Packages changed:
clamav (1.4.3 -> 1.5.1)
kernel-source (6.17.2 -> 6.17.3)
libselinux
libselinux-bindings
lua54
openSUSE-release (20251016 -> 20251017)
python311 (3.11.13 -> 3.11.14)
python311-core (3.11.13 -> 3.11.14)
python313 (3.13.7 -> 3.13.9)
python313-core (3.13.7 -> 3.13.9)
=== Details ===
==== clamav ====
Version update (1.4.3 -> 1.5.1)
Subpackages: libclamav12 libclammspack0
- New version: 1.5.1:
* Fixed a significant performance issue when scanning some PE
files.
* Fixed an issue recording file entries from a ZIP archive
central directory which resulted in
"Heuristics.Limits.Exceeded.MaxFiles" alerts when using the
ClamScan --alert-exceeds-max command line option or ClamD
AlertExceedsMax config file option.
* Improved performance when scanning TNEF email attachments.
* Fixed an issue with recording metadata for OOXML office
documents.
* Fixed an issue with signature matches for VBA in OLE2 office
documents.
* Loosened overly restrictive rules for embedded file
identification and increased the limit for finding PE files
embedded in other PE files.
* Fixed an issue with extracting some RAR archives embedded in
other files.
* Fixed an issue with calculating fuzzy hashes affecting some
images by updating the version for several Rust library
dependencies.
- Add json-c-json-c-0.18-20240915.tar.gz and link it statically
into libclamav on SLE-12, because version 0.12 is too old.
- New version 1.5.0:
* Added checks to determine if an OLE2-based Microsoft Office
document is encrypted.
* Added the ability to record URIs found in HTML if the
generate-JSON-metadata feature is enabled.
* Added the ability to record URIs found in PDFs if the
generate-JSON-metadata feature is enabled.
* Added regex support for the clamd.conf OnAccessExcludePath
config option.
* Added CVD signing/verification with external .sign files.
* Freshclam, ClamD, ClamScan, and Sigtool: Added an option to
enable FIPS-like limits disabling MD5 and SHA1 from being used
for verifying digital signatures or for being used to trust a
file when checking for false positives
* ClamD: Added an option to disable select administrative
commands including SHUTDOWN, RELOAD, STATS and VERSION.
* libclamav: Added extended hashing functions with a "flags"
parameter that allows the caller to choose if they want to
bypass FIPS hash algorithm limits.
* See the release announcement for the full list of changes:
https://blog.clamav.net/2025/10/clamav-150-released.html
- Obsoleted patches:
* clamav-freshclam_test.patch
* clamav-disable-administrative-commands.patch
* clamav-fips.patch
- Use macros for library versions
- Remove service symlinks: rcclamd, rcfreshclam, rcclamav-milter,
and clamonacc.
- Use rust 1.86 for SLE-12 and SLE-15-SP2.
==== kernel-source ====
Version update (6.17.2 -> 6.17.3)
- Delete
patches.suse/Revert-net-bonding-add-broadcast_neighbor-netlink-op.patch.
- Delete
patches.suse/Revert-net-bonding-add-broadcast_neighbor-option-for.patch.
- Delete
patches.suse/Revert-net-bonding-send-peer-notify-when-failure-rec.patch.
About to be replaced by a proper patch in the next commit.
- commit a9d395c
- net: bonding: update the slave array for broadcast mode
(bsc#1250894).
- commit 5508f45
- wifi: iwlwifi: Add missing firmware info for bz-b0-* models
(bsc#1252084).
- commit 4ff36a8
- Linux 6.17.3 (bsc#1012628).
- drm/amdgpu/vcn: Fix double-free of vcn dump buffer
(bsc#1012628).
- scsi: ufs: core: Fix PM QoS mutex initialization (bsc#1012628).
- usb: cdns3: cdnsp-pci: remove redundant pci_disable_device()
call (bsc#1012628).
- arm64: dts: qcom: qcm2290: Disable USB SS bus instances in
park mode (bsc#1012628).
- usb: typec: tipd: Clear interrupts first (bsc#1012628).
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL
deadlock (bsc#1012628).
- net/9p: Fix buffer overflow in USB transport layer
(bsc#1012628).
- bus: fsl-mc: Check return value of platform_get_resource()
(bsc#1012628).
- pinctrl: check the return value of
pinmux_ops::get_function_name() (bsc#1012628).
- tee: fix register_shm_helper() (bsc#1012628).
- thunderbolt: Fix use-after-free in tb_dp_dprx_work
(bsc#1012628).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels
before release (bsc#1012628).
- remoteproc: pru: Fix potential NULL pointer dereference in
pru_rproc_set_ctable() (bsc#1012628).
- PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()
(bsc#1012628).
- sunrpc: fix null pointer dereference on zero-length checksum
(bsc#1012628).
- Input: uinput - zero-initialize uinput_ff_upload_compat to
avoid info leak (bsc#1012628).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (bsc#1012628).
- misc: fastrpc: Skip reference for DMA handles (bsc#1012628).
- misc: fastrpc: fix possible map leak in fastrpc_put_args
(bsc#1012628).
- misc: fastrpc: Fix fastrpc_map_lookup operation (bsc#1012628).
- misc: fastrpc: Save actual DMA size in fastrpc_map structure
(bsc#1012628).
- nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in
ndtest_probe() (bsc#1012628).
- selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY
is disabled (bsc#1012628).
- mm: hugetlb: avoid soft lockup when mprotect to large memory
area (bsc#1012628).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds()
(bsc#1012628).
- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't
valid (bsc#1012628).
- ext4: fix checks for orphan inodes (bsc#1012628).
- ext4: fix potential null deref in ext4_mb_init() (bsc#1012628).
- ksmbd: add max ip connections parameter (bsc#1012628).
- ksmbd: fix error code overwriting in smb2_get_info_filesystem()
(bsc#1012628).
- ksmbd: Fix race condition in RPC handle list access
(bsc#1012628).
- mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1012628).
- LoongArch: BPF: Fix uninitialized symbol 'retval_off'
(bsc#1012628).
- LoongArch: BPF: Remove duplicated flags check (bsc#1012628).
- LoongArch: BPF: No text_poke() for kernel text (bsc#1012628).
- LoongArch: BPF: Remove duplicated bpf_flush_icache()
(bsc#1012628).
- LoongArch: BPF: Make error handling robust in
arch_prepare_bpf_trampoline() (bsc#1012628).
- LoongArch: BPF: Make trampoline size stable (bsc#1012628).
- LoongArch: BPF: Don't align trampoline size (bsc#1012628).
- LoongArch: BPF: No support of struct argument in trampoline
programs (bsc#1012628).
- LoongArch: BPF: Sign-extend struct ops return values properly
(bsc#1012628).
- pwm: loongson: Fix LOONGSON_PWM_FREQ_DEFAULT (bsc#1012628).
- LoongArch: Automatically disable kaslr if boot from kexec_file
(bsc#1012628).
- dm: fix NULL pointer dereference in __dm_suspend()
(bsc#1012628).
- dm: fix queue start/stop imbalance under suspend/load/resume
races (bsc#1012628).
- tracing: Stop fortify-string from warning in
tracing_mark_raw_write() (bsc#1012628).
- tracing: Fix tracing_mark_raw_write() to use buf and not ubuf
(bsc#1012628).
- tracing: Have trace_marker use per-cpu data to read user space
(bsc#1012628).
- tracing: Fix irqoff tracers on failure of acquiring calltime
(bsc#1012628).
- tracing: Fix wakeup tracers on failure of acquiring calltime
... changelog too long, skipping 911 lines ...
- commit f00dc5b
==== libselinux ====
Subpackages: libselinux1 libselinux1-32bit selinux-tools
- Ship license file (bsc#1252160)
- Add man_selinux_disabled_mismatch_kernel_config.patch to explain
in the selinux(8) man page to not disable SELinux via
/etc/selinux/config and enable it at the same time via kernel
cmd line (bsc#1246549)
==== libselinux-bindings ====
- Ship license file (bsc#1252160)
==== lua54 ====
- Clean up of the SPEC file.
==== openSUSE-release ====
Version update (20251016 -> 20251017)
Subpackages: openSUSE-release-appliance-custom openSUSE-release-dvd
- automatically generated by openSUSE-release-tools/pkglistgen
==== python311 ====
Version update (3.11.13 -> 3.11.14)
Subpackages: python311-curses python311-dbm python311-x86-64-v3
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file.
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. .
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. .
* Multiple = between attribute name and value are no longer
collapsed. E.g. produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the .
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. .
* Multiple = between attribute name and value are no longer
collapsed. E.g. produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the