drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Preisgabe von Informationen in build
| Name: |
Preisgabe von Informationen in build |
|
| ID: |
SUSE-SU-2025:0857-1 |
|
| Distribution: |
SUSE |
|
| Plattformen: |
SUSE Enterprise Storage 7.1, SUSE Linux Enterprise High Performance Computing 15 SP3, SUSE Linux Enterprise High Performance Computing 15 SP4, SUSE Linux Enterprise Server 15 SP4, SUSE Linux Enterprise Server 15 SP3, SUSE Linux Enterprise Server for SAP Applications 15 SP4, SUSE Linux Enterprise Server for SAP Applications 15 SP3, SUSE Linux Enterprise High Performance Computing LTSS 15 SP3, SUSE Linux Enterprise Server for SAP Applications 15 SP5, SUSE Linux Enterprise Server 15 SP5, SUSE Linux Enterprise High Performance Computing 15 SP5, SUSE Linux Enterprise High Performance Computing LTSS 15 SP4, SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4, SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Server for SAP Applications 15 SP6, SUSE Linux Enterprise Server 15 SP6, SUSE Linux Enterprise Real Time 15 SP6, SUSE openSUSE Leap 15.6, SUSE Development Tools Module 15-SP6, SUSE Linux Enterprise Server 15 SP4 LTSS, SUSE Linux Enterprise Server 15 SP3 LTSS, SUSE Linux Enterprise High Performance Computing LTSS 15 SP5, SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5, SUSE Linux Enterprise Server 15 SP5 LTSS |
|
| Datum: |
Do, 13. März 2025, 23:47 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-22038 |
|
| Applikationen: |
build |
|
Originalnachricht |
--===============6071976635126526836==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
# Security update for build
Announcement ID: SUSE-SU-2025:0857-1
Release Date: 2025-03-13T17:58:42Z
Rating: important
References:
* bsc#1217269
* bsc#1230469
Cross-References:
* CVE-2024-22038
CVSS scores:
* CVE-2024-22038 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
* CVE-2024-22038 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves one vulnerability and has one security fix can now be
installed.
## Description:
This update for build fixes the following issues: \- CVE-2024-22038: Fixed DoS
attacks, information leaks with crafted Git repositories (bnc#1230469)
Other fixes: \- Fixed behaviour when using "\--shell" aka "osc
shell" option in
a VM build. Startup is faster and permissions stay intact now.
* fixes for POSIX compatibility for obs-docker-support adn mkbaselibs
* Add support for apk in docker/podman builds
* Add support for 'wget' in Docker images
* Fix debian support for Dockerfile builds
* Fix preinstallimages in containers
* mkosi: add back system-packages used by build-recipe directly
* pbuild: parse the Release files for debian repos
* mkosi: drop most systemd/build-packages deps and use obs_scm directory as
source if present
* improve source copy handling
* Introduce --repos-directory and --containers-directory options
* productcompose: support of building against a baseiso
* preinstallimage: avoid inclusion of build script generated files
* preserve timestamps on sources copy-in for kiwi and productcompose
* alpine package support updates
* tumbleweed config update
* debian: Support installation of foreign architecture packages (required for
armv7l setups)
* Parse unknown timezones as UTC
* Apk (Alpine Linux) format support added
* Implement default value in parameter expansion
* Also support supplements that use & as "and"
* Add workaround for skopeo's argument parser
* add cap-htm=off on power9
* Fixed usage of chown calls
* Remove leading `go` from `purl` locators
* container related:
* Implement support for the new <containers> element in kiwi recipes
* Fixes for SBOM and dependencies of multi stage container builds
* obs-docker-support: enable dnf and yum substitutions
* Arch Linux:
* fix file path for Arch repo
* exclude unsupported arch
* Use root as download user
* build-vm-qemu: force sv48 satp mode on riscv64
* mkosi:
* Create .sha256 files after mkosi builds
* Always pass --image-version to mkosi
* General improvements and bugfixes (mkosi, pbuild, appimage/livebuild, obs
work detection, documention, SBOM)
* Support slsa v1 in unpack_slsa_provenance
* generate_sbom: do not clobber spdx supplier
* Harden export_debian_orig_from_git (bsc#1230469)
* SBOM generation:
* Adding golang introspection support
* Adding rust binary introspection support
* Keep track of unknwon licenses and add a
"hasExtractedLicensingInfos"
section
* Also normalize licenses for cyclonedx
* Make generate_sbom errors fatal
* general improvements
* Fix noprep building not working because the buildir is removed
* kiwi image: also detect a debian build if /var/lib/dpkg/status is present
* Do not use the Encode module to convert a code point to utf8
* Fix personality syscall number for riscv
* add more required recommendations for KVM builds
* set PACKAGER field in build-recipe-arch
* fix writing _modulemd.yaml
* pbuild: support --release and --baselibs option
* container:
* copy base container information from the annotation into the containerinfo
* track base containers over multiple stages
* always put the base container last in the dependencies
* providing fileprovides in createdirdeps tool
* Introduce buildflag nochecks
* productcompose: support **all** option
* config update: tumbleweed using preinstallexpand
* minor improvements
* tumbleweed build config update
* support the %load macro
* improve container filename generation (docker)
* fix hanging curl calls during build (docker)
* productcompose: fix milestone query
* tumbleweed build config update
* 15.6 build config fixes
* sourcerpm & sourcedep handling fixes
* productcompose:
* Fix milestone handling
* Support bcntsynctag
* Adding debian support to generate_sbom
* Add syscall for personality switch on loongarch64 kernel
* vm-build: ext3 & ext4: fix disk space allocation
* mkosi format updates, not fully working yet
* pbuild exception fixes
* Fixes for current fedora and centos distros
* Don't copy original dsc sources if OBS-DCH-RELEASE set
* Unbreak parsing of sources/patches
* Support ForceMultiVersion in the dockerfile parser
* Support %bcond of rpm 4.17.1
* Add a hack for systemd 255.3, creating an empty /etc/os-release if missing
after preinstall.
* docker: Fix HEAD request in dummyhttpserver
* pbuild: Make docker-nobasepackages expand flag the default
* rpm: Support a couple of builtin rpm macros
* rpm: Implement argument expansion for define/with/bcond...
* Fix multiline macro handling
* Accept -N parameter of %autosetup
* documentation updates
* various code cleanup and speedup work.
* ProductCompose: multiple improvements
* Add buildflags:define_specfile support
* Fix copy-in of git subdirectory sources
* pbuild: Speed up XML parsing
* pubild: product compose support
* generate_sbom: add help option
* podman: enforce runtime=runc
* Implement direct conflicts from the distro config
* changelog2spec: fix time zone handling
* Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts
* spec file cleanup
* documentation updates
* productcompose:
* support schema 0.1
* support milestones
* Leap 15.6 config
* SLE 15 SP6 config
* productcompose: follow incompatible flavor syntax change
* pbuild: support for zstd
* fixed handling for cmdline parameters via kernel packages
* productcompose:
* BREAKING: support new schema
* adapt flavor architecture parsing
* productcompose:
* support filtered package lists
* support default architecture listing
* fix copy in binaries in VM builds^
* obsproduct build type got renamed to productcompose
* Support zstd compressed rpm-md meta data (bsc#1217269)
* Added Debian 12 configuration
* First ObsProduct build format support
* fix SLE 15 SP5 build configuration
* Improve user agent handling for obs repositories
* Docker:
* Support flavor specific build descriptions via Dockerfile.$flavor
* support "PlusRecommended" hint to also provide recommended packages
* use the name/version as filename if both are known
* Produce docker format containers by default
* pbuild: Support for signature authentification of OBS resources
* Fix wiping build root for --vm-type podman
* Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv
* build-vm-kvm: use -cpu host on riscv64
* small fixes and cleanups
* Added parser for BcntSyncTag in sources
* pbuild:
* fix dependency expansion for build types other than spec
* Reworked cycle handling code
* add --extra-packs option
* add debugflags option
* Pass-through --buildtool-opt
* Parse Patch and Source lines more accurately
* fix tunefs functionality
* minor bugfixes
* \--vm-type=podman added (supports also root-less builds)
* Also support build constraints in the Dockerfile
* minor fixes
* Add SUSE ALP build config
* BREAKING: Record errors when parsing the project config former behaviour
was
undefined
* container: Support compression format configuration option
* Don't setup ccache with --no-init
* improved loongarch64 support
* sbom: SPDX supplier tag added
* kiwi: support different versions per profile
* preinstallimage: fail when recompression fails
* Add support for recommends and supplements dependencies
* Support the "keepfilerequires" expand flag
* add '\--buildtool-opt=OPTIONS' to pass options to the used build
tool
* distro config updates
* ArchLinux
* Tumbleweed
* documentation updates
* openSUSE Tumbleweed: sync config and move to suse_version 1699.
* universal post-build hook, just place a file in
/usr/lib/build/post_build.d/
* mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)
* KiwiProduct: add --use-newest-package hint if the option is set
* Dockerfile support:
* export multibuild flavor as argument
* allow parameters in FROM .. scratch lines
* include OS name in build result if != linux
* Workaround directory->symlink usrmerge problems for cross arch sysroot
* multiple fixes for SBOM support
* KIWI VM image SBOM support added
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-857=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-857=1
* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857=1
## Package List:
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Enterprise Storage 7.1 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* openSUSE Leap 15.6 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-initvm-x86_64-20250306-150200.19.1
* build-initvm-aarch64-20250306-150200.19.1
* build-initvm-s390x-20250306-150200.19.1
* build-mkdrpms-20250306-150200.19.1
* build-initvm-powerpc64le-20250306-150200.19.1
* build-20250306-150200.19.1
* Development Tools Module 15-SP6 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* build-mkbaselibs-20250306-150200.19.1
* build-20250306-150200.19.1
## References:
* https://www.suse.com/security/cve/CVE-2024-22038.html
* https://bugzilla.suse.com/show_bug.cgi?id=1217269
* https://bugzilla.suse.com/show_bug.cgi?id=1230469
--===============6071976635126526836==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
<div class="container">
<h1>Security update for build</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:0857-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-03-13T17:58:42Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217269">bsc#1217269</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230469">bsc#1230469</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-22038.html">CVE-2024-22038</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22038</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">6.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22038</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span
class="cvss-score">7.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22038</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">6.8</span>
<span
class="cvss-vector">CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X</span>
</li>
<li class="list-group-item">
<span
class="cvss-reference">CVE-2024-22038</span>
<span class="cvss-source">
(
NVD
):
</span>
<span
class="cvss-score">7.3</span>
<span
class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Development
Tools Module 15-SP6</li>
<li class="list-group-item">openSUSE Leap
15.6</li>
<li class="list-group-item">SUSE
Enterprise Storage 7.1</li>
<li class="list-group-item">SUSE Linux
Enterprise Desktop 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing ESPOS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing ESPOS 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise High Performance Computing LTSS 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Real Time 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP3 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP4 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP5 LTSS</li>
<li class="list-group-item">SUSE Linux
Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP3</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP4</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP5</li>
<li class="list-group-item">SUSE Linux
Enterprise Server for SAP Applications 15 SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and has one security fix
can now be installed.</p>
<h2>Description:</h2>
<p>This update for build fixes the following issues:
- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git
repositories (bnc#1230469) </p>
<p>Other fixes:
- Fixed behaviour when using "--shell" aka "osc
shell" option
in a VM build. Startup is faster and permissions stay intact
now.</p>
<ul>
<li>fixes for POSIX compatibility for obs-docker-support adn
mkbaselibs</li>
<li>Add support for apk in docker/podman builds</li>
<li>Add support for 'wget' in Docker images</li>
<li>Fix debian support for Dockerfile builds</li>
<li>Fix preinstallimages in containers</li>
<li>mkosi: add back system-packages used by build-recipe
directly</li>
<li>
<p>pbuild: parse the Release files for debian repos</p>
</li>
<li>
<p>mkosi: drop most systemd/build-packages deps and use obs_scm
directory as source if present</p>
</li>
<li>improve source copy handling</li>
<li>
<p>Introduce --repos-directory and --containers-directory
options</p>
</li>
<li>
<p>productcompose: support of building against a baseiso</p>
</li>
<li>preinstallimage: avoid inclusion of build script generated
files</li>
<li>preserve timestamps on sources copy-in for kiwi and
productcompose</li>
<li>alpine package support updates</li>
<li>
<p>tumbleweed config update</p>
</li>
<li>
<p>debian: Support installation of foreign architecture packages
(required for armv7l setups)</p>
</li>
<li>Parse unknown timezones as UTC</li>
<li>Apk (Alpine Linux) format support added</li>
<li>Implement default value in parameter expansion</li>
<li>Also support supplements that use & as
"and"</li>
<li>Add workaround for skopeo's argument parser</li>
<li>add cap-htm=off on power9</li>
<li>Fixed usage of chown calls</li>
<li>
<p>Remove leading <code>go</code> from
<code>purl</code> locators</p>
</li>
<li>
<p>container related:</p>
</li>
<li>Implement support for the new <containers> element in
kiwi recipes</li>
<li>Fixes for SBOM and dependencies of multi stage container
builds</li>
<li>obs-docker-support: enable dnf and yum substitutions</li>
<li>Arch Linux:</li>
<li>fix file path for Arch repo</li>
<li>exclude unsupported arch</li>
<li>Use root as download user</li>
<li>build-vm-qemu: force sv48 satp mode on riscv64</li>
<li>mkosi:</li>
<li>Create .sha256 files after mkosi builds</li>
<li>Always pass --image-version to mkosi</li>
<li>General improvements and bugfixes (mkosi, pbuild, appimage/livebuild,
obs work detection, documention,
SBOM)</li>
<li>Support slsa v1 in unpack_slsa_provenance</li>
<li>generate_sbom: do not clobber spdx supplier</li>
<li>
<p>Harden export_debian_orig_from_git (bsc#1230469)</p>
</li>
<li>
<p>SBOM generation:</p>
</li>
<li>Adding golang introspection support</li>
<li>Adding rust binary introspection support</li>
<li>Keep track of unknwon licenses and add a
"hasExtractedLicensingInfos"
section</li>
<li>Also normalize licenses for cyclonedx</li>
<li>Make generate_sbom errors fatal</li>
<li>general improvements</li>
<li>Fix noprep building not working because the buildir is
removed</li>
<li>kiwi image: also detect a debian build if /var/lib/dpkg/status is
present</li>
<li>Do not use the Encode module to convert a code point to
utf8</li>
<li>Fix personality syscall number for riscv</li>
<li>add more required recommendations for KVM builds</li>
<li>set PACKAGER field in build-recipe-arch</li>
<li>fix writing _modulemd.yaml</li>
<li>pbuild: support --release and --baselibs option</li>
<li>container:</li>
<li>copy base container information from the annotation into the
containerinfo</li>
<li>track base containers over multiple stages</li>
<li>
<p>always put the base container last in the dependencies</p>
</li>
<li>
<p>providing fileprovides in createdirdeps tool</p>
</li>
<li>
<p>Introduce buildflag nochecks</p>
</li>
<li>
<p>productcompose: support <strong>all</strong>
option</p>
</li>
<li>config update: tumbleweed using preinstallexpand</li>
<li>
<p>minor improvements</p>
</li>
<li>
<p>tumbleweed build config update</p>
</li>
<li>support the %load macro</li>
<li>improve container filename generation (docker)</li>
<li>fix hanging curl calls during build (docker)</li>
<li>
<p>productcompose: fix milestone query</p>
</li>
<li>
<p>tumbleweed build config update</p>
</li>
<li>15.6 build config fixes</li>
<li>sourcerpm & sourcedep handling fixes</li>
<li>productcompose:</li>
<li>Fix milestone handling</li>
<li>Support bcntsynctag</li>
<li>Adding debian support to generate_sbom</li>
<li>Add syscall for personality switch on loongarch64 kernel</li>
<li>vm-build: ext3 & ext4: fix disk space allocation</li>
<li>mkosi format updates, not fully working yet</li>
<li>pbuild exception fixes</li>
<li>Fixes for current fedora and centos distros</li>
<li>Don't copy original dsc sources if OBS-DCH-RELEASE
set</li>
<li>Unbreak parsing of sources/patches</li>
<li>Support ForceMultiVersion in the dockerfile parser</li>
<li>
<p>Support %bcond of rpm 4.17.1</p>
</li>
<li>
<p>Add a hack for systemd 255.3, creating an empty /etc/os-release
if missing after preinstall.</p>
</li>
<li>docker: Fix HEAD request in dummyhttpserver</li>
<li>pbuild: Make docker-nobasepackages expand flag the default</li>
<li>rpm: Support a couple of builtin rpm macros</li>
<li>rpm: Implement argument expansion for define/with/bcond...</li>
<li>Fix multiline macro handling</li>
<li>Accept -N parameter of %autosetup</li>
<li>documentation updates</li>
<li>
<p>various code cleanup and speedup work.</p>
</li>
<li>
<p>ProductCompose: multiple improvements</p>
</li>
<li>Add buildflags:define_specfile support</li>
<li>Fix copy-in of git subdirectory sources</li>
<li>pbuild: Speed up XML parsing</li>
<li>pubild: product compose support</li>
<li>generate_sbom: add help option</li>
<li>podman: enforce runtime=runc</li>
<li>Implement direct conflicts from the distro config</li>
<li>changelog2spec: fix time zone handling</li>
<li>Do not unmount /proc/sys/fs/binfmt_misc before runnint the check
scripts</li>
<li>spec file cleanup</li>
<li>
<p>documentation updates</p>
</li>
<li>
<p>productcompose:</p>
</li>
<li>support schema 0.1</li>
<li>support milestones</li>
<li>Leap 15.6 config</li>
<li>
<p>SLE 15 SP6 config</p>
</li>
<li>
<p>productcompose: follow incompatible flavor syntax change</p>
</li>
<li>
<p>pbuild: support for zstd</p>
</li>
<li>
<p>fixed handling for cmdline parameters via kernel packages</p>
</li>
<li>
<p>productcompose:</p>
</li>
<li>BREAKING: support new schema</li>
<li>
<p>adapt flavor architecture parsing</p>
</li>
<li>
<p>productcompose:</p>
</li>
<li>support filtered package lists</li>
<li>support default architecture listing</li>
<li>
<p>fix copy in binaries in VM builds^</p>
</li>
<li>
<p>obsproduct build type got renamed to productcompose</p>
</li>
<li>
<p>Support zstd compressed rpm-md meta data (bsc#1217269)</p>
</li>
<li>Added Debian 12 configuration</li>
<li>
<p>First ObsProduct build format support</p>
</li>
<li>
<p>fix SLE 15 SP5 build configuration</p>
</li>
<li>
<p>Improve user agent handling for obs repositories</p>
</li>
<li>
<p>Docker:</p>
</li>
<li>Support flavor specific build descriptions via
Dockerfile.$flavor</li>
<li>support "PlusRecommended" hint to also provide
recommended packages</li>
<li>use the name/version as filename if both are known</li>
<li>Produce docker format containers by default</li>
<li>pbuild: Support for signature authentification of OBS
resources</li>
<li>Fix wiping build root for --vm-type podman</li>
<li>Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the
/.buildenv</li>
<li>build-vm-kvm: use -cpu host on riscv64</li>
<li>
<p>small fixes and cleanups</p>
</li>
<li>
<p>Added parser for BcntSyncTag in sources</p>
</li>
<li>
<p>pbuild:</p>
</li>
<li>fix dependency expansion for build types other than spec</li>
<li>Reworked cycle handling code</li>
<li>add --extra-packs option</li>
<li>add debugflags option</li>
<li>Pass-through --buildtool-opt</li>
<li>Parse Patch and Source lines more accurately</li>
<li>fix tunefs functionality</li>
<li>
<p>minor bugfixes</p>
</li>
<li>
<p>--vm-type=podman added (supports also root-less builds)</p>
</li>
<li>Also support build constraints in the Dockerfile</li>
<li>
<p>minor fixes</p>
</li>
<li>
<p>Add SUSE ALP build config</p>
</li>
<li>
<p>BREAKING: Record errors when parsing the project config
former behaviour was undefined</p>
</li>
<li>container: Support compression format configuration option</li>
<li>Don't setup ccache with --no-init</li>
<li>improved loongarch64 support</li>
<li>sbom: SPDX supplier tag added</li>
<li>kiwi: support different versions per profile</li>
<li>preinstallimage: fail when recompression fails</li>
<li>Add support for recommends and supplements dependencies</li>
<li>Support the "keepfilerequires" expand
flag</li>
<li>add '--buildtool-opt=OPTIONS' to pass options to
the used build tool</li>
<li>distro config updates</li>
<li>ArchLinux</li>
<li>Tumbleweed</li>
<li>
<p>documentation updates</p>
</li>
<li>
<p>openSUSE Tumbleweed: sync config and move to suse_version
1699.</p>
</li>
<li>
<p>universal post-build hook, just place a file in
/usr/lib/build/post_build.d/</p>
</li>
<li>mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)</li>
<li>
<p>KiwiProduct: add --use-newest-package hint if the option is
set</p>
</li>
<li>
<p>Dockerfile support:</p>
</li>
<li>export multibuild flavor as argument</li>
<li>allow parameters in FROM .. scratch lines</li>
<li>include OS name in build result if != linux</li>
<li>Workaround directory->symlink usrmerge problems for cross arch
sysroot</li>
<li>
<p>multiple fixes for SBOM support</p>
</li>
<li>
<p>KIWI VM image SBOM support added</p>
</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper
patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Enterprise Storage 7.1
<br/>
<code>zypper in -t patch
SUSE-Storage-7.1-2025-857=1</code>
</li>
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch
openSUSE-SLE-15.6-2025-857=1</code>
</li>
<li class="list-group-item">
Development Tools Module 15-SP6
<br/>
<code>zypper in -t patch
SUSE-SLE-Module-Development-Tools-15-SP6-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP3 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP4 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP5 LTSS
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP3
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP4
<br/>
<code>zypper in -t patch
SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP5
(noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Enterprise Storage 7.1 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-initvm-x86_64-20250306-150200.19.1</li>
<li>build-initvm-aarch64-20250306-150200.19.1</li>
<li>build-initvm-s390x-20250306-150200.19.1</li>
<li>build-mkdrpms-20250306-150200.19.1</li>
<li>build-initvm-powerpc64le-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
Development Tools Module 15-SP6 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP3 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15
SP4 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP4 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing ESPOS 15
SP5 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing LTSS 15
SP5 (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP3
(noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP4
(noarch)
<ul>
<li>build-mkbaselibs-20250306-150200.19.1</li>
<li>build-20250306-150200.19.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-22038.html">https://www.suse.com/security/cve/CVE-2024-22038.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217269">https://bugzilla.suse.com/show_bug.cgi?id=1217269</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230469">https://bugzilla.suse.com/show_bug.cgi?id=1230469</a>
</li>
</ul>
</div>
--===============6071976635126526836==--
|
|
|
|
