- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- Add patch git-50-845b509c9a005340a0455cb8a7fe084d1b8f1946.patch
* Add mc helpers for both tcsh and bash resources (boo#1203617)
- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.16-CVE-2024-11187.patch]
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- cifs-utils
-
- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
* add New-mount-option-for-cifs.upcall-namespace-reso.patch
- cloud-init
-
- Add cloud-init-wait-for-net.patch (bsc#1227237)
+ Wait for udev once if we cannot find the expected MAC
- remove dependency on /usr/bin/python3 via using the macros (bsc#1212476)
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.23. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.22. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- curl
-
- Security fix: [bsc#1236590, CVE-2025-0725]
* content_encoding: drop support for zlib before 1.2.0.4
* content_encoding: put the decomp buffers into the writer structs
* Add curl-CVE-2025-0725.patch
- Security fix: [bsc#1236588, CVE-2025-0167]
* netrc: 'default' with no credentials is not a match
* Add curl-CVE-2025-0167.patch
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- dhcp
-
- bsc#1192020: Add 'Requires(pre): group(nogroup)' to fix user
creation in pre scriptlet for dhcp-server.
- docker
-
- Don't use the new container-selinux conditional requires on SLE-12, as the
RPM version there doesn't support it. Arguably the change itself is a bit
suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
+ 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
+ 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)
- Update to Docker 27.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.20.1. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.20.1>
- Update to Docker 27.4.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.19.3. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.3>
- Update to Docker 27.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#274>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- findutils
-
- do not crash when file system loop was encountered [bsc#1231472]
- added patches
fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9
+ findutils-avoid-crash-system-loop.patch
- modified patches
% findutils-xautofs.patch (p1)
- glibc
-
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582))
- grub2
-
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
* 0001-autofs-Ignore-zfs-not-found.patch
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- Fix xen package contains debug_info files with the .module suffix by moving
them to a separate xen-debug subpackage (bsc#1232573)
- Fix not a directory error from the minix filesystem, as leftover data on disk
may contain its magic header so it gets misdetected (bsc#1231604)
* grub2-install-fix-not-a-directory-error.patch
- hwdata
-
- update to 0.390:
* Update pci and vendor ids
- hwinfo
-
- merge gh#openSUSE/hwinfo#152
- avoid reporting of spurious usb storage devices (bsc#1223330)
- 21.87
- merge gh#openSUSE/hwinfo#151
- do not overdo usb device de-duplication (bsc#1239663)
- 21.86
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- kdump
-
- dracut: fix filtering ro keys in kdump_bond_config (bsc#1233137)
- kernel-default
-
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124
bsc#1234074).
- commit da48f3c
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Always check inode size of inline inodes (bsc#1240207
CVE-2022-49739).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (bsc#1240207
CVE-2022-49739).
- commit a949c3f
- Revert "gfs2: Fix inode height consistency check (git-fixes)."
This reverts commit 935054ab3fe2351d6b7c7a49e49bc57d5ae66ce2.
The revert commit will re-add by bsc#1240207 bug fix
- commit f6fc2e8
- Refresh
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-throttled.patch.
The original version had a back-port mistake that cause aregression.
- commit fb94b71
- mm/khugepaged: fix ->anon_vma race (CVE-2023-52935 bsc#1240276).
- commit 6257477
- net: mana: Support holes in device list reply msg (bsc#1240133).
- commit 4d6c8d2
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit 4c491c6
- Update
patches.suse/ALSA-hda-via-Avoid-potential-array-out-of-bound-in-a.patch
(git-fixes CVE-2023-52988 bsc#1240293).
- Update
patches.suse/Bluetooth-Fix-possible-deadlock-in-rfcomm_sk_state_c.patch
(git-fixes CVE-2023-53016 bsc#1240281).
- Update
patches.suse/HID-betop-check-shape-of-output-reports.patch
(git-fixes bsc#1207186 CVE-2023-53015 bsc#1240288).
- Update
patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
(git-fixes bsc#1209788 CVE-2023-1652 CVE-2023-53025
bsc#1240264).
- Update
patches.suse/RDMA-core-Fix-ib-block-iterator-counter-overflow.patch
(bsc#1207878 CVE-2023-53026 bsc#1240308).
- Update
patches.suse/Revert-wifi-mac80211-fix-memory-leak-in-ieee80211_if.patch
(git-fixes CVE-2023-53028 bsc#1240212).
- Update
patches.suse/Squashfs-fix-handling-and-sanity-checking-of-xattr_i.patch
(git-fixes CVE-2023-52933 bsc#1240275).
- Update
patches.suse/block-bfq-fix-uaf-for-bfqq-in-bic_set_bfqq-b600.patch
(git-fixes CVE-2023-52983 bsc#1240284).
- Update
patches.suse/bnxt-Do-not-read-past-the-end-of-test-names.patch
(jsc#SLE-18978 CVE-2023-53010 bsc#1240290).
- Update
patches.suse/bpf-Fix-pointer-leak-due-to-insufficient-speculative.patch
(bsc#1231375 CVE-2023-53024 bsc#1240272).
- Update
patches.suse/bpf-Skip-task-with-pid-1-in-send_signal_common.patch
(git-fixes CVE-2023-52992 bsc#1240317).
- Update
patches.suse/can-isotp-split-tx-timer-into-transmission-and-timeo.patch
(git-fixes CVE-2023-52941 bsc#1240280).
- Update
patches.suse/cifs-Fix-oops-due-to-uncleared-server-smbd_conn-in-reconnect.patch
(git-fixes CVE-2023-53006 bsc#1240208).
- Update
patches.suse/cifs-fix-potential-memory-leaks-in-session-setup.patch
(bsc#1193629 CVE-2023-53008 bsc#1240318).
- Update
patches.suse/drm-i915-Fix-potential-bit_17-double-free.patch
(git-fixes CVE-2023-52930 bsc#1240304).
- Update
patches.suse/efi-fix-potential-NULL-deref-in-efi_mem_reserve_pers.patch
(git-fixes CVE-2023-52976 bsc#1240283).
- Update
patches.suse/firewire-fix-memory-leak-for-payload-of-request-suba.patch
(git-fixes CVE-2023-52989 bsc#1240266).
- Update
patches.suse/mm-memcg-fix-NULL-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch
(bsc#1209262 CVE-2023-52939 bsc#1240231).
- Update
patches.suse/net-mdio-validate-parameter-addr-in-mdiobus_get_phy.patch
(git-fixes CVE-2023-53019 bsc#1240286).
- Update
patches.suse/net-nfc-Fix-use-after-free-in-local_cleanup.patch
(git-fixes CVE-2023-53023 bsc#1240309).
- Update
patches.suse/net-phy-dp83822-Fix-null-pointer-access-on-DP83825-D.patch
(git-fixes CVE-2023-52984 bsc#1240279).
- Update
patches.suse/netfilter-nft_payload-incorrect-arithmetics-when-fet.patch
(CVE-2023-0179 bsc#1207034 CVE-2023-53033 bsc#1240210).
- Update
patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch
(bsc#1209547 CVE-2017-5753 CVE-2023-53000 bsc#1240227).
- Update
patches.suse/octeontx2-pf-Avoid-use-of-GFP_KERNEL-in-atomic-conte.patch
(git-fixes CVE-2023-53030 bsc#1240292).
- Update
patches.suse/octeontx2-pf-Fix-the-use-of-GFP_KERNEL-in-atomic-con.patch
(git-fixes CVE-2023-53029 bsc#1240220).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647 CVE-2023-52974
bsc#1240213).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-logout-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-52975 bsc#1240322).
- Update
patches.suse/squashfs-harden-sanity-check-in-squashfs_read_xattr_.patch
(git-fixes CVE-2023-52979 bsc#1240282).
- Update
patches.suse/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch
(git-fixes CVE-2023-53005 bsc#1240278).
- Update
patches.suse/tracing-Make-sure-trace_printk-can-output-as-soon-as-it-can-be-used.patch
(git-fixes CVE-2023-53007 bsc#1240229).
- Update
patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
(git-fixes bsc#1213167 CVE-2023-3567 CVE-2023-52973
bsc#1240218).
- Update
patches.suse/x86-i8259-Mark-legacy-PIC-interrupts-with-IRQ_LEVEL.patch
(git-fixes CVE-2023-52993 bsc#1240297).
- commit f69d55e
- Update
patches.suse/VMCI-Use-threaded-irqs-instead-of-tasklets.patch
(git-fixes CVE-2022-49759 bsc#1240245).
- Update
patches.suse/dmaengine-Fix-double-increment-of-client_count-in-dm.patch
(git-fixes CVE-2022-49753 bsc#1240250).
- Update
patches.suse/dmaengine-imx-sdma-Fix-a-possible-memory-leak-in-sdm.patch
(git-fixes CVE-2022-49746 bsc#1240242).
- Update
patches.suse/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch
(git fixes CVE-2022-49748 bsc#1240256).
- Update
patches.suse/usb-gadget-f_fs-Prevent-race-during-ffs_ep0_queue_wa.patch
(git-fixes CVE-2022-49755 bsc#1240247).
- Update
patches.suse/w1-fix-WARNING-after-calling-w1_process.patch
(git-fixes CVE-2022-49751 bsc#1240254).
- commit 67615b0
- Update
patches.suse/can-j1939-fix-errant-WARN_ON_ONCE-in-j1939_session_d.patch
(git-fixes CVE-2021-4454 bsc#1240205).
- commit 3ad7432
- fix series.conf - missing patch
- commit 020a0ef
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
(CVE-2024-56651 bsc#1235528).
- commit c9a4975
- smb: client: do not start laundromat thread on nohandlecache
(git-fixes).
- Refresh
patches.suse/smb-client-disable-directory-caching-when-dir_cache_timeout-is-zer.patch.
- commit 3ce73cd
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- commit 5919b00
- smb3: do not start laundromat thread when dir leases disabled
(git-fixes).
- Refresh
patches.suse/smb-Don-t-leak-cfid-when-reconnect-races-with-open_cached_dir.patch.
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- Refresh
patches.suse/smb-client-make-laundromat-a-delayed-worker.patch.
- commit 6f304f5
- cifs: fix potential null pointer use in destroy_workqueue in
init_cifs error path (git-fixes).
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- commit 4e039a9
- smb: client: disable directory caching when dir_cache_timeout
is zero (git-fixes).
- commit 96fe0fe
- btrfs: send: fix invalid clone operation for file that got
its size decreased (bsc#1239969).
- btrfs: send: allow cloning non-aligned extent if it ends at
i_size (bsc#1239969).
- commit 7f72133
- smb3: allow controlling length of time directory entries are
cached with dir leases (git-fixes).
- commit 6b79659
- btrfs: fix defrag not merging contiguous extents due to merged
extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents
(bsc#1239968).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1239968).
- commit b8a7082
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 91cd32f
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX
coalescing (bsc#1239016).
- commit 6bdf0de
- scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053
bsc#1237918).
- commit 31de519
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit 98d777f
- smb: Don't leak cfid when reconnect races with open_cached_dir
(bsc#1234895, CVE-2024-53178).
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- commit d202cd3
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 2ba6fb9
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit a35b49f
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 2a858ad
- partitions: mac: fix handling of bogus partition table
(CVE-2025-21772 bsc#1238911).
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(CVE-2022-49465 bsc#1238919).
- commit 0fbb2d1
- smb: During unmount, ensure all cached dir instances drop
their dentry (bsc#1234894, CVE-2024-53176).
- commit 71772d4
- smb3: retrying on failed server close (git-fixes).
- commit d7501d0
- smb: client: make laundromat a delayed worker (git-fixes).
- commit 396eac9
- cifs: Add a laundromat thread for cached directories
(git-fixes).
- commit f8af923
- Update
patches.suse/0011-drm-omap-fix-NULL-but-dereferenced-coccicheck-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49510 bsc#1237799).
- Update
patches.suse/0068-fbdev-defio-fix-the-pagelist-corruption.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49511 bsc#1238551).
- Update
patches.suse/0499-drm-amd-display-Call-dc_stream_release-for-remove-li.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49233 bsc#1238341).
- Update
patches.suse/0517-drm-amdkfd-svm-range-restore-work-deadlock-when-proc.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49133 bsc#1237972).
- Update
patches.suse/0655-drm-amdgpu-pm-fix-the-null-pointer-while-the-smu-is-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49529 bsc#1238941).
- Update
patches.suse/0658-drm-amd-pm-fix-double-free-in-si_parse_power_table.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49530 bsc#1238944).
- Update
patches.suse/0829-drm-v3d-Fix-null-pointer-dereference-of-pointer-perf.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49485 bsc#1238114).
- Update
patches.suse/1009-drm-sprd-fix-potential-NULL-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49125 bsc#1237927).
- Update
patches.suse/1195-drm-msm-Fix-null-pointer-dereferences-without-iommu.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49499 bsc#1238261).
- Update
patches.suse/1198-drm-msm-disp-dpu1-avoid-clearing-hw-interrupts-if-hw.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49483 bsc#1238179).
- Update
patches.suse/1415-drm-amd-display-Fix-double-free-during-GPU-reset-on-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49203 bsc#1238422).
- Update
patches.suse/1521-drm-panel-ili9341-fix-optional-regulator-handling.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49071 bsc#1238025).
- Update
patches.suse/1553-fbdev-Fix-unregistering-of-framebuffers-without-devi.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49070 bsc#1237749).
- Update
patches.suse/1614-drm-msm-don-t-free-the-IRQ-if-it-was-not-requested.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49458 bsc#1238810).
- Update
patches.suse/1643-video-fbdev-vesafb-Fix-a-use-after-free-due-early-fb.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49419 bsc#1237820).
- Update
patches.suse/1683-drm-amdgpu-Off-by-one-in-dm_dmub_outbox1_low_irq.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49365 bsc#1238661).
- Update
patches.suse/1744-drm-panfrost-Job-should-reference-MMU-not-file_priv.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49359 bsc#1238291).
- Update
patches.suse/1859-drm-i915-selftests-fix-subtraction-overflow-bug.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49635 bsc#1238806).
- Update patches.suse/ALSA-jack-Access-input_dev-under-mutex.patch
(git-fixes CVE-2022-49538 bsc#1238843).
- Update
patches.suse/ASoC-SOF-ipc3-topology-Correct-get_control_data-for-.patch
(jsc#PED-850 CVE-2022-49518 bsc#1238942).
- Update
patches.suse/Bluetooth-btmtksdio-fix-use-after-free-at-btmtksdio_.patch
(jsc#PED-1407 CVE-2022-49470 bsc#1237809).
- Update
patches.suse/Bluetooth-fix-null-ptr-deref-on-hci_sync_conn_comple-3afee211.patch
(jsc#PED-1407 CVE-2022-49139 bsc#1238032).
- Update
patches.suse/Bluetooth-hci_event-Ignore-multiple-conn-complete-ev-d5ebaa7c.patch
(jsc#PED-1407 CVE-2022-49138 bsc#1238160).
- Update
patches.suse/Bluetooth-hci_sync-Fix-queuing-commands-when-HCI_UNR-0b94f265.patch
(jsc#PED-1407 CVE-2022-49136 bsc#1238153).
- Update
patches.suse/Bluetooth-hci_uart-add-missing-NULL-check-in-h5_enqu-32cb08e9.patch
(jsc#PED-1407 CVE-2022-49202 bsc#1238084).
- Update
patches.suse/NFSD-Fix-potential-use-after-free-in-nfsd_file_put.patch
(git-fixes CVE-2022-49362 bsc#1237792).
- Update
patches.suse/ath11k-Change-max-no-of-active-probe-SSID-and-BSSID-.patch
(bsc#1206451 CVE-2022-49533 bsc#1238222).
- Update
patches.suse/ath11k-Fix-frames-flush-failure-caused-by-deadlock.patch
(bsc#1206451 CVE-2022-49123 bsc#1237980).
- Update
patches.suse/ath11k-add-missing-of_node_put-to-avoid-leak.patch
(bsc#1206451 CVE-2022-49237 bsc#1237794).
- Update
patches.suse/ath11k-fix-the-warning-of-dev_wake-in-mhi_pm_disable.patch
(bsc#1206451 CVE-2022-49543 bsc#1238178).
- Update
patches.suse/ath11k-free-peer-for-station-when-disconnect-from-AP.patch
(bsc#1206451 CVE-2022-49238 bsc#1238118).
- Update
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-thr.patch
(jsc#PED-1183 CVE-2022-49465 bsc#1238919).
- Update
patches.suse/block-Fix-potential-deadlock-in-blk_ia_range_sysfs_s.patch
(jsc#PED-1183 CVE-2022-49406 bsc#1238226).
- Update
patches.suse/block-disable-the-elevator-int-del_gendisk.patch
(jsc#PED-1183 CVE-2022-49694 bsc#1238221).
- Update
patches.suse/block-null_blk-end-timed-out-poll-request.patch
(jsc#PED-1183 CVE-2022-49057 bsc#1238005).
- Update
patches.suse/bpf-Fix-a-btf-decl_tag-bug-when-tagging-a-function.patch
(jsc#PED-1377 CVE-2022-49228 bsc#1238344).
- Update
patches.suse/bpf-Fix-combination-of-jit-blinding-and-pointers-to-.patch
(jsc#PED-1377 CVE-2022-49552 bsc#1238649).
- Update
patches.suse/bpf-Fix-insufficient-bounds-propagation-from-adjust_.patch
(jsc#PED-1377 CVE-2022-49658 bsc#1238803).
- Update
patches.suse/bpf-Fix-potential-array-overflow-in-bpf_trampoline_g.patch
(jsc#PED-1377 CVE-2022-49548 bsc#1238648).
- Update
patches.suse/bpf-Fix-request_sock-leak-in-sk-lookup-helpers.patch
(jsc#PED-1377 CVE-2022-49697 bsc#1238820).
- Update
patches.suse/bpf-sockmap-Fix-double-uncharge-the-mem-of-sk_msg.patch
(jsc#PED-1377 CVE-2022-49205 bsc#1238335).
- Update
patches.suse/bpf-sockmap-Fix-memleak-in-sk_psock_queue_msg.patch
(jsc#PED-1377 CVE-2022-49207 bsc#1237962).
- Update
patches.suse/bpf-sockmap-Fix-memleak-in-tcp_bpf_sendmsg-while-sk-.patch
(jsc#PED-1377 CVE-2022-49209 bsc#1238252).
- Update
patches.suse/bpf-sockmap-Fix-more-uncharged-while-msg-has-more_da.patch
(jsc#PED-1377 CVE-2022-49204 bsc#1238240).
- Update
patches.suse/btrfs-fix-qgroup-reserve-overflow-the-qgroup-limit.patch
(git-fixes CVE-2022-49075 bsc#1237733).
- Update
patches.suse/cachefiles-Fix-KASAN-slab-out-of-bounds-in-cachefiles_set_volume_xattr.patch
(jsc#SES-1880 CVE-2022-49062 bsc#1237730).
- Update
patches.suse/cachefiles-unmark-inode-in-use-in-error-path.patch
(jsc#SES-1880 CVE-2022-49064 bsc#1237744).
- Update
patches.suse/ceph-fix-possible-deadlock-when-holding-Fwb-to-get-inline_data.patch
(jsc#SES-1880 CVE-2022-49296 bsc#1238187).
- Update
patches.suse/drivers-ethernet-cpsw-fix-panic-when-interrupt-coale.patch
(CVE-2021-47517 bsc#1225428 CVE-2022-49192 bsc#1237790).
- Update patches.suse/exfat-check-if-cluster-num-is-valid.patch
(git-fixes CVE-2022-49560 bsc#1238616).
- Update patches.suse/fscache-Fix-invalidation-lookup-race.patch
(jsc#SES-1880 CVE-2022-49655 bsc#1238122).
- Update patches.suse/ice-always-check-VF-VSI-pointer-values.patch
(jsc#PED-376 CVE-2022-49516 bsc#1238953).
- Update patches.suse/icmp-Fix-data-races-around-sysctl.patch
(CVE-2024-47678 bsc#1231854 git-fixes CVE-2022-49638
bsc#1238613).
- Update
patches.suse/io_uring-abort-file-assignment-prior-to-assigning-cr.patch
(bsc#1205205 CVE-2022-49056 bsc#1238004).
- Update
patches.suse/io_uring-fix-memory-leak-of-uid-in-files-registratio.patch
(bsc#1205205 CVE-2022-49144 bsc#1238009).
- Update patches.suse/macsec-fix-UAF-bug-for-real_dev.patch
(jsc#PED-1549 CVE-2022-49390 bsc#1238233).
- Update
patches.suse/memstick-mspro_block-fix-handling-of-read-only-devic.patch
(jsc#PED-1183 CVE-2022-49178 bsc#1238107).
- Update
patches.suse/mlxsw-spectrum-Guard-against-invalid-local-ports.patch
(jsc#PED-1549 CVE-2022-49134 bsc#1237982).
- Update
patches.suse/mt76-fix-tx-status-related-use-after-free-race-on-st.patch
(bsc#1209980 CVE-2022-49479 bsc#1238285).
- Update
patches.suse/mt76-mt7915-fix-possible-NULL-pointer-dereference-in.patch
(git-fixes CVE-2022-49484 bsc#1238424).
- Update
patches.suse/mt76-mt7915-fix-possible-memory-leak-in-mt7915_mcu_a.patch
(bsc#1209980 CVE-2022-49230 bsc#1238086).
- Update
patches.suse/mt76-mt7921-fix-kernel-crash-at-mt7921_pci_remove.patch
(git-fixes CVE-2022-49476 bsc#1238048).
- Update
patches.suse/mt76-mt7921s-fix-a-possible-memory-leak-in-mt7921_lo.patch
(bsc#1209980 CVE-2022-49225 bsc#1238085).
- Update
patches.suse/net-atlantic-remove-aq_nic_deinit-when-resume.patch
(jsc#PED-1530 CVE-2022-49624 bsc#1238128).
- Update
patches.suse/net-fix-removing-a-namespace-with-conflicting-altnam.patch
(bsc#1233749 CVE-2024-26634 bsc#1221651).
- Update
patches.suse/net-mlx5-E-Switch-pair-only-capable-devices.patch
(jsc#PED-1549 CVE-2022-49333 bsc#1238401).
- Update
patches.suse/net-mlx5e-CT-Fix-cleanup-of-CT-before-cleanup-of-TC-.patch
(jsc#PED-1549 CVE-2022-49338 bsc#1238300).
- Update
patches.suse/net-remove-two-BUG-from-skb_checksum_help.patch
(bsc#1229312 CVE-2022-49497 bsc#1238946).
- Update
patches.suse/net-sched-act_ct-fix-ref-leak-when-switching-zones.patch
(bsc#1207361 CVE-2022-49183 bsc#1238083).
- Update
patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch
(git-fixes CVE-2022-49446 bsc#1238822).
- Update
patches.suse/perf-x86-intel-lbr-Fix-unchecked-MSR-access-error-on-HSW.patch
(git fixes CVE-2022-49565 bsc#1238542).
- Update
patches.suse/powerpc-papr_scm-Fix-leaking-nvdimm_events_map-eleme.patch
(jsc#PED-557 CVE-2022-49436 bsc#1237816).
- Update
patches.suse/powerpc-papr_scm-don-t-requests-stats-with-0-sized-s.patch
(jsc#PED-1925 CVE-2022-49353 bsc#1238385).
- Update
patches.suse/sock-redo-the-psock-vs-ULP-protection-check.patch
(jsc#PED-1377 CVE-2022-49732 bsc#1237928).
- Update
patches.suse/tcp-add-accessors-to-read-set-tp-snd_cwnd.patch
(jsc#PED-1377 CVE-2022-49325 bsc#1238398).
- Update
patches.suse/tcp-fix-tcp_mtup_probe_success-vs-wrong-snd_cwnd.patch
(bsc#1218450 CVE-2022-49330 bsc#1238378).
- Update
patches.suse/usb-dwc3-host-Stop-setting-the-ACPI-companion.patch
(jsc#PED-1817 CVE-2022-49306 bsc#1238658).
- Update
patches.suse/usb-gadget-uvc-fix-list-double-add-in-uvcg_video_pum.patch
(git-fixes CVE-2022-49686 bsc#1238552).
- Update
patches.suse/vduse-Fix-NULL-pointer-dereference-on-sysfs-access.patch
(jsc#PED-1549 CVE-2022-49329 bsc#1238069).
- Update
patches.suse/vfio-pci-fix-memory-leak-during-D3hot-to-D0-transition
(bsc#1205701 CVE-2022-49219 bsc#1237992).
- Update patches.suse/xsk-Fix-race-at-socket-teardown.patch
(jsc#PED-1377 CVE-2022-49215 bsc#1238329).
- commit 2e81119
- Update
patches.suse/dmaengine-qcom-bam_dma-fix-runtime-PM-underflow.patch
(git-fixes CVE-2022-49650 bsc#1239452).
- Update
patches.suse/netfilter-nf_tables-initialize-registers-in-nft_do_c.patch
(CVE-2022-1016 bsc#1197227 CVE-2022-49293 bsc#1239454).
- commit 320b3f1
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(bsc#1237903 CVE-2022-49051).
Added CVE reference
- commit 3c47ace
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115 CVE-2025-21780)
- commit 698625c
- Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239095 CVE-2024-58013).
- commit b147dd9
- Update
patches.suse/0001-be2net-Fix-buffer-overflow-in-be_get_module_eeprom.patch
(bsc#1201323 CVE-2022-49581 bsc#1238540).
- Update
patches.suse/0004-dm-fix-use-after-free-in-dm_cleanup_zoned_dev.patch
(git-fixes CVE-2022-49270 bsc#1238459).
- Update
patches.suse/0005-drm-mediatek-Add-vblank-register-unregister-callback.patch
(bsc#1190768 CVE-2022-49506 bsc#1238804).
- Update
patches.suse/0006-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch
(git-fixes CVE-2022-49044 bsc#1237840).
- Update patches.suse/0009-block-bfq-don-t-move-oom_bfqq.patch
(git-fixes CVE-2022-49179 bsc#1238092).
- Update
patches.suse/0010-bfq-fix-use-after-free-in-bfq_dispatch_request.patch
(git-fixes CVE-2022-49176 bsc#1238097).
- Update
patches.suse/0011-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch
(git-fixes CVE-2022-49674 bsc#1239041).
- Update
patches.suse/0012-dm-ioctl-prevent-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-49122 bsc#1237983).
- Update
patches.suse/0014-drm-dp-Fix-OOB-read-when-handling-Post-Cursor2-regis.patch
(bsc#1190786 CVE-2022-49218 bsc#1237785).
- Update
patches.suse/0015-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch
(git-fixes CVE-2022-49327 bsc#1238662).
- Update
patches.suse/0017-nbd-call-genl_unregister_family-first-in-nbd_cleanup.patch
(git-fixes CVE-2022-49295 bsc#1238707).
- Update
patches.suse/0018-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch
(git-fixes CVE-2022-49710 bsc#1238417).
- Update
patches.suse/0018-nbd-fix-race-between-nbd_alloc_config-and-module-removal.patch
(git-fixes CVE-2022-49300 bsc#1238183).
- Update
patches.suse/0019-block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch
(git-fixes CVE-2022-49720 bsc#1238281).
- Update
patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch
(git-fixes CVE-2022-49297 bsc#1238469).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_atomic_open_dot.patch
(git-fixes CVE-2022-49705 bsc#1237990).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_get_link.patch
(git-fixes CVE-2022-49704 bsc#1237780).
- Update
patches.suse/ACPI-CPPC-Avoid-out-of-bounds-access-when-parsing-_C.patch
(git-fixes CVE-2022-49145 bsc#1238162).
- Update
patches.suse/ALSA-firewire-lib-fix-uninitialized-flag-for-AV-C-de.patch
(git-fixes CVE-2022-49248 bsc#1238284).
- Update
patches.suse/ALSA-oss-Fix-PCM-OSS-buffer-allocation-overflow.patch
(git-fixes CVE-2022-49292 bsc#1238625).
- Update
patches.suse/ALSA-pcm-Check-for-null-pointer-of-pointer-substream.patch
(git-fixes CVE-2022-49498 bsc#1238825).
- Update
patches.suse/ALSA-pcm-Fix-potential-AB-BA-lock-with-buffer_mutex-.patch
(CVE-2022-1048 bsc#1197331 CVE-2022-49272 bsc#1238272).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-hw_params-and-hw.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49291
bsc#1238705).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-prealloc-proc-wr.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49288
bsc#1238271).
- Update
patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch
(CVE-2022-3303 bsc#1203769 git-fixes CVE-2022-49733
bsc#1238454).
- Update
patches.suse/ALSA-usb-audio-Cancel-pending-work-at-closing-a-MIDI.patch
(git-fixes CVE-2022-49545 bsc#1238729).
- Update
patches.suse/ARM-Fix-refcount-leak-in-axxia_boot_secondary.patch
(git-fixes CVE-2022-49679 bsc#1238418).
- Update
patches.suse/ARM-cns3xxx-Fix-refcount-leak-in-cns3xxx_init.patch
(git-fixes CVE-2022-49677 bsc#1238601).
- Update
patches.suse/ARM-exynos-Fix-refcount-leak-in-exynos_map_pmu.patch
(git-fixes CVE-2022-49680 bsc#1238415).
- Update
patches.suse/ARM-hisi-Add-missing-of_node_put-after-of_find_compa.patch
(git-fixes CVE-2022-49447 bsc#1238956).
- Update
patches.suse/ARM-meson-Fix-refcount-leak-in-meson_smp_prepare_cpu.patch
(git-fixes CVE-2022-49656 bsc#1237812).
- Update
patches.suse/ASoC-Intel-sof_sdw-handle-errors-on-card-registratio.patch
(git-fixes CVE-2022-49617 bsc#1238902).
- Update
patches.suse/ASoC-SOF-Intel-Fix-NULL-ptr-dereference-when-ENOMEM.patch
(git-fixes CVE-2022-49268 bsc#1238090).
- Update
patches.suse/ASoC-atmel-Add-missing-of_node_put-in-at91sam9g20ek_.patch
(git-fixes CVE-2022-49243 bsc#1238337).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-sam9x5_wm8731_drive.patch
(git-fixes CVE-2022-49241 bsc#1238116).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-snd_proto_probe.patch
(git-fixes CVE-2022-49246 bsc#1238302).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49252 bsc#1237787).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-compander-for-aux.patch
(git-fixes CVE-2022-49250 bsc#1238389).
- Update
patches.suse/ASoC-codecs-va-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49251 bsc#1237835).
- Update
patches.suse/ASoC-codecs-wc938x-fix-accessing-array-out-of-bounds.patch
(git-fixes CVE-2022-49249 bsc#1238339).
- Update
patches.suse/ASoC-codecs-wcd934x-Add-missing-of_node_put-in-wcd93.patch
(git-fixes CVE-2022-49239 bsc#1238334).
- Update
patches.suse/ASoC-cs35l41-Fix-an-out-of-bounds-access-in-otp_pack.patch
(bsc#1203699 CVE-2022-49515 bsc#1237817).
- Update
patches.suse/ASoC-fsl-Fix-refcount-leak-in-imx_sgtl5000_probe.patch
(git-fixes CVE-2022-49486 bsc#1237946).
- Update
patches.suse/ASoC-imx-hdmi-Fix-refcount-leak-in-imx_hdmi_probe.patch
(git-fixes CVE-2022-49480 bsc#1238799).
- Update
patches.suse/ASoC-mediatek-Fix-error-handling-in-mt8173_max98090_.patch
(git-fixes CVE-2022-49514 bsc#1238429).
- Update
patches.suse/ASoC-mediatek-Fix-missing-of_node_put-in-mt2701_wm89.patch
(git-fixes CVE-2022-49517 bsc#1237996).
- Update
patches.suse/ASoC-mediatek-mt8192-mt6359-Fix-error-handling-in-mt.patch
(git-fixes CVE-2022-49244 bsc#1238176).
- Update
patches.suse/ASoC-mxs-Fix-error-handling-in-mxs_sgtl5000_probe.patch
(git-fixes CVE-2022-49242 bsc#1238126).
- Update
patches.suse/ASoC-mxs-saif-Fix-refcount-leak-in-mxs_saif_probe.patch
(git-fixes CVE-2022-49482 bsc#1238543).
- Update
patches.suse/ASoC-rt5645-Fix-errorenous-cleanup-order.patch
(git-fixes CVE-2022-49493 bsc#1238939).
- Update
patches.suse/ASoC-rt7-sdw-harden-jack_detect_handler.patch
(git-fixes CVE-2022-49616 bsc#1238898).
- Update
patches.suse/ASoC-rt711-sdca-fix-kernel-NULL-pointer-dereference-.patch
(git-fixes CVE-2022-49615 bsc#1238897).
- Update
patches.suse/ASoC-samsung-Fix-refcount-leak-in-aries_audio_probe.patch
(git-fixes CVE-2022-49477 bsc#1238295).
- Update
patches.suse/ASoC-ti-j721e-evm-Fix-refcount-leak-in-j721e_soc_pro.patch
(git-fixes CVE-2022-49473 bsc#1238135).
- Update
patches.suse/Bluetooth-Fix-use-after-free-in-hci_send_acl.patch
(git-fixes CVE-2022-49111 bsc#1237984).
- Update
patches.suse/Bluetooth-btmtksdio-Fix-kernel-oops-in-btmtksdio_int.patch
(git-fixes CVE-2022-49200 bsc#1237958).
- Update
patches.suse/Bluetooth-fix-dangling-sco_conn-and-use-after-free-i.patch
(git-fixes CVE-2022-49474 bsc#1238071).
- Update
patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch
(git-fixes CVE-2022-49555 bsc#1238231).
- Update
patches.suse/Bluetooth-use-memset-avoid-memory-leaks.patch
(git-fixes CVE-2022-49116 bsc#1237922).
- Update
patches.suse/HID-elan-Fix-potential-double-free-in-elan_input_con.patch
(git-fixes CVE-2022-49508 bsc#1237940).
- Update
patches.suse/IB-rdmavt-add-lock-to-call-to-rvt_error_qp-to-preven.patch
(git-fixes CVE-2022-49089 bsc#1238041).
- Update
patches.suse/Input-gpio-keys-cancel-delayed-work-only-in-case-of-.patch
(git-fixes CVE-2022-49430 bsc#1238870).
- Update
patches.suse/Input-sparcspkr-fix-refcount-leak-in-bbc_beep_probe.patch
(git-fixes CVE-2022-49438 bsc#1238242).
- Update patches.suse/KVM-Don-t-null-dereference-ops-destroy.patch
(git-fixes CVE-2022-49568 bsc#1238792).
- Update
patches.suse/KVM-SVM-Use-kzalloc-for-sev-ioctl-interfaces-to-prev.patch
(git-fixes CVE-2022-49556 bsc#1238134).
- Update
patches.suse/KVM-SVM-fix-panic-on-out-of-bounds-guest-IRQ.patch
(git-fixes CVE-2022-49154 bsc#1238167).
- Update
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49610
bsc#1238952).
- Update
patches.suse/KVM-x86-Drop-WARNs-that-assert-a-triple-fault-never-.patch
(git-fixes CVE-2022-49559 bsc#1237942).
- Update
patches.suse/KVM-x86-Use-__try_cmpxchg_user-to-update-guest-PTE-A.patch
(git-fixes CVE-2022-49562 bsc#1238309).
- Update
patches.suse/LSM-general-protection-fault-in-legacy_parse_param.patch
(git-fixes CVE-2022-49180 bsc#1238110).
- Update
patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch
(git-fixes CVE-2022-49505 bsc#1238615).
- Update
patches.suse/NFS-Avoid-writeback-threads-getting-stuck-in-mempool.patch
(git-fixes CVE-2022-49097 bsc#1237729).
- Update
patches.suse/NFSD-prevent-integer-overflow-on-32-bit-systems.patch
(git-fixes CVE-2022-49279 bsc#1238655).
- Update
patches.suse/NFSD-prevent-underflow-in-nfssvc_decode_writeargs.patch
(git-fixes CVE-2022-49280 bsc#1238630).
- Update
patches.suse/NFSv4-Don-t-hold-the-layoutget-locks-across-multiple.patch
(git-fixes CVE-2022-49316 bsc#1238386).
- Update
patches.suse/NFSv4-Fix-free-of-uninitialized-nfs4_label-on-referr.patch
(git-fixes CVE-2022-49418 bsc#1238878).
- Update
patches.suse/NFSv4.2-fix-reference-count-leaks-in-_nfs42_proc_cop.patch
(git-fixes CVE-2022-49103 bsc#1238080).
- Update
patches.suse/PCI-Avoid-pci_dev_lock-AB-BA-deadlock-with-sriov_num.patch
(git-fixes CVE-2022-49434 bsc#1238916).
- Update patches.suse/PCI-endpoint-Fix-misused-goto-label.patch
(git-fixes CVE-2022-49115 bsc#1237961).
- Update
patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch
(git-fixes CVE-2022-49175 bsc#1238099).
- Update
patches.suse/PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-of_get_d.patch
(git-fixes CVE-2022-49668 bsc#1237957).
- Update
patches.suse/PM-devfreq-rk3399_dmc-Disable-edev-on-remove.patch
(git-fixes CVE-2022-49460 bsc#1238892).
- Update
patches.suse/PM-domains-Fix-sleep-in-atomic-bug-caused-by-genpd_d.patch
(git-fixes CVE-2022-49265 bsc#1238432).
- Update
patches.suse/RDMA-cm-Fix-memory-leak-in-ib_cm_insert_listen.patch
(git-fixes CVE-2022-49671 bsc#1238823).
- Update
patches.suse/RDMA-hfi1-Fix-potential-integer-multiplication-overf.patch
(git-fixes CVE-2022-49404 bsc#1238430).
- Update
patches.suse/RDMA-hfi1-Fix-use-after-free-bug-for-mm-struct.patch
(git-fixes CVE-2022-49076 bsc#1237738).
- Update
patches.suse/RDMA-hfi1-Prevent-panic-when-SDMA-is-disabled.patch
(git-fixes CVE-2022-49429 bsc#1238889).
- Update
patches.suse/RDMA-hfi1-Prevent-use-of-lock-before-it-is-initializ.patch
(git-fixes CVE-2022-49433 bsc#1238268).
- Update
patches.suse/RDMA-irdma-Fix-sleep-from-invalid-context-BUG.patch
(git-fixes CVE-2022-49606 bsc#1238410).
- Update
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch
(git-fixes CVE-2022-49208 bsc#1238345).
- Update
patches.suse/RDMA-mlx5-Fix-memory-leak-in-error-flow-for-subscrib.patch
(git-fixes CVE-2022-49206 bsc#1238343).
- Update
patches.suse/RDMA-nldev-Prevent-underflow-in-nldev_stat_set_count.patch
(jsc#SLE-19249 CVE-2022-49199 bsc#1238234).
- Update
patches.suse/SUNRPC-Fix-the-svc_deferred_event-trace-class.patch
(git-fixes CVE-2022-49065 bsc#1237739).
- Update patches.suse/SUNRPC-Trap-RDMA-segment-overflows.patch
(git-fixes CVE-2022-49356 bsc#1238444).
- Update
patches.suse/USB-host-isp116x-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49302 bsc#1238653).
- Update patches.suse/afs-Fix-dynamic-root-getattr.patch
(git-fixes CVE-2022-49688 bsc#1238423).
- Update
patches.suse/arch-arm64-Fix-topology-initialization-for-core-sche.patch
(git-fixes CVE-2022-49090 bsc#1238021).
- Update
patches.suse/arm64-compat-Do-not-treat-syscall-number-as-ESR_ELx-.patch
(git-fixes CVE-2022-49520 bsc#1238836).
- Update patches.suse/arm64-ftrace-consistently-handle-PLTs.patch
(git-fixes CVE-2022-49721 bsc#1237789).
- Update
patches.suse/ata-libata-core-fix-NULL-pointer-deref-in-ata_host_a.patch
(git-fixes CVE-2022-49731 bsc#1239071).
- Update
patches.suse/ata-pata_octeon_cf-Fix-refcount-leak-in-octeon_cf_pr.patch
(git-fixes CVE-2022-49354 bsc#1238636).
- Update
patches.suse/ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch
(git-fixes CVE-2022-49073 bsc#1237746).
- Update
patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch
(git-fixes CVE-2022-49213 bsc#1238327).
- Update
patches.suse/ath10k-skip-ath10k_halt-during-suspend-for-driver-st.patch
(git-fixes CVE-2022-49519 bsc#1238943).
- Update
patches.suse/ath11k-disable-spectral-scan-during-spectral-deinit.patch
(git-fixes CVE-2022-49523 bsc#1238557).
- Update
patches.suse/ath11k-fix-kernel-panic-during-unload-load-ath11k-mo.patch
(git-fixes CVE-2022-49131 bsc#1237966).
- Update patches.suse/ath11k-mhi-use-mhi_sync_power_up.patch
(git-fixes CVE-2022-49130 bsc#1237978).
- Update
patches.suse/ath11k-pci-fix-crash-on-suspend-if-board-file-is-not.patch
(git-fixes CVE-2022-49132 bsc#1237976).
- Update
patches.suse/ath9k_htc-fix-potential-out-of-bounds-access-with-in.patch
(git-fixes CVE-2022-49503 bsc#1238868).
- Update patches.suse/ath9k_htc-fix-uninit-value-bugs.patch
(git-fixes CVE-2022-49235 bsc#1238333).
- Update
patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch
(bsc#1197926 CVE-2022-49412 bsc#1238436).
- Update
patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch
(bsc#1197926 CVE-2022-49411 bsc#1238307).
- Update
patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch
(bsc#1197926 CVE-2022-49413 bsc#1238710).
- Update
patches.suse/blk-iolatency-Fix-inflight-count-imbalances-and-IO-h.patch
(bsc#1200825 CVE-2022-49394 bsc#1238712).
- Update
patches.suse/blk-mq-don-t-touch-tagset-in-blk_mq_get_sq_hctx.patch
(bsc#1200824 CVE-2022-49377 bsc#1238545).
- Update
patches.suse/block-Fix-the-maximum-minor-value-is-blk_alloc_ext_m.patch
(bsc#1198021 CVE-2022-49147 bsc#1237960).
- Update
patches.suse/block-don-t-delete-queue-kobject-before-its-children.patch
(bsc#1198019 CVE-2022-49259 bsc#1238413).
- Update
patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch
(bsc#1202781 CVE-2022-49266 bsc#1238465).
- Update
patches.suse/bpf-Fix-UAF-due-to-race-between-btf_try_get_module-a.patch
(git-fixes CVE-2022-49236 bsc#1238120).
- Update
patches.suse/bpf-arm64-Clear-prog-jited_len-along-prog-jited.patch
(git-fixes CVE-2022-49341 bsc#1238381).
- Update
patches.suse/brcmfmac-pcie-Release-firmwares-in-the-brcmf_pcie_se.patch
(git-fixes CVE-2022-49263 bsc#1238267).
- Update
patches.suse/bus-fsl-mc-bus-fix-KASAN-use-after-free-in-fsl_mc_bu.patch
(git-fixes CVE-2022-49711 bsc#1238416).
- Update
patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
(git-fixes CVE-2022-49661 bsc#1237788).
- Update
patches.suse/can-isotp-sanitize-CAN-ID-checks-in-isotp_bind.patch
(git-fixes CVE-2022-49269 bsc#1238533).
- Update
patches.suse/can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
(git-fixes CVE-2022-49275 bsc#1238719).
- Update
patches.suse/can-mcba_usb-properly-check-endpoint-type.patch
(git-fixes CVE-2022-49151 bsc#1237778).
- Update
patches.suse/ceph-fix-inode-reference-leakage-in-ceph_get_snapdir.patch
(bsc#1206048 CVE-2022-49109 bsc#1237836).
- Update
patches.suse/ceph-fix-memory-leak-in-ceph_readdir-when-note_last_dentry-returns-error.patch
(bsc#1206049 CVE-2022-49107 bsc#1237973).
- Update
patches.suse/cgroup-Use-separate-src-dst-nodes-when-preloading-css_sets-for-migration.patch
(bsc#1201610 CVE-2022-49647 bsc#1238805).
- Update
patches.suse/char-xillybus-fix-a-refcount-leak-in-cleanup_dev.patch
(git-fixes CVE-2022-49310 bsc#1238642).
- Update patches.suse/cifs-fix-handlecache-and-multiuser.patch
(bsc#1193629 CVE-2022-49281 bsc#1238635).
- Update
patches.suse/cifs-fix-potential-double-free-during-failed-mount.patch
(bsc#1193629 CVE-2022-49541 bsc#1238727).
- Update
patches.suse/cifs-potential-buffer-overflow-in-handling-symlinks.patch
(bsc#1193629 CVE-2022-49058 bsc#1237814).
- Update
patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch
(CVE-2022-0168 bsc#1197472 CVE-2022-49271 bsc#1238626).
- Update
patches.suse/clk-Fix-clk_hw_get_clk-when-dev-is-NULL.patch
(git-fixes CVE-2022-49187 bsc#1238011).
- Update
patches.suse/clk-qcom-clk-rcg2-Update-logic-to-calculate-D-value-.patch
(git-fixes CVE-2022-49189 bsc#1238150).
- Update
patches.suse/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch
(bsc#1201218 CVE-2022-49726 bsc#1238808).
- Update
patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49621 bsc#1239051).
- Update
patches.suse/crypto-ccree-Fix-use-after-free-in-cc_cipher_exit.patch
(git-fixes CVE-2022-49258 bsc#1237952).
- Update
patches.suse/crypto-hisilicon-sec-fix-the-aead-software-fallback-.patch
(bsc#1198240 CVE-2022-49260 bsc#1238458).
- Update
patches.suse/crypto-octeontx2-remove-CONFIG_DM_CRYPT-check.patch
(git-fixes CVE-2022-49262 bsc#1238463).
- Update patches.suse/crypto-qat-add-param-check-for-DH.patch
(jsc#PED-1073 CVE-2022-49564 bsc#1238789).
- Update patches.suse/crypto-qat-add-param-check-for-RSA.patch
(jsc#PED-1073 CVE-2022-49563 bsc#1238787).
- Update patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch
(git-fixes CVE-2022-49566 bsc#1238266).
- Update patches.suse/dlm-fix-plock-invalid-read.patch (git-fixes
CVE-2022-49407 bsc#1238180).
- Update
patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
(git-fixes CVE-2022-49673 bsc#1238933).
- Update
patches.suse/dmaengine-idxd-Fix-the-error-handling-path-in-idxd_c.patch
(git-fixes CVE-2022-49422 bsc#1237784).
- Update
patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch
(git-fixes CVE-2022-49652 bsc#1238871).
- Update
patches.suse/dmaengine-zynqmp_dma-In-struct-zynqmp_dma_chan-fix-d.patch
(git-fixes CVE-2022-49320 bsc#1238394).
- Update
patches.suse/dpaa2-ptp-Fix-refcount-leak-in-dpaa2_ptp_probe.patch
(git-fixes CVE-2022-49088 bsc#1237724).
- Update
patches.suse/drbd-Fix-five-use-after-free-bugs-in-get_initial_state
(git-fixes CVE-2022-49085 bsc#1238036).
- Update
patches.suse/driver-base-fix-UAF-when-driver_attach-failed.patch
(git-fixes CVE-2022-49385 bsc#1237951).
- Update
patches.suse/driver-core-Fix-wait_for_device_probe-deferred_probe.patch
(git-fixes CVE-2022-49379 bsc#1238446).
- Update
patches.suse/driver-core-fix-deadlock-in-__device_attach.patch
(git-fixes CVE-2022-49371 bsc#1238546).
- Update
patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch
(git-fixes CVE-2022-49442 bsc#1238243).
- Update
patches.suse/drivers-staging-rtl8192bs-Fix-deadlock-in-rtw_joinbs.patch
(git-fixes CVE-2022-49311 bsc#1238632).
- Update
patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch
(git-fixes CVE-2022-49315 bsc#1238638).
- Update
patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch
(git-fixes CVE-2022-49305 bsc#1238645).
- Update
patches.suse/drivers-staging-rtl8723bs-Fix-deadlock-in-rtw_survey.patch
(git-fixes CVE-2022-49309 bsc#1238640).
- Update
patches.suse/drivers-tty-serial-Fix-deadlock-in-sa1100_set_termio.patch
(git-fixes CVE-2022-49304 bsc#1238639).
- Update
patches.suse/drivers-usb-host-Fix-deadlock-in-oxu_bus_suspend.patch
(git-fixes CVE-2022-49313 bsc#1238633).
- Update
patches.suse/drm-amd-amdgpu-amdgpu_cs-fix-refcount-leak-of-a-dma_.patch
(git-fixes CVE-2022-49137 bsc#1238155).
- Update
patches.suse/drm-amd-display-Check-if-modulo-is-0-before-dividing.patch
(git-fixes CVE-2022-49294 bsc#1238147).
- Update
patches.suse/drm-amd-display-Fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2022-49232 bsc#1238139).
- Update patches.suse/drm-amd-display-Fix-memory-leak.patch
(git-fixes CVE-2022-49135 bsc#1238006).
- Update
patches.suse/drm-amdgpu-cs-make-commands-with-0-chunks-illegal-be.patch
(git-fixes CVE-2022-49335 bsc#1238377).
- Update
patches.suse/drm-amdkfd-Check-for-potential-null-return-of-kmallo.patch
(git-fixes CVE-2022-49055 bsc#1237868).
- Update
patches.suse/drm-bridge-Add-missing-pm_runtime_put_sync.patch
(git-fixes CVE-2022-49128 bsc#1237970).
- Update
patches.suse/drm-bridge-anx7625-Fix-overflow-issue-on-reading-EDI.patch
(git-fixes CVE-2022-49222 bsc#1238328).
- Update
patches.suse/drm-etnaviv-check-for-reaped-mapping-in-etnaviv_iomm.patch
(git-fixes CVE-2022-49336 bsc#1238397).
- Update
patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
(git-fixes CVE-2022-49644 bsc#1238235).
- Update
patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch
(git-fixes bsc#1211263 CVE-2023-28410 CVE-2022-49261
bsc#1238462).
- Update
patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch
(git-fixes CVE-2022-49723 bsc#1237997).
- Update
patches.suse/drm-imx-Fix-memory-leak-in-imx_pd_connector_get_mode.patch
(git-fixes CVE-2022-49091 bsc#1237726).
- Update
patches.suse/drm-msm-a6xx-Fix-refcount-leak-in-a6xx_gpu_init.patch
(git-fixes CVE-2022-49462 bsc#1238123).
- Update
patches.suse/drm-msm-disp-dpu1-set-vbif-hw-config-to-NULL-to-avoi.patch
(git-fixes CVE-2022-49489 bsc#1238244).
- Update
patches.suse/drm-msm-dp-populate-connector-of-struct-dp_panel.patch
(git-fixes CVE-2022-49221 bsc#1238326).
- Update
patches.suse/drm-msm-fix-possible-memory-leak-in-mdp5_crtc_cursor.patch
(git-fixes CVE-2022-49467 bsc#1238815).
- Update
patches.suse/drm-msm-hdmi-check-return-value-after-calling-platfo.patch
(git-fixes CVE-2022-49495 bsc#1237932).
- Update
patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch
(git-fixes CVE-2022-49693 bsc#1237954).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_mixer_release.patch
(git-fixes CVE-2022-49488 bsc#1238600).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_pipe_release-.patch
(git-fixes CVE-2022-49490 bsc#1238275).
- Update
patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch
(git-fixes CVE-2022-49645 bsc#1238435).
- Update
patches.suse/drm-rockchip-vop-fix-possible-null-ptr-deref-in-vop_.patch
(git-fixes CVE-2022-49491 bsc#1238539).
- Update
patches.suse/drm-tegra-Fix-reference-leak-in-tegra_dsi_ganged_pro.patch
(git-fixes CVE-2022-49216 bsc#1238338).
- Update
patches.suse/drm-virtio-fix-NULL-pointer-dereference-in-virtio_gp.patch
(git-fixes CVE-2022-49532 bsc#1238925).
- Update
patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch
(git-fixes CVE-2022-49357 bsc#1238631).
- Update
patches.suse/exec-Force-single-empty-string-when-argv-is-empty.patch
(bsc#1200571 CVE-2022-49264 bsc#1237815).
- Update patches.suse/ext4-add-reserved-GDT-blocks-check.patch
(bsc#1202712 CVE-2022-49707 bsc#1239035).
- Update patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch
(bsc#1198577 CVE-2022-1184 CVE-2022-49343 bsc#1238382).
- Update
patches.suse/ext4-filter-out-EXT4_FC_REPLAY-from-on-disk-superblo.patch
(bsc#1202771 CVE-2022-49348 bsc#1238383).
- Update patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch
(bsc#1200810 CVE-2022-49708 bsc#1238599).
- Update patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch
(bsc#1200809 CVE-2022-49409 bsc#1238279).
- Update patches.suse/ext4-fix-bug_on-in-ext4_writepages.patch
(bsc#1200872 CVE-2022-49347 bsc#1238393).
- Update
patches.suse/ext4-fix-ext4_mb_mark_bb-with-flex_bg-with-fast_comm.patch
(bsc#1207593 CVE-2022-49174 bsc#1238091).
- Update
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
(bsc#1200807 CVE-2022-49414 bsc#1238623).
- Update
patches.suse/ext4-fix-use-after-free-in-ext4_rename_dir_prepare.patch
(bsc#1200871 CVE-2022-49349 bsc#1238372).
- Update
patches.suse/ext4-fix-warning-in-ext4_handle_inode_extension.patch
(bsc#1202711 CVE-2022-49352 bsc#1238395).
- Update
patches.suse/extcon-Modify-extcon-device-to-be-created-after-driv.patch
(git-fixes CVE-2022-49308 bsc#1238654).
- Update
patches.suse/filemap-Handle-sibling-entries-in-filemap_get_read_b.patch
(bsc#1202774 CVE-2022-49699 bsc#1238248).
- Update
patches.suse/firmware-arm_scmi-Fix-list-protocols-enumeration-in-.patch
(git-fixes CVE-2022-49451 bsc#1238177).
- Update
patches.suse/firmware-dmi-sysfs-Fix-memory-leak-in-dmi_sysfs_regi.patch
(git-fixes CVE-2022-49370 bsc#1238467).
- Update
patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch
(git-fixes CVE-2022-49283 bsc#1238012).
- Update
patches.suse/ftrace-Clean-up-hash-direct_functions-on-register-failures.patch
(git-fixes CVE-2022-49402 bsc#1238255).
- Update patches.suse/gpio-gpio-xilinx-Fix-integer-overflow.patch
(git-fixes CVE-2022-49570 bsc#1238298).
- Update
patches.suse/habanalabs-fix-possible-memory-leak-in-MMU-DR-fini.patch
(git-fixes CVE-2022-49102 bsc#1238018).
- Update
patches.suse/hwrng-cavium-fix-NULL-but-dereferenced-coccicheck-er.patch
(jsc#SLE-24682 CVE-2022-49177 bsc#1238010).
- Update
patches.suse/i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-support.patch
(git-fixes CVE-2022-49653 bsc#1238664).
- Update
patches.suse/i40e-Fix-call-trace-in-setup_tx_descriptors.patch
(git-fixes CVE-2022-49725 bsc#1238016).
- Update
patches.suse/iavf-Fix-handling-of-dummy-receive-descriptors.patch
(git-fixes CVE-2022-49583 bsc#1237818).
- Update
patches.suse/ibmvnic-fix-race-between-xmit-and-reset.patch
(bsc#1197302 ltc#197259 CVE-2022-49201 bsc#1238256).
- Update patches.suse/ice-Fix-memory-corruption-in-VF-driver.patch
(git-fixes CVE-2022-49722 bsc#1238301).
- Update
patches.suse/ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch
(git-fixes CVE-2022-49063 bsc#1237846).
- Update
patches.suse/ice-fix-scheduling-while-atomic-on-aux-critical-err-.patch
(git-fixes CVE-2022-49193 bsc#1238283).
- Update
patches.suse/igb-fix-a-use-after-free-issue-in-igb_clean_tx_ring.patch
(git-fixes CVE-2022-49695 bsc#1238556).
- Update
patches.suse/igc-Reinstate-IGC_REMOVED-logic-and-implement-it-pro.patch
(jsc#SLE-18377 CVE-2022-49605 bsc#1238433).
- Update
patches.suse/igc-avoid-kernel-warning-when-changing-RX-ring-param.patch
(git-fixes CVE-2022-49227 bsc#1237786).
- Update
patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch
(git-fixes CVE-2022-49285 bsc#1238641).
- Update
patches.suse/iio-adc-adi-axi-adc-Fix-refcount-leak-in-adi_axi_adc.patch
(git-fixes CVE-2022-49683 bsc#1238308).
- Update
patches.suse/iio-trigger-sysfs-fix-use-after-free-on-remove.patch
(git-fixes CVE-2022-49685 bsc#1237963).
- Update
patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch
(git-fixes CVE-2022-49643 bsc#1238663).
- Update
patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch
(git-fixes CVE-2022-49627 bsc#1237798).
- Update
patches.suse/iommu-arm-smmu-fix-possible-null-ptr-deref-in-arm_smmu_device_pr
(git-fixes CVE-2022-49323 bsc#1238400).
- Update
patches.suse/iommu-arm-smmu-v3-check-return-value-after-calling-platform_get_
(git-fixes CVE-2022-49319 bsc#1238374).
- Update patches.suse/iommu-arm-smmu-v3-sva-Fix-mm-use-after-free
(git-fixes CVE-2022-49426 bsc#1238445).
- Update
patches.suse/iommu-mediatek-Fix-NULL-pointer-dereference-when-printing-dev_na
(git-fixes CVE-2022-49424 bsc#1238247).
- Update
patches.suse/iommu-mediatek-Remove-clk_disable-in-mtk_iommu_remove
(git-fixes CVE-2022-49427 bsc#1238246).
- Update
patches.suse/iommu-omap-Fix-regression-in-probe-for-NULL-pointer-dereference
(git-fixes CVE-2022-49083 bsc#1237723).
- Update
patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_update_priori.patch
(git-fixes CVE-2022-49603 bsc#1238867).
- Update
patches.suse/ipv4-Fix-data-races-around-sysctl_fib_multipath_hash.patch
(git-fixes CVE-2022-49579 bsc#1238014).
- Update
patches.suse/ipw2x00-Fix-potential-NULL-dereference-in-libipw_xmi.patch
(git-fixes CVE-2022-49544 bsc#1238721).
- Update
patches.suse/irqchip-gic-realview-Fix-refcount-leak-in-realview_g.patch
(git-fixes CVE-2022-49719 bsc#1238262).
- Update
patches.suse/irqchip-gic-v3-Fix-GICR_CTLR.RWP-polling.patch
(git-fixes CVE-2022-49074 bsc#1237728).
- Update
patches.suse/irqchip-gic-v3-Fix-error-handling-in-gic_populate_pp.patch
(git-fixes CVE-2022-49716 bsc#1238288).
- Update
patches.suse/irqchip-gic-v3-Fix-refcount-leak-in-gic_populate_ppi.patch
(git-fixes CVE-2022-49715 bsc#1238818).
- Update
patches.suse/irqchip-realtek-rtl-Fix-refcount-leak-in-map_interru.patch
(git-fixes CVE-2022-49714 bsc#1238538).
- Update
patches.suse/ixgbe-Add-locking-to-prevent-panic-when-setting-srio.patch
(git-fixes CVE-2022-49584 bsc#1237933).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_fill_super.patch
(git-fixes CVE-2022-49381 bsc#1238112).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_mount_fs.patch
(git-fixes CVE-2022-49277 bsc#1238144).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
(git-fixes CVE-2022-49276 bsc#1238142).
- Update patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
(git-fixes CVE-2022-49670 bsc#1238809).
- Update patches.suse/list-fix-a-data-race-around-ep-rdllist.patch
(git-fixes CVE-2022-49443 bsc#1238434).
- Update
patches.suse/lz4-fix-LZ4_decompress_safe_partial-read-out-of-boun.patch
(git-fixes CVE-2022-49078 bsc#1237736).
- Update
patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch
(git-fixes CVE-2022-49290 bsc#1238156).
- Update
patches.suse/md-Don-t-set-mddev-private-to-NULL-in-raid0-pers-fre.patch
(git-fixes CVE-2022-49400 bsc#1238125).
- Update
patches.suse/md-bitmap-don-t-set-sb-values-if-can-t-pass-sanity-c.patch
(bsc#1197158 CVE-2022-49526 bsc#1238030).
- Update
patches.suse/md-fix-double-free-of-io_acct_set-bioset.patch
(git-fixes CVE-2022-49384 bsc#1237959).
- Update
patches.suse/media-cx25821-Fix-the-warning-when-removing-the-modu.patch
(git-fixes CVE-2022-49525 bsc#1238022).
- Update
patches.suse/media-i2c-max9286-fix-kernel-oops-when-removing-modu.patch
(git-fixes CVE-2022-49509 bsc#1238650).
- Update
patches.suse/media-imx-jpeg-Prevent-decoding-NV12M-jpegs-into-sin.patch
(git-fixes CVE-2022-49165 bsc#1238106).
- Update
patches.suse/media-imx-jpeg-fix-a-bug-of-accessing-array-out-of-b.patch
(git-fixes CVE-2022-49163 bsc#1238105).
- Update
patches.suse/media-pci-cx23885-Fix-the-error-handling-in-cx23885_.patch
(git-fixes CVE-2022-49524 bsc#1238949).
- Update
patches.suse/media-pvrusb2-fix-array-index-out-of-bounds-in-pvr2_.patch
(git-fixes CVE-2022-49478 bsc#1238000).
- Update
patches.suse/media-rga-fix-possible-memory-leak-in-rga_probe.patch
(git-fixes CVE-2022-49502 bsc#1238834).
- Update
patches.suse/media-stk1160-If-start-stream-fails-return-buffers-w.patch
(git-fixes CVE-2022-49247 bsc#1237783).
- Update
patches.suse/media-ti-vpe-cal-Fix-a-NULL-pointer-dereference-in-c.patch
(git-fixes CVE-2022-49254 bsc#1238089).
- Update
patches.suse/media-usb-go7007-s2250-board-fix-leak-in-probe.patch
(git-fixes CVE-2022-49253 bsc#1238420).
- Update
patches.suse/media-venus-hfi-avoid-null-dereference-in-deinit.patch
(git-fixes CVE-2022-49527 bsc#1238013).
- Update
patches.suse/memory-renesas-rpc-if-fix-platform-device-leak-in-er.patch
(git-fixes CVE-2022-49050 bsc#1237892).
- Update
patches.suse/memory-samsung-exynos5422-dmc-Fix-refcount-leak-in-o.patch
(git-fixes CVE-2022-49676 bsc#1237821).
- Update
patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch
(git-fixes CVE-2022-49435 bsc#1238292).
- Update
patches.suse/misc-ocxl-fix-possible-double-free-in-ocxl_file_regi.patch
(git-fixes CVE-2022-49455 bsc#1238229).
- Update
patches.suse/mm-slub-add-missing-TID-updates-on-slab-deactivation.patch
(git-fixes CVE-2022-49700 bsc#1238249).
- Update
patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch
(git-fixes CVE-2022-49522 bsc#1238948).
- Update
patches.suse/module-fix-e_shstrndx-.sh_size-0-OOB-access.patch
(git-fixes CVE-2022-49444 bsc#1238127).
- Update
patches.suse/msft-hv-2554-Drivers-hv-vmbus-Deactivate-sysctl_record_panic_msg-.patch
(bsc#1183682 CVE-2022-49054 bsc#1237931).
- Update
patches.suse/msft-hv-2555-Drivers-hv-vmbus-Fix-initialization-of-device-object.patch
(git-fixes CVE-2022-49099 bsc#1237727).
- Update
patches.suse/msft-hv-2556-Drivers-hv-vmbus-Fix-potential-crash-on-module-unloa.patch
(git-fixes CVE-2022-49098 bsc#1238079).
- Update
patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch
(git-fixes CVE-2022-49112 bsc#1237971).
- Update
patches.suse/mt76-fix-use-after-free-by-removing-a-non-RCU-wcid-p.patch
(git-fixes CVE-2022-49328 bsc#1238391).
- Update
patches.suse/mt76-mt7921-fix-crash-when-startup-fails.patch
(git-fixes CVE-2022-49129 bsc#1237968).
- Update
patches.suse/mtd-rawnand-atmel-fix-refcount-issue-in-atmel_nand_c.patch
(git-fixes CVE-2022-49212 bsc#1238331).
- Update
patches.suse/mtd-rawnand-cadence-fix-possible-null-ptr-deref-in-c.patch
(git-fixes CVE-2022-49494 bsc#1237955).
- Update
patches.suse/mtd-rawnand-denali-Use-managed-device-resources.patch
(git-fixes CVE-2022-49512 bsc#1237986).
- Update
patches.suse/mtd-rawnand-intel-fix-possible-null-ptr-deref-in-ebu.patch
(git-fixes CVE-2022-49487 bsc#1238115).
- Update
patches.suse/net-altera-Fix-refcount-leak-in-altera_tse_mdio_crea.patch
(git-fixes CVE-2022-49351 bsc#1237939).
- Update
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch
(git-fixes CVE-2022-49226 bsc#1238336).
- Update
patches.suse/net-bcmgenet-Use-stronger-register-read-writes-to-as.patch
(git-fixes CVE-2022-49194 bsc#1238453).
- Update
patches.suse/net-bonding-fix-use-after-free-after-802.3ad-slave-u.patch
(git-fixes CVE-2022-49667 bsc#1238282).
- Update
patches.suse/net-dsa-lantiq_gswip-Fix-refcount-leak-in-gswip_gphy.patch
(git-fixes CVE-2022-49346 bsc#1238392).
- Update
patches.suse/net-dsa-microchip-ksz_common-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49591 bsc#1238666).
- Update
patches.suse/net-dsa-mv88e6xxx-Fix-refcount-leak-in-mv88e6xxx_mdi.patch
(git-fixes CVE-2022-49367 bsc#1238447).
- Update
patches.suse/net-ethernet-bgmac-Fix-refcount-leak-in-bcma_mdio_mi.patch
(git-fixes CVE-2022-49342 bsc#1238390).
- Update
patches.suse/net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch
(git-fixes CVE-2022-49368 bsc#1237808).
- Update
patches.suse/net-ethernet-stmmac-fix-altr_tse_pcs-function-when-u.patch
(git-fixes CVE-2022-49061 bsc#1238024).
- Update
patches.suse/net-ethernet-ti-am65-cpsw-nuss-Fix-some-refcount-lea.patch
(git-fixes CVE-2022-49386 bsc#1237826).
- Update
patches.suse/net-hns3-add-vlan-list-lock-to-protect-vlan-list.patch
(git-fixes CVE-2022-49182 bsc#1238260).
- Update
patches.suse/net-ipv4-fix-route-with-nexthop-object-delete-warnin.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-49092 bsc#1237779).
- Update
patches.suse/net-ipv6-unexport-__init-annotated-seg6_hmac_init.patch
(bsc#1201218 CVE-2022-49339 bsc#1238388).
- Update
patches.suse/net-mdio-unexport-__init-annotated-mdio_bus_init.patch
(bsc#1201218 CVE-2022-49350 bsc#1238387).
- Update
patches.suse/net-openvswitch-fix-leak-of-nested-actions.patch
(git-fixes CVE-2022-49086 bsc#1238037).
- Update
patches.suse/net-phy-micrel-Allow-probing-without-.driver_data.patch
(git-fixes CVE-2022-49472 bsc#1238951).
- Update
patches.suse/net-sfc-add-missing-xdp-queue-reinitialization.patch
(git-fixes CVE-2022-49096 bsc#1238077).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereference-in-smc_pnet_find_ib
(git-fixes CVE-2022-49060 bsc#1237845).
- Update
patches.suse/net-stmmac-dwc-qos-Disable-split-header-for-Tegra194.patch
(bsc#1194904 CVE-2022-49642 bsc#1238437).
- Update
patches.suse/net-stmmac-fix-dma-queue-left-shift-overflow-issue.patch
(git-fixes CVE-2022-49592 bsc#1238311).
- Update patches.suse/net-stmmac-fix-leaks-in-probe.patch
(git-fixes CVE-2022-49628 bsc#1238619).
- Update
patches.suse/net-tun-unlink-NAPI-from-device-on-destruction.patch
(git-fixes CVE-2022-49672 bsc#1238816).
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(git-fixes CVE-2022-49051 bsc#1237903).
- Update
patches.suse/net-xfrm-unexport-__init-annotated-xfrm4_protocol_in.patch
(bsc#1201218 CVE-2022-49345 bsc#1238238).
- Update
patches.suse/nfc-nci-add-flush_workqueue-to-prevent-uaf.patch
(git-fixes CVE-2022-49059 bsc#1238007).
- Update
patches.suse/nfc-nfcmrvl-Fix-memory-leak-in-nfcmrvl_play_deferred.patch
(git-fixes CVE-2022-49729 bsc#1239060).
- Update
patches.suse/nfc-st21nfca-fix-memory-leaks-in-EVT_TRANSACTION-han.patch
(git-fixes CVE-2022-49331 bsc#1237813).
- Update
patches.suse/nvme-pci-fix-a-NULL-pointer-dereference-in-nvme_allo.patch
(git-fixes CVE-2022-49492 bsc#1238954).
- Update
patches.suse/ocfs2-dlmfs-fix-error-handling-of-user_dlm_destroy_l.patch
(bsc#1202778 CVE-2022-49337 bsc#1238376).
- Update
patches.suse/ocfs2-fix-crash-when-mount-with-quota-enabled.patch
(bsc#1207640 CVE-2022-49274 bsc#1238668).
- Update
patches.suse/perf-core-Fix-data-race-between-perf_event_set_output-and-perf_mmap_close.patch
(git fixes CVE-2022-49607 bsc#1238817).
- Update
patches.suse/phy-qcom-qmp-fix-reset-controller-leak-on-probe-erro.patch
(git-fixes CVE-2022-49396 bsc#1238289).
- Update
patches.suse/phy-qcom-qmp-fix-struct-clk-leak-on-probe-errors.patch
(git-fixes CVE-2022-49397 bsc#1237823).
- Update
patches.suse/pinctrl-aspeed-Fix-potential-NULL-dereference-in-asp.patch
(git-fixes CVE-2022-49618 bsc#1238957).
- Update
patches.suse/pinctrl-nomadik-Add-missing-of_node_put-in-nmk_pinct.patch
(git-fixes CVE-2022-49185 bsc#1238111).
- Update
patches.suse/pinctrl-renesas-core-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49445 bsc#1238019).
- Update
patches.suse/pinctrl-renesas-rzn1-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49449 bsc#1238936).
- Update
patches.suse/platform-x86-thinkpad_acpi-Fix-a-memory-leak-of-EFCH.patch
(bsc#1210050 CVE-2022-49665 bsc#1238017).
- Update
patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch
(git-fixes CVE-2022-49609 bsc#1238241).
- Update
patches.suse/power-supply-ab8500-Fix-memory-leak-in-ab8500_fg_sys.patch
(git-fixes CVE-2022-49224 bsc#1237998).
- Update
patches.suse/powerpc-64s-Don-t-use-DSISR-for-SLB-faults.patch
(bsc#1194869 CVE-2022-49214 bsc#1238003).
- Update
patches.suse/powerpc-iommu-Add-missing-of_node_put-in-iommu_init_.patch
(bsc#1194869 CVE-2022-49431 bsc#1238899).
- Update
patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803 CVE-2022-49196 bsc#1238274).
- Update
patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch
(bsc#1197174 ltc#196362 CVE-2022-49440 bsc#1238945).
- Update
patches.suse/powerpc-secvar-fix-refcount-leak-in-format_show.patch
(bsc#1194869 CVE-2022-49113 bsc#1237967).
- Update
patches.suse/powerpc-tm-Fix-more-userspace-r13-corruption.patch
(bsc#1065729 CVE-2022-49164 bsc#1238108).
- Update
patches.suse/powerpc-xics-fix-refcount-leak-in-icp_opal_init.patch
(bsc#1194869 CVE-2022-49432 bsc#1238950).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch
(fate#322438 git-fixes CVE-2022-49437 bsc#1238443).
- Update
patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch
(fate#322438 git-fixes CVE-2022-49623 bsc#1239040).
- Update
patches.suse/qede-confirm-skb-is-allocated-before-using.patch
(git-fixes CVE-2022-49084 bsc#1237751).
- Update
patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch
(git-fixes CVE-2022-49631 bsc#1238814).
- Update
patches.suse/regulator-da9121-Fix-uninit-value-in-da9121_assign_c.patch
(git-fixes CVE-2022-49507 bsc#1238811).
- Update
patches.suse/regulator-pfuze100-Fix-refcount-leak-in-pfuze_parse_.patch
(git-fixes CVE-2022-49481 bsc#1238264).
- Update
patches.suse/regulator-scmi-Fix-refcount-leak-in-scmi_regulator_p.patch
(git-fixes CVE-2022-49466 bsc#1238287).
- Update
patches.suse/remoteproc-Fix-count-check-in-rproc_coredump_write.patch
(git-fixes CVE-2022-49278 bsc#1238253).
- Update
patches.suse/remoteproc-qcom_q6v5_mss-Fix-some-leaks-in-q6v5_allo.patch
(git-fixes CVE-2022-49188 bsc#1238138).
- Update
patches.suse/rtc-mt6397-check-return-value-after-calling-platform.patch
(git-fixes CVE-2022-49375 bsc#1238228).
- Update
patches.suse/rtc-pl031-fix-rtc-features-null-pointer-dereference.patch
(git-fixes CVE-2022-49273 bsc#1238140).
- Update
patches.suse/rtl818x-Prevent-using-not-initialized-queues.patch
(git-fixes CVE-2022-49326 bsc#1238646).
- Update
patches.suse/scsi-hisi_sas-Free-irq-vectors-in-order-for-v3-HW.patch
(git-fixes CVE-2022-49118 bsc#1237979).
- Update
patches.suse/scsi-ibmvfc-Allocate-free-queue-resource-only-during.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49701
bsc#1237810).
- Update
patches.suse/scsi-ibmvfc-Store-vhost-pointer-during-subcrq-alloca.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49703
bsc#1238131).
- Update
patches.suse/scsi-libfc-Fix-use-after-free-in-fc_exch_abts_resp.patch
(git-fixes CVE-2022-49114 bsc#1238146).
- Update
patches.suse/scsi-lpfc-Address-NULL-pointer-dereference-after-sta.patch
(bsc#1201193 CVE-2022-49332 bsc#1238236).
- Update
patches.suse/scsi-lpfc-Fix-SCSI-I-O-completion-and-abort-handler-.patch
(bsc#1200045 CVE-2022-49536 bsc#1238838).
- Update
patches.suse/scsi-lpfc-Fix-call-trace-observed-during-I-O-with-CM.patch
(bsc#1200045 CVE-2022-49537 bsc#1238930).
- Update
patches.suse/scsi-lpfc-Fix-null-pointer-dereference-after-failing.patch
(bsc#1200045 CVE-2022-49535 bsc#1238937).
- Update
patches.suse/scsi-lpfc-Fix-resource-leak-in-lpfc_sli4_send_seq_to.patch
(bsc#1200045 CVE-2022-49521 bsc#1238938).
- Update
patches.suse/scsi-lpfc-Inhibit-aborts-if-external-loopback-plug-i.patch
(bsc#1200045 CVE-2022-49504 bsc#1238835).
- Update
patches.suse/scsi-lpfc-Move-cfg_log_verbose-check-before-calling-.patch
(bsc#1200045 CVE-2022-49542 bsc#1238722).
- Update
patches.suse/scsi-lpfc-Protect-memory-leak-for-NPIV-ports-sending.patch
(bsc#1200045 CVE-2022-49534 bsc#1238893).
- Update
patches.suse/scsi-lpfc-Resolve-NULL-ptr-dereference-after-an-ELS-.patch
(bsc#1201193 CVE-2022-49730 bsc#1239070).
- Update patches.suse/scsi-mpi3mr-Fix-memory-leaks.patch
(git-fixes CVE-2022-49126 bsc#1237929).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-in-_scsih_expander_node_remove
(git-fixes CVE-2022-49082 bsc#1237740).
- Update
patches.suse/scsi-pm8001-Fix-abort-all-task-initialization.patch
(git-fixes CVE-2022-49217 bsc#1238313).
- Update
patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_update_req.patch
(git-fixes CVE-2022-49119 bsc#1237925).
- Update patches.suse/scsi-pm8001-Fix-tag-leaks-on-error.patch
(git-fixes CVE-2022-49121 bsc#1237926).
- Update
patches.suse/scsi-pm8001-Fix-task-leak-in-pm8001_send_abort_all.patch
(git-fixes CVE-2022-49120 bsc#1237969).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch
(bsc#1197661 CVE-2022-49160 bsc#1238172).
- Update
patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
(bsc#1195823 CVE-2022-49157 bsc#1238169).
- Update
patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
(bsc#1195823 CVE-2022-49156 bsc#1238168).
- Update
patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
(bsc#1195823 CVE-2022-49158 bsc#1238170).
- Update
patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
(bsc#1195823 CVE-2022-49159 bsc#1238171).
- Update
patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
(bsc#1195823 CVE-2022-49155 bsc#1237941).
- Update
patches.suse/scsi-sd-Fix-potential-NULL-pointer-dereference.patch
(git-fixes CVE-2022-49376 bsc#1238103).
- Update
patches.suse/scsi-zorro7xx-Fix-a-resource-leak-in-zorro7xx_remove_one
(git-fixes CVE-2022-49095 bsc#1237752).
- Update
patches.suse/serial-8250-Fix-PM-usage_count-for-console-handover.patch
(git-fixes CVE-2022-49613 bsc#1238440).
- Update
patches.suse/serial-8250_aspeed_vuart-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49392 bsc#1238113).
- Update
patches.suse/sfc-fix-considering-that-all-channels-have-TX-queues.patch
(git-fixes CVE-2022-49378 bsc#1238286).
- Update patches.suse/sfc-fix-kernel-panic-when-creating-VF.patch
(git-fixes CVE-2022-49625 bsc#1238411).
- Update
patches.suse/sfc-fix-use-after-free-when-disabling-sriov.patch
(git-fixes CVE-2022-49626 bsc#1238270).
- Update
patches.suse/skbuff-fix-coalescing-for-page_pool-fragment-recycli.patch
(bsc#1190336 CVE-2022-49093 bsc#1237737).
- Update
patches.suse/soc-bcm-Check-for-NULL-return-of-devm_kzalloc.patch
(git-fixes CVE-2022-49448 bsc#1238536).
- Update
patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch
(git-fixes CVE-2022-49678 bsc#1238821).
- Update
patches.suse/soc-rockchip-Fix-refcount-leak-in-rockchip_grf_init.patch
(git-fixes CVE-2022-49382 bsc#1238306).
- Update
patches.suse/soc-ti-ti_sci_pm_domains-Check-for-null-return-of-de.patch
(git-fixes CVE-2022-49453 bsc#1239004).
- Update
patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch
(git-fixes CVE-2022-49569 bsc#1238605).
- Update
patches.suse/spi-spi-fsl-qspi-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49475 bsc#1238617).
- Update
patches.suse/staging-rtl8712-fix-a-potential-memory-leak-in-r871x.patch
(git-fixes CVE-2022-49312 bsc#1238157).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-r871xu_drv_init.patch
(git-fixes CVE-2022-49298 bsc#1238718).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-usb_read8-and-fr.patch
(git-fixes CVE-2022-49301 bsc#1238643).
- Update
patches.suse/staging-vchiq_arm-Avoid-NULL-ptr-deref-in-vchiq_dump.patch
(git-fixes CVE-2022-49106 bsc#1237965).
- Update
patches.suse/staging-vchiq_core-handle-NULL-result-of-find_servic.patch
(git-fixes CVE-2022-49104 bsc#1237999).
- Update
patches.suse/staging-wfx-fix-an-error-handling-in-wfx_init_common.patch
(git-fixes CVE-2022-49105 bsc#1237975).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_dou8vec_minmax.patch
(git-fixes CVE-2022-49634 bsc#1237937).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch
(git-fixes CVE-2022-49641 bsc#1237831).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch
(git-fixes CVE-2022-49640 bsc#1237782).
- Update
patches.suse/thermal-core-Fix-memory-leak-in-__thermal_cooling_de.patch
(git-fixes CVE-2022-49468 bsc#1238047).
- Update
patches.suse/thermal-drivers-broadcom-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49459 bsc#1238046).
- Update
patches.suse/thermal-drivers-imx_sc_thermal-Fix-refcount-leak-in-.patch
(git-fixes CVE-2022-49463 bsc#1238428).
- Update
patches.suse/tick-nohz-unexport-__init-annotated-tick_nohz_full_s.patch
(bsc#1201218 CVE-2022-49675 bsc#1238431).
- Update
patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
(CVE-2022-2977 bsc#1202672 CVE-2022-49287 bsc#1238276).
- Update patches.suse/tpm-use-try_get_ops-in-tpm-space.c.patch
(git-fixes CVE-2022-49286 bsc#1238647).
- Update
patches.suse/tracing-Fix-potential-double-free-in-create_var_ref.patch
(git-fixes CVE-2022-49410 bsc#1238441).
- Update
patches.suse/tracing-Fix-sleeping-function-called-from-invalid-context-on-RT-kernel.patch
(git-fixes CVE-2022-49322 bsc#1238396).
- Update
patches.suse/tracing-histograms-Fix-memory-leak-problem.patch
(git-fixes CVE-2022-49648 bsc#1238278).
- Update
patches.suse/tty-Fix-a-possible-resource-leak-in-icom_probe.patch
(git-fixes CVE-2022-49314 bsc#1238158).
- Update
patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch
(git-fixes CVE-2022-49441 bsc#1238263).
- Update patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch
(git-fixes CVE-2022-49724 bsc#1238869).
- Update
patches.suse/tty-goldfish-Use-tty_port_destroy-to-destroy-port.patch
(git-fixes CVE-2022-49399 bsc#1237829).
- Update
patches.suse/tty-synclink_gt-Fix-null-pointer-dereference-in-slgt.patch
(git-fixes CVE-2022-49307 bsc#1238149).
- Update
patches.suse/tunnels-do-not-assume-mac-header-is-set-in-skb_tunne.patch
(git-fixes CVE-2022-49663 bsc#1238442).
- Update
patches.suse/usb-dwc2-Fix-memory-leak-in-dwc2_hcd_init.patch
(git-fixes CVE-2022-49713 bsc#1238419).
- Update
patches.suse/usb-dwc2-gadget-don-t-reset-gadget-s-driver-bus.patch
(git-fixes CVE-2022-49299 bsc#1238184).
- Update
patches.suse/usb-dwc3-gadget-Replace-list_for_each_entry_safe-if-.patch
(git-fixes CVE-2022-49398 bsc#1238621).
- Update
patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch
(git-fixes CVE-2022-49712 bsc#1238239).
- Update
patches.suse/usb-isp1760-Fix-out-of-bounds-array-access.patch
(git-fixes CVE-2022-49551 bsc#1237795).
- Update
patches.suse/usb-usbip-fix-a-refcount-leak-in-stub_probe.patch
(git-fixes CVE-2022-49389 bsc#1238257).
- Update
patches.suse/usbnet-Run-unregister_netdev-before-unbind-again.patch
(git-fixes CVE-2022-49501 bsc#1238830).
- Update patches.suse/usbnet-fix-memory-leak-in-error-case.patch
(git-fixes CVE-2022-49657 bsc#1238269).
- Update
patches.suse/veth-Ensure-eth-header-is-in-skb-s-linear-part.patch
(git-fixes CVE-2022-49066 bsc#1237722).
- Update
patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch
(git-fixes CVE-2022-49421 bsc#1238819).
- Update
patches.suse/video-fbdev-sm712fb-Fix-crash-in-smtcfb_write.patch
(git-fixes CVE-2022-49162 bsc#1238096).
- Update
patches.suse/virtio_console-eliminate-anonymous-module_init-modul.patch
(git-fixes CVE-2022-49100 bsc#1237735).
- Update
patches.suse/virtio_net-fix-xdp_rxq_info-bug-after-suspend-resume.patch
(git-fixes CVE-2022-49687 bsc#1238181).
- Update patches.suse/watch_queue-Actually-free-the-watch.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49256 bsc#1238277).
- Update
patches.suse/watch_queue-Fix-NULL-dereference-in-error-cleanup.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49257 bsc#1237987).
- Update
patches.suse/watch_queue-Free-the-page-array-when-watch_queue-is-.patch
(git-fixes CVE-2022-49148 bsc#1237797).
- Update
patches.suse/watchdog-ts4800_wdt-Fix-refcount-leak-in-ts4800_wdt_.patch
(git-fixes CVE-2022-49373 bsc#1238175).
- Update
patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch
(git-fixes CVE-2022-49646 bsc#1239001).
- Update
patches.suse/wifi-mac80211-fix-use-after-free-in-chanctx-code.patch
(git-fixes CVE-2022-49416 bsc#1238293).
- Update
patches.suse/wireguard-socket-free-skb-in-send6-when-ipv6-is-disa.patch
(git-fixes CVE-2022-49153 bsc#1238166).
- Update
patches.suse/x86-MCE-AMD-Fix-memory-leak-when-threshold_create_ba.patch
(git-fixes CVE-2022-49549 bsc#1238602).
- Update
patches.suse/x86-kexec-fix-memory-leak-of-elf-header-buffer.patch
(bsc#1196444 CVE-2022-49546 bsc#1238750).
- Update
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49611
bsc#1238618).
- Update
patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch
(bsc#1201381 CVE-2022-49649 bsc#1238612).
- Update
patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch
(git-fixes CVE-2022-49321 bsc#1238373).
- commit a27d758
- Update
patches.suse/0011-Revert-Revert-block-bfq-honor-already-setup-queue-merges.patch
(git-fixes CVE-2021-47646 bsc#1237774).
- Update
patches.suse/ARM-davinci-da850-evm-Avoid-NULL-pointer-dereference.patch
(git-fixes CVE-2021-47631 bsc#1237718).
- Update
patches.suse/ASoC-soc-compress-prevent-the-potentially-use-of-nul.patch
(git-fixes CVE-2021-47650 bsc#1237742).
- Update
patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch
(git-fixes CVE-2021-47639 bsc#1237824).
- Update
patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch
(git-fixes CVE-2021-47633 bsc#1237768).
- Update patches.suse/clk-qcom-ipq8074-fix-PCI-E-clock-oops.patch
(git-fixes CVE-2021-47647 bsc#1237775).
- Update
patches.suse/drm-amd-pm-fix-a-potential-gpu_metrics_table-memory-.patch
(git-fixes CVE-2021-4453 bsc#1237753).
- Update
patches.suse/drm-plane-Move-range-check-for-format_count-earlier.patch
(git-fixes CVE-2021-47659 bsc#1237839).
- Update
patches.suse/drm-virtio-Ensure-that-objs-is-not-NULL-in-virtio_gp.patch
(git-fixes CVE-2021-47657 bsc#1237837).
- Update
patches.suse/gpu-host1x-Fix-a-memory-leak-in-host1x_remove.patch
(git-fixes CVE-2021-47648 bsc#1237725).
- Update
patches.suse/jffs2-fix-use-after-free-in-jffs2_clear_xattr_subsystem.patch
(git-fixes CVE-2021-47656 bsc#1237827).
- Update
patches.suse/media-davinci-vpif-fix-use-after-free-on-driver-unbi.patch
(git-fixes CVE-2021-47653 bsc#1237748).
- Update patches.suse/media-ir_toy-free-before-error-exiting.patch
(git-fixes CVE-2021-47643 bsc#1237743).
- Update
patches.suse/media-staging-media-zoran-calculate-the-right-buffer.patch
(git-fixes CVE-2021-47645 bsc#1237767).
- Update
patches.suse/media-staging-media-zoran-move-videodev-alloc.patch
(git-fixes CVE-2021-47644 bsc#1237766).
- Update
patches.suse/powerpc-set_memory-Avoid-spinlock-recursion-in-chang.patch
(bsc#1194869 CVE-2021-47632 bsc#1237755).
- Update
patches.suse/samples-landlock-Fix-path_list-memory-leak.patch
(git-fixes CVE-2021-47654 bsc#1237807).
- Update
patches.suse/soc-qcom-rpmpd-Check-for-null-return-of-devm_kcalloc.patch
(git-fixes CVE-2021-47651 bsc#1237872).
- Update
patches.suse/ubifs-Fix-deadlock-in-concurrent-rename-whiteout-and-inode-writeback.patch
(git-fixes CVE-2021-47637 bsc#1237761).
- Update
patches.suse/ubifs-Fix-read-out-of-bounds-in-ubifs_wbuf_write_nolock.patch
(git-fixes CVE-2021-47636 bsc#1237904).
- Update
patches.suse/ubifs-Fix-to-add-refcount-once-page-is-set-private.patch
(git-fixes CVE-2021-47635 bsc#1237759).
- Update
patches.suse/ubifs-rename_whiteout-Fix-double-free-for-whiteout_ui-data.patch
(git-fixes CVE-2021-47638 bsc#1237763).
- Update patches.suse/udmabuf-validate-ubuf-pagecount.patch
(git-fixes CVE-2021-47649 bsc#1237745).
- Update
patches.suse/video-fbdev-cirrusfb-check-pixclock-to-avoid-divide-.patch
(git-fixes CVE-2021-47641 bsc#1237734).
- Update
patches.suse/video-fbdev-nvidiafb-Use-strscpy-to-prevent-buffer-o.patch
(git-fixes CVE-2021-47642 bsc#1237916).
- Update
patches.suse/video-fbdev-smscufx-Fix-null-ptr-deref-in-ufx_usb_pr.patch
(git-fixes CVE-2021-47652 bsc#1237721).
- commit e92be69
- sched/membarrier: Fix redundant load of membarrier_state
(bsc#1232743).
- commit dcd9cb5
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- commit e8a4f87
- net: rose: fix timer races against user threads (CVE-2025-21718
bsc#1239073).
- commit 0089650
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 1575e37
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014 bsc#1239109)
- commit a0ab5c3
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 248ffca
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 1a3f1f0
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(CVE-2022-49080 bsc#1238033).
- commit ee261e8
- KVM: VMX: Bury Intel PT virtualization (guest/host mode)
behind CONFIG_BROKEN (CVE-2024-53135 bsc#1234154).
- commit c33dbae
- kabi: hide adding RCU head into struct netdev_name_node
(bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: fix removing a namespace with conflicting altnames
(bsc#1233749).
- net: do not send a MOVE event when netdev changes netns
(bsc#1233749).
- net: Fix undefined behavior in netdev name allocation
(bsc#1233749).
- net: remove else after return in dev_prep_valid_name()
(bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name()
(bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name()
(bsc#1233749).
- net: don't use input buffer of __dev_alloc_name() as a scratch
space (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns
(bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: introduce a function to check if a netdev name is in use
(bsc#1233749).
- commit b7b1c0b
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- commit 5e81510
- x86/xen: allow larger contiguous memory regions in PV guests
(bsc#1236951).
- commit ae8b3dd
- xen/swiotlb: relax alignment requirements (bsc#1236951).
- commit 5a1b514
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- commit e70ee83
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
(git-fixes).
- commit 2ad21f6
- idpf: call set_real_num_queues in idpf_open (bsc#1236661
bsc#1237316).
- commit 97881c4
- Update References for CVE-2024-53226 and bsc#1236576
Patch:
patches.suse/RDMA-hns-Fix-NULL-pointer-derefernce-in-hns_roce_map.patch
- commit 990ce5d
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
(bsc#1237139 CVE-2025-21699).
- commit 94ceb50
- cpufreq/amd-pstate: Only print supported EPP values for
performance governor (bsc#1236777).
- commit 6568154
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
service (bsc#1237025 CVE-2025-21690).
- commit 57c2742
- NFSD: use explicit lock/unlock for directory ops (bsc#1234650
bsc#1233701 bsc#1232472).
- blacklist.conf: Remove this commit - we do need some of it.
- commit dfa4cb2
- sched: sch_cake: add bounds checks to host bulk flow fairness
counts (CVE-2025-21647 bsc#1236133).
- commit e9841a3
- Update
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
(bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
Move to the sorted section.
- commit bb08640
- net: sched: fix ets qdisc OOB Indexing (bsc#1237028
CVE-2025-21692).
- commit 947f160
- scsi: storvsc: Set correct data length for sending SCSI command
without payload (git-fixes).
- commit f05636e
- net: mana: Cleanup "mana" debugfs dir after cleanup of all
children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Add get_link and get_link_ksettings in ethtool
(bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit 7db536d
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
(CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
(bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
(CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit c3c2bf8
- mac802154: check local interfaces before deleting sdata list
(CVE-2024-57948 bsc#1236677).
- commit 4de21f7
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit a0c98f3
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142 bsc#1233028)
- commit 03267d6
- smb: client: properly close cfids on umount (bsc#1231432,
bsc#1232299, bsc#1235599, bsc#1234896).
- commit 1be27dc
- mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088 CVE-2024-46858)
- commit 9ccbda8
- Fix sorting error
```
Error: Current series.conf is not sorted. Please run series_sort.py first and commit the result before adding new patches.
```
- commit a81b3e9
- kABI fix for net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
net' free in netns dismantle") introduced a new struct element
`defer_free_list` into `struct net`. In order to preserve the kABI, move
the newly added element into a hole.
```
struct netns_nexthop nexthop; /* 560 72 */
/* XXX 8 bytes hole, try to pack */
/* --- cacheline 10 boundary (640 bytes) --- */
struct netns_ipv4 ipv4 __attribute__((__aligned__(64))); /* 640 704 */
```
- commit 3fc1183
- net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
- commit 8694248
- NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847).
- commit 9f70842
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- commit 97689a4
- NFS: Adjust the amount of readahead performed by NFS readdir
(bsc#1231847).
- commit 28137f0
- NFS: Do not flush the readdir cache in nfs_dentry_iput()
(bsc#1231847).
- commit f9c2fd9
- smb: prevent use-after-free due to open_cached_dir error paths
(CVE-2024-53177 bsc#1234896).
- commit bf3cf0a
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600 bsc#1235217).
- commit 4f3d37a
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64
(bsc#1235111).
- ice: avoid the PTP hardware semaphore in gettimex64 path
(bsc#1235111).
- ice: add ice_adapter for shared data across PFs on the same NIC
(bsc#1235111).
- iavf: fix the waiting time for initial reset (bsc#1235111).
- commit 6bac5db
- blacklist.conf: Not affected byy CVE-2024-44932 and CVE-2024-44964
- Delete
patches.suse/idpf-fix-UAFs-when-destroying-the-queues.patch.
- Delete
patches.suse/idpf-fix-memory-leaks-and-crashes-while-performing-a.patch.
This fixes bsc#1236628
- commit eb1fe78
- netfilter: x_tables: fix LED ID check in led_tg_check()
(CVE-2024-56650 bsc#1235430).
- commit a130a9c
- drm/amdkfd: Correct the migration DMA map direction (bsc#1235969 CVE-2024-57897)
- commit e14ed1e
- drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806 CVE-2024-57876)
- commit 7f76a66
- netfilter: nf_tables: validate family when identifying table
via handle (bsc#1233778 ZDI-24-1454).
- commit 1df7b33
- tpm: send_data: Wait longer for the TPM to become ready
(bsc#1235870).
- commit 5a0cfd5
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- commit 0a0fe49
- ibmvnic: Free any outstanding tx skbs during scrq reset
(bsc#1226980).
- commit a6b7a28
- scsi: qedi: Fix a possible memory leak in
qedi_alloc_and_init_sb() (CVE-2024-56747 bsc#1234934).
- scsi: bfa: Fix use-after-free in bfad_im_module_exit()
(CVE-2024-53227 bsc#1235011).
- scsi: hisi_sas: Create all dump files during debugfs
initialization (CVE-2024-56588 bsc#1235123).
- commit 9c17f1e
- rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
- commit baf1fd9
- x86/aperfperf: Make it correct on 32bit and UP kernels
(bsc#1236289).
- commit f5502ff
- x86/aperfmperf: Integrate the fallback code from show_cpuinfo()
(bsc#1236289).
- commit 24182be
- x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
- commit d8c39fe
- x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
- commit c5c68b4
- x86/aperfmperf: Store aperf/mperf data for cpu frequency reads
(bsc#1236289).
- commit ee086d6
- x86/aperfmperf: Make parts of the frequency invariance code
unconditional (bsc#1236289).
- commit 63ca54c
- x86/aperfmperf: Restructure arch_scale_freq_tick()
(bsc#1236289).
- commit e174ebc
- x86/aperfmperf: Put frequency invariance aperf/mperf data into
a struct (bsc#1236289).
- commit 9273def
- x86/aperfmperf: Untangle Intel and AMD frequency invariance init
(bsc#1236289).
- commit eb608bb
- x86/aperfmperf: Separate AP/BP frequency invariance init
(bsc#1236289).
- commit 1b8b243
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit cb91989
- Update
patches.suse/jffs2-Prevent-rtime-decompress-memory-corruption.patch
(git-fixes CVE-2024-57850 bsc#1235812).
- Update patches.suse/nilfs2-prevent-use-of-deleted-inode.patch
(git-fixes CVE-2024-53690 bsc#1235842).
- Update
patches.suse/powerpc-pseries-vas-Add-close-callback-in-vas_vm_ops.patch
(bsc#1234825 CVE-2024-56765 bsc#1235643).
- commit f49a45b
- x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
- Refresh
patches.suse/xen-allow-mapping-ACPI-data-using-a-different-physic.patch.
- commit c07ad15
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601 bsc#1235230).
- commit b4769c0
- x86/smp: Remove unnecessary assignment to local var freq_scale
(bsc#1236289).
- commit a83ed82
- x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu()
(bsc#1236289).
- commit bfe5599
- README.BRANCH: Add Vasilis as a maintainer
- commit a02a3e0
- ceph: improve error handling and short/overflow-read logic in
__ceph_sync_read() (bsc#1228592).
- commit 7a83331
- btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645 CVE-2024-56759).
- commit e811c1c
- gpiolib: cdev: fix uninitialised kfifo (git-fixes bsc#1225736
CVE-2024-36898).
- commit f6b2a4f
- Fix compiler warning introduced in
patches.suse/udf-Avoid-excessive-partition-lengths.patch.
- commit fcad12d
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
bsc#1235466).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166
bsc#1234884).
- commit 894e940
- Refresh
patches.suse/x86-xen-don-t-do-PV-iret-hypercall-through-hypercall.patch.
- commit df281af
- x86/static-call: Remove early_boot_irqs_disabled check to fix
Xen PVH dom0 (git-fixes).
- commit 2c0880a
- bnxt_en: Fix receive ring space parameters when XDP is active
(CVE-2024-53209 bsc#1235002).
- commit d4ecf76
- Fix broken order in series.conf
- commit e5bdf00
- ALSA: seq: oss: Fix races at processing SysEx messages
(CVE-2024-57893 bsc#1235920).
- commit f05049d
- Refresh
patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch.
exportpatch and refresh to have increasing line numbers, rapidquilt
could've ignored that:
warning: patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch:
Possibly ignored hunk: @@ -5829,10 +5830,12 @@ static irqreturn_t hns_roce_v2_msix_interrupt_abn(int irq, void *dev_id)
- commit eb2308c
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 570da1e
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 15490f2
- net/smc: check return value of sock_recvmsg when draining clc
data (CVE-2024-57791 bsc#1235759).
- commit b879d55
- power: supply: gpio-charger: Fix set charge current limits
(git-fixes CVE-2024-57792 bsc#1235764).
- commit 80ed527
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664 bsc#1235249).
- commit 03e2626
- virt: tdx-guest: Just leak decrypted memory on unrecoverable
errors (CVE-2024-57793 bsc#1235768).
- commit 9f7ed49
- s390/cpum_sf: Handle CPU hotplug remove during sampling
(CVE-2024-57849 bsc#1235814).
- commit e03f9af
- Update
patches.suse/ALSA-caiaq-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56531 bsc#1235057).
- Update
patches.suse/ALSA-us122l-Use-snd_card_free_when_closed-at-disconn.patch
(git-fixes CVE-2024-56532 bsc#1235059).
- Update
patches.suse/ALSA-usx2y-Use-snd_card_free_when_closed-at-disconne.patch
(git-fixes CVE-2024-56533 bsc#1235053).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-set_p.patch
(git-fixes CVE-2024-53208 bsc#1234909).
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes bsc#1230697 CVE-2024-8805 CVE-2024-53144
bsc#1234690).
- Update
patches.suse/HID-wacom-fix-when-get-product-name-maybe-null-point.patch
(git-fixes CVE-2024-56629 bsc#1235473).
- Update
patches.suse/NFSD-Prevent-NULL-dereference-in-nfsd4_process_cb_update.patch
(git-fixes CVE-2024-53217 bsc#1234999).
- Update patches.suse/PCI-Fix-reset_method_store-memory-leak.patch
(git-fixes CVE-2024-56745 bsc#1235563).
- Update
patches.suse/RDMA-hns-Fix-cpu-stuck-caused-by-printings-during-re.patch
(git-fixes CVE-2024-56722 bsc#1235570).
- Update
patches.suse/RDMA-mlx5-Move-events-notifier-registration-to-be-af.patch
(git-fixes CVE-2024-53224 bsc#1235009).
- Update
patches.suse/RDMA-rxe-Fix-the-qp-flush-warnings-in-req.patch
(git-fixes CVE-2024-53229 bsc#1234905).
- Update
patches.suse/Revert-mmc-dw_mmc-Fix-IDMAC-operation-with-pages-big.patch
(git-fixes CVE-2024-53127 bsc#1234153).
- Update
patches.suse/SUNRPC-make-sure-cache-entry-active-before-cache_show.patch
(git-fixes CVE-2024-53174 bsc#1234899).
- Update
patches.suse/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch
(git-fixes CVE-2024-56567 bsc#1234916).
- Update
patches.suse/arm64-sve-Discard-stale-CPU-state-when-handling-SVE-traps.patch
(git-fixes CVE-2024-50275 bsc#1233464).
- Update
patches.suse/can-j1939-j1939_session_new-fix-skb-reference-counti.patch
(git-fixes CVE-2024-56645 bsc#1235134).
- Update
patches.suse/comedi-Flush-partial-mappings-in-error-case.patch
(git-fixes CVE-2024-53148 bsc#1234832).
- Update
patches.suse/crypto-bcm-add-error-check-in-the-ahash_hmac_init-fu.patch
(git-fixes CVE-2024-56681 bsc#1235557).
- Update
patches.suse/crypto-caam-Fix-the-pointer-passed-to-caam_qi_shutdo.patch
(git-fixes CVE-2024-56754 bsc#1234918).
- Update
patches.suse/drm-rockchip-vop-Fix-a-dereferenced-before-check-war.patch
(git-fixes CVE-2024-53129 bsc#1234155).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-831214f.patch
(git-fixes CVE-2024-56776 bsc#1235647).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer-e965e77.patch
(git-fixes CVE-2024-56777 bsc#1235641).
- Update
patches.suse/drm-sti-avoid-potential-dereference-of-error-pointer.patch
(git-fixes CVE-2024-56778 bsc#1235635).
- Update
patches.suse/i3c-master-Fix-miss-free-init_dyn_addr-at-i3c_master.patch
(git-fixes CVE-2024-56562 bsc#1234930).
- Update
patches.suse/i40e-Fix-XDP-program-unloading-while-removing-the-dr.patch
(git-fixes CVE-2024-41047 bsc#1228537).
- Update
patches.suse/iio-adc-ad7923-Fix-buffer-overflow-for-tx_buf-and-ri.patch
(git-fixes CVE-2024-56557 bsc#1235122).
- Update
patches.suse/jffs2-prevent-xattr-node-from-overflowing-the-eraseblock.patch
(git-fixes CVE-2024-38599 bsc#1226848 bsc#1223384).
- Update
patches.suse/jfs-add-a-check-to-prevent-array-index-out-of-bounds-in-dbAdjTree.patch
(git-fixes CVE-2024-56595 bsc#1235410).
- Update
patches.suse/jfs-fix-array-index-out-of-bounds-in-jfs_readdir.patch
(git-fixes CVE-2024-56596 bsc#1235458).
- Update patches.suse/jfs-fix-shift-out-of-bounds-in-dbSplit.patch
(git-fixes CVE-2024-56597 bsc#1235222).
- Update
patches.suse/md-Don-t-ignore-suspended-array-in-md_check_recovery-1baa.patch
(git-fixes CVE-2024-26758 bsc#1230341).
- Update
patches.suse/msft-hv-3081-hv_sock-Initializing-vsk-trans-to-NULL-to-prevent-a-.patch
(git-fixes CVE-2024-53103 bsc#1234024).
- Update
patches.suse/msft-hv-3095-Drivers-hv-util-Avoid-accessing-a-ringbuffer-not-ini.patch
(git-fixes CVE-2024-55916 bsc#1235747).
- Update
patches.suse/net-ipv6-release-expired-exception-dst-cached-in-soc.patch
(bsc#1216813 CVE-2024-56644 bsc#1235133).
- Update
patches.suse/net-mlx5-Unregister-notifier-on-eswitch-init-failure.patch
(git-fixes CVE-2024-50136 bsc#1232914).
- Update
patches.suse/net-mlx5-fs-lock-FTE-when-checking-if-active.patch
(git-fixes CVE-2024-53121 bsc#1234078).
- Update
patches.suse/net-mlx5e-Take-state-lock-during-tx-timeout-reporter.patch
(git-fixes CVE-2024-45019 bsc#1230432).
- Update
patches.suse/net-mlx5e-kTLS-Fix-incorrect-page-refcounting.patch
(git-fixes CVE-2024-53138 bsc#1234223).
- Update
patches.suse/nfsd-make-sure-exp-active-before-svc_export_show.patch
(git-fixes CVE-2024-56558 bsc#1235100).
- Update
patches.suse/nouveau-dmem-handle-kcalloc-allocation-failure.patch
(git-fixes CVE-2024-26943 bsc#1230527).
- Update
patches.suse/nvme-fabrics-fix-kernel-crash-while-shutting-down-co.patch
(git-fixes CVE-2024-53169 bsc#1234900).
- Update
patches.suse/nvme-pci-fix-freeing-of-the-HMB-descriptor-table.patch
(git-fixes CVE-2024-56756 bsc#1234922).
- Update
patches.suse/ocfs2-uncache-inode-which-has-failed-entering-the-group.patch
(bsc#1234087 CVE-2024-53112).
- Update
patches.suse/posix-clock-posix-clock-Fix-unbalanced-locking-in-pc.patch
(CVE-2024-50195 bsc#1233103 CVE-2024-50210 bsc#1233097).
- Update
patches.suse/powerpc-mm-fault-Fix-kfence-page-fault-reporting.patch
(bsc#1194869 CVE-2024-56678 bsc#1235495).
- Update
patches.suse/powerpc-pseries-Fix-dtl_access_lock-to-be-a-rw_semap.patch
(bsc#1194869 CVE-2024-56701 bsc#1235496).
- Update
patches.suse/rtc-check-if-__rtc_read_time-was-successful-in-rtc_t.patch
(git-fixes CVE-2024-56739 bsc#1235611).
- Update
patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
(CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- Update
patches.suse/spi-mpc52xx-Add-cancel_work_sync-before-module-remov.patch
(git-fixes CVE-2024-50051 bsc#1235739).
- Update patches.suse/svcrdma-Address-an-integer-overflow.patch
(git-fixes CVE-2024-53151 bsc#1234829).
- Update
patches.suse/svcrdma-fix-miss-destroy-percpu_counter-in-svc_rdma_proc_init.patch
(git-fixes CVE-2024-53215 bsc#1234962).
- Update
patches.suse/ubifs-authentication-Fix-use-after-free-in-ubifs_tnc_end_commit.patch
(git-fixes CVE-2024-53171 bsc#1234889).
- Update
patches.suse/usb-dwc3-gadget-Fix-looping-of-queued-SG-entries.patch
(git-fixes CVE-2024-56698 bsc#1235491).
- commit 69d54c1
- Update
patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
(CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- commit 6deb1aa
- smb: client: fix OOBs when building SMB2_IOCTL request
(bsc#1233055, CVE-2024-50151).
- commit d88d397
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199
bsc#1233112).
- commit 63ec06b
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- commit a0043a3
- README.BRANCH: SLE15-SP5 became LTSS, update maintainers
- commit 513a34e
- scsi: sg: Fix slab-use-after-free read in sg_release()
(CVE-2024-56631 bsc#1235480).
- commit 9399f03
- 9p/xen: fix release of IRQ (CVE-2024-56704 bsc#1235584).
- commit 614e74c
- net: ieee802154: do not leave a dangling sk pointer in
ieee802154_create() (CVE-2024-56602 bsc#1235521).
- commit 4049cc5
- net: hsr: avoid potential out-of-bound access in
fill_frame_info() (CVE-2024-56648 bsc#1235451).
- commit 0a88cb0
- ovl: Filter invalid inodes with missing lookup function
(bsc#1235035 CVE-2024-56570).
- commit 54169ab
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173 bsc#1234891).
- commit f801b5b
- tipc: Fix use-after-free of kernel socket in cleanup_bearer()
(CVE-2024-56642 bsc#1235433).
- commit ec9cc8d
- sctp: properly validate chunk size in sctp_sf_ootb() (CVE-2024-50299 bsc#1233488)
- commit 8a0e9b7
- can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645 bsc#1235134).
- commit 5011af1
- Bluetooth: L2CAP: do not leave dangling sk pointer on error
in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit c461209
- Run scripts/renamepatches for cve/linux-5.14-LTSS
- commit 6a1366b
- idpf: trigger SW interrupt when exiting wb_on_itr mode
(bsc#1235507).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
(bsc#1235246).
- idpf: enable WB_ON_ITR (bsc#1235507).
- commit b33decb
- smb: client: fix use-after-free of signing key (CVE-2024-53179
bsc#1234921).
- commit 86400c7
- smb: client: fix TCP timers deadlock after rmmod (git-fixes)
[hcarvalho: this fixes issue discussed in bsc#1233642].
- commit 3e3e1af
- smb: client: Fix use-after-free of network namespace
(CVE-2024-53095 bsc#1233642).
[hcarvalho: remove netfs_tracker_* related code because we don't have
such infrastructure.]
- commit 97b2d9e
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit e27d4b2
- Refresh
patches.suse/nfsd-restore-callback-functionality-for-NFSv4.0.patch.
- commit 60bcd54
- vfio/pci: Properly hide first-in-list PCIe extended capability
(bsc#1235004 CVE-2024-53214).
- commit f520125
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit cf32d9d
- Bluetooth: Consolidate code around sk_alloc into a helper
function (bsc#1235056 CVE-2024-56604).
Refresh
patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit 4de890e
- nilfs2: fix potential out-of-bounds memory access in
nilfs_find_entry() (bsc#1235224 CVE-2024-56619).
- commit b3f788e
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
(bsc#1234825).
- commit 7ec9265
- jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220
CVE-2024-56598).
- commit 4762f9a
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- commit b016f85
- hfsplus: don't query the device logical block size multiple
times (bsc#1235073 CVE-2024-56548).
- commit 67473c2
- netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
(CVE-2024-56755 bsc#1234920).
- cachefiles: Fix NULL pointer dereference in object->file
(CVE-2024-56549 bsc#1234912).
- commit 169a95b
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 747e664
- ALSA: 6fire: Release resources at card release (CVE-2024-53239
bsc#1235054).
- commit 6995b0a
- media: imx-jpeg: Ensure power suppliers be suspended before
detach them (CVE-2024-56575 bsc#1235039).
- media: uvcvideo: Require entities to have a non-zero unique ID
(CVE-2024-56571 bsc#1235037).
- commit 59cd438
- NFSD: Prevent a potential integer overflow (CVE-2024-53146
bsc#1234853).
- commit 79b751c
- net: usb: lan78xx: Fix double free issue with interrupt buffer
allocation (CVE-2024-53213 bsc#1234973).
- commit 15155a2
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141 bsc#1234381)
- commit 8160e7d
- Update
patches.suse/tcp-Fix-use-after-free-of-nreq-in-reqsk_timer_handler.patch
(CVE-2024-50154 bsc#1233070 CVE-2024-53206 bsc#1234960).
- commit cdf9cb8
- Update
patches.suse/media-s5p_cec-limit-msg.len-to-CEC_MAX_MSG_SIZE.patch
(git-fixes CVE-2022-49035 bsc#1215304).
- commit d91bb81
- firmware: arm_scpi: Check the DVFS OPP count returned by the
firmware (CVE-2024-53157 bsc#1234827).
- commit f110472
- EDAC/bluefield: Fix potential integer overflow (CVE-2024-53161
bsc#1234856).
- commit 14c13f2
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
(CVE-2024-53210 bsc#1234971).
- commit bcc5771
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
(CVE-2024-53158 bsc#1234811).
- commit 9318192
- crypto: qat/qat_4xxx - fix off by one in uof_get_name()
(CVE-2024-53162 bsc#1234843).
- commit 21fafcd
- ALSA: usb-audio: Fix out of bounds reads when finding clock
sources (CVE-2024-53150 bsc#1234834).
- commit 9ca989f
- svcrdma: Address an integer overflow (git-fixes).
- commit d7773b3
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- commit 49f5582
- jffs2: Fix rtime decompressor (git-fixes).
- commit 6531a08
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
(git-fixes).
- commit fcfe46d
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
- commit 830e757
- autofs: use flexible array in ioctl structure (git-fixes).
- commit 7918406
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
(git-fixes).
- commit 8cdded6
- nilfs2: fix potential out-of-bounds memory access in
nilfs_find_entry() (git-fixes).
- commit 899e98d
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- commit 5a66060
- jffs2: fix use of uninitialized variable (git-fixes).
- commit a9dd4d9
- ubifs: authentication: Fix use-after-free in
ubifs_tnc_end_commit (git-fixes).
- commit 83c8733
- ubifs: Correct the total block count by deducting journal
reservation (git-fixes).
- commit f37e257
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- commit d4858c9
- jfs: add a check to prevent array-index-out-of-bounds in
dbAdjTree (git-fixes).
- commit 44ea6d2
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- commit cf31b3c
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- commit db0dc92
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- commit ea62655
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- commit fe23c21
- hfsplus: don't query the device logical block size multiple
times (git-fixes).
- commit e73ecea
- nilfs2: prevent use of deleted inode (git-fixes).
- commit b6ac8cc
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- commit e4d2610
- ipc/sem: Fix dangling sem_array access in semtimedop race
(bsc#1234727).
- commit 4dce14b
- idpf: fix idpf_vc_core_init error path (CVE-2024-53064
bsc#1233558 bsc#1234464).
- commit 0a1be5c
- x86/xen: use new hypercall functions instead of hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 439afbb
- btrfs: qgroup: fix sleep from invalid context bug in
btrfs_qgroup_inherit() (CVE-2022-49033 bsc#1232045).
- commit 5b9ca25
- x86/xen: add central hypercall functions (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1784c5e
- x86/xen: don't do PV iret hypercall through hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 9f17f93
- x86/static-call: provide a way to do very early static-call
updates (XSA-466 CVE-2024-53241 bsc#1234282).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit 2e422a6
- objtool/x86: allow syscall instruction (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1f61d5b
- x86: make get_cpu_vendor() accessible from Xen code (XSA-466
CVE-2024-53241 bsc#1234282).
- commit 4d90703
- xen/netfront: fix crash when removing device (XSA-465
CVE-2024-53240 bsc#1234281).
- commit f11b367
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- commit 0ac2c22
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- commit b2083ef
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650
bsc#1233701 bsc#1232472).
- commit ed45f70
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701
bsc#1232472).
- blacklist.conf:
- commit a5863a4
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650
bsc#1233701 bsc#1232472).
- blacklist.conf:
- Refresh
patches.suse/nfsd-Fix-error-cleanup-path-in-nfsd_rename.patch.
- Refresh
patches.suse/rename-avoid-a-deadlock-in-the-case-of-parents-havin.patch.
- commit 6fcc887
- devlink: allow registering parameters after the instance
(bsc#1231388 bsc#1230422).
- devlink: don't require setting features before registration
(bsc#1231388 bsc#1230422).
- commit 9e0a4cd
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes, bsc#1230697, CVE-2024-8805).
- commit 32c6a1b
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- commit 6d2db63
- bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156
CVE-2024-53125).
- commit f08e931
- scsi: pm80xx: Set phy->enable_completion only when we wait
for it (CVE-2024-47666 bsc#1231453).
- commit 6eaab68
- kobject: Add sanity check for kset->kobj.ktype in
kset_register() (bsc#1234639).
- commit 191167d
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(git-fixes).
- commit b63fc00
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- commit 374eb43
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
(git-fixes).
- commit 876ac53
- SUNRPC: make sure cache entry active before cache_show
(git-fixes).
- commit 23bad23
- nfsd: make sure exp active before svc_export_show (git-fixes).
- commit 8fcab75
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
(git-fixes).
- commit 3703ee5
- NFSD: Prevent a potential integer overflow (git-fixes).
- commit 69abaa2
- sunrpc: simplify two-level sysctl registration for
svcrdma_parm_table (git-fixes).
- commit fcf1dc3
- net: Make copy_safe_from_sockptr() match documentation
(git-fixes CVE-2024-36915 bsc#1225758).
- commit 6fb42a1
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- commit 979dbfa
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode
(git-fixes).
- Refresh
patches.suse/autofs-use-wake_up-instead-of-wake_up_interruptible.patch.
- commit 9fa435f
- Delete patches.suse/NFSD-Convert-the-callback-workqueue-to-use-delayed_w.patch. (bsc#1233837)
- Delete patches.suse/NFSD-Reschedule-CB-operations-when-backchannel-rpc_c.patch. (bsc#1233837)
- commit 60721fe
- arm64: dts: allwinner: pinephone: Add mount matrix to
accelerometer (git-fixes).
- commit 9be38ad
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc
(git-fixes).
- commit 17eb8d6
- bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262 bsc#1233239)
- commit 9c19140
- platform/x86/amd/pmc: Detect when STB is not available (CVE-2024-53072 bsc#1233564)
- commit 1335d85
- Update references for patches.suse/net-mlx5e-CT-Fix-null-ptr-deref-in-add-rule-err-flow.patch (CVE-2024-53120 bsc#1234075 git-fixes)
- commit abf5898
- fs: Fix uninitialized value issue in from_kuid and from_kgid (CVE-2024-53101 bsc#1233769)
- commit e038166
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122 bsc#1234076)
- commit 31129d0
- virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119 bsc#1234073)
- commit 30399e1
- arm64: dts: rockchip: Remove #cooling-cells from fan on
Theobroma lion (git-fixes).
- commit 4b88506
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
(git-fixes).
- commit 836dd0e
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
(git-fixes).
- commit 4d37495
- arm64: dts: rockchip: Fix rt5651 compatible value on
rk3399-sapphire-excavator (git-fixes).
- commit d0928c0
- Fix bug introduced in backport of
patches.suse/udf_rename-only-access-the-child-content-on-cross-di.patch.
- commit ae1fb0a
- udf: Handle error when adding extent to a file (bsc#1234437).
- commit dbea247
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- commit 05606f9
- net: preserve kabi for napi_struct and net_device
(CVE-2024-50018 bsc#1232419).
- netfilter: nf_reject_ipv6: fix potential crash in
nf_send_reset6() (CVE-2024-50256 bsc#1233200).
- fsl/fman: Fix refcount handling of fman-related devices
(CVE-2024-50166 bsc#1233050).
- fsl/fman: Save device references taken in mac_probe()
(CVE-2024-50166 bsc#1233050).
- net: napi: Prevent overflow of napi_defer_hard_irqs
(CVE-2024-50018 bsc#1232419).
- net: fman: Unregister ethernet device on removal (CVE-2024-50166
bsc#1233050).
- commit e372e18
- afs: Fix lock recursion (bsc#1233637 CVE-2024-53090).
- commit 41b742a
- nilfs2: propagate directory read errors from nilfs_find_entry()
(bsc#1233324 CVE-2024-50202).
- commit bad80aa
- netfilter: nft_set_pipapo: do not free live element
(CVE-2024-26924 bsc#1223387).
- commit f3a511c
- rtnetlink: make sure to refresh master_dev/m_ops in
__rtnl_newlink() (CVE-2022-48742 bsc#1226694).
- commit 36fae5a
- Update References: field,
patches.suse/dm-cache-fix-flushing-uninitialized-delayed_work-on--1354.patch
(bsc#1233467, CVE-2024-50278, bsc#1233469, CVE-2024-50280).
- commit ccb7c34
- Delete
patches.suse/smb-client-Fix-use-after-free-of-network-namespace-.patch
(bsc#1233642 CVE-2024-53095).
[hcarvalho: revert because the fix is incomplete. The patch fixes UAF of
network namespace but causes in another UAF (of the socket) when the
cifs module is removed].
- commit 393d09d
- dmaengine: idxd: Check for driver name match before sva user
feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config
user tool (bsc#1234357).
- commit 9a15d19
- kABI: bpf: support non-r10 register spill/fill to/from stack
in precision tracking (bsc#1232823 CVE-2023-52920).
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm
(bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-support-non-r10-register-spill-fill-to-from-stac.patch
- Refresh patches.suse/bpf-handle-fake-register-spill-to-stack-with-BPF_ST_.patch
- commit 66c4fd1
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them
(git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path
(git-fixes).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove
(git-fixes).
- mmc: core: Further prevent card detect during shutdown
(git-fixes).
- commit a85e5af
- bpf: handle fake register spill to stack with BPF_ST_MEM
instruction (bsc#1232823 CVE-2023-52920).
- commit 145a13f
- bpf: support non-r10 register spill/fill to/from stack in
precision tracking (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- Refresh patches.kabi/bpf-bpf_idmap-idset-workaround.patch
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch
- bpf: Fix verifier id tracking of scalars on spill (bsc#1232823
CVE-2023-52920).
- commit 67aeddf
- selftests/bpf: check if BPF_ST with variable offset preserves
STACK_ZERO (bsc#1232823 CVE-2023-52920).
- bpf: BPF_ST with variable offset should preserve STACK_ZERO
marks (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- selftests/bpf: check if verifier tracks constants spilled by
BPF_ST_MEM (bsc#1232823 CVE-2023-52920).
- bpf: track immediate values written to stack by BPF_ST
instruction (bsc#1232823 CVE-2023-52920).
- Refresh patches.suse/bpf-Fix-accesses-to-uninit-stack-slots.patch
- commit 65c1ce3
- nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
(bsc#1234220 CVE-2024-53131).
- commit 026d687
- nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
(bsc#1234219 CVE-2024-53130).
- commit 76ddd8d
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- commit cb2148b
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- commit 379ead1
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243
bsc#1233038 CVE-2024-50143).
- commit 74fc0bf
- udf: refactor inode_bmap() to handle error (bsc#1234242
bsc#1233096 CVE-2024-50211).
- commit 4a34764
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
(CVE-2024-53113 bsc#1234077).
- commit 064f5f8
- mm/kfence: reset PG_slab and memcg_data before freeing
__kfence_pool (bsc#1234120).
- commit b3bbd4a
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072 CVE-2024-53114).
- commit 05659e3
- net/ipv6: release expired exception dst cached in socket
(bsc#1216813).
- commit eda9477
- Update
patches.suse/initramfs-avoid-filename-buffer-overrun.patch
(CVE-2024-53142 bsc#1232436).
- commit 14f79ec
- net: bridge: mcast: wait for previous gc cycles when removing
port (CVE-2024-44934 bsc#1229809).
- Bluetooth: af_bluetooth: Fix deadlock (CVE-2024-26886
bsc#1223044).
- commit fc48798
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- commit 8769bc2
- dm cache: fix potential out-of-bounds access on the first resume
(bsc#1233467, CVE-2024-50278).
- dm cache: optimize dirty bit checking with find_next_bit when
resizing (bsc#1233467, CVE-2024-50278).
- commit ea1471d
- Update the Rerferences: field,
patches.suse/dm-cache-fix-out-of-bounds-access-to-the-dirty-bitset-when-resizing.patch
(bsc#1233467, bsc#1233468, CVE-2024-50278, CVE-2024-50279).
- commit 685afd3
- dm cache: fix flushing uninitialized delayed_work on cache_ctr
error (bsc#1233467, CVE-2024-50278).
- dm cache: correct the number of origin blocks to match the
target length (bsc#1233467, CVE-2024-50278).
- commit 1c6d167
- sch/netem: fix use after free in netem_dequeue (CVE-2024-46800
bsc#1230827).
- commit 4fa3f93
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- commit a0b39c4
- vp_vdpa: fix id_table array not null terminated error
(CVE-2024-53110 bsc#1234085).
- commit d161a67
- idpf: fix UAFs when destroying the queues (CVE-2024-44932
bsc#1229808).
- idpf: fix memory leaks and crashes while performing a soft reset
(CVE-2024-44964 bsc#1230220).
- commit 4316b61
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit 1c41c2f
- can: j1939: j1939_session_new(): fix skb reference counting
(git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics
(git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors
statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state()
even if cf is NULL (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb
allocation fails (git-fixes).
- HID: wacom: fix when get product name maybe null pointer
(git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in
mtk_wdt_restart() (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call
(git-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed
values (git-fixes).
- commit 6f2f0c6
- arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning (git-fixes)
Refresh patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch.
- commit 8fb43aa
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- commit c8e82c2
- icmp: change the order of rate limits (CVE-2024-47678 bsc#1231854).
- icmp: Fix data-races around sysctl (CVE-2024-47678 bsc#1231854).
- commit 4fed248
- drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (CVE-2024-53051 bsc#1233547)
- commit bb15300
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5a7c927
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (CVE-2024-50181 bsc#1233127)
- commit 3d9958b
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- commit ce86139
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- commit 11b60ab
- wifi: iwlwifi: mvm: fix 6 GHz scan construction (CVE-2024-53055 bsc#1233550)
- commit 1b3f527
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- commit 834680b
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- commit 49b56be
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- commit e8b197c
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- commit 019ef42
- drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (CVE-2024-53056 bsc#1233568)
- commit b0b5344
- net: hns3: fix kernel crash when uninstalling driver (CVE-2024-50296 bsc#1233485)
- commit e1c4613
- smb: client: Fix use-after-free of network namespace
(bsc#1233642 CVE-2024-53095).
[hcarvalho: remove netfs_tracker_* related code because we don't have
such infrastructure. To understand the changes, look into the definition
of `sock_inuse_add(net, 1)` (commit d477eb9004845) and into commit
4199bae10c49e.]
- commit f162821
- powerpc/kexec: Fix return of uninitialized variable
(bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling
hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
(bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init()
(bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions
(bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and
CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal
(bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- commit 2d82b73
- net/mlx5: Unregister notifier on eswitch init failure
(git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter
(git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer used by representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version
buffer (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver
(git-fixes).
- commit c073e57
- net: ena: Fix potential sign extension issue (git-fixes).
- Refresh
patches.suse/net-ena-Fix-redundant-device-NUMA-node-override.patch.
- commit f3d6416
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- Refresh patches.suse/0001-idpf-extend-tx-watchdog-timeout.patch.
- commit 3fa63a5
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- Refresh patches.suse/vdpa-mlx5-Allow-CVQ-size-changes.patch.
- commit dbac474
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- Refresh
patches.suse/net-mlx5-Register-devlink-first-under-devlink-lock.patch.
- commit fa0f96d
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- Refresh
patches.suse/iavf-fix-a-deadlock-caused-by-rtnl-and-driver-s-lock.patch.
- commit 39965fe
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- Refresh
patches.suse/net-mlx5-Fix-missing-lock-on-sync-reset-reload.patch.
- commit 0f9e3d5
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface
is down (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow
(git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- ice: change q_index variable type to s16 to store -1 value
(git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock
(git-fixes).
- ice: fix accounting for filters shared by multiple VSIs
(git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling
elements (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type
(git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map
(git-fixes).
- net/mlx5: Update the list of the PCI supported devices
(git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows
(git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset
(git-fixes).
- net/mlx5e: Add a check for the return value from
mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5: Lag, don't use the hardcoded value of the first port
(git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's
(git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow
(git-fixes).
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is
disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver
(git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in
mlx5e_priv_cleanup() (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error
(git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO
headers (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP
(non-VXLAN) packets (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- idpf: don't enable NAPI and interrupts prior to allocating Rx
buffers (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for
reporting buffer exhaustion (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check
(git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state
(git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- Revert "ixgbe: Manual AN-37 for troublesome link partners for
X550 SFI" (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld()
function (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec
(git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config
(git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll
(git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash
LAG deactivation (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number
(git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset
(git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa()
(git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or
registers (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets
(git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not
supported (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling
xsk_pool (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able
(git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings
(git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled
(git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct
(git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled
(git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period
mode for ASO (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action
(git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
(git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid
values (git-fixes).
- ice: Shut down VSI with "link-down-on-close" enabled
(git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key
struct (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode
(git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups
(git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in
mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- iavf: Introduce new state machines for flow director
(git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work
(git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is
zero (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer for representors (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version
buffer (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages
(git-fixes).
- iavf: initialize waitqueues before starting watchdog_task
(git-fixes).
- tun: prevent negative ifindex (git-fixes).
- net/mlx5e: Don't offload internal port if filter device is
out device (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC
(git-fixes).
- net/mlx5: E-switch, register event handler before arming the
event (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp
(git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK
is set (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- ice: avoid executing commands on other ports when driving sync
(git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling
buffer (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa
(git-fixes).
- sfc: don't unregister flow_indr if it was never registered
(git-fixes).
- net/mlx5: Skip clock update work when device is in error state
(git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG
(git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet
size limit (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx
(git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple
offload is set (git-fixes).
- net/mlx5e: fix return value check in
mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx
(git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx
(git-fixes).
- net/mlx5e: fix double free in
macsec_fs_tx_create_crypto_table_groups (git-fixes).
- commit 8552b15
- tcp: Fix use-after-free of nreq in reqsk_timer_handler()
(CVE-2024-50154 bsc#1233070).
- commit 9c54dc2
- sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (CVE-2024-49944 bsc#1232166)
- commit 974388e
- netfilter: nf_tables: prevent nf_skb_duplicated corruption (CVE-2024-49952 bsc#1232157)
- commit dcad18b
- netdevsim: Add trailing zero to terminate the string
in nsim_nexthop_bucket_activity_write() (CVE-2024-50259
bsc#1233214).
- commit 3b589d0
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 624f722
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/KVM-arm64-vgic-v2-Check-for-non-NULL-vCPU-in-vgic_v2.patch
(git-fixes CVE-2024-36953 bsc#1225812).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update patches.suse/arm64-tlb-Fix-TLBI-RANGE-operand.patch
(bsc#1229585 CVE-2024-35980 bsc#1224574).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/erofs-fix-pcluster-use-after-free-on-UP-platforms.patch
(git-fixes CVE-2022-48674 bsc#1223942).
- Update
patches.suse/filelock-fix-potential-use-after-free-in-posix_lock_inode.patch
(git-fixes CVE-2024-41049 bsc#1228486).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-dvb-usb-v2-af9035-Fix-null-ptr-deref-in-af9035.patch
(stable-fixes CVE-2023-52915 bsc#1230270).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/net-drop-bad-gso-csum_start-and-offset-in-virtio_net.patch
(git-fixes CVE-2024-43897 bsc#1229752).
- Update patches.suse/net-missing-check-virtio.patch (git-fixes
CVE-2024-43817 bsc#1229312).
- Update
patches.suse/net-relax-socket-state-check-at-accept-time.patch
(git-fixes CVE-2024-36484 bsc#1226872).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/rcu-tasks-Fix-show_rcu_tasks_trace_gp_kthread-buffer-overflow.patch
(bsc#1226631 CVE-2024-38577).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/tpm-Lock-TPM-chip-in-tpm_pm_suspend-first.patch
(bsc#1082555 git-fixes CVE-2024-53085 bsc#1233577).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 5ad850f
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- Refresh
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch.
Revert Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch to the upstream
version of the patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit 965f18d
- cgroup/bpf: only cgroup v2 can be attached by bpf programs
(bsc#1234108).
- Revert "cgroup: Fix memory leak caused by missing
cgroup_bpf_offline" (bsc#1234108).
- commit bb8ec61
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- commit 67db122
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit b8c1415
- signal: restore the override_rlimit logic (CVE-2024-50271
bsc#1233460).
- ucounts: fix counter leak in inc_rlimit_get_ucounts()
(bsc#1233460).
- commit 180784c
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- commit 47836ea
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone
(bsc#1234098).
+KABI restoration patch
- commit e4b780d
- signal: Replace BUG_ON()s (bsc#1234093).
- commit 2e26a2c
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit c59cd01
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit 6c88f14
- nvme-fabrics: fix kernel crash while shutting down controller
(git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and
nvme_dev_disable() (git-fixes bsc#1232888 CVE-2024-50135).
- commit 9354fff
- mm/hugetlb: fix nodes huge page allocation when there are
surplus pages (bsc#1234012).
- commit 57caf06
- Update config files.
Enabled IDPF for ARM64 (bsc#1221309)
- commit 5ae56f6
- btrfs: fix a NULL pointer dereference when failed to start a
new trasacntion (CVE-2024-49868 bsc#1232272).
- commit d310176
- PCI: keystone: Set mode as Root Complex for "ti,keystone-pcie"
compatible (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS
milliseconds (git-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in
pci_epc_remove_epf() (git-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- commit ae00716
- mm/thp: fix deferred split unqueue naming and locking
(CVE-2024-53079 bsc#1233570).
- commit 12f4be0
- scsi: lpfc: Copyright updates for 14.4.0.6 patches
(bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask
(bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure
(bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in
dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset
(bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting
follow up FDMI (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE
before BSG flag (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod
paths (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale
NDLP ptrs (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on
EDC response (bsc#1233241).
- commit b4b5aa0
- net: esp: fix bad handling of pages from page_pool
(CVE-2024-26953 bsc#1223656).
Back-port by using `page_pool_return_skb_page()`.
Original patch uses `napi_pp_put_page()` which was only introduced later
and is a renamed and slightly extended version of
`page_pool_return_skb_page()`.
- commit 533a05f
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 086ff16
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit 008fbbf
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042
quirk table (git-fixes).
- commit afbd0bc
- Input: i8042 - add another board name for TUXEDO Stellaris
Gen5 AMD line (git-fixes).
- commit 5a2b5e0
- btrfs: reinitialize delayed ref list after deleting it from
the list (bsc#1233462 CVE-2024-50273).
- commit b55957a
- net: arc: fix the device for dma_map_single/dma_unmap_single
(CVE-2024-50295 bsc#1233484).
- net: enetc: allocate vf_state during PF probes (CVE-2024-50298
bsc#1233487).
- net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged
SKB data (CVE-2024-53058 bsc#1233552).
- commit 56d9e2a
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit 9dd8cd5
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk
table (git-fixes).
- commit d68dfa0
- Update
patches.suse/Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch
(CVE-2024-50124 bsc#1232926).
Revert to upstream version of patch.
The reverted version was a mix of 1bf4470a and 246b435a, since they were
accidentally identified as two different commits doing the same changes.
The changes are indeed mostly the same, but to different files.
- commit f3fab2d
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(git-fixes).
- commit 0792816
- Input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- commit 64769ef
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit f9d799e
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- commit 8c6ab5e
- Update
patches.suse/ACPI-CPPC-Make-rmw_lock-a-raw_spin_lock.patch
(git-fixes CVE-2024-50249 bsc#1233197).
- Update
patches.suse/ASoC-stm32-spdifrx-fix-dma-channel-release-in-stm32_.patch
(git-fixes CVE-2024-50292 bsc#1233481).
- Update
patches.suse/Bluetooth-hci-fix-null-ptr-deref-in-hci_read_support.patch
(git-fixes CVE-2024-50255 bsc#1233238).
- Update
patches.suse/HID-core-zero-initialize-the-report-buffer.patch
(git-fixes CVE-2024-50302 bsc#1233491).
- Update
patches.suse/USB-serial-io_edgeport-fix-use-after-free-in-debug-p.patch
(git-fixes CVE-2024-50267 bsc#1233456).
- Update
patches.suse/drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_.patch
(stable-fixes CVE-2024-50282 bsc#1233471).
- Update
patches.suse/drm-amdgpu-fix-possible-UAF-in-amdgpu_cs_pass1.patch
(git-fixes CVE-2023-52921 bsc#1233452).
- Update
patches.suse/drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-.patch
(git-fixes CVE-2024-53060 bsc#1233554).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479).
- Update
patches.suse/media-pci-cx23885-check-cx23885_vdev_init-return.patch
(stable-fixes CVE-2023-52918 bsc#1232047).
- Update
patches.suse/media-v4l2-tpg-prevent-the-risk-of-a-division-by-zer.patch
(git-fixes CVE-2024-50287 bsc#1233476).
- Update
patches.suse/nfs-Fix-KMSAN-warning-in-decode_getfattr_attrs.patch
(git-fixes CVE-2024-53066 bsc#1233560).
- Update
patches.suse/ocfs2-remove-entry-once-instead-of-null-ptr-dereference-in-ocfs2_xa_remove.patch
(git-fixes CVE-2024-50265 bsc#1233454).
- Update
patches.suse/security-keys-fix-slab-out-of-bounds-in-key_task_per.patch
(git-fixes CVE-2024-50301 bsc#1233490).
- Update
patches.suse/staging-iio-frequency-ad9832-fix-division-by-zero-in.patch
(git-fixes CVE-2024-50233 bsc#1233210).
- Update
patches.suse/usb-musb-sunxi-Fix-accessing-an-released-usb-phy.patch
(git-fixes CVE-2024-50269 bsc#1233458).
- Update
patches.suse/usb-typec-fix-potential-out-of-bounds-in-ucsi_ccg_up.patch
(git-fixes CVE-2024-50268 bsc#1233457).
- Update
patches.suse/wifi-iwlwifi-mvm-Fix-response-handling-in-iwl_mvm_se.patch
(git-fixes CVE-2024-53059 bsc#1233553).
- commit 22770b4
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 82c5a0a
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- rtc: ab-eoz9: don't fail temperature reads on undervoltage
notification (git-fixes).
- rtc: check if __rtc_read_time was successful in
rtc_timer_do_work() (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register
(git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- commit 1d73f32
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- commit 8c1d928
- arm64: Force position-independent veneers (git-fixes).
- commit 037de2c
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock
(git-fixes).
- commit 8a46fef
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry
(git-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- =?UTF-8?q?iio:=20accel:=20kxcjk-1013:=20Remove=20redundan?=
=?UTF-8?q?t=20I=C2=B2C=20ID?= (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
(git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match'
(git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe()
(git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left
(git-fixes).
- Revert "usb: gadget: composite: fix OS descriptors w_value
logic" (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines
(git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in
get_serial_info() (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in
TxFIFO resizing logic (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue
(git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible
(git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in
iowarrior_read() (git-fixes).
- commit 75ee7d4
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(bsc#1233548 CVE-2024-53052).
- commit db98042
- pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558
CVE-2024-46681).
- commit 79a3f5c
- Bluetooth: MGMT: Fix slab-use-after-free Read in
set_powered_sync (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid
WoL configuration (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing
PHY device (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging
function (git-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from
power_supply_put() (git-fixes).
- commit 01635d8
- Refresh
patches.suse/initramfs-avoid-filename-buffer-overrun.patch.
- commit 145c949
- posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 290f973
- media: av7110: fix a spectre vulnerability (CVE-2024-50289
bsc#1233478).
- commit 79acfeb
- net: relax socket state check at accept time (git-fixes).
- commit 75020f0
- Drop OCFS2 patch causing a regression (bsc#1233255)
Deleted:
patches.suse/ocfs2-fix-the-la-space-leak-when-unmounting-an-ocfs2-volume.patch
- commit 751a2bd
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
(CVE-2024-36905 bsc#1225742).
- commit f693405
- net: fix out-of-bounds access in ops_init (CVE-2024-36883
bsc#1225725).
- commit eb0ac08
- efi/memattr: Ignore table if the size is clearly bogus
(bsc#1231465).
- commit ee06f84
- idpf: avoid vport access in idpf_get_link_ksettings
(CVE-2024-50274 bsc#1233463).
- commit 8971b65
- i40e: fix race condition by adding filter's intermediate sync
state (CVE-2024-53088 bsc#1233580).
- i40e: fix i40e_count_filters() to count only active/new filters
(CVE-2024-53088 bsc#1233580).
- commit 2251801
- hwmon: (tps23861) Fix reporting of negative temperatures
(git-fixes).
- i3c: master: Fix miss free init_dyn_addr at
i3c_master_put_i3c_addrs() (git-fixes).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming
(git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus()
(git-fixes).
- commit eb819fb
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(bsc#1232187 CVE-2024-47757).
- commit d813a1d
- net: hns3: fix a deadlock problem when config TC during
resetting (CVE-2024-44995 bsc#1230231).
- commit 8f3de3e
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- commit 7022fa5
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 52a90e5
- netrom: fix possible dead-lock in nr_rt_ioctl() (CVE-2024-38589
bsc#1226748).
- commit bee9469
- mptcp: never allow the PM to close a listener subflow
(CVE-2021-47594 bsc#1226560).
- commit 639c494
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555
git-fixes).
- commit 478dbbb
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer
(git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current
state (git-fixes).
- commit 502ca69
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit aef5475
- firmware: arm_scmi: Fix slab-use-after-free in
scmi_bus_notifier() (CVE-2024-53068 bsc#1233561).
- commit e507b37
- tipc: fix UAF in error path (CVE-2024-36886 bsc#1225730).
- commit 295f12e
- ibmvnic: Ensure login failure recovery is safe from other resets
(bsc#1233150).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release
functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail
(bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response
(bsc#1233150).
- commit 10ef085
- tipc: fix a possible memleak in tipc_buf_append (CVE-2024-36954
bsc#1225764).
- commit c051ffd
- erspan: make sure erspan_base_hdr is present in skb->head
(CVE-2024-35888 bsc#1224518).
- commit a36710a
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- commit 6e3e371
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- commit 4fc8465
- RDMA/hns: Use macro instead of magic number (git-fixes)
- commit e4ebf0e
- RDMA/hns: Add mutex_destroy() (git-fixes)
- commit cb1de76
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- commit b00cfa9
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- commit 69e0eee
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- commit a102dfe
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- commit 1c672f5
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- commit 0d8596e
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- commit e895eca
- RDMA/hns: Remove unnecessary QP type checks (git-fixes)
- commit 5a2c4d9
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- commit 1c5f525
- RDMA/hns: Add clear_hem return value to log (git-fixes)
- commit ff0016c
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- commit e774e20
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- commit e2ba602
- drm/amd: Fix initialization mistake for NBIO 7.7.0
(stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook
645 G10 (stable-fixes).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue
(stable-fixes).
- commit 46d58c4
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited
(git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in
_dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model
(git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off
(git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/sti: avoid potential dereference of error pointers
(git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in
sti_hqvdp_atomic_check (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs
function (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry
pointer (git-fixes).
- drm/vc4: hvs: Don't write gamma luts on 2711 (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with
__maybe_unused (git-fixes).
- ASoC: codecs: Fix atomicity violation in
snd_soc_component_get_drvdata() (git-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
(git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in
supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- commit 4ce629c
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- commit 332e968
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- thermal: core: Initialize thermal zones before registering them
(git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode
performance gov (git-fixes).
- crypto: cavium - Fix an error handling path in
cpt_ucode_load_fw() (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function
(git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form
(git-fixes).
- crypto: inside-secure - Fix the return value of
safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout
(git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
(git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown()
(git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference
decrement (git-fixes).
- commit 5f244c5
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit 9c28790
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning
(git-fixes).
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger
than 4K" (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
(stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard
(stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/
Casa touchpad (stable-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to
VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
(stable-fixes).
- HID: multitouch: Add support for B2402FVA track point
(stable-fixes).
- commit 8da6f10
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (CVE-2024-50124
bsc#1232926).
- commit a1432ce
- posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195 bsc#1233103)
- commit 8efc3a7
- bpf: Use raw_spinlock_t in ringbuf (CVE-2024-50138 bsc#1232935)
- commit 6bb77e6
- net: systemport: fix potential memory leak in bcm_sysport_xmit() (CVE-2024-50171 bsc#1233057)
- commit b70ca2e
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (CVE-2024-50073 bsc#1232520)
- commit 3e72b22
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
(stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition
(stable-fixes).
- drm/amdgpu: add missing size check in
amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions
(stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not
supported (git-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3
(stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in
af9035_i2c_master_xfer (stable-fixes).
- commit 8316036
- add bugreference to a hv_netvsc patch (bsc#1232413).
- commit c98c418
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (CVE-2024-50205 bsc#1233293).
- commit d31c5c9
- scsi: target: core: Fix null-ptr-deref in target_alloc_device()
(CVE-2024-50153 bsc#1233061).
- commit 3b8c091
- net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128
bsc#1232905).
- commit e39a4e6
- xfrm: fix one more kernel-infoleak in algo dumping
(CVE-2024-50110 bsc#1232885).
- commit 0993db8
- scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
(CVE-2024-50098 bsc#1232881).
- commit f8c4b7b
- thermal: intel: int340x: processor: Fix warning during module
unload (CVE-2024-50093 bsc#1232877).
- commit ef3b2be
- net: phy: dp83869: fix memory corruption when enabling fiber
(CVE-2024-50188 bsc#1233107).
- commit a27c339
- net: explicitly clear the sk pointer, when pf->create fails
(CVE-2024-50186 bsc#1233110).
- commit 3fff4c4
- secretmem: disable memfd_secret() if arch cannot set direct map
(CVE-2024-50182 bsc#1233129).
- commit 729f64d
- Update
patches.suse/0001-PCI-keystone-Fix-if-statement-expression-in-ks_pcie_.patch
(git-fixes CVE-2024-47756 bsc#1232185).
- Update
patches.suse/0002-x86-mm-ident_map-Use-gbpages-only-where-full-GB-page.patch
(bsc#1220382 CVE-2024-50017 bsc#1232312).
- Update
patches.suse/0544-drm-amdgpu-fix-use-after-free-during-gpu-recovery.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48990 bsc#1232028).
- Update
patches.suse/0551-drm-amd-display-fix-array-index-out-of-bound-error-i.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-48979 bsc#1232293).
- Update patches.suse/ACPI-PAD-fix-crash-in-exit_round_robin.patch
(stable-fixes CVE-2024-49935 bsc#1232370).
- Update
patches.suse/ACPI-PRM-Find-EFI_MEMORY_RUNTIME-block-for-PRM-handl.patch
(git-fixes CVE-2024-50141 bsc#1233065).
- Update
patches.suse/ALSA-asihpi-Fix-potential-OOB-array-access.patch
(stable-fixes CVE-2024-50007 bsc#1232394).
- Update
patches.suse/ALSA-firewire-lib-Avoid-division-by-zero-in-apply_co.patch
(git-fixes CVE-2024-50205 bsc#1233293).
- Update
patches.suse/ALSA-hda-cs8409-Fix-possible-NULL-dereference.patch
(git-fixes CVE-2024-50160 bsc#1233074).
- Update
patches.suse/ASoC-qcom-Fix-NULL-Dereference-in-asoc_qcom_lpass_cp.patch
(git-fixes CVE-2024-50103 bsc#1232878).
- Update
patches.suse/Bluetooth-Call-iso_exit-on-module-unload.patch
(git-fixes CVE-2024-50078 bsc#1232503).
- Update
patches.suse/Bluetooth-Fix-crash-when-replugging-CSR-fake-control.patch
(git-fixes CVE-2022-48982 bsc#1231978).
- Update
patches.suse/Bluetooth-ISO-Fix-multiple-init-when-debugfs-is-disa.patch
(git-fixes CVE-2024-50077 bsc#1232504).
- Update
patches.suse/Bluetooth-RFCOMM-FIX-possible-deadlock-in-rfcomm_sk_.patch
(git-fixes CVE-2024-50044 bsc#1231904).
- Update
patches.suse/Bluetooth-bnep-fix-wild-memory-access-in-proto_unreg.patch
(git-fixes CVE-2024-50148 bsc#1233063).
- Update
patches.suse/HID-amd_sfh-Switch-to-device-managed-dmam_alloc_cohe.patch
(git-fixes CVE-2024-50189 bsc#1233105).
- Update
patches.suse/IB-core-Fix-ib_cache_setup_one-error-flow-cleanup.patch
(git-fixes CVE-2024-47693 bsc#1232013).
- Update
patches.suse/Input-adp5589-keys-fix-NULL-pointer-dereference.patch
(git-fixes CVE-2024-49871 bsc#1232287).
- Update
patches.suse/PCI-keystone-Add-workaround-for-Errata-i2037-AM65x-S.patch
(stable-fixes CVE-2024-47667 bsc#1231481).
- Update
patches.suse/RDMA-bnxt_re-Add-a-check-for-memory-allocation.patch
(git-fixes CVE-2024-50209 bsc#1233114).
- Update
patches.suse/RDMA-cxgb4-Added-NULL-check-for-lookup_atid.patch
(git-fixes CVE-2024-47749 bsc#1232180).
- Update
patches.suse/RDMA-hns-Fix-spin_unlock_irqrestore-called-with-IRQs.patch
(git-fixes CVE-2024-47735 bsc#1232111).
- Update
patches.suse/RDMA-iwcm-Fix-WARNING-at_kernel-workqueue.c-check_fl.patch
(git-fixes CVE-2024-47696 bsc#1231864).
- Update
patches.suse/RDMA-mad-Improve-handling-of-timed-out-WRs-of-mad-ag.patch
(git-fixes CVE-2024-50095 bsc#1232873).
- Update
patches.suse/RDMA-rtrs-clt-Reset-cid-to-con_num-1-to-stay-in-boun.patch
(git-fixes CVE-2024-47695 bsc#1231931).
- Update
patches.suse/RDMA-rtrs-srv-Avoid-null-pointer-deref-during-path-e.patch
(git-fixes CVE-2024-50062 bsc#1232232).
- Update patches.suse/USB-usbtmc-prevent-kernel-usb-infoleak.patch
(git-fixes CVE-2024-47671 bsc#1231541).
- Update
patches.suse/arm64-probes-Fix-uprobes-for-big-endian-kernels.patch
(git-fixes CVE-2024-50194 bsc#1233111).
- Update
patches.suse/arm64-probes-Remove-broken-LDR-literal-uprobe-support.patch
(git-fixes CVE-2024-50099 bsc#1232887).
- Update
patches.suse/bpf-Fix-helper-writes-to-read-only-maps.patch
(git-fixes CVE-2024-49861 bsc#1232254).
- Update
patches.suse/bpf-Zero-former-ARG_PTR_TO_-LONG-INT-args-in-case-of.patch
(git-fixes CVE-2024-47728 bsc#1232076).
- Update
patches.suse/bpf-correctly-handle-malformed-BPF_CORE_TYPE_ID_LOCA.patch
(git-fixes CVE-2024-49850 bsc#1232189).
- Update
patches.suse/cachefiles-fix-dentry-leak-in-cachefiles_open_file.patch
(bsc#1231181 CVE-2024-49870 bsc#1232279).
- Update
patches.suse/can-bcm-Clear-bo-bcm_proc_read-after-remove_proc_ent.patch
(git-fixes CVE-2024-47709 bsc#1232048).
- Update
patches.suse/ceph-remove-the-incorrect-Fw-reference-check-when-dir.patch
(bsc#1231180 CVE-2024-50179 bsc#1233123).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2830-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47697 bsc#1231858).
- Update
patches.suse/drivers-media-dvb-frontends-rtl2832-fix-an-out-of-bo.patch
(git-fixes CVE-2024-47698 bsc#1231859).
- Update
patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch
(git-fixes CVE-2024-50117 bsc#1232897).
- Update
patches.suse/drm-amd-amdgpu-Check-tbo-resource-pointer.patch
(stable-fixes CVE-2024-46807 bsc#1231138).
- Update
patches.suse/drm-amd-display-Add-array-index-check-for-hdcp-ddc-a.patch
(stable-fixes CVE-2024-46804 bsc#1231132).
- Update
patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch
(stable-fixes bsc#1232335 CVE-2024-49908 CVE-2024-49905
bsc#1232357).
- Update
patches.suse/drm-amd-display-Check-null-pointers-before-using-dc-.patch
(stable-fixes CVE-2024-49907 bsc#1232334).
- Update
patches.suse/drm-amd-display-Correct-the-defined-value-for-AMDGPU.patch
(stable-fixes CVE-2024-46871 bsc#1231434).
- Update
patches.suse/drm-amd-display-Fix-system-hang-while-resume-with-TB.patch
(stable-fixes CVE-2024-50003 bsc#1232385).
- Update
patches.suse/drm-amd-display-Skip-inactive-planes-within-ModeSupp.patch
(stable-fixes CVE-2024-46812 bsc#1231187).
- Update
patches.suse/drm-amd-display-added-NULL-check-at-start-of-dc_vali.patch
(stable-fixes CVE-2024-46802 bsc#1231111).
- Update
patches.suse/drm-amd-pm-Fix-negative-array-index-read.patch
(stable-fixes CVE-2024-46821 bsc#1231169).
- Update
patches.suse/drm-amdgpu-Fix-smatch-static-checker-warning.patch
(stable-fixes CVE-2024-46835 bsc#1231098).
- Update
patches.suse/drm-amdgpu-fix-the-waring-dereferencing-hive.patch
(stable-fixes CVE-2024-46805 bsc#1231135).
- Update
patches.suse/drm-amdgpu-the-warning-dereferencing-obj-for-nbio_v7.patch
(stable-fixes CVE-2024-46819 bsc#1231202).
- Update
patches.suse/drm-bridge-tc358767-Check-if-fully-initialized-befor.patch
(stable-fixes CVE-2024-46810 bsc#1231178).
- Update
patches.suse/drm-msm-Avoid-NULL-dereference-in-msm_disp_state_pri.patch
(git-fixes CVE-2024-50156 bsc#1233073).
- Update
patches.suse/drm-omapdrm-Add-missing-check-for-alloc_ordered_work.patch
(git-fixes CVE-2024-49879 bsc#1232349).
- Update patches.suse/drm-radeon-Fix-encoder-possible_clones.patch
(git-fixes CVE-2024-50201 bsc#1233104).
- Update
patches.suse/drm-v3d-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50031 bsc#1231947).
- Update
patches.suse/drm-vc4-Stop-the-active-perfmon-before-being-destroy.patch
(git-fixes CVE-2024-50187 bsc#1233108).
- Update
patches.suse/exfat-fix-memory-leak-in-exfat_load_bitmap.patch
(git-fixes CVE-2024-50013 bsc#1232080).
- Update
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update patches.suse/fbdev-sisfb-Fix-strbuf-array-overflow.patch
(stable-fixes CVE-2024-50180 bsc#1233125).
- Update patches.suse/firmware_loader-Block-path-traversal.patch
(git-fixes CVE-2024-47742 bsc#1232126).
- Update
patches.suse/fscache-Fix-oops-due-to-race-with-cookie_lru-and-use_cookie.patch
(jsc#SES-1880 CVE-2022-48989 bsc#1232027).
- Update
patches.suse/i2c-stm32f7-Do-not-prepare-unprepare-clock-during-ru.patch
(git-fixes CVE-2024-49985 bsc#1232094).
- Update
patches.suse/i3c-mipi-i3c-hci-Error-out-instead-on-BUG_ON-in-IBI-.patch
(stable-fixes CVE-2024-47665 bsc#1231452).
- Update
patches.suse/iio-light-veml6030-fix-IIO-device-retrieval-from-emb.patch
(git-fixes CVE-2024-50198 bsc#1233100).
- Update patches.suse/jfs-Fix-uaf-in-dbFreeBits.patch (git-fixes
CVE-2024-49903 bsc#1232362).
- Update
patches.suse/jfs-Fix-uninit-value-access-of-new_ea-in-ea_buffer.patch
(git-fixes CVE-2024-49900 bsc#1232359).
- Update
patches.suse/jfs-check-if-leafidx-greater-than-num-leaves-per-dmap-tree.patch
(git-fixes CVE-2024-49902 bsc#1232378).
- Update
patches.suse/jfs-fix-out-of-bounds-in-dbNextAG-and-diAlloc.patch
(git-fixes CVE-2024-47723 bsc#1232050).
- Update
patches.suse/mailbox-bcm2835-Fix-timeout-during-suspend-mode.patch
(git-fixes CVE-2024-49963 bsc#1232147).
- Update
patches.suse/media-venus-fix-use-after-free-bug-in-venus_remove-d.patch
(git-fixes CVE-2024-49981 bsc#1232098).
- Update
patches.suse/msft-hv-3054-x86-hyperv-fix-kexec-crash-due-to-VP-assist-page-cor.patch
(git-fixes CVE-2024-46864 bsc#1231108).
- Update
patches.suse/nbd-fix-race-between-timeout-and-normal-completion.patch
(bsc#1230918 CVE-2024-49855 bsc#1232195).
- Update
patches.suse/net-test-for-not-too-small-csum_start-in-virtio_net_.patch
(git-fixes CVE-2024-49947 bsc#1232162).
- Update
patches.suse/netdevsim-use-cond_resched-in-nsim_dev_trap_report_w.patch
(git-fixes CVE-2024-50155 bsc#1233035).
- Update
patches.suse/nfsd-call-cache_put-if-xdr_reserve_space-returns-NULL.patch
(git-fixes CVE-2024-47737 bsc#1232056).
- Update
patches.suse/nfsd-map-the-EBADMSG-to-nfserr_io-to-avoid-warning.patch
(git-fixes CVE-2024-49875 bsc#1232333).
- Update
patches.suse/nilfs2-fix-kernel-bug-due-to-missing-clearing-of-buffer-delay-flag.patch
(git-fixes CVE-2024-50116 bsc#1232892).
- Update
patches.suse/nilfs2-fix-potential-null-ptr-deref-in-nilfs_btree_insert.patch
(git-fixes CVE-2024-47699 bsc#1231916).
- Update
patches.suse/nilfs2-fix-potential-oob-read-in-nilfs_btree_check_delete.patch
(git-fixes CVE-2024-47757 bsc#1232187).
- Update
patches.suse/nilfs2-fix-state-management-in-error-path-of-log-writing-function.patch
(git-fixes CVE-2024-47669 bsc#1231474).
- Update
patches.suse/nouveau-dmem-Fix-vulnerability-in-migrate_to_ram-upo.patch
(git-fixes CVE-2024-50096 bsc#1232870).
- Update
patches.suse/ntb-intel-Fix-the-NULL-vs-IS_ERR-bug-for-debugfs_cre.patch
(git-fixes CVE-2023-52917 bsc#1231849).
- Update
patches.suse/nvmet-auth-assign-dh_key-to-NULL-after-kfree_sensiti.patch
(git-fixes CVE-2024-50215 bsc#1233189).
- Update
patches.suse/ocfs2-add-bounds-checking-to-ocfs2_xattr_find_entry.patch
(bsc#1228410 CVE-2024-41016 CVE-2024-47670 bsc#1231537).
- Update
patches.suse/ocfs2-cancel-dqi_sync_work-before-freeing-oinfo.patch
(git-fixes CVE-2024-49966 bsc#1232141).
- Update
patches.suse/ocfs2-fix-null-ptr-deref-when-journal-load-failed.patch
(git-fixes CVE-2024-49957 bsc#1232152).
- Update
patches.suse/ocfs2-fix-possible-null-ptr-deref-in-ocfs2_set_buffer_uptodate.patch
(git-fixes CVE-2024-49877 bsc#1232339).
- Update
patches.suse/ocfs2-pass-u64-to-ocfs2_truncate_inline-maybe-overflow.patch
(git-fixes CVE-2024-50218 bsc#1233191).
- Update
patches.suse/ocfs2-remove-unreasonable-unlock-in-ocfs2_read_blocks.patch
(git-fixes CVE-2024-49965 bsc#1232142).
- Update
patches.suse/parport-Proper-fix-for-array-out-of-bounds-access.patch
(git-fixes CVE-2024-50074 bsc#1232507).
- Update
patches.suse/platform-x86-panasonic-laptop-Fix-SINF-array-out-of-.patch
(git-fixes CVE-2024-46859 bsc#1231089).
- Update
patches.suse/scsi-elx-libefc-Fix-potential-use-after-free-in-efc_nport_vport_del.patch
(git-fixes CVE-2024-49852 bsc#1232819).
- Update
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch
(bsc#1230055 CVE-2024-50025 bsc#1231953).
- Update
patches.suse/scsi-lpfc-Ensure-DA_ID-handling-completion-before-de.patch
(bsc#1232757 CVE-2024-50183 bsc#1233130).
- Update
patches.suse/scsi-lpfc-Handle-mailbox-timeouts-in-lpfc_get_sfp_in.patch
(bsc#1228857 CVE-2024-46842 bsc#1231101).
- Update
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch
(bsc#1229429 CVE-2024-49891 bsc#1232218).
- Update
patches.suse/scsi-sd-Fix-off-by-one-error-in-sd_read_block_charac.patch
(bsc#1223848 CVE-2024-47682 bsc#1231856).
- Update
patches.suse/scsi-wd33c93-Don-t-use-stale-scsi_pointer-value.patch
(git-fixes CVE-2024-50026 bsc#1231952).
- Update
patches.suse/spi-nxp-fspi-fix-the-KASAN-report-out-of-bounds-bug.patch
(git-fixes CVE-2024-46853 bsc#1231083).
- Update
patches.suse/staging-iio-frequency-ad9834-Validate-frequency-para.patch
(git-fixes CVE-2024-47663 bsc#1231441).
- Update
patches.suse/tpm-Clean-up-TPM-space-after-command-failure.patch
(git-fixes CVE-2024-49851 bsc#1232134).
- Update
patches.suse/tracing-Consider-the-NULL-character-when-validating-the-event-length.patch
(git-fixes CVE-2024-50131 bsc#1232896).
- Update
patches.suse/uprobe-avoid-out-of-bounds-memory-access-of-fetching-args.patch
(git-fixes CVE-2024-50067 bsc#1232416).
- Update
patches.suse/usb-typec-altmode-should-keep-reference-to-parent.patch
(git-fixes CVE-2024-50150 bsc#1233051).
- Update
patches.suse/vhost-scsi-null-ptr-dereference-in-vhost_scsi_get_re.patch
(git-fixes CVE-2024-49863 bsc#1232255).
- Update
patches.suse/wifi-ath9k_htc-Use-__skb_set_length-for-resetting-ur.patch
(stable-fixes CVE-2024-49938 bsc#1232552).
- Update
patches.suse/wifi-mac80211-use-two-phase-skb-reclamation-in-ieee8.patch
(git-fixes CVE-2024-47713 bsc#1232016).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning.patch
(stable-fixes CVE-2024-50008 bsc#1232317).
- Update
patches.suse/wifi-rtw88-always-wait-for-both-firmware-loading-att.patch
(git-fixes CVE-2024-47718 bsc#1232015).
- Update
patches.suse/wifi-wilc1000-fix-potential-RCU-dereference-issue-in.patch
(git-fixes CVE-2024-47712 bsc#1232017).
- commit e33d75f
- virtio_pmem: Check device status before requesting flush
(CVE-2024-50184 bsc#1233135).
- commit 82ce64b
- Update tags in
patches.suse/ext4-fix-slab-use-after-free-in-ext4_split_extent_at.patch
(bsc#1232201 CVE-2024-49884 bsc#1232198).
- commit ad996bf
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
- commit 2430e1b
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch (bsc#1233350)
- add commit message for the kABI patch
- adapt same struct naming as similar kABI workaround in SLE15-SP6
(prefixed with "suse_" to make it more obvious its a downstream thing.
- commit b6821d4
- unicode: Don't special case ignorable code points
(CVE-2024-50089 bsc#1232860).
- commit ba47e72
- mm/memory: add non-anonymous page check in the
copy_present_page() (bsc#1231646).
- commit 9f5cb06
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on
GIC v4.1 (git-fixes).
- commit 1fa30cf
- irqchip/gic-v4: Correctly deal with set_affinity on
lazily-mapped VPEs (CVE-2024-50192 bsc#1233106).
- commit 6b39f7a
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE
(CVE-2024-50192 bsc#1233106).
- kABI: Don't allow a VMOVP on a dying VPE (kabi CVE-2024-50192
bsc#1233106).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack
(git-fixes).
- commit 1772267
- README.BRANCH: drop explicit maintainers
kbuild already recognizes all downstream branch maintainers an
merge their PRs so we do not need explicit maintainers for the cve
branch itself.
- commit cd6f8fb
- macsec: Fix use-after-free while sending the offloading packet
(CVE-2024-50261 bsc#1233253).
- commit 918342c
- io_uring: Fix a null-ptr-deref in io_tctx_exit_cb()
(CVE-2022-48983 bsc#1231959).
- commit cb16389
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 4c6b1da
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
(cherry picked from commit 03ac3f085c702ef308481c09b021887b5a01d52b)
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
- commit 7f40404
- drm/amd/display: Check null pointers before used (bsc#1232371 CVE-2024-49921)
- commit 956721a
- nilfs2: fix kernel bug due to missing clearing of checked flag
(bsc#1233206 CVE-2024-50230).
- commit e84e612
- nilfs2: fix potential deadlock with newly created symlinks
(bsc#1233205 CVE-2024-50229).
- commit 22257d1
- Update
patches.suse/iio-adc-ad7124-fix-division-by-zero-in-ad7124_set_ch.patch
(CVE-2024-50232 bsc#1233209 git-fixes).
- commit c0912d0
- Update patches.suse/drm-amd-Guard-against-bad-data-for-ATIF-ACPI-method.patch (git-fixes bsc#1232897 CVE-2024-50117).
- commit 4fc44d0
- Update
patches.suse/wifi-ath10k-Fix-memory-leak-in-management-tx.patch
(CVE-2024-50236 bsc#1233212 git-fixes).
- Update
patches.suse/wifi-iwlegacy-Clear-stale-interrupts-before-resuming.patch
(CVE-2024-50234 bsc#1233211 stable-fixes).
- Update
patches.suse/wifi-mac80211-do-not-pass-a-stopped-vif-to-the-drive.patch
(CVE-2024-50237 bsc#1233216 git-fixes).
- commit bb693c7
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890 CVE-2024-50134)
- commit f5103e7
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit a2d88b4
- net: sched: fix use-after-free in taprio_change()
(CVE-2024-50127 bsc#1232907).
- commit 88b0d06
- Fix regression on AMDGPU driver (bsc#1233134)
Drop a hunk in an AMDGPU fix patch that caused the missing VT console
and possibly other side-effects.
Refreshed:
patches.suse/drm-amd-display-Check-null-pointers-before-using-the.patch.
- commit c4d3cf0
- Update tags
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-42131 bsc#1228650).
- commit 42963b8
- USB: serial: io_edgeport: fix use after free in debug printk
(git-fixes).
- usb: typec: fix potential out of bounds in
ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in
stm32_spdifrx_remove (git-fixes).
- ALSA: firewire-lib: fix return value on fail in
amdtp_tscm_init() (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup()
(git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: adv7604: prevent underflow condition when reporting
colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: don't play tricks with underflow values
(git-fixes).
- media: dvbdev: prevent the risk of out of memory access
(git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero
(git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl()
(git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission
(git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy
(git-fixes).
- usb: typec: fix unreleased fwnode_handle in
typec_port_register_altmodes() (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event
(git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems
(git-fixes).
- usbip: tools: Fix detach_port() invalid port error path
(git-fixes).
- iio: adc: ad7124: fix division by zero in
ad7124_set_channel_odr() (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in
ad9832_calc_freqreg() (git-fixes).
- iio: light: veml6030: fix microlux value calculation
(git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc()
(git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs
(git-fixes).
- wifi: iwlwifi: mvm: Fix response handling in
iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode
(git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING
(git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys
(git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in
.get_txpower (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING
(git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device
(stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6
mb1 (stable-fixes).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe()
(git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform
(stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications
(stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix
initial lid detection issue (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[]
(stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593
(stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module
unload (git-fixes).
- platform/x86: dell-sysman: add support for alienware products
(stable-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string
(stable-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit
(stable-fixes).
- ASoC: codecs: lpass-rx-macro: add missing
CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- drm/vboxvideo: Replace fake VLA at end of
vbva_mouse_pointer_shape with real VLA (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is
destroyed in probe (git-fixes).
- HID: wacom: Defer calculation of resolution until
resolution_code is known (git-fixes).
- XHCI: Separate PORT and CAPs macros into dedicated file
(stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return
(stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed
(stable-fixes).
- commit 4f83ccb
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- commit f7bbf8d
- ocfs2: remove entry once instead of null-ptr-dereference in
ocfs2_xa_remove() (git-fixes).
- commit ebda297
- pinctrl: ocelot: fix system hang on level based interrupts
(CVE-2024-50196 bsc#1233113).
- commit 722d7d5
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return
value (CVE-2024-50009 bsc#1232318).
- commit e472c58
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a
- cpufreq: exit() callback is optional (CVE-2024-38615
bsc#1226592).
- commit de52ec2
- cpufreq: Rearrange locking in cpufreq_remove_dev()
(CVE-2024-38615 bsc#1226592).
- commit f83b7ff
- cpufreq: Split cpufreq_offline() (CVE-2024-38615 bsc#1226592).
- commit 71730ce
- cpufreq: Reorganize checks in cpufreq_offline() (CVE-2024-38615
bsc#1226592).
- commit c8f486b
- cpufreq: amd-pstate: fix memory leak on CPU EPP exit
(CVE-2024-40997 bsc#1227853).
- commit bd37b8f
- ext4: fix error message when rejecting the default hash
(bsc#1232264 CVE-2024-49968).
- commit 4678448
- sched/deadline: Fix task_struct reference leak (CVE-2024-41023
bsc#1228430).
- commit 65da526
- be2net: fix potential memory leak in be_xmit() (CVE-2024-50167
bsc#1233049).
- net/mlx5e: Don't call cleanup on profile rollback failure
(CVE-2024-50146 bsc#1233056).
- net/mlx5: Fix command bitmask initialization (CVE-2024-50147
bsc#1233067).
- commit 30967e3
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- commit ef49fc2
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (CVE-2024-50082 bsc#1232500)
- commit 0de9297
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (CVE-2024-50108 bsc#1232884)
- commit e6eb1e9
- drm/amd/display: fix double free issue during amdgpu module unload (CVE-2024-49989 bsc#1232483)
- commit 6aee3e2
- Refresh
patches.suse/scsi-fnic-Move-flush_work-initialization-out-of-if-b.patch.
- commit c3feb06
- ext4: explicitly exit when ext4_find_inline_entry returns an
error (bsc#1231920 CVE-2024-47701).
- commit dbc663c
- ext4: return error on ext4_find_inline_entry (bsc#1231920
CVE-2024-47701).
- commit 9f6ca1a
- ext4: ext4_search_dir should return a proper error (bsc#1231920
CVE-2024-47701).
- commit 92b7975
- fs/inode: Prevent dump_mapping() accessing invalid
dentry.d_name.name (bsc#1232387 CVE-2024-49934).
- commit 93af37f
- ext4: filesystems without casefold feature cannot be mounted
with siphash (bsc#1232264 CVE-2024-49968).
- commit 84a2529
- ext4: drop ppath from ext4_ext_replay_update_ex() to avoid
double-free (bsc#1232096 CVE-2024-49983).
- commit 8cb0c2e
- vfs: fix race between evice_inodes() and find_inode()&iput()
(bsc#1231930 CVE-2024-47679).
- commit 479d388
- ext4: avoid OOB when system.data xattr changes underneath the
filesystem (bsc#1231920 CVE-2024-47701).
- commit 9e7d0c7
- wifi: cfg80211: check A-MSDU format more carefully (stable-fixes
CVE-2024-35937 bsc#1224526).
- blacklist.conf: remove the entry that we're just adding
- commit 81bb44e
- x86/mm: Move is_vsyscall_vaddr() into asm/vsyscall.h (bsc#1223202 CVE-2024-26906).
- commit 35585b4
- x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (bsc#1223202 CVE-2024-26906).
- commit fd679d8
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
- Removed the duplicated check of
static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- commit d99887e
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch.
Ensure that the free_after_mult_rcu_gp field fits into struct hole on
all architecture by cloning struct bpf_map then use static_assert() to
check.
- commit 9056822
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit ed25954
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e
- driver core: bus: Fix double free in driver API bus_register()
(CVE-2024-50055 bsc#1232329).
- commit 90fa355
- blk-mq: setup queue ->tag_set before initializing hctx
(CVE-2024-50081 bsc#1232501).
- commit 47f15a1
- block: Avoid leaking hctx->nr_active counter on batched
completion (bsc#1231923).
- commit 06a9b00
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit c192a62
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit 6ba5342
- vhost_vdpa: assign irq bypass producer token correctly
(bsc#1232174 CVE-2024-47748).
- commit 51b6257
- octeontx2-af: avoid off-by-one read from userspace
(CVE-2024-36957 bsc#1225762).
- commit 82a42a7
- Update
patches.suse/scsi-lpfc-Restrict-support-for-32-byte-CDBs-to-specific-HBAs.patch
(git-fixes bsc#1232757 bsc#1228119).
- commit ba604a8
- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit 7dec126
- Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- commit 147923a
- uprobes: fix kernel info leak via "[uprobes]" vma (bsc#1232104
CVE-2024-49975).
- commit 98e2376
- module: abort module loading when sysfs setup suffer errors
(git-fixes).
- Refresh patches.suse/add-suse-supported-flag.patch.
- commit 38f1b15
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 05a71d8
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled
(bsc#1232757).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR
to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting
an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo
handler (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending
CMF_SYNC_WQE (bsc#1232757).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in
lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline
(bsc#1232757).
- commit acff620
- bpf,perf: Fix perf_event_detach_bpf_prog error handling
(git-fixes).
- commit 23dff14
- tracing: Consider the NULL character when validating the event
length (git-fixes).
- commit a6be5ae
- uprobe: avoid out-of-bounds memory access of fetching args
(git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer
(git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper
(git-fixes).
- commit c9bed4e
- fgraph: Change the name of cpuhp state to "fgraph:online"
(git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph()
(git-fixes).
- commit 25b5fcd
- fgraph: Use CPU hotplug mechanism to initialize idle shadow
stacks (git-fixes).
- commit 7b587c7
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- commit da4b9b4
- sched: sch_cake: fix bulk flow accounting logic for host
fairness (bsc#1231114 CVE-2024-46828).
- commit 2eff83f
- static_call: Replace pointless WARN_ON() in
static_call_module_notify() (bsc#1232155 CVE-2024-49954).
- commit b3b712c
- static_call: Handle module init failure correctly in
static_call_del_module() (bsc#1232083 CVE-2024-50002).
- commit 14d0312
- static_call: Don't make __static_call_return0 static
(git-fixes).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit e74c3f0
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit bb02e87
- nvmet-auth: assign dh_key to NULL after kfree_sensitive
(git-fixes).
- nvme-multipath: system fails to create generic nvme device
(git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- commit 50acd8c
- mm: split critical region in remap_file_pages() and invoke
LSMs in between (CVE-2024-47745 bsc#1232135 git-fix).
- commit 1436986
- PCI: Fix pci_enable_acs() support for the ACS quirks
(bsc#1229019).
- commit d675594
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- commit 9122478
- NFSv3: only use NFS timeout for MOUNT when protocols are
compatible (bsc#1231016).
- commit 9522cfb
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766 bsc#1230620).
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(git-fixes CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80
- Update
patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
(bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
(git-fixes CVE-2022-48994 bsc#1232119).
- Update
patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
(git-fixes CVE-2022-48951 bsc#1231929).
- Update
patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
(git-fixes CVE-2022-49005 bsc#1232150).
- Update
patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
(git-fixes CVE-2022-48992 bsc#1232071).
- Update
patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
(git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
(CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
(git-fixes CVE-2022-48978 bsc#1232038).
- Update
patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
(git-fixes CVE-2022-48995 bsc#1232120).
- Update
patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
(git-fixes CVE-2022-48967 bsc#1232304).
- Update
patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
(git-fixes CVE-2022-49012 bsc#1232005).
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
(bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
(git-fixes CVE-2022-49024 bsc#1232001).
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(git-fixes CVE-2022-48997 bsc#1232035).
- Update
patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
(git-fixes CVE-2022-48981 bsc#1232229).
- Update
patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
(git-fixes CVE-2022-49026 bsc#1231997).
- Update
patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
(git-fixes CVE-2022-48973 bsc#1232039).
- Update
patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
(git-fixes CVE-2022-48975 bsc#1231885).
- Update
patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
(git-fixes CVE-2022-49010 bsc#1232172).
- Update
patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
(git-fixes CVE-2022-49011 bsc#1232006).
- Update
patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
(git-fixes CVE-2022-49029 bsc#1231995).
- Update
patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
(jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
(git-fixes CVE-2022-49031 bsc#1231992).
- Update
patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
(git-fixes CVE-2022-49032 bsc#1231991).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
(git-fixes CVE-2022-49002 bsc#1232133).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
(git-fixes CVE-2022-49000 bsc#1232123).
- Update
patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
(git-fixes CVE-2022-49028 bsc#1231996).
- Update
patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
(git-fixes CVE-2022-48972 bsc#1232025).
- Update
patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
(git-fixes CVE-2022-48987 bsc#1232067).
- Update
patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
(git-fixes CVE-2022-49019 bsc#1231940).
- Update
patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
(git-fixes CVE-2022-48961 bsc#1232108).
- Update
patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
(git-fixes CVE-2022-49016 bsc#1231937).
- Update
patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
(jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
(git-fixes CVE-2022-49021 bsc#1231939).
- Update
patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
(git-fixes CVE-2022-48955 bsc#1231892).
- Update
patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
(git-fixes CVE-2022-49014 bsc#1231890).
- Update
patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
(git-fixes CVE-2022-49007 bsc#1232170).
- Update
patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
(git-fixes CVE-2022-49003 bsc#1232136).
- Update
patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
(jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
(git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
(bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
(git-fixes CVE-2022-49006 bsc#1232163).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
(git-fixes CVE-2022-48948 bsc#1231896).
- Update
patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
(git-fixes CVE-2022-49023 bsc#1231961).
- Update
patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
(git-fixes CVE-2022-49022 bsc#1231962).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
(CVE-2024-49974 bsc#1232383).
- commit e488dd4
- drm/amd/display: Check null pointers before using them (CVE-2024-49922 bsc#1232374)
- commit 0fa5eef
- Update references in patches.suse/drm-amd-display-Handle-null-stream_status-in-planes_.patch (CVE-2024-49912 bsc#1232367 stable-fixes)
- commit 82ff3c5
- drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (CVE-2024-49911 bsc#1232366)
- commit 647f0fb
- drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (CVE-2024-49923 bsc#1232361)
- commit cd7d6eb
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-DCN30-deg.patch (CVE-2024-49895 bsc#1232352 stable-fixes)
- commit 30b332b
- drm/amd/display: Initialize denominators' default to 1 (CVE-2024-49899 bsc#1232358)
- commit debe055
- drm/amd/display: Check phantom_stream before it is used (CVE-2024-49897 bsc#1232355)
- commit 6e6c48e
- Update references in patches.suse/drm-amd-display-Fix-index-out-of-bounds-in-degamma-h.patch (CVE-2024-49894 bsc#1232354 stable-fixes)
- commit 31682a2
- drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (CVE-2024-49909 bsc#1232337)
- commit 40ccde2
- Update references for patches.suse/drm-amd-display-Add-null-check-for-top_pipe_to_progr.patch (CVE-2024-49913 bsc#1232307 stable-fixes)
- commit 809100c
- drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (CVE-2024-49901 bsc#1232305)
- commit 28f4c23
- Update references in patches.suse/drm-amd-display-Check-null-pointer-before-dereferenc.patch (CVE-2024-50049 bsc#1232309 stable-fixes)
- commit dbbbdf6
- Rename to
patches.suse/scsi-pm8001-Do-not-overwrite-PCI-queue-mapping.patch.
An upstream git-fix replaces an existing SUSE-only patch. The
contents are essentially the same, but the meta-data and patch
filename have changed.
- commit 658b404
- Update patches.suse/drm-amd-display-Add-null-check-for-afb-in-amdgpu_dm_.patch (stable-fixes bsc#1232335 CVE-2024-49908).
- commit d6e1a21
- drm/amd/display: Check null pointer before try to access it (bsc#1232332 CVE-2024-49906)
- commit afdfd36
- drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369 CVE-2024-49914)
- commit 3d890ab
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- commit a6a7d8b
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- commit 122bc1e
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- commit e1d0f0a
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- commit 9ec5789
- scsi: wd33c93: Don't use stale scsi_pointer value (git-fixes).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs
(git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: elx: libefc: Fix potential use after free in
efc_nport_vport_del() (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup
(git-fixes).
- scsi: mac_scsi: Disallow bus errors during PDMA send
(git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages
(git-fixes).
- scsi: smartpqi: revert
propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit
(git-fixes).
- drbd: Add NULL check for net_conf to prevent dereference in
state validation (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count()
(git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES
(git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure
scanned in again after probe failed (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: core: Handle devices which return an unusually large
VPD page count (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use
(git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions
(git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data
(git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address
to port (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- commit 2156f82
- ext4: fix access to uninitialised lock in fc replay path (CVE-2024-50014 bsc#1232446)
- commit a229d89
- ext4: fix i_data_sem unlock order in ext4_ind_migrate() (CVE-2024-50006 bsc#1232442)
- commit 5cc362b
- iommu/vt-d: Fix potential lockup if qi_submit_sync called
with 0 count (bsc#1232316 CVE-2024-49993).
- commit add20c9
- jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (CVE-2024-49959 bsc#1232149)
- commit 6f60278
- ext4: update orig_path in ext4_find_extent() (CVE-2024-49881 bsc#1232201)
- commit 0088c10
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- commit 070f449
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit 1bb3615
- btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info()
in walk_down_proc() (CVE-2024-46841 bsc#1231094).
- commit bf46df8
- ext4: aovid use-after-free in ext4_ext_insert_extent() (CVE-2024-49883 bsc#1232199)
- commit 2b05f4c
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO
hog on RK3399 Puma (git-fixes).
- commit cf1f6ea
- blk_iocost: fix more out of bound shifts (CVE-2024-49933 bsc#1232368)
- commit c639728
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-49929 bsc#1232253)
- commit 58431d9
- Update references in patches.suse/efistub-tpm-Use-ACPI-reclaim-memory-for-event-log-to.patch (CVE-2024-49858 bsc#1232251 stable-fixes)
- commit 643a630
- tracing/timerlat: Fix a race during cpuhp processing (CVE-2024-49866 bsc#1232259)
- commit 5a5e6bb
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (CVE-2024-50048 bsc#1232310)
- commit 58eb9a7
- ACPI: PRM: Clean up guid type in struct prm_handler_info
(git-fixes).
- commit 3b24754
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and
context (git-fixes).
- ASoC: qcom: Fix NULL Dereference in
asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (git-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method
(git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions
(stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL
(stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on
HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2
(stable-fixes).
- commit 738bedb
- Revert PM changes that caused a regression on S4 resume (bsc#1231578)
The recent PM fixes seem causing a regression and broke the resume from
suspend-to-disk. Revert those temporarily as a workaround.
- commit 214736e
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR
(git-fixes bsc#1232632).
- commit c1f0a53
- KVM: s390: Change virtual to physical address access in diag
0x258 handler (git-fixes bsc#1232631).
- commit ff68f2a
- KVM: s390: gaccess: Check if guest address is in memslot
(git-fixes bsc#1232630).
- commit 31c3558
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
(git-fixes).
- commit d909d0d
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- commit cd82099
- serial: protect uart_port_dtr_rts() in uart_shutdown() too
(CVE-2024-50058 bsc#1232285).
- commit 34995da
- smb: client: fix UAF in async decryption (bsc#1232418
CVE-2024-50047).
- commit dcba7ec
- Update references in patches.suse/ACPICA-check-null-return-of-ACPI_ALLOCATE_ZEROED-in-.patch (CVE-2024-49962 bsc#1232314 stable-fixes)
- commit f0fdf4d
- Update references in patches.suse/drm-amd-display-Check-stream-before-comparing-them.patch (CVE-2024-49896 bsc#1232221 stable-fixes).
- commit 0424fac
- Update references in patches.suse/drm-amd-pm-ensure-the-fw_info-is-not-null-before-usi.patch (CVE-2024-49890 bsc#1232217 stable-fixes)
- commit 10dd27d
- Update references in patches.suse/drm-amd-display-Initialize-get_bytes_per_element-s-d.patch (CVE-2024-49892 bsc#1232220 stable-fixes)
- commit 53b7a11
- ACPI: battery: Fix possible crash when unregistering a battery hook (CVE-2024-49955 bsc#1232154)
- commit 9b71864
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- commit fe3f1c8
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- commit 3384bbc
- padata: use integer wrap around to prevent deadlock on seq_nr overflow (CVE-2024-47739 bsc#1232124)
- commit d49e07a
- drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (CVE-2024-47720 bsc#1232043)
- commit c17fe2d
- iommu/vt-d: Always reserve a domain ID for identity setup
(git-fixes).
- commit b9c8f77
- btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840 bsc#1231105)
- commit 82b0718
- drm/amd/display: Check null pointers before multiple uses (bsc#1232313 CVE-2024-49920)
- commit 5963a7b
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- commit 28c98ef
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944 CVE-2024-47704)
- commit a3d6750
- selftests/bpf: Add test for lsm tail call (CVE-2024-50063
bsc#1232435).
- bpf: Prevent tail call between progs attached to different hooks
(CVE-2024-50063 bsc#1232435).
- Refresh patches.kabi/bpf-bpf_map-kABI-workaround.patch
- selftests/bpf: Add a test for using a cpumap from an
freplace-to-XDP program (CVE-2024-50063 bsc#1232435).
- bpf: Resolve fext program type when checking map compatibility
(CVE-2024-50063 bsc#1232435).
- Refresh patches.suse/bpf-Fix-null-pointer-dereference-in-resolve_prog_typ.patch
- Refresh patches.suse/bpf-Fix-updating-attached-freplace-prog-in-prog_arra.patch
- commit 0f72f86
- net: mvneta: Fix an out of bounds check (CVE-2022-48966
bsc#1232191).
- commit 8b86532
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit 0f23f49
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4
- ppp: fix ppp_async_encode() illegal access (CVE-2024-50035
bsc#1232392).
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO
(CVE-2024-49949 bsc#1232160).
- net: dsa: sja1105: avoid out of bounds access in
sja1105_init_l2_policing() (CVE-2022-48980 bsc#1232233).
- net: mvneta: Prevent out of bounds read in mvneta_config_rss()
(CVE-2022-48966 bsc#1232191).
- net/9p: Fix a potential socket leak in p9_socket_open
(CVE-2022-49020 bsc#1232175).
- commit f80d8c6
- wifi: rtw89: avoid to add interface to list twice when SER
(CVE-2024-49939 bsc#1232381).
- commit 11b12a3
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- Makefile.compiler: replace cc-ifversion with compiler-specific
macros (bsc#1230414 bsc#1229450).
- commit 333c031
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- commit 18e56f7
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- commit 5011da4
- filelock: fix potential use-after-free in posix_lock_inode
(git-fixes).
- commit a756cfc
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write()
(git-fixes).
- commit 2d51bab
- debugfs: fix automount d_fsdata usage (git-fixes).
- commit f411859
- erofs: avoid infinite loop in z_erofs_do_read_page() when
reading beyond EOF (git-fixes).
- commit 974bef0
- erofs: fix potential overflow calculating xattr_isize
(git-fixes).
- commit 4298ffd
- erofs: stop parsing non-compact HEAD index if clusterofs is
invalid (git-fixes).
- commit 7d6a607
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- Refresh
patches.suse/mount-warn-only-once-about-timestamp-range-expiratio.patch.
- commit eb6d674
- exportfs: use pr_debug for unreachable debug statements
(git-fixes).
- commit 6f07ce6
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- commit bc3c731
- erofs: avoid consecutive detection for Highmem memory
(git-fixes).
- commit 1f8a3b1
- afs: Revert "afs: Hide silly-rename files from userspace"
(git-fixes).
- commit 514f9ab
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- commit d46e58b
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- commit d50701c
- Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- commit 9eb10ce
- Update patch reference for NTB fix (CVE-2024-50059 bsc#1232345)
- commit 7e7191a
- mm: call the security_mmap_file() LSM hook in remap_file_pages()
(CVE-2024-47745 bsc#1232135).
- commit 20b76bc
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
(CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit 3ab8533
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525
- mm/khugepaged: take the right locks for page table retraction
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4
- mm: gup: fix the fast GUP race against THP collapse
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e
- Bluetooth: L2CAP: Fix uaf in l2cap_connect (CVE-2024-49950
bsc#1232159).
- commit 640a739
- net: seeq: Fix use after free vulnerability in ether3 Driver
Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1
- ext4: fix double brelse() the buffer of the extents path
(bsc#1232200 CVE-2024-49882).
- ext4: no need to continue when the number of entries is 1
(bsc#1232140 CVE-2024-49967).
- commit 52da641
- ppp: do not assume bh is held in ppp_channel_bridge_input()
(CVE-2024-49946 bsc#1232164).
- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
(CVE-2024-50000 bsc#1232085).
- net/mlx5: Fix error path in multi-packet WQE transmit
(CVE-2024-50001 bsc#1232084).
- ethernet: aeroflex: fix potential skb leak in greth_init_rings()
(CVE-2022-48958 bsc#1231889).
- commit 25ee2f4
- jfs: Fix sanity check in dbMount (git-fixes).
- commit 35da5b4
- drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (CVE-2024-46811 bsc#1231179).
- commit 1bc47f7
- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2
- i3c: master: cdns: Fix use after free vulnerability in
cdns_i3c_master Driver Due to Race Condition (CVE-2024-50061
bsc#1232263).
- commit 6ed9c96
- r8169: add tally counter fields added with RTL8125 (CVE-2024-49973 bsc#1232105)
- commit 4e4fc3c
- crypto: hisilicon/qm - inject error before stopping queue (CVE-2024-47730 bsc#1232075)
- commit 9699bc1
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- commit 368c724
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- commit 0b80db6
- sock_map: Add a cond_resched() in sock_hash_free() (CVE-2024-47710 bsc#1232049)
- commit 5cc4002
- cifs: Fix buffer overflow when parsing NFS reparse points
(bsc#1232089, CVE-2024-49996).
- commit 629d06c
- tipc: re-fetch skb cb after tipc_msg_validate (CVE-2022-49017 bsc#1232004)
- commit b9d33e0
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (CVE-2024-47685 bsc#1231998)
- commit d7fe249
- net: Fix an unsafe loop on the list (CVE-2024-50024 bsc#1231954)
- commit f700b14
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (CVE-2024-47707 bsc#1231935)
- commit 64e3b6a
- netfilter: br_netfilter: fix panic with metadata_dst skb (CVE-2024-50045 bsc#1231903)
- commit 727e945
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- commit 3e74daa
- wifi: ath11k: fix array out-of-bound access in SoC stats
(CVE-2024-49930 bsc#1232260).
- commit e11de4c
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug
(CVE-2024-49886 bsc#1232196).
- commit b27a545
- Refresh
patches.suse/gpio-pca953x-fix-pca953x_irq_bus_sync_unlock-race.patch.
The gpio-pca953x driver wasn't yet converted to guard-style locking
in kernel v5.14, so use traditional locking directives.
- commit 3464b98
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- commit 105bb8d
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- commit d94196b
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- commit eda3a0b
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- commit 1391273
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- commit 4aef76b
- drm/amd/display: Add null check for head_pipe in
dcn32_acquire_idle_pipe_for_head_pipe_in_layer (CVE-2024-49918
bsc#1231967).
- commit a445095
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- commit b215a2f
- arm64: Add Cortex-715 CPU part definition (git-fixes)
Refresh patches.suse/arm64-Add-Cortex-A520-CPU-part-definition.patch.
Refresh patches.suse/arm64-cputype-Add-Cortex-X4-definitions.patch.
- commit 5d98446
- wifi: mac80211: don't use rate mask for offchannel TX either
(CVE-2024-47738 bsc#1232114).
- wifi: mac80211: don't use rate mask for scanning (CVE-2024-47738
bsc#1232114).
- commit 67fbe82
- drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs
in dcn30_init_hw (bsc#1231965 CVE-2024-49917).
- commit c6bb88b
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (CVE-2024-39476 bsc#1227437).
- commit ee734c0
- ocfs2: reserve space for inline xattr before attaching reflink
tree (bsc#1232151 CVE-2024-49958).
- commit 8a206c2
- kthread: unpark only parked kthread (git-fixes, bsc#1231990,
CVE-2024-50019).
- commit ad67452
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- commit 6a38280
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- commit d16b07d
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- commit 6ee6f75
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- commit 783b4c0
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- commit f222561
- x86/tdx: Fix "in-kernel MMIO" check (bsc#1232116 CVE-2024-47727).
- commit c381359
- fat: fix uninitialized variable (git-fixes).
- commit 457698b
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8
- drm/amd/display: Add null check for head_pipe in
dcn201_acquire_free_pipe_for_layer (CVE-2024-49919 bsc#1231968).
- commit afcb4c9
- dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add()
and dpaa2_switch_acl_entry_remove() (CVE-2022-48957
bsc#1231973).
- commit b3f573c
- slip: make slhc_remember() more robust against malicious packets
(CVE-2024-50033 bsc#1231914).
- i40e: Fix macvlan leak by synchronizing access to
mac_filter_hash (CVE-2024-50041 bsc#1231907).
- commit bf7bdd1
- net: dsa: sja1105: fix memory leak in
sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- commit 0e442b9
- thermal: core: Reference count the zone in
thermal_zone_get_by_id() (CVE-2024-50028 bsc#1231950).
- commit cae3a79
- kabi fix for NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 2c3b231
- NFSv4: Prevent NULL-pointer dereference in
nfs42_complete_copies() (bsc#1231902 CVE-2024-50046).
- commit 8c78cbf
- drm/amdgpu: prevent BO_HANDLES error from being overwritten
(git-fixes).
- commit 33d2548
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- Revert "usb: yurex: Replace snprintf() with the safer
scnprintf() variant" (stable-fixes).
- usb: xhci: Fix problem with xhci resume from suspend
(stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB
sound chip (stable-fixes).
- USB: misc: yurex: fix race between read and write
(stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer
(stable-fixes).
- USB: appledisplay: close race between probe and completion
handler (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020
(stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt
Registration in the Crashkernel Scenario (stable-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset
(stable-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time
(git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk
(stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset
fails (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ
(git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb
before resubmit (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries
(git-fixes).
- wifi: ath9k: fix possible integer overflow in
ath9k_get_et_stats() (stable-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats
(stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01
(git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error
(stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation
(stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination
(stable-fixes).
- platform/surface: aggregator_registry: Add support for Surface
Laptop Go 3 (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4
(stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read()
(git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf()
variant (stable-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug()
(stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe
(stable-fixes).
- commit f956c13
- parport: Proper fix for array out-of-bounds access (git-fixes).
- iio: hid-sensors: Fix an error handling path in
_hid_sensor_set_report_latency() (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in
Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig
(git-fixes).
- iio: proximity: mb1232: add missing select
IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: opt3001: add missing full-scale range value
(git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work()
(git-fixes).
- media: videobuf2-core: clear memory related fields in
__vb2_plane_dmabuf_put() (stable-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in
switchtec_ntb_remove due to race condition (stable-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for
debugfs_create_dir() (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip
(stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2
(stable-fixes).
- Input: ads7846 - ratelimit the spi_sync error message
(stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper
(stable-fixes).
- commit dcfb1af
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- Refresh
patches.kabi/restore-renamed-device-IDs-for-USB-HID-devices.patch.
- commit 3c7db56
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- Refresh patches.suse/i2c-xiic-Make-bus-names-unique.patch.
- commit a465fd8
- Bluetooth: btusb: Fix regression with fake CSR controllers
0a12:0001 (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister
(git-fixes).
- Bluetooth: Remove debugfs directory on module init failure
(git-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded
device (git-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory
systems (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring
(git-fixes).
- drm/msm/dpu: don't always program merge_3d block (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc()
(git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
(git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate
calculation (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized
(git-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume
key (stable-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime
suspend/resume (git-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor
(stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- drm/amd/display: Allow backlight to go below
`AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Validate backlight caps are sane
(stable-fixes).
- drm/amd/display: Check null pointer before dereferencing se
(stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store
invalid bus attribute (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid
corruption (stable-fixes).
- comedi: ni_routing: tools: Check when the file could not be
opened (stable-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters
(stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout
(git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue
(stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC
Determination (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer
(stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it
(stable-fixes).
- drm/amd/display: Add null check for 'afb' in
amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr
(stable-fixes).
- drm/radeon/r100: Handle unknown family in
r100_cp_init_microcode() (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx
(stable-fixes).
- drm/amd/display: Handle null 'stream_status' in
'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1
(stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in
commit_planes_for_stream (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware
format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma
hardware format translation (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit
(stable-fixes).
- drm/amd/display: Check stream before comparing them
(stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd
Portfolio (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp()
(git-fixes).
- i2c: xiic: improve error message when transfer fails to start
(stable-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path
(git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member
(stable-fixes).
- drm/radeon: Replace one-element array with flexible-array member
(stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- commit 9daeadb
- Bluetooth: ISO: Fix multiple init when debugfs is disabled
(git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to
irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to
irq1_level_low_skip_override[] (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X
(stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u
(stable-fixes).
- ALSA: core: add isascii() check to card ID generator
(stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200
(stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9
(stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET
(stable-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer
the error (git-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk
(stable-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros
(stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries
(stable-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard
types (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
(stable-fixes).
- ACPI: EC: Do not release locks during operation region accesses
(stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails
(stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails
(stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in
acpi_db_convert_to_package() (stable-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids
(stable-fixes).
- commit f59a49f
- block: fix potential invalid pointer dereference in
blk_add_partition (bsc#1231872 CVE-2024-47705).
- block: print symbolic error name instead of error code
(bsc#1231872).
- commit 629456f
- nfsd: return -EINVAL when namelen is 0 (CVE-2024-47692
bsc#1231857).
- commit 3ec0b50
- nilfs2: fix kernel bug due to missing clearing of buffer delay
flag (git-fixes).
- commit fa778cc
- Refresh
patches.suse/KVM-Reject-overly-excessive-IDs-in-KVM_CREATE_VCPU.patch
(fix build warning).
- commit 4509600
- ethtool: fail closed if we can't get max channel used in
indirection tables (CVE-2024-46834 bsc#1231096).
- commit 92f1041
- vmxnet3: update to version 9 (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads
(bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3
(bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- commit 11f0889
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes CVE-2024-44931
bsc#1229837).
- commit fd874e3
- gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
(stable-fixes CVE-2024-42253 bsc#1229005).
- commit 1b7d3e6
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- commit e96d6b6
- NFSD: Mark filecache "down" if init fails (git-fixes).
- commit 2bc13b1
- nfs: fix memory leak in error path of nfs4_do_reclaim
(git-fixes).
- commit 78b8702
- nfsd: fix delegation_blocked() to block correctly for at least
30 seconds (git-fixes).
- commit a755d72
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- commit c0a4772
- nfsd: call cache_put if xdr_reserve_space returns NULL
(git-fixes).
- commit bea413a
- nfsd: fix refcount leak when file is unhashed after being found
(git-fixes).
- commit a3bda73
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire
(git-fixes).
- commit 1bee667
- NFS: Avoid unnecessary rescanning of the per-server delegation
list (git-fixes).
- commit 5a9ecaa
- NFSv4: Fix clearing of layout segments in layoutreturn
(git-fixes).
- commit 21968b2
- ocfs2: fix the la space leak when unmounting an ocfs2 volume
(git-fixes).
- commit 2bcef50
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- commit 894e3e9
- jfs: check if leafidx greater than num leaves per dmap tree
(git-fixes).
- commit 2a190ef
- jfs: Fix uaf in dbFreeBits (git-fixes).
- commit 77fee8f
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- commit bdbc194
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- commit 06d0a1f
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- commit a59c1e5
- RDMA/hns: Refactor the abnormal interrupt handler function (git-fixes)
Refresh patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- commit 16f4f98
- RDMA/hns: Fix the wrong type of return value of the interrupt handler (git-fixes)
Refresh:
- patches.suse/RDMA-hns-Fix-VF-triggering-PF-reset-in-abnormal-inte.patch
- patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
- commit 10cd6d3
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- commit 05afe22
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit 9910e8f
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- commit bc97910
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- commit d91cca2
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- commit 530c748
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- commit 04af073
- RDMA/srpt: Make slab cache names unique (git-fixes)
- commit d1c01aa
- RDMA/irdma: Fix misspelling of "accept*" (git-fixes)
- commit 5a68e97
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- commit e2cb15f
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- commit a888491
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- commit 21e34e7
- udf: Avoid excessive partition lengths (bsc#1230773
CVE-2024-46777).
- commit 43cca3d
- fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439
CVE-2024-47660).
- commit 66d4cf0
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- commit 2e9108a
- net: test for not too small csum_start in
virtio_net_hdr_to_skb() (git-fixes).
- commit 78a3945
- KVM: fix memoryleak in kvm_init() (git-fixes).
- commit 066c2d8
- kabi: fix after KVM: arm64: mixed-width check should be skipped
for uninitialized vCPUs (git-fixes).
- commit bbf2daf
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff()
(git-fixes).
- commit baf8de4
- kab: fix after net: add more sanity check in
virtio_net_hdr_to_skb() (git-fixes).
- commit e85c3fa
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- commit 880c9eb
- nbd: fix race between timeout and normal completion
(bsc#1230918).
- commit 3f6c035
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
(git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in
ish_fw_xfer_direct_dma (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller
is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- commit 27bf420
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C
(git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C
(git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source
(git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete
(git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy
error (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed
(git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed
(git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in
rfcomm_sk_state_change (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm
enabled (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin
(git-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace
if SND=m (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs
(git-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257
(git-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages
(git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched
(git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS
(git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq()
(git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos
(stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
(stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
(stable-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
(git-fixes).
- commit 05e9a52
- perf/x86/intel: Limit the period on Haswell (bsc#1231072,
CVE-2024-46848).
- commit f8c2996
- sched/smt: Fix unbalance sched_smt_present dec/inc
(CVE-2024-44958 bsc#1230179).
- commit 2c63e21
- wifi: iwlwifi: mvm: pause TCM when the firmware is stopped
(CVE-2024-47673 bsc#1231539).
- commit 775f803
- wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
(CVE-2024-47672 bsc#1231540).
- commit 01e4e8b
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- commit 56416b7
- spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (CVE-2024-47664 bsc#1231442)
- commit c0024fd
- drm/amd/display: Avoid overflow from uint32_t to uint8_t (CVE-2024-47661 bsc#1231496)
- commit 8f65382
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3
- dn_route: set rt neigh to blackhole_netdev instead of
loopback_dev in ifdown (bsc#1216813).
- commit 44138e3
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
in ifdown (bsc#1216813).
- commit 89c7a24
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit faf59f1
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 13cc498
- selftests/bpf: Add a test case to write mtu result into .rodata
(git-fixes).
- commit c1c2650
- selftests/bpf: Add a test case to write strtol result into
.rodata (git-fixes).
- commit 1de69ac
- selftests/bpf: Rename ARG_PTR_TO_LONG test description
(git-fixes).
- commit 6cf4336
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test
(git-fixes).
- commit fd06ef1
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
(git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types
(git-fixes).
- commit 6b5690f
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul
helpers (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit
(git-fixes).
- bpf: Allow helpers to accept pointers with a fixed size
(git-fixes).
- Refresh patches.suse/bpf-Tidy-up-verifier-check_func_arg.patch
- commit b017693
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL
relocation (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
(git-fixes).
- commit 262d8c3
- KVM: x86: Use a stable condition around all VT-d PI paths
(git-fixes).
- Refresh
patches.suse/KVM-VMX-Don-t-unblock-vCPU-w-Posted-IRQ-if-IRQs-are-.patch.
- commit d33f58c
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- commit fe7fa3e
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k
(git-fixes).
- Refresh
patches.suse/KVM-x86-mmu-Remove-spurious-TLB-flushes-in-TDP-MMU-z.patch.
- commit 6e463a6
- bpf, net: Fix a potential race in do_sock_getsockopt()
(git-fixes).
- net: socket: suppress unused warning (git-fixes).
- commit 62fee56
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- commit 9bc72d6
- fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
(CVE-2024-45025 bsc#1230456).
- commit 19343d1
- Update kabi files.
Based on October maintenance update:
kernel-64kb-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.aarch64.rpm
kernel-default-devel-5.14.21-150500.55.83.1.ppc64le.rpm
kernel-default-devel-5.14.21-150500.55.83.1.s390x.rpm
kernel-default-devel-5.14.21-150500.55.83.1.x86_64.rpm
so that we can track newly added symbols.
- commit 8427d2e
- KVM: SVM: Disallow guest from changing userspace's
MSR_AMD64_DE_CFG value (git-fixes).
- commit 0b0882c
- KVM: SVM: Don't advertise Bus Lock Detect to guest if SVM
support is missing (git-fixes).
- commit 26a295a
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE
and MSR_GS_BASE (git-fixes).
- commit 4b12471
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while
single-step is enabled (git-fixes).
- commit 29756fe
- RDMA/mana_ib: use the correct page size for mapping user-mode
doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware
page size (git-fixes).
- commit 4a96266
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- commit ab13605
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step
is enabled (git-fixes).
- commit 9b95067
- add bug reference for a mana change (bsc#1229769).
- commit 279dcec
- KVM: arm64: mixed-width check should be skipped for
uninitialized vCPUs (git-fixes).
- commit 39f0f9f
- bpf, verifier: Correct tail_call_reachable for bpf prog
(git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- commit 41df3fb
- usb: xhci: prevent potential failure in handle_tx_event()
for Transfer events without TRB (CVE-2024-42226 bsc#1228709).
- commit e76988e
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- commit 96c07ae
- bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801
CVE-2024-46754).
- commit 8b4a412
- kvm/arm64: rework guest entry logic (git-fixes).
- Refresh
patches.suse/KVM-arm64-Treat-PMCR_EL1.LC-as-RES1-on-asymmetric-systems.patch.
- commit dfd24e5
- KVM: Pre-allocate cpumasks for
kvm_make_all_cpus_request_except() (git-fixes).
- Refresh
patches.suse/Revert-KVM-set-owner-of-cpu-and-vm-file-operations.patch.
- commit 83b6823
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- commit 709720b
- KVM: Write the per-page "segment" when clearing (part of)
a guest page (git-fixes).
- commit 9811c1e
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace
exit (git-fixes).
- commit 5a089f5
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags
hits ZONE_DEVICE (git-fixes).
- commit a55326d
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe
hyp init (git-fixes).
- commit 2e75c88
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- commit b54be89
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
(git-fixes).
- commit 7476735
- KVM: arm64: Fix AArch32 register narrowing on userspace write
(git-fixes).
- commit 517e742
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in
vgic_v2_parse_attr() (git-fixes).
- commit 9f76023
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
(git-fixes).
- commit 8fff566
- KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table() (git-fixes).
- commit b695d86
- KVM: arm64: Add missing memory barriers when switching to
pKVM's hyp pgd (git-fixes).
- commit 606dda9
- KVM: arm64: vgic-v4: Restore pending state on host userspace
write (git-fixes).
- commit c4e4df2
- Revert "KVM: Prevent module exit until all VMs are freed"
(git-fixes).
- commit 5f68725
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI
(git-fixes).
- commit 1f3e21a
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
(git-fixes).
- commit 89273cb
- KVM: Grab a reference to KVM for VM and vCPU stats file
descriptors (git-fixes).
- commit d99dedf
- kvm: Add support for arch compat vm ioctls (git-fixes).
- commit c1d9461
- KVM: Unconditionally get a ref to /dev/kvm module when creating
a VM (git-fixes).
- commit 7df3401
- KVM: Fix lockdep false negative during host resume (git-fixes).
- commit 72fbff6
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- commit a76a2b9
- net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244 bsc#1226797)
- commit 39420f6
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- commit ddff31f
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
(git-fixes).
- commit 46f17cb
- bpf: Add --skip_encoding_btf_inconsistent_proto,
- -btf_gen_optimized to pahole flags for v1.25 (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414
bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- Refresh patches.suse/make-module-BTF-toggleable.patch
- Update config files.
- commit 536f189
- virtio_console: fix misc probe bugs (git-fixes).
- commit 2cea93c
- vhost_vdpa: assign irq bypass producer token correctly
(git-fixes).
- commit e82b017
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- commit aa85f12
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit e949a45
- virtio_net: fixing XDP for fully checksummed packets handling
(git-fixes).
- commit f3d52ed
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- commit 50a25ba
- kbuild,bpf: Add module-specific pahole flags for distilled
base BTF (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414
bsc#1229450).
- kbuild, bpf: Use test-ge check for v1.25-only pahole
(bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26
and later (bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- kbuild: avoid too many execution of scripts/pahole-flags.sh
(bsc#1230414 bsc#1229450).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- commit 05f7b0b
- Use pahole -j1 option for reproducible builds (bsc#1230414
bsc#1229450).
- commit 486aef8
- net: add more sanity check in virtio_net_hdr_to_skb()
(git-fixes).
- commit c9cb665
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- commit 61990ab
- Update
patches.suse/usb-typec-ucsi-Fix-null-pointer-dereference-in-trace.patch
(CVE-2024-46719 bsc#1230722).
Added CVE
- commit 04ed2dd
- efi: fix NULL-deref in init error path (bsc#1229556
CVE-2022-48879).
- commit 41e1770
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit fd93435
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86
- ice: Unbind the workqueue (bsc#1231344).
- commit fa8a96c
- drm/amd/display: Validate function returns (bsc#1230774 CVE-2024-46775)
- commit a72450c
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356
- Delete some more obsolete scripts
- commit 0d4cf12
- char: tpm: Fix possible memory leak in
tpm_bios_measurements_open() (git-fixes).
- commit e53c1af
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- commit a3438e4
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- commit 670f96b
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
(bsc#1226631).
- commit 2c24b8c
- scsi: fnic: Move flush_work initialization out of if block
(bsc#1230055).
- commit 3f71444
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- commit 2a22cf9
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- commit ab862e0
- net: mana: Improve mana_set_channels() in low mem conditions
(bsc#1230289).
- net: mana: Implement get_ringparam/set_ringparam for mana
(bsc#1229891).
- net: dpaa: Pad packets to ETH_ZLEN (CVE-2024-46854 bsc#1231084).
- ice: Add netif_device_attach/detach into PF reset flow
(CVE-2024-46770 bsc#1230763).
- bonding: change ipsec_lock from spin lock to mutex
(CVE-2024-46678 bsc#1230550).
- bonding: extract the use of real_device into local variable
(CVE-2024-46678 bsc#1230550).
- bonding: implement xdo_dev_state_free and call it after deletion
(CVE-2024-46678 bsc#1230550).
- commit 057bf3f
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- KVM: s390: Fix SORTL and DFLTCC instruction format error in
__insn32_query (git-fixes bsc#1231277).
- commit cce5574
- s390/mm: Add cond_resched() to cmm_alloc/free_pages()
(bsc#1228747).
- commit 41a09b7
- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d
- ELF: fix kernel.randomize_va_space double read (CVE-2024-46826 bsc#1231115)
- commit d14eaf0
- powerpc: Allow clearing and restoring registers independent
of saved breakpoint state (bsc#1194869).
- commit fab6193
- powerpc/tlb: Add local flush for page given mm_struct and psize
(bsc#1194869).
- commit 819e69d
- net/mlx5: Fix bridge mode operations when there are no VFs (CVE-2024-46857 bsc#1231087)
- commit b275110
- netfilter: nft_socket: fix sk refcount leaks (CVE-2024-46855 bsc#1231085)
- commit b9b2afb
- powerpc/imc-pmu: Use the correct spinlock initializer
(bsc#1054914 fate#322448 git-fixes).
- commit 1a80d47
- powerpc/code-patching: introduce patch_instructions()
(bsc#1194869).
- commit ce19d55
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX
(bsc#1194869).
- commit 347af82
- powerpc/code-patching: Fix oops with DEBUG_VM enabled
(bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching
context (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU
(bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init
(bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping
(bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init()
is done (bsc#1194869).
- powerpc/code-patching: Don't call is_vmalloc_or_module_addr()
without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction()
to ease error handling (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling
(bsc#1194869).
- powerpc/code-patching: Fix error handling in
do_patch_instruction() (bsc#1194869).
- commit 630a906
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages
and fix check() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions
(bsc#1194869).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- commit d1c574c
- powerpc/code-patching: Add generic memory patching
(bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction()
in case of failure (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly
(bsc#1194869).
- commit 358e581
- krb5
-
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0012-Prevent-overflow-when-calculating-ulog-block-size.patch
- libapparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- avahi
-
- prerequire avahi in avahi-autipd as we user "user avahi"
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
- cryptsetup
-
- luksFormat succeeds despite creating corrupt device [bsc#1234273]
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
* Add patches:
- cryptsetup-Add-a-better-warning-if-luksFormat-no-space-for-data.patch
- cryptsetup-Print-warning-early-if-LUKS-container-is-too-small-for-activation.patch
- lvm2
-
- LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938)
* set lvm.conf devices.multipath_wwids_file=""
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- freetype2
-
- enable brotli support (jsc#PED-12258)
- Added patch:
* CVE-2025-27363.patch
+ fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
attempting to parse font subglyph structures related to
TrueType GX and variable font files
- gnutls
-
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-CVE-2024-12243.patch
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- procps
-
- Add patch CVE-2023-4016-part2.patch
* Fix the ps command segfaults when pid argument has a leading space (bsc#1236842)
- python3
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- systemd
-
- Import commit cba472567893618e15b4ab95a3cb0a762ad3ed10
0e8c003e1f core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
621e16c0b8 core/unit: add get_timeout_start_usec in UnitVTable and define it for service
b4140d888a sd-bus: make bus_add_match_full accept timeout
81cb3a4fb5 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
533e98fc6b sd-device: add helper to read a unsigned int attribute
- libtasn1
-
- Security fix: [bsc#1236878, CVE-2024-12133]
* Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
* Add libtasn1-CVE-2024-12133.patch
- libxml2
-
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- security update
- added patches
fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
+ libxml2-CVE-2024-56171.patch
fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
+ libxml2-CVE-2025-24928.patch
fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
+ libxml2-CVE-2025-27113.patch
- security update
- added patches
fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
+ libxml2-CVE-2022-49043.patch
- libzypp
-
- Disable zypp.conf:download.use_deltarpm by default (fixes #620)
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- version 17.36.3 (35)
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- version 17.36.2 (35)
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
Released libyui packages compile with -Werror=deprecated-declarations
so we can't add deprecated warnings without breaking them.
- make gcc15 happy (fixes #613)
- version 17.36.1 (35)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'.
- Fix Repoverification plugin not being executed (fixes #614)
- Refresh: Fetch the master index file before key and signature
(bsc#1236820)
- Allow libzypp to compile with C++20.
- Deprecate RepoReports we do not trigger.
- version 17.36.0 (35)
- Create '.keep_packages' in the package cache dir to enforce
keeping downloaded packages of all repos cahed there (bsc#1232458)
- version 17.35.19 (35)
- Fix missing UID checks in repomanager workflow (fixes #603)
- version 17.35.18 (35)
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
- Fix 'zypper ps' when running in incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- version 17.35.17 (35)
- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)
- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- Fix typo (fixes #592)
- cmake: check location of fcgi header and adjust include
accordingly. On Debian and derivatives the fcgi headers
are not stored in a fastcgi/ subdirectory.(#590)
- version 17.35.15 (35)
- openssh
-
- Backported patch to fix a MitM attack against OpenSSH's
VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
* fix-CVE-2025-26465.patch
- pam
-
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- python-Jinja2
-
- Add security patch CVE-2025-27516.patch (bsc#1238879)
- Add security patch CVE-2024-56326.patch (bsc#1234809)
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- supportutils
-
- Changes to version 3.2.10
+ network.txt collect all firewalld zones (pr#233)
+ Collects gfs2 info (PED-11853, pr#235, pr#236)
+ Ignore tasks/threads to prevent collecting duplicate fd data in open_files (bsc#1230371, pr#237)
+ Added openldap2_5 support for SLES (pr#238)
+ Collects additional hawk details (pr#239)
+ Optimized filtering D/Z processes (pr#241)
+ Collect firewalld permanent configuration (pr#243)
+ ldap_info: support for multiple DBs and sanitize olcRootPW (bsc#1231838, pr#247)
+ Added dbus_info for dbus.txt (bsc#1222650, pr#248)
- Changes to version 3.2.9
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221)
+ Supportconfig available in current distro (PED-7131)
+ Corrected display issues (bsc#1231396)
+ NFS takes too long, showmount times out (bsc#1231423)
+ Merged sle15 and master branches (bsc#1233726, PED-11669)
- suse-build-key
-
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
- timezone
-
- Update to 2025b:
* New zone for Aysén Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches
* revert-philippines-historical-data.patch
* tzdata-china.diff
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
* Fixes testsuite failures for other packages
- vim
-
- Introduce patch to fix bsc#1235751 (regression).
* vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
* 9.1.1176: wrong indent when expanding multiple lines
* 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
* 9.1.1174: tests: Test_complete_cmdline() may fail
* 9.1.1173: filetype: ABNF files are not detected
* 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
* 9.1.1171: tests: wrong arguments passed to assert_equal()
* 9.1.1170: wildmenu highlighting in popup can be improved
* 9.1.1169: using global variable for get_insert()/get_lambda_name()
* 9.1.1168: wrong flags passed down to nextwild()
* 9.1.1167: mark '] wrong after copying text object
* 9.1.1166: command-line auto-completion hard with wildmenu
* 9.1.1165: diff: regression with multi-file diff blocks
* 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
* 9.1.1163: $MYVIMDIR is set too late
* 9.1.1162: completion popup not cleared in cmdline
* 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
* 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
* 9.1.1159: $MYVIMDIR may not always be set
* 9.1.1158: :verbose set has wrong file name with :compiler!
* 9.1.1157: command completion wrong for input()
* 9.1.1156: tests: No test for what patch 9.1.1152 fixes
* 9.1.1155: Mode message not cleared after :silent message
* 9.1.1154: Vim9: not able to use autoload class accross scripts
* 9.1.1153: build error on Haiku
* 9.1.1152: Patch v9.1.1151 causes problems
* 9.1.1151: too many strlen() calls in getchar.c
* 9.1.1150: :hi completion may complete to wrong value
* 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
* 9.1.1148: Vim9: finding imported scripts can be further improved
* 9.1.1147: preview-window does not scroll correctly
* 9.1.1146: Vim9: wrong context being used when evaluating class member
* 9.1.1145: multi-line completion has wrong indentation for last line
* 9.1.1144: no way to create raw strings from a blob
* 9.1.1143: illegal memory access when putting a register
* 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
* 9.1.1141: Misplaced comment in readfile()
* 9.1.1140: filetype: m17ndb files are not detected
* 9.1.1139: [fifo] is not displayed when editing a fifo
* 9.1.1138: cmdline completion for :hi is too simplistic
* 9.1.1137: ins_str() is inefficient by calling STRLEN()
* 9.1.1136: Match highlighting marks a buffer region as changed
* 9.1.1135: 'suffixesadd' doesn't work with multiple items
* 9.1.1134: filetype: Guile init file not recognized
* 9.1.1133: filetype: xkb files not recognized everywhere
* 9.1.1132: Mark positions wrong after triggering multiline completion
* 9.1.1131: potential out-of-memory issue in search.c
* 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
* 9.1.1129: missing out-of-memory test in buf_write()
* 9.1.1128: patch 9.1.1119 caused a regression with imports
* 9.1.1127: preinsert text is not cleaned up correctly
* 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
* 9.1.1125: cannot loop through pum menu with multiline items
* 9.1.1124: No test for 'listchars' "precedes" with double-width char
* 9.1.1123: popup hi groups not falling back to defaults
* 9.1.1122: too many strlen() calls in findfile.c
* 9.1.1121: Enter does not insert newline with "noselect"
* 9.1.1120: tests: Test_registers fails
* 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
* 9.1.1118: tests: test_termcodes fails
* 9.1.1117: there are a few minor style issues
* 9.1.1116: Vim9: super not supported in lambda expressions
* 9.1.1115: [security]: use-after-free in str_to_reg()
* 9.1.1114: enabling termguicolors automatically confuses users
* 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
* 9.1.1112: Inconsistencies in get_next_or_prev_match()
* 9.1.1111: Vim9: variable not found in transitive import
* 9.1.1110: Vim tests are slow and flaky
* 9.1.1109: cmdexpand.c hard to read
* 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
* 9.1.1107: cannot loop through completion menu with fuzzy
* 9.1.1106: tests: Test_log_nonexistent() causes asan failure
* 9.1.1105: Vim9: no support for protected new() method
* 9.1.1104: CI: using Ubuntu 22.04 Github runners
* 9.1.1103: if_perl: still some compile errors with Perl 5.38
* 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
- 9.1.1101 is a fix for:
bsc#1229685 (CVE-2024-43790)
bsc#1229822 (CVE-2024-43802)
bsc#1230078 (CVE-2024-45306)
bsc#1235695 (CVE-2025-22134)
bsc#1236151 (CVE-2025-24014)
bsc#1237137 (CVE-2025-1215)
- Remove obsoleted patch:
* vim-7.3-mktemp_tutor.patch
- update to 9.1.1101
* insexpand.c hard to read
* tests: Test_log_nonexistent only works on Linux
* Update base-syntax, improve variable matching
* Vim9: import with extends may crash
* leaking memory with completing multi lines
* --log with non-existent path causes a crash
* if_perl: Perl 5.38 adds new symbols causing link failure
* tests: matchparen plugin test wrongly named
* Vim9: problem finding implemented method in type hierarchy
* runtime(qf): Update syntax file, match second delimiter
* tests: output of test ...win32_ctrl_z depends on python version
* tests: fix expected return code for python 3.13 on Windows
* tests: timeout might be a bit too small
* tests: test_terminwscroll_topline2 unreliable
* tests: No check when tests are run under Github actions
* tests: plugin tests are named inconsistently
* Vim9: import with extends may crash
* completion doesn't work with multi lines
* filetype: cmmt files are not recognized
* Unable to persistently ignore events in a window and its buffers
* improve syntax highlighting
* setreg() doesn't correctly handle mbyte chars in blockwise mode
* unexpected DCS responses may cause out of bounds reads
* has('bsd') is true for GNU/Hurd
* filetype: Mill files are not recognized
* GUI late startup leads to uninitialized scrollbars
* Add support for lz4 to tar & gzip plugin
* Terminal ansi colors off by one after tgc reset
* included syntax items do not understand contains=TOP
* vim_strnchr() is strange and unnecessary
* Vim9: len variable not used in compile_load()
* runtime(vim): Update base-syntax, match :debuggreedy count prefix
* Strange error when heredoc marker starts with "trim"
* tests: test_compiler fails on Windows without Maven
* 'diffopt' "linematch" cannot be used with {n} less than 10
* args missing after failing to redefine a function
* Cannot control cursor positioning of getchar()
* preinsert text completions not deleted with <C-W>/<C-U>
* getchar() can't distinguish between C-I and Tab
* tests: Test_termwinscroll_topline2 fails on MacOS
* heap-use-after-free and stack-use-after-scope with :14verbose
* no digraph for "Approaches the limit"
* not possible to use plural forms with gettext()
* too many strlen() calls in userfunc.c
* terminal: E315 when dragging the terminal with the mouse
* runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor()
* runtime(doc): Tweak documentation style a bit
* tests: test_glvs fails when unarchiver not available
* Vim always enables 'termguicolors' in a terminal
* completion: input text deleted with preinsert when adding leader
* translation(sr): Missing Serbian translation for the tutor
* Superfluous cleanup steps in test_ins_complete.vim
* runtime(netrw): correct wrong version check
* Vim doesn't highlight to be inserted text when completing
* runtime(netrw): upstream snapshot of v176
* runtime(dist/vim9): fix regressions in dist#vim9#Open
* runtime(hyprlang): fix string recognition
* make install fails because of a missing dependency
* runtime(asm): add byte directives to syntax script
* Vim doesn't work well with TERM=xterm-direct
* runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection
* runtime: decouple Open and Launch commands and gx mapping from netrw
* "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
* runtime(just): fix typo in syntax file
* runtime(filetype): Improve Verilog detection by checking for modules definition
* tests: off-by-one error in CheckCWD in test_debugger.vim
* tests: no support for env variables when running Vim in terminal
* too many strlen() calls in os_unix.c
* insert-completed items are always sorted
* crash after scrolling and pasting in silent Ex mode
* Makefiles uses non-portable syntax
* fuzzymatching doesn't prefer matching camelcase
* filetype: N-Tripels and TriG files are not recognized
* Vim9: Patch 9.1.1014 causes regressions
* translation(sr): Update Serbian messages translation
- updade to 9.1.1043
* [security]: segfault in win_line()
* update helptags
* filetype: just files are not recognized
* Update base-syntax, match ternary and falsy operators
* Vim9: out-of-bound access when echoing an enum
* Vim9: imported type cannot be used as func return type
* runtime(kconfig): updated ftplugin and syntax script
* runtime(doc): rename last t_BG reference to t_RB
* Vim9: comments are outdated
* tests: test_channel.py fails with IPv6
* runtime(vim): Update base-syntax, fix is/isnot operator matching
* Vim9: confusing error when using abstract method via super
* make install fails when using shadowdir
* Vim9: memory leak with blob2str()
* runtime(tex): add texEmphStyle to texMatchGroup in syntax script
* runtime(netrw): upstream snapshot of v175
* Vim9: compiling abstract method fails without return
* runtime(c): add new constexpr keyword to syntax file (C23)
* tests: shaderslang was removed from test_filetype erroneously
* link error when FEAT_SPELL not defined
* Coverity complains about insecure data handling
* runtime(sh): update syntax script
* runtime(c): Add missing syntax test files
* filetype: setting bash filetype is backwards incompatible
* runtime(c): Update syntax and ftplugin files
* the installer can be improved
* too many strlen() calls in screen.c
* no sanitize check when running linematch
* filetype: swc configuration files are not recognized
* runtime(netrw): change netrw maintainer
* wrong return type of blob2str()
* blob2str/str2blob() do not support list of strings
* runtime(doc): fix typo in usr_02.txt
* Coverity complains about dereferencing NULL pointer
* linematch option value not completed
* string might be used without a trailing NUL
* no way to get current selected item in a async context
* filetype: fd ignore files are not recognized
* v9.1.0743 causes regression with diff mode
* runtime(doc): fix base64 encode/decode examples
* Vim9: Patch 9.1.1013 causes a few problems
* Not possible to convert string2blob and blob2string
* Coverity complains about dereferencing NULL value
* Vim9: variable not found in transitive import
* runtime(colors): Update colorschemes, include new unokai colorscheme
* Vim9: Regression caused by patch v9.1.0646
* runtime(lyrics): support milliseconds in syntax script
* runtime(vim): Split Vim legacy and Vim9 script indent tests
* Vim9: class interface inheritance not correctly working
* popupmenu internal error with some abbr in completion item
* filetype: VisualCode setting file not recognized
* diff feature can be improved
* tests: test for patch 9.1.1006 doesn't fail without the patch
* filetype: various ignore are not recognized
* tests: Load screendump files with "git vimdumps"
* PmenuMatch completion highlight can be combined
* completion text is highlighted even with no pattern found
* tests: a few termdebug tests are flaky
* [security]: heap-buffer-overflow with visual mode
* runtime(doc): add package-<name> helptags for included packages
* Vim9: unknown func error with interface declaring func var
* runtime(filetype): don't detect string interpolation as angular
* ComplMatchIns highlight hard to read on light background
* runtime(vim): Update base-syntax, highlight literal string quote escape
* runtime(editorconfig): set omnifunc to syntaxcomplete func
* tests: ruby tests fail with Ruby 3.4
* Vim9: leaking finished exception
* runtime(tiasm): use correct syntax name tiasm in syntax script
* filetype: TI assembly files are not recognized
* too many strlen() calls in drawscreen.c
* runtime(xf86conf): add section name OutputClass to syntax script
* ComplMatchIns may highlight wrong text
* runtime(vim): Update base-syntax, improve ex-bang matching
* runtime(doc): clarify buffer deletion on popup_close()
* filetype: shaderslang files are not detected
* Vim9: not able to use comment after opening curly brace
- update to 9.1.0993
* 9.1.0993: New 'cmdheight' behavior may be surprising
* runtime(sh): fix typo in Last Change header
* 9.1.0992: Vim9: double-free after v9.1.0988
* 9.1.0991: v:stacktrace has wrong type in Vim9 script
* runtime(sh): add PS0 to bashSpecialVariables in syntax script
* runtime(vim): Remove trailing comma from match_words
* runtime(zsh): sync syntax script with upstream repo
* runtime(doc): Capitalise the mnemonic "Zero" for the 'z' flag of search()
* 9.1.0990: Inconsistent behavior when changing cmdheight
* 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
* runtime(java): Quietly opt out for unsupported markdown.vim versions
* runtime(vim): fix failing vim syntax test
* 9.1.0988: Vim9: no error when using uninitialized var in new()
* runtime(doc): update index.txt
* 9.1.0987: filetype: cake files are not recognized
* 9.1.0986: filetype: 'jj' filetype is a bit imprecise
* runtime(jj): Support diffs in jj syntax
* runtime(vim): Update matchit pattern, no Vim9 short names
* 9.1.0985: Vim9: some ex commands can be shortened
* 9.1.0984: exception handling can be improved
* runtime(doc): update doc for :horizontal
* runtime(doc): update index.txt, windows.txt and version9.txt
* runtime(doc): Tweak documentation about base64 function
* runtime(chordpro): update syntax script
* 9.1.0983: not able to get the displayed items in complete_info()
* runtime(doc): use standard SGR format at :h xterm-true-color
* 9.1.0982: TI linker files are not recognized
* runtime(vim): update vim generator syntax script
* 9.1.0981: tests: typo in test_filetype.vim
* 9.1.0980: no support for base64 en-/decoding functions in Vim Script
* syntax(sh): Improve the recognition of bracket expressions
* runtime(doc): mention how NUL bytes are handled
* 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
* 9.1.0978: GUI tests sometimes fail when setting 'scroll' options
* 9.1.0977: filetype: msbuild filetypes are not recognized
* 9.1.0976: Vim9: missing return statement with throw
* 9.1.0975: Vim9: interpolated string expr not working in object methods
* 9.1.0974: typo in change of commit v9.1.0873
* 9.1.0973: too many strlen() calls in fileio.c
* runtime(sh): set shellcheck as the compiler for supported shells
* runtime(doc): Fix enum example syntax
* 9.1.0972: filetype: TI linker map files are not recognized
* runtime(vim): Improve syntax script generator for Vim Script
* 9.1.0971: filetype: SLNX files are not recognized
* 9.1.0970: VMS: build errors on VMS architecture
* runtime(doc): Fix documentation typos
* runtime(doc): update for new keyprotocol option value (after v9.1.0969)
* 9.1.0969: ghostty not using kitty protocol by default
* 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
* runtime(doc): update version9.txt for bash filetype
* runtime(netrw): update last change header for #16265
* runtime(doc): fix doc error in :r behaviour
* 9.1.0967: SpotBugs compiler setup can be further improved
* 9.1.0966: Vim9: :enum command can be shortened
* runtime(compiler): include a basic bash syntax checker compiler
* 9.1.0965: filetype: sh filetype set when detecting the use of bash
* runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt
* 9.1.0963: fuzzy-matching does not prefer full match
* 9.1.0962: filetype: bun.lock file is not recognized
* runtime(vim): update indentation plugin for Vim script
* runtime(doc): tweak documentation style in helphelp.txt
* runtime(vim): Update base-syntax, allow parens in default arguments
* runtime(doc): mention auto-format using clang-format for sound.c/sign.c
* runtime(help): fix typo s/additional/arbitrary/
* runtime(help): Add better support for language annotation highlighting
* 9.1.0961: filetype: TI gel files are not recognized
* 9.1.0960: filetype: hy history files are not recognized
* translation(fi): Fix typoes in Finish menu translation
* 9.1.0959: Coverity complains about type conversion
* runtime(vim): Use supported syntax in indent tests
* 9.1.0958: filetype: supertux2 config files detected as lisp
* 9.1.0956: completion may crash, completion highlight wrong with preview window
* 9.1.0955: Vim9: vim9compile.c can be further improved
* runtime(doc): move help tag E1182
* runtime(graphql): contribute vim-graphql to Vim core
* 9.1.0954: popupmenu.c can be improved
* 9.1.0953: filetype: APKBUILD files not correctly detected
* 9.1.0952: Vim9: missing type checking for any type assignment
* 9.1.0951: filetype: jshell files are not recognized
* runtime(dockerfile): do not set commentstring in syntax script
* 9.1.0950: filetype: fennelrc files are not recognized
* runtime(netrw): do not double escape Vim special characters
* git: ignore reformatting change of netrw plugin
* runtime(netrw): more reformating #16248
* runtime(doc): Add a note about handling symbolic links in starting.txt
* 9.1.0949: popups inconsistently shifted to the left
* git: ignore reformatting change of netrw plugin
* runtime(netrw): change indent size from 1 to 2
* 9.1.0948: Missing cmdline completion for :pbuffer
* runtime(tutor): Reformat tutor1
* 9.1.0947: short-description
* 9.1.0946: cross-compiling fails on osx-arm64
* 9.1.0945: ComplMatchIns highlight doesn't end after inserted text
* translation(sv): re-include the change from #16240
* 9.1.0944: tests: test_registers fails when not run under X11
* 9.1.0943: Vim9: vim9compile.c can be further improved
* runtime(doc): Update README and mention make check to verify
* translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec
* runtime(vim): update base-syntax after v9.1.0936
* 9.1.0942: a few typos were found
* 9.1.0941: ComplMatchIns doesn't work after multibyte chars
* runtime(doc): Fix style in fold.txt
* translation(sv): Fix typo in Swedish translation
* 9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
* runtime(doc): fix some small errors
* 9.1.0939: make installtutor fails
* 9.1.0938: exclusive selection not respected when re-selecting block mode
* 9.1.0937: test_undolist() is flaky
* 9.1.0936: cannot highlight completed text
* 9.1.0935: SpotBugs compiler can be improved
* 9.1.0934: hard to view an existing buffer in the preview window
* runtime(doc): document how to minimize fold computation costs
* 9.1.0933: Vim9: vim9compile.c can be further improved
* 9.1.0932: new Italian tutor not installed
* runtime(doc): fix a few minor errors from the last doc updates
* translation(it): add Italian translation for the interactive tutor
* runtime(doc): update the change.txt help file
* runtime(help): Add Vim lang annotation support for codeblocks
* 9.1.0931: ml_get error in terminal buffer
* 9.1.0930: tests: test_terminal2 may hang in GUI mode
* 9.1.0929: filetype: lalrpop files are not recognized
* 9.1.0928: tests: test_popupwin fails because the filter command fails
* editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim
* 9.1.0927: style issues in insexpand.c
* 9.1.0926: filetype: Pixi lock files are not recognized
* runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit`
* runtime(doc): add a note about inclusive motions and exclusive selection
* 9.1.0925: Vim9: expression compiled when not necessary
* 9.1.0924: patch 9.1.0923 causes issues
* 9.1.0923: too many strlen() calls in filepath.c
* 9.1.0923: wrong MIN macro in popupmenu.c
* 9.1.0921: popupmenu logic is a bit convoluted
* 9.1.0920: Vim9: compile_assignment() too long
* 9.1.0919: filetype: some assembler files are not recognized
* runtime(netrw): do not pollute search history with symlinks
* 9.1.0918: tiny Vim crashes with fuzzy buffer completion
* 9.1.0917: various vartabstop and shiftround bugs when shifting lines
* runtime(typst): add definition lists to formatlistpat, update maintainer
* 9.1.0916: messages.c is exceeding 80 columns
* runtime(proto): include filetype plugin for protobuf
* 9.1.0915: GVim: default font size a bit too small
* 9.1.0914: Vim9: compile_assignment() is too long
* 9.1.0913: no error check for neg values for 'messagesopt'
* runtime(netrw): only check first arg of netrw_browsex_viewer for being executable
* 9.1.0912: xxd: integer overflow with sparse files and -autoskip
* 9.1.0911: Variable name for 'messagesopt' doesn't match short name
* 9.1.0910: 'messagesopt' does not check max wait time
* runtime(doc): update wrong Vietnamese localization tag
* 9.1.0909: Vim9: crash when calling instance method
- update to 9.1.0908
* refresh vim-7.3-mktemp_tutor.patch
* 9.1.0908: not possible to configure :messages
* 9.1.0907: printoptions:portrait does not change postscript Orientation
* runtime(doc): Add vietnamese.txt to helps main TOC
* 9.1.0906: filetype: Nvidia PTX files are not recognized
* runtime(doc): updated version9.txt with changes from v9.1.0905
* 9.1.0905: Missing information in CompleteDone event
* 9.1.0904: Vim9: copy-paste error in class_defining_member()
* 9.1.0903: potential overflow in spell_soundfold_wsal()
* runtime(netrw): do not detach when launching external programs in gvim
* runtime(doc): make tag alignment more consistent in filetype.txt
* runtime(doc): fix wrong syntax and style of vietnamese.txt
* translation(it): update Italian manpage for vimtutor
* runtime(lua): add optional lua function folding
* Filelist: include translations for Chapter 2 tutor
* translation(vi): Update Vietnamese translation
* runtime(doc): include vietnamese.txt
* runtime(tutor): fix another typo in tutor2
* runtime(doc): fix typo in vimtutor manpage
* translation(it): update Italian manpage for vimtutor
* translation(it): include Italian version of tutor chapter 2
* runtime(tutor): regenerated some translated tutor1 files
* runtime(tutor): fix typo in Chapter 2
* 9.1.0902: filetype: Conda configuration files are not recognized
* runtime(doc): Tweak documentation style a bit
* runtime(tutor): update the tutor files and re-number the chapters
* runtime(tutor): Update the makefiles for tutor1 and tutor2 files
* 9.1.0901: MS-Windows: vimtutor batch script can be improved
* runtime(doc): remove buffer-local completeopt todo item
* 9.1.0900: Vim9: digraph_getlist() does not accept bool arg
* runtime(typst): provide a formatlistpat in ftplugin
* runtime(doc): Update documentation for "noselect" in 'completeopt'
* 9.1.0899: default for 'backspace' can be set in C code
* runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc
* translation(ru): Updated messages translation
* 9.1.0898: runtime(compiler): pytest compiler not included
* 9.1.0897: filetype: pyrex files are not detected
* runtime(compiler): update eslint compiler
* 9.1.0896: completion list wrong after v9.1.0891
* runtime(doc): document changed default value for 'history'
* 9.1.0895: default history value is too small
* 9.1.0894: No test for what the spotbug compiler parses
* 9.1.0893: No test that undofile format does not regress
* translation(de): update German manpages
* runtime(compiler): include spotbugs Java linter
* 9.1.0892: the max value of 'tabheight' is limited by other tabpages
* runtime(po): remove poDiffOld/New, add po-format flags to syntax file
* 9.1.0891: building the completion list array is inefficient
* patch 9.1.0890: %! item not allowed for 'rulerformat'
* runtime(gzip): load undofile if there exists one
* 9.1.0889: Possible unnecessary redraw after adding/deleting lines
* 9.1.0888: leftcol property not available in getwininfo()
* 9.1.0887: Wrong expression in sign.c
* 9.1.0886: filetype: debian control file not detected
* runtime(c3): include c3 filetype plugin
* 9.1.0885: style of sign.c can be improved
* 9.1.0884: gcc warns about uninitialized variable
* runtime(apache): Update syntax directives for apache server 2.4.62
* translation(ru): updated vimtutor translation, update MAINTAINERS file
* 9.1.0883: message history cleanup is missing some tests
* runtime(doc): Expand docs on :! vs. :term
* runtime(netrw): Fixing powershell execution issues on Windows
* 9.1.0882: too many strlen() calls in insexpand.c
* 9.1.0881: GUI: message dialog may not get focus
* runtime(netrw): update netrw's decompress logic
* runtime(apache): Update syntax keyword definition
* runtime(misc): add Italian LICENSE and (top-level) README file
* 9.1.0880: filetype: C3 files are not recognized
* runtime(doc): add helptag for :HelpToc command
* 9.1.0879: source is not consistently formatted
* Add clang-format config file
* runtime(compiler): fix escaping of arguments passed to :CompilerSet
* 9.1.0878: termdebug: cannot enable DEBUG mode
* 9.1.0877: tests: missing test for termdebug + decimal signs
* 9.1.0876: filetype: openCL files are not recognized
* 9.1.0875: filetype: hyprlang detection can be improved
* 9.1.0874: filetype: karel files are not detected
* 9.1.0873: filetype: Vivado files are not recognized
* 9.1.0872: No test for W23 message
* 9.1.0871: getcellpixels() can be further improved
* 9.1.0870: too many strlen() calls in eval.c
* 9.1.0869: Problem: curswant not set on gm in folded line
* 9.1.0868: the warning about missing clipboard can be improved
* runtime(doc): Makefile does not clean up all temporary files
* 9.1.0867: ins_compl_add() has too many args
* editorconfig: don't trim trailing whitespaces in runtime/doc
* translation(am): Remove duplicate keys in desktop files
* runtime(doc): update helptags
* runtime(filetype): remove duplicated *.org file pattern
* runtime(cfg): only consider leading // as starting a comment
* 9.1.0866: filetype: LLVM IR files are not recognized
* 9.1.0865: filetype: org files are not recognized
* 9.1.0864: message history is fixed to 200
* 9.1.0863: getcellpixels() can be further improved
* runtime(sh): better function support for bash/zsh in indent script
* runtime(netrw): small fixes to netrw#BrowseX
* 9.1.0862: 'wildmenu' not enabled by default in nocp mode
* runtime(doc): update how to report issues for mac Vim
* runtime(doc): mention option-backslash at :h CompilerSet
* runtime(compiler): include a Java Maven compiler plugin
* runtime(racket): update Racket runtime files
* runtime(doc): improve indentation in examples for netrw-handler
* runtime(doc): improve examples for netrw-handler functions
* runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg
* runtime(doc): clarify the use of filters and external commands
* 9.1.0861: Vim9: no runtime check for object member access of any var
* runtime(compiler): update pylint linter
* 9.1.0860: tests: mouse_shape tests use hard code sleep value
* 9.1.0859: several problems with the GLVS plugin
* 9.1.0858: Coverity complains about dead code
* runtime(tar): Update tar.vim to support permissions
* 9.1.0857: xxd: --- is incorrectly recognized as end-of-options
* 9.1.0851: too many strlen() calls in getchar.c
* 9.1.0850: Vim9: cannot access nested object inside objects
* runtime(tex): extra Number highlighting causes issues
* runtime(vim): Fix indent after :silent! function
* 9.1.0849: there are a few typos in the source
* runtime(netrw): directory symlink not resolved in tree view
* runtime(doc): add a table of supported Operating Systems
* runtime(tex): update Last Change header in syntax script
* runtime(doc): fix typo in g:termdebug_config
* runtime(vim): Update base-syntax, improve :normal highlighting
* runtime(tex): add Number highlighting to syntax file
* runtime(doc): Tweak documentation style a bit
* 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
* runtime(dune): use :setl instead of :set in ftplugin
* runtime(termdebug): allow to use decimal signs
* translation(it): Updated Italian vimtutor
* runtime(compiler): improve cppcheck
* git: git-blame-ignore-revs shown as an error on Github
* 9.1.0847: tests: test_popupwin fails because of updated help file
* 9.1.0846: debug symbols for xxd are not cleaned in Makefile
* runtime(structurizr): Update structurizr syntax
* runtime(8th): updated 8th syntax
* runtime(doc): Add pi_tutor.txt to help TOC
* runtime(compiler): add mypy and ruff compiler; update pylint linter
* runtime(netrw): fix several bugs in netrw tree listing
* runtime(netrw): prevent polluting the search history
* 9.1.0845: vimtutor shell script can be improved
* 9.1.0844: if_python: no way to pass local vars to python
* 9.1.0843: too many strlen() calls in undo.c
* runtime(doc): update default value for fillchars option
* runtime(compiler): fix typo in cppcheck compiler plugin
* runtime(doc): simplify vimtutor manpage a bit more
* runtime(matchparen): Add matchparen_disable_cursor_hl config option
* 9.1.0842: not checking for the sync() systemcall
* 9.1.0841: tests: still preferring python2 over python3
* 9.1.0840: filetype: idris2 files are not recognized
* 9.1.0839: filetype: leo files are not recognized
* runtime(cook): include cook filetype plugin
* runtime(debversions): Update Debian versions
* patch 9.1.0838: vimtutor is bash-specific
* runtime(doc): add help specific modeline to pi_tutor.txt
* Filelist: vimtutor chapter 2 is missing in Filelist
* 9.1.0837: cross-compiling has some issues
* runtime(vimtutor): Add a second chapter
- Fix for bsc#1234333 / bsc#1234214 / bsc#1234245.
These three bugs all have the same root cause:
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the "Obsoletes" entry was versioned, depending on
which version of 'xxd' that is installed, the "Obsoletes" isn't
actually triggered. Thus, there is a conflict between "vim" and
"xxd" in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
- wget
-
- If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
[bsc#1185551, wget-do-not-propagate-credentials.patch,
bsc#1230795, CVE-2021-31879]
- zypper
-
- Annonunce --root in commands not launching a Target
(bsc#1237044)
- BuildRequires: libzypp-devel >= 17.36.3.
- version 1.14.85
- Let zypper dup fail in case of (temporarily) unaccessible repos
(bsc#1228434, bsc#1236939, fixes #446)
- version 1.14.84
- New system-architecture command (bsc#1236384)
Prints the detected system architecture.
- version 1.14.83
- requires: libzypp >= 17.36.0.
- Change versioncmp command to return exit code according to the
comparison result (#593)
- version 1.14.82
- lr: show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- version 1.14.81
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
- version 1.14.80
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append "-<version>" or
"-<version>-<release>" to the "<name>" pattern. Note that the
edition part must always match exactly.
- version 1.14.79