDefault(const std::string*) - Implement strong qualified tags for TaggedPtr - Make TaggedPtr Set...() calls explicitly spell out the content type. - Check for parsing error before verifying UTF8. - Enforce a maximum message nesting limit of 32 in the descriptor builder to - guard against stack overflows - Fixed bugs in operators for RepeatedPtrIterator - Assert a maximum map alignment for allocated values - Fix proto1 group extension protodb parsing error - Do not log/report the same descriptor symbol multiple times if it contains - more than one invalid character. - Add UnknownFieldSet::SerializeToString and SerializeToCodedStream. - Remove explicit default pointers and deprecated API from protocol compiler - Arenas: - Change Repeated*Field to reuse memory when using arenas. - Implements pbarenaz for profiling proto arenas - Introduce CreateString() and CreateArenaString() for cleaner semantics - Fix unreferenced parameter for MSVC builds - Add UnsafeSetAllocated to be used for one-of string fields. - Make Arena::AllocateAligned() a public function. - Determine if ArenaDtor related code generation is necessary in one place. - Implement on demand register ArenaDtor for InlinedStringField - C++: - Enable testing via CTest (#8737) - Add option to use external GTest in CMake (#8736) - CMake: Set correct sonames for libprotobuf-lite.so and libprotoc.so (#8635) (#9529) - Add cmake option protobuf_INSTALL to not install files (#7123) - CMake: Allow custom plugin options e.g. to generate mocks (#9105) - CMake: Use linker version scripts (#9545) - Manually *struct Cord fields to work better with arenas. - Manually destruct map fields. - Generate narrower code - Fix #9378 by removing - shadowed cached_size field - Remove GetPointer() and explicit nullptr defaults. - Add proto_h flag for speeding up large builds - Add missing overload for reference wrapped fields. - Add MergedDescriptorDatabase::FindAllFileNames() - RepeatedField now defines an iterator type instead of using a pointer. - Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and GOOGLE_PROTOBUF_HAS_ARENAS. - PHP: - Fix: add missing reserved classnames (#9458) - PHP 8.1 compatibility (#9370) - C#: - Fix trim warnings (#9182) - Fixes NullReferenceException when accessing FieldDescriptor.IsPacked (#9430) - Add ToProto() method to all descriptor classes (#9426) - Add an option to preserve proto names in JsonFormatter (#6307) - Objective-C: - Add prefix_to_proto_package_mappings_path option. (#9498) - Rename proto_package_to_prefix_mappings_path to package_to_prefix_mappings_path. (#9552) - Add a generation option to control use of forward declarations in headers. (#9568)

update to 3.19.4: Python: * Make libprotobuf symbols local on OSX to fix issue #9395 (#9435) Ruby: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32 PHP: * Fixed a data loss bug that could occur when the number of optional fields in a message is an exact multiple of 32.

Update to 3.19.3: C++: * Make proto2::Message::DiscardUnknownFields() non-virtual * Separate RepeatedPtrField into its own header file * For default floating point values of 0, consider all bits significant * Fix shadowing warnings * Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment Java: * Improve performance characteristics of UnknownFieldSet parsing * For default floating point values of 0, consider all bits significant * Annotate //java/com/google/protobuf/util/... with nullness annotations * Use ArrayList copy constructor Bazel: * Ensure that release archives contain everything needed for Bazel * Align dependency handling with Bazel best practices Javascript: * Fix ReferenceError: window is not defined when getting the global object Ruby: * Fix memory leak in MessageClass.encode * Override Map.clone to use Map's dup method * Ruby: build extensions for arm64-darwin * Add class method Timestamp.from_time to ruby well known types * Adopt pure ruby DSL implementation for JRuby * Add size to Map class * Fix for descriptor_pb.rb: google/protobuf should be required first Python: * Proto2 DecodeError now includes message name in error message * Make MessageToDict convert map keys to strings * Add python-requires in setup.py * Add python 3.10

Update to 3.17.3: C++ * Introduce FieldAccessListener. * Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class * Provide stable versions of SortAndUnique(). * Make sure to cache proto3 optional message fields when they are cleared. * Expose UnsafeArena methods to Reflection. * Use std::string::empty() rather than std::string::size() > 0. * [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * Delete StringPiecePod (#8353) * Create a CMake option to control whether or not RTTI is enabled (#8347) * Make util::Status more similar to absl::Status (#8405) * The ::pb namespace is no longer exposed due to conflicts. * Allow MessageDifferencer::TreatAsSet() (and friends) to override previous calls instead of crashing. * Reduce the size of generated proto headers for protos with string or bytes fields. * Move arena() operation on uncommon path to out-of-line routine * For iterator-pair function parameter types, take both iterators by value. * Code-space savings and perhaps some modest performance improvements in * RepeatedPtrField. * Eliminate nullptr check from every tag parse. * Remove unused _$name$cached_byte_size fields. * Serialize extension ranges together when not broken by a proto field in the middle. * Do out-of-line allocation and deallocation of string object in ArenaString. * Streamline ParseContext::ParseMessage to avoid code bloat and improve performance. * New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}. on an error path. * util::DefaultFieldComparator will be final in a future version of protobuf. * Subclasses should inherit from SimpleFieldComparator instead. Kotlin * Introduce support for Kotlin protos (#8272) * Restrict extension setter and getter operators to non-nullable T. Java * Fixed parser to check that we are at a proper limit when a sub-message has finished parsing. * updating GSON and Guava to more recent versions (#8524) * Reduce the time spent evaluating isExtensionNumber by storing the extension ranges in a TreeMap for faster queries. This is particularly relevant for protos which define a large number of extension ranges, for example when each tag is defined as an extension. * Fix java bytecode estimation logic for optional fields. * Optimize Descriptor.isExtensionNumber. * deps: update JUnit and Truth (#8319) * Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented. * Exceptions thrown while reading from an InputStream in parseFrom are now included as causes. * Support potentially more efficient proto parsing from RopeByteStrings. * Clarify runtime of ByteString.Output.toStringBuffer(). * Added UnsafeByteOperations to protobuf-lite (#8426) Python: * Add MethodDescriptor.CopyToProto() (#8327) * Remove unused python_protobuf.{cc,h} (#8513) * Start publishing python aarch64 manylinux wheels normally (#8530) * Fix constness issue detected by MSVC standard conforming mode (#8568) * Make JSON parsing match C++ and Java when multiple fields from the same oneof are present and all but one is null. * Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344) * Switch on 'new' buffer API (#8339) * Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280) * Fixed a bug in text format where a trailing colon was printed for repeated field. * When TextFormat encounters a duplicate message map key, replace the current one instead of merging. Ruby: * Add support for proto3 json_name in compiler and field definitions (#8356) * Fixed memory leak of Ruby arena objects. (#8461) * Fix source gem compilation (#8471) * Fix various exceptions in Ruby on 64-bit Windows (#8563) * Fix crash when calculating Message hash values on 64-bit Windows (#8565) General: * Support M1 (#8557)

Update to 3.15.8: - Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++: * Remove the ::pb namespace (alias) (#8423) Ruby: * Fix unbounded memory growth for Ruby <2.7 (#8429) * Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby: * Fixed bug in string comparison logic (#8386) * Fixed quadratic memory use in array append (#8379) * Fixed SEGV when users pass nil messages (#8363) * Fixed quadratic memory usage when appending to arrays (#8364) * Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341) * Fix for FieldDescriptor.get(msg) (#8330) * Bugfix for Message.[] for repeated or map fields (#8313) PHP: * read_property() handler is not supposed to return NULL (#8362) Protocol Compiler * Optional fields for proto3 are enabled by default, and no longer require the --experimental_allow_proto3_optional flag. C++: * Do not disable RTTI by default in the CMake build (#8377) * Create a CMake option to control whether or not RTTI is enabled (#8361) * Fix PROTOBUF_CONSTINIT macro redefinition (#8323) * MessageDifferencer: fixed bug when using custom ignore with multiple unknown fields * Use init_seg in MSVC to push initialization to an earlier phase. * Runtime no longer triggers -Wsign-compare warnings. * Fixed -Wtautological-constant-out-of-range-compare warning. * DynamicCastToGenerated works for nullptr input for even if RTTI is disabled * Arena is refactored and optimized. * Clarified/specified that the exact value of Arena::SpaceAllocated() is an implementation detail users must not rely on. It should not be used in unit tests. * Change the signature of Any::PackFrom() to return false on error. * Add fast reflection getter API for strings. * Constant initialize the global message instances * Avoid potential for missed wakeup in UnknownFieldSet * Now Proto3 Oneof fields have 'has' methods for checking their presence in C++. * Bugfix for NVCC * Return early in _InternalSerialize for empty maps. * Adding functionality for outputting map key values in proto path logging output (does not affect comparison logic) and stop printing 'value' in the path. The modified print functionality is in the MessageDifferencer::StreamReporter. * Fixed https://github.com/protocolbuffers/protobuf/issues/8129 * Ensure that null char symbol, package and file names do not result in a crash. * Constant initialize the global message instances * Pretty print 'max' instead of numeric values in reserved ranges. * Removed remaining instances of std::is_pod, which is deprecated in C++20. * Changes to reduce code size for unknown field handling by making uncommon cases out of line. * Fix std::is_pod deprecated in C++20 (#7180) * Fix some -Wunused-parameter warnings (#8053) * Fix detecting file as directory on zOS issue #8051 (#8052) * Don't include sys/param.h for _BYTE_ORDER (#8106) * remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154) * Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159) * Fix for compiler warning issue#8145 (#8160) * fix: support deprecated enums for GCC < 6 (#8164) * Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125) Python: * Provided an override for the reverse() method that will reverse the internal collection directly instead of using the other methods of the BaseContainer. * MessageFactory.CreateProtoype can be overridden to customize class creation. * Fix PyUnknownFields memory leak (#7928) * Add macOS big sur compatibility (#8126) JavaScript * Generate `getDescriptor` methods with `*` as their `this` type. * Enforce `let/const` for generated messages. * js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with negative bitsLow and low but non-zero bitsHigh parameter. (#8170) PHP: * Added support for PHP 8. (#8105) * unregister INI entries and fix invalid read on shutdown (#8042) * Fix PhpDoc comments for message accessors to include '|null'. (#8136) * fix: convert native PHP floats to single precision (#8187) * Fixed PHP to support field numbers >=2**28. (#8235) * feat: add support for deprecated fields to PHP compiler (#8223) * Protect against stack overflow if the user derives from Message. (#8248) * Fixed clone for Message, RepeatedField, and MapField. (#8245) * Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258) Ruby: * Added support for Ruby 3. (#8184) * Rewrote the data storage layer to be based on upb_msg objects from the upb library. This should lead to much better parsing performance, particularly for large messages. (#8184). * Fill out JRuby support (#7923) * [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite recursion/run out of memory (#8195) * Fix jruby support to handle messages nested more than 1 level deep (#8194) Java: * Avoid possible UnsupportedOperationException when using CodedInputSteam with a direct ByteBuffer. * Make Durations.comparator() and Timestamps.comparator() Serializable. * Add more detailed error information for dynamic message field type validation failure * Removed declarations of functions declared in java_names.h from java_helpers.h. * Now Proto3 Oneof fields have 'has' methods for checking their presence in Java. * Annotates Java proto generated *_FIELD_NUMBER constants. * Add -assumevalues to remove JvmMemoryAccessor on Android. C#: * Fix parsing negative Int32Value that crosses segment boundary (#8035) * Change ByteString to use memory and support unsafe create without copy (#7645) * Optimize MapField serialization by removing MessageAdapter (#8143) * Allow FileDescriptors to be parsed with extension registries (#8220) * Optimize writing small strings (#8149)

Updated URL to https://github.com/protocolbuffers/protobuf

Update to v3.14.0
Protocol Compiler: * The proto compiler no longer requires a .proto filename when it is not generating code. * Added flag `--deterministic_output` to `protoc --encode=...`. * Fixed deadlock when using google.protobuf.Any embedded in aggregate options. C++: * Arenas are now unconditionally enabled. cc_enable_arenas no longer has any effect. * Removed inlined string support, which is incompatible with arenas. * Fix a memory corruption bug in reflection when mixing optional and non-optional fields. * Make SpaceUsed() calculation more thorough for map fields. * Add stack overflow protection for text format with unknown field values. * FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds error was encountered. * Performance improvements for Map. * Minor formatting fix when dumping a descriptor to .proto format with DebugString. * UBSAN fix in RepeatedField * When running under ASAN, skip a test that makes huge allocations. * Fixed a crash that could happen when creating more than 256 extensions in a single message. * Fix a crash in BuildFile when passing in invalid descriptor proto. * Parser security fix when operating with CodedInputStream. * Warn against the use of AllowUnknownExtension. * Migrated to C++11 for-range loops instead of index-based loops where possible. This fixes a lot of warnings when compiling with -Wsign-compare. * Fix segment fault for proto3 optional * Adds a CMake option to build `libprotoc` separately Java * Bugfix in mergeFrom() when a oneof has multiple message fields. * Fix RopeByteString.RopeInputStream.read() returning -1 when told to read 0 bytes when not at EOF. * Redefine remove(Object) on primitive repeated field Lists to avoid autoboxing. * Support '\u' escapes in textformat string literals. * Trailing empty spaces are no longer ignored for FieldMask. * Fix FieldMaskUtil.subtract to recursively remove mask. * Mark enums with `@java.lang.Deprecated` if the proto enum has option `deprecated = true;`. * Adding forgotten duration.proto to the lite library Python: * Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is used outside WKT Value/Struct. * Fix bug occurring when attempting to deep copy an enum type in python 3. * Add a setuptools extension for generating Python protobufs * Remove uses of pkg_resources in non-namespace packages * [bazel/py] Omit google/__init__.py from the Protobuf runtime * Removed the unnecessary setuptools package dependency for Python package * Fix PyUnknownFields memory leak PHP: * Added support for '==' to the PHP C extension * Added `==` operators for Map and Array * Native C well-known types * Optimized away hex2bin() call in generated code * New version of upb, and a new hash function wyhash in third_party * add missing hasOneof method to check presence of oneof fields Go: * Update go_package options to reference google.golang.org/protobuf module. C#: * annotate ByteString.CopyFrom(ReadOnlySpan) as SecuritySafeCritical * Fix C# optional field reflection when there are regular fields too * Fix parsing negative Int32Value that crosses segment boundary Javascript: * JS: parse (un)packed fields conditionally
Update to version 3.13.0 PHP: * The C extension is completely rewritten. The new C extension has significantly better parsing performance and fixes a handful of conformance issues. It will also make it easier to add support for more features like proto2 and proto3 presence. * The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP. C++: * Removed deprecated unsafe arena string accessors * Enabled heterogeneous lookup for std::string keys in maps. * Removed implicit conversion from StringPiece to std::string * Fix use-after-destroy bug when the Map is allocated in the arena. * Improved the randomness of map ordering * Added stack overflow protection for text format with unknown fields * Use std::hash for proto maps to help with portability. * Added more Windows macros to proto whitelist. * Arena constructors for map entry messages are now marked 'explicit' (for regular messages they were already explicit). * Fix subtle aliasing bug in RepeatedField::Add * Fix mismatch between MapEntry ByteSize and Serialize with respect to unset fields. Python: * JSON format conformance fixes: * Reject lowercase t for Timestamp json format. * Print full_name directly for extensions (no camelCase). * Reject boolean values for integer fields. * Reject NaN, Infinity, -Infinity that is not quoted. * Base64 fixes for bytes fields: accept URL-safe base64 and missing padding. * Bugfix for fields/files named 'async' or 'await'. * Improved the error message when AttributeError is returned from __getattr__ in EnumTypeWrapper. Java: * Fixed a bug where setting optional proto3 enums with setFooValue() would not mark the value as present. * Add Subtract function to FieldMaskUtil. C#: * Dropped support for netstandard1.0 (replaced by support for netstandard1.1). This was required to modernize the parsing stack to use the `Span` type internally * Add `ParseFrom(ReadOnlySequence)` method to enable GC friendly parsing with reduced allocations and buffer copies * Add support for serialization directly to a `IBufferWriter` or to a `Span` to enable GC friendly serialization. The new API is available as extension methods on the `IMessage` type * Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make generated code compatible with old C# compilers (pre-roslyn compilers from .NET framework and old versions of mono) that do not support ref structs. Users that are still on a legacy stack that does not support C# 7.2 compiler might need to use the new define in their projects to be able to build the newly generated code * Due to the major overhaul of parsing and serialization internals, it is recommended to regenerate your generated code to achieve the best performance (the legacy generated code will still work, but might incur a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler: * [experimental] Singular, non-message typed fields in proto3 now support presence tracking. This is enabled by adding the 'optional' field label and passing the --experimental_allow_proto3_optional flag to protoc. * For usage info, see docs/field_presence.md. * During this experimental phase, code generators should update to support proto3 presence, see docs/implementing_proto3_presence.md for instructions. * Allow duplicate symbol names when multiple descriptor sets are passed on the command-line, to match the behavior when multiple .proto files are passed. * Deterministic `protoc --descriptor_set_out` (#7175) Objective-C: * Tweak the union used for Extensions to support old generated code. #7573 * Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538) * [experimental] ObjC Proto3 optional support (#7421) * Block subclassing of generated classes (#7124) * Use references to Obj C classes instead of names in descriptors. (#7026) * Revisit how the WKTs are bundled with ObjC. (#7173) C++: * Simplified the template export macros to fix the build for mingw32. (#7539) * [experimental] Added proto3 presence support. * New descriptor APIs to support proto3 presence. * Enable Arenas by default on all .proto files. * Documented that users are not allowed to subclass Message or MessageLite. * Mark generated classes as final; inheriting from protos is strongly discouraged. * Add stack overflow protection for text format with unknown fields. * Add accessors for map key and value FieldDescriptors. * Add FieldMaskUtil::FromFieldNumbers(). * MessageDifferencer: use ParsePartial() on Any fields so the diff does not fail when there are missing required fields. * ReflectionOps::Merge(): lookup messages in the right factory, if it can. * Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type() accessor as an easier way of determining if a message is a Well-Known Type. * Optimized RepeatedField::Add() when it is used in a loop. * Made proto move/swap more efficient. * De-virtualize the GetArena() method in MessageLite. * Improves performance of json_stream_parser.cc by factor 1000 (#7230) * bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087) * Fixed a bug in FieldDescriptor::DebugString() that would erroneously print an 'optional' label for a field in a oneof. * Fix bug in parsing bool extensions that assumed they are always 1 byte. * Fix off-by-one error in FieldOptions::ByteSize() when extensions are present. * Clarified the comments to show an example of the difference between Descriptor::extension and DescriptorPool::FindAllExtensions. * Add a compiler option 'code_size' to force optimize_for=code_size on all protos where this is possible. Ruby: * Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however many people still use them and dropping support will require more coordination. * [experimental] Implemented proto3 presence for Ruby. (#7406) * Stop building binary gems for ruby <2.5 (#7453) * Fix for wrappers with a zero value (#7195) * Fix for JSON serialization of 0/empty-valued wrapper types (#7198) * Call 'Class#new' over rb_class_new_instance in decoding (#7352) * Build extensions for Ruby 2.7 (#7027) * assigning 'nil' to submessage should clear the field. (#7397) Java: * [experimental] Added proto3 presence support. * Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated * reduce size for enums with allow_alias set to true. * Sort map fields alphabetically by the field's key when printing textproto. * Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508). * TextFormat.merge() handles Any as top level type. * Throw a descriptive IllegalArgumentException when calling getValueDescriptor() on enum special value UNRECOGNIZED instead of ArrayIndexOutOfBoundsException. * Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts() would override the configuration passed into includingDefaultValueFields(). * Implement overrides of indexOf() and contains() on primitive lists returned for repeated fields to avoid autoboxing the list contents. * Add overload to FieldMaskUtil.fromStringList that accepts a descriptor. * [bazel] Move Java runtime/toolchains into //java (#7190) Python: * [experimental] Added proto3 presence support. * [experimental] fast import protobuf module, only works with cpp generated code linked in. * Truncate 'float' fields to 4 bytes of precision in setters for pure-Python implementation (C++ extension was already doing this). * Fixed a memory leak in C++ bindings. * Added a deprecation warning when code tries to create Descriptor objects directly. * Fix unintended comparison between bytes and string in descriptor.py. * Avoid printing excess digits for float fields in TextFormat. * Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code. * Drop 3.3, 3.4 and use single version docker images for all python tests (#7396) JavaScript: * Fix js message pivot selection (#6813) PHP: * Persistent Descriptor Pool (#6899) * Implement lazy loading of php class for proto messages (#6911) * Correct @return in Any.unpack docblock (#7089) * Ignore unknown enum value when ignore_unknown specified (#7455) C#: * [experimental] Add support for proto3 presence fields in C# (#7382) * Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491) * Remove Has/Clear members for C# message fields in proto2 (#7429) * Enforce recursion depth checking for unknown fields (#7132) * Fix conformance test failures for Google.Protobuf (#6910) * Cleanup various bits of Google.Protobuf (#6674) * Fix latest ArgumentException for C# extensions (#6938) * Remove unnecessary branch from ReadTag (#7289) Other: * Add a proto_lang_toolchain for javalite (#6882) * [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237) * Add application note for explicit presence tracking. (#7390) * Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent * C++: Moved ShutdownProtobufLibrary() to message_lite.h. For backward compatibility a declaration is still available in stubs/common.h, but users should prefer message_lite.h * C++: Removed non-namespace macro EXPECT_OK() * C++: Removed mathlimits.h from stubs in favor of using std::numeric_limits from C++11 * C++: Support direct pickling of nested messages * C++: Disable extension code gen for C# * C++: Switch the proto parser to the faster MOMI parser * C++: Unused imports of files defining descriptor extensions will now be reported * C++: Add proto2::util::RemoveSubranges to remove multiple subranges in linear time * C++: Support 32 bit values for ProtoStreamObjectWriter to Struct * C++: Removed the internal-only header coded_stream_inl.h and the internal-only methods defined there * C++: Enforced no SWIG wrapping of descriptor_database.h (other headers already had this restriction) * C++: Implementation of the equivalent of the MOMI parser for serialization. This removes one of the two serialization routines, by making the fast array serialization routine completely general. SerializeToCodedStream can now be implemented in terms of the much much faster array serialization. The array serialization regresses slightly, but when array serialization is not possible this wins big * C++: Add move constructor for Reflection's SetString * Java: Remove the usage of MethodHandle, so that Android users prior to API version 26 can use protobuf-java * Java: Publish ProGuard config for javalite * Java: Include unknown fields when merging proto3 messages in Java lite builders * Java: Have oneof enums implement a separate interface (other than EnumLite) for clarity * Java: Opensource Android Memory Accessors * Java: Change ProtobufArrayList to use Object[] instead of ArrayList for 5-10% faster parsing * Java: Make a copy of JsonFormat.TypeRegistry at the protobuf top level package. This will eventually replace JsonFormat.TypeRegistry * Java: Add Automatic-Module-Name entries to the Manifest * Python: Add float_precision option in json format printer * Python: Optionally print bytes fields as messages in unknown fields, if possible * Python: Experimental code gen (fast import protobuf module) which only work with cpp generated code linked in * Python: Add descriptor methods in descriptor_pool are deprecated * Python: Added delitem for Python extension dict * JavaScript: Remove guard for Symbol iterator for jspb.Map * JavaScript: Remove deprecated boolean option to getResultBase64String() * JavaScript: Change the parameter types of binaryReaderFn in ExtensionFieldBinaryInfo to (number, ?, ?) * JavaScript: Create dates.ts and time_of_days.ts to mirror Java versions. This is a near-identical conversion of c.g.type.util.{Dates,TimeOfDays} respectively * JavaScript: Migrate moneys to TypeScript * PHP: Increase php7.4 compatibility * PHP: Implement lazy loading of php class for proto messages * Ruby: Support hashes for struct initializers * C#: Experimental proto2 support is now officially available * C#: Change _Extensions property to normal body rather than expression * Objective C: Remove OSReadLittle* due to alignment requirements * Other: Override CocoaPods module to lowercase * further bugfixes and optimisations

Install LICENSE
Drop protobuf-libs as it is just workaround for rpmlint issue * python bindings now require recent python-google-apputils * Released memory allocated by InitializeDefaultRepeatedFields() and GetEmptyString(). Some memory sanitizers reported them * Updated DynamicMessage.setField() to handle repeated enum * Fixed a bug that caused NullPointerException to be thrown when converting manually constructed FileDescriptorProto to * Added oneofs(unions) feature. Fields in the same oneof will * Files, services, enums, messages, methods and enum values * Added Support for list values, including lists of mesaages, * Added SwapFields() in reflection API to swap a subset of * Repeated primitive extensions are now packable. The it is possible to switch a repeated extension field to * writeTo() method in ByteString can now write a substring to * java_generate_equals_and_hash can now be used with the * A new C++-backed extension module (aka 'cpp api v2') that replaces the old ('cpp api v1') one. Much faster than the pure Python code. This one resolves many bugs and is mosh reqires it

python-abseil was udpated:
version update to 1.4.0 New: (testing) Added @flagsaver.as_parsed: this allows saving/restoring flags using string values as if parsed from the command line and will also reflect other flag states after command line parsing, e.g. .present is set. Changed: (logging) If no log dir is specified logging.find_log_dir() now falls back to tempfile.gettempdir() instead of /tmp/. Fixed: (flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class are now correctly passed to the underlying Flag object.
version update to 1.2.0 * Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used. * `Flag` instances now raise an error if used in a bool context. This prevents the occasional mistake of testing an instance for truthiness rather than testing `flag.value`. * `absl-py` no longer depends on `six`.
Update to version 1.0.0 * absl-py no longer supports Python 2.7, 3.4, 3.5. All versions have reached end-of-life for more than a year now. * New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in the git repo going forward.

Release notes for 0.15.0

* (testing) #128: When running bazel with its --test_filter= flag, it now treats the filters as unittest's -k flag in Python 3.7+.

Release notes for 0.14.1

* Top-level LICENSE file is now exported in bazel.

Release notes for 0.14.0

* #171: Creating argparse_flags.ArgumentParser with argument_default= no longer raises an exception when other absl.flags flags are defined. * #173: absltest now correctly sets up test filtering and fail fast flags when an explicit argv= parameter is passed to absltest.main.

Release notes for 0.13.0 * (app) Type annotations for public app interfaces. * (testing) Added new decorator @absltest.skipThisClass to indicate a class contains shared functionality to be used as a base class for other TestCases, and therefore should be skipped. * (app) Annotated the flag_parser paramteter of run as keyword-only. This keyword-only constraint will be enforced at runtime in a future release. * (app, flags) Flag validations now include all errors from disjoint flag sets, instead of fail fast upon first error from all validators. Multiple validators on the same flag still fails fast.
Release notes for 0.12.0 * (flags) Made EnumClassSerializer and EnumClassListSerializer public. * (flags) Added a required: Optional[bool] = False parameter to DEFINE_* functions. * (testing) flagsaver overrides can now be specified in terms of FlagHolder. * (testing) parameterized.product: Allows testing a method over cartesian product of parameters values, specified as a sequences of values for each parameter or as kwargs-like dicts of parameter values. * (testing) Added public flag holders for --test_srcdir and --test_tmpdir. Users should use absltest.TEST_SRCDIR.value and absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and FLAGS.test_tmpdir. * (flags) Made CsvListSerializer respect its delimiter argument.

Add Provides python-absl-py

python-grpcuio was updated:

Update to version 1.60.0: * No python specfic changes.

Update to version 1.59.2: * No python specific changes.

Update to version 1.59.0: * [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398). * [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).

Update to version 1.58.0: * [Bazel] Enable grpcio-reflection to be used via Bazel (gh#grpc/grpc#31013). * [packaging] Publish xds-protos as part of the standard package pipeline (gh#grpc/grpc#33797).

Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148) * [posix] Enable systemd sockets for libsystemd>=233 (gh#grpc/grpc#32671). * [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
Build with LTO (don't set _lto_cflags to %nil).
No need to pass '-std=c++17' to build CFLAGS.

Update to version 1.56.2:

* [WRR] backport (gh#grpc/grpc#33694) to 1.56 (gh#grpc/grpc#33698) * [backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion (gh#grpc/grpc#33667)

Switch build to pip/wheel.
Use system abseil with '-std=c++17' to prevent undefined symbol eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__ cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_ 2023012511string_viewE)

Upstream only supports python >= 3.7, so adjust BuildRequires accordingly.

Add %{?sle15_python_module_pythons}

Update to version 1.56.0: (CVE-2023-32731, bsc#1212180) * [aio types] Fix some grpc.aio python types (gh#grpc/grpc#32475).

Update to version 1.55.0: * [EventEngine] Disable EventEngine polling in gRPC Python (gh#grpc/grpc#33279) (gh#grpc/grpc#33320). * [Bazel Python3.11] Update Bazel dependencies for Python 3.11 (gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
Drop Requires: python-six; not required any more.
Switch Suggests to Recommends.

Update to version 1.54.0: (CVE-2023-32732, bsc#1212182) * Fix DeprecationWarning when calling asyncio.get_event_loop() (gh#grpc/grpc#32533). * Remove references to deprecated syntax field (gh#grpc/grpc#32497).

Update to version 1.51.1: * No Linux specific changes.
Changes from version 1.51.0: * Fix lack of cooldown between poll attempts (gh#grpc/grpc#31550). * Remove enum and future (gh#grpc/grpc#31381). * [Remove Six] Remove dependency on six (gh#grpc/grpc#31340). * Update xds-protos package to pull in protobuf 4.X (gh#grpc/grpc#31113).

Update to version 1.50.0: * Support Python 3.11. [gh#grpc/grpc#30818].

Update to version 1.49.1 * Support Python 3.11. (#30818) * Add type stub generation support to grpcio-tools. (#30498)

Update to version 1.48.0: * [Aio] Ensure Core channel closes when deallocated [gh#grpc/grpc#29797]. * [Aio] Fix the wait_for_termination return value [gh#grpc/grpc#29795].

update to 1.46.3: * backport: xds: use federation env var to guard new-style resource name parsing * This release contains refinements, improvements, and bug fixes.

Update to version 1.46.0: * Add Python GCF Distribtest [gh#grpc/grpc#29303]. * Add Python Reflection Client [gh#grpc/grpc#29085]. * Revert 'Fix prefork handler register's default behavior' [gh#grpc/grpc#29229]. * Fix prefork handler register's default behavior [gh#grpc/grpc#29103]. * Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].

Update to version 1.45.0: * Reimplement Gevent Integration [gh#grpc/grpc#28276]. * Support musllinux binary wheels on x64 and x86 [gh#grpc/grpc#28092]. * Increase the Python protobuf requirement to >=3.12.0 [gh#grpc/grpc#28604].
Build with system re2; add BuildRequires: pkgconfig(re2).

Update to version 1.44.0:

* Add python async example for hellostreamingworld using generator (gh#grpc/grpc#27343). * Disable __wrap_memcpy hack for Python builds (gh#grpc/grpc#28410). * Bump Bazel Python Cython dependency to 0.29.26 (gh#grpc/grpc#28398). * Fix libatomic linking on Raspberry Pi OS Bullseye (gh#grpc/grpc#28041). * Allow generated proto sources in remote repositories for py_proto_library (gh#grpc/grpc#28103).

Update to version 1.43.0: * [Aio] Validate the input type for set_trailing_metadata and abort (gh#grpc/grpc#27958).

update to 1.41.1: * This is release 1.41.0 (goat) of gRPC Core.

Update to version 1.41.0: * Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074). * [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).

Update to version 1.39.0: * Python AIO: Match continuation typing on Interceptors (gh#grpc/grpc#26500). * Workaround #26279 by publishing manylinux_2_24 wheels instead of manylinux2014 on aarch64 (gh#grpc/grpc#26430). * Fix zlib unistd.h import problem (gh#grpc/grpc#26374). * Handle gevent exception in gevent poller (gh#grpc/grpc#26058).

Update to version 1.38.1: * Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x (gh#grpc/grpc#26436).

Update to version 1.38.0: * Add grpcio-admin Python package (gh#grpc/grpc#26166). * Add CSDS API to Python (gh#grpc/grpc#26114). * Expose code and details from context on the server side (gh#grpc/grpc#25457). * Explicitly import importlib.abc; required on Python 3.10. Fixes #26062 (gh#grpc/grpc#26083). * Fix potential deadlock on the GIL in AuthMetdataPlugin (gh#grpc/grpc#26009). * Introduce new Python package 'xds_protos' (gh#grpc/grpc#25975). * Remove async mark for set_trailing_metadata interface (gh#grpc/grpc#25814).

Update to version 1.37.1: * No user visible changes.
Changes from version 1.37.0: * Clarify Guarantees about grpc.Future Interface (gh#grpc/grpc#25383). * [Aio] Add time_remaining method to ServicerContext (gh#grpc/grpc#25719). * Standardize all environment variable boolean configuration in python's setup.py (gh#grpc/grpc#25444). * Fix Signal Safety Issue (gh#grpc/grpc#25394).

Update to version 1.36.1: * Core: back-port: add env var protection for google-c2p resolver (gh#grpc/grpc#25569).

Update to version 1.35.0: * Implement Python Client and Server xDS Creds. (gh#grpc/grpc#25365) * Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533) * Link roots.pem to ca-bundle.pem from ca-certificates package

Update to version 1.34.1: * Backport 'Lazily import grpc_tools when using runtime stub/message generation' to 1.34.x (gh#grpc/grpc#25011).

Update to version 1.34.0: * Incur setuptools as an dependency for grpcio_tools (gh#grpc/grpc#24752). * Stop the spamming log generated by ctrl-c for AsyncIO server (gh#grpc/grpc#24718). * [gRPC Easy] Make Well-Known Types Available to Runtime Protos (gh#grpc/grpc#24478). * Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python (gh#grpc/grpc#24480). * Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24407). * [Linux] [macOS] Support pre-compiled Python 3.9 wheels (gh#grpc/grpc#24356).

Update to version 1.33.2:

* [Backport] Implement grpc.Future interface in SingleThreadedRendezvous (gh#grpc/grpc#24574).

Update to version 1.33.1:

* [Backport] Make Python 2 an optional dependency for Bazel build (gh#grpc/grpc#24452). * Allow asyncio API to be imported as grpc.aio. (gh#grpc/grpc#24289). * [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124). * Make version check for importlib.abc in grpcio-tools more stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.

Advisory ID	SUSE-RU-2024:615-1
Released	Mon Feb 26 11:32:32 2024
Summary	Recommended update for netcfg
Type	recommended
Severity	moderate
References	1211886

Description:

This update for netcfg fixes the following issues:

Add krb-prop entry (bsc#1211886)

Advisory ID	SUSE-RU-2024:766-1
Released	Tue Mar 5 13:50:28 2024
Summary	Recommended update for libssh
Type	recommended
Severity	important
References	1220385

Description:

This update for libssh fixes the following issues:

Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)

Advisory ID	SUSE-SU-2024:833-1
Released	Mon Mar 11 10:31:14 2024
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1219243,CVE-2024-0727

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).

Advisory ID	SUSE-SU-2024:305-1
Released	Mon Mar 11 14:15:37 2024
Summary	Security update for cpio
Type	security
Severity	moderate
References	1218571,1219238,CVE-2023-7207

Description:

This update for cpio fixes the following issues:

Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)

Advisory ID	SUSE-RU-2024:838-1
Released	Tue Mar 12 06:46:28 2024
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1220117

Description:

This update for util-linux fixes the following issues:

Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)

Advisory ID	SUSE-RU-2024:861-1
Released	Wed Mar 13 09:12:30 2024
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1218232

Description:

This update for aaa_base fixes the following issues:

Silence the output in the case of broken symlinks (bsc#1218232)

Advisory ID	SUSE-SU-2024:870-1
Released	Wed Mar 13 13:05:14 2024
Summary	Security update for glibc
Type	security
Severity	moderate
References	1217445,1217589,1218866

Description:

This update for glibc fixes the following issues:
Security issues fixed:

qsort: harden handling of degenerated / non transient compare function (bsc#1218866)

Other issues fixed:

getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)

Advisory ID	SUSE-RU-2024:907-1
Released	Fri Mar 15 08:57:38 2024
Summary	Recommended update for audit
Type	recommended
Severity	moderate
References	1215377

Description:

This update for audit fixes the following issue:

Fix plugin termination when using systemd service units (bsc#1215377)

Advisory ID	SUSE-RU-2024:914-1
Released	Mon Mar 18 06:39:03 2024
Summary	Recommended update for shadow
Type	recommended
Severity	important
References	1176006,1188307,1203823

Description:

This update for shadow fixes the following issues:

Fix chage date miscalculation (bsc#1176006)
Fix passwd segfault when nsswitch.conf defines 'files compat' (bsc#1188307
Remove pam_keyinit from PAM config files (bsc#1203823)

Advisory ID	SUSE-RU-2024:929-1
Released	Tue Mar 19 06:36:24 2024
Summary	Recommended update for coreutils
Type	recommended
Severity	moderate
References	1219321

Description:

This update for coreutils fixes the following issues:

tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)

Advisory ID	SUSE-SU-2024:1006-1
Released	Wed Mar 27 10:48:38 2024
Summary	Security update for krb5
Type	security
Severity	important
References	1220770,1220771,CVE-2024-26458,CVE-2024-26461

Description:

This update for krb5 fixes the following issues:

CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).

Advisory ID	SUSE-RU-2024:1015-1
Released	Thu Mar 28 06:08:11 2024
Summary	Recommended update for sed
Type	recommended
Severity	important
References	1221218

Description:

This update for sed fixes the following issues:

'sed -i' now creates temporary files with correct umask (bsc#1221218)

Advisory ID	SUSE-SU-2024:1133-1
Released	Mon Apr 8 11:29:02 2024
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1220061,CVE-2023-45918

Description:

This update for ncurses fixes the following issues:

CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).

Advisory ID	SUSE-SU-2024:1151-1
Released	Mon Apr 8 11:36:23 2024
Summary	Security update for curl
Type	security
Severity	moderate
References	1221665,1221667,CVE-2024-2004,CVE-2024-2398

Description:

This update for curl fixes the following issues:

CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)

Advisory ID	SUSE-SU-2024:1167-1
Released	Mon Apr 8 15:11:11 2024
Summary	Security update for nghttp2
Type	security
Severity	important
References	1221399,CVE-2024-28182

Description:

This update for nghttp2 fixes the following issues:

CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)

Advisory ID	SUSE-SU-2024:1169-1
Released	Tue Apr 9 09:50:32 2024
Summary	Security update for util-linux
Type	security
Severity	important
References	1207987,1220117,1221831,CVE-2024-28085

Description:

This update for util-linux fixes the following issues:

CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)

Advisory ID	SUSE-RU-2024:1231-1
Released	Thu Apr 11 15:20:40 2024
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1220441

Description:

This update for glibc fixes the following issues:

duplocale: protect use of global locale (bsc#1220441, BZ #23970)

Advisory ID	SUSE-RU-2024:1253-1
Released	Fri Apr 12 08:15:18 2024
Summary	Recommended update for gcc13
Type	recommended
Severity	moderate
References	1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239

Description:

This update for gcc13 fixes the following issues:

Fix unwinding for JIT code. [bsc#1221239]
Revert libgccjit dependency change. [bsc#1220724]
Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520]
Add support for -fmin-function-alignment. [bsc#1214934]
Use %{_target_cpu} to determine host and build.
Fix for building TVM. [bsc#1218492]
Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031]
Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
Fixed building mariadb on i686. [bsc#1217667]
Avoid update-alternatives dependency for accelerator crosses.
Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence.
Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450]

Advisory ID	SUSE-RU-2024:1344-1
Released	Thu Apr 18 18:50:37 2024
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1175678,1218171,1221525,1222086

Description:

This update for libzypp, zypper fixes the following issues:

Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398)
Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086)
TmpFile: Don't call chmod if makeSibling failed
Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
Add default stripe minimum
Don't expose std::optional where YAST/PK explicitly use c++11.
Digest: Avoid using the deprecated OPENSSL_config
version 17.32.0
ProblemSolution::skipsPatchesOnly overload to handout the patches
Show active dry-run/download-only at the commit propmpt
Add --skip-not-applicable-patches option
Fix printing detailed solver problem description
Fix bash-completion to work with right adjusted numbers in the 1st column too
Set libzypp shutdown request signal on Ctrl+C
In the detailed view show all baseurls not just the first one (bsc#1218171)

Advisory ID	SUSE-SU-2024:1375-1
Released	Mon Apr 22 14:56:13 2024
Summary	Security update for glibc
Type	security
Severity	important
References	1222992,CVE-2024-2961

Description:

This update for glibc fixes the following issues:

iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

Advisory ID	SUSE-RU-2024:1471-1
Released	Tue Apr 30 05:56:22 2024
Summary	Recommended update for libzypp
Type	recommended
Severity	moderate
References	1223094

Description:

This update for libzypp fixes the following issues:

Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094)

Advisory ID	SUSE-RU-2024:1485-1
Released	Thu May 2 05:33:36 2024
Summary	Recommended update for python39
Type	recommended
Severity	moderate
References

Description:

This update for python39 fixes the following issues:

Build python package for python311 (jsc#PED-5851) and python39 (jsc#PED-7886)

Advisory ID	SUSE-RU-2024:1487-1
Released	Thu May 2 10:43:53 2024
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1211721,1221361,1221407,1222547

Description:

This update for aaa_base fixes the following issues:

home and end button not working from ssh client (bsc#1221407)
use autosetup in prep stage of specfile
drop the stderr redirection for csh (bsc#1221361)
drop sysctl.d/50-default-s390.conf (bsc#1211721)
make sure the script does not exit with 1 if a file with content is found (bsc#1222547)

Advisory ID	SUSE-RU-2024:1637-1
Released	Tue May 14 14:22:14 2024
Summary	Recommended update for google-cloud SDK
Type	recommended
Severity	moderate
References	1210617,CVE-2023-30608

Description:

This update for google-cloud SDK fixes the following issues:

Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos

Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse

New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus

In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)

Advisory ID	SUSE-RU-2024:1665-1
Released	Thu May 16 08:00:09 2024
Summary	Recommended update for coreutils
Type	recommended
Severity	moderate
References	1221632

Description:

This update for coreutils fixes the following issues:

ls: avoid triggering automounts (bsc#1221632)

Advisory ID	SUSE-SU-2024:1762-1
Released	Wed May 22 16:14:17 2024
Summary	Security update for perl
Type	security
Severity	important
References	1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913

Description:

This update for perl fixes the following issues:
Security issues fixed:

CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)

Non-security issue fixed:

make Net::FTP work with TLS 1.3 (bsc#1213638)

Advisory ID	SUSE-RU-2024:1802-1
Released	Tue May 28 16:20:18 2024
Summary	Recommended update for e2fsprogs
Type	recommended
Severity	moderate
References	1223596

Description:

This update for e2fsprogs fixes the following issues:
EA Inode handling fixes:

ext2fs: avoid re-reading inode multiple times (bsc#1223596)
e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
e2fsck: add more checks for ea inode consistency (bsc#1223596)
e2fsck: fix golden output of several tests (bsc#1223596)

Advisory ID	SUSE-RU-2024:1876-1
Released	Fri May 31 06:47:32 2024
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1221361

Description:

This update for aaa_base fixes the following issues:

Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361)

Advisory ID	SUSE-SU-2024:1895-1
Released	Mon Jun 3 09:00:20 2024
Summary	Security update for glibc
Type	security
Severity	important
References	1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602

Description:

This update for glibc fixes the following issues:

CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)

Avoid creating userspace live patching prologue for _start routine (bsc#1221940)

Advisory ID	SUSE-SU-2024:1949-1
Released	Fri Jun 7 17:07:33 2024
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1222548,CVE-2024-2511

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).

SUSE-CU-2024:2388-1

Container Advisory ID	SUSE-CU-2024:2388-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.9 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.9

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:1868-1
Released	Thu May 30 14:23:07 2024
Summary	Security update for apache2
Type	security
Severity	important
References	1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316

Description:

This update for apache2 fixes the following issues:

CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330).
CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332).
CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401).

SUSE-CU-2024:2387-1

Container Advisory ID	SUSE-CU-2024:2387-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.8 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.8

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:1830-1
Released	Wed May 29 14:08:50 2024
Summary	Security update for glib2
Type	security
Severity	low
References	1224044,CVE-2024-34397

Description:

This update for glib2 fixes the following issues:

CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).

SUSE-CU-2024:2272-1

Container Advisory ID	SUSE-CU-2024:2272-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.6 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.6

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1778-1
Released	Fri May 24 17:40:50 2024
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	moderate
References

Description:

This update for systemd-presets-branding-SLE fixes the following issues:

Enable sysctl-logger (jsc#PED-5024)

SUSE-CU-2024:1979-1

Container Advisory ID	SUSE-CU-2024:1979-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.2

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:1557-1
Released	Wed May 8 11:42:34 2024
Summary	Security update for rpm
Type	security
Severity	moderate
References	1189495,1191175,1218686,CVE-2021-3521

Description:

This update for rpm fixes the following issues:
Security fixes:

CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)

Other fixes:

accept more signature subpackets marked as critical (bsc#1218686)
backport limit support for the autopatch macro (bsc#1189495)

SUSE-CU-2024:1921-1

Container Advisory ID	SUSE-CU-2024:1921-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.52.1

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:1507-1
Released	Mon May 6 11:45:59 2024
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	security
Severity	moderate
References	1170848,1208572,1214340,1214387,1216085,1217204,1217874,1218764,1218805,1218931,1218957,1219061,1219233,1219634,1219875,1220101,1220169,1220194,1220221,1220376,1220705,1220726,1220903,1220980,1221111,1221182,1221279,1221465,1221571,1221784,1221922,1222110,1222347,CVE-2023-51775

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-SU-2024:1532-1
Released	Mon May 6 11:55:25 2024
Summary	Maintenance update for SUSE Manager 4.3 Release Notes
Type	security
Severity	important
References	1170848,1208572,1214340,1214387,1216085,1217204,1217874,1218764,1218805,1218931,1218957,1219061,1219233,1219634,1219875,1220001,1220101,1220169,1220194,1220221,1220376,1220705,1220726,1220903,1220980,1221111,1221182,1221279,1221465,1221571,1221784,1221922,1222110,1222347,CVE-2023-51775

Description:

Maintenance update for SUSE Manager 4.3 Release Notes:
This is a codestream only update

SUSE-CU-2024:1898-1

Container Advisory ID	SUSE-CU-2024:1898-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.33 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.33

The following patches have been included in this update:

SUSE-CU-2024:1738-1

Container Advisory ID	SUSE-CU-2024:1738-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.30 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.30

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1434-1
Released	Thu Apr 25 09:11:03 2024
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1200731

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)

Support both the old and new service to avoid complex version interdependency.

SUSE-CU-2024:1681-1

Container Advisory ID	SUSE-CU-2024:1681-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.29 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.29

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1398-1
Released	Tue Apr 23 13:58:22 2024
Summary	Recommended update for systemd-default-settings
Type	recommended
Severity	moderate
References

Description:

This update for systemd-default-settings fixes the following issues:

Disable pids controller limit under user instances (jsc#SLE-10123)
Disable controllers by default (jsc#PED-2276)
The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned.
User priority '26' for SLE-Micro
Convert more drop-ins into early ones

SUSE-CU-2024:1582-1

Container Advisory ID	SUSE-CU-2024:1582-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.27 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.27

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1341-1
Released	Thu Apr 18 15:29:45 2024
Summary	Recommended update for tftp
Type	recommended
Severity	moderate
References	1215520

Description:

This update for tftp fixes the following issue:

Allow enabling the service via `systemctl enable tftp` to create the tftp.socket symlink (bsc#1215520)

SUSE-CU-2024:1476-1

Container Advisory ID	SUSE-CU-2024:1476-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.26 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.26

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1279-1
Released	Fri Apr 12 21:35:09 2024
Summary	Recommended update for python3
Type	recommended
Severity	moderate
References	1222109

Description:

This update for python3 fixes the following issue:

Fix syslog making default 'ident' from sys.argv (bsc#1222109)

SUSE-CU-2024:1475-1

Container Advisory ID	SUSE-CU-2024:1475-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.24 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.24

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1206-1
Released	Thu Apr 11 12:56:24 2024
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References	1222259

Description:

This update for rpm fixes the following issues:

remove imaevmsign plugin from rpm-ndb [bsc#1222259]

SUSE-CU-2024:1361-1

Container Advisory ID	SUSE-CU-2024:1361-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.23 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.23

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1176-1
Released	Tue Apr 9 10:43:33 2024
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Update to 0.380
Update pci, usb and vendor ids

SUSE-CU-2024:1288-1

Container Advisory ID	SUSE-CU-2024:1288-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.22 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.22

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:1129-1
Released	Mon Apr 8 09:12:08 2024
Summary	Security update for expat
Type	security
Severity	important
References	1219559,1221289,CVE-2023-52425,CVE-2024-28757

Description:

This update for expat fixes the following issues:

CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)

SUSE-CU-2024:1262-1

Container Advisory ID	SUSE-CU-2024:1262-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.21 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.21

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:1091-1
Released	Tue Apr 2 12:18:46 2024
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References

Description:

This update for rpm fixes the following issues:

Turn on IMA/EVM file signature support, move the imaevm code that needs the libiamevm library into a plugin, and install this plugin as part of a new 'rpm-imaevmsign' subpackage (jsc#PED-7246).

Backport signature reserved space handling from upstream.

SUSE-CU-2024:1203-1

Container Advisory ID	SUSE-CU-2024:1203-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.20 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.20

The following patches have been included in this update:

SUSE-CU-2024:1098-1

Container Advisory ID	SUSE-CU-2024:1098-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.18 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.18

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:980-1
Released	Mon Mar 25 06:18:28 2024
Summary	Recommended update for pam-config
Type	recommended
Severity	moderate
References	1219767

Description:

This update for pam-config fixes the following issues:

Fix pam_gnome_keyring module for AUTH (bsc#1219767)

SUSE-CU-2024:1036-1

Container Advisory ID	SUSE-CU-2024:1036-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.17 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.17

The following patches have been included in this update:

SUSE-CU-2024:942-1

Container Advisory ID	SUSE-CU-2024:942-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.14 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.14

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:901-1
Released	Thu Mar 14 17:49:10 2024
Summary	Security update for python3
Type	security
Severity	important
References	1214691,1219666,CVE-2022-48566,CVE-2023-6597

Description:

This update for python3 fixes the following issues:

CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).

SUSE-CU-2024:934-1

Container Advisory ID	SUSE-CU-2024:934-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.11 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.11

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:849-1
Released	Tue Mar 12 15:38:03 2024
Summary	Recommended update for cloud-init
Type	recommended
Severity	important
References	1198533,1214169,1218952

Description:

This update for cloud-init contains the following fixes:

Skip tests with empty config.

Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326)

Switch build dependency to the generic distribution-release package.

Move fdupes call back to %install. (bsc#1214169)

SUSE-CU-2024:866-1

Container Advisory ID	SUSE-CU-2024:866-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.8 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.8

The following patches have been included in this update:

SUSE-CU-2024:726-1

Container Advisory ID	SUSE-CU-2024:726-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:614-1
Released	Mon Feb 26 11:31:18 2024
Summary	Recommended update for rpm
Type	recommended
Severity	important
References	1216752

Description:

This update for rpm fixes the following issues:

backport lua support for rpm.execute to ease migrating from SLE Micro 5.5 to 6.0 (bsc#1216752)

Advisory ID	SUSE-SU-2024:613-1
Released	Fri Jun 7 16:01:54 2024
Summary	Security update for libxml2
Type	security
Severity	important
References	1219576,CVE-2024-25062

Description:

This update for libxml2 fixes the following issues:

CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).

SUSE-CU-2024:680-1

Container Advisory ID	SUSE-CU-2024:680-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.11 , suse/manager/4.3/proxy-httpd:4.3.11.9.49.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.49.1

The following patches have been included in this update:

SUSE-CU-2024:661-1

Container Advisory ID	SUSE-CU-2024:661-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.46.5 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.11 , suse/manager/4.3/proxy-httpd:susemanager-4.3.11.9.46.5
Container Release	9.46.5

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:581-1
Released	Wed Feb 21 14:08:16 2024
Summary	Security update for python3
Type	security
Severity	moderate
References	1210638,CVE-2023-27043

Description:

This update for python3 fixes the following issues:

CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).

SUSE-CU-2024:609-1

Container Advisory ID	SUSE-CU-2024:609-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.46.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.11 , suse/manager/4.3/proxy-httpd:susemanager-4.3.11.9.46.2
Container Release	9.46.2

The following patches have been included in this update:

Advisory ID	SUSE-SU-2024:485-1
Released	Thu Feb 15 14:35:10 2024
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	security
Severity	important
References	1170848,1210911,1211254,1211560,1211912,1213079,1213507,1213738,1213981,1214077,1214791,1215166,1215514,1215769,1215810,1215813,1215982,1216114,1216394,1216437,1216550,1216609,1216657,1216753,1216781,1216988,1217069,1217209,1217588,1217784,1217869,1218019,1218074,1218075,1218089,1218094,1218146,1218490,1218615,1218669,1218837,1218849,1219151,1219449,1219577,1219850,CVE-2023-31582,CVE-2023-32189

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-SU-2024:513-1
Released	Thu Feb 15 14:43:18 2024
Summary	Security update for SUSE Manager 4.3.11 Release Notes
Type	security
Severity	important
References	1170848,1210911,1211254,1211560,1211912,1213079,1213507,1213738,1213981,1214077,1214791,1215166,1215514,1215769,1215810,1215813,1215982,1216114,1216394,1216437,1216550,1216657,1216753,1216781,1216988,1217069,1217209,1217588,1217784,1217869,1218019,1218074,1218075,1218089,1218094,1218146,1218490,1218615,1218669,1218849,1219577,1219850,CVE-2023-32189,CVE-2024-22231,CVE-2024-22232

Description:

Security update for SUSE Manager 4.3.11 Release Notes:

This is a codestream only update

SUSE-CU-2024:558-1

Container Advisory ID	SUSE-CU-2024:558-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.27 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.27
Container Release	9.43.27

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:458-1
Released	Tue Feb 13 14:34:14 2024
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Update to version 0.378
Update pci, usb and vendor ids

SUSE-CU-2024:375-1

Container Advisory ID	SUSE-CU-2024:375-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.21 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.21
Container Release	9.43.21

The following patches have been included in this update:

SUSE-CU-2024:328-1

Container Advisory ID	SUSE-CU-2024:328-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.20 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.20
Container Release	9.43.20

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:214-1
Released	Wed Jan 24 16:01:31 2024
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References	1214668,1215241,1217460

Description:

This update for systemd fixes the following issues:

resolved: actually check authenticated flag of SOA transaction
core/mount: Make device deps from /proc/self/mountinfo and .mount unit file exclusive
core: Add trace logging to mount_add_device_dependencies()
core/mount: Remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
core/mount: Set Mount.from_proc_self_mountinfo flag before adding default dependencies
core: wrap some long comment
utmp-wtmp: Handle EINTR gracefully when waiting to write to tty
utmp-wtmp: Fix error in case isatty() fails
homed: Handle EINTR gracefully when waiting for device node
resolved: Handle EINTR returned from fd_wait_for_event() better
sd-netlink: Handle EINTR from poll() gracefully, as success
varlink: Handle EINTR gracefully when waiting for EIO via ppoll()
stdio-bridge: Don't be bothered with EINTR
sd-bus: Handle EINTR return from bus_poll() (bsc#1215241)
core: Replace slice dependencies as they get added (bsc#1214668)

SUSE-CU-2024:304-1

Container Advisory ID	SUSE-CU-2024:304-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.19 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.19
Container Release	9.43.19

The following patches have been included in this update:

Advisory ID	SUSE-RU-2024:187-1
Released	Tue Jan 23 13:38:00 2024
Summary	Recommended update for python-chardet
Type	recommended
Severity	moderate
References	1218765

Description:

This update for python-chardet fixes the following issues:

Fix update-alternative in %postun (bsc#1218765)

SUSE-CU-2024:290-1

Container Advisory ID	SUSE-CU-2024:290-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.18 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.18
Container Release	9.43.18

The following patches have been included in this update:

SUSE-CU-2024:11-1

Container Advisory ID	SUSE-CU-2024:11-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.12 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.12
Container Release	9.43.12

The following patches have been included in this update:

SUSE-CU-2023:4303-1

Container Advisory ID	SUSE-CU-2023:4303-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.9
Container Release	9.43.9

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4962-1
Released	Fri Dec 22 13:45:06 2023
Summary	Recommended update for curl
Type	recommended
Severity	important
References	1216987

Description:

This update for curl fixes the following issues:

libssh: Implement SFTP packet size limit (bsc#1216987)

This update also ships curl to the INSTALLER channel.

SUSE-CU-2023:4236-1

Container Advisory ID	SUSE-CU-2023:4236-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.7
Container Release	9.43.7

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4916-1
Released	Wed Dec 20 08:49:04 2023
Summary	Recommended update for lvm2
Type	recommended
Severity	important
References	1215229

Description:

This update for lvm2 fixes the following issues:

Fixed error creating linux volume on SAN device lvmlockd (bsc#1215229)

SUSE-CU-2023:4227-1

Container Advisory ID	SUSE-CU-2023:4227-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.6 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.6
Container Release	9.43.6

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4891-1
Released	Mon Dec 18 16:31:49 2023
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1201384,1218014,CVE-2023-50495

Description:

This update for ncurses fixes the following issues:

CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)

SUSE-CU-2023:4184-1

Container Advisory ID	SUSE-CU-2023:4184-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.4 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.4
Container Release	9.43.4

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4843-1
Released	Thu Dec 14 12:22:44 2023
Summary	Security update for python3-cryptography
Type	security
Severity	moderate
References	1217592,CVE-2023-49083

Description:

This update for python3-cryptography fixes the following issues:

CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).

SUSE-CU-2023:4169-1

Container Advisory ID	SUSE-CU-2023:4169-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.10 , suse/manager/4.3/proxy-httpd:4.3.10.9.43.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.10 , suse/manager/4.3/proxy-httpd:susemanager-4.3.10.9.43.2
Container Release	9.43.2

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4737-1
Released	Wed Dec 13 10:20:03 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	security
Severity	important
References	1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-SU-2023:4758-1
Released	Wed Dec 13 10:33:58 2023
Summary	Security update for SUSE Manager 4.3.10 Release Notes
Type	security
Severity	important
References	1191143,1204235,1207012,1207532,1210928,1210930,1211355,1211560,1211649,1212695,1212904,1213469,1214186,1214471,1214601,1214759,1215209,1215514,1215949,1216030,1216041,1216085,1216128,1216380,1216506,1216555,1216690,1216754,1217038,1217223,1217224,CVE-2023-22644

Description:

Security update for SUSE Manager 4.3.10 Release Notes:

This is a codestream only update

SUSE-CU-2023:4120-1

Container Advisory ID	SUSE-CU-2023:4120-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.24 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.24
Container Release	9.40.24

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4699-1
Released	Mon Dec 11 07:02:10 2023
Summary	Recommended update for gpg2
Type	recommended
Severity	moderate
References	1217212

Description:

This update for gpg2 fixes the following issues:

`dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212)

Advisory ID	SUSE-RU-2023:4723-1
Released	Tue Dec 12 09:57:51 2023
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1216862

Description:

This update for libtirpc fixes the following issue:

fix sed parsing in specfile (bsc#1216862)

SUSE-CU-2023:4058-1

Container Advisory ID	SUSE-CU-2023:4058-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.20 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.20
Container Release	9.40.20

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4659-1
Released	Wed Dec 6 13:04:57 2023
Summary	Security update for curl
Type	security
Severity	moderate
References	1217573,1217574,CVE-2023-46218,CVE-2023-46219

Description:

This update for curl fixes the following issues:

CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).

SUSE-CU-2023:4049-1

Container Advisory ID	SUSE-CU-2023:4049-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.19 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.19
Container Release	9.40.19

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4671-1
Released	Wed Dec 6 14:33:41 2023
Summary	Recommended update for man
Type	recommended
Severity	moderate
References

Description:

This update of man fixes the following problem:

The 'man' commands is delivered to SUSE Linux Enterprise Micro to allow browsing man pages.

SUSE-CU-2023:3974-1

Container Advisory ID	SUSE-CU-2023:3974-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.17 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.17
Container Release	9.40.17

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4619-1
Released	Thu Nov 30 10:13:52 2023
Summary	Security update for sqlite3
Type	security
Severity	important
References	1210660,CVE-2023-2137

Description:

This update for sqlite3 fixes the following issues:

CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).

SUSE-CU-2023:3896-1

Container Advisory ID	SUSE-CU-2023:3896-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.13 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.13
Container Release	9.40.13

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4534-1
Released	Thu Nov 23 08:13:57 2023
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1041742,1203760,1212422,1215979,1216091

Description:

This update for libzypp, zypper fixes the following issues:

Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
Fix comment typo on zypp.conf (bsc#1215979)
Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742)
Make sure the old target is deleted before a new one is created (bsc#1203760)
Return 104 also if info suggests near matches
Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
commit: Insert a headline to separate output of different rpm scripts (bsc#1041742)

SUSE-CU-2023:3886-1

Container Advisory ID	SUSE-CU-2023:3886-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.12 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.12
Container Release	9.40.12

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4537-1
Released	Thu Nov 23 09:34:08 2023
Summary	Security update for libxml2
Type	security
Severity	moderate
References	1216129,CVE-2023-45322

Description:

This update for libxml2 fixes the following issues:

CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).

SUSE-CU-2023:3838-1

Container Advisory ID	SUSE-CU-2023:3838-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.10 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.10
Container Release	9.40.10

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4524-1
Released	Tue Nov 21 17:51:28 2023
Summary	Security update for openssl-1_1
Type	security
Severity	important
References	1216922,CVE-2023-5678

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).

SUSE-CU-2023:3798-1

Container Advisory ID	SUSE-CU-2023:3798-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.9 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.9
Container Release	9.40.9

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4517-1
Released	Tue Nov 21 17:30:27 2023
Summary	Security update for python3-setuptools
Type	security
Severity	moderate
References	1206667,CVE-2022-40897

Description:

This update for python3-setuptools fixes the following issues:

CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).

SUSE-CU-2023:3768-1

Container Advisory ID	SUSE-CU-2023:3768-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.7 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.7
Container Release	9.40.7

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4458-1
Released	Thu Nov 16 14:38:48 2023
Summary	Security update for gcc13
Type	security
Severity	important
References	1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039

Description:

This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories.
To use gcc13 compilers use:

install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html

Detailed changes:

CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052)

Work around third party app crash during C++ standard library initialization. [bsc#1216664]
Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
Bump included newlib to version 4.3.0.
Update to GCC trunk head (r13-5254-g05b9868b182bb9)
Redo floatn fixinclude pick-up to simply keep what is there.
Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

Also handle -static-pie in the default-PIE specs
Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101]
Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427]
Add new x86-related intrinsics (amxcomplexintrin.h).
RISC-V: Add support for inlining subword atomic operations
Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver.
Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC.
Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing.
Bump included newlib to version 4.3.0.
Also package libhwasan_preinit.o on aarch64.
Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite.
Package libhwasan_preinit.o on x86_64.
Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
Enable PRU flavour for gcc13
update floatn fixinclude pickup to check each header separately (bsc#1206480)
Redo floatn fixinclude pick-up to simply keep what is there.
Bump libgo SONAME to libgo22.
Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers.
Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15.
Depend on at least LLVM 13 for GCN cross compiler.
Update embedded newlib to version 4.2.0
Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build.

SUSE-CU-2023:3704-1

Container Advisory ID	SUSE-CU-2023:3704-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.5 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.5
Container Release	9.40.5

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:4430-1
Released	Mon Nov 13 17:55:09 2023
Summary	Security update for apache2
Type	security
Severity	important
References	1207399,1214357,1216424,CVE-2023-31122

Description:

This update for apache2 fixes the following issues:

CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424).

Non-security fixes:

Fixed the content type handling in mod_proxy_http2 (bsc#1214357).
Fixed a floating point exception crash (bsc#1207399).

SUSE-CU-2023:3696-1

Container Advisory ID	SUSE-CU-2023:3696-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.9 , suse/manager/4.3/proxy-httpd:4.3.9.9.40.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.9 , suse/manager/4.3/proxy-httpd:susemanager-4.3.9.9.40.2
Container Release	9.40.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4385-1
Released	Thu Nov 9 03:30:32 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	important
References	1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215412,1215514,1216411,1216661

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-SU-2023:4412-1
Released	Thu Nov 9 03:49:51 2023
Summary	Maintenance update for SUSE Manager 4.3.9 Release Notes
Type	security
Severity	moderate
References	1204270,1211047,1211145,1211270,1211912,1212168,1212507,1213132,1213376,1213469,1213680,1213689,1214041,1214121,1214463,1214553,1214746,1215027,1215120,1215157,1215412,1215514,1216411,1216661,CVE-2023-34049

Description:

Maintenance update for SUSE Manager 4.3.9 Release Notes:
This is a codestream only update

SUSE-CU-2023:3686-1

Container Advisory ID	SUSE-CU-2023:3686-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.30 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.30
Container Release	9.37.30

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:4310-1
Released	Tue Oct 31 14:10:47 2023
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1196647

Description:

This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467)
* binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage
Update to 1.3.3:

Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
_rpc_dtablesize: use portable system call
libtirpc: Fix use-after-free accessing the error number
Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch
rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
Eliminate deadlocks in connects with an MT environment
clnt_dg_freeres() uncleared set active state may deadlock
thread safe clnt destruction
SUNRPC: mutexed access blacklist_read state variable
SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c

Update to 1.3.2:

Replace the final SunRPC licenses with BSD licenses
blacklist: Add a few more well known ports
libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS

Update to 1.3.1:

Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors.
svc_dg: Free xp_netid during destroy
Fix memory management issues of fd locks
libtirpc: replace array with list for per-fd locks
__svc_vc_dodestroy: fix double free of xp_ltaddr.buf
__rpc_dtbsize: rlim_cur instead of rlim_max
pkg-config: use the correct replacements for libdir/includedir

SUSE-CU-2023:3678-1

Container Advisory ID	SUSE-CU-2023:3678-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.28 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.28
Container Release	9.37.28

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:3814-1
Released	Wed Sep 27 18:08:17 2023
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1211829,1212819,1212910

Description:

This update for glibc fixes the following issues:

nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415)
Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457)
elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688)
elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676)
ld.so: Always use MAP_COPY to map the first segment (BZ #30452)
add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

Advisory ID	SUSE-SU-2023:3823-1
Released	Wed Sep 27 18:42:38 2023
Summary	Security update for curl
Type	security
Severity	important
References	1215026,CVE-2023-38039

Description:

This update for curl fixes the following issues:

CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)

Advisory ID	SUSE-SU-2023:3954-1
Released	Tue Oct 3 20:09:47 2023
Summary	Security update for libeconf
Type	security
Severity	important
References	1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181

Description:

This update for libeconf fixes the following issues:
Update to version 0.5.2.

CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)

Advisory ID	SUSE-RU-2023:3973-1
Released	Thu Oct 5 10:14:49 2023
Summary	Recommended update for zypper
Type	recommended
Severity	moderate
References	1213854,1214292,1214395,1215007

Description:

This update for zypper fixes the following issues:

Fix name of the bash completion script (bsc#1215007)
Update notes about failing signature checks (bsc#1214395)
Improve the SIGINT handler to be signal safe (bsc#1214292)
Update to version 1.14.64
Changed location of bash completion script (bsc#1213854).

Advisory ID	SUSE-RU-2023:3977-1
Released	Thu Oct 5 11:43:46 2023
Summary	Maintenance update for SUSE Manager 4.3.8 Release Notes
Type	recommended
Severity	important
References	1210253,1215820,1215857

Description:

Maintenance update for SUSE Manager 4.3.8 Release Notes:
This is a codestream only update

Advisory ID	SUSE-SU-2023:3997-1
Released	Fri Oct 6 14:13:56 2023
Summary	Security update for nghttp2
Type	security
Severity	important
References	1215713,CVE-2023-35945

Description:

This update for nghttp2 fixes the following issues:

CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).

Advisory ID	SUSE-SU-2023:4024-1
Released	Tue Oct 10 13:24:40 2023
Summary	Security update for shadow
Type	security
Severity	low
References	1214806,CVE-2023-4641

Description:

This update for shadow fixes the following issues:

CVE-2023-4641: Fixed potential password leak (bsc#1214806).

Advisory ID	SUSE-SU-2023:4044-1
Released	Wed Oct 11 09:01:14 2023
Summary	Security update for curl
Type	security
Severity	important
References	1215888,1215889,CVE-2023-38545,CVE-2023-38546

Description:

This update for curl fixes the following issues:

CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)

Advisory ID	SUSE-RU-2023:4073-1
Released	Fri Oct 13 11:40:26 2023
Summary	Recommended update for rpm
Type	recommended
Severity	low
References

Description:

This update for rpm fixes the following issue:

Enables build for all python modules (jsc#PED-68, jsc#PED-1988)

Advisory ID	SUSE-SU-2023:4110-1
Released	Wed Oct 18 12:35:26 2023
Summary	Security update for glibc
Type	security
Severity	important
References	1215286,1215891,CVE-2023-4813

Description:

This update for glibc fixes the following issues:
Security issue fixed:

CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)

Also a regression from a previous update was fixed:

elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)

Advisory ID	SUSE-RU-2023:4122-1
Released	Thu Oct 19 08:24:34 2023
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1215215

Description:

This update for openssl-1_1 fixes the following issues:

Displays 'fips' in the version string (bsc#1215215)

Advisory ID	SUSE-RU-2023:4153-1
Released	Fri Oct 20 19:27:58 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References	1215313

Description:

This update for systemd fixes the following issues:

Fix mismatch of nss-resolve version in Package Hub (no source code changes)

Advisory ID	SUSE-RU-2023:4154-1
Released	Fri Oct 20 19:33:25 2023
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1107342,1215434

Description:

This update for aaa_base fixes the following issues:

Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342)

Advisory ID	SUSE-SU-2023:4162-1
Released	Mon Oct 23 15:33:03 2023
Summary	Security update for gcc13
Type	security
Severity	important
References	1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039

Description:

install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.

For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html

Detailed changes:

CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052)

Turn cross compiler to s390x to a glibc cross. [bsc#1214460]

Also handle -static-pie in the default-PIE specs
Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101]
Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427]
Add new x86-related intrinsics (amxcomplexintrin.h).
RISC-V: Add support for inlining subword atomic operations
Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver.
Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC.
Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing.
Bump included newlib to version 4.3.0.
Also package libhwasan_preinit.o on aarch64.
Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite.
Package libhwasan_preinit.o on x86_64.
Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
Enable PRU flavour for gcc13
update floatn fixinclude pickup to check each header separately (bsc#1206480)
Redo floatn fixinclude pick-up to simply keep what is there.
Bump libgo SONAME to libgo22.
Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers.
Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15.
Depend on at least LLVM 13 for GCN cross compiler.
Update embedded newlib to version 4.2.0
Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build.

Advisory ID	SUSE-feature-2023:4194-1
Released	Wed Oct 25 11:01:41 2023
Summary	Feature update for python3
Type	feature
Severity	low
References

Description:

This feature update for python3 packages adds the following:

First batch of python3.11 modules (jsc#PED-68)
Rename sources of python3-kubernetes, python3-cryptography and python3-cryptography-vectors to accommodate

the new 3.11 versions, this 3 packages have no code changes.

Advisory ID	SUSE-SU-2023:4200-1
Released	Wed Oct 25 12:04:29 2023
Summary	Security update for nghttp2
Type	security
Severity	important
References	1216123,1216174,CVE-2023-44487

Description:

This update for nghttp2 fixes the following issues:

CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)

Advisory ID	SUSE-SU-2023:4217-1
Released	Thu Oct 26 12:20:27 2023
Summary	Security update for zlib
Type	security
Severity	moderate
References	1216378,CVE-2023-45853

Description:

This update for zlib fixes the following issues:

CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378).

Advisory ID	SUSE-SU-2023:4225-1
Released	Fri Oct 27 11:02:14 2023
Summary	Security update for zchunk
Type	security
Severity	important
References	1216268,CVE-2023-46228

Description:

This update for zchunk fixes the following issues:

CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)

SUSE-CU-2023:3168-1

Container Advisory ID	SUSE-CU-2023:3168-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.8 , suse/manager/4.3/proxy-httpd:4.3.8.9.37.2 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.8 , suse/manager/4.3/proxy-httpd:susemanager-4.3.8.9.37.2
Container Release	9.37.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:3217-1
Released	Mon Aug 7 16:51:10 2023
Summary	Recommended update for cryptsetup
Type	recommended
Severity	moderate
References	1211079

Description:

This update for cryptsetup fixes the following issues:

Handle system with low memory and no swap space (bsc#1211079)

Advisory ID	SUSE-RU-2023:3275-1
Released	Fri Aug 11 10:19:36 2023
Summary	Recommended update for apparmor
Type	recommended
Severity	moderate
References	1213472

Description:

This update for apparmor fixes the following issues:

Add pam_apparmor README (bsc#1213472)

Advisory ID	SUSE-RU-2023:3285-1
Released	Fri Aug 11 10:30:38 2023
Summary	Recommended update for shadow
Type	recommended
Severity	moderate
References	1206627,1213189

Description:

This update for shadow fixes the following issues:

Prevent lock files from remaining after power interruptions (bsc#1213189)
Add --prefix support to passwd, chpasswd and chage (bsc#1206627)

Advisory ID	SUSE-RU-2023:3286-1
Released	Fri Aug 11 10:32:03 2023
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1194038,1194900

Description:

This update for util-linux fixes the following issues:

Fix blkid for floppy drives (bsc#1194900)
Fix rpmbuild %checks fail when @ in the directory path (bsc#1194038)

Advisory ID	SUSE-RU-2023:3330-1
Released	Wed Aug 16 08:59:33 2023
Summary	Recommended update for python-pyasn1
Type	recommended
Severity	important
References	1207805

Description:

This update for python-pyasn1 fixes the following issues:

To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805)

Advisory ID	SUSE-SU-2023:3363-1
Released	Fri Aug 18 14:54:16 2023
Summary	Security update for krb5
Type	security
Severity	important
References	1214054,CVE-2023-36054

Description:

This update for krb5 fixes the following issues:

CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)

Advisory ID	SUSE-SU-2023:3397-1
Released	Wed Aug 23 18:35:56 2023
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1213517,1213853,CVE-2023-3817

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)

Advisory ID	SUSE-RU-2023:3410-1
Released	Thu Aug 24 06:56:32 2023
Summary	Recommended update for audit
Type	recommended
Severity	moderate
References	1201519,1204844

Description:

This update for audit fixes the following issues:

Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
Fix rules not loaded when restarting auditd.service (bsc#1204844)

Advisory ID	SUSE-SU-2023:3440-1
Released	Mon Aug 28 08:57:10 2023
Summary	Security update for gawk
Type	security
Severity	low
References	1214025,CVE-2023-4156

Description:

This update for gawk fixes the following issues:

CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)

Advisory ID	SUSE-RU-2023:3451-1
Released	Mon Aug 28 12:15:22 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References	1186606,1194609,1208194,1209741,1210702,1211576,1212434,1213185,1213575,1213873

Description:

This update for systemd fixes the following issues:

Fix reboot and shutdown issues by getting only active MD arrays (bsc#1211576, bsc#1212434, bsc#1213575)
Decrease devlink priority for iso disks (bsc#1213185)
Do not ignore mount point paths longer than 255 characters (bsc#1208194)
Refuse hibernation if there's no possible way to resume (bsc#1186606)
Update 'korean' and 'arabic' keyboard layouts (bsc#1210702)
Drop some entries no longer needed by YaST (bsc#1194609)
The 'systemd --user' instances get their own session keyring instead of the user default one (bsc#1209741)
Dynamically allocate receive buffer to handle large amount of mounts (bsc#1213873)

Advisory ID	SUSE-RU-2023:3468-1
Released	Tue Aug 29 09:22:18 2023
Summary	Recommended update for python3
Type	recommended
Severity	low
References

Description:

This update for python3 fixes the following issue:

Rename sources in preparation of python3.11 (jsc#PED-68)

Advisory ID	SUSE-SU-2023:3472-1
Released	Tue Aug 29 10:55:16 2023
Summary	Security update for procps
Type	security
Severity	low
References	1214290,CVE-2023-4016

Description:

This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).

Advisory ID	SUSE-RU-2023:3486-1
Released	Tue Aug 29 14:25:23 2023
Summary	Recommended update for lvm2
Type	recommended
Severity	moderate
References	1214071

Description:

This update for lvm2 fixes the following issues:

blkdeactivate calls wrong mountpoint cmd (bsc#1214071)

Advisory ID	SUSE-RU-2023:3514-1
Released	Fri Sep 1 15:48:52 2023
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1158763,1210740,1213231,1213557,1213673

Description:

This update for libzypp, zypper fixes the following issues:

Fix occasional isue with downloading very small files (bsc#1213673)
Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763)
Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740)
Revised explanation of --force-resolution in man page (bsc#1213557)
Print summary hint if policies were violated due to --force-resolution (bsc#1213557)

Advisory ID	SUSE-RU-2023:3611-1
Released	Fri Sep 15 09:28:36 2023
Summary	Recommended update for sysuser-tools
Type	recommended
Severity	moderate
References	1195391,1205161,1207778,1213240,1214140

Description:

This update for sysuser-tools fixes the following issues:

Update to version 3.2
Always create a system group of the same name as the system user (bsc#1205161, bsc#1207778, bsc#1213240)
Add 'quilt setup' friendly hint to %sysusers_requires usage
Use append so if a pre file already exists it isn't overridden
Invoke bash for bash scripts (bsc#1195391)
Remove all systemd requires not supported on SLE15 (bsc#1214140)

Advisory ID	SUSE-SU-2023:3661-1
Released	Mon Sep 18 21:44:09 2023
Summary	Security update for gcc12
Type	security
Severity	important
References	1214052,CVE-2023-4039

Description:

This update for gcc12 fixes the following issues:

CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).

Advisory ID	SUSE-SU-2023:3699-1
Released	Wed Sep 20 11:02:50 2023
Summary	Security update for libxml2
Type	security
Severity	important
References	1214768,CVE-2023-39615

Description:

This update for libxml2 fixes the following issues:

CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).

Advisory ID	SUSE-SU-2023:3828-1
Released	Wed Sep 27 19:07:38 2023
Summary	Security update for python3
Type	security
Severity	important
References	1214692,CVE-2023-40217

Description:

This update for python3 fixes the following issues:

CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).

Advisory ID	SUSE-RU-2023:3856-1
Released	Thu Sep 28 09:42:16 2023
Summary	Recommended update for apparmor
Type	recommended
Severity	moderate
References	1214458

Description:

This update for apparmor fixes the following issues:

Update zgrep profile to allow egrep helper use (bsc#1214458)

Advisory ID	SUSE-SU-2023:3861-1
Released	Thu Sep 28 13:37:55 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	security
Severity	important
References	1207330,1208692,1210935,1211525,1211874,1211884,1212246,1212730,1212814,1212827,1212856,1212943,1213009,1213077,1213288,1213445,1213675,1213716,1213880,1214002,1214121,1214124,1214187,1214266,1214280,1214889,1214982,1215352,1215362,1215373,1215413,1215497,1215756,CVE-2023-29409

Description:

This is a codestream only update

Advisory ID	SUSE-SU-2023:3885-1
Released	Thu Sep 28 13:51:58 2023
Summary	Maintenance update for SUSE Manager 4.3.8 Release Notes
Type	security
Severity	important
References	1193948,1207330,1208692,1210935,1211525,1211874,1211884,1212246,1212730,1212814,1212827,1212856,1212943,1213009,1213077,1213288,1213441,1213445,1213469,1213675,1213716,1213880,1214002,1214121,1214124,1214187,1214266,1214280,1214796,1214797,1214889,1214982,1215352,1215362,1215413,1215497,1215756,CVE-2023-20897,CVE-2023-20898,CVE-2023-29409

Description:

Maintenance update for SUSE Manager 4.3.8 Release Notes:
This is a codestream only update

SUSE-CU-2023:2514-1

Container Advisory ID	SUSE-CU-2023:2514-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.7 , suse/manager/4.3/proxy-httpd:4.3.7.9.34.1 , suse/manager/4.3/proxy-httpd:latest , suse/manager/4.3/proxy-httpd:susemanager-4.3.7 , suse/manager/4.3/proxy-httpd:susemanager-4.3.7.9.34.1
Container Release	9.34.1

The following patches have been included in this update:

Advisory ID	SUSE-RU-2023:2625-1
Released	Fri Jun 23 17:16:11 2023
Summary	Recommended update for gcc12
Type	recommended
Severity	moderate
References

Description:

This update for gcc12 fixes the following issues:

Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204

* includes regression and other bug fixes

Speed up builds with --enable-link-serialization.

Update embedded newlib to version 4.2.0

Advisory ID	SUSE-SU-2023:2648-1
Released	Tue Jun 27 09:52:35 2023
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1201627,1207534,CVE-2022-4304

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534).

Update further expiring certificates that affect the testsuite (bsc#1201627).

Advisory ID	SUSE-RU-2023:2649-1
Released	Tue Jun 27 10:01:13 2023
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

update to 0.371:

Advisory ID	SUSE-RU-2023:2742-1
Released	Fri Jun 30 11:40:59 2023
Summary	Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper
Type	recommended
Severity	moderate
References	1202234,1209565,1211261,1212187,1212222

Description:

This update for yast2-pkg-bindings fixes the following issues:
libzypp was updated to version 17.31.14 (22):

Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins.
build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261)
targetos: Update help and man page (bsc#1211261)

yast2-pkg-bindings, autoyast:

Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)
Selected products are not installed after resetting the package manager internally (bsc#1202234)

yast2-update:

Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)

Advisory ID	SUSE-SU-2023:2765-1
Released	Mon Jul 3 20:28:14 2023
Summary	Security update for libcap
Type	security
Severity	moderate
References	1211418,1211419,CVE-2023-2602,CVE-2023-2603

Description:

This update for libcap fixes the following issues:

CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).

Advisory ID	SUSE-RU-2023:2772-1
Released	Tue Jul 4 09:54:23 2023
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1211261,1212187,1212222

Description:

This update for libzypp, zypper fixes the following issues:
libzypp was updated to version 17.31.14 (22):

Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins.
build: honor libproxy.pc's includedir (bsc#1212222)

zypper was updated to version 1.14.61:

targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261)
targetos: Update help and man page (bsc#1211261)

Advisory ID	SUSE-RU-2023:2800-1
Released	Mon Jul 10 07:35:22 2023
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1212623

Description:

This update for openssl-1_1 fixes the following issues:

Check the OCSP RESPONSE in openssl s_client command and terminate connection if a revoked certificate is found. [bsc#1212623]

Advisory ID	SUSE-RU-2023:2827-1
Released	Fri Jul 14 11:27:47 2023
Summary	Recommended update for libxml2
Type	recommended
Severity	moderate
References

Description:

This update for libxml2 fixes the following issues:

Build also for modern python version (jsc#PED-68)

Advisory ID	SUSE-RU-2023:2847-1
Released	Mon Jul 17 08:40:42 2023
Summary	Recommended update for audit
Type	recommended
Severity	moderate
References	1210004

Description:

This update for audit fixes the following issues:

Check for AF_UNIX unnamed sockets (bsc#1210004)
Enable livepatching on main library on x86_64

Advisory ID	SUSE-RU-2023:2855-1
Released	Mon Jul 17 16:35:21 2023
Summary	Recommended update for openldap2
Type	recommended
Severity	moderate
References	1212260

Description:

This update for openldap2 fixes the following issues:

libldap2 crashes on ldap_sasl_bind_s (bsc#1212260)

Advisory ID	SUSE-SU-2023:2877-1
Released	Wed Jul 19 09:43:42 2023
Summary	Security update for dbus-1
Type	security
Severity	moderate
References	1212126,CVE-2023-34969

Description:

This update for dbus-1 fixes the following issues:

CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).

Advisory ID	SUSE-SU-2023:2882-1
Released	Wed Jul 19 11:49:39 2023
Summary	Security update for perl
Type	security
Severity	important
References	1210999,CVE-2023-31484

Description:

This update for perl fixes the following issues:

- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).

Advisory ID	SUSE-RU-2023:2885-1
Released	Wed Jul 19 16:58:43 2023
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1208721,1209229,1211828

Description:

This update for glibc fixes the following issues:

getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235)
Exclude static archives from preparation for live patching (bsc#1208721)
resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527)

Advisory ID	SUSE-SU-2023:2891-1
Released	Wed Jul 19 21:14:33 2023
Summary	Security update for curl
Type	security
Severity	moderate
References	1213237,CVE-2023-32001

Description:

This update for curl fixes the following issues:

CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).

Advisory ID	SUSE-RU-2023:2918-1
Released	Thu Jul 20 12:00:17 2023
Summary	Recommended update for gpgme
Type	recommended
Severity	moderate
References	1089497

Description:

This update for gpgme fixes the following issues:
gpgme:

Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497)

libassuan:

Version upgrade to 2.5.5 in LTSS to address gpgme new requirements

Advisory ID	SUSE-SU-2023:2962-1
Released	Tue Jul 25 09:34:53 2023
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1213487,CVE-2023-3446

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).

Advisory ID	SUSE-RU-2023:3133-1
Released	Wed Aug 2 09:15:22 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	moderate
References	1175823,1179747,1195380,1201337,1204089,1207330,1207417,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update

Advisory ID	SUSE-SU-2023:3136-1
Released	Wed Aug 2 09:16:10 2023
Summary	Maintenance update for SUSE Manager 4.3.7 Release Notes
Type	security
Severity	critical
References	1175823,1179747,1195380,1201337,1204089,1207330,1207550,1207691,1207941,1208528,1208577,1208612,1208720,1208984,1209156,1210011,1210103,1210394,1210406,1210456,1210475,1210659,1210834,1210957,1210994,1211062,1211276,1211330,1211469,1211621,1211650,1211713,1211897,1211929,1212032,1212550,1212588,1212700,1212770,1212771,1213432,CVE-2023-2183,CVE-2023-2801,CVE-2023-3128

Description:

Maintenance update for SUSE Manager 4.3.7 Release Notes:
This is a codestream only update

SUSE-CU-2023:2047-1

Container Advisory ID	SUSE-CU-2023:2047-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.6 , suse/manager/4.3/proxy-httpd:4.3.6.9.31.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.31.1

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:868-1
Released	Wed Mar 22 09:41:01 2023
Summary	Security update for python3
Type	security
Severity	important
References	1203355,1208471,CVE-2023-24329

Description:

This update for python3 fixes the following issues:

CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).

The following non-security bug was fixed:

Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).

Advisory ID	SUSE-SU-2023:1582-1
Released	Mon Mar 27 10:31:52 2023
Summary	Security update for curl
Type	security
Severity	moderate
References	1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538

Description:

This update for curl fixes the following issues:

CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).

Advisory ID	SUSE-RU-2023:1585-1
Released	Mon Mar 27 11:03:32 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	moderate
References	1208540,1208772

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-SU-2023:1658-1
Released	Wed Mar 29 09:44:07 2023
Summary	Security update for apache2
Type	security
Severity	important
References	1207327,1208708,1209047,1209049,CVE-2023-25690,CVE-2023-27522

Description:

This update for apache2 fixes the following issues:

CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049).
CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047).

The following non-security bugs were fixed:

Fixed mod_proxy handling of very long urls (bsc#1207327)
Fixed passing health check does not recover worker from its error state (bsc#1208708).

Advisory ID	SUSE-RU-2023:1662-1
Released	Wed Mar 29 10:36:23 2023
Summary	Recommended update for patterns-base
Type	recommended
Severity	moderate
References	1203537

Description:

This update for patterns-base fixes the following issues:

change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)

Advisory ID	SUSE-SU-2023:1688-1
Released	Wed Mar 29 18:19:10 2023
Summary	Security update for zstd
Type	security
Severity	moderate
References	1209533,CVE-2022-4899

Description:

This update for zstd fixes the following issues:

CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).

Advisory ID	SUSE-SU-2023:1718-1
Released	Fri Mar 31 15:47:34 2023
Summary	Security update for glibc
Type	security
Severity	moderate
References	1207571,1207957,1207975,1208358,CVE-2023-0687

Description:

This update for glibc fixes the following issues:
Security issue fixed:

CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)

Other issues fixed:

Fix avx2 strncmp offset compare condition check (bsc#1208358)
elf: Allow dlopen of filter object to work (bsc#1207571)
powerpc: Fix unrecognized instruction errors with recent GCC
x86: Cache computation for AMD architecture (bsc#1207957)

Advisory ID	SUSE-SU-2023:1745-1
Released	Tue Apr 4 09:05:23 2023
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1209624,CVE-2023-0464

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).

Advisory ID	SUSE-RU-2023:1753-1
Released	Tue Apr 4 11:55:00 2023
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References

Description:

This update for systemd-presets-common-SUSE fixes the following issue:

Enable systemd-pstore.service by default (jsc#PED-2663)

Advisory ID	SUSE-RU-2023:1779-1
Released	Thu Apr 6 08:16:58 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References	1208432

Description:

This update for systemd fixes the following issues:

Fix return non-zero value when disabling SysVinit service (bsc#1208432)
Drop build requirement on libpci, it's not no longer needed
Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers

Advisory ID	SUSE-RU-2023:1805-1
Released	Tue Apr 11 10:12:41 2023
Summary	Recommended update for timezone
Type	recommended
Severity	important
References

Description:

This update for timezone fixes the following issues:

Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later.

Advisory ID	SUSE-SU-2023:1911-1
Released	Wed Apr 19 13:02:33 2023
Summary	Security update for openssl-1_1
Type	security
Severity	moderate
References	1209873,1209878,CVE-2023-0465,CVE-2023-0466

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).

Advisory ID	SUSE-RU-2023:1916-1
Released	Wed Apr 19 16:17:58 2023
Summary	Recommended update for sles-release
Type	recommended
Severity	low
References	1208529

Description:

This update for sles-release fixes the following issue:

Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529)

Advisory ID	SUSE-RU-2023:1920-1
Released	Wed Apr 19 16:22:58 2023
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Update pci, usb and vendor ids

Advisory ID	SUSE-RU-2023:1938-1
Released	Thu Apr 20 18:44:53 2023
Summary	Recommended update for NetworkManager
Type	recommended
Severity	low
References	1194715,1204549,1205529

Description:

This update for NetworkManager fixes the following issue:

Adds missing NetworkManager and dependencies to Micro 5.3 (bsc#1204549, bsc#1205529)
rp-pppoe: replace deprecated ifconfig dependency with iproute2. (bsc#1194715, jsc#SLE-24004)

Advisory ID	SUSE-SU-2023:2053-1
Released	Thu Apr 27 11:31:08 2023
Summary	Security update for libxml2
Type	security
Severity	moderate
References	1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469

Description:

This update for libxml2 fixes the following issues:

CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).

The following non-security bug was fixed:

Remove unneeded dependency (bsc#1209918).

Advisory ID	SUSE-SU-2023:2060-1
Released	Thu Apr 27 17:04:25 2023
Summary	Security update for glib2
Type	security
Severity	moderate
References	1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180

Description:

This update for glib2 fixes the following issues:

CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).

The following non-security bug was fixed:

Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).

Advisory ID	SUSE-SU-2023:2066-1
Released	Fri Apr 28 13:54:17 2023
Summary	Security update for shadow
Type	security
Severity	moderate
References	1210507,CVE-2023-29383

Description:

This update for shadow fixes the following issues:

CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).

Advisory ID	SUSE-RU-2023:2104-1
Released	Thu May 4 21:05:30 2023
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1209122

Description:

This update for procps fixes the following issue:

Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122)

Advisory ID	SUSE-SU-2023:2111-1
Released	Fri May 5 14:34:00 2023
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1210434,CVE-2023-29491

Description:

This update for ncurses fixes the following issues:

CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

Advisory ID	SUSE-RU-2023:2133-1
Released	Tue May 9 13:37:10 2023
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1206513

Description:

This update for zlib fixes the following issues:

Add DFLTCC support for using inflate() with a small window (bsc#1206513)

Advisory ID	SUSE-feature-2023:2192-1
Released	Fri May 12 12:49:02 2023
Summary	Feature update for python311, python311-pip, python311-setuptools
Type	feature
Severity	moderate
References

Description:

This release of python311, python311-pip, python311-setuptools adds the following feature:

Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634)

Advisory ID	SUSE-RU-2023:2216-1
Released	Tue May 16 11:27:50 2023
Summary	Recommended update for python-packaging
Type	recommended
Severity	important
References	1186870,1199282

Description:

This update for python-packaging fixes the following issues:

Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

Add patch to fix testsuite on big-endian targets
Ignore python3.6.2 since the test doesn't support it.
update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake

update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo

Add Provides: for python*dist(packaging). (bsc#1186870)

add no-legacyversion-warning.patch to restore compatibility with 20.4

update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``

update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string.

update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names.

Advisory ID	SUSE-SU-2023:2224-1
Released	Wed May 17 09:53:54 2023
Summary	Security update for curl
Type	security
Severity	important
References	1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322

Description:

This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)

CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
CVE-2023-28320: siglongjmp race condition (bsc#1211231).
CVE-2023-28321: IDN wildcard matching (bsc#1211232).
CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).

Advisory ID	SUSE-RU-2023:2240-1
Released	Wed May 17 19:56:54 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References	1203141,1207410

Description:

This update for systemd fixes the following issues:

udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141)
Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626)

Advisory ID	SUSE-RU-2023:2245-1
Released	Thu May 18 17:01:47 2023
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1127591,1195633,1208329,1209406,1210870

Description:

This update for libzypp, zypper fixes the following issues:

Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633)
multicurl: propagate ssl settings stored in repo url (bsc#1127591)
MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870)
zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329)
Teach MediaNetwork to retry on HTTP2 errors.
Fix selecting installed patterns from picklist (bsc#1209406)
man: better explanation of --priority

Advisory ID	SUSE-RU-2023:2307-1
Released	Mon May 29 10:29:49 2023
Summary	Recommended update for kbd
Type	recommended
Severity	low
References	1210702

Description:

This update for kbd fixes the following issue:

Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702)

Advisory ID	SUSE-RU-2023:2317-1
Released	Tue May 30 14:01:22 2023
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1210164

Description:

This update for util-linux fixes the following issue:

Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164)

Advisory ID	SUSE-RU-2023:2333-1
Released	Wed May 31 09:01:28 2023
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1210593

Description:

This update for zlib fixes the following issue:

Fix function calling order to avoid crashes (bsc#1210593)

Advisory ID	SUSE-RU-2023:2341-1
Released	Thu Jun 1 11:31:27 2023
Summary	Recommended update for libsigc++2
Type	recommended
Severity	moderate
References	1209094,1209140

Description:

This update for libsigc++2 fixes the following issues:

Remove executable permission for file (bsc#1209094, bsc#1209140)

Advisory ID	SUSE-SU-2023:2342-1
Released	Thu Jun 1 11:34:20 2023
Summary	Security update for openssl-1_1
Type	security
Severity	important
References	1211430,CVE-2023-2650

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).

Advisory ID	SUSE-SU-2023:2484-1
Released	Mon Jun 12 08:49:58 2023
Summary	Security update for openldap2
Type	security
Severity	moderate
References	1211795,CVE-2023-2953

Description:

This update for openldap2 fixes the following issues:

CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).

Advisory ID	SUSE-RU-2023:2495-1
Released	Tue Jun 13 15:05:27 2023
Summary	Recommended update for libzypp
Type	recommended
Severity	important
References	1211661,1212187

Description:

This update for libzypp fixes the following issues:

Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187]
Do not unconditionally release a medium if provideFile failed. [bsc#1211661]

Advisory ID	SUSE-SU-2023:2517-1
Released	Thu Jun 15 07:09:52 2023
Summary	Security update for python3
Type	security
Severity	moderate
References	1203750,1211158,CVE-2007-4559

Description:

This update for python3 fixes the following issues:

CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).

Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).

Advisory ID	SUSE-RU-2023:2550-1
Released	Mon Jun 19 17:51:21 2023
Summary	Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings
Type	recommended
Severity	moderate
References	1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189

Description:

This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel.
yast2-pkg-bindings:

Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565)

autoyast2:

Selected products are not installed after resetting the package manager internally (bsc#1202234)

libyui:

Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354)
Fixed loading icons from an absolute path (bsc#1210591)
Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112)
Force messages from .ui file through our translation mechanism (bsc#1198097)

Advisory ID	SUSE-RU-2023:2566-1
Released	Wed Jun 21 13:19:32 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	moderate
References	1201063,1203599,1204089,1204270,1204900,1205600,1206060,1206191,1206423,1206725,1206783,1207063,1207595,1207814,1207829,1207830,1208288,1208321,1208427,1208522,1208536,1208540,1208550,1208586,1208661,1208687,1208719,1208772,1208965,1209119,1209143,1209149,1209215,1209220,1209231,1209253,1209277,1209386,1209395,1209434,1209508,1209557,1209926,1209938,1209993,1210086,1210094,1210101,1210107,1210154,1210162,1210349,1210437,1210458,1210776,1210835,1211956,1211958,1212363,CVE-2023-22644

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update

Advisory ID	SUSE-RU-2023:2592-1
Released	Wed Jun 21 14:33:51 2023
Summary	Maintenance update for SUSE Manager 4.3.6 Release Notes
Type	recommended
Severity	important
References	1201063,1203599,1204089,1204270,1204900,1205600,1206060,1206191,1206423,1206725,1206783,1207063,1207595,1207814,1207829,1207830,1208046,1208288,1208321,1208427,1208522,1208536,1208540,1208550,1208586,1208661,1208687,1208719,1208772,1209143,1209149,1209215,1209220,1209231,1209253,1209277,1209386,1209395,1209434,1209508,1209557,1209926,1209938,1209993,1210086,1210094,1210101,1210107,1210154,1210162,1210349,1210437,1210458,1210776,1210835,1211958,1212096,1212363,1212516,CVE-2022-46146,CVE-2023-22644

Description:

Maintenance update for SUSE Manager 4.3.6 Release Notes:
This is a codestream only update

SUSE-CU-2023:738-1

Container Advisory ID	SUSE-CU-2023:738-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.5 , suse/manager/4.3/proxy-httpd:4.3.5.9.28.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.28.2

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:389-1
Released	Mon Feb 13 09:41:49 2023
Summary	Security update for apr-util
Type	security
Severity	critical
References	1207866,CVE-2022-25147

Description:

This update for apr-util fixes the following issues:

CVE-2022-25147: Fixed a buffer overflow possible with specially crafted input during base64 encoding (bsc#1207866)

Advisory ID	SUSE-SU-2023:429-1
Released	Wed Feb 15 17:41:22 2023
Summary	Security update for curl
Type	security
Severity	important
References	1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916

Description:

This update for curl fixes the following issues:

CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).

Advisory ID	SUSE-RU-2023:464-1
Released	Mon Feb 20 18:11:37 2023
Summary	Recommended update for systemd
Type	recommended
Severity	moderate
References

Description:

This update for systemd fixes the following issues:

Merge of v249.15
Drop workaround related to systemd-timesyncd that addressed a Factory issue.
Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE).
Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively.
machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package.
Make sure we apply the presets on units shipped by systemd package.
systemd-testsuite: move the integration tests in a dedicated sub directory.
Move systemd-cryptenroll into udev package.

Advisory ID	SUSE-SU-2023:549-1
Released	Mon Feb 27 17:35:07 2023
Summary	Security update for python3
Type	security
Severity	moderate
References	1205244,1208443,CVE-2022-45061

Description:

This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
Bugfixes:
- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).

Advisory ID	SUSE-RU-2023:563-1
Released	Tue Feb 28 10:51:46 2023
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1207994

Description:

This update for openssl-1_1 fixes the following issues:

FIPS: Serialize jitterentropy calls to avoid thread safety issues [bsc#1207994]

Advisory ID	SUSE-RU-2023:617-1
Released	Fri Mar 3 16:49:06 2023
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References	1207789

Description:

This update for jitterentropy fixes the following issues:

build jitterentropy library with debuginfo (bsc#1207789)

Advisory ID	SUSE-RU-2023:709-1
Released	Fri Mar 10 16:04:41 2023
Summary	Recommended update for console-setup
Type	recommended
Severity	moderate
References	1202853

Description:

This update for console-setup and kbd fixes the following issue:

Fix Caps_Lock mapping for us.map and others (bsc#1202853)

Advisory ID	SUSE-RU-2023:714-1
Released	Mon Mar 13 10:53:25 2023
Summary	Recommended update for rpm
Type	recommended
Severity	important
References	1207294

Description:

This update for rpm fixes the following issues:

Fix missing python(abi) for 3.XX versions (bsc#1207294)

Advisory ID	SUSE-SU-2023:722-1
Released	Tue Mar 14 14:57:15 2023
Summary	Security update for python-cryptography
Type	security
Severity	moderate
References	1208036,CVE-2023-23931

Description:

This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).

Advisory ID	SUSE-RU-2023:776-1
Released	Thu Mar 16 17:29:23 2023
Summary	Recommended update for gcc12
Type	recommended
Severity	moderate
References

Description:

This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes

This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools.
To use gcc12 compilers use:

install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html

Advisory ID	SUSE-RU-2023:782-1
Released	Thu Mar 16 19:08:34 2023
Summary	Recommended update for libgcrypt
Type	recommended
Severity	moderate
References	1208924,1208925,1208926

Description:

This update for libgcrypt fixes the following issues:

FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
FIPS: PBKDF2: Added additional checks for the minimum key length, salt length, iteration count and passphrase length to the kdf FIPS indicator in _gcry_fips_indicator_kdf() [bsc#1208926]

Advisory ID	SUSE-RU-2023:783-1
Released	Thu Mar 16 19:09:03 2023
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1208998

Description:

This update for openssl-1_1 fixes the following issues:
FIPS: Service-level indicator changes [bsc#1208998]

Add additional checks required by FIPS 140-3. Minimum values for PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for iteration count and 20 characters for password.

Advisory ID	SUSE-RU-2023:788-1
Released	Thu Mar 16 19:37:59 2023
Summary	Recommended update for libsolv, libzypp, zypper
Type	recommended
Severity	important
References	1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949

Description:

This update for libsolv, libzypp, zypper fixes the following issues:
libsolv:

Do not autouninstall SUSE PTF packages
Ensure 'duplinvolvedmap_all' is reset when a solver is reused
Fix 'keep installed' jobs not disabling 'best update' rules
New '-P' and '-W' options for `testsolv`
New introspection interface for weak dependencies similar to ruleinfos
Ensure special case file dependencies are written correctly in the testcase writer
Support better info about alternatives
Support decision reason queries
Support merging of related decisions
Support stringification of multiple solvables
Support stringification of ruleinfo, decisioninfo and decision reasons

libzypp:

Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233)
Avoid redirecting 'history.logfile=/dev/null' into the target
Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
Enhance yaml-cpp detection
Improve download of optional files
MultiCurl: Make sure to reset the progress function when falling back.
Properly reset range requests (bsc#1204548)
Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version.
Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls.
Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side.
ProgressData: enforce reporting the INIT||END state (bsc#1206949)
ps: fix service detection on newer Tumbleweed systems (bsc#1205636)

zypper:

Allow to (re)add a service with the same URL (bsc#1203715)
Bump dependency requirement to libzypp-devel 17.31.7 or greater
Explain outdatedness of repositories
patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions.
Update man page and explain '.no_auto_prune' (bsc#1204956)

Advisory ID	SUSE-RU-2023:806-1
Released	Mon Mar 20 16:25:13 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	recommended
Severity	important
References	1201059,1204186,1205011,1205088,1205759,1206146,1206520,1206562,1206800,1206817,1206861,1206932,1206963,1206973,1206979,1206981,1207087,1207141,1207297,1207352,1207490,1207792,1207799,1207838,1207867,1207883,1208119,1208325,1208611,1208908,1209259,1209369

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

Advisory ID	SUSE-RU-2023:832-1
Released	Mon Mar 20 16:37:35 2023
Summary	Maintenance update for SUSE Manager 4.3.5 Release Notes
Type	recommended
Severity	important
References	1201059,1204186,1205011,1205088,1205759,1206146,1206520,1206562,1206800,1206817,1206861,1206932,1206963,1206973,1206979,1206981,1207087,1207141,1207297,1207352,1207490,1207792,1207799,1207838,1207867,1207883,1208119,1208325,1208611,1208908,1209259,1209369

Description:

Maintenance update for SUSE Manager 4.3.5 Release Notes:
This is a codestream only update

SUSE-CU-2023:331-1

Container Advisory ID	SUSE-CU-2023:331-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.4 , suse/manager/4.3/proxy-httpd:4.3.4.9.25.3 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.25.3

The following patches have been included in this update:

Advisory ID	SUSE-SU-2023:373-1
Released	Fri Feb 10 15:19:25 2023
Summary	Maintenance update for SUSE Manager 4.3.4 Release Notes
Type	security
Severity	important
References	1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415

Description:

Maintenance update for SUSE Manager 4.3.4 Release Notes:
This is a codestream only update

SUSE-CU-2023:330-1

Container Advisory ID	SUSE-CU-2023:330-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.4 , suse/manager/4.3/proxy-httpd:4.3.4.9.25.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.25.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2022:2136-1
Released	Mon Jun 20 13:45:31 2022
Summary	Recommended update for SUSE Manager 4.3 Release Notes
Type	recommended
Severity	low
References

Description:

This update for SUSE Manager 4.3 Release Notes provides the following additions:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.0.1 * Workarounds for some known issues.

Release notes for SUSE Manager proxy:

Update to SUSE Manager 4.3.0.1 * Workaround for an upgrade issue of SUSE Manager Proxy 4.2 based on JeOS image to 4.3.

Advisory ID	SUSE-RU-2022:3182-1
Released	Thu Sep 8 09:40:09 2022
Summary	Recommended update for SUSE Manager 4.3.1 Release Notes
Type	recommended
Severity	moderate
References	1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842

Description:

This update for SUSE Manager 4.3.1 Release Notes fixes the following issues:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.1 * GPG key handling in SUSE Manager * Disabling locally defined repositories * Bugs mentioned bsc#1172179, bsc#1179962, bsc#1186011, bsc#1187028, bsc#1191925, bsc#1194394, bsc#1195455, bsc#1198356, bsc#1198358, bsc#1198944, bsc#1199147, bsc#1199157, bsc#1199523, bsc#1199629, bsc#1199646, bsc#1199656, bsc#1199659, bsc#1199662, bsc#1199663, bsc#1199679, bsc#1199714, bsc#1199727, bsc#1199779, bsc#1199817, bsc#1199874, bsc#1199950, bsc#1199984, bsc#1199998, bsc#1200276, bsc#1200347, bsc#1200532, bsc#1200591, bsc#1200606, bsc#1200707, bsc#1201003, bsc#1201142, bsc#1201189, bsc#1201224, bsc#1201411, bsc#1201498, bsc#1201782, bsc#1201842

Release notes for SUSE Manager Proxy:

Update to SUSE Manager 4.3.1 * Bugs mentioned bsc#1199659, bsc#1199679, bsc#1200591, bsc#1201003, bsc#1201142

Advisory ID	SUSE-SU-2022:3761-1
Released	Wed Oct 26 10:58:50 2022
Summary	Security update for release-notes-susemanager, release-notes-susemanager-proxy
Type	security
Severity	moderate
References	1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129

Description:

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
Release notes for SUSE Manager:

Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611

Release notes for SUSE Manager Proxy:

Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585

Advisory ID	SUSE-RU-2022:4422-1
Released	Tue Dec 13 08:26:22 2022
Summary	Recommended update for SUSE Manager 4.3.3 Release Notes
Type	recommended
Severity	moderate
References	1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470

Description:

This update for SUSE Manager 4.3.3 Release Notes provides the following additions:
Release Notes for SUSE Manager: - Revision 4.3.3 - Bugs mentioned: bsc#1200169, bsc#1200296, bsc#1201476, bsc#1201606, bsc#1201607 bsc#1201788, bsc#1201893, bsc#1202093, bsc#1202217, bsc#1202785 bsc#1203283, bsc#1203451, bsc#1203532, bsc#1203580, bsc#1203588 bsc#1203599, bsc#1203611, bsc#1203633, bsc#1203685, bsc#1203698 bsc#1203884, bsc#1204029, bsc#1204061, bsc#1204195, bsc#1204437 bsc#1204444, bsc#1204517, bsc#1204519, bsc#1204541, bsc#1204651 bsc#1204699, bsc#1205212, bsc#1205339, bsc#1205470
Release Notes for SUSE Manager Proxy: - Revision 4.3.3 - Bugs mentioned: bsc#1201893, bsc#1203283, bsc#1204517, bsc#1205212, bsc#1205339

Advisory ID	SUSE-SU-2022:4597-1
Released	Wed Dec 21 10:13:11 2022
Summary	Security update for curl
Type	security
Severity	important
References	1206308,1206309,CVE-2022-43551,CVE-2022-43552

Description:

This update for curl fixes the following issues:

CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).

Advisory ID	SUSE-feature-2022:4601-1
Released	Wed Dec 21 12:23:59 2022
Summary	Feature update for GNOME 41
Type	feature
Severity	moderate
References	1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832

Description:

This update for GNOME 41 fixes the following issues:
atkmm1_6:

Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022

eog:

Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images

evince:

Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer

evolution:

Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235)

evolution-data-center:

Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated

folks:

Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests

gcr:

Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes

geocode-glib:

Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x

gjs:

Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks
Require xorg-x11-Xvfb for proper package build (bsc#1203274)

glib2:

Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2

gnome-control-center:

Fix the size of logo icon in About system (bsc#1200581)
Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks

gnome-desktop:

Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes

gnome-music:

Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL

gnome-remote-desktop:

Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation

gnome-session:

Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867)
Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882)

gnome-shell:

Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832)
Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard

gnome-software:

Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832)
Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line

gnome-terminal:

Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu

gnome-user-docs:

Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic

gspell:

Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements

gtkmm3:

Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command()

gtk-vnc:

Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors

gupnp-av:

Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream
Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library
Conflict with the wrongly provided libgupnp-av-1_0-2

gvfs:

Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login

libgsf:

Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available

libmediaart:

Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library

libnma:

Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status
New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel
Split out documentation files in own docs sub-package

libnotify:

Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings

libpeas:

Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed
Stop packaging the demo files/sub-package

librsvg:

Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths

libsecret:

Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice

mutter:

Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes

nautilus:

Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes

orca:

Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x

python-cairo:

Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo

python-gobject:

Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584)
Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module

trackers-python:

Allow system calls used by gstreamer (bsc#1196205)
Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls

vala:

Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning

xdg-desktop-portal-gnome:

Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal

Advisory ID	SUSE-SU-2022:4628-1
Released	Wed Dec 28 09:23:13 2022
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1206337,CVE-2022-46908

Description:

This update for sqlite3 fixes the following issues:

CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337).

Advisory ID	SUSE-SU-2022:4629-1
Released	Wed Dec 28 09:24:07 2022
Summary	Security update for systemd
Type	security
Severity	important
References	1200723,1205000,CVE-2022-4415

Description:

This update for systemd fixes the following issues:

CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).

Bug fixes:

Support by-path devlink for multipath nvme block devices (bsc#1200723).

Advisory ID	SUSE-RU-2023:25-1
Released	Thu Jan 5 09:51:41 2023
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:
Version update from 2022f to 2022g (bsc#1177460):

In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time.
Changes for pre-1996 northern Canada
Update to past DST transition in Colombia (1993), Singapore (1981)
'timegm' is now supported by default

Advisory ID	SUSE-RU-2023:45-1
Released	Mon Jan 9 10:32:26 2023
Summary	Recommended update for libxml2
Type	recommended
Severity	moderate
References	1204585

Description:

This update for libxml2 fixes the following issues:

Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz

Advisory ID	SUSE-RU-2023:46-1
Released	Mon Jan 9 10:35:21 2023
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Update pci, usb and vendor ids

Advisory ID	SUSE-RU-2023:48-1
Released	Mon Jan 9 10:37:54 2023
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1199467

Description:

This update for libtirpc fixes the following issues:

Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467)

Advisory ID	SUSE-RU-2023:50-1
Released	Mon Jan 9 10:42:21 2023
Summary	Recommended update for shadow
Type	recommended
Severity	moderate
References	1205502

Description:

This update for shadow fixes the following issues:

Fix issue with user id field that cannot be interpreted (bsc#1205502)

Advisory ID	SUSE-SU-2023:56-1
Released	Mon Jan 9 11:13:43 2023
Summary	Security update for libksba
Type	security
Severity	moderate
References	1206579,CVE-2022-47629

Description:

This update for libksba fixes the following issues:

CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579).

Advisory ID	SUSE-SU-2023:159-1
Released	Thu Jan 26 18:21:56 2023
Summary	Security update for python-setuptools
Type	security
Severity	moderate
References	1206667,CVE-2022-40897

Description:

This update for python-setuptools fixes the following issues:

CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667).

Advisory ID	SUSE-RU-2023:177-1
Released	Thu Jan 26 20:57:35 2023
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1194038,1205646

Description:

This update for util-linux fixes the following issues:

Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646).

Advisory ID	SUSE-RU-2023:178-1
Released	Thu Jan 26 20:58:21 2023
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1207182

Description:

This update for openssl-1_1 fixes the following issues:

FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]

Advisory ID	SUSE-RU-2023:181-1
Released	Thu Jan 26 21:55:43 2023
Summary	Recommended update for procps
Type	recommended
Severity	low
References	1206412

Description:

This update for procps fixes the following issues:

Improve memory handling/usage (bsc#1206412)
Make sure that correct library version is installed (bsc#1206412)

Advisory ID	SUSE-RU-2023:188-1
Released	Fri Jan 27 12:07:19 2023
Summary	Recommended update for zlib
Type	recommended
Severity	important
References	1203652

Description:

This update for zlib fixes the following issues:

Follow up fix for bug bsc#1203652 due to libxml2 issues

Advisory ID	SUSE-SU-2023:201-1
Released	Fri Jan 27 15:24:15 2023
Summary	Security update for systemd
Type	security
Severity	moderate
References	1204944,1205000,1207264,CVE-2022-4415

Description:

This update for systemd fixes the following issues:

CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000).

Non-security fixes:

Enabled the pstore service (jsc#PED-2663).
Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264).

Advisory ID	SUSE-SU-2023:311-1
Released	Tue Feb 7 17:36:32 2023
Summary	Security update for openssl-1_1
Type	security
Severity	important
References	1207533,1207534,1207536,1207538,CVE-2022-4304,CVE-2022-4450,CVE-2023-0215,CVE-2023-0286

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).

Advisory ID	SUSE-SU-2023:322-1
Released	Wed Feb 8 16:19:37 2023
Summary	Security update for apache2
Type	security
Severity	important
References	1207247,1207250,1207251,CVE-2006-20001,CVE-2022-36760,CVE-2022-37436

Description:

This update for apache2 fixes the following issues:

CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251).
CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250).
CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247).

Advisory ID	SUSE-SU-2023:345-1
Released	Fri Feb 10 15:06:27 2023
Summary	Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
Type	security
Severity	important
References	1172110,1195979,1200801,1202150,1203478,1203532,1203826,1204032,1204126,1204186,1204235,1204270,1204330,1204712,1204715,1204879,1204932,1205012,1205040,1205207,1205255,1205350,1205489,1205523,1205644,1205663,1205749,1205754,1205890,1205919,1205943,1205976,1206055,1206160,1206168,1206186,1206249,1206276,1206294,1206336,1206375,1206470,1206613,1206666,1206799,1207136,CVE-2022-1415

Description:

Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server
This is a codestream only update

SUSE-CU-2022:3373-1

Container Advisory ID	SUSE-CU-2022:3373-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.3 , suse/manager/4.3/proxy-httpd:4.3.3.9.22.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.22.1

The following patches have been included in this update:

SUSE-CU-2022:3372-1

Container Advisory ID	SUSE-CU-2022:3372-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.3 , suse/manager/4.3/proxy-httpd:4.3.3.9.22.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.22.1

The following patches have been included in this update:

Advisory ID	SUSE-RU-2022:3961-1
Released	Mon Nov 14 07:33:50 2022
Summary	Recommended update for zlib
Type	recommended
Severity	important
References	1203652

Description:

This update for zlib fixes the following issues:

Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)

Advisory ID	SUSE-RU-2022:3974-1
Released	Mon Nov 14 15:39:20 2022
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1201959,1204211

Description:

This update for util-linux fixes the following issues:

Fix file conflict during upgrade (bsc#1204211)
libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid.

Advisory ID	SUSE-SU-2022:3999-1
Released	Tue Nov 15 17:08:04 2022
Summary	Security update for systemd
Type	security
Severity	moderate
References	1204179,1204968,CVE-2022-3821

Description:

This update for systemd fixes the following issues:

CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).

Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428 * 0469b9f2bc pstore: do not try to load all known pstore modules * ad05f54439 pstore: Run after modules are loaded * ccad817445 core: Add trigger limit for path units * 281d818fe3 core/mount: also add default before dependency for automount mount units * ffe5b4afa8 logind: fix crash in logind on user-specified message string

Document udev naming scheme (bsc#1204179)
Make 'sle15-sp3' net naming scheme still available for backward compatibility reason

Advisory ID	SUSE-SU-2022:4010-1
Released	Wed Nov 16 11:07:36 2022
Summary	Security update for apache2-mod_wsgi
Type	security
Severity	moderate
References	1201634,CVE-2022-2255

Description:

This update for apache2-mod_wsgi fixes the following issues:

CVE-2022-2255: Hardened the trusted proxy header filter to avoid bypass. (bsc#1201634)

Advisory ID	SUSE-RU-2022:4019-1
Released	Wed Nov 16 15:44:20 2022
Summary	Recommended update for apparmor
Type	recommended
Severity	low
References	1202344

Description:

This update for apparmor fixes the following issues:

profiles: permit php-fpm pid files directly under run/ (bsc#1202344)

Advisory ID	SUSE-RU-2022:4062-1
Released	Fri Nov 18 09:05:07 2022
Summary	Recommended update for libusb-1_0
Type	recommended
Severity	moderate
References	1201590

Description:

This update for libusb-1_0 fixes the following issues:

Fix regression where some devices no longer work if they have a configuration value of 0 (bsc#1201590)

Advisory ID	SUSE-RU-2022:4063-1
Released	Fri Nov 18 09:07:50 2022
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References

Description:

This update for hwdata fixes the following issues:

Updated pci, usb and vendor ids

Advisory ID	SUSE-RU-2022:4066-1
Released	Fri Nov 18 10:43:00 2022
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1177460,1202324,1204649,1205156

Description:

This update for timezone fixes the following issues:
Update timezone version from 2022a to 2022f (bsc#1177460, bsc#1204649, bsc#1205156):

Mexico will no longer observe DST except near the US border
Chihuahua moves to year-round -06 on 2022-10-30
Fiji no longer observes DST
In vanguard form, GMT is now a Zone and Etc/GMT a link
zic now supports links to links, and vanguard form uses this
Simplify four Ontario zones
Fix a Y2438 bug when reading TZif data
Enable 64-bit time_t on 32-bit glibc platforms
Omit large-file support when no longer needed
Jordan and Syria switch from +02/+03 with DST to year-round +03
Palestine transitions are now Saturdays at 02:00
Simplify three Ukraine zones into one
Improve tzselect on intercontinental Zones
Chile's DST is delayed by a week in September 2022 (bsc#1202324)
Iran no longer observes DST after 2022
Rename Europe/Kiev to Europe/Kyiv
New `zic -R` command option
Vanguard form now uses %z

Advisory ID	SUSE-SU-2022:4081-1
Released	Fri Nov 18 15:40:46 2022
Summary	Security update for dpkg
Type	security
Severity	low
References	1199944,CVE-2022-1664

Description:

This update for dpkg fixes the following issues:

CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

Advisory ID	SUSE-RU-2022:4135-1
Released	Mon Nov 21 00:13:40 2022
Summary	Recommended update for libeconf
Type	recommended
Severity	moderate
References	1198165

Description:

This update for libeconf fixes the following issues:

Update to version 0.4.6+git - econftool: Parsing error: Reporting file and line nr. --delimeters=spaces accepting all kind of spaces for delimiter. - libeconf: Parse files correctly on space characters (1198165)

Update to version 0.4.5+git - econftool: New call 'syntax' for checking the configuration files only. Returns an error string with line number if error. New options '--comment' and '--delimeters'

Advisory ID	SUSE-SU-2022:4153-1
Released	Mon Nov 21 14:34:09 2022
Summary	Security update for krb5
Type	security
Severity	important
References	1205126,CVE-2022-42898

Description:

This update for krb5 fixes the following issues:

CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).

Advisory ID	SUSE-RU-2022:4198-1
Released	Wed Nov 23 13:15:04 2022
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References	1202750

Description:

This update for rpm fixes the following issues:

Strip critical bit in signature subpackage parsing
No longer deadlock DNF after pubkey import (bsc#1202750)

Advisory ID	SUSE-RU-2022:4212-1
Released	Thu Nov 24 15:53:48 2022
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1190651

Description:

This update for openssl-1_1 fixes the following issues:

FIPS: Mark PBKDF2 with key shorter than 112 bits as non-approved (bsc#1190651)
FIPS: Consider RSA siggen/sigver with PKCS1 padding also approved (bsc#1190651)
FIPS: Return the correct indicator for a given EC group order bits (bsc#1190651)

Advisory ID	SUSE-RU-2022:4256-1
Released	Mon Nov 28 12:36:32 2022
Summary	Recommended update for gcc12
Type	recommended
Severity	moderate
References

Description:

This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories.
To use gcc12 compilers use:

install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html

Advisory ID	SUSE-RU-2022:4262-1
Released	Tue Nov 29 05:45:23 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	important
References	1199074,1203216,1203482

Description:

This update for lvm2 fixes the following issues:

Fix terminated lvmlockd not clearing/adopting locks, leading to inability to start volume group (bsc#1203216)
Fix device-mapper rpm package versioning to prevent migration issues (bsc#1199074)
Fix lvmlockd to support sanlock (bsc#1203482)

Advisory ID	SUSE-SU-2022:4281-1
Released	Tue Nov 29 15:46:10 2022
Summary	Security update for python3
Type	security
Severity	important
References	1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454

Description:

This update for python3 fixes the following issues:

CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

Fixed a crash in the garbage collection (bsc#1188607).

Advisory ID	SUSE-RU-2022:4417-1
Released	Tue Dec 13 08:24:11 2022
Summary	Maintenance update for SUSE Manager 4.3: Server and Proxy
Type	recommended
Severity	moderate
References	1200169,1200296,1201476,1201606,1201607,1201788,1201893,1202093,1202217,1202785,1203283,1203451,1203532,1203580,1203588,1203599,1203611,1203633,1203685,1203698,1203884,1204029,1204061,1204195,1204437,1204444,1204517,1204519,1204541,1204651,1204699,1205212,1205339,1205470

Description:

Maintenance update for SUSE Manager 4.3: Server and Proxy:
This is a codestream only update

SUSE-CU-2022:2958-1

Container Advisory ID	SUSE-CU-2022:2958-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.14.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.14.2

The following patches have been included in this update:

SUSE-CU-2022:2957-1

Container Advisory ID	SUSE-CU-2022:2957-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.14.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.14.2

The following patches have been included in this update:

Advisory ID	SUSE-RU-2022:3910-1
Released	Tue Nov 8 13:05:04 2022
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References

Description:

This update for pam fixes the following issue:

Update pam_motd to the most current version. (PED-1712)

Advisory ID	SUSE-SU-2022:3922-1
Released	Wed Nov 9 09:03:33 2022
Summary	Security update for protobuf
Type	security
Severity	important
References	1194530,1203681,1204256,CVE-2021-22569,CVE-2022-1941,CVE-2022-3171

Description:

This update for protobuf fixes the following issues:

CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)

SUSE-CU-2022:2956-1

Container Advisory ID	SUSE-CU-2022:2956-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.13.2 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.13.2

The following patches have been included in this update:

SUSE-CU-2022:2955-1

Container Advisory ID	SUSE-CU-2022:2955-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.8 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.10.8

The following patches have been included in this update:

Advisory ID	SUSE-SU-2022:3785-1
Released	Wed Oct 26 20:20:19 2022
Summary	Security update for curl
Type	security
Severity	important
References	1204383,1204386,CVE-2022-32221,CVE-2022-42916

Description:

This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).

Advisory ID	SUSE-RU-2022:3787-1
Released	Thu Oct 27 04:41:09 2022
Summary	Recommended update for permissions
Type	recommended
Severity	important
References	1194047,1203911

Description:

This update for permissions fixes the following issues:

Fix regression introduced by backport of security fix (bsc#1203911)
Add permissions for enlightenment helper on 32bit arches (bsc#1194047)

Advisory ID	SUSE-SU-2022:3806-1
Released	Thu Oct 27 17:21:11 2022
Summary	Security update for dbus-1
Type	security
Severity	important
References	1087072,1204111,1204112,1204113,CVE-2022-42010,CVE-2022-42011,CVE-2022-42012

Description:

This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111). - CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112). - CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).

Advisory ID	SUSE-RU-2022:3870-1
Released	Fri Nov 4 11:12:08 2022
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1190651,1202148

Description:

This update for openssl-1_1 fixes the following issues:

FIPS: Add a missing dependency on jitterentropy-devel for libopenssl-1_1-devel (bsc#1202148)
FIPS: OpenSSL service-level indicator: Allow AES XTS 256 (bsc#1190651)

Advisory ID	SUSE-SU-2022:3884-1
Released	Mon Nov 7 10:59:26 2022
Summary	Security update for expat
Type	security
Severity	important
References	1204708,CVE-2022-43680

Description:

This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).

SUSE-CU-2022:2727-1

Container Advisory ID	SUSE-CU-2022:2727-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.2 , suse/manager/4.3/proxy-httpd:4.3.2.9.10.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.10.1

The following patches have been included in this update:

Advisory ID	SUSE-RU-2022:2796-1
Released	Fri Aug 12 14:34:31 2022
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References

Description:

This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library, used by other FIPS libraries.

Advisory ID	SUSE-RU-2022:3127-1
Released	Wed Sep 7 04:36:10 2022
Summary	Recommended update for libtirpc
Type	recommended
Severity	moderate
References	1198752,1200800

Description:

This update for libtirpc fixes the following issues:

Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
Fix memory leak in params.r_addr assignement (bsc#1198752)

Advisory ID	SUSE-RU-2022:3215-1
Released	Thu Sep 8 15:58:27 2022
Summary	Recommended update for rpm
Type	recommended
Severity	moderate
References

Description:

This update for rpm fixes the following issues:

Support Ed25519 RPM signatures [jsc#SLE-24714]

Advisory ID	SUSE-RU-2022:3220-1
Released	Fri Sep 9 04:30:52 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1199895,1200993,1201092,1201576,1201638

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.

zypper:

Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
Reject install/remove modifier without argument (bsc#1201576)
zypper-download: Handle unresolvable arguments as errors
Put signing key supplying repository name in quotes

Advisory ID	SUSE-RU-2022:3262-1
Released	Tue Sep 13 15:34:29 2022
Summary	Recommended update for gcc11
Type	recommended
Severity	moderate
References	1199140

Description:

This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)

Advisory ID	SUSE-SU-2022:3271-1
Released	Wed Sep 14 06:45:39 2022
Summary	Security update for perl
Type	security
Severity	moderate
References	1047178,CVE-2017-6512

Description:

This update for perl fixes the following issues:

CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).

Advisory ID	SUSE-RU-2022:3304-1
Released	Mon Sep 19 11:43:25 2022
Summary	Recommended update for libassuan
Type	recommended
Severity	moderate
References

Description:

This update for libassuan fixes the following issues:

Add a timeout for writing to a SOCKS5 proxy
Add workaround for a problem with LD_LIBRARY_PATH on newer systems
Fix issue in the logging code
Fix some build trivialities
Upgrade autoconf

Advisory ID	SUSE-SU-2022:3305-1
Released	Mon Sep 19 11:45:57 2022
Summary	Security update for libtirpc
Type	security
Severity	important
References	1201680,CVE-2021-46828

Description:

This update for libtirpc fixes the following issues:

CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).

Advisory ID	SUSE-SU-2022:3307-1
Released	Mon Sep 19 13:26:51 2022
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737

Description:

This update for sqlite3 fixes the following issues:

CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).

Advisory ID	SUSE-RU-2022:3328-1
Released	Wed Sep 21 12:48:56 2022
Summary	Recommended update for jitterentropy
Type	recommended
Severity	moderate
References	1202870

Description:

This update for jitterentropy fixes the following issues:

Hide the non-GNUC constructs that are library internal from the exported header, to make it usable in builds with strict C99 compliance. (bsc#1202870)

Advisory ID	SUSE-SU-2022:3353-1
Released	Fri Sep 23 15:23:40 2022
Summary	Security update for permissions
Type	security
Severity	moderate
References	1203018,CVE-2022-31252

Description:

This update for permissions fixes the following issues:

CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).

Advisory ID	SUSE-RU-2022:3452-1
Released	Wed Sep 28 12:13:43 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1201942

Description:

This update for glibc fixes the following issues:

Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
powerpc: Optimized memcmp for power10 (jsc#PED-987)

Advisory ID	SUSE-SU-2022:3489-1
Released	Sat Oct 1 13:35:24 2022
Summary	Security update for expat
Type	security
Severity	important
References	1203438,CVE-2022-40674

Description:

This update for expat fixes the following issues:

CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).

Advisory ID	SUSE-RU-2022:3521-1
Released	Tue Oct 4 14:18:56 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	critical
References	1198523

Description:

This update for lvm2 fixes the following issues:

Add additional check in the package to prevent removal of device-mapper library files during install (bsc#1198523)

Advisory ID	SUSE-SU-2022:3544-1
Released	Thu Oct 6 13:48:42 2022
Summary	Security update for python3
Type	security
Severity	important
References	1202624,CVE-2021-28861

Description:

This update for python3 fixes the following issues:

CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).

Advisory ID	SUSE-RU-2022:3551-1
Released	Fri Oct 7 17:03:55 2022
Summary	Recommended update for libgcrypt
Type	recommended
Severity	moderate
References	1182983,1190700,1191020,1202117

Description:

This update for libgcrypt fixes the following issues:

FIPS: Fixed gpg/gpg2 gets out of core handler in FIPS mode while typing Tab key to Auto-Completion. [bsc#1182983]

FIPS: Ported libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]

* Enable the jitter based entropy generator by default in random.conf * Update the internal jitterentropy to version 3.4.0

FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]

* Consider approved keylength greater or equal to 112 bits.

FIPS: Zeroize buffer and digest in check_binary_integrity() [bsc#1191020]

Advisory ID	SUSE-RU-2022:3555-1
Released	Mon Oct 10 14:05:12 2022
Summary	Recommended update for aaa_base
Type	recommended
Severity	important
References	1199492

Description:

This update for aaa_base fixes the following issues:

The wrapper rootsh is not a restricted shell. (bsc#1199492)

Advisory ID	SUSE-RU-2022:3564-1
Released	Tue Oct 11 16:15:57 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	critical
References	1189282,1201972,1203649

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
Remove migration code that is no longer needed (bsc#1203649)
Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined

zypper:

Fix contradiction in the man page: `--download-in-advance` option is the default behavior
Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
Fix tests to use locale 'C.UTF-8' rather than 'en_US'
Make sure 'up' respects solver related CLI options (bsc#1201972)
Remove unneeded code to compute the PPP status because it is now auto established
Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined

Advisory ID	SUSE-RU-2022:3663-1
Released	Wed Oct 19 19:05:21 2022
Summary	Recommended update for openssl-1_1
Type	recommended
Severity	moderate
References	1121365,1180995,1190651,1190653,1190888,1193859,1198471,1198472,1201293,1202148,1203046,1203069

Description:

This update for openssl-1_1 fixes the following issues:

FIPS: Default to RFC-7919 groups for genparam and dhparam
FIPS: list only FIPS approved digest and public key algorithms [bsc#1121365, bsc#1190888, bsc#1193859, bsc#1198471, bsc#1198472]
FIPS: Add KAT for the RAND_DRBG implementation [bsc#1203069]
FIPS: openssl: RAND api should call into FIPS DRBG [bsc#1201293] * The FIPS_drbg implementation is not FIPS validated anymore. To provide backwards compatibility for applications that need FIPS compliant RNG number generation and use FIPS_drbg_generate, this function was re-wired to call the FIPS validated DRBG instance instead through the RAND_bytes() call.
FIPS: Fix minor memory leaks by FIPS patch [bsc#1203046]
FIPS: OpenSSL: Port openssl to use jitterentropy [bsc#1202148, jsc#SLE-24941] libcrypto.so now requires libjitterentropy3 library.
FIPS: OpenSSL Provide a service-level indicator [bsc#1190651]
FIPS: Add zeroization of temporary variables to the hmac integrity function FIPSCHECK_verify(). [bsc#1190653]

Advisory ID	SUSE-RU-2022:3670-1
Released	Thu Oct 20 10:44:13 2022
Summary	Recommended update for zchunk
Type	recommended
Severity	moderate
References	1204244

Description:

This update for zchunk fixes the following issues:

Make sure to ship libzck1 to Micro 5.3 (bsc#1204244)

Advisory ID	SUSE-SU-2022:3683-1
Released	Fri Oct 21 11:48:39 2022
Summary	Security update for libksba
Type	security
Severity	critical
References	1204357,CVE-2022-3515

Description:

This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).

Advisory ID	SUSE-SU-2022:3692-1
Released	Fri Oct 21 16:15:07 2022
Summary	Security update for libxml2
Type	security
Severity	important
References	1204366,1204367,CVE-2022-40303,CVE-2022-40304

Description:

This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).

Advisory ID	SUSE-SU-2022:3750-1
Released	Wed Oct 26 10:45:25 2022
Summary	Maintenance update for SUSE Manager 4.3: Server and Proxy
Type	security
Severity	moderate
References	1191857,1195624,1196729,1197027,1198168,1198903,1199726,1200480,1200573,1200629,1201210,1201220,1201260,1201589,1201626,1201753,1201788,1201913,1201918,1202271,1202272,1202367,1202455,1202464,1202602,1202728,1202729,1202805,1202899,1203026,1203049,1203056,1203169,1203287,1203288,1203385,1203406,1203422,1203449,1203478,1203484,1203564,1203585,1203611,CVE-2021-41411,CVE-2021-42740,CVE-2021-43138,CVE-2022-0860,CVE-2022-31129

Description:

Maintenance update for SUSE Manager 4.3: Server and Proxy

SUSE-CU-2022:2149-1

Container Advisory ID	SUSE-CU-2022:2149-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.1 , suse/manager/4.3/proxy-httpd:4.3.1.9.7.1 , suse/manager/4.3/proxy-httpd:latest
Container Release	9.7.1

The following patches have been included in this update:

Advisory ID	SUSE-RU-2018:1332-1
Released	Tue Jul 17 09:01:19 2018
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1073299,1093392

Description:

This update for timezone provides the following fixes:

North Korea switches back from +0830 to +09 on 2018-05-05.
Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299)
yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392)

Advisory ID	SUSE-RU-2018:2463-1
Released	Thu Oct 25 14:48:34 2018
Summary	Recommended update for timezone, timezone-java
Type	recommended
Severity	moderate
References	1104700,1112310

Description:

This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:

Volgograd moves from +03 to +04 on 2018-10-28.
Fiji ends DST 2019-01-13, not 2019-01-20.
Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
Corrections to past timestamps of DST transitions
Use 'PST' and 'PDT' for Philippine time
minor code changes to zic handling of the TZif format
documentation updates

Other bugfixes:

Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)

Advisory ID	SUSE-RU-2018:2550-1
Released	Wed Oct 31 16:16:56 2018
Summary	Recommended update for timezone, timezone-java
Type	recommended
Severity	moderate
References	1113554

Description:

This update provides the latest time zone definitions (2018g), including the following change:

Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)

Advisory ID	SUSE-RU-2019:102-1
Released	Tue Jan 15 18:02:58 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1120402

Description:

This update for timezone fixes the following issues:

Update 2018i: São Tomé and Príncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090

Advisory ID	SUSE-RU-2019:790-1
Released	Thu Mar 28 12:06:17 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1130557

Description:

This update for timezone fixes the following issues:
timezone was updated 2019a:

Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
zic now has an -r option to limit the time range of output data

Advisory ID	SUSE-RU-2019:1815-1
Released	Thu Jul 11 07:47:55 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1140016

Description:

This update for timezone fixes the following issues:

Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation.

Advisory ID	SUSE-RU-2019:2762-1
Released	Thu Oct 24 07:08:44 2019
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1150451

Description:

This update for timezone fixes the following issues:

Fiji observes DST from 2019-11-10 to 2020-01-12.
Norfolk Island starts observing Australian-style DST.

Advisory ID	SUSE-RU-2020:1303-1
Released	Mon May 18 09:40:36 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1169582

Description:

This update for timezone fixes the following issues:

timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists.

Advisory ID	SUSE-RU-2020:1542-1
Released	Thu Jun 4 13:24:37 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1172055

Description:

This update for timezone fixes the following issue:

zdump --version reported 'unknown' (bsc#1172055)

Advisory ID	SUSE-RU-2020:3099-1
Released	Thu Oct 29 19:33:41 2020
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules.

Advisory ID	SUSE-RU-2020:3123-1
Released	Tue Nov 3 09:48:13 2020
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1177460,1178346,1178350,1178353

Description:

This update for timezone fixes the following issues:

Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)

Advisory ID	SUSE-RU-2021:179-1
Released	Wed Jan 20 13:38:51 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug.

timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug.

timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00.

Advisory ID	SUSE-RU-2021:301-1
Released	Thu Feb 4 08:46:27 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

Advisory ID	SUSE-RU-2021:2573-1
Released	Thu Jul 29 14:21:52 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1188127

Description:

This update for timezone fixes the following issue:

From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).

Advisory ID	SUSE-RU-2021:3883-1
Released	Thu Dec 2 11:47:07 2021
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)

Palestine will fall back 10-29 (not 10-30) at 01:00
Fiji suspends DST for the 2021/2022 season
'zic -r' marks unspecified timestamps with '-00'
Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
Refresh timezone info for china

Advisory ID	SUSE-RU-2022:1118-1
Released	Tue Apr 5 18:34:06 2022
Summary	Recommended update for timezone
Type	recommended
Severity	moderate
References	1177460

Description:

This update for timezone fixes the following issues:

timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data

Advisory ID	SUSE-RU-2022:1655-1
Released	Fri May 13 15:36:10 2022
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1197794

Description:

This update for pam fixes the following issue:

Do not include obsolete header files (bsc#1197794)

Advisory ID	SUSE-RU-2022:1658-1
Released	Fri May 13 15:40:20 2022
Summary	Recommended update for libpsl
Type	recommended
Severity	important
References	1197771

Description:

This update for libpsl fixes the following issues:

Fix libpsl compilation issues (bsc#1197771)

Advisory ID	SUSE-SU-2022:1670-1
Released	Mon May 16 10:06:30 2022
Summary	Security update for openldap2
Type	security
Severity	important
References	1199240,CVE-2022-29155

Description:

This update for openldap2 fixes the following issues:

CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).

Advisory ID	SUSE-SU-2022:1718-1
Released	Tue May 17 17:44:43 2022
Summary	Security update for e2fsprogs
Type	security
Severity	important
References	1198446,CVE-2022-1304

Description:

This update for e2fsprogs fixes the following issues:

CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446)

Advisory ID	SUSE-RU-2022:1887-1
Released	Tue May 31 09:24:18 2022
Summary	Recommended update for grep
Type	recommended
Severity	moderate
References	1040589

Description:

This update for grep fixes the following issues:

Make profiling deterministic. (bsc#1040589, SLE-24115)

Advisory ID	SUSE-RU-2022:1899-1
Released	Wed Jun 1 10:43:22 2022
Summary	Recommended update for libtirpc
Type	recommended
Severity	important
References	1198176

Description:

This update for libtirpc fixes the following issues:

Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)

Advisory ID	SUSE-RU-2022:2118-1
Released	Mon Jun 20 13:04:15 2022
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1181223,1190462,1193600,1196704,1197507,1197689

Description:

This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:

Adapted to build on Enterprise Linux.
Fix build for RedHat 7
Require Go >= 1.14 also for CentOS
Add support for CentOS
Replace %{?systemd_requires} with %{?systemd_ordering}

mgr-cfg:

Version 4.3.6-1 * Corrected source URL in spec file * Fix installation problem for SLE15SP4 due missing python-selinux * Fix python selinux package name depending on build target (bsc#1193600) * Do not build python 2 package for SLE15SP4 and higher * Remove unused legacy code

mgr-custom-info:

Version 4.3.3-1 * Remove unused legacy code

mgr-daemon:

Version 4.3.4-1 * Corrected source URLs in spec file. * Update translation strings

mgr-osad:

Version 4.3.6-1 * Corrected source URL in spec file. * Do not build python 2 package for SLE15SP4 and higher * Removed spacewalk-selinux dependencies. * Updated source url.

mgr-push:

Version 4.3.4-1 * Corrected source URLs in spec file.

mgr-virtualization:

Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher

prometheus-blackbox_exporter:

Enhanced to build on Enterprise Linux 8

prometheus-postgres_exporter:

Updated for RHEL8.

python-hwdata:

Require python macros for building

rhnlib:

Version 4.3.4-1 * Reorganize python files

spacecmd:

Version 4.3.11-1 * on full system update call schedulePackageUpdate API (bsc#1197507) * parse boolean paramaters correctly (bsc#1197689) * Add parameter to set containerized proxy SSH port * Add proxy config generation subcommand * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. * Include group formulas configuration in spacecmd group_backup and spacecmd group_restore. This changes backup format to json, previously used plain text is still supported for reading (bsc#1190462) * Update translation strings * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-client-tools:

Version 4.3.9-1 * Corrected source URLs in spec file. * do not build python 2 package for SLE15 * Remove unused legacy code * Update translation strings

spacewalk-koan:

Version 4.3.5-1 * Corrected source URLs in spec file.

spacewalk-oscap:

Version 4.3.5-1 * Corrected source URLs in spec file. * Do not build python 2 package for SLE15SP4 and higher

spacewalk-remote-utils:

Version 4.3.3-1 * Adapt the package for changes in rhnlib

supportutils-plugin-susemanager-client:

Version 4.3.2-1 * Add proxy containers config and logs

suseRegisterInfo:

Version 4.3.3-1 * Bump version to 4.3.0

supportutils-plugin-salt:

Add support for Salt Bundle

uyuni-common-libs:

Version 4.3.4-1 * implement more decompression algorithms for reposync (bsc#1196704) * Reorganize python files * Add decompression of zck files to fileutils

Advisory ID	SUSE-SU-2022:2294-1
Released	Wed Jul 6 13:34:15 2022
Summary	Security update for expat
Type	security
Severity	important
References	1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315

Description:

This update for expat fixes the following issues:

CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).

Advisory ID	SUSE-SU-2022:2302-1
Released	Wed Jul 6 13:37:15 2022
Summary	Security update for apache2
Type	security
Severity	important
References	1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813

Description:

This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338) - CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340) - CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341) - CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345) - CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350) - CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352) - CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)

Advisory ID	SUSE-SU-2022:2305-1
Released	Wed Jul 6 13:38:42 2022
Summary	Security update for curl
Type	security
Severity	important
References	1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208

Description:

This update for curl fixes the following issues:

CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)

Advisory ID	SUSE-SU-2022:2308-1
Released	Wed Jul 6 14:15:13 2022
Summary	Security update for openssl-1_1
Type	security
Severity	important
References	1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097

Description:

This update for openssl-1_1 fixes the following issues:

CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).

Advisory ID	SUSE-RU-2022:2323-1
Released	Thu Jul 7 12:16:58 2022
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	low
References

Description:

This update for systemd-presets-branding-SLE fixes the following issues:

Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)

Advisory ID	SUSE-RU-2022:2355-1
Released	Mon Jul 11 12:44:33 2022
Summary	Recommended update for python-cryptography
Type	recommended
Severity	moderate
References	1198331,CVE-2020-25659

Description:

This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:

BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte) initialization vectors. This change is to conform with an upcoming OpenSSL release that will no longer support sizes outside this window.
BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we now raise ValueError rather than UnsupportedAlgorithm when an unsupported cipher is used. This change is to conform with an upcoming OpenSSL release that will no longer distinguish between error types.
BACKWARDS INCOMPATIBLE: We no longer allow loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
Added the recover_data_from_signature() function to RSAPublicKey for recovering the signed data from an RSA signature.

Update to 3.2.1:
Disable blinding on RSA public keys to address an error with some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):

CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability.
Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.

update to 3.1:

**BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
``backend`` arguments to functions are no longer required and the default backend will automatically be selected if no ``backend`` is provided.
Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` .
Calling ``update`` or ``update_into`` on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data`` longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This also resolves the same issue in :doc:`/fernet`.

update to 3.0:

RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes).
X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until version is accessed.
Deprecated support for Python 2
Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: load_ssh_private_key() for loading and OpenSSH for writing.
Added support for OpenSSH certificates to load_ssh_public_key().
Added encrypt_at_time() and decrypt_at_time() to Fernet.
Added support for the SubjectInformationAccess X.509 extension.
Added support for parsing SignedCertificateTimestamps in OCSP responses.
Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
Added support for encoding attributes in certificate signing requests via add_attribute().
On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
Added initial support for creating PKCS12 files with serialize_key_and_certificates().

Update to 2.9:

BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden.
BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade.
BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format.
BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514.
Added support for parsing single_extensions in an OCSP response.
NameAttribute values can now be empty strings.

Advisory ID	SUSE-SU-2022:2357-1
Released	Mon Jul 11 20:34:20 2022
Summary	Security update for python3
Type	security
Severity	important
References	1198511,CVE-2015-20107

Description:

This update for python3 fixes the following issues:

CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).

Advisory ID	SUSE-RU-2022:2358-1
Released	Tue Jul 12 04:21:59 2022
Summary	Recommended update for augeas
Type	recommended
Severity	moderate
References	1197443

Description:

This update for augeas fixes the following issues:

Fix handling of keywords in new sysctl.conf (bsc#1197443)

Advisory ID	SUSE-SU-2022:2361-1
Released	Tue Jul 12 12:05:01 2022
Summary	Security update for pcre
Type	security
Severity	important
References	1199232,CVE-2022-1586

Description:

This update for pcre fixes the following issues:

CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)

Advisory ID	SUSE-SU-2022:2396-1
Released	Thu Jul 14 11:57:58 2022
Summary	Security update for logrotate
Type	security
Severity	important
References	1192449,1199652,1200278,1200802,CVE-2022-1348

Description:

This update for logrotate fixes the following issues:
Security issues fixed:

CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
Improved coredump handing for SUID binaries (bsc#1192449).

Non-security issues fixed:

Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).

Advisory ID	SUSE-RU-2022:2406-1
Released	Fri Jul 15 11:49:01 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1197718,1199140,1200334,1200855

Description:

This update for glibc fixes the following issues:

powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)

This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).

Advisory ID	SUSE-RU-2022:2469-1
Released	Thu Jul 21 04:38:31 2022
Summary	Recommended update for systemd
Type	recommended
Severity	important
References	1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276

Description:

This update for systemd fixes the following issues:

Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these directories are read by both udevd and systemd-networkd (bsc#1201276)
Allow control characters in environment variable values (bsc#1200170)
Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
Fix parsing error in s390 udev rules conversion script (bsc#1198732)
core/device: device_coldplug(): don't set DEVICE_DEAD
core/device: do not downgrade device state if it is already enumerated
core/device: drop unnecessary condition

Advisory ID	SUSE-feature-2022:2488-1
Released	Thu Jul 21 12:15:27 2022
Summary	Feature update for python-python-debian
Type	feature
Severity	moderate
References

Description:

This feature update for python-python-debian provides:

Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672)
Provide python-python-debian version 0.1.44 (jsc#SLE-24672) * Add support for zstd compression in .deb files * Use logging.warning rather than warnings for data problems. * Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package * Update packaging for zstd compressed .deb code * Annotate binutils build-dep with * Update Standards-Version to 4.6.1 * Various improvements to the round-trip-safe deb822 parser * Support the Files-Included field in debian/copyright * Fix URL for API documentation in README.rst * RTS parser: minor documentation fixes * Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5 * RTS parser: Handle leading tabs for setting values * RTS parser: Preserve original field case * RTS parser: Expose str type for keys in paragraphs * Use logging for warnings about data that's being read, rather than the warnings module * Fix type checks for mypy 0.910 * Silence lintian complaint about touching the dpkg database in the examples * Add RTS parser to setup.py so that it is installed. * Add copyright attribution for RTS parser * RTS parser: Accept tabs as continuation line marker * Interpretation: Preserve tab as continuation line if used * RTS parser: Make value interpretation tokenization consistent * RTS parser: Add interpretation for Uploaders field * Add contextmanager to DebFile * Added format/comment preserving deb822 parser as debian._deb822_repro. * Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields * In debian.changelog.get_maintainer, cope with unknown UIDs * Numerous enhancements to the deb822.BuildInfo class * Include portability patch for pwd module on Windows * Drop the deb822.BuildInfo.get_debian_suite function * Move re.compile calls out of functions * Revert unintended renaming of Changelog.get_version/set_version * Add a type for .buildinfo files (deb822.BuildInfo) * Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files * Permit single-character package names in dependency relationship specifications * Update to debhelper-compat (= 13) * Update examples to use #!/usr/bin/python3 * Fix tabs vs spaces in examples. * Provide accessor for source package version for binary packages * Allow debian_support.PackageFile to accept StringIO as well as BytesIO * Change handling of case-insensitive field names to allow Deb822 objects to be serialised * Add SHA265 support to handling of pdiffs * Add support for additional headers for merged pdiffs to PDiffIndex * Add a debian.watch module for parsing watch files * Prevent stripping of last newline in initial lines before changelog files * Add a Copyright.files_excluded field * Allow specifying allow_missing_author when reserializing changelog entries * Drop python2 support (from version 0.1.37) * Add Rules-Requires-Root: no * Parse Built-Using relationship fields * Extend Deb822 parser to allow underscores in the field name * Add accessors for Version objects from Deb822
Remove superfluous devel dependency for noarch package

Advisory ID	SUSE-RU-2022:2493-1
Released	Thu Jul 21 14:35:08 2022
Summary	Recommended update for rpm-config-SUSE
Type	recommended
Severity	moderate
References	1193282

Description:

This update for rpm-config-SUSE fixes the following issues:

Add SBAT values macros for other packages (bsc#1193282)

Advisory ID	SUSE-RU-2022:2494-1
Released	Thu Jul 21 15:16:42 2022
Summary	Recommended update for glibc
Type	recommended
Severity	important
References	1200855,1201560,1201640

Description:

This update for glibc fixes the following issues:

Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)

Advisory ID	SUSE-SU-2022:2546-1
Released	Mon Jul 25 14:43:22 2022
Summary	Security update for gpg2
Type	security
Severity	important
References	1196125,1201225,CVE-2022-34903

Description:

This update for gpg2 fixes the following issues:

CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)

Advisory ID	SUSE-SU-2022:2552-1
Released	Tue Jul 26 14:55:40 2022
Summary	Security update for libxml2
Type	security
Severity	important
References	1196490,1199132,CVE-2022-23308,CVE-2022-29824

Description:

This update for libxml2 fixes the following issues:
Update to 2.9.14:

CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).

Update to version 2.9.13:

CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)

Advisory ID	SUSE-RU-2022:2573-1
Released	Thu Jul 28 04:24:19 2022
Summary	Recommended update for libzypp, zypper
Type	recommended
Severity	moderate
References	1194550,1197684,1199042

Description:

This update for libzypp, zypper fixes the following issues:
libzypp:

appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
singletrans: no dry-run commit if doing just download-only
Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo.
Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER

zypper:

Basic JobReport for 'cmdout/monitor'
versioncmp: if verbose, also print the edition 'parts' which are compared
Make sure MediaAccess is closed on exception (bsc#1194550)
Display plus-content hint conditionally
Honor the NO_COLOR environment variable when auto-detecting whether to use color
Define table columns which should be sorted natural [case insensitive]
lr/ls: Use highlight color on name and alias as well

Advisory ID	SUSE-SU-2022:2632-1
Released	Wed Aug 3 09:51:00 2022
Summary	Security update for permissions
Type	security
Severity	important
References	1198720,1200747,1201385

Description:

This update for permissions fixes the following issues:

apptainer: fix starter-suid location (bsc#1198720)
static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
postfix: add postlog setgid for maildrop binary (bsc#1201385)

Advisory ID	SUSE-RU-2022:2640-1
Released	Wed Aug 3 10:43:44 2022
Summary	Recommended update for yaml-cpp
Type	recommended
Severity	moderate
References	1160171,1178331,1178332,1200624

Description:

This update for yaml-cpp fixes the following issue:

Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old ABI to prevent ABI breakage and crash of applications compiled with 0.6.1 (bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).

Advisory ID	SUSE-SU-2022:2717-1
Released	Tue Aug 9 12:54:16 2022
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1198627,CVE-2022-29458

Description:

This update for ncurses fixes the following issues:

CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

Advisory ID	SUSE-SU-2022:2866-1
Released	Mon Aug 22 15:36:30 2022
Summary	Security update for systemd-presets-common-SUSE
Type	security
Severity	moderate
References	1199524,1200485,CVE-2022-1706

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).

The following non-security bugs were fixed:

Modify branding-preset-states to fix systemd-presets-common-SUSE not enabling new user systemd service preset configuration just as it handles system service presets. By passing an (optional) second parameter 'user', the save/apply-changes commands now work with user services instead of system ones (bsc#1200485)

Add the wireplumber user service preset to enable it by default in SLE15-SP4 where it replaced pipewire-media-session, but keep pipewire-media-session preset so we don't have to branch the systemd-presets-common-SUSE package for SP4 (bsc#1200485)

Advisory ID	SUSE-RU-2022:2901-1
Released	Fri Aug 26 03:34:23 2022
Summary	Recommended update for elfutils
Type	recommended
Severity	moderate
References

Description:

This update for elfutils fixes the following issues:

Fix runtime dependency for devel package

Advisory ID	SUSE-RU-2022:2904-1
Released	Fri Aug 26 05:28:34 2022
Summary	Recommended update for openldap2
Type	recommended
Severity	moderate
References	1198341

Description:

This update for openldap2 fixes the following issues:

Prevent memory reuse which may lead to instability (bsc#1198341)

Advisory ID	SUSE-RU-2022:2920-1
Released	Fri Aug 26 15:17:02 2022
Summary	Recommended update for systemd
Type	recommended
Severity	important
References	1195059,1201795

Description:

This update for systemd fixes the following issues:

Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
Drop or soften some of the deprecation warnings (jsc#PED-944)
Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
analyze: Fix offline check for syscal filter
calendarspec: Fix timer skipping the next elapse
core: Allow command argument to be longer
hwdb: Add AV production controllers to hwdb and add uaccess
hwdb: Allow console users access to rfkill
hwdb: Allow end-users root-less access to TL866 EPROM readers
hwdb: Permit unsetting power/persist for USB devices
hwdb: Tag IR cameras as such
hwdb: Fix parsing issue
hwdb: Make usb match patterns uppercase
hwdb: Update the hardware database
journal-file: Stop using the event loop if it's already shutting down
journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
journald: Ensure resources are properly allocated for SIGTERM handling
kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
macro: Account for negative values in DECIMAL_STR_WIDTH()
manager: Disallow clone3() function call in seccomp filters
missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
resolve: Fix typo in dns_class_is_pseudo()
sd-event: Improve handling of process events and termination of processes
sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
stdio-bridge: Improve the meaning of the error message
tmpfiles: Check for the correct directory

Advisory ID	SUSE-RU-2022:2929-1
Released	Mon Aug 29 11:21:47 2022
Summary	Recommended update for timezone
Type	recommended
Severity	important
References	1202310

Description:

This update for timezone fixes the following issue:

Reflect new Chile DST change (bsc#1202310)

Advisory ID	SUSE-RU-2022:2944-1
Released	Wed Aug 31 05:39:14 2022
Summary	Recommended update for procps
Type	recommended
Severity	important
References	1181475

Description:

This update for procps fixes the following issues:

Fix 'free' command reporting misleading 'used' value (bsc#1181475)

Advisory ID	SUSE-SU-2022:2947-1
Released	Wed Aug 31 09:16:21 2022
Summary	Security update for zlib
Type	security
Severity	important
References	1202175,CVE-2022-37434

Description:

This update for zlib fixes the following issues:

CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).

Advisory ID	SUSE-RU-2022:2977-1
Released	Thu Sep 1 12:30:19 2022
Summary	Recommended update for util-linux
Type	recommended
Severity	moderate
References	1197178,1198731

Description:

This update for util-linux fixes the following issues:

agetty: Resolve tty name even if stdin is specified (bsc#1197178)
libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)

Advisory ID	SUSE-SU-2022:3003-1
Released	Fri Sep 2 15:01:44 2022
Summary	Security update for curl
Type	security
Severity	low
References	1202593,CVE-2022-35252

Description:

This update for curl fixes the following issues:

CVE-2022-35252: Fixed a potential injection of control characters into cookies, which could be exploited by sister sites to cause a denial of service (bsc#1202593).

Advisory ID	SUSE-RU-2022:3021-1
Released	Mon Sep 5 11:57:55 2022
Summary	Recommended update for python-dmidecode
Type	recommended
Severity	moderate
References	1194351

Description:

This update for python-dmidecode fixes the following issues:

Fixed memory map size for 'Type Detail' (bsc#1194351)
Use update-alternatives mechanism instead of shared subpackage.
Realign the spec file for python singlespec

Advisory ID	SUSE-RU-2022:3022-1
Released	Mon Sep 5 15:16:02 2022
Summary	Recommended update for python-pyOpenSSL
Type	recommended
Severity	moderate
References	1200771

Description:

This update for python-pyOpenSSL fixes the following issues:

Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).

python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):

The minimum ``cryptography`` version is now 3.3.
Raise an error when an invalid ALPN value is set.
Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.

Advisory ID	SUSE-RU-2022:3118-1
Released	Tue Sep 6 15:43:53 2022
Summary	Recommended update for lvm2
Type	recommended
Severity	moderate
References	1202011

Description:

This update for lvm2 fixes the following issues:

Do not use udev for device listing or device information (bsc#1202011)

Advisory ID	SUSE-RU-2022:3135-1
Released	Wed Sep 7 08:39:31 2022
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1200110

Description:

This update for hwdata fixes the following issue:

Update pci, usb and vendor ids to version 0.360 (bsc#1200110)

Advisory ID	SUSE-SU-2022:3178-1
Released	Thu Sep 8 09:35:05 2022
Summary	Important security update for SUSE Manager Client Tools
Type	security
Severity	important
References	1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620

Description:

This update fixes the following issues:
ansible:

Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

Require e2fsprogs (bsc#1202614)
Update to version 0.1.1657643023.0d694ce * Update dracut-saltboot dependencies (bsc#1200970) * Fix network loading when ipappend is used in pxe config * Add new information messages

golang-github-QubitProducts-exporter_exporter:

Remove license file from %doc

mgr-daemon:

Version 4.3.5-1 * Update translation strings

mgr-virtualization:

Version 4.3.6-1 * Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

Exclude s390 arch

python-hwdata:

Declare the LICENSE file as license and not doc

spacecmd:

Version 4.3.14-1 * Fix missing argument on system_listmigrationtargets (bsc#1201003) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591) * Change proxy container config default filename to end with tar.gz * Update translation strings

spacewalk-client-tools:

Version 4.3.11-1 * Update translation strings

uyuni-common-libs:

Version 4.3.5-1 * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

Version 4.3.6-1 * Expose port 80 (bsc#1200142) * Use volumes rather than bind mounts * TFTPD to listen on udp port (bsc#1200968) * Add TAG variable in configuration * Fix containers namespaces in configuration

zypp-plugin-spacewalk:

1.0.13 * Log in before listing channels. (bsc#1197963, bsc#1193585)

Advisory ID	SUSE-SU-2022:3194-1
Released	Thu Sep 8 10:04:36 2022
Summary	Security update for SUSE Manager 4.3: Server and Proxy
Type	security
Severity	moderate
References	1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842,1202724,CVE-2022-31248

Description:

Security update for SUSE Manager 4.3: Server and Proxy

SUSE-CU-2022:1338-1

Container Advisory ID	SUSE-CU-2022:1338-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.0 , suse/manager/4.3/proxy-httpd:4.3.0.7.11 , suse/manager/4.3/proxy-httpd:latest
Container Release	7.11

The following patches have been included in this update:

Advisory ID	SUSE-RU-2022:1851-1
Released	Thu May 26 08:59:55 2022
Summary	Recommended update for gcc8
Type	recommended
Severity	moderate
References	1197716

Description:

This update for gcc8 fixes the following issues:

Fix build against SP4. (bsc#1197716)
Remove bogus fixed include bits/statx.h from glibc 2.30 (bsc#1197716)

Advisory ID	SUSE-RU-2022:1909-1
Released	Wed Jun 1 16:25:35 2022
Summary	Recommended update for glibc
Type	recommended
Severity	moderate
References	1198751

Description:

This update for glibc fixes the following issues:

Add the correct name for the IBM Z16 (bsc#1198751).

Advisory ID	SUSE-SU-2022:1925-1
Released	Thu Jun 2 14:35:20 2022
Summary	Security update for patch
Type	security
Severity	moderate
References	1080985,1111572,1142041,1198106,CVE-2018-6952,CVE-2019-13636

Description:

This update for patch fixes the following issues:
Security issues fixed:

CVE-2019-13636: Fixed follow symlinks unless --follow-symlinks is given. This increases the security against malicious patches (bsc#1142041).
CVE-2018-6952: Fixed swapping fakelines in pch_swap. This bug was causing a double free leading to a crash (bsc#1080985).

Bugfixes:

Abort when cleaning up fails. This bug could cause an infinite loop when a patch wouldn't apply, leading to a segmentation fault (bsc#1111572).
Pass the correct stat to backup files. This bug would occasionally cause backup files to be missing when all hunks failed to apply (bsc#1198106).

Advisory ID	SUSE-RU-2022:2019-1
Released	Wed Jun 8 16:50:07 2022
Summary	Recommended update for gcc11
Type	recommended
Severity	moderate
References	1192951,1193659,1195283,1196861,1197065

Description:

This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.

includes SLS hardening backport on x86_64. [bsc#1195283]
includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
use --with-cpu rather than specifying --with-arch/--with-tune
Fix D memory corruption in -M output.
Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
fixes issue with debug dumping together with -o /dev/null
fixes libgccjit issue showing up in emacs build [bsc#1192951]
Package mwaitintrin.h

SUSE-CU-2022:1153-1

Container Advisory ID	SUSE-CU-2022:1153-1
Container Tags	suse/manager/4.3/proxy-httpd:4.3.0 , suse/manager/4.3/proxy-httpd:4.3.0.7.3 , suse/manager/4.3/proxy-httpd:latest
Container Release	7.3

The following patches have been included in this update:

Advisory ID	SUSE-RU-2018:1999-1
Released	Tue Sep 25 08:20:35 2018
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1071321

Description:

This update for zlib provides the following fixes:

Speedup zlib on power8. (fate#325307)
Add safeguard against negative values in uInt. (bsc#1071321)

Advisory ID	SUSE-RU-2018:2022-1
Released	Wed Sep 26 09:48:09 2018
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1103388,1104120,1106523

Description:

This update fixes the following issues:
hwdata:

Update to version 0.314: + Updated pci, usb and vendor ids.

spacewalk-backend:

Channels to be actually un-subscribed from the assigned systems when being removed using spacewalk-remove-channel tool. (bsc#1104120)
Take only text files from /srv/salt to make spacewalk-debug smaller. (bsc#1103388)

Advisory ID	SUSE-RU-2018:2370-1
Released	Mon Oct 22 14:02:01 2018
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1102310,1104531

Description:

This update for aaa_base provides the following fixes:

Let bash.bashrc work even for (m)ksh. (bsc#1104531)
Fix an error at login if java system directory is empty. (bsc#1102310)

Advisory ID	SUSE-RU-2018:2569-1
Released	Fri Nov 2 19:00:18 2018
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1110700

Description:

This update for pam fixes the following issues:

Remove limits for nproc from /etc/security/limits.conf (bsc#1110700)

Advisory ID	SUSE-RU-2018:2607-1
Released	Wed Nov 7 15:42:48 2018
Summary	Optional update for gcc8
Type	recommended
Severity	low
References	1084812,1084842,1087550,1094222,1102564

Description:

The GNU Compiler GCC 8 is being added to the Development Tools Module by this update.
The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15.
Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved.
The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened:
https://gcc.gnu.org/gcc-8/changes.html
Also changes needed or common pitfalls when porting software are described on:
https://gcc.gnu.org/gcc-8/porting_to.html

Advisory ID	SUSE-RU-2018:2798-1
Released	Wed Nov 28 07:48:35 2018
Summary	Recommended update for make
Type	recommended
Severity	moderate
References	1100504

Description:

This update for make fixes the following issues:

Use a non-blocking read with pselect to avoid hangs (bsc#1100504)

Advisory ID	SUSE-SU-2018:2825-1
Released	Mon Dec 3 15:35:02 2018
Summary	Security update for pam
Type	security
Severity	important
References	1115640,CVE-2018-17953

Description:

This update for pam fixes the following issue:
Security issue fixed:

CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640).

Advisory ID	SUSE-SU-2018:2861-1
Released	Thu Dec 6 14:32:01 2018
Summary	Security update for ncurses
Type	security
Severity	important
References	1103320,1115929,CVE-2018-19211

Description:

This update for ncurses fixes the following issues:
Security issue fixed:

CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

Non-security issue fixed:

Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).

Advisory ID	SUSE-RU-2019:6-1
Released	Wed Jan 2 20:25:25 2019
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1099119,1099192

Description:

GCC 7 was updated to the GCC 7.4 release.

Fix AVR configuration to not use __cxa_atexit or libstdc++ headers. Point to /usr/avr/sys-root/include as system header include directory.
Includes fix for build with ISL 0.20.
Pulls fix for libcpp lexing bug on ppc64le manifesting during build with gcc8. [bsc#1099119]
Pulls fix for forcing compile-time tuning even when building with -march=z13 on s390x. [bsc#1099192]
Fixes support for 32bit ASAN with glibc 2.27+

Advisory ID	SUSE-RU-2019:44-1
Released	Tue Jan 8 13:07:32 2019
Summary	Recommended update for acl
Type	recommended
Severity	low
References	953659

Description:

This update for acl fixes the following issues:

test: Add helper library to fake passwd/group files.
quote: Escape literal backslashes. (bsc#953659)

Advisory ID	SUSE-SU-2019:247-1
Released	Wed Feb 6 07:18:45 2019
Summary	Security update for lua53
Type	security
Severity	moderate
References	1123043,CVE-2019-6706

Description:

This update for lua53 fixes the following issues:
Security issue fixed:

CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043)

Advisory ID	SUSE-SU-2019:571-1
Released	Thu Mar 7 18:13:46 2019
Summary	Security update for file
Type	security
Severity	moderate
References	1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907

Description:

This update for file fixes the following issues:
The following security vulnerabilities were addressed:

CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974)
CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118)
CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119)
CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117)

Advisory ID	SUSE-RU-2019:732-1
Released	Mon Mar 25 14:10:04 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1088524,1118364,1128246

Description:

This update for aaa_base fixes the following issues:

Restore old position of ssh/sudo source of profile (bsc#1118364).
Update logic for JRE_HOME env variable (bsc#1128246)

Advisory ID	SUSE-SU-2019:788-1
Released	Thu Mar 28 11:55:06 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1119687,CVE-2018-20346

Description:

This update for sqlite3 to version 3.27.2 fixes the following issue:
Security issue fixed:

CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687).

Release notes: https://www.sqlite.org/releaselog/3_27_2.html

Advisory ID	SUSE-RU-2019:905-1
Released	Mon Apr 8 16:48:02 2019
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1096008

Description:

This update for gcc fixes the following issues:

Fix gcc-PIE spec to properly honor -no-pie at link time. (bsc#1096008)

Advisory ID	SUSE-SU-2019:926-1
Released	Wed Apr 10 16:33:12 2019
Summary	Security update for tar
Type	security
Severity	moderate
References	1120610,1130496,CVE-2018-20482,CVE-2019-9923

Description:

This update for tar fixes the following issues:
Security issues fixed:

CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496).
CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610).

Advisory ID	SUSE-RU-2019:1002-1
Released	Wed Apr 24 10:13:34 2019
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1110304,1129576

Description:

This update for zlib fixes the following issues:

Fixes a segmentation fault error (bsc#1110304, bsc#1129576)

Advisory ID	SUSE-RU-2019:1022-1
Released	Wed Apr 24 13:46:51 2019
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1121410

Description:

This update for hwdata fixes the following issues:
Update to version 0.320 (bsc#1121410):

Updated the pci, usb and vendor ids vendor and product databases.

Advisory ID	SUSE-RU-2019:1105-1
Released	Tue Apr 30 12:10:58 2019
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1084842,1114592,1124644,1128794,1129389,1131264,SLE-6738

Description:

This update for gcc7 fixes the following issues:
Update to gcc-7-branch head (r270528).

Disables switch jump-tables when retpolines are used. This restores some lost performance for kernel builds with retpolines. (bsc#1131264, jsc#SLE-6738)
Fix ICE compiling tensorflow on aarch64. (bsc#1129389)
Fix for aarch64 FMA steering pass use-after-free. (bsc#1128794)
Fix for s390x FP load-and-test issue. (bsc#1124644)
Improve build reproducability by disabling address-space randomization during build.
Adjust gnat manual entries in the info directory. (bsc#1114592)
Includes fix to no longer try linking -lieee with -mieee-fp. (bsc#1084842)

Advisory ID	SUSE-RU-2019:1113-1
Released	Tue Apr 30 14:08:42 2019
Summary	Recommended update for python-pycurl
Type	recommended
Severity	moderate
References	1128355

Description:

This update for python-pycurl fixes the following issues:

bsc#1128355: update to the Factory package to get multibuild and better working tests.

Update to 7.43.0.2: * Added perform_rb and perform_rs methods to Curl objects to return response body as byte string and string, respectively. * Added OPT_COOKIELIST constant for consistency with other option constants. * PycURL is now able to report errors triggered by libcurl via CURLOPT_FAILONERROR mechanism when the error messages are not decodable in Python's default encoding (GitHub issue #259). * Added getinfo_raw method to Curl objects to return byte strings as is from libcurl without attempting to decode them (GitHub issue #493). * When adding a Curl easy object to CurlMulti via add_handle, the easy objects now have their reference counts increased so that the application is no longer required to keep references to them to keep them from being garbage collected (GitHub issue #171). * PycURL easy, multi and share objects can now be weak referenced. * set_ca_certs now accepts byte strings as it should have been all along. * Use OpenSSL 1.1 and 1.0 specific APIs for controlling thread locks depending on OpenSSL version (patch by Vitaly Murashev). * Fixed a crash when closesocket callback failed (patch by Gisle Vanem and toddrme2178). * Added CURLOPT_PROXY_SSLCERT, CURLOPT_PROXY_SSLCERTTYPE, CURLOPT_PROXY_SSLKEY, CURLOPT_PROXY_SSLKEYTYPE, CURLOPT_PROXY_SSL_VERIFYPEER (libcurl 7.52.0+, patch by Casey Miller). * Added CURLOPT_PRE_PROXY (libcurl 7.52.0+, patch by ziggy). * Added SOCKET_BAD constant and it is now recognized as a valid return value from OPENSOCKET callback.

Advisory ID	SUSE-SU-2019:1127-1
Released	Thu May 2 09:39:24 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1130325,1130326,CVE-2019-9936,CVE-2019-9937

Description:

This update for sqlite3 to version 3.28.0 fixes the following issues:
Security issues fixed:

CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326).
CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325).

Advisory ID	SUSE-RU-2019:1312-1
Released	Wed May 22 12:19:12 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1096191

Description:

This update for aaa_base fixes the following issue:
* Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191)

Advisory ID	SUSE-SU-2019:1368-1
Released	Tue May 28 13:15:38 2019
Summary	Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root
Type	security
Severity	important
References	1134524,CVE-2019-5021

Description:

This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues:

CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524)

Advisory ID	SUSE-RU-2019:1631-1
Released	Fri Jun 21 11:17:21 2019
Summary	Recommended update for xz
Type	recommended
Severity	low
References	1135709

Description:

This update for xz fixes the following issues:
Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709]

Advisory ID	SUSE-RU-2019:2134-1
Released	Wed Aug 14 11:54:56 2019
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1136717,1137624,1141059,SLE-5807

Description:

This update for zlib fixes the following issues:

Update the s390 patchset. (bsc#1137624)
Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059)
Use FAT LTO objects in order to provide proper static library.
Do not enable the previous patchset on s390 but just s390x. (bsc#1137624)
Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717)

Advisory ID	SUSE-RU-2019:2188-1
Released	Wed Aug 21 10:10:29 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1140647

Description:

This update for aaa_base fixes the following issues:

Make systemd detection cgroup oblivious. (bsc#1140647)

Advisory ID	SUSE-RU-2019:2218-1
Released	Mon Aug 26 11:29:57 2019
Summary	Recommended update for pinentry
Type	recommended
Severity	moderate
References	1141883

Description:

This update for pinentry fixes the following issues:

Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883)

Advisory ID	SUSE-RU-2019:2423-1
Released	Fri Sep 20 16:41:45 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1146866,SLE-9132

Description:

This update for aaa_base fixes the following issues:
Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132)
Following settings have been tightened (and set to 0):

net.ipv4.conf.all.accept_redirects
net.ipv4.conf.default.accept_redirects
net.ipv4.conf.default.accept_source_route
net.ipv6.conf.all.accept_redirects
net.ipv6.conf.default.accept_redirects

Advisory ID	SUSE-SU-2019:2533-1
Released	Thu Oct 3 15:02:50 2019
Summary	Security update for sqlite3
Type	security
Severity	moderate
References	1150137,CVE-2019-16168

Description:

This update for sqlite3 fixes the following issues:
Security issue fixed:

CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137).

Advisory ID	SUSE-SU-2019:2702-1
Released	Wed Oct 16 18:41:30 2019
Summary	Security update for gcc7
Type	security
Severity	moderate
References	1071995,1141897,1142649,1148517,1149145,CVE-2019-14250,CVE-2019-15847

Description:

This update for gcc7 to r275405 fixes the following issues:
Security issues fixed:

CVE-2019-14250: Fixed an integer overflow in binutils (bsc#1142649).
CVE-2019-15847: Fixed an optimization in the POWER9 backend of gcc that could reduce the entropy of the random number generator (bsc#1149145).

Non-security issue fixed:

Move Live Patching technology stack from kGraft to upstream klp (bsc#1071995, fate#323487).

Advisory ID	SUSE-SU-2019:2730-1
Released	Mon Oct 21 16:04:57 2019
Summary	Security update for procps
Type	security
Severity	important
References	1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126

Description:

This update for procps fixes the following issues:
procps was updated to 3.3.15. (bsc#1092100)
Following security issues were fixed:

CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).
CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).
CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).
CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).
CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

Also this non-security issue was fixed:

Fix CPU summary showing old data. (bsc#1121753)

The update to 3.3.15 contains the following fixes:

library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures
library: Just check for SIGLOST and don't delete it
library: Fix integer overflow and LPE in file2strvec CVE-2018-1124
library: Use size_t for alloc functions CVE-2018-1126
library: Increase comm size to 64
pgrep: Fix stack-based buffer overflow CVE-2018-1125
pgrep: Remove >15 warning as comm can be longer
ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123
ps: Increase command name selection field to 64
top: Don't use cwd for location of config CVE-2018-1122
update translations
library: build on non-glibc systems
free: fix scaling on 32-bit systems
Revert 'Support running with child namespaces'
library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler
doc: Document I idle state in ps.1 and top.1
free: fix some of the SI multiples
kill: -l space between name parses correctly
library: dont use vm_min_free on non Linux
library: don't strip off wchan prefixes (ps & top)
pgrep: warn about 15+ char name only if -f not used
pgrep/pkill: only match in same namespace by default
pidof: specify separator between pids
pkill: Return 0 only if we can kill process
pmap: fix duplicate output line under '-x' option
ps: avoid eip/esp address truncations
ps: recognizes SCHED_DEADLINE as valid CPU scheduler
ps: display NUMA node under which a thread ran
ps: Add seconds display for cputime and time
ps: Add LUID field
sysctl: Permit empty string for value
sysctl: Don't segv when file not available
sysctl: Read and write large buffers
top: add config file support for XDG specification
top: eliminated minor libnuma memory leak
top: show fewer memory decimal places (configurable)
top: provide command line switch for memory scaling
top: provide command line switch for CPU States
top: provides more accurate cpu usage at startup
top: display NUMA node under which a thread ran
top: fix argument parsing quirk resulting in SEGV
top: delay interval accepts non-locale radix point
top: address a wishlist man page NLS suggestion
top: fix potential distortion in 'Mem' graph display
top: provide proper multi-byte string handling
top: startup defaults are fully customizable
watch: define HOST_NAME_MAX where not defined
vmstat: Fix alignment for disk partition format
watch: Support ANSI 39,49 reset sequences

Advisory ID	SUSE-SU-2019:2779-1
Released	Thu Oct 24 16:57:42 2019
Summary	Security update for binutils
Type	security
Severity	moderate
References	1109412,1109413,1109414,1111996,1112534,1112535,1113247,1113252,1113255,1116827,1118644,1118830,1118831,1120640,1121034,1121035,1121056,1133131,1133232,1141913,1142772,1152590,1154016,1154025,CVE-2018-1000876,CVE-2018-17358,CVE-2018-17359,CVE-2018-17360,CVE-2018-17985,CVE-2018-18309,CVE-2018-18483,CVE-2018-18484,CVE-2018-18605,CVE-2018-18606,CVE-2018-18607,CVE-2018-19931,CVE-2018-19932,CVE-2018-20623,CVE-2018-20651,CVE-2018-20671,CVE-2018-6323,CVE-2018-6543,CVE-2018-6759,CVE-2018-6872,CVE-2018-7208,CVE-2018-7568,CVE-2018-7569,CVE-2018-7570,CVE-2018-7642,CVE-2018-7643,CVE-2018-8945,CVE-2019-1010180,ECO-368,SLE-6206

Description:

This update for binutils fixes the following issues:
binutils was updated to current 2.32 branch [jsc#ECO-368].
Includes following security fixes:

CVE-2018-17358: Fixed invalid memory access in _bfd_stab_section_find_nearest_line in syms.c (bsc#1109412)
CVE-2018-17359: Fixed invalid memory access exists in bfd_zalloc in opncls.c (bsc#1109413)
CVE-2018-17360: Fixed heap-based buffer over-read in bfd_getl32 in libbfd.c (bsc#1109414)
CVE-2018-17985: Fixed a stack consumption problem caused by the cplus_demangle_type (bsc#1116827)
CVE-2018-18309: Fixed an invalid memory address dereference was discovered in read_reloc in reloc.c (bsc#1111996)
CVE-2018-18483: Fixed get_count function provided by libiberty that allowed attackers to cause a denial of service or other unspecified impact (bsc#1112535)
CVE-2018-18484: Fixed stack exhaustion in the C++ demangling functions provided by libiberty, caused by recursive stack frames (bsc#1112534)
CVE-2018-18605: Fixed a heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup causing a denial of service (bsc#1113255)
CVE-2018-18606: Fixed a NULL pointer dereference in _bfd_add_merge_section when attempting to merge sections with large alignments, causing denial of service (bsc#1113252)
CVE-2018-18607: Fixed a NULL pointer dereference in elf_link_input_bfd when used for finding STT_TLS symbols without any TLS section, causing denial of service (bsc#1113247)
CVE-2018-19931: Fixed a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h (bsc#1118831)
CVE-2018-19932: Fixed an integer overflow and infinite loop caused by the IS_CONTAINED_BY_LMA (bsc#1118830)
CVE-2018-20623: Fixed a use-after-free in the error function in elfcomm.c (bsc#1121035)
CVE-2018-20651: Fixed a denial of service via a NULL pointer dereference in elf_link_add_object_symbols in elflink.c (bsc#1121034)
CVE-2018-20671: Fixed an integer overflow that can trigger a heap-based buffer overflow in load_specific_debug_section in objdump.c (bsc#1121056)
CVE-2018-1000876: Fixed integer overflow in bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc in objdump (bsc#1120640)
CVE-2019-1010180: Fixed an out of bound memory access that could lead to crashes (bsc#1142772)

enable xtensa architecture (Tensilica lc6 and related)
Use -ffat-lto-objects in order to provide assembly for static libs (bsc#1141913).
Fixed some LTO build issues (bsc#1133131 bsc#1133232).
riscv: Don't check ABI flags if no code section
Fixed a segfault in ld when building some versions of pacemaker (bsc#1154025, bsc#1154016).
Add avr, epiphany and rx to target_list so that the common binutils can handle all objects we can create with crosses (bsc#1152590).

Update to binutils 2.32:

The binutils now support for the C-SKY processor series.
The x86 assembler now supports a -mvexwig=[0|1] option to control encoding of VEX.W-ignored (WIG) VEX instructions. It also has a new -mx86-used-note=[yes|no] option to generate (or not) x86 GNU property notes.
The MIPS assembler now supports the Loongson EXTensions R2 (EXT2), the Loongson EXTensions (EXT) instructions, the Loongson Content Address Memory (CAM) ASE and the Loongson MultiMedia extensions Instructions (MMI) ASE.
The addr2line, c++filt, nm and objdump tools now have a default limit on the maximum amount of recursion that is allowed whilst demangling strings. This limit can be disabled if necessary.
Objdump's --disassemble option can now take a parameter, specifying the starting symbol for disassembly. Disassembly will continue from this symbol up to the next symbol or the end of the function.
The BFD linker will now report property change in linker map file when merging GNU properties.
The BFD linker's -t option now doesn't report members within archives, unless -t is given twice. This makes it more useful when generating a list of files that should be packaged for a linker bug report.
The GOLD linker has improved warning messages for relocations that refer to discarded sections.

Improve relro support on s390 [fate#326356]
Fix broken debug symbols (bsc#1118644)
Handle ELF compressed header alignment correctly.

Advisory ID	SUSE-RU-2019:2870-1
Released	Thu Oct 31 08:09:14 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1051143,1138869,1151023

Description:

This update for aaa_base provides the following fixes:

Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869)
Add s390x compressed kernel support. (bsc#1151023)
service: Check if there is a second argument before using it. (bsc#1051143)

Advisory ID	SUSE-RU-2019:2993-1
Released	Mon Nov 18 11:52:23 2019
Summary	Recommended update for tftp
Type	recommended
Severity	moderate
References	1153625

Description:

This update for tftp fixes the following issues:

Add tftp.socket requirement to the service unit section. (bsc#1153625)

Advisory ID	SUSE-SU-2019:2997-1
Released	Mon Nov 18 15:16:38 2019
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595

Description:

This update for ncurses fixes the following issues:
Security issues fixed:

CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).

Non-security issue fixed:

Removed screen.xterm from terminfo database (bsc#1103320).

Advisory ID	SUSE-SU-2019:3061-1
Released	Mon Nov 25 17:34:22 2019
Summary	Security update for gcc9
Type	security
Severity	moderate
References	1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536

Description:

This update includes the GNU Compiler Collection 9.
A full changelog is provided by the GCC team on:
https://www.gnu.org/software/gcc/gcc-9/changes.html

The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages.
To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it.

Security issues fixed:

CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145)
CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649)

Non-security issues fixed:

Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254)
Fixed miscompilation for vector shift on s390. (bsc#1141897)

Advisory ID	SUSE-SU-2019:3086-1
Released	Thu Nov 28 10:02:24 2019
Summary	Security update for libidn2
Type	security
Severity	moderate
References	1154884,1154887,CVE-2019-12290,CVE-2019-18224

Description:

This update for libidn2 to version 2.2.0 fixes the following issues:

CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

Advisory ID	SUSE-RU-2019:3166-1
Released	Wed Dec 4 11:24:42 2019
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1007715,1084934,1157278

Description:

This update for aaa_base fixes the following issues:

Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934)
Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715)
Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278)

Advisory ID	SUSE-RU-2020:10-1
Released	Thu Jan 2 12:35:06 2020
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1146475

Description:

This update for gcc7 fixes the following issues:

Fix miscompilation with thread-safe localstatic initialization (gcc#85887).
Fix debug info created for array definitions that complete an earlier declaration (bsc#1146475).

Advisory ID	SUSE-RU-2020:225-1
Released	Fri Jan 24 06:49:07 2020
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1158830

Description:

This update for procps fixes the following issues:

Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830)

Advisory ID	SUSE-RU-2020:256-1
Released	Wed Jan 29 09:39:17 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1157794,1160970

Description:

This update for aaa_base fixes the following issues:

Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794)
Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970)

Advisory ID	SUSE-RU-2020:338-1
Released	Thu Feb 6 13:00:23 2020
Summary	Recommended update for apr
Type	recommended
Severity	moderate
References	1151059

Description:

This update for apr fixes the following issues:

Increase timeout to fix random failure of testsuite [bsc#1151059].

Advisory ID	SUSE-RU-2020:395-1
Released	Tue Feb 18 14:16:48 2020
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1160086

Description:

This update for gcc7 fixes the following issue:

Fixed a miscompilation in zSeries code (bsc#1160086)

Advisory ID	SUSE-RU-2020:453-1
Released	Tue Feb 25 10:51:53 2020
Summary	Recommended update for binutils
Type	recommended
Severity	moderate
References	1160590

Description:

This update for binutils fixes the following issues:

Recognize the official name of s390 arch13: 'z15'. (bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464)

Advisory ID	SUSE-RU-2020:480-1
Released	Tue Feb 25 17:38:22 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1160735

Description:

This update for aaa_base fixes the following issues:

Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735)

Advisory ID	SUSE-RU-2020:525-1
Released	Fri Feb 28 11:49:36 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1164562

Description:

This update for pam fixes the following issues:

Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562)

Advisory ID	SUSE-RU-2020:633-1
Released	Tue Mar 10 16:23:08 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1139939,1151023

Description:

This update for aaa_base fixes the following issues:

get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939)
added '-h'/'--help' to the command old
change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues

Advisory ID	SUSE-RU-2020:689-1
Released	Fri Mar 13 17:09:01 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1166510

Description:

This update for PAM fixes the following issue:

The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510)

Advisory ID	SUSE-RU-2020:917-1
Released	Fri Apr 3 15:02:25 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1166510

Description:

This update for pam fixes the following issues:

Moved pam_userdb into a separate package pam-extra. (bsc#1166510)

Advisory ID	SUSE-SU-2020:948-1
Released	Wed Apr 8 07:44:21 2020
Summary	Security update for gmp, gnutls, libnettle
Type	security
Severity	moderate
References	1152692,1155327,1166881,1168345,CVE-2020-11501

Description:

This update for gmp, gnutls, libnettle fixes the following issues:
Security issue fixed:

CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345)

FIPS related bugfixes:

FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881)
FIPS: Added Diffie Hellman public key verification test. (bsc#1155327)

Advisory ID	SUSE-RU-2020:1226-1
Released	Fri May 8 10:51:05 2020
Summary	Recommended update for gcc9
Type	recommended
Severity	moderate
References	1149995,1152590,1167898

Description:

This update for gcc9 fixes the following issues:
This update ships the GCC 9.3 release.

Includes a fix for Internal compiler error when building HepMC (bsc#1167898)
Includes fix for binutils version parsing
Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10.
Add gcc9 autodetect -g at lto link (bsc#1149995)
Install go tool buildid for bootstrapping go

Advisory ID	SUSE-RU-2020:1261-1
Released	Tue May 12 18:40:18 2020
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1168806

Description:

This update for hwdata fixes the following issues:
Update from version 0.320 to version 0.324 (bsc#1168806)

Updated pci, usb and vendor ids.
Replace pciutils-ids package providing compatibility symbolic link

Advisory ID	SUSE-SU-2020:1294-1
Released	Mon May 18 07:38:36 2020
Summary	Security update for file
Type	security
Severity	moderate
References	1154661,1169512,CVE-2019-18218

Description:

This update for file fixes the following issues:
Security issues fixed:

CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661).

Non-security issue fixed:

Fixed broken '--help' output (bsc#1169512).

Advisory ID	SUSE-RU-2020:1328-1
Released	Mon May 18 17:16:04 2020
Summary	Recommended update for grep
Type	recommended
Severity	moderate
References	1155271

Description:

This update for grep fixes the following issues:

Update testsuite expectations, no functional changes (bsc#1155271)

Advisory ID	SUSE-RU-2020:1370-1
Released	Thu May 21 19:06:00 2020
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	moderate
References	1171656

Description:

This update for systemd-presets-branding-SLE fixes the following issues:
Cleanup of outdated autostart services (bsc#1171656):

Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE.
Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this.
Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable.

Advisory ID	SUSE-RU-2020:1404-1
Released	Mon May 25 15:32:34 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1138793,1166260

Description:

This update for zlib fixes the following issues:

Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1.
Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime.

Advisory ID	SUSE-RU-2020:1506-1
Released	Fri May 29 17:22:11 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1087982,1170527

Description:

This update for aaa_base fixes the following issues:

Not all XTerm based emulators do have a terminfo entry. (bsc#1087982)
Better support of Midnight Commander. (bsc#1170527)

Advisory ID	SUSE-RU-2020:1954-1
Released	Sat Jul 18 03:07:15 2020
Summary	Recommended update for cracklib
Type	recommended
Severity	moderate
References	1172396

Description:

This update for cracklib fixes the following issues:

Fixed a buffer overflow when processing long words.

Advisory ID	SUSE-RU-2020:2083-1
Released	Thu Jul 30 10:27:59 2020
Summary	Recommended update for diffutils
Type	recommended
Severity	moderate
References	1156913

Description:

This update for diffutils fixes the following issue:

Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913)

Advisory ID	SUSE-RU-2020:2420-1
Released	Tue Sep 1 13:48:35 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1174551,1174736

Description:

This update for zlib provides the following fixes:

Permit a deflateParams() parameter change as soon as possible. (bsc#1174736)
Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551)

Advisory ID	SUSE-SU-2020:2646-1
Released	Wed Sep 16 12:07:28 2020
Summary	Security update for perl-DBI
Type	security
Severity	important
References	1176409,1176412,CVE-2020-14392,CVE-2020-14393

Description:

This update for perl-DBI fixes the following issues:
Security issues fixed:

CVE-2020-14392: Memory corruption in XS functions when Perl stack is reallocated (bsc#1176412).
CVE-2020-14393: Fixed a buffer overflow on an overlong DBD class name (bsc#1176409).

Advisory ID	SUSE-RU-2020:2651-1
Released	Wed Sep 16 14:42:55 2020
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1175811,1175830,1175831

Description:

This update for zlib fixes the following issues:

Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831)
Enable hardware compression on s390/s390x (jsc#SLE-13776)

Advisory ID	SUSE-RU-2020:2735-1
Released	Thu Sep 24 13:32:25 2020
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1173034

Description:

This update for systemd-rpm-macros fixes the following issues:

Introduce macro '%service_del_postun_without_restart' to resolve blocking new releases based on this. (bsc#1173034)

Advisory ID	SUSE-RU-2020:2782-1
Released	Tue Sep 29 11:40:22 2020
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	important
References	1176932

Description:

This update for systemd-rpm-macros fixes the following issues:

Backport missing macros of directory paths from upstream + %_environmentdir + %_modulesloaddir + %_modprobedir

Make sure %_restart_on_update_never and %_stop_on_removal_never don't expand to the empty string. (bsc#1176932) Otherwise sequences like the following code: if [ ... ]; then %_restart_on_update_never fi would result in the following incorrect shell syntax: if [ ... ]; then fi

Advisory ID	SUSE-SU-2020:2828-1
Released	Fri Oct 2 10:33:22 2020
Summary	Security update for perl-DBI
Type	security
Severity	important
References	1176764,CVE-2019-20919

Description:

This update for perl-DBI fixes the following issues:

CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile (bsc#1176764).

Advisory ID	SUSE-RU-2020:2869-1
Released	Tue Oct 6 16:13:20 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1011548,1153943,1153946,1161239,1171762

Description:

This update for aaa_base fixes the following issues:

DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS
check for Packages.db and use this instead of Packages. (bsc#1171762)
Rename path() to _path() to avoid using a general name.
refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548)
etc/profile add some missing ;; in case esac statements
profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946)
backup-rpmdb: exit if zypper is running (bsc#1161239)
Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943)

Advisory ID	SUSE-SU-2020:2947-1
Released	Fri Oct 16 15:23:07 2020
Summary	Security update for gcc10, nvptx-tools
Type	security
Severity	moderate
References	1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844

Description:

This update for gcc10, nvptx-tools fixes the following issues:
This update provides the GCC10 compiler suite and runtime libraries.
The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants.
The new compiler variants are available with '-10' suffix, you can specify them via:
CC=gcc-10 CXX=g++-10
or similar commands.
For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html
Changes in nvptx-tools:

Enable build on aarch64

Advisory ID	SUSE-RU-2020:2958-1
Released	Tue Oct 20 12:24:55 2020
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1158830

Description:

This update for procps fixes the following issues:

Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830)

Advisory ID	SUSE-RU-2020:2983-1
Released	Wed Oct 21 15:03:03 2020
Summary	Recommended update for file
Type	recommended
Severity	moderate
References	1176123

Description:

This update for file fixes the following issues:

Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123)

Advisory ID	SUSE-OU-2020:3026-1
Released	Fri Oct 23 15:35:51 2020
Summary	Optional update for the Public Cloud Module
Type	optional
Severity	moderate
References

Description:

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included:

python3-grpcio
python3-protobuf
python3-google-api-core
python3-google-cloud-core
python3-google-cloud-storage
python3-google-resumable-media
python3-googleapis-common-protos
python3-grpcio-gcp
python3-mock (updated to version 3.0.5)

Advisory ID	SUSE-SU-2020:3060-1
Released	Wed Oct 28 08:09:21 2020
Summary	Security update for binutils
Type	security
Severity	moderate
References	1126826,1126829,1126831,1140126,1142649,1143609,1153768,1153770,1157755,1160254,1160590,1163333,1163744,CVE-2019-12972,CVE-2019-14250,CVE-2019-14444,CVE-2019-17450,CVE-2019-17451,CVE-2019-9074,CVE-2019-9075,CVE-2019-9077

Description:

This update for binutils fixes the following issues:
binutils was updated to version 2.35. (jsc#ECO-2373)
Update to binutils 2.35:

The assembler can now produce DWARF-5 format line number tables.
Readelf now has a 'lint' mode to enable extra checks of the files it is processing.
Readelf will now display '[...]' when it has to truncate a symbol name. The old behaviour - of displaying as many characters as possible, up to the 80 column limit - can be restored by the use of the --silent-truncation option.
The linker can now produce a dependency file listing the inputs that it has processed, much like the -M -MP option supported by the compiler.

fix DT_NEEDED order with -flto [bsc#1163744]

Update to binutils 2.34:

The disassembler (objdump --disassemble) now has an option to generate ascii art thats show the arcs between that start and end points of control flow instructions.
The binutils tools now have support for debuginfod. Debuginfod is a HTTP service for distributing ELF/DWARF debugging information as well as source code. The tools can now connect to debuginfod servers in order to download debug information about the files that they are processing.
The assembler and linker now support the generation of ELF format files for the Z80 architecture.

Add new subpackages for libctf and libctf-nobfd.
Disable LTO due to bsc#1163333.
Includes fixes for these CVEs: bsc#1153768 aka CVE-2019-17451 aka PR25070 bsc#1153770 aka CVE-2019-17450 aka PR25078

fix various build fails on aarch64 (PR25210, bsc#1157755).

Update to binutils 2.33.1:

Adds support for the Arm Scalable Vector Extension version 2 (SVE2) instructions, the Arm Transactional Memory Extension (TME) instructions and the Armv8.1-M Mainline and M-profile Vector Extension (MVE) instructions.
Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE, Cortex-A76AE, and Cortex-A77 processors.
Adds a .float16 directive for both Arm and AArch64 to allow encoding of 16-bit floating point literals.
For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not) Loongson3 LLSC Errata. Add a --enable-mips-fix-loongson3-llsc=[yes|no] configure time option to set the default behavior. Set the default if the configure option is not used to 'no'.
The Cortex-A53 Erratum 843419 workaround now supports a choice of which workaround to use. The option --fix-cortex-a53-843419 now takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp] which can be used to force a particular workaround to be used. See --help for AArch64 for more details.
Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and GNU_PROPERTY_AARCH64_FEATURE_1_PAC in ELF GNU program properties in the AArch64 ELF linker.
Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI on inputs and use PLTs protected with BTI.
Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
Add --source-comment[=] option to objdump which if present, provides a prefix to source code lines displayed in a disassembly.
Add --set-section-alignment = option to objcopy to allow the changing of section alignments.
Add --verilog-data-width option to objcopy for verilog targets to control width of data elements in verilog hex format.
The separate debug info file options of readelf (--debug-dump=links and --debug-dump=follow) and objdump (--dwarf=links and --dwarf=follow-links) will now display and/or follow multiple links if more than one are present in a file. (This usually happens when gcc's -gsplit-dwarf option is used). In addition objdump's --dwarf=follow-links now also affects its other display options, so that for example, when combined with --syms it will cause the symbol tables in any linked debug info files to also be displayed. In addition when combined with --disassemble the --dwarf= follow-links option will ensure that any symbol tables in the linked files are read and used when disassembling code in the main file.
Add support for dumping types encoded in the Compact Type Format to objdump and readelf.
Includes fixes for these CVEs: bsc#1126826 aka CVE-2019-9077 aka PR1126826 bsc#1126829 aka CVE-2019-9075 aka PR1126829 bsc#1126831 aka CVE-2019-9074 aka PR24235 bsc#1140126 aka CVE-2019-12972 aka PR23405 bsc#1143609 aka CVE-2019-14444 aka PR24829 bsc#1142649 aka CVE-2019-14250 aka PR90924

Add xBPF target
Fix various problems with DWARF 5 support in gas
fix nm -B for objects compiled with -flto and -fcommon.

Advisory ID	SUSE-SU-2020:3384-1
Released	Thu Nov 19 11:33:53 2020
Summary	Security update for perl-DBI
Type	security
Severity	moderate
References	1176492,CVE-2014-10401,CVE-2014-10402

Description:

This update for perl-DBI fixes the following issues:

DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). [bsc#1176492, CVE-2014-10401, CVE-2014-10402]

Advisory ID	SUSE-RU-2020:3462-1
Released	Fri Nov 20 13:14:35 2020
Summary	Recommended update for pam and sudo
Type	recommended
Severity	moderate
References	1174593,1177858,1178727

Description:

This update for pam and sudo fixes the following issue:
pam:

pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

Advisory ID	SUSE-SU-2020:3592-1
Released	Wed Dec 2 10:31:34 2020
Summary	Security update for python-cryptography
Type	security
Severity	moderate
References	1178168,CVE-2020-25659

Description:

This update for python-cryptography fixes the following issues:

CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168).

Advisory ID	SUSE-RU-2020:3620-1
Released	Thu Dec 3 17:03:55 2020
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References

Description:

This update for pam fixes the following issues:

Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=`

Advisory ID	SUSE-RU-2020:3640-1
Released	Mon Dec 7 13:24:41 2020
Summary	Recommended update for binutils
Type	recommended
Severity	important
References	1179036,1179341

Description:

This update for binutils fixes the following issues:
Update binutils 2.35 branch to commit 1c5243df:

Fixes PR26520, aka [bsc#1179036], a problem in addr2line with certain DWARF variable descriptions.
Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878, PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869, PR26711
The above includes fixes for dwo files produced by modern dwp, fixing several problems in the DWARF reader.

Update binutils to 2.35.1 and rebased branch diff:

This is a point release over the previous 2.35 version, containing bug fixes, and as an exception to the usual rule, one new feature. The new feature is the support for a new directive in the assembler: '.nop'. This directive creates a single no-op instruction in whatever encoding is correct for the target architecture. Unlike the .space or .fill this is a real instruction, and it does affect the generation of DWARF line number tables, should they be enabled. This fixes an incompatibility introduced in the latest update that broke the install scripts of the Oracle server. [bsc#1179341]

Advisory ID	SUSE-RU-2020:3703-1
Released	Mon Dec 7 20:17:32 2020
Summary	Recommended update for aaa_base
Type	recommended
Severity	moderate
References	1179431

Description:

This update for aaa_base fixes the following issue:

Avoid semicolon within (t)csh login script on S/390. (bsc#1179431)

Advisory ID	SUSE-SU-2020:3749-1
Released	Thu Dec 10 14:39:28 2020
Summary	Security update for gcc7
Type	security
Severity	moderate
References	1150164,1161913,1167939,1172798,1178577,1178614,1178624,1178675,CVE-2020-13844

Description:

This update for gcc7 fixes the following issues:

CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue (bsc#1172798)
Enable fortran for the nvptx offload compiler.
Update README.First-for.SuSE.packagers
avoid assembler errors with AVX512 gather and scatter instructions when using -masm=intel.
Backport the aarch64 -moutline-atomics feature and accumulated fixes but not its default enabling. [jsc#SLE-12209, bsc#1167939]
Fixed 32bit libgnat.so link. [bsc#1178675]
Fixed memcpy miscompilation on aarch64. [bsc#1178624, bsc#1178577]
Fixed debug line info for try/catch. [bsc#1178614]
Remove -mbranch-protection=standard (aarch64 flag) when gcc7 is used to build gcc7 (ie when ada is enabled)
Fixed corruption of pass private ->aux via DF. [gcc#94148]
Fixed debug information issue with inlined functions and passed by reference arguments. [gcc#93888]
Fixed binutils release date detection issue.
Fixed register allocation issue with exception handling code on s390x. [bsc#1161913]
Fixed miscompilation of some atomic code on aarch64. [bsc#1150164]

Advisory ID	SUSE-RU-2020:3791-1
Released	Mon Dec 14 17:39:19 2020
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References

Description:

This update for gzip fixes the following issue:

Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`.

Advisory ID	SUSE-OU-2020:3795-1
Released	Mon Dec 14 17:43:26 2020
Summary	Optional update for systemd-rpm-macros
Type	optional
Severity	low
References	1059627,1178481,1179020

Description:

This update for systemd-rpm-macros fixes the following issues:

Deprecate '-f'/'-n' options When used with %service_del_preun, support for these options will be dropped as DISABLE_STOP_ON_REMOVAL support will be removed on the next version of SLE (jsc#SLE-8968) When used with %service_del_postun, they should be replaced with their counterpart %service_del_postun_with_restart/%service_del_postun_without_restart
Introduced %service_del_postun_with_restart() It's the counterpart of %service_del_postun_without_restart() and replaces the '-f' option of %service_del_postun().
Does no longer apply presets when migrating from a disabled initscript (bsc#1178481)
Fix importing of %{_unitdir}

Advisory ID	SUSE-RU-2020:3942-1
Released	Tue Dec 29 12:22:01 2020
Summary	Recommended update for libidn2
Type	recommended
Severity	moderate
References	1180138

Description:

This update for libidn2 fixes the following issues:

The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138)

Advisory ID	SUSE-RU-2021:79-1
Released	Tue Jan 12 10:49:34 2021
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1167939

Description:

This update for gcc7 fixes the following issues:

Amend the gcc7 aarch64 atomics for glibc namespace violation with getauxval. [bsc#1167939]

Advisory ID	SUSE-RU-2021:220-1
Released	Tue Jan 26 14:00:51 2021
Summary	Recommended update for keyutils
Type	recommended
Severity	moderate
References	1180603

Description:

This update for keyutils fixes the following issues:

Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

Advisory ID	SUSE-RU-2021:293-1
Released	Wed Feb 3 12:52:34 2021
Summary	Recommended update for gmp
Type	recommended
Severity	moderate
References	1180603

Description:

This update for gmp fixes the following issues:

correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603)

Advisory ID	SUSE-RU-2021:294-1
Released	Wed Feb 3 12:54:28 2021
Summary	Recommended update for libprotobuf
Type	recommended
Severity	moderate
References

Description:

libprotobuf was updated to fix:

ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)

Advisory ID	SUSE-OU-2021:339-1
Released	Mon Feb 8 13:16:07 2021
Summary	Optional update for pam
Type	optional
Severity	low
References

Description:

This update for pam fixes the following issues:

Added rpm macros for this package, so that other packages can make use of it

This patch is optional to be installed - it doesn't fix any bugs.

Advisory ID	SUSE-RU-2021:421-1
Released	Wed Feb 10 12:05:23 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1180422,1180482

Description:

This update for hwdata fixes the following issues:

Added merge-pciids.pl to fully duplicate behavior of pciutils-ids (bsc#1180422, bsc#1180482)
Updated pci, usb and vendor ids.

Advisory ID	SUSE-SU-2021:594-1
Released	Thu Feb 25 09:29:35 2021
Summary	Security update for python-cryptography
Type	security
Severity	important
References	1182066,CVE-2020-36242

Description:

This update for python-cryptography fixes the following issues:

CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066).

Advisory ID	SUSE-RU-2021:596-1
Released	Thu Feb 25 10:26:30 2021
Summary	Recommended update for gcc7
Type	recommended
Severity	moderate
References	1181618

Description:

This update for gcc7 fixes the following issues:

Fixed webkit2gtk3 build (bsc#1181618)
Change GCC exception licenses to SPDX format
Remove include-fixed/pthread.h

Advisory ID	SUSE-RU-2021:656-1
Released	Mon Mar 1 09:34:21 2021
Summary	Recommended update for protobuf
Type	recommended
Severity	moderate
References	1177127

Description:

This update for protobuf fixes the following issues:

Add missing dependency of python subpackages on python-six. (bsc#1177127)

Advisory ID	SUSE-RU-2021:707-1
Released	Thu Mar 4 09:19:36 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1177039

Description:

This update for systemd-rpm-macros fixes the following issues:

Bump to version 6

Make upstream '%systemd_{pre,post,preun,postun}' aliases to their SUSE counterparts. Packagers can now choose to use the upstream or the SUSE variants indifferently. For consistency the SUSE variants should be preferred since almost all SUSE packages already use them but the upstream versions might be usefull in certain cases where packages need to support multiple distros based on RPM.

Improve the logic used to apply the presets. (bsc#1177039) Before presests were applied at a) package installation b) new units introduced via a package update (but after making sure that it was not a SysV initscript being converted). The problem is that a) didn't handle package a renaming or split properly since the package with the new name is installed rather being updated and therefore the presets were applied even if they were already with the old name. We now cover this case (and the other ones) by applying presets only if the units are new and the services are not being migrated. This regardless of whether this happens during an install or an update.

Advisory ID	SUSE-RU-2021:786-1
Released	Mon Mar 15 11:19:23 2021
Summary	Recommended update for zlib
Type	recommended
Severity	moderate
References	1176201

Description:

This update for zlib fixes the following issues:

Fixed hw compression on z15 (bsc#1176201)

Advisory ID	SUSE-RU-2021:795-1
Released	Tue Mar 16 10:28:02 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	low
References	1182661,1183012,1183051

Description:

This update for systemd-rpm-macros fixes the following issues:

Added a %systemd_user_pre macro (bsc#1183051, bsc#1183012)
Fixed an issue with %systemd_user_post, where the --global parameter was treated like if it was another service (bsc#1183051, bsc#1182661)

Advisory ID	SUSE-RU-2021:880-1
Released	Fri Mar 19 04:14:38 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	low
References	1170160,1182482

Description:

This update for hwdata fixes the following issues:

Updated pci, usb and vendor ids (bsc#1182482, bsc#1170160, jsc#SLE-13791)

Advisory ID	SUSE-RU-2021:924-1
Released	Tue Mar 23 10:00:49 2021
Summary	Recommended update for filesystem
Type	recommended
Severity	moderate
References	1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094

Description:

This update for filesystem the following issues:

Remove duplicate line due to merge error
Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011)
Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705)
Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466)
Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519)

This update for systemd fixes the following issues:

Fix for a possible memory leak. (bsc#1180020)
Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596)
Fixed an issue when starting a container conflicts with another one. (bsc#1178775)
Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831)
Don't use shell redirections when calling a rpm macro. (bsc#1183094)
'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083)

Advisory ID	SUSE-RU-2021:926-1
Released	Tue Mar 23 13:20:24 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1083473,1112500,1115408,1165780,1183012

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

Add default user preset containing: - enable `pulseaudio.socket` (bsc#1083473) - enable `pipewire.socket` (bsc#1183012) - enable `pipewire-pulse.socket` (bsc#1183012) - enable `pipewire-media-session.service` (used with pipewire >= 0.3.23)
Changes to the default preset: - enable `btrfsmaintenance-refresh.path`. - disable `btrfsmaintenance-refresh.service`. - enable `dnf-makecache.timer`. - enable `ignition-firstboot-complete.service`. - enable logwatch.timer and avoid to have logwatch out of sync with logrotate. (bsc#1112500) - enable `mlocate.timer`. Recent versions of mlocate don't use `updatedb.timer` any more. (bsc#1115408) - remove enable `updatedb.timer`
Avoid needless refresh on boot. (bsc#1165780)

Advisory ID	SUSE-SU-2021:930-1
Released	Wed Mar 24 12:09:23 2021
Summary	Security update for nghttp2
Type	security
Severity	important
References	1172442,1181358,CVE-2020-11080

Description:

This update for nghttp2 fixes the following issues:

CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)

Advisory ID	SUSE-SU-2021:974-1
Released	Mon Mar 29 19:31:27 2021
Summary	Security update for tar
Type	security
Severity	low
References	1181131,CVE-2021-20193

Description:

This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)

Advisory ID	SUSE-RU-2021:1018-1
Released	Tue Apr 6 14:29:13 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1180713

Description:

This update for gzip fixes the following issues:

Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713)

Advisory ID	SUSE-RU-2021:1169-1
Released	Tue Apr 13 15:01:42 2021
Summary	Recommended update for procps
Type	recommended
Severity	low
References	1181976

Description:

This update for procps fixes the following issues:

Corrected a statement in the man page about processor pinning via taskset (bsc#1181976)

Advisory ID	SUSE-RU-2021:1289-1
Released	Wed Apr 21 14:02:46 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1177047

Description:

This update for gzip fixes the following issues:

Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047)

Advisory ID	SUSE-RU-2021:1291-1
Released	Wed Apr 21 14:04:06 2021
Summary	Recommended update for mpfr
Type	recommended
Severity	moderate
References	1141190

Description:

This update for mpfr fixes the following issues:

Fixed an issue when building for ppc64le (bsc#1141190)

Technical library fixes:

A subtraction of two numbers of the same sign or addition of two numbers of different signs can be rounded incorrectly (and the ternary value can be incorrect) when one of the two inputs is reused as the output (destination) and all these MPFR numbers have exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines).
The mpfr_fma and mpfr_fms functions can behave incorrectly in case of internal overflow or underflow.
The result of the mpfr_sqr function can be rounded incorrectly in a rare case near underflow when the destination has exactly GMP_NUMB_BITS bits of precision (typically, 32 bits on 32-bit machines, 64 bits on 64-bit machines) and the input has at most GMP_NUMB_BITS bits of precision.
The behavior and documentation of the mpfr_get_str function are inconsistent concerning the minimum precision (this is related to the change of the minimum precision from 2 to 1 in MPFR 4.0.0). The get_str patch fixes this issue in the following way: the value 1 can now be provided for n (4th argument of mpfr_get_str); if n = 0, then the number of significant digits in the output string can now be 1, as already implied by the documentation (but the code was increasing it to 2).
The mpfr_cmp_q function can behave incorrectly when the rational (mpq_t) number has a null denominator.
The mpfr_inp_str and mpfr_out_str functions might behave incorrectly when the stream is a null pointer: the stream is replaced by stdin and stdout, respectively. This behavior is useless, not documented (thus incorrect in case a null pointer would have a special meaning), and not consistent with other input/output functions.

Advisory ID	SUSE-RU-2021:1295-1
Released	Wed Apr 21 14:08:19 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1184136

Description:

This update for systemd-presets-common-SUSE fixes the following issues:

Enabled hcn-init.service for HNV on POWER (bsc#1184136)

Advisory ID	SUSE-RU-2021:1449-1
Released	Fri Apr 30 08:08:25 2021
Summary	Recommended update for systemd-presets-branding-SLE
Type	recommended
Severity	moderate
References	1165780

Description:

This update for systemd-presets-branding-SLE fixes the following issues:

Don't enable 'btrfsmaintenance-refresh.service', 'btrfsmaintenance' is managed by systemd-presets-common-SUSE instead. (bsc#1165780)

Advisory ID	SUSE-RU-2021:1549-1
Released	Mon May 10 13:48:00 2021
Summary	Recommended update for procps
Type	recommended
Severity	moderate
References	1185417

Description:

This update for procps fixes the following issues:

Support up to 2048 CPU as well. (bsc#1185417)

Advisory ID	SUSE-RU-2021:1643-1
Released	Wed May 19 13:51:48 2021
Summary	Recommended update for pam
Type	recommended
Severity	important
References	1181443,1184358,1185562

Description:

This update for pam fixes the following issues:

Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443)
Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358)
In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562)

Advisory ID	SUSE-RU-2021:1861-1
Released	Fri Jun 4 09:59:40 2021
Summary	Recommended update for gcc10
Type	recommended
Severity	moderate
References	1029961,1106014,1178577,1178624,1178675,1182016

Description:

This update for gcc10 fixes the following issues:

Disable nvptx offloading for aarch64 again since it doesn't work
Fixed a build failure issue. (bsc#1182016)
Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577)
Fix 32bit 'libgnat.so' link. (bsc#1178675)
prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961)
Build complete set of multilibs for arm-none target. (bsc#1106014)

Advisory ID	SUSE-RU-2021:1926-1
Released	Thu Jun 10 08:38:14 2021
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1096677

Description:

This update for gcc fixes the following issues:

Added gccgo symlink and go and gofmt as alternatives to support parallel installation of golang (bsc#1096677)

Advisory ID	SUSE-RU-2021:1935-1
Released	Thu Jun 10 10:45:09 2021
Summary	Recommended update for gzip
Type	recommended
Severity	moderate
References	1186642

Description:

This update for gzip fixes the following issue:

gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:1937-1
Released	Thu Jun 10 10:47:09 2021
Summary	Recommended update for nghttp2
Type	recommended
Severity	moderate
References	1186642

Description:

This update for nghttp2 fixes the following issue:

The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:1950-1
Released	Thu Jun 10 14:42:00 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1170160,1182482,1185697

Description:

This update for hwdata fixes the following issues:

Update to version 0.347: + Updated pci, usb and vendor ids. (bsc#1185697)

Update to version 0.346: + Updated pci, usb and vendor ids. (bsc#1182482, jsc#SLE-13791, bsc#1170160)

Advisory ID	SUSE-RU-2021:2096-1
Released	Mon Jun 21 13:35:38 2021
Summary	Recommended update for python-six
Type	recommended
Severity	moderate
References	1186642

Description:

This update for python-six fixes the following issue:

python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

Advisory ID	SUSE-RU-2021:2103-1
Released	Mon Jun 21 19:23:28 2021
Summary	Recommended update for SUSE Manager Client Tools
Type	recommended
Severity	moderate
References	1173557,1177884,1177928,1180583,1180584,1180585,1185178

Description:

This update fixes the following issues:
POS_Image-Graphical7:

Use absolute path in bootloader service
Update install-local-bootloader.service for recent saltboot
Use linuxefi only on x86

POS_Image-JeOS7:

Use absolute path in bootloader service
Update install-local-bootloader.service for recent saltboot
Use linuxefi only on x86

golang-github-prometheus-prometheus:

Add tarball with vendor modules and web assets
Read formula data from exporters map
Add support for TLS targets
Upgrade to upstream version 2.26.0 + Changes * Alerting: Using Alertmanager v2 API by default. * Prometheus/Promtool: Binaries are now printing help and usage to stdout instead of stderr. * UI: Make the React UI default. * Remote write: The following metrics were removed/renamed in remote write. > prometheus_remote_storage_succeeded_samples_total was removed and prometheus_remote_storage_samples_total was introduced for all the samples attempted to send. > prometheus_remote_storage_sent_bytes_total was removed and replaced with prometheus_remote_storage_samples_bytes_total and prometheus_remote_storage_metadata_bytes_total. > prometheus_remote_storage_failed_samples_total -> prometheus_remote_storage_samples_failed_total. > prometheus_remote_storage_retried_samples_total -> prometheus_remote_storage_samples_retried_total. > prometheus_remote_storage_dropped_samples_total -> prometheus_remote_storage_samples_dropped_total. > prometheus_remote_storage_pending_samples -> prometheus_remote_storage_samples_pending. * Remote: Do not collect non-initialized timestamp metrics. + Features * Remote: Add support for AWS SigV4 auth method for remote_write. * PromQL: Allow negative offsets. Behind --enable-feature=promql-negative-offset flag. * UI: Add advanced auto-completion, syntax highlighting and linting to graph page query input. * Include a new `--enable-feature=` flag that enables experimental features. * Add TLS and basic authentication to HTTP endpoints. * promtool: Add check web-config subcommand to check web config files. * promtool: Add tsdb create-blocks-from openmetrics subcommand to backfill metrics data from an OpenMetrics file. + Enhancements * PromQL: Add last_over_time, sgn, clamp functions. * Scrape: Add support for specifying type of Authorization header credentials with Bearer by default. * Scrape: Add follow_redirects option to scrape configuration. * Remote: Allow retries on HTTP 429 response code for remote_write. * Remote: Allow configuring custom headers for remote_read. * UI: Hitting Enter now triggers new query. * UI: Better handling of long rule and names on the /rules and /targets pages. * UI: Add collapse/expand all button on the /targets page. * Add optional name property to testgroup for better test failure output. * Add warnings into React Panel on the Graph page. * TSDB: Increase the number of buckets for the compaction duration metric. * Remote: Allow passing along custom remote_write HTTP headers. * Mixins: Scope grafana configuration. * Kubernetes SD: Add endpoint labels metadata. * UI: Expose total number of label pairs in head in TSDB stats page. * TSDB: Reload blocks every minute, to detect new blocks and enforce retention more often. * Cache basic authentication results to significantly improve performance of HTTP endpoints. * HTTP API: Fast-fail queries with only empty matchers. * HTTP API: Support matchers for labels API. * promtool: Improve checking of URLs passed on the command line. * SD: Expose IPv6 as a label in EC2 SD. * SD: Reuse EC2 client, reducing frequency of requesting credentials. * TSDB: Add logging when compaction takes more than the block time range. * TSDB: Avoid unnecessary GC runs after compaction. * Remote write: Added a metric prometheus_remote_storage_max_samples_per_send for remote write. * TSDB: Make the snapshot directory name always the same length. * TSDB: Create a checkpoint only once at the end of all head compactions. * TSDB: Avoid Series API from hitting the chunks. * TSDB: Cache label name and last value when adding series during compactions making compactions faster. * PromQL: Improved performance of Hash method making queries a bit faster. * promtool: tsdb list now prints block sizes. * promtool: Calculate mint and maxt per test avoiding unnecessary calculations. * SD: Add filtering of services to Docker Swarm SD. + Bug fixes * API: Fix global URL when external address has no port. * Deprecate unused flag --alertmanager.timeout.

mgr-cfg:

SPEC: Updated Python definitions for RHEL8 and quoted text comparisons.

mgr-custom-info:

Update package version to 4.2.0

mgr-daemon:

Update translation strings
Update the translations from weblate
Added quotes around %{_vendor} token for the if statements in spec file.
Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
Updating translations from weblate

mgr-osad:

Change the log file permissions as expected by logrotate (bsc#1177884)
Change deprecated path /var/run into /run for systemd (bsc#1185178)
Python fixes
Removal of RHEL5

mgr-push:

Defined __python for python2.
Excluded RHEL8 for Python 2 build.

mgr-virtualization:

Update package version to 4.2.0

python-hwdata:

Modified to build on RHEL8.

rhnlib:

Update package version to 4.2.0

spacecmd:

Rename system migration to system transfer
Rename SP to product migration
Update translation strings
Add group_addconfigchannel and group_removeconfigchannel
Add group_listconfigchannels and configchannel_listgroups
Fix spacecmd compat with Python 3
Deprecated 'Software Crashes' feature
Document advanced package search on '--help' (bsc#1180583)
Fixed advanced search on 'package_listinstalledsystems'
Fixed duplicate results when using multiple search criteria (bsc#1180585)
Fixed 'non-advanced' package search when using multiple package names (bsc#1180584)
Update translations
Fix: make spacecmd build on Debian
Add Service Pack migration operations (bsc#1173557)

spacewalk-client-tools:

Update the translations from weblate
Drop the --noSSLServerURL option
Updated RHEL Python requirements.
Added quotes around %{_vendor}.

spacewalk-koan:

Fix for spacewalk-koan test

spacewalk-oscap:

Update package version to 4.2.0

spacewalk-remote-utils:

Update package version to 4.2.0

supportutils-plugin-susemanager-client:

Update package version to 4.2.0

suseRegisterInfo:

Add support for Amazon Linux 2
Add support for Alibaba Cloud Linux 2
Adapted for RHEL build.

uyuni-common-libs:

Cleaning up unused Python 2 build leftovers.
Disabled debug package build.

Advisory ID	SUSE-RU-2021:2173-1
Released	Mon Jun 28 14:59:45 2021
Summary	Recommended update for automake
Type	recommended
Severity	moderate
References	1040589,1047218,1182604,1185540,1186049

Description:

This update for automake fixes the following issues:

Implement generated autoconf makefiles reproducible (bsc#1182604)
Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
Avoid bashisms in test-driver script. (bsc#1185540)

This update for pcre fixes the following issues:

Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

This update for brp-check-suse fixes the following issues:

Add fixes to support reproducible builds. (bsc#1186049)

Advisory ID	SUSE-RU-2021:2178-1
Released	Mon Jun 28 15:56:15 2021
Summary	Recommended update for systemd-presets-common-SUSE
Type	recommended
Severity	moderate
References	1186561

Description:

This update for systemd-presets-common-SUSE fixes the following issues:
When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561)

Advisory ID	SUSE-RU-2021:2193-1
Released	Mon Jun 28 18:38:43 2021
Summary	Recommended update for tar
Type	recommended
Severity	moderate
References	1184124

Description:

This update for tar fixes the following issues:

Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)

Advisory ID	SUSE-SU-2021:2196-1
Released	Tue Jun 29 09:41:39 2021
Summary	Security update for lua53
Type	security
Severity	moderate
References	1175448,1175449,CVE-2020-24370,CVE-2020-24371

Description:

This update for lua53 fixes the following issues:
Update to version 5.3.6:

CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

Advisory ID	SUSE-SU-2021:2320-1
Released	Wed Jul 14 17:01:06 2021
Summary	Security update for sqlite3
Type	security
Severity	important
References	1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327

Description:

This update for sqlite3 fixes the following issues:

Update to version 3.36.0
CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641)
CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719)
CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309)
CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491)
CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960)
CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959)
CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958)
CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812)
CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

Advisory ID	SUSE-RU-2021:2447-1
Released	Thu Jul 22 08:26:29 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1186749,1187948

Description:

This update for hwdata fixes the following issue:

Version 0.349: Updated pci, usb and vendor ids (bsc#1187948).

Advisory ID	SUSE-RU-2021:2456-1
Released	Thu Jul 22 15:28:39 2021
Summary	Recommended update for pam-config
Type	recommended
Severity	moderate
References	1187091

Description:

This update for pam-config fixes the following issues:

Add 'revoke' to the option list for 'pam_keyinit'.
Fixed an issue when pam-config fails to create a new service config file. (bsc#1187091)

Advisory ID	SUSE-RU-2021:2627-1
Released	Thu Aug 5 12:10:46 2021
Summary	Recommended maintenance update for systemd-default-settings
Type	recommended
Severity	moderate
References	1188348

Description:

This update for systemd-default-settings fixes the following issue:

Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348)

Advisory ID	SUSE-SU-2021:2682-1
Released	Thu Aug 12 20:06:19 2021
Summary	Security update for rpm
Type	security
Severity	important
References	1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421

Description:

This update for rpm fixes the following issues:

Changed default package verification level to 'none' to be compatible to rpm-4.14.1
Made illegal obsoletes a warning
Fixed a potential access of freed mem in ndb's glue code (bsc#1179416)
Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817)
Added :humansi and :hmaniec query formatters for human readable output
Added query selectors for whatobsoletes and whatconflicts
Added support for sorting caret higher than base version
rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805)

Security fixes:

CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543)

CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545)

CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Advisory ID	SUSE-SU-2021:2817-1
Released	Mon Aug 23 15:05:18 2021
Summary	Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3
Type	security
Severity	moderate
References	1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137

Description:

This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli

Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-boto3

Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-botocore

Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package.

# python-urllib3

Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package.

# python-service_identity

Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0

# python-trustme

Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0

Security fixes:
# python-urllib3:

CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)

Advisory ID	SUSE-RU-2021:2863-1
Released	Mon Aug 30 08:18:50 2021
Summary	Recommended update for python-dbus-python
Type	recommended
Severity	moderate
References	1183818

Description:

This update for python-dbus-python fixes the following issues:

Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

Support builds with more than one python3 flavor
Clean duplicate python flavor variables for configure

Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code.

Add missing dependency for pkg-config files

Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely

Add dbus-1-python3 package
Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
New package: dbus-1-python-devel

Advisory ID	SUSE-RU-2021:2899-1
Released	Wed Sep 1 08:30:58 2021
Summary	Recommended update for systemd-rpm-macros
Type	recommended
Severity	moderate
References	1186282,1187332

Description:

This update for systemd-rpm-macros fixes the following issues:

Fixed an issue whe zypper ignores the ordering constraints. (bsc#1187332)
Introduce '%sysusers_create_package': '%sysusers_create' and '%sysusers_create_inline' are now deprecated and the new macro should be used instead.
%sysusers_create_inline: use here-docs instead of echo (bsc#1186282)

Advisory ID	SUSE-RU-2021:2973-1
Released	Tue Sep 7 16:56:08 2021
Summary	Recommended update for hwdata
Type	recommended
Severity	moderate
References	1190091

Description:

This update for hwdata fixes the following issue:

Update pci, usb and vendor ids (bsc#1190091)

Advisory ID	SUSE-RU-2021:2993-1
Released	Thu Sep 9 14:31:33 2021
Summary	Recommended update for gcc
Type	recommended
Severity	moderate
References	1185348

Description:

This update for gcc fixes the following issues:

With gcc-PIE add -pie even when -fPIC is specified but we are not linking a shared library. [bsc#1185348]
Fix postun of gcc-go alternative.

Advisory ID	SUSE-RU-2021:2997-1
Released	Thu Sep 9 14:37:34 2021
Summary	Recommended update for python3
Type	recommended
Severity	moderate
References	1187338,1189659

Description:

This update for python3 fixes the following issues:

Fixed an issue when the missing 'stropts.h' causing build errors for different python modules. (bsc#1187338)

Advisory ID	SUSE-RU-2021:3001-1
Released	Thu Sep 9 15:08:13 2021
Summary	Recommended update for netcfg
Type	recommended
Severity	moderate
References	1189683

Description:

This update for netcfg fixes the following issues:

add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

Advisory ID	SUSE-RU-2021:3182-1
Released	Tue Sep 21 17:04:26 2021
Summary	Recommended update for file
Type	recommended
Severity	moderate
References	1189996

Description:

This update for file fixes the following issues:

Fixes exception thrown by memory allocation problem (bsc#1189996)

Advisory ID	SUSE-RU-2021:3203-1
Released	Thu Sep 23 14:41:35 2021
Summary	Recommended update for kmod
Type	recommended
Severity	moderate
References	1189537,1190190

Description:

This update for kmod fixes the following issues:

Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190).
Enable support for ZSTD compressed modules
Display module information even for modules built into the running kernel (bsc#1189537)
'/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well.
Remove test patches included in release 29

Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path.

Advisory ID	SUSE-SU-2021:3291-1
Released	Wed Oct 6 16:45:36 2021
Summary	Security update for glibc
Type	security
Severity	moderate
References	1186489,1187911,CVE-2021-33574,CVE-2021-35942

Description:

This update for glibc fixes the following issues:

CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).

Advisory ID	SUSE-SU-2021:3445-1
Released	Fri Oct 15 09:03:39 2021
Summary	Security update for rpm
Type	security
Severity	important
References	1183659,1185299,1187670,1188548

Description:

This update for rpm fixes the following issues:
Security issues fixed:

PGP hardening changes (bsc#1185299)

Maintaince issues fixed:

Fixed zstd detection (bsc#1187670)
Added ndb rofs support (bsc#1188548)
Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

Advisory ID	SUSE-SU-2021:3490-1
Released	Wed Oct 20 16:31:55 2021
Summary	Security update for ncurses
Type	security
Severity	moderate
References	1190793,CVE-2021-39537

Description:

This update for ncurses fixes the following issues:

CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

Advisory ID	SUSE-RU-2021:3494-1
Released	Wed Oct 20 16:48:46 2021
Summary	Recommended update for pam
Type	recommended
Severity	moderate
References	1190052

Description:

This update for pam fixes the following issues:

Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
Added new file macros.pam on request of systemd. (bsc#1190052)

Advisory ID	SUSE-RU-2021:3501-1
Released	Fri Oct 22 10:42:46 2021
Summary	Recommended update for libzypp, zypper, libsolv, protobuf
Type	recommended
Severity	moderate
References	1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815

Description:

This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

Choice rules: treat orphaned packages as newest (bsc#1190465)
Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
Do not check of signatures and keys two times(redundant) (bsc#1190059)
Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
Show key fpr from signature when signature check fails (bsc#1187224)
Fix solver jobs for PTFs (bsc#1186503)
Fix purge-kernels fails (bsc#1187738)
Fix obs:// platform guessing for Leap (bsc#1187425)
Make sure to keep states alives while transitioning. (bsc#1190199)
Manpage: Improve description about patch updates(bsc#1187466)
Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
Fix crashes in logging code when shutting down (bsc#1189031)
Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
Add need reboot/restart hint to XML install summary (bsc#1188435)
Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

Advisory ID	SUSE-RU-2021:3510-1
Released	Tue Oct 26 11:22:15 2021
Summary	Recommended update for pam
Type	recommended
Severity	important
References	1191987

Description:

This update for pam fixes the following issues:

Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987)

Advisory ID	SUSE-SU-2021:3529-1
Released	Wed Oct 27 09:23:32 2021
Summary	Security update for pcre
Type	security
Severity	moderate
References	1172973,1172974,CVE-2019-20838,CVE-2020-14155

Description:

This update for pcre fixes the following issues:
Update pcre to version 8.45:

CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

Advisory ID	SUSE-SU-2021:3616-1
Released	Thu Nov 4 12:29:16 2021
Summary	Security update for binutils
Type	security
Severity	moderate
References	1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487

Description:

This update for binutils fixes the following issues:
Update to binutils 2.37:

The GNU Binutils sources now requires a C99 compiler and library to build.
Support for Realm Management Extension (RME) for AArch64 has been added.
A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations.
A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections.
A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16.
A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else.
A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools.
The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols.
Readelf and objdump can now display and use the contents of .debug_sup sections.
Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option.

The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed.
If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files.
If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files.

Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic.

Update to binutils 2.36:
New features in the Assembler:

General:

* When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically.

X86/x86_64:

* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86.

ARM/AArch64:

* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64.
New features in the Linker:
* Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=