- containerd
-
- Update to containerd v1.7.21. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.21>
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- dracut
-
- Update to version 059+suse.541.g3c2df232:
* fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110)
- Update to version 059+suse.539.gdd3495f7:
* fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639)
* fix(zfcp_rules): check for presence of legacy rules (bsc#1230330)
Fixes for NVMeoF boot (bsc#1230468):
* fix(nvmf): install (only) required nvmf modules
* fix(nvmf): require NVMeoF modules
* fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- fipscheck
-
- Backport upstream patches fipscheck-fix_check_openssl_version.patch
and fipscheck-fix_incorrect_length_type.patch to fix C99 violations
which are errors by default with GCC 14 [boo#1221714] - although the
first one looks like it possibly fixes some more substantial error.
- glibc
-
- Use nss-systemd by default also in SLE (bsc#1230638)
- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228042, BZ
[#31934])
- grub2
-
- Fix crash in bli module (bsc#1226497)
* 0001-bli-Fix-crash-in-get_part_uuid.patch
- kernel-default
-
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 6aa8957889611fbe7f06353f917cfb3d9620a680 to fix a regression (bsc#1230413)
- commit 720e36b
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 16ad73a9f4c2888f3bc28513f5e9a88d753f8741 to fix a regression (bsc#1230413)
- commit 2fd5290
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit 35f619d3c421219e07bc89d2d6a37fbff25519fe to fix a refression
(bsc#1230413)
- commit 7e5afd7
- Drop soundwire patch that caused a regression (bsc#1230350)
Deleted:
patches.suse/soundwire-stream-fix-programming-slave-ports-for-non.patch
- commit 5c05eeb
- ceph: periodically flush the cap releases (bsc#1230056).
- commit e22b6e0
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- commit 1bec58d
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 13aba13
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 6553526
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit 35f619d
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 16ad73a
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 6aa8957
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- commit 4dc1da1
- xfs: Fix missing interval for missing_owner in xfs fsmap
(git-fixes).
- commit 5448ab5
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code
(git-fixes).
- commit 288ad9b
- xfs: Fix the owner setting issue for rmap query in xfs fsmap
(git-fixes).
- commit 49b5eec
- usb: cdnsp: fix for Link TRB with TC (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path
(git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe
error path (git-fixes).
- usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in
remove_power_attributes() (git-fixes).
- usb: typec: fsa4480: Relax CHIP_ID check (git-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path
(git-fixes).
- usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function
(git-fixes).
- soc: qcom: pmic_glink: Actually communicate when remote goes
down (git-fixes).
- soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes).
- commit 7121142
- dmaengine: dw: Add memory bus width verification (git-fixes).
- dmaengine: dw: Add peripheral bus width verification
(git-fixes).
- soundwire: stream: fix programming slave ports for non-continous
port maps (git-fixes).
- commit b7e9784
- Update
patches.suse/0001-net-rds-fix-possible-cp-null-dereference.patch
(git-fixes CVE-2024-35902 bsc#1224496).
- Update
patches.suse/ASoC-TAS2781-Fix-tasdev_load_calibrated_data.patch
(git-fixes CVE-2024-42278 bsc#1229403).
- Update
patches.suse/ASoC-amd-Adjust-error-handling-in-case-of-absent-cod.patch
(git-fixes CVE-2024-43818 bsc#1229296).
- Update
patches.suse/ASoC-fsl-fsl_qmc_audio-Check-devm_kasprintf-returned.patch
(git-fixes CVE-2024-42298 bsc#1229369).
- Update
patches.suse/Bluetooth-MGMT-Add-error-handling-to-pair_device.patch
(git-fixes CVE-2024-43884 bsc#1229739).
- Update
patches.suse/KVM-Always-flush-async-PF-workqueue-when-vCPU-is-bei.patch
(git-fixes CVE-2024-26976 bsc#1223635).
- Update
patches.suse/PCI-DPC-Fix-use-after-free-on-concurrent-DPC-and-hot.patch
(git-fixes CVE-2024-42302 bsc#1229366).
- Update
patches.suse/PCI-endpoint-Clean-up-error-handling-in-vpci_scan_bu.patch
(git-fixes CVE-2024-43875 bsc#1229486).
- Update
patches.suse/PCI-endpoint-pci-epf-test-Make-use-of-cached-epc_fea.patch
(git-fixes CVE-2024-43824 bsc#1229320).
- Update
patches.suse/PCI-keystone-Fix-NULL-pointer-dereference-in-case-of.patch
(git-fixes CVE-2024-43823 bsc#1229303).
- Update
patches.suse/PCI-rcar-Demote-WARN-to-dev_warn_ratelimited-in-rcar.patch
(git-fixes CVE-2024-43876 bsc#1229485).
- Update
patches.suse/RDMA-hns-Fix-soft-lockup-under-heavy-CEQE-load.patch
(git-fixes CVE-2024-43872 bsc#1229489).
- Update
patches.suse/RDMA-iwcm-Fix-a-use-after-free-related-to-destroying.patch
(git-fixes CVE-2024-42285 bsc#1229381).
- Update
patches.suse/Revert-ALSA-firewire-lib-operate-for-period-elapse-e.patch
(bsc#1208783 CVE-2024-42274 bsc#1229417).
- Update
patches.suse/SUNRPC-add-a-missing-rpc_stat-for-TCP-TLS.patch
(git-fixes CVE-2024-36907 bsc#1225751).
- Update
patches.suse/bpf-arm64-Fix-trampoline-for-BPF_TRAMP_F_CALL_ORIG.patch
(git-fixes CVE-2024-43840 bsc#1229344).
- Update
patches.suse/btrfs-fix-double-inode-unlock-for-direct-IO-sync-wri.patch
(git-fixes CVE-2024-43885 bsc#1229747).
- Update
patches.suse/btrfs-fix-extent-map-use-after-free-when-adding-page.patch
(git-fixes CVE-2024-42314 bsc#1229355).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_snp.patch
(git-fixes CVE-2024-43874 bsc#1229487).
- Update
patches.suse/devres-Fix-memory-leakage-caused-by-driver-API-devm_.patch
(git-fixes CVE-2024-43871 bsc#1229490).
- Update
patches.suse/dma-fix-call-order-in-dmam_free_coherent.patch
(git-fixes CVE-2024-43856 bsc#1229346).
- Update
patches.suse/drm-admgpu-fix-dereferencing-null-pointer-context.patch
(stable-fixes CVE-2024-43906 bsc#1229785).
- Update
patches.suse/drm-amd-display-Add-NULL-check-for-afb-before-derefe.patch
(stable-fixes CVE-2024-43903 bsc#1229781).
- Update
patches.suse/drm-amd-display-Add-null-checker-before-passing-vari.patch
(stable-fixes CVE-2024-43902 bsc#1229767).
- Update
patches.suse/drm-amd-display-Skip-Recompute-DSC-Params-if-no-Stre.patch
(stable-fixes CVE-2024-43895 bsc#1229755).
- Update
patches.suse/drm-amd-pm-Fix-the-null-pointer-dereference-for-vega.patch
(stable-fixes CVE-2024-43905 bsc#1229784).
- Update
patches.suse/drm-amdgpu-Fix-the-null-pointer-dereference-to-ras_m.patch
(stable-fixes CVE-2024-43908 bsc#1229788).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-for-s.patch
(stable-fixes CVE-2024-43909 bsc#1229789).
- Update
patches.suse/drm-amdgpu-pm-Fix-the-null-pointer-dereference-in-ap.patch
(stable-fixes CVE-2024-43907 bsc#1229787).
- Update
patches.suse/drm-client-fix-null-pointer-dereference-in-drm_clien.patch
(git-fixes CVE-2024-43894 bsc#1229746).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-cdv_intel.patch
(git-fixes CVE-2024-42310 bsc#1229358).
- Update
patches.suse/drm-gma500-fix-null-pointer-dereference-in-psb_intel.patch
(git-fixes CVE-2024-42309 bsc#1229359).
- Update
patches.suse/drm-nouveau-prime-fix-refcount-underflow.patch
(git-fixes CVE-2024-43867 bsc#1229493).
- Update patches.suse/drm-qxl-Add-check-for-drm_cvt_mode.patch
(git-fixes CVE-2024-43829 bsc#1229341).
- Update
patches.suse/drm-vmwgfx-Fix-a-deadlock-in-dma-buf-fence-polling.patch
(git-fixes CVE-2024-43863 bsc#1229497).
- Update
patches.suse/exfat-fix-potential-deadlock-on-__exfat_get_dentry_set.patch
(git-fixes CVE-2024-42315 bsc#1229354).
- Update
patches.suse/gpio-prevent-potential-speculation-leaks-in-gpio_dev.patch
(stable-fixes CVE-2024-44931 bsc#1229837).
- Update
patches.suse/hfs-fix-to-initialize-fields-of-hfs_inode_info-after-hfs_alloc_inode.patch
(git-fixes CVE-2024-42311 bsc#1229413).
- Update
patches.suse/iio-Fix-the-sorting-functionality-in-iio_gts_build_a.patch
(git-fixes CVE-2024-43825 bsc#1229298).
- Update
patches.suse/jfs-Fix-array-index-out-of-bounds-in-diFree.patch
(git-fixes CVE-2024-43858 bsc#1229414).
- Update
patches.suse/jfs-Fix-shift-out-of-bounds-in-dbDiscardAG.patch
(git-fixes CVE-2024-44938 bsc#1229792).
- Update
patches.suse/jfs-fix-null-ptr-deref-in-dtInsertEntry.patch
(git-fixes CVE-2024-44939 bsc#1229820).
- Update
patches.suse/kobject_uevent-Fix-OOB-access-within-zap_modalias_en.patch
(git-fixes CVE-2024-42292 bsc#1229373).
- Update
patches.suse/kvm-s390-Reject-memory-region-operations-for-ucontrol-VMs.patch
(git-fixes bsc#1229168 CVE-2024-43819 bsc#1229290).
- Update
patches.suse/leds-trigger-Unregister-sysfs-attributes-before-call.patch
(git-fixes CVE-2024-43830 bsc#1229305).
- Update
patches.suse/lib-objagg-Fix-general-protection-fault.patch
(git-fixes CVE-2024-43846 bsc#1229360).
- Update
patches.suse/libbpf-Use-OPTS_SET-macro-in-bpf_xdp_query.patch
(git-fixes CVE-2024-27050 bsc#1223767).
- Update
patches.suse/mISDN-Fix-a-use-after-free-in-hfcmulti_tx.patch
(git-fixes CVE-2024-42280 bsc#1229388).
- Update
patches.suse/mailbox-mtk-cmdq-Move-devm_mbox_controller_register-.patch
(git-fixes CVE-2024-42319 bsc#1229350).
- Update
patches.suse/md-raid5-fix-deadlock-that-raid5d-wait-for-itself-to-clear-MD_SB_CHANGE_PENDING-151f.patch
(git-fixes CVE-2024-39476 bsc#1227437).
- Update
patches.suse/media-imx-pxp-Fix-ERR_PTR-dereference-in-pxp_probe.patch
(git-fixes CVE-2024-42303 bsc#1229365).
- Update
patches.suse/media-pci-ivtv-Add-check-for-DMA-map-result.patch
(git-fixes CVE-2024-43877 bsc#1229484).
- Update
patches.suse/media-v4l-async-Fix-NULL-pointer-dereference-in-addi.patch
(git-fixes CVE-2024-43833 bsc#1229299).
- Update
patches.suse/media-venus-fix-use-after-free-in-vdec_close.patch
(git-fixes CVE-2024-42313 bsc#1229356).
- Update
patches.suse/media-xc2028-avoid-use-after-free-in-load_firmware_c.patch
(stable-fixes CVE-2024-43900 bsc#1229756).
- Update
patches.suse/memcg-protect-concurrent-access-to-mem_cgroup_idr.patch
(git-fixes CVE-2024-43892 bsc#1229761).
- Update
patches.suse/net-drop-bad-gso-csum_start-and-offset-in-virtio_net.patch
(git-fixes CVE-2024-43897 bsc#1229752).
- Update
patches.suse/net-iucv-fix-use-after-free-in-iucv_sock_close.patch
(bsc#1228973 CVE-2024-42271 bsc#1229400).
- Update patches.suse/net-missing-check-virtio.patch (git-fixes
CVE-2024-43817 bsc#1229312).
- Update
patches.suse/net-usb-qmi_wwan-fix-memory-leak-for-not-ip-packets.patch
(git-fixes CVE-2024-43861 bsc#1229500).
- Update
patches.suse/nfs-pass-explicit-offset-count-to-trace-events.patch
(git-fixes CVE-2024-43826 bsc#1229294).
- Update
patches.suse/nvme-pci-add-missing-condition-check-for-existence-o.patch
(git-fixes CVE-2024-42276 bsc#1229410).
- Update
patches.suse/padata-Fix-possible-divide-by-0-panic-in-padata_mt_h.patch
(git-fixes CVE-2024-43889 bsc#1229743).
- Update
patches.suse/remoteproc-imx_rproc-Skip-over-memory-region-when-no.patch
(git-fixes CVE-2024-43860 bsc#1229319).
- Update
patches.suse/s390-dasd-fix-error-checks-in-dasd_copy_pair_store.patch
(git-fixes bsc#1229173 CVE-2024-42320 bsc#1229349).
- Update
patches.suse/scsi-lpfc-Revise-lpfc_prep_embed_io-routine-with-pro.patch
(bsc#1228857 CVE-2024-43816 bsc#1229318).
- Update
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch
(bsc#1228850 CVE-2024-42287 bsc#1229392).
- Update
patches.suse/scsi-qla2xxx-During-vport-delete-send-async-logout-e.patch
(bsc#1228850 CVE-2024-42289 bsc#1229399).
- Update
patches.suse/scsi-qla2xxx-Fix-for-possible-memory-corruption.patch
(bsc#1228850 CVE-2024-42288 bsc#1229398).
- Update
patches.suse/scsi-qla2xxx-validate-nvme_local_port-correctly.patch
(bsc#1228850 CVE-2024-42286 bsc#1229395).
- Update
patches.suse/serial-core-check-uartclk-for-zero-to-avoid-divide-b.patch
(stable-fixes CVE-2024-43893 bsc#1229759).
- Update
patches.suse/soc-qcom-pdr-protect-locator_addr-with-the-main-mute.patch
(git-fixes CVE-2024-43849 bsc#1229307).
- Update
patches.suse/soc-xilinx-rename-cpu_number1-to-dummy_cpu_number.patch
(git-fixes CVE-2024-43851 bsc#1229313).
- Update
patches.suse/spi-microchip-core-ensure-TX-and-RX-FIFOs-are-empty-.patch
(git-fixes CVE-2024-42279 bsc#1229390).
- Update
patches.suse/usb-vhci-hcd-Do-not-drop-references-before-new-refer.patch
(stable-fixes CVE-2024-43883 bsc#1229707).
- Update
patches.suse/vhost-vsock-always-initialize-seqpacket_allow.patch
(git-fixes CVE-2024-43873 bsc#1229488).
- Update
patches.suse/wifi-ath12k-change-DMA-direction-while-mapping-reinj.patch
(git-fixes CVE-2024-43881 bsc#1229480).
- Update
patches.suse/wifi-ath12k-fix-invalid-memory-access-while-processi.patch
(git-fixes CVE-2024-43847 bsc#1229291).
- Update
patches.suse/wifi-cfg80211-handle-2x996-RU-allocation-in-cfg80211.patch
(git-fixes CVE-2024-43879 bsc#1229482).
- Update
patches.suse/wifi-nl80211-disallow-setting-special-AP-channel-wid.patch
(stable-fixes CVE-2024-43912 bsc#1229830).
- Update
patches.suse/wifi-rtw89-Fix-array-index-mistake-in-rtw89_sta_info.patch
(git-fixes CVE-2024-43842 bsc#1229317).
- Update
patches.suse/wifi-virt_wifi-avoid-reporting-connection-success-wi.patch
(git-fixes CVE-2024-43841 bsc#1229304).
- commit 140ec33
- iommu/amd: Convert comma to semicolon (git-fixes).
- commit 2714d8b
- scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315
CVE-2024-43821).
- commit eb73e94
- iommu/vt-d: Fix identity map bounds in si_domain_init()
(git-fixes).
- commit b4d27e5
- iommufd/device: Fix hwpt at err_unresv in
iommufd_device_do_replace() (git-fixes).
- commit bbc9a65
- blacklist.conf: add 053fc4f755ad fuse: fix UAF in rcu pathwalks
This commit breaks kABI and the data structure has no free room for the
extra field, i.e. memcpy would fail to copy the additional member added by
this patch.
- commit 941b81c
- virtiofs: forbid newlines in tags (bsc#1229940).
- commit 61514ce
- trace/pid_list: Change gfp flags in pid_list_fill_irq()
(git-fixes).
- commit 88d1dac
- blacklist.conf: add a not-relevant tracing commit
- commit 9e3013e
- evm: don't copy up 'security.evm' xattr (git-fixes).
- commit d3bb5af
- afs: fix __afs_break_callback() / afs_drop_open_mmap() race
(git-fixes).
- commit 150e615
- jfs: define xtree root and page independently (git-fixes).
- commit fc62e49
- kernfs: fix false-positive WARN(nr_mmapped) in
kernfs_drain_open_files (git-fixes).
- commit 7fa46d1
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- commit 9b6ef3b
- nfc: pn533: Add poll mod list filling check (git-fixes).
- wifi: wfx: repair open network AP mode (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances
(git-fixes).
- Input: i8042 - use new forcenorestore quirk to replace old
buggy quirk combination (stable-fixes).
- Input: i8042 - add forcenorestore quirk to leave controller
untouched even on s3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is
destroyed in probe (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed
(stable-fixes).
- Input: MT - limit max slots (stable-fixes).
- usb: dwc3: core: Skip setting event buffers for host only
controllers (stable-fixes).
- platform/x86: lg-laptop: fix %s null argument warning
(stable-fixes).
- rtc: nct3018y: fix possible NULL dereference (stable-fixes).
- usb: gadget: fsl: Increase size of name buffer for endpoints
(stable-fixes).
- media: drivers/media/dvb-core: copy user arrays safely
(stable-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return
(stable-fixes).
- memory: stm32-fmc2-ebi: check regmap_read return value
(stable-fixes).
- memory: tegra: Skip SID programming if SID registers aren't set
(stable-fixes).
- Revert "usb: gadget: uvc: cleanup request when not in correct
state" (stable-fixes).
- usb: gadget: uvc: cleanup request when not in correct state
(stable-fixes).
- staging: ks7010: disable bh on tx_dev_lock (stable-fixes).
- staging: iio: resolver: ad2s1210: fix use before initialization
(stable-fixes).
- ssb: Fix division by zero issue in ssb_calc_clock_rate
(stable-fixes).
- commit b84d799
- drm/vmwgfx: Fix prime with external buffers (git-fixes).
- drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict
(git-fixes).
- drm/amd/display: avoid using null object of framebuffer
(git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions
(git-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/msm/dpu: take plane rotation into account for wide planes
(git-fixes).
- drm/msm/dpu: move dpu_encoder's connector assignment to
atomic_enable() (git-fixes).
- char: xillybus: Refine workqueue handling (git-fixes).
- char: xillybus: Don't destroy workqueue from work item running
on it (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops
(stable-fixes).
- drm/amdgpu/jpeg4: properly set atomics vmid field
(stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field
(stable-fixes).
- drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function
amdgpu_vm_pt_parent (stable-fixes).
- hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt()
(git-fixes).
- firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid
(stable-fixes).
- drm/msm/dpu: capture snapshot on the first commit_done timeout
(stable-fixes).
- drm/msm/dpu: split dpu_encoder_wait_for_event into two functions
(stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels
(stable-fixes).
- gpio: sysfs: extend the critical section for unregistering
sysfs devices (stable-fixes).
- Bluetooth: bnep: Fix out-of-bound access (stable-fixes).
- hwmon: (pc87360) Bounds check data->innr usage (stable-fixes).
- ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data
(stable-fixes).
- drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes).
- drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys
(stable-fixes).
- drm/msm/mdss: Rename path references to mdp_path (stable-fixes).
- drm/msm/mdss: switch mdss to use devm_of_icc_get()
(stable-fixes).
- drm/msm/dpu: try multirect based on mdp clock limits
(stable-fixes).
- drm/msm: Reduce fallout of fence signaling vs reclaim hangs
(stable-fixes).
- drm/rockchip: vop2: clear afbc en and transform bit for cluster
window at linear mode (stable-fixes).
- Bluetooth: hci_conn: Check non NULL function before calling
for HFP offload (stable-fixes).
- i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes).
- i2c: riic: avoid potential division by zero (stable-fixes).
- i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer
(stable-fixes).
- i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times
out (stable-fixes).
- ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is
pending before suspend (stable-fixes).
- ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes).
- clk: visconti: Add bounds-checking coverage for struct
visconti_pll_provider (stable-fixes).
- hwmon: (ltc2992) Avoid division by zero (stable-fixes).
- commit 1b92ddd
- jump_label: Fix the fix, brown paper bags galore (git-fixes).
- commit 89b2827
- jump_label: Simplify and clarify
static_key_fast_inc_cpus_locked() (git-fixes).
- commit 954eaa3
- jump_label: Clarify condition in
static_key_fast_inc_not_disabled() (git-fixes).
- commit eb457dc
- jump_label: Fix concurrency issues in static_key_slow_dec()
(git-fixes).
- commit 6e92a06
- tracing: Return from tracing_buffers_read() if the file has
been closed (bsc#1229136 git-fixes).
- commit 8dc8510
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- commit e8b168b
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- commit 2f9e2b1
- bpf: kprobe: remove unused declaring of bpf_kprobe_override
(git-fixes).
- commit 4045c94
- wifi: mac80211: fix NULL dereference at band check in starting
tx ba session (CVE-2024-43911 bsc#1229827).
- commit 0892b94
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- commit b90dd07
- iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
(CVE-2024-42277 bsc#1229409).
- commit ede2511
- kabi: lib: objagg: Put back removed metod in struct objagg_ops
(CVE-2024-43880 bsc#1229481).
- commit 9566f2d
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 66e8d18
- drm/amd/display: Fix null pointer deref in dcn20_resource.c (CVE-2024-43899 bsc#1229754).
- commit 1811990
- blacklist.conf: add 56769ba4b297a629148eb24d554aef72d1ddfd9e
- commit e1cb2aa
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 7a21b9d
- ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED
(stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
Book3 Ultra (stable-fixes).
- ASoC: allow module autoloading for table board_ids
(stable-fixes).
- ASoC: allow module autoloading for table db1200_pids
(stable-fixes).
- ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile
(stable-fixes).
- ASoC: SOF: mediatek: Add missing board compatible
(stable-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound
(stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound
(stable-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop
14-ey0xxx (stable-fixes).
- ALSA: hda/realtek: Implement sound init sequence for Samsung
Galaxy Book3 Pro 360 (stable-fixes).
- commit 97adcb2
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- net/mlx5: Always drain health in shutdown callback
(CVE-2024-43866 bsc#1229495).
- mlxsw: spectrum_acl_erp: Fix object nesting warning
(CVE-2024-43880 bsc#1229481).
- commit d9a404d
- pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B
pins (git-fixes).
- pinctrl: starfive: jh7110: Correct the level trigger
configuration of iev register (git-fixes).
- pinctrl: mediatek: common-v2: Fix broken bias-disable for
PULL_PU_PD_RSEL_TYPE (git-fixes).
- pinctrl: single: fix potential NULL dereference in
pcs_get_function() (git-fixes).
- ASoC: SOF: amd: Fix for acp init sequence (git-fixes).
- ASoC: amd: acp: fix module autoloading (git-fixes).
- ALSA: seq: Skip event type filtering for UMP events (git-fixes).
- commit 3fa4a0b
- ice: Fix NULL pointer access, if PF doesn't support SRIOV_LAG
(bsc#1228737).
- commit f1a9730
- kABI: vfio: struct virqfd kABI workaround (CVE-2024-26812
bsc#1222808).
- commit ae735c0
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010 bsc#1223720).
- commit 8c34ee8
- Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (CVE-2024-36270 bsc#1226798)
- commit 052d917
- net: qdisc: preserve kabi for struct QDisc (CVE-2024-27010 bsc#1223720).
- commit e31d466
- mm/userfaultfd: reset ptes when close() for wr-protected ones
(CVE-2024-36881 bsc#1225718).
- commit 2267d46
- mm/mglru: fix div-by-zero in vmpressure_calc_level()
(CVE-2024-42316 bsc#1229353).
- commit ba00671
- md/raid1: set max_sectors during early return from
choose_slow_rdev() (git-fixes).
- md/raid5: recheck if reshape has finished with device_lock held
(git-fixes).
- md: Don't wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl
(git-fixes).
- md/raid5: fix spares errors about rcu usage (git-fixes).
- md/md-bitmap: fix writing non bitmap pages (git-fixes).
- md: fix deadlock between mddev_suspend and flush bio
(bsc#1229342, CVE-2024-43855).
- md: change the return value type of md_write_start to void
(git-fixes).
- md: do not delete safemode_timer in mddev_suspend (git-fixes).
- md: don't account sync_io if iostats of the disk is disabled
(git-fixes).
- md: add check for sleepers in md_wakeup_thread() (git-fixes).
- md/raid5: fix deadlock that raid5d() wait for itself to clear
MD_SB_CHANGE_PENDING (git-fixes).
- md: add a mddev_add_trace_msg helper (git-fixes).
- Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in
raid5d"" (git-fixes).
- md: fix a suspicious RCU usage warning (git-fixes).
- md/raid1: support read error check (git-fixes).
- commit f1ec0d4
- md: factor out a helper exceed_read_errors() to check
read_errors (git-fixes).
- Refresh for the above change,
patches.suse/md-display-timeout-error.patch.
patches.suse/md-raid1-10-add-a-helper-raid1_check_read_range-f298.patch.
- commit 035e3f0
- Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
(git-fixes).
- commit 5cc0fdd
- net/mlx5e: Fix CT entry update leaks of modify header context (CVE-2024-43864 bsc#1229496)
- commit 316a4fe
- ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work
(CVE-2024-26631 bsc#1221630).
- commit 317a097
- netfilter: nf_tables: unconditionally flush pending work before notifier (CVE-2024-42109 bsc#1228505)
- commit 7a6a06c
- cxl/region: Avoid null pointer dereference in region lookup (CVE-2024-41084 bsc#1228472)
- commit fc1408b
- cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472)
- commit ac0e984
- ipv6: fix possible race in __fib6_drop_pcpu_from() (CVE-2024-40905 bsc#1227761)
- commit 6fcd399
- ipv6: sr: fix memleak in seg6_hmac_init_algo (CVE-2024-39489 bsc#1227623)
- commit c55beb2
- swiotlb: do not set total_used to 0 in
swiotlb_create_debugfs_files() (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly
(git-fixes).
- commit 99fe6bb
- tls: fix missing memory barrier in tls_init (CVE-2024-36489 bsc#1226874)
- commit 67db543
- iommu: Add kABI workaround patch (bsc#1223742
CVE-2024-27079).
- commit c4ebc76
- btrfs: copy dir permission and time when creating a stub
subvolume (bsc#1228321).
- commit 46e95d1
- nouveau/firmware: use dma non-coherent allocator (git-fixes).
- drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1
(git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
(git-fixes).
- drm/msm/dp: reset the link phy params before link training
(git-fixes).
- drm/msm/dp: fix the max supported bpp logic (git-fixes).
- drm/msm/dpu: don't play tricks with debug macros (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure
(git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mtk-sd: receive cmd8 data when hs400 tuning fail
(git-fixes).
- commit ec72baf
- filelock: Fix fcntl/close race recovery compat path (bsc#1228427
CVE-2024-41020).
- commit 2c615e8
- vfio/pci: fix potential memory leak in vfio_intx_enable()
(git-fixes).
- commit 45c2786
- vfio: Introduce interface to flush virqfd inject workqueue
(CVE-2024-26812 bsc#1222808).
- commit 0704da7
- vfio/pci: Create persistent INTx handler (CVE-2024-26812
bsc#1222808).
- commit c0eeff7
- netfilter: nf_tables: discard table flag update with pending
basechain deletion (CVE-2024-35897 bsc#1224510).
- netfilter: nf_tables: reject table flag and netdev basechain
updates (CVE-2024-35897 bsc#1224510).
- commit bc3bca5
- kabi: restore const specifier in flow_offload_route_init()
(CVE-2024-27403 bsc#1224415).
- netfilter: nft_flow_offload: reset dst in route object after
setting up flow (CVE-2024-27403 bsc#1224415).
- commit f1d28bc
- Bluetooth: MGMT: Add error handling to pair_device()
(git-fixes).
- Bluetooth: SMP: Fix assumption of Central always being Initiator
(git-fixes).
- Bluetooth: hci_core: Fix LE quote calculation (git-fixes).
- commit 82ede4a
- netfilter: nf_tables: fix memleak in map from abort path
(CVE-2024-27011 bsc#1223803).
- commit df3e052
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- commit acfc6dd
- KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes).
- commit ca5dde8
- KVM: Stop processing *all* memslots when "null" mmu_notifier
handler is found (git-fixes).
- commit edcaf30
- virt: guest_memfd: fix reference leak on hwpoisoned page
(git-fixes).
- commit 7ac89c3
- KVM: arm64: AArch32: Fix spurious trapping of conditional
instructions (git-fixes).
- commit 6b4a32b
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
(git-fixes).
- commit d2c979d
- KVM: arm64: Fix AArch32 register narrowing on userspace write
(git-fixes).
- commit c002253
- KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes).
- commit 9570c83
- KVM: Always flush async #PF workqueue when vCPU is being
destroyed (git-fixes).
- commit bbeeae4
- iommu: Add static iommu_ops->release_domain (bsc#1223742
CVE-2024-27079).
- iommu/vt-d: Fix NULL domain on device release (bsc#1223742
CVE-2024-27079).
- Refresh
patches.suse/iommu-vt-d-Fix-WARN_ON-in-iommu-probe-path.patch.
- commit 5ddde3c
- KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with
KVM_MEM_READONLY (git-fixes).
- commit 7a71a2a
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler
(git-fixes).
- commit ebc54df
- KVM: arm64: vgic-its: Test for valid IRQ in
its_sync_lpi_pending_table() (git-fixes).
- commit 989930f
- KVM: arm64: Add missing memory barriers when switching to
pKVM's hyp pgd (git-fixes).
- commit 5599b84
- KVM: arm64: vgic-v4: Restore pending state on host userspace
write (git-fixes).
- commit ba9826d
- KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy
(git-fixes).
- commit 26e04aa
- KVM: arm64: vgic: Add a non-locking primitive for
kvm_vgic_vcpu_destroy() (git-fixes).
- commit 686bc1c
- netfilter: nft_limit: reject configurations that cause integer
overflow (CVE-2024-26668 bsc#1222335).
- commit 8ea214b
- netfilter: nf_tables: set dormant flag on hook register failure
(CVE-2024-26835 bsc#1222967).
- commit 8f4d028
- KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes).
- commit 3a96863
- Revert "KVM: Prevent module exit until all VMs are freed"
(git-fixes).
- commit c075225
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 7f0379b
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI
(git-fixes).
- commit 919175d
- netfilter: nft_set_pipapo: release elements in clone only from
destroy path (CVE-2024-26809 bsc#1222633).
- commit d3a3287
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id
(git-fixes).
- commit 7b3deae
- KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2
(git-fixes).
- commit 48c0cad
- netfilter: nf_tables: fix memleak when more than 255 elements
expired (CVE-2023-52581 bsc#1220877).
- commit 26441fd
- KVM: Protect vcpu->pid dereference via debugfs with RCU
(git-fixes).
- commit 55ae2a6
- KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init()
(git-fixes).
- commit f80cefe
- bpf: Fix updating attached freplace prog in prog_array map
(bsc#1229297 CVE-2024-43837).
- commit a9d7d77
- dma-direct: Leak pages on dma_set_decrypted() failure (bsc#1224535 CVE-2024-35939).
- commit 7de8166
- ice: Add a per-VF limit on number of FDIR filters
(CVE-2024-42291 bsc#1229374).
- commit ee2b93b
- net/mlx5: Fix missing lock on sync reset reload (CVE-2024-42268
bsc#1229391).
- commit 268cdf6
- selftests/bpf: Add a test to verify previous stacksafe() fix
(bsc#1225903).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- commit dab2844
- xdp: fix invalid wait context of page_pool_destroy() (CVE-2024-43834 bsc#1229314)
- commit 6348ec4
- clk: mediatek: mt7622-apmixedsys: Fix an error handling path
in clk_mt8135_apmixed_probe() (bsc#1224711 CVE-2024-27433).
- commit 30e1ef1
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (CVE-2024-36286 bsc#1226801)
- commit 3278d5d
- netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270 1226798)
- commit 26814d6
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851 bsc#1223074)
- commit 6ad2cbe
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state
(CVE-2024-40920 bsc#1227781).
- net: bridge: mst: pass vlan group directly to
br_mst_vlan_set_state (CVE-2024-40921 bsc#1227784).
- net: bridge: mst: fix vlan use-after-free (CVE-2024-36979
bsc#1226604).
- commit 7beae73
- blacklist.conf: git-fixes f2eaed1565acc2bdeb5c433f5f6c7bd7a0d62db1
blacklisted since it involves backporting many other commits not
that are relevnat only to gdb debug scripts and whose dependent
commits may break kABI.
- commit 323e420
- erofs: fix inconsistent per-file compression format (bsc#1220252, CVE-2024-26590).
- commit 4f99bd1
- perf: hisi: Fix use-after-free when register pmu fails
(bsc#1225582 CVE-2023-52859).
- commit a50ce06
- printk/panic: Allow cpu backtraces to be written into ringbuffer
during panic (bsc#1225607).
- commit 1ebfff4
- net: drop bad gso csum_start and offset in virtio_net_hdr
(git-fixes).
- commit 6d27b13
- selftests/bpf: Test for null-pointer-deref bugfix in
resolve_prog_type() (bsc#1229297 CVE-2024-43837).
- bpf: Fix null pointer dereference in resolve_prog_type()
for BPF_PROG_TYPE_EXT (bsc#1229297 CVE-2024-43837).
- commit 37e60d8
- bpf: simplify btf_get_prog_ctx_type() into
btf_is_prog_ctx_type() (git-fixes).
- Refresh patches.suse/bpf-don-t-infer-PTR_TO_CTX-for-programs-with-unnamed.patch
- Refresh patches.suse/bpf-handle-bpf_user_pt_regs_t-typedef-explicitly-for.patch
- bpf: extract bpf_ctx_convert_map logic and make it more reusable
(git-fixes).
- Refresh patches.suse/bpf-handle-bpf_user_pt_regs_t-typedef-explicitly-for.patch
- commit a1a0c24
- vhost: Release worker mutex during flushes (git-fixes).
- commit be0d4d9
- virtio: reenable config if freezing device failed (git-fixes).
- commit d96d64e
- kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS
(git-fixes).
- SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes).
- commit 4fa6f6d
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (CVE-2024-42270 bsc#1229404)
- commit eb407e1
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (CVE-2024-42269 bsc#1229402)
- commit 6f31e8c
- tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284 bsc#1229382)
- commit 003e7ab
- net: nexthop: Initialize all fields in dumped nexthops (CVE-2024-42283 bsc#1229383)
- commit dd830eb
- sysctl: always initialize i_uid/i_gid (CVE-2024-42312 bsc#1229357)
- commit 683a109
- block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854 bsc#1229345)
- commit bc065ac
- ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322 bsc#1229347)
- commit 5abcd51
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler
(git-fixes).
- commit efaee02
- net: missing check virtio (git-fixes).
- commit 547a4d8
- vhost/vsock: always initialize seqpacket_allow (git-fixes).
- commit 1501797
- vhost: Use virtqueue mutex for swapping worker (git-fixes).
- commit ee31e9d
- nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857).
- nvme-sysfs: add 'tls_configured_key' sysfs attribute
(bsc#1221857).
- nvme: split off TLS sysfs attributes into a separate group
(bsc#1221857).
- nvme: add a newline to the 'tls_key' sysfs attribute
(bsc#1221857).
- nvme-tcp: check for invalidated or revoked key (bsc#1221857).
- nvme-tcp: sanitize TLS key handling (bsc#1221857).
- nvme: tcp: remove unnecessary goto statement (bsc#1221857).
- commit 95902b1
- Refresh patches.suse/nvme-fabrics-typo-in-nvmf_parse_key.patch.
Move into sorted section.
- commit 24e43c3
- vhost-scsi: Handle vhost_vq_work_queue failures for events
(git-fixes).
- commit bb54ef9
- Update DRM patch reference (CVE-2024-42308 bsc#1229411)
- commit ddc1933
- Update
patches.suse/nvme-tcp-fix-compile-time-checks-for-TLS-mode.patch
(jsc#PED-6252 jsc#PED-5728 jsc#PED-5062 jsc#PED-3535
bsc#1221857).
Fix backporting error.
- commit 35c7df3
- Update parport patch reference (CVE-2024-42301 bsc#1229407)
- commit 6707829
- Refresh
patches.suse/nvme-tcp-strict-pdu-pacing-to-avoid-send-stalls-on-T.patch.
Use the version which got upload upstream.
- commit 4896f98
- blacklist.conf: add ffe6176b7f53 ("virtio: store owner from modules
with register_virtio_driver()")
- commit 08df841
- virtio_net: use u64_stats_t infra to avoid data-races
(git-fixes).
- commit 1825530
- usb: typec: fsa4480: Check if the chip is really there
(git-fixes).
- commit 771af75
- usb: typec: fsa4480: Add support to swap SBU orientation
(git-fixes).
- commit b744e01
- usb: typec: fsa4480: add support for Audio Accessory Mode
(git-fixes).
- commit 471d14e
- usb: typec: fsa4480: rework mux & switch setup to handle more
states (git-fixes).
- commit dc03605
- irqchip/imx-irqsteer: Handle runtime power management correctly
(CVE-2024-42290 bsc#1229379).
- commit a3bbc63
- landlock: Don't lose track of restrictions on cred_transfer
(bsc#1229351 CVE-2024-42318).
- commit e161e74
- apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287, CVE-2023-52889).
- commit 7a47d08
- kABI fix of: virtio-crypto: handle config changed by work queue
(git-fixes).
- commit 2e4646f
- nvme-multipath: implement "queue-depth" iopolicy (bsc#1227706).
- nvme-multipath: prepare for "queue-depth" iopolicy
(bsc#1227706).
- commit 796fd31
- nilfs2: handle inconsistent state in nilfs_btnode_create_block()
(bsc#1229370 CVE-2024-42295).
- commit 34231c4
- arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes)
- commit 6f29859
- arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes)
- commit 6b6ab8a
- soc: qcom: icc-bwmon: Fix refcount imbalance seen during
bwmon_remove (CVE-2024-43850 bsc#1229316).
- soc: qcom: icc-bwmon: Set default thresholds dynamically
(CVE-2024-43850 bsc#1229316).
- commit e842a77
- arm64: dts: imx8mp: add HDMI power-domains (git-fixes)
- commit 88b7cca
- arm64: dts: imx8mp: Add NPU Node (git-fixes)
- commit 55a2e84
- media: mediatek: vcodec: Handle invalid decoder vsi
(CVE-2024-43831 bsc#1229309).
- commit a7b1ec0
- bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
(CVE-2024-43839 bsc#1229301).
- net: mana: Add support for page sizes other than 4KB on ARM64
(jsc#PED-8491 bsc#1226530).
- commit 24750b5
- Squashfs: fix variable overflow triggered by sysbot (git-fixes).
- commit 90b77e5
- squashfs: squashfs_read_data need to check if the length is 0
(git-fixes).
- commit 1ab3d64
- jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- commit f862c1b
- jfs: fix null ptr deref in dtInsertEntry (git-fixes).
- commit 72d65ab
- reiserfs: fix uninit-value in comp_keys (git-fixes).
- commit aeea4b8
- Update
patches.suse/0001-netlink-add-nla-be16-32-types-to-minlen-array.patch
(CVE-2024-26849 bsc#1223053).
Fixes: 2747893c94d9b55340403026d9430f2f93947449
- commit 4cf09d7
- virtio-crypto: handle config changed by work queue (git-fixes).
- Refresh
patches.suse/crypto-virtio-Wait-for-tasklet-to-complete-on-device.patch.
- commit 3719b45
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229456).
- fs/netfs/fscache_cookie: add missing "n_accesses" check
(bsc#1229455).
- commit 1ffdccd
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229452).
- commit 421d882
- blacklist.conf: Change entry to alt-commit
- Refresh patches.suse/tools-Disable-__packed-attribute-compiler-warning-due-to-Werror-attributes.patch.
- commit a7c7d40
- net/iucv: fix the allocation size of iucv_path_table array
(git-fixes bsc#1229451).
- commit 4e0b259
- blacklist.conf: we don't enable CONFIG_CPUMASK_OFFSTACK on s390
- commit 8a36035
- Refresh patches.suse/0001-drm-mst-Fix-NULL-pointer-dereference-at-drm_dp_add_p.patch (git-fixes)
Alt-commit
- commit 98e41cf
- Refresh patches.suse/drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch (git-fixes)
Alt-commit
- commit 11ef901
- Refresh patches.suse/drm-amd-display-Send-DTBCLK-disable-message-on-first.patch (git-fixes)
Alt-commit
- commit 6d9aa0a
- Refresh patches.suse/drm-amd-display-Fix-DPSTREAM-CLK-on-and-off-sequence.patch (git-fixes)
Alt-commit
- commit 24768b9
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()
(CVE-2024-41007 bsc#1227863).
- commit 35aaaf5
- HID: wacom: Defer calculation of resolution until
resolution_code is known (git-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit()
(stable-fixes).
- commit a485c9b
- blacklist.conf: Add libata upstream revert entry (bsc#1229054)
- commit 5ded40a
- bpf: Fix a segment issue when downgrading gso_size (bsc#1229386
CVE-2024-42281).
- commit f593f1f
- kABI fix for net/sched: flower: Fix chain template offload
(CVE-2024-26669 bsc#1222350).
- net/sched: flower: Fix chain template offload (CVE-2024-26669
bsc#1222350).
- commit 43f1cd6
- kABI fix for rxrpc: Fix delayed ACKs to not set the reference
serial number (CVE-2024-26677 bsc#1222387).
- rxrpc: Fix delayed ACKs to not set the reference serial number
(CVE-2024-26677 bsc#1222387).
- commit c3c3a27
- Update patches.suse/cpu-SMT-Enable-SMT-only-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- Update patches.suse/powerpc-topology-Check-if-a-core-is-online.patch
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1229327 ltc#206365).
- commit fd7ec4b
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
- gss_krb5: Fix the error handling path for
crypto_sync_skcipher_setkey (git-fixes).
- commit c717fae
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- nfs: pass explicit offset/count to trace events (git-fixes).
- commit 6f41a0a
- NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server
(git-fixes).
- NFSD: Support write delegations in LAYOUTGET (git-fixes).
- nfs: don't invalidate dentries on transient errors (git-fixes).
- nfs: propagate readlink errors in nfs_symlink_filler
(git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args
(git-fixes).
- commit 6ab4001
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740 bsc#1228466).
- Update
patches.suse/cachefiles-add-missing-lock-protection-when-polling.patch
(bsc#1229256 CVE-2024-42250 bsc#1228977).
- Update
patches.suse/cachefiles-defer-exposing-anon_fd-until-after-copy_to.patch
(bsc#1229251 CVE-2024-40913 bsc#1227839).
- Update
patches.suse/cachefiles-fix-slab-use-after-free-in-cachefiles_onde.patch
(bsc#1229247 CVE-2024-39510 bsc#1227734).
- Update
patches.suse/cachefiles-fix-slab-use-after-free-in-cachefiles_ondemand_daemon_read.patch
(bsc#1229246 CVE-2024-40899 bsc#1227758).
- Update
patches.suse/drm-i915-gem-Fix-Virtual-Memory-mapping-boundaries-c.patch
(git-fixes CVE-2024-42259 bsc#1229156).
- Update
patches.suse/powerpc-pseries-Whitelist-dtl-slub-object-for-copyin.patch
(bsc#1194869 CVE-2024-41065 bsc#1228636).
- commit 3fec826
- char: xillybus: Check USB endpoints when probing device
(git-fixes).
- Revert "misc: fastrpc: Restrict untrusted app to attach to
privileged PD" (git-fixes).
- tty: atmel_serial: use the correct RTS flag (git-fixes).
- tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
(git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed
re-enumeration (git-fixes).
- Revert "usb: typec: tcpm: clear pd_event queue in PORT_RESET"
(git-fixes).
- commit e3fe681
- blacklist.conf: add unwanted nfs/sunrpc patch
- commit 405ec89
- Refresh patches.suse/SUNRPC-avoid-soft-lockup-when-transmitting-UDP-to-re.patch.
Add git-commit
- commit 7a1e763
- xfs: attr forks require attr, not attr2 (git-fixes).
- commit d1644af
- i2c: qcom-geni: Add missing geni_icc_disable in
geni_i2c_runtime_resume (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions
(git-fixes).
- commit 37fcb0e
- Move upstreamed powerpc patches into sorted section
- commit 7bdd775
- xfs: journal geometry is not properly bounds checked
(git-fixes).
- commit 7680aeb
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- commit a300263
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- commit a089c62
- spi: Add empty versions of ACPI functions (stable-fixes).
- i2c: Fix conditional for substituting empty ACPI functions
(stable-fixes).
- commit 3dc083c
- gpio: mlxbf3: Support shutdown() function (git-fixes).
- ALSA: hda/tas2781: Use correct endian conversion (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry
(stable-fixes).
- ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET
(stable-fixes).
- ALSA: hda/realtek: Add support for new HP G12 laptops
(stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad
3 15IAU7 (git-fixes).
- ALSA: timer: Relax start tick time check for slave timer
elements (git-fixes).
- drm/amd/display: Adjust cursor position (git-fixes).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- device property: Add cleanup.h based fwnode_handle_put()
scope based cleanup (stable-fixes).
- commit 51be9a0
- xfs: allow cross-linking special files without project quota
(git-fixes).
- commit 8d26aca
- KVM: nVMX: Check for pending posted interrupts when looking
for nested events (git-fixes).
- commit 0b1027c
- KVM: VMX: Split out the non-virtualization part of
vmx_interrupt_blocked() (git-fixes).
- commit 47fc351
- xfs: use consistent uid/gid when grabbing dquots for inodes
(git-fixes).
- commit c1c88ce
- xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs
(git-fixes).
- commit fae2711
- xfs: allow unlinked symlinks and dirs with zero size
(git-fixes).
- commit 184b713
- blacklist.conf: add f99b052256f1 ("KVM: SNP: Fix LBR Virtualization for SNP guest")
- commit c9ad47e
- KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE
(git-fixes).
- commit 96acab8
- xfs: fix unlink vs cluster buffer instantiation race
(git-fixes).
- commit 0ae592b
- xfs: upgrade the extent counters in xfs_reflink_end_cow_extent
later (git-fixes).
- commit 730a4f0
- xfs: match lock mode in xfs_buffered_write_iomap_begin()
(git-fixes).
- commit e70a195
- xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log
intent item recovery (git-fixes).
- commit 85919a1
- xfs: don't use current->journal_info (git-fixes).
- commit d96f684
- KVM: nVMX: Request immediate exit iff pending nested event
needs injection (git-fixes).
- commit 9d306b8
- cachefiles: add missing lock protection when polling
(bsc#1229256).
- cachefiles: cyclic allocation of msg_id to avoid reuse
(bsc#1228499 CVE-2024-41050).
- cachefiles: wait for ondemand_object_worker to finish when
dropping object (bsc#1228468 CVE-2024-41051).
- cachefiles: cancel all requests for the object that is being
dropped (bsc#1229255).
- cachefiles: stop sending new request when dropping object
(bsc#1229254).
- cachefiles: propagate errors from vfs_getxattr() to avoid
infinite loop (bsc#1229253).
- cachefiles: make on-demand read killable (bsc#1229252).
- cachefiles: Set object to close if ondemand_id < 0 in copen
(bsc#1228643 CVE-2024-41074).
- cachefiles: defer exposing anon_fd until after copy_to_user()
succeeds (bsc#1229251).
- cachefiles: never get a new anonymous fd if ondemand_id is valid
(bsc#1229250).
- cachefiles: add spin_lock for cachefiles_ondemand_info
(bsc#1229249).
- cachefiles: add consistency check for copen/cread (bsc#1228646
CVE-2024-41075).
- cachefiles: remove err_put_fd label in
cachefiles_ondemand_daemon_read() (bsc#1229248).
- cachefiles: fix slab-use-after-free in
cachefiles_ondemand_daemon_read() (bsc#1229247).
- cachefiles: fix slab-use-after-free in
cachefiles_ondemand_get_fd() (bsc#1229246).
- cachefiles, erofs: Fix NULL deref in when cachefiles is not
doing ondemand-mode (bsc#1229245).
- cachefiles: add restore command to recover inflight ondemand
read requests (bsc#1229244).
- cachefiles: narrow the scope of triggering EPOLLIN events in
ondemand mode (bsc#1229243).
- cachefiles: resend an open request if the read request's object
is closed (bsc#1229241).
- cachefiles: extract ondemand info field from cachefiles_object
(bsc#1229240).
- cachefiles: introduce object ondemand state (bsc#1229239).
- commit 3d893c5
- KVM: nVMX: Add a helper to get highest pending from Posted
Interrupt vector (git-fixes).
- commit ebf04ff
- KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in
vmx_exit() (git-fixes).
- commit 8ef91ee
- KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes).
- commit 395837f
- KVM: VMX: Move posted interrupt descriptor out of VMX code
(git-fixes).
- commit feb966b
- xfs: allow symlinks with short remote targets (bsc#1229160).
- commit e82d4ad
- blacklist.conf: add 1c682593096a ("xen: privcmd: Switch from mutex to spinlock for irqfds")
- commit 46d4480
- x86/xen: Convert comma to semicolon (git-fixes).
- commit c8d2d16
- net: mana: Fix doorbell out of order violation and avoid
unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic
(bsc#1229086).
- commit 59cb1c7
- wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
(git-fixes).
- net: ethernet: mtk_wed: fix use-after-free panic in
mtk_wed_setup_tc_block_cb() (git-fixes).
- media: Revert "media: dvb-usb: Fix unexpected infinite loop
in dvb_usb_read_remote_control()" (git-fixes).
- commit daf04e2
- filelock: Remove locks reliably when fcntl/close race is
detected (CVE-2024-41012 bsc#1228247).
- commit a736b9b
- io_uring: fix possible deadlock in
io_register_iowq_max_workers() (bsc#1228616 CVE-2024-41080).
- commit eae6448
- io_uring: fix io_match_task must_hold (git-fixes).
- io_uring: tighten task exit cancellations (git-fixes).
- commit f9ce2d8
- io_uring: Fix probe of disabled operations (git-fixes).
- io_uring/advise: support 64-bit lengths (git-fixes).
- commit 7566a8d
- io_uring: Drop per-ctx dummy_ubuf (git-fixes).
- commit 2717cc1
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to
userspace (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public
(bsc#1194869).
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#"
(bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for
CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings
(bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and
h_get_ppp (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP
(bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef
CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- commit 4e7f0fe
- blacklist.conf: Add a bunch of superfluous ppc changes reported by
git-fixes.
- commit 7c2a851
- blacklist.conf: Add ppc more ppc unsupported arch paths and commits.
- commit 66e06b4
- blacklist.conf: Add more ppc 32bit paths.
- commit 013a9db
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- commit e589bbc
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- commit 0d04176
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- commit 6a5ea61
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- commit f75d6ba
- arm64: errata: Unify speculative SSBS errata logic (git-fixes).
Update config files.
- commit ffaab08
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- commit 3c8ddb7
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- commit f5fd7c6
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- commit d87d988
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
and enable around.
- commit b3747ef
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- commit 78aeee9
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- commit 2841965
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- commit 5c935b6
- arm64: Add Neoverse-V2 part (git-fixes)
- commit 0f9f30b
- net/rds: fix possible cp null dereference (git-fixes).
- commit cac3126
- s390/pci: Add missing virt_to_phys() for directed DIBV
(git-fixes bsc#1229174).
- commit ea8e3e7
- s390/dasd: fix error checks in dasd_copy_pair_store()
(git-fixes bsc#1229173).
- commit f5c4fe8
- s390/pci: Allow allocation of more than 1 MSI interrupt
(git-fixes bsc#1229172).
- s390/pci: Refactor arch_setup_msi_irqs() (git-fixes
bsc#1229172).
- commit ad8c54b
- s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes
bsc#1229171).
- commit 94c7469
- s390/uv: Panic for set and remove shared access UVC errors
(git-fixes bsc#1229170).
- commit 447c271
- s390/sclp: Prevent release of buffer in I/O (git-fixes
bsc#1229169).
- commit 9daf007
- kvm: s390: Reject memory region operations for ucontrol VMs
(git-fixes bsc#1229168).
- commit 14a9742
- KVM: s390: fix validity interception issue when gisa is switched
off (git-fixes bsc#1229167).
- commit 5c4e348
- Update patch reference of USB patch (jsc#PED-10108)
- commit edfa08b
- USB: serial: debug: do not echo input by default (stable-fixes).
- usb: vhci-hcd: Do not drop references before new references
are gained (stable-fixes).
- serial: core: check uartclk for zero to avoid divide by zero
(stable-fixes).
- media: xc2028: avoid use-after-free in load_firmware_cb()
(stable-fixes).
- media: uvcvideo: Fix the bandwdith quirk on USB 3.x
(stable-fixes).
- media: uvcvideo: Ignore empty TS packets (stable-fixes).
- media: amphion: Remove lock in s_ctrl callback (stable-fixes).
- wifi: nl80211: don't give key data to userspace (stable-fixes).
- PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes).
- wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup()
(stable-fixes).
- wifi: nl80211: disallow setting special AP channel widths
(stable-fixes).
- gpio: prevent potential speculation leaks in
gpio_device_get_desc() (stable-fixes).
- commit 2335bf9
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm/i915/gem: Adjust vma offset for framebuffer mmap offset
(stable-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link
(stable-fixes).
- drm/amdgpu: Forward soft recovery errors to userspace
(stable-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet
(stable-fixes).
- drm/mediatek/dp: Fix spurious kfree() (git-fixes).
- drm/amd/display: Add null checker before passing variables
(stable-fixes).
- Revert "drm/amd/display: Add NULL check for 'afb' before
dereferencing in amdgpu_dm_plane_handle_cursor_update"
(stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing
in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX
transactions (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
(stable-fixes).
- drm/radeon: Remove __counted_by from StateArray.states[]
(git-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/admgpu: fix dereferencing null pointer context
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in
apply_state_adjust_rules (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager
(stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7
(stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode
(stable-fixes).
- drm/amdgpu: fix potential resource leak warning (stable-fixes).
- drm/amd/display: Add delay to improve LTTPR UHBR interop
(stable-fixes).
- Bluetooth: btnxpuart: Shutdown timer and prevent rearming when
driver unloading (stable-fixes).
- can: mcp251xfd: tef: update workaround for erratum DS80000789E
6 of mcp2518fd (stable-fixes).
- can: mcp251xfd: tef: prepare to workaround broken TEF FIFO
tail index erratum (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core
(stable-fixes).
- ACPI: battery: create alarm sysfs attribute atomically
(stable-fixes).
- clocksource/drivers/sh_cmt: Address race condition for clock
events (stable-fixes).
- commit 2a8ca72
- Update patch reference for SPI patch (jsc#PED-10105)
- commit a896d55
- kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634
git-fixes).
- KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes).
- commit 576de67
- kernfs: Convert kernfs_path_from_node_locked() from strlcpy()
to strscpy() (bsc#1229134).
- Refresh
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch.
- commit bc8376b
- Update patch reference for iwlwifi fix (jsc#PED-10055)
- commit 73fda85
- Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table
(bsc#1229056).
- commit 0ae7f4e
- bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes()
(git-fixes).
- bpf: don't infer PTR_TO_CTX for programs with unnamed context
type (git-fixes).
- bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX
global arg (git-fixes).
- bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace
correctly (git-fixes).
- commit dd0591b
- net, sunrpc: Remap EPERM in case of connection failure in
xs_tcp_setup_socket (CVE-2024-42246 bsc#1228989).
- commit 12865c8
- tools/resolve_btfids: Fix comparison of distinct pointer types
warning in resolve_btfids (git-fixes).
- tools/resolve_btfids: fix build with musl libc (git-fixes).
- commit f42b517
- btrfs: fix leak of qgroup extent records after transaction abort
(git-fixes).
- btrfs: fix ordered extent split error handling in
btrfs_dio_submit_io (git-fixes).
- btrfs: use irq safe locking when running and adding delayed
iputs (git-fixes).
- commit 59b18df
- btrfs: fix extent map use-after-free when adding pages to
compressed bio (git-fixes).
- commit b3e7c96
- Drop libata patch that caused a regression (bsc#1229054)
- commit 3d5faca
- btrfs: fix double inode unlock for direct IO sync writes
(git-fixes).
- btrfs: fix corruption after buffer fault in during direct IO
append write (git-fixes).
- btrfs: use a btrfs_inode local variable at btrfs_sync_file()
(git-fixes).
- btrfs: pass a btrfs_inode to btrfs_wait_ordered_range()
(git-fixes).
- btrfs: pass a btrfs_inode to btrfs_fdatawrite_range()
(git-fixes).
- btrfs: use a btrfs_inode in the log context (struct
btrfs_log_ctx) (git-fixes).
- btrfs: make btrfs_finish_ordered_extent() return void
(git-fixes).
- btrfs: ensure fast fsync waits for ordered extents after a
write failure (git-fixes).
- btrfs: rename err to ret in btrfs_direct_write() (git-fixes).
- btrfs: uninline some static inline helpers from tree-log.h
(git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete buffered
writes (git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete direct writes
(git-fixes).
- btrfs: use btrfs_finish_ordered_extent to complete compressed
writes (git-fixes).
- btrfs: open code end_extent_writepage in
end_bio_extent_writepage (git-fixes).
- btrfs: add a btrfs_finish_ordered_extent helper (git-fixes).
- btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes).
- btrfs: factor out a can_finish_ordered_extent helper
(git-fixes).
- btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes).
- btrfs: add an ordered_extent pointer to struct btrfs_bio
(git-fixes).
- btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io
(git-fixes).
- btrfs: add a is_data_bbio helper (git-fixes).
- btrfs: remove btrfs_add_ordered_extent (git-fixes).
- btrfs: pass an ordered_extent to btrfs_submit_compressed_write
(git-fixes).
- btrfs: pass an ordered_extent to btrfs_reloc_clone_csums
(git-fixes).
- btrfs: merge the two calls to btrfs_add_ordered_extent in
run_delalloc_nocow (git-fixes).
- btrfs: limit write bios to a single ordered extent (git-fixes).
- commit 90ea198
- powerpc/topology: Check if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285
bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- commit 3d340df
- Update patch reference for MD patch (jsc#PED-10029 jsc#PED-10045)
- commit 1bf8fd1
- Update patch refefernce for MFD patch (jsc#PED-10029)
- commit f36d989
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- commit c606582
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- commit 4007799
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- commit 9854658
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- commit 0a84b39
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- commit 85ba4b7
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- commit 1b89039
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- commit 73c2646
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- commit 9e31807
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- commit f6baa58
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- commit 07f864e
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- commit d5ea9be
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- commit d314cb6
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- commit b00829d
- tools/resolve_btfids: Fix cross-compilation to non-host
endianness (git-fixes).
- tools/resolve_btfids: Refactor set sorting with types from
btf_ids.h (git-fixes).
- libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes).
- commit 6fc7b9e
- libbpf: Add missing LIBBPF_API annotation to
libbpf_set_memlock_rlim API (git-fixes).
- selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes).
- libbpf: Fix faccessat() usage on Android (git-fixes).
- selftests/bpf: Wait for the netstamp_needed_key static key to
be turned on (git-fixes).
- commit 89d6f3b
- selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes).
- selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY
values (git-fixes).
- libbpf: Apply map_set_def_max_entries() for inner_maps on
creation (git-fixes).
- selftests/bpf: Fix potential premature unload in bpf_testmod
(git-fixes).
- bpftool: Silence build warning about calloc() (git-fixes).
- commit 7aaf2fc
- x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes).
- Refresh
patches.suse/x86-uaccess-Fix-missed-zeroing-of-ia32-u64-get_user-range-.patch.
- commit 97ffc68
- selftests/bpf: Fix up xdp bonding test wrt feature flags
(git-fixes).
- selftests/bpf: fix compiler warnings in RELEASE=1 mode
(git-fixes).
- selftests/bpf: Relax time_tai test for equal timestamps in
tai_forward (git-fixes).
- bpf: Set uattr->batch.count as zero before batched update or
deletion (git-fixes).
- bpf: Remove unnecessary wait from bpf_map_copy_value()
(git-fixes).
- commit 19ebfe6
- bpf: enforce precision of R0 on callback return (git-fixes).
- selftests/bpf: Fix erroneous bitmask operation (git-fixes).
- bpf/tests: Remove duplicate JSGT tests (git-fixes).
- bpftool: mark orphaned programs during prog show (git-fixes).
- commit 2b6a18e
- bpf: Fix a few selftest failures due to llvm18 change
(git-fixes).
- selftests/bpf: Fix issues in setup_classid_environment()
(git-fixes).
- selftests/bpf: Add assert for user stacks in test_task_stack
(git-fixes).
- selftests/bpf: Fix pyperf180 compilation failure with clang18
(git-fixes).
- bpf: Add crosstask check to __bpf_get_stack (git-fixes).
- commit fce00e9
- bpf, lpm: Fix check prefixlen before walking trie (git-fixes).
- selftests/bpf: satisfy compiler by having explicit return in
btf test (git-fixes).
- selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes).
- bpf: Fix prog_array_map_poke_run map poke update (git-fixes).
- commit ca200c8
- scsi: mpi3mr: Use proper format specifier in
mpi3mr_sas_port_add() (bsc#1228754 CVE-2024-42159 git-fixes).
- scsi: mpi3mr: Sanitise num_phys (bsc#1228754 CVE-2024-42159).
- commit e024eb0
- selftests/bpf: check if max number of bpf_loop iterations is
tracked (git-fixes).
Refresh
patches.suse/selftests-bpf-test-case-for-callback_depth-states-pr.patch.
- selftests/bpf: fix bpf_loop_bench for new callback verification
scheme (git-fixes).
- selftests/bpf: Add netkit to tc_redirect selftest (git-fixes).
- selftests/bpf: De-veth-ize the tc_redirect test case
(git-fixes).
- bpf: fix control-flow graph checking in privileged mode
(git-fixes).
- commit 27db2c6
- bpf: Fix check_stack_write_fixed_off() to correctly spill imm
(git-fixes).
- bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes).
- commit b5c430e
- mm/shmem: disable PMD-sized page cache if needed (CVE-2024-42241
bsc#1228986).
- commit 8ecdd91
- x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes).
- commit 1d041a1
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- commit 5407674
- x86/pci: Skip early E820 check for ECAM region (git-fixes).
- commit 7ac1bfc
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- commit 03de6ee
- x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes).
- commit 41708c1
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- commit e9979b2
- Revert "sched/fair: Make sure to try to detach at least one
movable task" (CVE-2024-42245 bsc#1228978).
- commit bff0dc0
- selftests/bpf: Make linked_list failure test more robust
(git-fixes).
- bpf: Ensure proper register state printing for cond jumps
(git-fixes).
- commit 2ec4f49
- ipv6: sr: fix incorrect unregister order (git-fixes).
- commit f975fdd
- ipv6: sr: fix possible use-after-free and null-ptr-deref
(CVE-2024-26735 bsc#1222372).
- commit 75aaed9
- bpftool: Align output skeleton ELF code (git-fixes).
- samples/bpf: syscall_tp_user: Fix array out-of-bound access
(git-fixes).
- samples/bpf: syscall_tp_user: Rename num_progs into nr_tests
(git-fixes).
- bpf: Fix kfunc callback register type handling (git-fixes).
- commit ee3cca0
- bpf: Detect IP == ksym.end as part of BPF program (git-fixes).
- commit b5b57d0
- selftests/bpf: Skip module_fentry_shadow test when bpf_testmod
is not available (git-fixes).
- commit 85b5d5e
- bpftool: Fix -Wcast-qual warning (git-fixes).
- commit 0417873
- net: bridge: switchdev: Skip MDB replays of deferred events
on offload (CVE-2024-26837 bsc#1222973).
- commit 2f55c98
- s390/pkey: Wipe copies of protected- and secure-keys
(CVE-2024-42155 bsc#1228733).
- s390/pkey: Wipe copies of clear-key structures on failure
(CVE-2024-42156 bsc#1228722).
- s390/pkey: Wipe sensitive data on failure (CVE-2024-42157
bsc#1228727).
- s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
(CVE-2024-42158 bsc#1228720).
- s390/pkey: introduce dynamic debugging for pkey (bsc#1228720).
- s390/pkey: harmonize pkey s390 debug feature calls
(bsc#1228720).
- commit 72f0617
- usb: gadget: u_serial: Set start_delayed during suspend
(git-fixes).
- usb: gadget: core: Check for unset descriptor (git-fixes).
- usb: gadget: u_audio: Check return codes from usb_ep_enable
and config_ep_by_speed (git-fixes).
- driver core: Fix uevent_show() vs driver detach race
(git-fixes).
- thermal/drivers/broadcom: Fix race between removal and clock
disable (git-fixes).
- thermal: bcm2835: Convert to platform remove callback returning
void (stable-fixes).
- commit 9bfd8af
- selftests/bpf: Cover verifier checks for mutating
sockmap/sockhash (bsc#1226885 CVE-2024-38662).
- Revert "bpf, sockmap: Prevent lock inversion deadlock in map
delete elem" (bsc#1226885 CVE-2024-38662).
- bpf: Allow delete from sockmap/sockhash only if update is
allowed (bsc#1226885 CVE-2024-38662).
- commit 7f528cf
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- i2c: qcom-geni: Add missing geni_icc_disable in
geni_i2c_runtime_resume (git-fixes).
- i2c: qcom-geni: Add missing clk_disable_unprepare in
geni_i2c_runtime_resume (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source
not found (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes).
- drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
(git-fixes).
- drm/client: fix null pointer dereference in
drm_client_modeset_probe (git-fixes).
- commit e093c66
- Update patch references for ASoC regression fixes (bsc#1229045 bsc#1229046)
- commit 4e3f007
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- Moved upstreamed ASoC patch into sorted section
- commit 3058bc3
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value
(stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
(stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire
(stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask
(stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value
(stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6
(stable-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire
(stable-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask
(stable-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra)
to quirks (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4
(stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list
(stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- commit a8c8868
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT
(git-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask
(git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- commit cdc2939
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Split kABI workaround of recent hyperv fixes (bsc#1229040, bsc#1225745, CVE-2024-36911, bsc#1225717, CVE-2024-36910, bsc#1225744, CVE-2024-36909)
- commit 3639306
- Yet more build fix without patches.kabi (bsc#1226502)
- commit 6bc3429
- Fix build errors without patches.kabi (bsc#1226502)
Now patches.suse/x86-Stop-using-weak-symbols-for-__iowrite32_copy.patch
has a full backport and later partially reverted via
patches.kabi/kabi-partial-revert-commit-20516d6e51dd.patch
- commit 44c5e90
- landlock: Fix d_parent walk (CVE-2024-40938 bsc#1227840).
- commit 36de641
- net: fix sk_memory_allocated_{add|sub} vs softirqs
(bsc#1228757).
- commit a963c0f
- minmax: fix up min3() and max3() too (bsc#1229024).
- minmax: improve macro expansion and type checking (bsc#1229024).
- minmax: simplify min()/max()/clamp() implementation
(bsc#1229024).
- minmax: don't use max() in situations that want a C constant
expression (bsc#1229024).
- minmax: make generic MIN() and MAX() macros available everywhere
(bsc#1229024).
- minmax: simplify and clarify min_t()/max_t() implementation
(bsc#1229024).
- minmax: add a few more MIN_T/MAX_T users (bsc#1229024).
- minmax: avoid overly complicated constant expressions in VM code
(bsc#1229024).
- drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c
(bsc#1229024).
- commit c64c296
- Update
patches.suse/ALSA-emux-improve-patch-ioctl-data-validation.patch
(stable-fixes CVE-2024-42097 bsc#1228766).
- Update
patches.suse/ASoC-SOF-Intel-hda-fix-null-deref-on-system-suspend-.patch
(git-fixes CVE-2024-41037 bsc#1228508).
- Update
patches.suse/ASoC-amd-acp-add-a-null-check-for-chip_pdev-structur.patch
(git-fixes CVE-2024-42074 bsc#1228481).
- Update
patches.suse/ASoC-fsl-asoc-card-set-priv-pdev-before-using-it.patch
(git-fixes CVE-2024-42089 bsc#1228450).
- Update
patches.suse/Bluetooth-ISO-Check-socket-flag-instead-of-hcon.patch
(git-fixes CVE-2024-42141 bsc#1228502).
- Update
patches.suse/Bluetooth-Ignore-too-large-handle-values-in-BIG.patch
(git-fixes CVE-2024-42133 bsc#1228511).
- Update
patches.suse/Bluetooth-hci_core-cancel-all-works-upon-hci_unregis.patch
(stable-fixes CVE-2024-41063 bsc#1228580).
- Update
patches.suse/Bluetooth-qca-Fix-BT-enable-failure-again-for-QCA639.patch
(git-fixes CVE-2024-42137 bsc#1228563).
- Update patches.suse/PCI-MSI-Fix-UAF-in-msi_capability_init.patch
(git-fixes CVE-2024-41096 bsc#1228479).
- Update
patches.suse/RDMA-restrack-Fix-potential-invalid-address-access.patch
(git-fixes CVE-2024-42080 bsc#1228673).
- Update
patches.suse/USB-core-Fix-duplicate-endpoint-bug-by-clearing-rese.patch
(git-fixes CVE-2024-41035 bsc#1228485).
- Update patches.suse/USB-serial-mos7840-fix-crash-on-resume.patch
(git-fixes CVE-2024-42244 bsc#1228967).
- Update
patches.suse/ata-libata-core-Fix-null-pointer-dereference-on-erro.patch
(git-fixes CVE-2024-41098 bsc#1228467).
- Update
patches.suse/bluetooth-hci-disallow-setting-handle-bigger-than-HC.patch
(git-fixes CVE-2024-42132 bsc#1228492).
- Update
patches.suse/bpf-Fail-bpf_timer_cancel-when-callback-is-being-can.patch
(bsc#1228531 CVE-2024-41045 CVE-2024-42239 bsc#1228979).
- Update
patches.suse/can-mcp251xfd-fix-infinite-loop-when-xmit-fails.patch
(git-fixes CVE-2024-41088 bsc#1228469).
- Update
patches.suse/cdrom-rearrange-last_media_change-check-to-avoid-uni.patch
(stable-fixes CVE-2024-42136 bsc#1228758).
- Update
patches.suse/crypto-aead-cipher-zeroize-key-buffer-after-use.patch
(stable-fixes CVE-2024-42229 bsc#1228708).
- Update
patches.suse/crypto-ecdh-explicitly-zeroize-private_key.patch
(stable-fixes CVE-2024-42098 bsc#1228779).
- Update
patches.suse/drm-amd-display-ASSERT-when-failing-to-find-index-by.patch
(stable-fixes CVE-2024-42117 bsc#1228582).
- Update
patches.suse/drm-amd-display-Check-index-msg_id-before-read-or-wr.patch
(stable-fixes CVE-2024-42121 bsc#1228590).
- Update
patches.suse/drm-amd-display-Check-pipe-offset-before-setting-vbl.patch
(stable-fixes CVE-2024-42120 bsc#1228588).
- Update
patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dml.patch
(stable-fixes CVE-2024-41061 bsc#1228572).
- Update
patches.suse/drm-amd-display-Fix-overlapping-copy-within-dml_core.patch
(stable-fixes CVE-2024-42227 bsc#1228707).
- Update
patches.suse/drm-amd-display-Skip-finding-free-audio-for-unknown-.patch
(stable-fixes CVE-2024-42119 bsc#1228584).
- Update
patches.suse/drm-amd-display-Skip-pipe-if-the-pipe-idx-not-set-pr.patch
(stable-fixes CVE-2024-42064 bsc#1228586).
- Update
patches.suse/drm-amdgpu-Fix-signedness-bug-in-sdma_v4_0_process_t.patch
(git-fixes CVE-2024-41022 bsc#1228429).
- Update
patches.suse/drm-amdgpu-Using-uninitialized-value-size-when-calli.patch
(stable-fixes CVE-2024-42228 bsc#1228667).
- Update
patches.suse/drm-amdgpu-avoid-using-null-object-of-framebuffer.patch
(stable-fixes CVE-2024-41093 bsc#1228660).
- Update
patches.suse/drm-fbdev-dma-Only-set-smem_start-is-enable-per-modu.patch
(git-fixes CVE-2024-41094 bsc#1228458).
- Update
patches.suse/drm-i915-gt-Fix-potential-UAF-by-revoke-of-fence-reg.patch
(git-fixes CVE-2024-41092 bsc#1228483).
- Update
patches.suse/drm-lima-fix-shared-irq-handling-on-driver-remove.patch
(stable-fixes CVE-2024-42127 bsc#1228721).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in-66edf3f.patch
(stable-fixes CVE-2024-41095 bsc#1228662).
- Update
patches.suse/drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch
(stable-fixes CVE-2024-41089 bsc#1228658).
- Update
patches.suse/drm-nouveau-fix-null-pointer-dereference-in-nouveau_.patch
(git-fixes CVE-2024-42101 bsc#1228495).
- Update
patches.suse/drm-panel-ilitek-ili9881c-Fix-warning-with-GPIO-cont.patch
(stable-fixes CVE-2024-42087 bsc#1228677).
- Update
patches.suse/drm-radeon-check-bo_va-bo-is-non-NULL-before-using-i.patch
(stable-fixes CVE-2024-41060 bsc#1228567).
- Update
patches.suse/filelock-fix-potential-use-after-free-in-posix_lock_inode.patch
(git-fixes CVE-2024-41049 bsc#1228486).
- Update
patches.suse/firmware-cs_dsp-Fix-overflow-checking-of-wmfw-header.patch
(git-fixes CVE-2024-41039 bsc#1228515).
- Update
patches.suse/firmware-cs_dsp-Prevent-buffer-overrun-when-processi.patch
(git-fixes CVE-2024-41038 bsc#1228509).
- Update
patches.suse/firmware-cs_dsp-Return-error-if-block-header-overflo.patch
(git-fixes CVE-2024-42238 bsc#1228991).
- Update
patches.suse/firmware-cs_dsp-Use-strnlen-on-name-fields-in-V1-wmf.patch
(git-fixes CVE-2024-41056 bsc#1228480).
- Update
patches.suse/firmware-cs_dsp-Validate-payload-length-before-proce.patch
(git-fixes CVE-2024-42237 bsc#1228992).
- Update
patches.suse/genirq-cpuhotplug-x86-vector-Prevent-vector-leak-dur.patch
(git-fixes CVE-2024-31076 bsc#1226765).
- Update
patches.suse/gpio-davinci-Validate-the-obtained-number-of-IRQs.patch
(git-fixes CVE-2024-42092 bsc#1228447).
- Update
patches.suse/gpio-pca953x-fix-pca953x_irq_bus_sync_unlock-race.patch
(stable-fixes CVE-2024-42253 bsc#1229005).
- Update
patches.suse/i2c-pnx-Fix-potential-deadlock-warning-from-del_time.patch
(git-fixes CVE-2024-42153 bsc#1228510).
- Update
patches.suse/iio-chemical-bme680-Fix-overflows-in-compensate-func.patch
(git-fixes CVE-2024-42086 bsc#1228452).
- Update
patches.suse/jffs2-Fix-potential-illegal-address-access-in-jffs2_free_inode.patch
(git-fixes CVE-2024-42115 bsc#1228656).
- Update
patches.suse/libceph-fix-race-between-delayed_work-and-ceph_monc_s.patch
(bsc#1228192 CVE-2024-42232 bsc#1228959).
- Update
patches.suse/media-dvb-frontends-tda10048-Fix-integer-overflow.patch
(stable-fixes CVE-2024-42223 bsc#1228726).
- Update
patches.suse/misc-fastrpc-Fix-memory-leak-in-audio-daemon-attach-.patch
(git-fixes CVE-2024-41025 bsc#1228527).
- Update
patches.suse/misc-fastrpc-Restrict-untrusted-app-to-attach-to-pri.patch
(git-fixes CVE-2024-41024 bsc#1228525).
- Update
patches.suse/mm-Avoid-overflows-in-dirty-throttling-logic.patch
(bsc#1222364 CVE-2024-26720 CVE-2024-42131 bsc#1228650).
- Update
patches.suse/msft-hv-3022-net-mana-Fix-possible-double-free-in-error-handling-.patch
(git-fixes CVE-2024-42069 bsc#1228463).
- Update
patches.suse/net-can-j1939-Initialize-unused-data-in-j1939_send_o.patch
(git-fixes CVE-2024-42076 bsc#1228484).
- Update
patches.suse/net-can-j1939-enhanced-error-handling-for-tightly-re.patch
(git-fixes CVE-2023-52887 bsc#1228426).
- Update
patches.suse/nfc-nci-Add-the-inconsistency-check-between-the-inpu.patch
(stable-fixes CVE-2024-42130 bsc#1228687).
- Update
patches.suse/nilfs2-add-missing-check-for-inode-numbers-on-direct.patch
(stable-fixes CVE-2024-42104 bsc#1228654).
- Update patches.suse/nvme-avoid-double-free-special-payload.patch
(git-fixes CVE-2024-41073 bsc#1228635).
- Update patches.suse/nvmet-always-initialize-cqe.result.patch
(git-fixes CVE-2024-41079 bsc#1228615).
- Update
patches.suse/nvmet-fix-a-possible-leak-when-destroy-a-ctrl-during.patch
(git-fixes CVE-2024-42152 bsc#1228724).
- Update
patches.suse/ocfs2-fix-DIO-failure-due-to-insufficient-transaction-credits.patch
(git-fixes CVE-2024-42077 bsc#1228516).
- Update
patches.suse/ocfs2-strict-bound-check-before-memcmp-in-ocfs2_xatt.patch
(bsc#1228410 CVE-2024-41016).
- Update patches.suse/orangefs-fix-out-of-bounds-fsid-access.patch
(git-fixes CVE-2024-42143 bsc#1228748).
- Update
patches.suse/pinctrl-fix-deadlock-in-create_pinctrl-when-handling.patch
(git-fixes CVE-2024-42090 bsc#1228449).
- Update
patches.suse/platform-x86-toshiba_acpi-Fix-array-out-of-bounds-ac.patch
(git-fixes CVE-2024-41028 bsc#1228539).
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- Update
patches.suse/thermal-drivers-mediatek-lvts_thermal-Check-NULL-ptr.patch
(stable-fixes CVE-2024-42144 bsc#1228666).
- Update
patches.suse/usb-atm-cxacru-fix-endpoint-checking-in-cxacru_bind.patch
(git-fixes CVE-2024-41097 bsc#1228513).
- Update
patches.suse/usb-dwc3-core-remove-lock-of-otg-mode-during-gadget-.patch
(git-fixes CVE-2024-42085 bsc#1228456).
- Update
patches.suse/usb-gadget-configfs-Prevent-OOB-read-write-in-usb_st.patch
(stable-fixes CVE-2024-42236 bsc#1228964).
- Update
patches.suse/usb-xhci-prevent-potential-failure-in-handle_tx_even.patch
(stable-fixes CVE-2024-42226 bsc#1228709).
- Update
patches.suse/wifi-cfg80211-restrict-NL80211_ATTR_TXQ_QUANTUM-valu.patch
(git-fixes CVE-2024-42114 bsc#1228564).
- Update
patches.suse/wifi-cfg80211-wext-add-extra-SIOCSIWSCAN-data-check.patch
(stable-fixes CVE-2024-41072 bsc#1228626).
- Update
patches.suse/wifi-mac80211-Avoid-address-calculations-via-out-of-.patch
(stable-fixes CVE-2024-41071 bsc#1228625).
- Update
patches.suse/wifi-mt76-replace-skb_put-with-skb_put_zero.patch
(stable-fixes CVE-2024-42225 bsc#1228710).
- Update
patches.suse/wifi-rtw89-fw-scan-offload-prohibit-all-6-GHz-channe.patch
(bsc#1227149 CVE-2024-42125 bsc#1228674).
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation
(git-fixes CVE-2024-42240 bsc#1228966).
Add CVE references.
- commit dfa8582
- Bluetooth: hci_sync: avoid dup filtering when passive scanning
with adv monitor (git-fixes).
- Bluetooth: l2cap: always unlock channel in
l2cap_conless_channel() (git-fixes).
- net: usb: qmi_wwan: fix memory leak for not ip packets
(git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper()
(git-fixes).
- kcov: properly check for softirq context (git-fixes).
- commit fc99a65
- wireguard: allowedips: avoid unaligned 64-bit memory accesses
(CVE-2024-42247 bsc#1228988).
- commit 12abe6d
- selftests/bpf: Add netlink helper library (bsc#1228021
CVE-2024-41010).
- Fix BPF selftest build failure
- commit c3e9de4
- x86/numa: Fix the sort compare func used in numa_fill_memblks()
(git-fixes).
- x86/numa: Fix the address overlap check in numa_fill_memblks()
(git-fixes).
- commit b42baa2
- inet_diag: Initialize pad field in struct inet_diag_req_v2
(CVE-2024-42106 bsc#1228493).
- commit 87d015b
- x86/numa: Fix SRAT lookup of CFMWS ranges with
numa_fill_memblks() (git-fixes).
- ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window
(git-fixes).
- x86/numa: Introduce numa_fill_memblks() (git-fixes).
- commit 7f40727
- ACPI: processor_idle: use raw_safe_halt() in
acpi_idle_play_dead() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for
HIP08/09 (git-fixes).
- commit 23f94eb
- Update
patches.suse/crypto-hisilicon-debugfs-Fix-debugfs-uninit-process-.patch
(bsc#1228764 CVE-2024-42147).
- commit 9b42aa7
- serial: 8250_omap: Fix Errata i2310 with RX FIFO level check
(bsc#1228446 CVE-2024-42095).
- commit 6d3406b
- serial: 8250_omap: Implementation of Errata i2310 (bsc#1228446
CVE-2024-42095).
- commit a3bd324
- net/iucv: fix use after free in iucv_sock_close() (bsc#1228973).
- commit c3ed1a0
- s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579
CVE-2024-41068).
- commit a8db9f2
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 15eff3e
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU
offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain
aware (git-fixes).
- genirq/matrix: Exclude managed interrupts in
irq_matrix_allocated() (git-fixes).
- commit 592adb3
- selftests/bpf: Test pinning bpf timer to a core (bsc#1228531
CVE-2024-41045).
- Refresh patches.suse/selftests-bpf-Test-racing-between-bpf_timer_cancel_a.patch
- commit 1026c30
- bpf: Add ability to pin bpf timer to calling CPU (bsc#1228531
CVE-2024-41045).
- commit 060adb3
- power: supply: qcom_battmgr: return EAGAIN when firmware
service is not up (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage
writes down (git-fixes).
- power: supply: axp288_charger: Fix constant_charge_voltage
writes (git-fixes).
- commit 5ff04d3
- selftests/bpf: Add timer lockup selftest (bsc#1228531
CVE-2024-41045).
- bpf: Defer work in bpf_timer_cancel_and_free (bsc#1228531
CVE-2024-41045).
- bpf: Fail bpf_timer_cancel when callback is being cancelled
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_cancel_and_free with a generic helper
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_set_callback with a generic helper
(bsc#1228531 CVE-2024-41045).
- bpf: replace bpf_timer_init with a generic helper (bsc#1228531
CVE-2024-41045).
- bpf: make timer data struct more generic (bsc#1228531
CVE-2024-41045).
- bpf: Check map->usercnt after timer->timer is assigned
(bsc#1228531 CVE-2024-41045).
- commit a65dc5b
- Move upstreamed sound patches into sorted section
- commit df9598d
- ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop
16-n0xxx (bsc#1227182).
- commit 645364b
- tcp: avoid too many retransmit packets (CVE-2024-41007
bsc#1227863).
- commit 8f47fe6
- mlxsw: core_linecards: Fix double memory deallocation in case
of invalid INI file (CVE-2024-42138 bsc#1228500).
- ice: Don't process extts if PTP is disabled (CVE-2024-42107
bsc#1228494).
- ice: Fix improper extts handling (CVE-2024-42139 bsc#1228503).
- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx()
from __netif_rx() (CVE-2024-42110 bsc#1228501).
- net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
(CVE-2024-42113 bsc#1228568).
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds
(CVE-2024-42148 bsc#1228487).
- net/mlx5: E-switch, Create ingress ACL when needed
(CVE-2024-42142 bsc#1228491).
- mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4
systems (CVE-2024-42073 bsc#1228457).
- gve: Account for stopped queues when reading NIC stats
(CVE-2024-42162 bsc#1228706).
- commit e94d07a
- blacklist.conf: add some IRQ HANDLING ones
- commit 404c094
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482
CVE-2024-42082).
- commit 73e7677
- arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes)
- commit 2480247
- KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes)
- commit 90dba9e
- bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes)
- commit e10a18b
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- commit bae6c4b
- nvme-pci: do not directly handle subsys reset fallout
(bsc#1220066).
- commit 2082e5f
- platform/x86/intel/ifs: Initialize union ifs_status to zero
(git-fixes).
- commit b291cc1
- scsi: qedi: Fix crash while reading debugfs attribute
(bsc#1227929 CVE-2024-40978).
- block/ioctl: prefer different overflow check (bsc#1227867
CVE-2024-41000).
- commit 4cc5e60
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
(CVE-2024-40995 bsc#1227830).
- commit 0580a17
- PCI: hv: Return zero, not garbage, when reading
PCI_INTERRUPT_PIN (git-fixes).
- RDMA/mana_ib: Use virtual address in dma regions for MRs
(git-fixes).
- commit 9336dc6
- bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
(bsc#1228756 CVE-2024-42161).
- commit 64d3ad2
- ASoC: topology: Fix route memory corruption (CVE-2024-41069
bsc#1228644).
- ASoC: topology: Clean up route loading (CVE-2024-41069
bsc#1228644).
- commit 30d44d4
- md-cluster: keeping kabi compatibility for upstream commit
35a0a409fa26 (bsc#1223395).
- md-cluster: fix no recovery job when adding/re-adding a disk
(bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding
(bsc#1223395).
- commit dac906f
- tools/perf: Fix timing issue with parallel threads in perf
bench wake-up-parallel (bsc#1227747).
- tools/perf: Fix perf bench epoll to enable the run when some
CPU's are offline (bsc#1227747).
- tools/perf: Fix perf bench futex to enable the run when some
CPU's are offline (bsc#1227747).
- commit 7bc1e4f
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap()
(bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3
(bsc#1194869).
- commit f36d7ca
- KVM: PPC: Book3S HV: Handle pending exceptions on guest entry
with MSR_EE (bsc#1215199).
- commit 6051d0b
- blacklist.conf: KVM PPC APIv2 enablement not included.
- commit b36c39a
- liquidio: Adjust a NULL pointer handling path in
lio_vf_rep_copy_packet (CVE-2024-39506 bsc#1227729).
- commit 6f4e943
- kabi/severity: add nvme common code
The nvme common code is also allowed to change the data structures, there
are only internal users.
- commit 3abdbd5
- apparmor: unpack transition table if dfa is not present
(bsc#1226031).
- commit 10a598f
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper
endian macro usages (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting
trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
(bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in
dev_loss callbk (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response
(bsc#1228857).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if
in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI
port is inactive (bsc#1228857).
- commit c4b9763
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI
(bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly
(bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for
ELS cmds (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online
(bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple'
(bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count
(bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: Avoid possible run-time warning with long
model_num (bsc#1228850).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849).
- commit 072d194
- nvme-pci: add missing condition check for existence of mapped
data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management
(git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvmet: do not return 'reserved' for empty TSAS values
(git-fixes).
- nvme: fix NVME_NS_DEAC may incorrectly identifying the disk
as EXT_LBA (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp
establishment (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset
(git-fixes).
- nvme-multipath: find NUMA path only for online numa-node
(git-fixes).
- commit 7935501
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN
Mainline commit f2f6a8e88717 ("init/Kconfig: remove
CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND") replaced
GCC_ASM_GOTO_OUTPUT_WORKAROUND with GCC_ASM_GOTO_OUTPUT_BROKEN. Ignore both
when checking config changes.
- commit b60be3e
- RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes)
- commit 3130571
- bnxt_re: Fix imm_data endianness (git-fixes)
- commit 49ce7dd
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- commit 09de886
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- commit 9e511e1
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- commit 75c8a8f
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- commit f76d2ac
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- commit 3200c5d
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- commit 1c3f5bc
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- commit bae3b01
- RDMA/hns: Check atomic wr length (git-fixes)
- commit 53b999f
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- commit 1a6c9cf
- RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- commit ecbc61e
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- commit 9a0a984
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- commit e923a91
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- commit e73316e
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- commit ee50dd0
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- commit 6b71029
- IB/core: Implement a limit on UMAD receive List (bsc#1228743 CVE-2024-42145)
- commit 673df57
- xfs: convert comma to semicolon (git-fixes).
- commit 8f18daf
- hfs: fix to initialize fields of hfs_inode_info after
hfs_alloc_inode() (git-fixes).
- commit 1aa4511
- kABI workaround for sound core UMP conversion (stable-fixes).
- commit b9e008a
- ALSA: seq: ump: Explicitly reset RPN with Null RPN
(stable-fixes).
- ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data
reception (stable-fixes).
- ALSA: seq: ump: Use the common RPN/bank conversion context
(stable-fixes).
- ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes).
- ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data
reception (stable-fixes).
- commit 508da4c
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- commit 041506f
- Drop doubly put References tags in sound patches
- commit 92b6eba
- Revert "ALSA: firewire-lib: operate for period elapse event
in process context" (bsc#1208783).
- commit 2045d7f
- Revert "ALSA: firewire-lib: obsolete workqueue for period
update" (bsc#1208783).
- commit 09a87ea
- spi: microchip-core: switch to use modern name (stable-fixes).
- Refresh
patches.suse/spi-microchip-core-defer-asserting-chip-select-until.patch.
- commit 31d15b3
- spi: microchip-core: fix init function not setting the master
and motorola modes (git-fixes).
- drm/amdgpu: reset vm state machine after gpu reset(vram lost)
(stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell
(stable-fixes).
- efi/libstub: Zero initialize heap allocated struct screen_info
(git-fixes).
- PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes).
- dev/parport: fix the array out-of-bounds risk (stable-fixes).
- clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer
the error (git-fixes).
- clk: qcom: Park shared RCGs upon registration (git-fixes).
- clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's
(git-fixes).
- clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during
disable (git-fixes).
- clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and
ALWAYS_ON flags (git-fixes).
- clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and
flags (git-fixes).
- clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during
disable (git-fixes).
- clk: qcom: camcc-sc7280: Add parent dependency to all camera
GDSCs (git-fixes).
- clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE
clock (git-fixes).
- clk: en7523: fix rate divider for slic and spi clocks
(git-fixes).
- drm/etnaviv: don't block scheduler when GPU is still active
(stable-fixes).
- media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920
(git-fixes).
- media: uvcvideo: Quirk for invalid dev_sof in Logitech C922
(stable-fixes).
- ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no
error (stable-fixes).
- ata: libata-scsi: Do not overwrite valid sense data when
CK_COND=1 (stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591
(stable-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device
tables (stable-fixes).
- wifi: rtw88: usb: Fix disconnection after beacon loss
(stable-fixes).
- media: uvcvideo: Disable autosuspend for Insta360 Link
(stable-fixes).
- sbitmap: use READ_ONCE to access map->word (stable-fixes).
- Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio
(stable-fixes).
- commit 5fabaee
- ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G
(stable-fixes).
- commit ae4c81e
- ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map
(git-fixes).
- ALSA: seq: ump: Optimize conversions from SysEx to UMP
(git-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the
polling mode (git-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/virtio: Fix type of dma-fence context variable (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()
(git-fixes).
- drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes).
- i915/perf: Remove code to update PWR_CLK_STATE for gen12
(git-fixes).
- commit 581e0b5
- ptp: fix integer overflow in max_vclocks_store (bsc#1227829
CVE-2024-40994).
- commit f2dc01f
- Update
patches.suse/79b5b4b18bc8-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free-.patch
(CVE-2024-35854 bsc#1224636 CVE-2024-35855 bsc#1224694).
- Update
patches.suse/ACPICA-Revert-ACPICA-avoid-Info-mapping-multiple-BAR.patch
(git-fixes CVE-2024-40984 bsc#1227820).
- Update
patches.suse/ALSA-hda-cs35l41-Possible-null-pointer-dereference-i.patch
(git-fixes CVE-2024-40964 bsc#1227818).
- Update
patches.suse/ALSA-hda-cs35l56-Fix-lifetime-of-cs_dsp-instance.patch
(git-fixes CVE-2024-39491 bsc#1227627).
- Update
patches.suse/Bluetooth-hci_core-Fix-possible-buffer-overflow.patch
(git-fixes CVE-2024-26889 bsc#1228195).
- Update
patches.suse/HID-core-remove-unnecessary-WARN_ON-in-implement.patch
(git-fixes CVE-2024-39509 bsc#1227733).
- Update
patches.suse/HID-logitech-dj-Fix-memory-leak-in-logi_dj_recv_swit.patch
(git-fixes CVE-2024-40934 bsc#1227796).
- Update
patches.suse/KVM-SVM-WARN-on-vNMI-NMI-window-iff-NMIs-are-outrigh.patch
(git-fixes CVE-2024-39483 bsc#1227494).
- Update
patches.suse/KVM-arm64-Fix-circular-locking-dependency.patch
(bsc#1222463 (CVE-2024-26691) CVE-2024-26691).
- Update
patches.suse/RDMA-mlx5-Add-check-for-srq-max_sge-attribute.patch
(git-fixes CVE-2024-40990 bsc#1227824).
- Update
patches.suse/RDMA-rxe-Fix-responder-length-checking-for-UD-reques.patch
(git-fixes CVE-2024-40992 bsc#1227826).
- Update
patches.suse/SUNRPC-Fix-loop-termination-condition-in-gss_free_in.patch
(git-fixes CVE-2024-36288 bsc#1226834).
- Update
patches.suse/USB-class-cdc-wdm-Fix-CPU-lockup-caused-by-excessive.patch
(git-fixes CVE-2024-40904 bsc#1227772).
- Update
patches.suse/arm64-asm-bug-Add-.align-2-to-the-end-of-__BUG_ENTRY.patch
(git-fixes CVE-2024-39488 bsc#1227618).
- Update
patches.suse/ata-libata-core-Fix-double-free-on-error.patch
(git-fixes CVE-2024-41087 bsc#1228740).
- Update
patches.suse/ax25-Fix-refcount-imbalance-on-inbound-connections.patch
(git-fixes CVE-2024-40910 bsc#1227832).
- Update
patches.suse/batman-adv-bypass-empty-buckets-in-batadv_purge_orig.patch
(stable-fixes CVE-2024-40981 bsc#1227864).
- Update
patches.suse/btrfs-zoned-allocate-dummy-checksums-for-zoned-NODAT.patch
(bsc#1223731 CVE-2024-26944 CVE-2024-40962 bsc#1227815).
- Update
patches.suse/cachefiles-remove-requests-from-xarray-during-flushin.patch
(bsc#1226588 CVE-2024-40900 bsc#1227760).
- Update
patches.suse/cpufreq-amd-pstate-fix-memory-leak-on-CPU-EPP-exit.patch
(stable-fixes CVE-2024-40997 bsc#1227853).
- Update
patches.suse/crypto-hisilicon-sec-Fix-memory-leak-for-sec-resourc.patch
(stable-fixes CVE-2024-41002 bsc#1227870).
- Update
patches.suse/crypto-qat-Fix-ADF_DEV_RESET_SYNC-memory-leak.patch
(git-fixes CVE-2024-39493 bsc#1227620).
- Update
patches.suse/cxl-region-Fix-memregion-leaks-in-devm_cxl_add_regio.patch
(git-fixes CVE-2024-40936 bsc#1227833).
- Update
patches.suse/drivers-core-synchronize-really_probe-and-dev_uevent.patch
(git-fixes CVE-2024-39501 bsc#1227754).
- Update
patches.suse/drm-amdgpu-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40987 bsc#1228235).
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 git-fixes bsc#1228114).
- Update
patches.suse/drm-bridge-cdns-mhdp8546-Fix-possible-null-pointer-d.patch
(git-fixes CVE-2024-38548 bsc#1228202).
- Update patches.suse/drm-drm_file-Fix-pid-refcounting-race.patch
(git-fixes CVE-2024-39486 bsc#1227492).
- Update
patches.suse/drm-exynos-hdmi-report-safe-640x480-mode-as-a-fallba.patch
(git-fixes CVE-2024-40916 bsc#1227846).
- Update
patches.suse/drm-exynos-vidi-fix-memory-leak-in-.get_modes.patch
(stable-fixes CVE-2024-40932 bsc#1227828).
- Update
patches.suse/drm-i915-dpt-Make-DPT-object-unshrinkable.patch
(git-fixes CVE-2024-40924 bsc#1227787).
- Update
patches.suse/drm-komeda-check-for-error-valued-pointer.patch
(git-fixes CVE-2024-39505 bsc#1227728).
- Update
patches.suse/drm-lima-mask-irqs-in-timeout-path-before-hard-reset.patch
(stable-fixes CVE-2024-40976 bsc#1227893).
- Update
patches.suse/drm-nouveau-don-t-attempt-to-schedule-hpd_work-on-he.patch
(git-fixes CVE-2024-40926 bsc#1227791).
- Update
patches.suse/drm-radeon-fix-UBSAN-warning-in-kv_dpm.c.patch
(stable-fixes CVE-2024-40988 bsc#1227957).
- Update
patches.suse/drm-shmem-helper-Fix-BUG_ON-on-mmap-PROT_WRITE-MAP_P.patch
(git-fixes CVE-2024-39497 bsc#1227722).
- Update
patches.suse/io_uring-io-wq-Use-set_bit-and-test_bit-at-worker-fl.patch
(git-fixes CVE-2024-39508 bsc#1227732).
- Update
patches.suse/io_uring-rsrc-don-t-lock-while-TASK_RUNNING.patch
(git-fixes CVE-2024-40922 bsc#1227785).
- Update
patches.suse/io_uring-sqpoll-work-around-a-potential-audit-memory.patch
(git-fixes CVE-2024-41001 bsc#1227869).
- Update
patches.suse/iommu-Return-right-value-in-iommu_sva_bind_device.patch
(git-fixes CVE-2024-40945 bsc#1227802).
- Update
patches.suse/jfs-xattr-fix-buffer-overflow-for-invalid-xattr.patch
(bsc#1227383 CVE-2024-40902 bsc#1227764).
- Update
patches.suse/mmc-davinci-Don-t-strip-remove-function-when-driver-.patch
(git-fixes CVE-2024-39484 bsc#1227493).
- Update
patches.suse/nfs-Handle-error-of-rpc_proc_register-in-nfs_net_ini.patch
(git-fixes CVE-2024-36939 bsc#1225838).
- Update
patches.suse/ocfs2-fix-races-between-hole-punching-and-AIO-DIO.patch
(git-fixes CVE-2024-40943 bsc#1227849).
- Update
patches.suse/serial-imx-Introduce-timeout-when-waiting-on-transmi.patch
(stable-fixes CVE-2024-40967 bsc#1227891).
- Update
patches.suse/sock_map-avoid-race-between-sock_map_close-and-sk_ps.patch
(bsc#1225475 CVE-2023-52735 CVE-2024-39500 bsc#1227724).
- Update
patches.suse/ssb-Fix-potential-NULL-pointer-dereference-in-ssb_de.patch
(stable-fixes CVE-2024-40982 bsc#1227865).
- Update
patches.suse/tracing-Build-event-generation-tests-only-as-modules.patch
(git-fixes CVE-2024-41004 bsc#1227851).
- Update
patches.suse/tracing-trigger-Fix-to-return-error-if-failed-to-alloc-snapshot.patch
(git-fixes CVE-2024-26920 bsc#1228237).
- Update
patches.suse/usb-typec-tcpm-fix-use-after-free-case-in-tcpm_regis.patch
(git-fixes CVE-2024-40903 bsc#1227766).
- Update
patches.suse/vmci-prevent-speculation-leaks-by-sanitizing-event-i.patch
(git-fixes CVE-2024-39499 bsc#1227725).
- Update
patches.suse/wifi-ath11k-rely-on-mac80211-debugfs-handling-for-vi.patch
(bsc#1227149 CVE-2024-26637 bsc#1221652).
- Update
patches.suse/wifi-cfg80211-Lock-wiphy-in-cfg80211_get_station.patch
(git-fixes CVE-2024-40911 bsc#1227792).
- Update
patches.suse/wifi-cfg80211-detect-stuck-ECSA-element-in-probe-res.patch
(bsc#1227149 CVE-2024-26683 bsc#1222434).
- Update
patches.suse/wifi-cfg80211-validate-HE-operation-element-parsing.patch
(bsc#1227149 CVE-2024-40930 bsc#1228236).
- Update patches.suse/wifi-iwlwifi-Use-request_module_nowait.patch
(bsc#1227149 CVE-2024-36970 bsc#1226127).
- Update
patches.suse/wifi-iwlwifi-mvm-check-n_ssids-before-accessing-the-.patch
(git-fixes CVE-2024-40929 bsc#1227774).
- Update
patches.suse/wifi-iwlwifi-mvm-don-t-read-past-the-mfuart-notifcat.patch
(git-fixes CVE-2024-40941 bsc#1227771).
- Update
patches.suse/wifi-iwlwifi-mvm-pick-the-version-of-SESSION_PROTECT.patch
(bsc#1227149 CVE-2024-35913 bsc#1224485).
- Update
patches.suse/wifi-mac80211-Fix-deadlock-in-ieee80211_sta_ps_deliv.patch
(git-fixes CVE-2024-40912 bsc#1227790).
- Update
patches.suse/wifi-mac80211-improve-CSA-ECSA-connection-refusal.patch
(bsc#1227149 CVE-2024-26682 bsc#1222433).
- Update
patches.suse/wifi-mac80211-mesh-Fix-leak-of-mesh_preq_queue-objec.patch
(git-fixes CVE-2024-40942 bsc#1227770).
- Update
patches.suse/wifi-mt76-connac-check-for-null-before-dereferencing.patch
(bsc#1227149 CVE-2024-38609 bsc#1226751).
- Update
patches.suse/wifi-mt76-mt7921s-fix-potential-hung-tasks-during-ch.patch
(stable-fixes CVE-2024-40977 bsc#1227950).
- Update
patches.suse/wifi-mt76-mt7925e-fix-use-after-free-in-free_irq.patch
(bsc#1227149 CVE-2024-27049 bsc#1223763).
- Update
patches.suse/wifi-mt76-mt7996-fix-potential-memory-leakage-when-r.patch
(bsc#1227149 CVE-2024-38563 bsc#1226743).
- Update
patches.suse/x86-kexec-Fix-bug-with-call-depth-tracking.patch
(git-fixes CVE-2024-40944 bsc#1227883).
- Update
patches.suse/xhci-Handle-TD-clearing-for-multiple-streams-case.patch
(git-fixes CVE-2024-40927 bsc#1227816).
- commit 2cd72fd
- Update
patches.suse/SUNRPC-Fix-UAF-in-svc_tcp_listen_data_ready.patch
(bsc#1012628 CVE-2023-52885 bsc#1227750).
- Update
patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch
(bsc#1213123 CVE-2023-37453 CVE-2023-52886 bsc#1227981).
- Update
patches.suse/btrfs-zoned-fix-lock-ordering-in-btrfs_zone_activate.patch
(bsc#1223731 CVE-2024-26944 CVE-2023-52668 bsc#1224690).
- Update
patches.suse/wifi-ath12k-fix-the-error-handler-of-rfkill-config.patch
(bsc#1227149 CVE-2023-52688 bsc#1224631).
- commit 0637df8
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (CVE-2024-42124 bsc#1228705)
- commit a8638c5
- x86: stop playing stack games in profile_pc() (bsc#1228633
CVE-2024-42096).
- commit 5c85064
- net: dsa: mv88e6xxx: Correct check for empty list (CVE-2024-42224 bsc#1228723)
- commit 48e8710
- skmsg: Skip zero length skb in sk_msg_recvmsg (CVE-2024-41048 bsc#1228565)
- commit 1a6942b
- netns: Make get_net_ns() handle zero refcount net
(CVE-2024-40958 bsc#1227812).
- commit f6c7d72
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- commit e6f41be
- net: wwan: iosm: Fix tainted pointer delete is case of region
creation fail (CVE-2024-40939 bsc#1227799).
- commit 0b93a9f
- nsh: Restore skb->{protocol,data,mac_header} for outer header
in nsh_gso_segment() (CVE-2024-36933 bsc#1225832).
- commit 6740d82
- blacklist.conf: Add 943ad0b62e3c kernel: rerun task_work while freezing in get_signal()
and related io_uring fix.
- commit ead5c32
- net: core: reject skb_copy(_expand) for fraglist GSO skbs
(CVE-2024-36929 bsc#1225814).
- commit e49ed10
- blacklist.conf: Add 7a4479680d7f cgroup_misc: add kernel-doc comments for enum misc_res_type
- commit fe05fa4
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- commit 8707a09
- Drop MD patches that caused dependency cycles
Also the patch was placed in a wrong directory.
Deleted:
patches.kabi/0002-md-cluster-fix-no-recovery-job-when-adding-re-adding.patch
patches.suse/0001-md-cluster-fix-hanging-issue-while-a-new-disk-adding.patch
- commit f696a5b
- net: phy: micrel: Fix the KSZ9131 MDI-X status issue
(git-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy
(git-fixes).
- Bluetooth: btintel: Fail setup on error (git-fixes).
- wifi: ath12k: fix soft lockup on suspend (git-fixes).
- wifi: cfg80211: fix reporting failed MLO links status with
cfg80211_connect_done (git-fixes).
- wifi: mac80211: use monitor sdata with driver only if desired
(git-fixes).
- net: phy: realtek: add support for RTL8366S Gigabit PHY
(git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
(git-fixes).
- commit f33a0c2
- ppp: reject claimed-as-LCP but actually malformed packets
(CVE-2024-41044 bsc#1228530).
- ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066
bsc#1228640).
- net/dpaa2: Avoid explicit cpumask var allocation on stack
(CVE-2024-42093 bsc#1228680).
- commit 960e23f
- drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591 CVE-2024-42122)
- commit 22c79c5
- workqueue: Improve scalability of workqueue watchdog touch
(bsc#1193454).
- commit 3c83768
- workqueue: wq_watchdog_touch is always called with valid CPU
(bsc#1193454).
- commit 5cd5767
- btrfs: qgroup: fix quota root leak after quota disable failure
(bsc#1228655 CVE-2024-41078).
- commit d598dd5
- KVM: arm64: Disassociate vcpus from redistributor region on
teardown (CVE-2024-40989 bsc#1227823).
- commit 8e9651c
- powerpc/eeh: avoid possible crash when edev->pdev changes
(CVE-2024-41064 bsc#1228599).
- commit 2510511
- net: ks8851: Fix deadlock with the SPI chip variant (CVE-2024-41036 bsc#1228496)
- commit 3cf617f
- net/sched: Fix UAF when resolving a clash (CVE-2024-41040 bsc#1228518)
- commit dea6a81
- btrfs: make sure that WRITTEN is set on all metadata blocks (CVE-2024-35949 bsc#1224700)
Changes: adjust returned error codes to -EUCLEAN and drop definition of
the enum error.
- commit 7880179
- ila: block BH in ila_output() (CVE-2024-41081 bsc#1228617)
- commit b832793
- NFSv4: Fix memory leak in nfs4_set_security_label (CVE-2024-41076 bsc#1228649)
- commit c2db2a8
- gfs2: Fix NULL pointer dereference in gfs2_log_flush
(bsc#1228672 CVE-2024-42079).
- commit 61cd0c5
- Update patch reference for ASoC fix (CVE-2024-41069 bsc#1228644)
- commit bc5c8af
- Update patches.suse/nilfs2-fix-inode-number-range-checks.patch
(stable-fixes bsc#1228665 CVE-2024-42105).
- commit c8d5b4d
- Update patches.suse/hfsplus-fix-uninit-value-in-copy_name.patch
(git-fixes bsc#1228561 CVE-2024-41059).
- commit f1238d0
- cachefiles: fix slab-use-after-free in
cachefiles_withdraw_cookie() (bsc#1228462 CVE-2024-41057).
- cachefiles: fix slab-use-after-free in fscache_withdraw_volume()
(bsc#1228459 CVE-2024-41058).
- netfs, fscache: export fscache_put_volume() and add
fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- commit a80ddf3
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit ab277a6
- ocfs2: add bounds checking to ocfs2_check_dir_entry()
(bsc#1228409 CVE-2024-41015).
- ocfs2: strict bound check before memcmp in
ocfs2_xattr_find_entry() (bsc#1228410).
- ocfs2: add bounds checking to ocfs2_xattr_find_entry()
(bsc#1228410 CVE-2024-41016).
- commit ec6fa65
- platform/chrome: cros_ec_proto: Lock device when updating MKBP
version (git-fixes).
- commit d441a76
- Update patch reference of dmaengine fix (CVE-2024-40956 bsc#1227810)
- commit d7e764c
- vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625
CVE-2024-27437).
- commit de8901b
- mm: vmalloc: check if a hash-index is in cpu_possible_mask (CVE-2024-41032 bsc#1228460)
- commit 9b04845
- seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (CVE-2024-40957 bsc#1227811)
- commit a8ab7dd
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (CVE-2024-41041 bsc#1228520)
- commit 74b98cc
- net: do not leave a dangling sk pointer, when socket creation fails (CVE-2024-40954 bsc#1227808)
- commit 5ea4aa9
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070 bsc#1228470)
- commit 3ac6386
- KVM: PPC: Book3S HV: Prevent UAF in
kvm_spapr_tce_attach_iommu_group() (bsc#1228581 CVE-2024-41070).
- commit 89912c7
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
(CVE-2024-40959 bsc#1227884).
- commit 3a174d1
- Update config files.
Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834)
- commit 9287d7f
- selftests/bpf: Extend tcx tests to cover late tcx_entry release
(bsc#1228021 CVE-2024-41010).
- bpf: Fix too early release of tcx_entry (bsc#1228021
CVE-2024-41010).
- commit 57180df
- selftests/bpf: Add more ring buffer test coverage (bsc#1228020
CVE-2024-41009).
- bpf: Fix overrunning reservations in ringbuf (bsc#1228020
CVE-2024-41009).
- commit cd82cf6
- md-cluster: fix no recovery job when adding/re-adding a disk
(bsc#1223395).
- md-cluster: fix hanging issue while a new disk adding
(bsc#1223395).
- commit d3c6e61
- rpm/guards: fix precedence issue with control flow operator
With perl 5.40 it report the following error on rpm/guards script:
Possible precedence issue with control flow operator (exit) at scripts/guards line 208.
Fix the issue by adding parenthesis around ternary operator.
- commit dfba20e
- blacklist.conf: Add 9c573cd31343 randomize_kstack: Improve entropy diffusion
- commit 095be15
- blacklist.conf: kABI
- commit 1dd3f93
- blacklist.conf: spelling fix in comment
- commit de0ca0a
- blacklist.conf: cleanup, no code change
- commit 19384b6
- blacklist.conf: pure cleanup
- commit 21ff021
- blacklist.conf: pure cleanup
- commit fef6015
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- curl
-
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patch:
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- Security fix: [bsc#1230093, CVE-2024-8096]
* curl: OCSP stapling bypass with GnuTLS
* Add curl-CVE-2024-8096.patch
- expat
-
- Security fix (bsc#1229932, CVE-2024-45492): detect integer
overflow in function nextScaffoldPart
* Added expat-CVE-2024-45492.patch
- Security fix (bsc#1229931, CVE-2024-45491): detect integer
overflow in dtdCopy
* Added expat-CVE-2024-45491.patch
- Security fix (bsc#1229930, CVE-2024-45490): reject negative
len for XML_ParseBuffer
* Added expat-CVE-2024-45490.patch
- ncurses
-
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- openssl-3
-
- Security fix: [bsc#1230698, CVE-2024-41996]
* Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used
* Added openssl-3-CVE-2024-41996.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- Security fix: [bsc#1230034, CVE-2024-8006]
* libpcap: NULL pointer derefence in pcap_findalldevs_ex()
* Add libpcap-CVE-2024-8006.patch
- Security fix: [bsc#1230020, CVE-2023-7256]
* libpcap: double free via addrinfo in sock_initaddress()
* Add libpcap-CVE-2023-7256.patch
- python3
-
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- libsolv
-
- removed dependency on external find program in the repo2solv tool
- bindings: fix return value of repodata.add_solv()
- new SOLVER_FLAG_FOCUS_NEW flag
- bump version to 0.7.30
- systemd
-
- Import commit 44943af96be1422c2d7bdf271e4a77b42f4b41ec (merge of v254.18)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/51fd0b7b9d11bb932370f4bcc3e849f8c0b3bc06...44943af96be1422c2d7bdf271e4a77b42f4b41ec
- Add 5003-99-systemd.rules-rework-SYSTEMD_READY-logic-for-devi.patch (bsc#1229518)
- Import commit 51fd0b7b9d11bb932370f4bcc3e849f8c0b3bc06
0512d0d1fc cgroup: Rename effective limits internal table (jsc#PED-5659)
765846b70b cgroup: Restrict effective limits with global resource provision (jsc#PED-5659)
e29909088b test: Add effective cgroup limits testing (jsc#PED-5659)
beacac6df0 test: Convert rlimit test to subtest of generic limit testing (jsc#PED-5659)
e3b789e512 cgroup: Add EffectiveMemoryMax=, EffectiveMemoryHigh= and EffectiveTasksMax= properties (jsc#PED-5659)
5aa063ae16 bus-print-properties: prettify more unset properties
a53122c9bd bus-print-properties: ignore CGROUP_LIMIT_MAX for Memory*{Current, Peak}
8418791441 cgroup: rename TasksMax structure to CGroupTasksMax
- Drop 5003-cgroup-rename-TasksMax-structure-to-CGroupTasksMax.patch
5004-bus-print-properties-ignore-CGROUP_LIMIT_MAX-for-Mem.patch
5005-bus-print-properties-prettify-more-unset-properties.patch
5006-cgroup-Add-EffectiveMemoryMax-EffectiveMemoryHigh-an.patch
5007-test-Convert-rlimit-test-to-subtest-of-generic-limit.patch
5008-test-Add-effective-cgroup-limits-testing.patch
5009-cgroup-Restrict-effective-limits-with-global-resourc.patch
5010-cgroup-Rename-effective-limits-internal-table.patch
These patches have been merged in the SUSE/254 branch.
- Don't try to restart the udev socket units anymore (bsc#1228809)
There's currently no way to restart a socket activable service and its socket
units "atomically" and safely.
- Make the 32bit version of libudev.so available again (bsc#1228223)
The symlink for building 32bit applications was mistakenly dropped when the
content of libudev-devel was merged into systemd-devel.
Provide the 32bit flavor of systemd-devel again, which should restore the plug
and play support in Wine for 32bit windows applications.
- Import commit cbad4b6dbbec36616c04f2d26e2e568936c789ab (merge of v254.17)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/2ef89364315e1ca71606768f1bb4d63aaee66209...cbad4b6dbbec36616c04f2d26e2e568936c789ab
- Import commit 2ef89364315e1ca71606768f1bb4d63aaee66209 (merge of v254.16)
For a complete list of changes, visit:
https://github.com/openSUSE/systemd/compare/957aeb6452837326866e1f89092e6d0e0665fc10...2ef89364315e1ca71606768f1bb4d63aaee66209
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
Otherwise pesign-obs-integration ends up re-packaging systemd with all macros
inside comments unescaped leading to unpredictable behavior. Now why rpm
expands rpm macros inside comments is the question...
- libzypp
-
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- Make sure not to statically linked installed tools (bsc#1228787)
- version 17.35.8 (35)
- MediaPluginType must be resolved to a valid MediaHandler
(bsc#1228208)
- version 17.35.7 (35)
- Export CredentialManager for legacy YAST versions (bsc#1228420)
- version 17.35.6 (35)
- Export asSolvable for YAST (bsc#1228420)
- Fix 4 typos in zypp.conf.
- version 17.35.5 (35)
- Fix typo in the geoip update pipeline (bsc#1228206)
- Export RepoVariablesStringReplacer for yast2 (bsc#1228138)
- version 17.35.4 (35)
- Translation: updated .pot file.
- Conflict with python zypp-plugin < 0.6.4 (bsc#1227793)
Older zypp-plugins reject stomp headers including a '-'. Like the
'content-length' header we may send.
- Fix int overflow in Provider (fixes #559)
This patch fixes an issue in safe_strtonum which caused
timestamps to overflow in the Provider message parser.
- Fix error reporting on repoindex.xml parse error (bsc#1227625)
- version 17.35.3 (35)
- Keep UrlResolverPlugin API public (fixes #560)
- Blacklist /snap executables for 'zypper ps' (bsc#1226014)
- Fix handling of buddies when applying locks (bsc#1225267)
Buddy pairs (like -release package and product) internally share
the same status object. When applying locks from query results
the locked bit must be set if either item is locked.
- version 17.35.2 (35)
- Install zypp/APIConfig.h legacy include (fixes #557)
- version 17.35.1 (35)
- Update soname due to RepoManager refactoring and cleanup.
- version 17.35.0 (35)
- Workaround broken libsolv-tools-base requirements (fixes
openSUSE/zypper#551)
- Strip ssl_clientkey from repo urls (bsc#1226030)
- Remove protobuf build dependency.
- Lazily attach medium during refresh workflows (bsc#1223094)
- Refactor RepoManager and add Service workflows.
- version 17.34.2 (34)
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- makedumpfile
-
- don't reserve disk space for flattened format (bsc#1226183)
* Add make-reserve_diskspace-do-nothing-for-flattened-form.patch
- pam-config
-
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- perl-Bootloader
-
- merge gh#openSUSE/perl-bootloader#176
- handle missing grub_installdevice on powerpc (bsc#1230070)
- 1.8.2
- rsyslog
-
- restart daemon after update at the end of the transaction
(bsc#1230984)
- runc
-
[ This was only ever released for SLES and Leap. ]
- Update to runc v1.1.14. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.14>.
Includes the patch for CVE-2024-45310. bsc#1230092
- Rebase patches:
* 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
* 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
* 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
* 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- suseconnect-ng
-
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- xen
-
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- zypper
-
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77
- Show rpm install size before installing (bsc#1224771)
If filesystem snapshots are taken before the installation (e.g.
by snapper) no disk space is freed by removing old packages. In
this case the install size of all packages is a hint how much
additional disk space is needed by the new packages static
content.
- version 1.14.76
- Fix readline setup to handle Ctrl-C and Ctrl-D corrrectly
(bsc#1227205)
- version 1.14.75
- Let_readline_abort_on_Ctrl-C (bsc#1226493)
- packages: add '--system' to show @System packages (bsc#222971)
- version 1.14.74
- Fixed check for outdated repo metadata as non-root user
(bsc#1222086)
- BuildRequires: libzypp-devel >= 17.33.0.
- Delay zypp lock until command options are parsed (bsc#1223766)
- version 1.14.73
- Unify message format(fixes #485)
- version 1.14.72
- switch cmake build type to RelWithDebInfo
- modernize spec file (remove Authors section, use proper macros,
remove redundant clean section, don't mark man pages as doc)
- switch to -O2 -fvisibility=hidden -fpie:
* PIC is not needed as no shared lib is built
* fstack-protector-strong is default on modern dists and would
be downgraded by fstack-protector
* default visibility hidden allows better optimisation
* O2 is reducing inlining bloat
- > 18% reduced binary size
- remove procps requires (was only for ZMD which is dropped)
(jsc#PED-8153)