- NetworkManager
-
- Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied
by upstream maintainers.
- Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to
CapabilityBoundingSet to make teamd work properly
(glfo#NetworkManager/NetworkManager!860, bsc#1185424).
- Exclude systemd.automount from nfs processing: fix boo#1116625
as suggested from Neil Brown
- SUSEConnect
-
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
not in the body (see bsc#1185611)
- aaa_base
-
- use autopatch
- update first two patches from git originals to have the
same apply depth as the rest:
- git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
- git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
- fix get_kernel_version.c to work also for recent kernels
on the s390/X platform (bsc#1191563)
- git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch
- support xz compressed kernel (bsc#1162581)
- git-38-4c0060639f6fa854830a708a823976772afe7764.patch
- Fixing possible resource leak
- git-39-df622b89bc92fd882a6715c5743095528a643546.patch
- excluding new kernel string in version search
- Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch:
* Add $HOME/.local/bin to PATH, if it exists (bsc#1192248)
- Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch
* sysctl.d/50-default.conf:
allow everybody to create IPPROTO_ICMP sockets (bsc#1174504)
- Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch
* sysctl.d/50-default.conf: fix ping_group_range syntax error
- apache2
-
fix CVE-2021-40438 [bsc#1190703], SSRF via a crafted request uri-path
+ apache2-CVE-2021-40438.patch
fix CVE-2021-36160 [bsc#1190702], out-of-bounds read via a crafted request uri-path
+ apache2-CVE-2021-36160.patch
fix CVE-2021-39275 [bsc#1190666], out-of-bounds write in ap_escape_quotes() via malicious input
+ apache2-CVE-2021-39275.patch
fix CVE-2021-34798 [bsc#1190669], NULL pointer dereference via malformed requests
+ apache2-CVE-2021-34798.patch
- security update
- added patches
- apache2-mod_wsgi-python3
-
- Enable installation of Python sitelib wrapper
This enabled Python Projects to require mod_wsgi in the install_requires
without receiving a "/DistributionNotFound"/ error on entrypoint script
generated by setuptools
- Backport of https://build.opensuse.org/request/show/794038
- Fixes bsc#1189467
- apparmor
-
- Don't provide python2 symbol for python3 package (bsc#1191690).
- Be explicit about using python2 macros, when needed.
- augeas
-
- Allow all printable ASCII characters in WPA-PSK definition
* augeas-allow_printable_ASCII.patch
* bsc#1187512
* Sourced from https://github.com/hercules-team/augeas/pull/723/commits
* Credit to Michal Filka <mfilka@suse.com
- autoyast2
-
- Update the rules.xml schema:
- add the "/hostname"/ element (bsc#1190696).
- remove the 'haspcmica' element (related to bsc#1183352).
- 4.2.56
- Copy the files to the right location when a <file_location>
is given (bsc#1188357).
- 4.2.55
- Add missing elements to rules.xml schema:
- installed_product and installed_product_version (boo#1176089)
- dialog section (bsc#1188153)
- 4.2.54
- Do not export the general/storage section when it is empty
(related to bsc#1171356 and bsc#1187916).
- 4.2.53
- Backport gh#651 by schubi@suse.de:
- Moving <files> section handling from second installation stage
to first installation stage. (bsc#1174194)
- 4.2.52
- bind
-
- Fixed CVE-2021-25219:
The lame-ttl option controls how long named caches certain types
of broken responses from authoritative servers (see the security
advisory for details). This caching mechanism could be abused by
an attacker to significantly degrade resolver performance. The
vulnerability has been mitigated by changing the default value of
lame-ttl to 0 and overriding any explicitly set value with 0,
effectively disabling this mechanism altogether. ISC's testing has
determined that doing that has a negligible impact on resolver
performance while also preventing abuse.
Administrators may observe more traffic towards servers issuing
certain types of broken responses than in previous BIND 9 releases.
[bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
- binutils
-
- Add binutils-revert-hlasm-insns.diff for compatibility on old
code stream that expect 'brcl 0,label' to not be disassembled
as 'jgnop label' on s390x. [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
(boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
PR28422, PR28192, PR28391. Also adds some s390x arch14
instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
binutils in different ways, adds binutils-compat-old-behaviour.diff
and adjusts binutils-revert-nm-symversion.diff and
binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for the arm-symbianelf format has been removed.
* Support for Realm Management Extension (RME) for AArch64 has been
added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
special treatment of __start_*/__stop_* references when
- -gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
- -sym-base=0|8|10|16 tells readelf to display the values in base 8,
base 10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info
files by default. This behaviour can be stopped via the use of the
new '-wN' or '--debug-dump=no-follow-links' options for readelf and
the '-WN' or '--dwarf=no-follow-links' options for objdump. Also
the old behaviour can be restored by the use of the
'--enable-follow-debug-links=no' configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol
tables and string tables from the separate files which can be used
to enhance the information displayed when dumping other sections,
but it does not automatically imply that information from the
separate files should be displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both
the main file and the separate debuginfo file *will* be displayed.
This is because in most cases the debug section will only be present
in one of the files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most
cases the user probably only wanted to load the symbol information
from the separate debuginfo file. In order to change this behaviour
a new command line option --process-links can be used. This will
allow di0pslay options to applied to both the main file and any
separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses "/no
symbols"/ diagnostic.
- Includes fixes for these CVEs:
bnc#1181452 aka CVE-2021-20197 aka PR26945
bnc#1183511 aka CVE-2021-20284 aka PR26931
bnc#1184519 aka CVE-2021-20294 aka PR26929
bnc#1184620 aka CVE-2021-3487 aka PR26946
bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
New features in the Assembler:
General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in
a target neutral manner. This instruction does have an effect on
DWARF line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now
uses hash tables that can be expand and shrink automatically.
X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
Locker instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
Cortex-R82, Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
Stack Recorder Extension) and BRBE (Branch Record Buffer
Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT
instruction for Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC
instruction for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7
AArch64. Add atomic 64-byte load/store instructions for this
feature.
* Add support for +pauth (Pointer Authentication) feature for
- march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow
a helper script to be invoked when an undefined symbol or a
missing library is encountered. This option can be suppressed
via the configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more
secure set of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this:
its default value, share-unconflicted, produces the most compact
output.
* The linker now omits the "/variable section"/ from .ctf sections
by default, saving space. This is almost certainly what you
want unless you are working on a project that has its own
analogue of symbol tables that are not reflected in the ELF
symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for
specifying dependencies of a static library. The arguments of
this option (or --record-libdeps long form option) will be
stored verbatim in the __.LIBDEP member of the archive, which
the linker may read at link time.
* Readelf can now display the contents of LTO symbol table
sections when asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
- -no-demangle, --recurse-limit and --no-recurse-limit options
are also now availale.
- Includes fixes for these CVEs:
bnc#1179898 aka CVE-2020-16590 aka PR25821
bnc#1179899 aka CVE-2020-16591 aka PR25822
bnc#1179900 aka CVE-2020-16592 aka PR25823
bnc#1179901 aka CVE-2020-16593 aka PR25827
bnc#1179902 aka CVE-2020-16598 aka PR25840
bnc#1179903 aka CVE-2020-16599 aka PR25842
bnc#1180451 aka CVE-2020-35493 aka PR25307
bnc#1180454 aka CVE-2020-35496 aka PR25308
bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
* binutils-fix-relax.diff
* binutils-revert-nm-symversion.diff
* binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- blktrace
-
- Fix crash due to dropped first event while using pipe input (bsc#1191788).
* blkparse: skip check_cpu_map with pipe input
* blkparse: fix incorrectly sized memset in check_cpu_map
* Added:
- blkparse-skip-check_cpu_map-with-pipe-input.patch
- blkparse-fix-incorrectly-sized-memset-in-check_cpu_m.patch
- c-ares
-
- 5c995d5.patch: augment input validation on hostnames to allow _
as part of DNS response (bsc#1190225)
- ca-certificates-mozilla
-
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
(bsc#1190858)
- cobbler
-
- Fixed Remote Code Execution in the XMLRPC API which additionally
allowed arbitrary file read and write as root
(bsc#1189458, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)
- This patch introduces a regression where valid log data from Anamon
(Red Hat Autoinstallation Process) uploaded to cobbler may be rejected
- Added:
* v3-0-0-arbitrary-file-read-write-plus-RCE.patch
- containerd
-
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
- bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
- cracklib
-
- %check: really test the package [bsc#1191736]
- createrepo_c
-
- removed %is_opensuse (CtLG)
- disabled drpm for SLE/Leap 15.3
- Update to 0.16.0
+ Never do dir walk when --recycle-pkglist specified
+ Add automatic module metadata handling for repos (rh#1795936)
- Update to 0.15.11
+ Add python unittest for invalid date in updateinfo record get_datetime
+ Simplify case when attr is empty (prevents covscan warnings)
+ Fix couple of memory leaks, some mistakenly dead code and error handling
+ Add --arch-expand option
+ Fix spelling errors.
- Update to 0.15.7
+ Add relogin_suggested to updatecollectionpackage (rh#1779751)
+ Support issued date in epoch format in Python API (rh#1779751)
- Update to 0.15.6
+ Set global_exit_status on sigint so that .repodata are cleaned up
+ Fix various issues discovered by covscans (rh#1789707)
+ Enhance error handling when locating repositories (rh#1762697)
+ Switch updateinfo to explicitly include bool values (rh#1772466)
+ add --recycle-pkglist option
+ use pkg href for cache lookup with --update
+ Sync --excludes matching for dir-walk vs. --pkglist
- cronie
-
- Increase limit of allowed entries in crontab files to fix bsc#1187508
* cronie-1.5.1-increase_crontab_limit.patch
- curl
-
- MIME: Properly check Content-Type even if it has parameters
* Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
* STARTTLS protocol injection via MITM
* Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
* Protocol downgrade required TLS bypassed
* Add curl-CVE-2021-22946.patch
- docker
-
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
* 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
bsc#1190670
+ 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
- dracut
-
- Update to version 049.1+suse.216.gf705637b:
* fix(iscsi): add support for the new iscsiadm "/no-wait"/ (-W) command
* fix(iscsi): add iscsid.service requirements
(bsc#1187190)
- Update to version 049.1+suse.213.g346cf20c:
* fix(suse): add 60-io-scheduler.rules (bsc#1188713)
* fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
- Update to version 049.1+suse.209.gebcf4f33:
* fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
* fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
* fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
- efibootmgr
-
- file
-
- Add patch bsc1189996-9fbe768a.patch to fix bsc#1189996
- gcc
-
- With gcc-PIE add -pie even when -fPIC is specified but we are
not linking a shared library. [boo#1185348]
- Fix postun of gcc-go alternative.
- gcc7
-
- Adjust some ambiguous SPDX license specifications to prevent
spec-cleaner from messing up.
- Add gcc7-pr55917.patch to do not handle exceptions in std::thread
(jsc#CAR-1182)
- - Add gcc7-pfe-0001-Backport-Add-entry-for-patchable_function_entry.patch
gcc7-pfe-0002-Backport-Skip-fpatchable-function-entry-tests-for-nv.patch
gcc7-pfe-0003-Backport-Error-out-on-nvptx-for-fpatchable-function-.patch
gcc7-pfe-0004-Backport-Adapt-scan-assembler-times-for-alpha.patch
gcc7-pfe-0005-Backport-patchable_function_entry-decl.c-Use-3-NOPs-.patch
gcc7-pfe-0006-Backport-IBM-Z-Use-the-dedicated-NOP-instructions-fo.patch
gcc7-pfe-0007-Backport-Add-regex-to-search-for-uppercase-NOP-instr.patch
gcc7-pfe-0008-Backport-ICE-segmentation-fault-with-patchable_funct.patch
gcc7-pfe-0009-Backport-patchable_function_entry-decl.c-Pass-mcpu-g.patch
gcc7-pfe-0010-Backport-patchable_function_entry-decl.c-Do-not-run-.patch
gcc7-pfe-0011-Backport-patchable_function_entry-decl.c-Add-fno-pie.patch
gcc7-pfe-0012-Backport-PR-c-89946-ICE-in-assemble_start_function-a.patch
gcc7-pfe-0013-Backport-targhooks.c-default_print_patchable_functio.patch
gcc7-pfe-0014-Backport-Align-__patchable_function_entries-to-POINT.patch
gcc7-pfe-0015-Backport-Fix-PR-93242-patchable-function-entry-broke.patch
gcc7-pfe-0016-Backport-AArch64-PR92424-Fix-fpatchable-function-ent.patch
gcc7-pfe-0017-Backport-Fix-patchable-function-entry-on-arc.patch
gcc7-pfe-0018-Backport-Add-patch_area_size-and-patch_area_entry-to.patch
gcc7-pfe-0019-Backport-testsuite-Adjust-patchable_function-tests-f.patch
gcc7-pfe-0020-Backport-Use-the-section-flag-o-for-__patchable_func.patch
gcc7-pfe-0021-Backport-varasm-Fix-up-__patchable_function_entries-.patch
gcc7-pfe-0022-Backport-rs6000-Avoid-fpatchable-function-entry-regr.patch
gcc7-pfe-0023-Fix-unwinding-issues-when-pfe-is-enabled.patch
to add -fpatchable-function-entry feature to gcc-7.
- Add gcc7-ada-MINSTKSZ.patch to fix build with glibc 2.34.
- Add bits/unistd_ext.h to the list of removed fixed includes.
- Add gcc7-sanitizer-cyclades.patch to remove cyclades.h use from
libsanitizer fixing builds with recent kernels.
- glibc
-
- always-do-locking-when-iterating-over-list-of-streams.patch: Upstream
part of fix-locking-in-_IO_cleanup.patch
- libio-do-not-attempt-to-free-wide-buffers-of-legacy-streams.patch:
libio: do not attempt to free wide buffers of legacy streams
(bsc#1183085, BZ #24228)
- fix-locking-in-_IO_cleanup.patch: rediff
- iconv-option-parsing.patch: Rewrite iconv option parsing
(CVE-2016-10228, bsc#1027496, BZ #19519)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
(CVE-2021-33574, bsc#1186489, BZ #27896)
- grub2
-
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
* grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure after kdump due to the content of grub.cfg is not
completed with pending modificaton in xfs journal (bsc#1186975)
- Patch refreshed
* grub-install-force-journal-draining-to-ensure-data-i.patch
* grub2-mkconfig-default-entry-correction.patch
- hwdata
-
- Update to version 0.353 (bsc#1192587):
+ Updated pci, usb and vendor ids.
- Update to version 0.352 (bsc#1191375):
+ Updated pci, usb and vendor ids.
- Update to version 0.351 (bsc#1190091):
+ Updated pci, usb and vendor ids.
- Update to version 0.350 (bsc#1189005):
+ Updated pci, usb and vendor ids.
- Update to version 0.349 (bsc#1187948):
- iproute2
-
ss-fix-end-of-line-printing-in-misc-ss.c.patch
xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
bridge-Fix-typo.patch
bridge-Fix-output-with-empty-vlan-lists.patch
tc-action-fix-time-values-output-in-JSON-format.patch
Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch
bpf-Fixes-a-snprintf-truncation-warning.patch
tipc-fixed-a-compile-warning-in-tipc-link.c.patch
ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch
bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch
ip-link-Fix-indenting-in-help-text.patch
ip-iplink_ipoib.c-Remove-extra-spaces.patch
devlink-fix-uninitialized-warning.patch
bridge-fix-string-length-warning.patch
f_u32-fix-compiler-gcc-10-compiler-warning.patch
rdma-Fix-statistics-bind-unbing-argument-handling.patch
lib-namespace-fix-ip-all-netns-return-code.patch
lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch
lib-fs-avoid-double-call-to-mkdir-on-make_path.patch
q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch
ip-xfrm-limit-the-length-of-the-security-context-nam.patch
erspan-fix-JSON-output.patch
devlink-always-check-strslashrsplit-return-value.patch
nexthop-fix-memory-leak-in-add_nh_group_attr.patch
rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch
rdma-stat-fix-return-code.patch
lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch
lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
ip-drop-2-char-command-assumption.patch
man-fix-syntax-for-ip-link-property.patch
lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch
libnetlink-check-error-handler-is-present-before-a-c.patch
ipmonitor-Fix-recvmsg-with-ancillary-data.patch
tc-u32-Fix-key-folding-in-sample-option.patch
man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch
ss-fix-fallback-to-procfs-for-raw-sockets.patch
iptuntap-fix-multi-queue-flag-display.patch
tc-f_flower-fix-port-range-parsing.patch
lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
- refresh:
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
- java-11-openjdk
-
- Update to upstream tag jdk-11.0.13+8 (October 2021 CPU)
* Security fixes
+ JDK-8163326, CVE-2021-35550, bsc#1191901: Update the default
enabled cipher suites preference
+ JDK-8254967, CVE-2021-35565, bsc#1191909:
com.sun.net.HttpsServer spins on TLS session close
+ JDK-8263314: Enhance XML Dsig modes
+ JDK-8265167, CVE-2021-35556, bsc#1191910: Richer Text Editors
+ JDK-8265574: Improve handling of sheets
+ JDK-8265580, CVE-2021-35559, bsc#1191911: Enhanced style for
RTF kit
+ JDK-8265776: Improve Stream handling for SSL
+ JDK-8266097, CVE-2021-35561, bsc#1191912: Better hashing
support
+ JDK-8266103: Better specified spec values
+ JDK-8266109: More Resilient Classloading
+ JDK-8266115: More Manifest Jar Loading
+ JDK-8266137, CVE-2021-35564, bsc#1191913: Improve Keystore
integrity
+ JDK-8266689, CVE-2021-35567, bsc#1191903: More Constrained
Delegation
+ JDK-8267086: ArrayIndexOutOfBoundsException in
java.security.KeyFactory.generatePublic
+ JDK-8267712: Better LDAP reference processing
+ JDK-8267729, CVE-2021-35578, bsc#1191904: Improve TLS client
handshaking
+ JDK-8267735, CVE-2021-35586, bsc#1191914: Better BMP support
+ JDK-8268193: Improve requests of certificates
+ JDK-8268199: Correct certificate requests
+ JDK-8268205: Enhance DTLS client handshake
+ JDK-8268506: More Manifest Digests
+ JDK-8269618, CVE-2021-35603, bsc#1191906: Better session
identification
+ JDK-8269624: Enhance method selection support
+ JDK-8270398: Enhance canonicalization
+ JDK-8270404: Better canonicalization
* Other changes
+ JDK-8024368: private methods are allocated vtable indices
+ JDK-8042902: Test java/net/Inet6Address/serialize/
/Inet6AddressSerializationTest.java fails intermittently
+ JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
+ JDK-8157404: Unable to read certain PKCS12 keystores from
SequenceInputStream
+ JDK-8158066: SourceDebugExtensionTest fails to rename file
+ JDK-8168304: Make all of DependencyContext_test available in
product mode
+ JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java
fails intermittently with BindException
+ JDK-8181313: SA: Remove libthread_db dependency on Linux
+ JDK-8193214: Incorrect annotations.without.processors
warnings with JDK 9
+ JDK-8194230: jdk/internal/jrtfs/remote/
/RemoteRuntimeImageTest.java fails with
java.lang.NullPointerException
+ JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java
fails
+ JDK-8199931: java/net/MulticastSocket/
/UnreferencedMulticastSockets.java fails with "/incorrect data
received"/
+ JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK
version changes
+ JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java
failed on Mac 10.13 with zh_CN and zh_TW locales.
+ JDK-8207316: java/nio/channels/spi/SelectorProvider/
/inheritedChannel/InheritedChannelTest.java failed
+ JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
+ JDK-8208363: test/jdk/java/lang/Package/
/PackageFromManifest.java missing module dependencies
declaration
+ JDK-8209380: ARM: cleanup maybe-uninitialized and reorder
compiler warnings
+ JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh
to plain java test
+ JDK-8209772: Refactor shell test java/util/ServiceLoader/
/basic/basic.sh to java
+ JDK-8209773: Refactor shell test javax/naming/module/basic.sh
to java
+ JDK-8209832: Refactor jdk/internal/reflect/Reflection/
/GetCallerClassTest.sh to plain java test
+ JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh
to plain java test
+ JDK-8210406: Refactor java.util.PluggableLocale:i18n shell
tests to plain java tests
+ JDK-8210407: Refactor java.util.Calendar:i18n shell tests to
plain java tests
+ JDK-8210495: compiler crashes because of illegal signature in
otherwise legal code
+ JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time
image layout
+ JDK-8210802: temp files left by tests in
jdk/java/net/httpclient
+ JDK-8210819: Update the host name in CNameTest.java
+ JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain
java test
+ JDK-8210934: Move sun/net/www/protocol/http/
/GetErrorStream.java to OpenJDK
+ JDK-8210959: JShell fails and exits when statement throws an
exception whose message contains a '%'.
+ JDK-8211055: Provide print to a file (PDF) feature even when
printer was not connected
+ JDK-8211092: test/jdk/sun/net/www/http/HttpClient/
/MultiThreadTest.java fails intermittently when cleaning up
+ JDK-8211296: Remove HotSpot deprecation warning suppression
for Mac/clang
+ JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails
with cleaning up
+ JDK-8212040: Compilation error due to wrong usage of
NSPrintJobDispositionValue in mac10.12
+ JDK-8212695: Add explicit timeout to several HTTP Client tests
+ JDK-8212718: Refactor some annotation processor tests to
better use collections
+ JDK-8213007: Update the link in test/jdk/sun/security/
/provider/SecureRandom/DrbgCavp.java
+ JDK-8213137: Remove static initialization of monitor/mutex
instances
+ JDK-8213235: java/nio/channels/SocketChannel/
/AsyncCloseChannel.java fails with threads that didn't exit
+ JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests
to plain java tests
+ JDK-8213576: Make test AsyncCloseChannel.java run in othervm
+ JDK-8213694: Test Timeout.java should run in othervm mode
+ JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/
/except/except002 and except003
+ JDK-8213922: fix ctw stand-alone build
+ JDK-8214195: Align stdout messages in
test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
+ JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/
/NonUniqueAliases.java failed with incorrect jtreg tags order
+ JDK-8214937: sun/security/tools/jarsigner/warnings/
/NoTimestampTest.java failed due to unexpected expiration date
+ JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
+ JDK-8217825: Verify @AfterTest is used correctly in WebSocket
tests
+ JDK-8218145: block_if_requested is not proper inlined due to
size
+ JDK-8219417: bump jtreg requiredVersion to b14
+ JDK-8219552: bump jtreg requiredVersion to b14 in
test/jdk/sanity/client/
+ JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails
intermittently due to NumberFormatException
+ JDK-8220445: Support for side by side MSVC Toolset versions
+ JDK-8221988: add possibility to build with Visual Studio 2019
+ JDK-8222751: closed/test/jdk/sun/security/util/
/DerIndefLenConverter/IndefBerPkcs12.java fail
+ JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use
Dependencies::find_unique_concrete_method() for non-virtual
methods
+ JDK-8224853: CDS address sanitizer errors
+ JDK-8225082: Remove IdenTrust certificate that is expiring in
September 2021
+ JDK-8225583: Examine the HttpResponse.BodySubscribers for
null handling and multiple subscriptions
+ JDK-8225690: Multiple AttachListener threads can be created
+ JDK-8225790: Two NestedDialogs tests fail on Ubuntu
+ JDK-8226319: Add forgotten test/jdk/java/net/httpclient/
/BodySubscribersTest.java
+ JDK-8226533: JVMCI: findUniqueConcreteMethod should handle
statically bindable methods directly
+ JDK-8226602: Test convenience reactive primitives from
java.net.http with RS TCK
+ JDK-8226683: Remove review suggestion from fix to 8219804
+ JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due
to "/exit code is 134"/
+ JDK-8227766: CheckUnhandledOops is broken in MemAllocator
+ JDK-8227815: Minimal VM: set_state is not a member of
AttachListener
+ JDK-8230674: Heap dumps should exclude dormant CDS archived
objects of unloaded classes
+ JDK-8230808: Remove Access::equals()
+ JDK-8230841: Remove oopDesc::equals()
+ JDK-8231717: Improve performance of charset decoding when
charset is always compactable
+ JDK-8232243: Wrong caret position in JTextPane on Windows
with a screen resolution > 100%
+ JDK-8232782: Shenandoah: streamline post-LRB CAS barrier
(aarch64)
+ JDK-8233790: Forward output from heap dumper to jcmd/jmap
+ JDK-8233989: Create an IPv4 version of
java/net/MulticastSocket/SetLoopbackMode.java
+ JDK-8234510: Remove file seeking requirement for writing a
heap dump
+ JDK-8235211: serviceability/attach/
/RemovingUnixDomainSocketTest.java fails with
AttachNotSupportedException: Unable to open socket file
+ JDK-8235216: typo in test filename
+ JDK-8235866: bump jtreg requiredVersion to 4.2b16
+ JDK-8236111: narrow allowSmartActionArgs disabling
+ JDK-8236413: AbstractConnectTimeout should tolerate both
NoRouteToHostException and UnresolvedAddressException
+ JDK-8236671: NullPointerException in JKS keystore
+ JDK-8238930: problem list compiler/c2/Test8004741.java
+ JDK-8238943: switch to jtreg 5.0
+ JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS
breaks QuietOption.java test
+ JDK-8240983: Incorrect copyright header in Apache Santuario
2.1.3 files
+ JDK-8241336: Some java.net tests failed with
NoRouteToHostException on MacOS with special network
configuration
+ JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
+ JDK-8241768: git needs .gitattributes
+ JDK-8242882: opening jar file with large manifest might throw
NegativeArraySizeException
+ JDK-8244973: serviceability/attach/
/RemovingUnixDomainSocketTest.java fails "/stderr was not
empty"/
+ JDK-8245134: test/lib/jdk/test/lib/security/
/KeyStoreUtils.java should allow to specify aliases
+ JDK-8246261: TCKLocalTime.java failed due to "/AssertionError:
expected [18:14:22] but found [18:14:23]"/
+ JDK-8246387: switch to jtreg 5.1
+ JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed
allocating blob
+ JDK-8247469: getSystemCpuLoad() returns -1 on linux when some
offline cpus are present and cpusets.effective_cpus is not
available
+ JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/
/TextLayout/ArabicDiacriticTest.java can leave frame open
+ JDK-8248403: AArch64: Remove uses of kernel integer types
+ JDK-8248414: AArch64: Remove uses of long and unsigned long
ints
+ JDK-8248657: Windows: strengthening in ThreadCritical
regarding memory model
+ JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
+ JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
+ JDK-8248671: AArch64: Remove unused variables
+ JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
+ JDK-8248816: C1: Fix signature conflict in
LIRGenerator::strength_reduce_multiply
+ JDK-8249095: tools/javac/launcher/SourceLauncherTest.java
fails on Windows
+ JDK-8249548: backward focus traversal gets stuck in button
group
+ JDK-8249773: Upgrade ReceiveISA.java test to be resilient to
failure due to stray packets and interference
+ JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o
bug-id
+ JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses
@ignore w/o bug-id
+ JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses
@ignore w/o bug-id
+ JDK-8250588: Shenandoah: LRB needs to save/restore fp
registers for runtime call
+ JDK-8250824: AArch64: follow up for JDK-8248414
+ JDK-8251166: Add automated testcases for changes done in
JDK-8214112
+ JDK-8251252: Add automated testcase for fix done in
JDK-8214253
+ JDK-8251254: Add automated test for fix done in JDK-8218472
+ JDK-8251361: Potential race between Logger configuration and
GCs in HttpURLConWithProxy test
+ JDK-8251549: Update docs on building for Git
+ JDK-8251945: SIGSEGV in
PackageEntry::purge_qualified_exports()
+ JDK-8252194: Add automated test for fix done in JDK-8218469
+ JDK-8252648: Shenandoah: name gang tasks consistently
+ JDK-8252825: Add automated test for fix done in JDK-8218479
+ JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java
fails intermittently with C1
+ JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially
consistent
+ JDK-8253048: AArch64: When CallLeaf, no need to preserve
callee-saved registers in caller
+ JDK-8253424: Add support for running pre-submit testing using
GitHub Actions
+ JDK-8253631: Remove unimplemented CompileBroker methods after
JEP-165
+ JDK-8253865: Pre-submit testing using GitHub Actions does not
detect failures reliably
+ JDK-8253899: Make IsClassUnloadingEnabled signature match
specification
+ JDK-8254024: Enhance native libs for AWT and Swing to work
with GraalVM Native Image
+ JDK-8254054: Pre-submit testing using GitHub Actions should
not use the deprecated set-env command
+ JDK-8254173: Add Zero, Minimal hotspot targets to submit
workflow
+ JDK-8254175: Build no-pch configuration in debug mode for
submit checks
+ JDK-8254244: Some code emitted by TemplateTable::branch is
unused when running TieredCompilation
+ JDK-8254270: linux 32 bit build doesn't compile
libjdwp/log_messages.c
+ JDK-8254282: Add Linux x86_32 builds to submit workflow
+ JDK-8254850: Update terminology in java.awt.GridBagLayout
source code comments
+ JDK-8255255: Update Apache Santuario (XML Signature) to
version 2.2.1
+ JDK-8255305: Add Linux x86_32 tier1 to submit workflow
+ JDK-8255352: Archive important test outputs in submit workflow
+ JDK-8255373: Submit workflow artifact name is always
"/test-results_.zip"/
+ JDK-8255452: Doing GC during JVMTI MethodExit event posting
breaks return oop
+ JDK-8255718: Zero: VM should know it runs in interpreter-only
mode
+ JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F
on Manjaro Linux
+ JDK-8255810: Zero: build fails without JVMTI
+ JDK-8255895: Submit workflow artifacts miss hs_errs/replays
due to ZIP include mismatch
+ JDK-8256127: Add cross-compiled foreign architectures builds
to submit workflow
+ JDK-8256215: Shenandoah: re-organize saving/restoring machine
state in assembler code
+ JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for
x86_32 and lower -XX:+UseSSE
+ JDK-8256277: Github Action build on macOS should define OS
and Xcode versions
+ JDK-8256354: Github Action build on Windows should define OS
and MSVC versions
+ JDK-8256393: Github Actions build on Linux should define OS
and GCC versions
+ JDK-8256414: add optimized build to submit workflow
+ JDK-8256747: GitHub Actions: decouple the hotspot build-only
jobs from Linux x64 testing
+ JDK-8257056: Submit workflow should apt-get update to avoid
package installation errors
+ JDK-8257148: Remove obsolete code in AWTView.m
+ JDK-8257497: Update keytool to create AKID from the SKID of
the issuing certificate as specified by RFC 5280
+ JDK-8257620: Do not use objc_msgSend_stret to get macOS
version
+ JDK-8257913: Add more known library locations to simplify
Linux cross-compilation
+ JDK-8258703: Incorrect 512-bit vector registers restore on
x86_32
+ JDK-8259338: Add expiry exception for identrustdstx3 alias to
VerifyCACerts.java test
+ JDK-8259535: ECDSA SignatureValue do not always have the
specified length
+ JDK-8259679: GitHub actions should use MSVC 14.28
+ JDK-8259924: GitHub actions fail on Linux x86_32 with "/Could
not configure libc6:i386"/
+ JDK-8260460: GitHub actions still fail on Linux x86_32 with
"/Could not configure libc6:i386"/
+ JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
+ JDK-8260923: Add more tests for SSLSocket input/output
shutdown
+ JDK-8261072: AArch64: Fix MacroAssembler::get_thread
convention
+ JDK-8261147: C2: Node is wrongly marked as reduction
resulting in a wrong execution due to wrong vector instructions
+ JDK-8261238: NMT should not limit baselining by size threshold
+ JDK-8261496: Shenandoah: reconsider pacing updates memory
ordering
+ JDK-8261652: Remove some dead comments from os_bsd_x86
+ JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync
with the StackFrameStream
+ JDK-8262000: jdk/jfr/event/gc/detailed/
/TestPromotionFailedEventWithParallelScavenge.java failed with
"/OutOfMemoryError: Java heap space"/
+ JDK-8262017: C2: assert(n != __null) failed: Bad immediate
dominator info.
+ JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
+ JDK-8262409: sun/security/ssl/SSLSocketImpl/
/SSLSocketImplThrowsWrongExceptions. SSL test failures caused
by java failed with "/Server reported the wrong exception"/
+ JDK-8262470: Printed GlyphVector outline with low DPI has bad
quality on Windows
+ JDK-8262862: Harden tests sun/security/x509/URICertStore/
/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
+ JDK-8263136: C4530 was reported from VS 2019 at access bridge
+ JDK-8263227: C2: inconsistent spilling due to dead nodes in
exception block
+ JDK-8263382: java/util/logging/ParentLoggersTest.java failed
with "/checkLoggers: getLoggerNames() returned unexpected
loggers"/
+ JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
+ JDK-8263432: javac may report an invalid package/class clash
on case insensitive filesystems
+ JDK-8263490: [macos] Crash occurs on JPasswordField with
activated InputMethod
+ JDK-8263531: Remove unused buffer int
+ JDK-8263667: Avoid running GitHub actions on branches named
pr/*
+ JDK-8263776: [JVMCI] add helper to perform Java upcalls
+ JDK-8264016: [JVMCI] add some thread local fields for use by
JVMCI
+ JDK-8264752: SIGFPE crash with option
FlightRecorderOptions:threadbuffersize=30M
+ JDK-8265132: C2 compilation fails with assert "/missing
precedence edge"/
+ JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after
fix for JDK-8264821
+ JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay
description
+ JDK-8265756: AArch64: initialize memory allocated for locals
according to Windows AArch64 stack page growth requirement in
template interpreter
+ JDK-8265761: Font with missed font family name is not
properly printed on Windows
+ JDK-8265773: incorrect jdeps message "/jdk8internals"/ to
describe a removed JDK internal API
+ JDK-8265836: OperatingSystemImpl.getCpuLoad() returns
incorrect CPU load inside a container
+ JDK-8266018: Shenandoah: fix an incorrect assert
+ JDK-8266206: Build failure after JDK-8264752 with older GCCs
+ JDK-8266248: Compilation failure in
PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
+ JDK-8266288: assert root method not found in
witnessed_reabstraction_in_supers is too strong
+ JDK-8266404: Fatal error report generated with
- XX:+CrashOnOutOfMemoryError should not contain suggestion to
submit a bug report
+ JDK-8266480: Implicit null check optimization does not update
control of hoisted memory operation
+ JDK-8266615: C2 incorrectly folds subtype checks involving an
interface array
+ JDK-8266642: Improve ResolvedMethodTable hash function
+ JDK-8266749: AArch64: Backtracing broken on PAC enabled
systems
+ JDK-8266761: AssertionError in
sun.net.httpserver.ServerImpl.responseCompleted
+ JDK-8266813: Shenandoah: Use shorter instruction sequence for
checking if marking in progress
+ JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due
to uninitialized BasicObjectLock::_displaced_header
+ JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use
Metaspace with less classes
+ JDK-8267396: Avoid recording "/pc"/ in unhandled oops detector
for better performance
+ JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java
test failed with assertion
+ JDK-8267424: CTW: C1 fails with "/State must not be null"/
+ JDK-8267459: Pasting Unicode characters into JShell does not
work.
+ JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
+ JDK-8267666: Add option to jcmd GC.heap_dump to use existing
file
+ JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
+ JDK-8267751: (test) jtreg.SkippedException has no serial
VersionUID
+ JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle
min_jint correctly
+ JDK-8268103: JNI functions incorrectly return a double after
JDK-8265836
+ JDK-8268127: Shenandoah: Heap size may be too small for
region to align to large page size
+ JDK-8268261: C2: assert(n != __null) failed: Bad immediate
dominator info.
+ JDK-8268347: C2: nested locks optimization may create
unbalanced monitor enter/exit code
+ JDK-8268360: Missing check for infinite loop during node
placement
+ JDK-8268362: [REDO] C2 crash when compile negative
Arrays.copyOf length after loop
+ JDK-8268366: Incorrect calculation of has_fpu_registers in C1
linear scan
+ JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to
missing null check
+ JDK-8268417: Add test from JDK-8268360
+ JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm
performance
+ JDK-8268617: [11u REDO] - WebSocket over authenticating proxy
fails with NPE
+ JDK-8268620: InfiniteLoopException test may fail on x86
platforms
+ JDK-8268635: Corrupt oop in ClassLoaderData
+ JDK-8268699: Shenandoah: Add test for JDK-8268127
+ JDK-8268771: javadoc -notimestamp option does not work on
index.html
+ JDK-8268775: Password is being converted to String in
AccessibleJPasswordField
+ JDK-8268776: Test `ADatagramSocket.java` missing /othervm
from @run tag
+ JDK-8268965: TCP Connection Reset when connecting simple
socket to SSL server
+ JDK-8269304: Regression ~5% in 2005 in b27
+ JDK-8269415: [11u] Remove ea from
DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
+ JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should
be more resilient
+ JDK-8269529: javax/swing/reliability/
/HangDuringStaticInitialization.java fails in Windows debug
build
+ JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory
leak: allocating handle outside HandleMark
+ JDK-8269614: [s390] Interpreter checks wrong bit for slow
path instance allocation
+ JDK-8269650: Optimize gc-locker in
[Get|Release]StringCritical for latin string
+ JDK-8269661: JNI_GetStringCritical does not lock char array
+ JDK-8269668: [aarch64] java.library.path not including
/usr/lib64
+ JDK-8269763: The JEditorPane is blank after JDK-8265167
+ JDK-8269795: C2: Out of bounds array load floats above its
range check in loop peeling resulting in SEGV
+ JDK-8269847: JDK-8269594 backport breaks 11u builds
+ JDK-8269850: Most JDK releases report macOS version 12 as
10.16 instead of 12.0
+ JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports
incorrect process cpu usage in containers
+ JDK-8269882: stack-use-after-scope in NewObjectA
+ JDK-8269934: RunThese24H.java failed with
EXCEPTION_ACCESS_VIOLATION in
java_lang_Thread::get_thread_status
+ JDK-8270096: Shenandoah: Optimize gc/shenandoah/
/TestRefprocSanity.java for interpreter mode
+ JDK-8270137: Kerberos Credential Retrieval from Cache not
Working in Cross-Realm Setup
+ JDK-8270184: [TESTBUG] Add coverage for jvmci
ResolvedJavaType.toJavaName() for lambdas
+ JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns
incorrect type name for lambdas
+ JDK-8270556: Exclude security/infra/java/security/cert/
/CertPathValidator/certification/LetsEncryptCA
+ JDK-8270893: IndexOutOfBoundsException while reading large
TIFF file
+ JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
+ JDK-8272124: Cgroup v1 initialization causes
NullPointerException when cgroup path contains colon
+ JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash
when clone null CallProjections.fallthrough_ioproj
+ JDK-8272197: Update 11u GHA workflow with Shenandoah
configurations
+ JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz
after JDK-8255790
+ JDK-8272472: StackGuardPages test doesn't build with glibc
2.34
+ JDK-8272602: [macos] not all KEY_PRESSED events sent when
control modifier is used
+ JDK-8272628: Problemlist gc/stress/gcbasher/
/TestGCBasherWithCMS.java for x86_32
+ JDK-8272700: [macos] Build failure with Xcode 13.0 after
JDK-8264848
+ JDK-8272772: Shenandoah: compiler/c2/aarch64/
/TestVolatilesShenandoah.java fails in 11u
+ JDK-8273939: Backport of 8248414 to JDK11 breaks
MacroAssembler::adrp
- Remove the unneeded icedtea-sound provider
- Removed patches:
* icedtea-sound-1.0.1-jdk9.patch
* icedtea-sound-soundproperties.patch
+ not needed since the icedtea-sound provider is removed
* jdk11-glibc234.patch
+ integrated upstream
- Added patch:
* fips.patch
+ implement FIPS support in OpenJDK
- Modified patch:
* nss-security-provider.patch
+ revert recent changes making NSS provider the default one
+ fixes bsc#1190252
- Added patch:
* jdk11-glibc234.patch
+ fix build with glibc-2.34 (bsc#1189201)
- riscv64-zero.patch: Add support for riscv64 (zero VM)
- kdump
-
- kdump-do-not-iterate-past-end-of-string.patch:
URLParser::extractAuthority(): Do not iterate past end of string
(bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
code checking after "/local"/ with assignment (bsc#1184616
LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
dracut command line (bsc#1182309).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
/etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
initrd.target.wants directory exists (bsc#1172670).
- kernel-default
-
- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
(bsc#1191628 bsc#1192549).
dir_cookie is a pointer to the cookie in older kernels,
not the cookie itself.
- commit ee8ec20
- ftrace: Fix scripts/recordmcount.pl due to new binutils
(bsc#1192267).
- commit f07ed1b
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
(bsc#1152489).
- commit 96ee990
- netfilter: conntrack: collect all entries in one cycle
(bsc#1173604).
- commit c4117de
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment don't include
all headers (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
(bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU
(bsc#1191241).
- commit c74316d
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode
(bsc#1156395).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0
when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- commit 2ce76cc
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(fate#322438 bsc#1085030 git-fixes).
- commit 3106974
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- commit 1702f6b
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
(bsc#1065729).
- commit 4a60f84
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- commit c4ecd47
- mmc: vub300: fix control-message timeouts (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value
(git-fixes).
- commit 15296ab
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
(bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- commit ea0ad63
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
(git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit()
(git-fixes).
- commit 1fb45c2
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
(git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- ionic: don't remove netdev->dev_addr when syncing uc list
(bsc#1167773).
- iavf: fix double unlock of crit_lock (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- gve: report 64bit tx_bytes counter from
gve_handle_report_stats() (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- net: bridge: use nla_total_size_64bit() in
br_get_linkxstats_size() (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
(git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
(git-fixes).
- qed: rdma - don't wait for resources under hw error recovery
flow (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- qed: Handle management FW error (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
(git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- i40e: Fix ATR queue selection (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 64e7f77
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
(CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
bsc#1188563).
- commit e419503
- powerpc/idle: Don't corrupt back chain when going idle
(bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056).
- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return
0 if it went to guest (bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056).
- KVM: PPC: Book3S HV: Fix stack handling in
idle_kvm_start_guest() (bko#206669 bsc#1174585 bsc#1192107
CVE-2021-43056).
- powerpc64/idle: Fix SP offsets when saving GPRs (bko#206669
bsc#1174585 bsc#1192107 CVE-2021-43056).
- commit 90745c9
- Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958)
- commit b1524c3
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit 3a9d8cd
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- isdn: cpai: check ctr->cnr to avoid array index out of bound
(git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset
(git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment
(git-fixes).
- commit 26182ff
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating
inodes (bsc#1190642).
- commit 4a5d10a
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to
ERROR_ACTIVE state notification (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- lan78xx: select CRC32 (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- audit: fix possible null-pointer dereference in
audit_filter_rules (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS
G551JW (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid
ambiguity (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- commit 2657409
- blacklist.conf: irrelevant
- commit 4c2a4eb
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 8800f76
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
(git-fixes).
- commit 2947d1e
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
bsc#1190067).
- commit 9eabc0c
- Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 2adc0e5
- cipso,calipso: resolve a number of problems with the DOI
refcounts (CVE-2021-33033 bsc#1186109).
- commit 499c5a0
- ceph: fix handling of "/meta"/ errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut
down when mounting (bsc#1192040).
- commit 329e544
- kabi: hide return value type change of sctp_af::from_addr_param
(CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
(CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
bsc#1188563).
- commit 9f59a3f
- Update
patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
references (add CVE-2021-3715 bsc#1190349).
- commit bd39990
- Revert "/sched/fair: Add ancestors of unthrottled undecayed cfs_rq"/
The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
reverted as part of short-term solution of bsc#1191343.
This reverts commit d8d828e03d4f1e436c3580616c7b53db38e38dcb.
- commit c6395e4
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 9bccba9
- USB: serial: option: add Quectel EC200S-CN module support
(git-fixes).
- commit e1df2bf
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- commit b42181b
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- commit cff3cf9
- USB: serial: option: add Telit LE910Cx composition 0x1204
(git-fixes).
- commit 3ccad62
- xhci: Enable trust tx length quirk for Fresco FL11 USB
controller (git-fixes).
- commit 55acfbd
- xhci: Fix command ring pointer corruption while aborting a
command (git-fixes).
- commit bf02a9c
- Input: xpad - add support for another USB ID of Nacon GC-100
(git-fixes).
- commit eba25ff
- media: firewire: firedtv-avc: fix a buffer overflow in
avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit fab3d4f
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- commit 8c6d0b8
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- commit ac3ffc2
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit c40c7ae
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit eee3b41
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit da61791
- gpio: pca953x: Improve bias setting (git-fixes).
- spi: spi-nxp-fspi: don't depend on a specific node name erratum
workaround (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
(git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- commit c393393
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in
ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
(git-fixes).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device
IDs (git-fixes).
- HID: apple: Fix logical maximum and usage maximum of Magic
Keyboard JIS (git-fixes).
- commit 372fd90
- pata_legacy: fix a couple uninitialized variable bugs
(git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error
(git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- commit 1a13895
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
For building in OBS, we always build inside a virtual machine
that gets a new, freshly created scratch filesystem image. So
we do not need to handle fscks because that ain't gonna happen,
as well as not we do not need to handle microcode update in the
initrd as these only can be run on the host system anyway. We
can also strip and hardlink as an additional optimisation that
should not significantly hurt.
- commit c72c6fc
- nvme-pci: Fix abort command id (git-fixes).
- nvme: add command id quirk for apple controllers (git-fixes).
- commit 210cebb
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 2ae68ea
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 2d2e1e0
- fix patch metadata
- fix Patch-mainline:
- patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
- commit b7dfcc7
- NFS: Do uncached readdir when we're seeking a cookie in an
empty page cache (bsc#1191628).
- commit 5ca83d3
- NFC: digital: fix possible memory leak in
digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in
digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- commit aada78f
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
(bsc#1185762).
- nvme-fc: avoid race between time out and tear down
(bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- commit 4afdc63
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- commit c7eb218
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 901c621
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
call (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
SSD (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- commit 4915e73
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- commit aaf0697
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
(bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
(bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
(bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
(bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
(bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
(bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
(bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
(bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- commit c17f95e
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
The semantic changed in an incompatible way so invoking the macro now
causes a build failure.
- commit 3e55f55
- powerpc/bpf: Emit stf barrier instruction sequences
for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
(bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit 3f6738b
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting
(git-fixes).
- commit b5d0357
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
from run_smbios_call (git-fixes).
- commit a539d65
- x86/resctrl: Free the ctrlval arrays when
domain_setup_mon_state() fails (bsc#1152489).
- commit dba5675
- can: xilinx_can: handle failure cases of pm_runtime_get_sync
(git-fixes).
- commit 82f6db6
- blacklist.conf: feature, not a fix
- commit fd65896
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- commit 5487063
- can: peak_usb: fix use after free bugs (git-fixes).
- commit 3ad9b4d
- can: dev: can_restart: fix use after free bug (git-fixes).
- commit 0943ca2
- can: ti_hecc: ti_hecc_probe(): add missed
clk_disable_unprepare() in error path (git-fixes).
- commit 2fec0e3
- Update patch reference for soc fix (CVE-2021-42252 bsc#1190479)
- commit f05067d
- blacklist.conf: requires newer USB PD version than we have
- commit a8bbe8f
- blacklist.conf: needs newer USB PD than we have
- commit d0d6a50
- USB: cdc-acm: fix minor-number release (git-fixes).
- commit 477b833
- USB: cdc-acm: clean up probe error labels (git-fixes).
- commit 576c313
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit fab5572
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit 08dc820
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge()
(bsc#1191456).
- commit 7832c25
- tpm: ibmvtpm: Avoid error message when process gets signal
while waiting (bsc#1065729).
- commit 544cf01
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
ltc#194498 git-fixes).
- commit 6c29f54
- xfs: fix up non-directory creation in SGID directories
(bsc#1190006 CVE-2018-13405).
- commit f5a61c4
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- commit 7385144
- xfs: ensure that the inode uid/gid match values match the
icdinode ones (bsc#1190006).
- commit 0ddcc0f
- xfs: merge the projid fields in struct xfs_icdinode
(bsc#1190006).
- commit 3a30ff3
- Revert "/sched/fair: Correctly insert cfs_rq's to list on unthrottle
(git-fixes)"/ (bsc#1191343, bsc#1191238)
The commit a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list
on unthrottle"/) causes more severe problems than the problem it aims to
solve (corrupting cfs_rq leaf list vs insufficient fairness). While both
need to be solved eventually, revert the commit until non-breaking
solution is found.
Blacklist the commit as well, to prevent a regression via git-fixes.
This reverts commit 1732b9ba91b4b7a0822e98bd910feefbcb5424dc.
- commit b8c1ddd
- Revert "/sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes)."/
The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
reverted as part of short-term solution of bsc#1191343.
This reverts commit f3a38fbebab3f88070c129511f99a896f5532f7e.
- commit 4f925fc
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- commit 549a3d8
- blk: Fix lock inversion between ioc lock and bfqd lock
(bsc#1191456).
- commit adb5e59
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- commit 0d474e5
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit cd60ce3
- blacklist.conf: Blacklist 889c05cc5834
- commit ea30b1a
- blacklist.conf: Blacklist 6961fed42014
- commit b6fb7af
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- commit a4f24d0
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- commit 34735be
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 449ab75
- ext4: report correct st_size for encrypted symlinks
(bsc#1191449).
- commit 3669a7f
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
(bsc#1191317, CVE-2021-41864).
- commit d4466f5
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- commit a4c3be7
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- HID: u2fzero: ignore incomplete packets without data
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
(git-fixes).
- net: hso: add failure handler for add_net_device (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device
(git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling
(git-fixes).
- commit 51aaf55
- Update kabi files.
- update from October 2021 maintenance update submission (commit c909dd500033)
- commit d500b18
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
- net: 6pack: fix slab-out-of-bounds in decode_data
(CVE-2021-42008 bsc#1191315).
- commit b0db75a
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
(jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
(bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
(bsc#1185302).
- Refresh
patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
(bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- Delete
patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
flags (bsc#1065729).
- commit f3110f1
- apparmor: remove duplicate macro list_entry_is_head()
(git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
(git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
(git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
(git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
(git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
(git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
(git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
(git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
(git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
(git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
(git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
(git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
(git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
(git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
(git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
(git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
(git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
registration (git-fixes).
- Refresh
patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
(git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
(git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
(git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
possible uninitialized-variable access in
amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
(git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
(git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
(git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
(git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
(git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
(git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
(git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
(git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
(git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
(git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
(git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
(git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
(git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
(git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
(git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
(git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
(git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
(git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
(git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
(git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
(git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
(git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
ath9k modules have some exported symbols for the common helpers
and the recent fixes broke kABI of those. They are specific to
ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
(CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
(bsc#1190746 bsc#1191172).
cache.group_info (aka cache.cred) was not properly initialized when
- >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
(bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- fix patch metadata
- fix Patch-mainline:
- patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
- patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
- patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
- patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- x86/mm: Fix kern_addr_valid() to cope with existing but not
present entries (bsc#1152489).
- commit 1efaf04
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
(bsc#1188067).
- Refresh
patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
Refresh the metad data and sort into correct position:
patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
(CVE-2021-3752 bsc#1190023).
- commit 65458cc
- Restore kabi after NFS: pass cred explicitly for access tests
(bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
(bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
(bsc#1190746).
- commit 907996a
- usb: musb: tusb6010: uninitialized data in
tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
(bsc#1152489).
- commit 15eb225
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- commit c909dd5
- powerpc: fix function annotations to avoid section mismatch
warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
These changes depend on a suse-module-tools update which has not reached
SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
unsatisfiable dependency of resulting binary packages.
Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
(bsc#1190717).
- commit 0a89f09
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well.
Fixes: e98096d5cf85 ("/rpm: Abolish scritplet templating (bsc#1189841)."/)
- commit e082fbf
- mm/swap: consider max pages in iomap_swapfile_add_extent
(bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
(bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
(bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
(bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
(bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
(bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
(bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
(bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
(bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
(bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
(git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
(bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
(bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
(bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
(bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
(bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
(bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
(bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
(bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
(bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
(bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
(bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
Refresh and update:
- patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
(bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
(bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
- patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
(bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
(bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
(bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
(bsc#1188651).
- commit e701c22
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
(git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
(bsc#1173746).
- devlink: Break parameter notification sequence to be
before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
(git-fixes).
- e1000e: Do not take care about recovery NVM checksum
(jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
(bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
(git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
(git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
(git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
(git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
(git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
(git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
(git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
(git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
(git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
(git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
(git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
(bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
(git-fixes).
- commit c432b6b
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
(bsc#1190115).
- commit 561fbd8
- series.conf: refresh
- update upstream references and resort:
- patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
- patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
- patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit ebb6bcb
- fixup "/rpm: support gz and zst compression methods"/ once more
(bsc#1190428, bsc#1190358)
Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 165378a
- PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
- PCI: iproc: Fix BCMA probe resource handling (git-fixes).
- usb: dwc2: Fix error path in gadget registration (git-fixes).
- commit 59e7328
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
(git-fixes).
- drm/panfrost: Simplify lock_region calculation (git-fixes).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
(git-fixes).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
(git-fixes).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
(git-fixes).
- mfd: axp20x: Update AXP288 volatile ranges (git-fixes).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
of 'mpc8xxx_probe()' (git-fixes).
- commit 75d69a6
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
chip was registered (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
(git-fixes).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
(git-fixes).
- PCI/portdrv: Enable Bandwidth Notification only if port supports
it (git-fixes).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
(git-fixes).
- PCI: Call Max Payload Size-related fixup quirks early
(git-fixes).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
ROG Strix G17 (git-fixes).
- reset: reset-zynqmp: Fixed the argument data type (git-fixes).
- gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for
(semi)planar U/V formats (git-fixes).
- commit f395ad9
- Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412)
Deleted and blacklisted:
patches.suse/platform-x86-intel_int0002_vgpio-Only-call-enable_ir.patch
patches.suse/platform-x86-intel_int0002_vgpio-Pass-irqchip-when-a.patch
- commit bebba41
- fixup "/rpm: support gz and zst compression methods"/ once more
Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 34e68f4
- fixup "/rpm: support gz and zst compression methods"/
Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
- commit 23510fc
- kernel-cert-subpackage: Fix certificate location in scriptlets
(bsc#1189841).
Fixes: d9a1357edd73 ("/rpm: Define $certs as rpm macro (bsc#1189841)."/)
- commit 8684de8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
(bsc#1190358).
The script part for base package case is completely separate from the
part for subpackages. Remove the part for subpackages from the base
package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
(bsc#1190358).
Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- mm/vmscan: fix infinite loop in drop_slab_node (VM
Functionality, bsc#1189301).
- commit 016e8e0
- blacklist.conf: blacklist an unwanted commit
- commit 910824e
- SUNRPC: Simplify socket shutdown when not reusing TCP ports
(git-fixes).
- SUNRPC: Fix potential memory corruption (git-fixes).
- NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes).
- nfsd4: Fix forced-expiry locking (git-fixes).
- lockd: Fix invalid lockowner cast after vfs_test_lock
(git-fixes).
- commit 59642ba
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- commit a70a19d
- Sort nvme patches into linux-block.
- commit 090f7ef
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
- Delete
patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit bfb1107
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481).
- commit 9722825
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
- commit 350aa4f
- btrfs: rip out may_commit_transaction (bsc#1135481).
- commit 4606638
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481).
- commit 631f16e
- btrfs: adjust the flush trace point to include the source (bsc#1135481).
- commit e32ea57
- btrfs: implement space clamping for preemptive flushing (bsc#1135481).
- commit ca710c1
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
- commit 4b02073
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
- commit 7205c9f
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
- Refresh
patches.suse/btrfs-account-ticket-size-at-add-delete-time.patch.
- commit bcb2da5
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
- commit fba4763
- btrfs: rename need_do_async_reclaim (bsc#1135481).
- commit f764126
- btrfs: improve preemptive background space flushing (bsc#1135481).
- commit 874aca2
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
- commit 7ec1638
- btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
- commit c78869d
- btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481).
- commit c805821
- btrfs: add a trace point for reserve tickets (bsc#1135481).
- commit ed22c30
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481).
- commit f6a0397
- SUNRPC: improve error response to over-size gss credential
(bsc#1190022).
- commit 0678bd3
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
CVE2020-12770).
- commit 59a4a94
- Bluetooth: schedule SCO timeouts with delayed_work
(CVE-2021-3640 bsc#1188172).
- Refresh
patches.suse/Bluetooth-fix-repeated-calls-to-sco_sock_kill.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 69c5b94
- sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes).
- commit f3a38fb
- rpm/kernel-source.spec.in: do some more for vanilla_only
Make sure:
* sources are NOT executable
* env is not used as interpreter
* timestamps are correct
We do all this for normal kernel builds, but not for vanilla_only
kernels (linux-next and vanilla).
- commit b41e4fd
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
This reverts commit 78b761616bfb31a0d54806624e7c8db23fbeda9c.
It's effectively upstream commit
3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
avoid proliferation of patches). Make a note in blacklist.conf too.
- commit eba498f
- Update kabi files.
- update from September 2021 maintenance update submission (commit 21030bc7f9be)
- commit 63b67d5
- fix patch metadata
- fix Patch-mainline:
- patches.suse/mm-vmscan-guarantee-drop_slab_node-termination.patch
- commit bddec27
- blacklist.conf: kABI
- commit 2b1e710
- mm, vmscan: guarantee drop_slab_node() termination (VM
Functionality, bsc#1189301).
- commit 56cc71b
- blacklist.conf: cosmetic fix
- commit c872ce5
- blacklist.conf: 33cba859220b ("/fscache: Fix fscache_cookie_put() to not deref after dec"/)
Needs prerequisites to backport which could be problematic.
- commit 648a5e5
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- commit 714137e
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
(git-fixes).
- commit 5a2ecd2
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 425bbd2
- memcg: enable accounting of ipc resources (bsc#1190115
CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit 925e30c
- Refresh
patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch.
- commit f3cba28
- series.conf: cleanup
- update upstream references and resort:
- patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch
- commit 0d42678
- update nvme patch references and move them out of sorted section
Within a few days, nvme repository was not only rebased again but the
patches has been also reordered. To avoid further spurious git-sort errors,
move the nvme patches out of sorted section until they reach mainline or
some better behaving subsystem repository.
- update Git-commit and move out of sorted section:
- patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
- patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
- patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit 95e9f8b
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
(bsc#1189841).
These are unchanged since 2011 when they were introduced. No need to
track them separately.
- commit 692d38b
- rpm: Abolish image suffix (bsc#1189841).
This is used only with vanilla kernel which is not supported in any way.
The only effect is has is that the image and initrd symlinks are created
with this suffix.
These symlinks are not used except on s390 where the unsuffixed symlinks
are used by zipl.
There is no reason why a vanilla kernel could not be used with zipl as
well as it's quite unexpected to not be able to boot when only a vanilla
kernel is installed.
Finally we now have a backup zipl kernel so if the vanilla kernel is
indeed unsuitable the backup kernel can be used.
- commit e2f37db
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- commit e602b0f
- rpm: Define $certs as rpm macro (bsc#1189841).
Also pass around only the shortened hash rather than full filename.
As has been discussed in bsc#1124431 comment 51
https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
the certificates is an API which cannot be changed unless we can ensure
that no two kernels that use different certificate location can be built
with the same certificate.
- commit d9a1357
- HID: input: do not report stylus battery state as "/full"/
(git-fixes).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
(git-fixes).
- pinctrl: single: Fix error return code in
pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- commit 835ad7d
- mtd: rawnand: cafe: Fix a resource leak in the error handling
path of 'cafe_nand_probe()' (git-fixes).
- USB: serial: option: add new VID/PID to support Fibocom FG150
(git-fixes).
- drm/nouveau/disp: power down unused DP links during init
(git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device
(git-fixes).
- commit ce46f13
- ocfs2: ocfs2_downconvert_lock failure results in deadlock
(bsc#1188439).
- commit d85d8fa
- cgroup1: fix leaked context root causing sporadic NULL deref
in LTP (bsc#1190181).
- commit d57aed6
- Refresh patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch.
- commit aec8493
- series.conf: cleanup
- update upstream references and resort:
- patches.suse/scsi-core-Add-scsi_prot_ref_tag-helper.patch
- patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch
- patches.suse/scsi-lpfc-Add-256-Gb-link-speed-support.patch
- patches.suse/scsi-lpfc-Add-PCI-ID-support-for-LPe37000-LPe38000-s.patch
- patches.suse/scsi-lpfc-Call-discovery-state-machine-when-handling.patch
- patches.suse/scsi-lpfc-Clear-outstanding-active-mailbox-during-PC.patch
- patches.suse/scsi-lpfc-Copyright-updates-for-12.8.0.11-patches.patch
- patches.suse/scsi-lpfc-Copyright-updates-for-14.0.0.0-patches.patch
- patches.suse/scsi-lpfc-Delay-unregistering-from-transport-until-G.patch
- patches.suse/scsi-lpfc-Discovery-state-machine-fixes-for-LOGO-han.patch
- patches.suse/scsi-lpfc-Enable-adisc-discovery-after-RSCN-by-defau.patch
- patches.suse/scsi-lpfc-Fix-KASAN-slab-out-of-bounds-in-lpfc_unreg.patch
- patches.suse/scsi-lpfc-Fix-NULL-ptr-dereference-with-NPIV-ports-f.patch
- patches.suse/scsi-lpfc-Fix-NVMe-support-reporting-in-log-message.patch
- patches.suse/scsi-lpfc-Fix-cq_id-truncation-in-rq-create.patch
- patches.suse/scsi-lpfc-Fix-function-description-comments-for-vmid.patch
- patches.suse/scsi-lpfc-Fix-memory-leaks-in-error-paths-while-issu.patch
- patches.suse/scsi-lpfc-Fix-possible-ABBA-deadlock-in-nvmet_xri_ab.patch
- patches.suse/scsi-lpfc-Fix-target-reset-handler-from-falsely-retu.patch
- patches.suse/scsi-lpfc-Improve-firmware-download-logging.patch
- patches.suse/scsi-lpfc-Keep-NDLP-reference-until-after-freeing-th.patch
- patches.suse/scsi-lpfc-Remove-REG_LOGIN-check-requirement-to-issu.patch
- patches.suse/scsi-lpfc-Remove-redundant-assignment-to-pointer-pcm.patch
- patches.suse/scsi-lpfc-Remove-use-of-kmalloc-in-trace-event-loggi.patch
- patches.suse/scsi-lpfc-Revise-Topology-and-RAS-support-checks-for.patch
- patches.suse/scsi-lpfc-Skip-issuing-ADISC-when-node-is-in-NPR-sta.patch
- patches.suse/scsi-lpfc-Skip-reg_vpi-when-link-is-down-for-SLI3-in.patch
- patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.11.patch
- patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.0.patch
- patches.suse/scsi-lpfc-Use-PBDE-feature-enabled-bit-to-determine-.patch
- patches.suse/scsi-qla2xxx-Fix-spelling-mistakes-allloc-alloc.patch
- patches.suse/scsi-qla2xxx-Fix-use-after-free-in-debug-code.patch
- patches.suse/scsi-qla2xxx-Remove-redundant-continue-statement-in-.patch
- patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-vari.patch
- patches.suse/scsi-qla2xxx-Remove-unused-variable-status.patch
- patches.suse/scsi-qla2xxx-Update-version-to-10.02.00.107-k.patch
- patches.suse/scsi-qla2xxx-Use-the-proper-SCSI-midlayer-interfaces.patch
- patches.suse/scsi-qla2xxx-edif-Add-authentication-pass-fail-bsgs.patch
- patches.suse/scsi-qla2xxx-edif-Add-detection-of-secure-device.patch
- patches.suse/scsi-qla2xxx-edif-Add-doorbell-notification-for-app.patch
- patches.suse/scsi-qla2xxx-edif-Add-encryption-to-I-O-path.patch
- patches.suse/scsi-qla2xxx-edif-Add-extraction-of-auth_els-from-th.patch
- patches.suse/scsi-qla2xxx-edif-Add-getfcinfo-and-statistic-bsgs.patch
- patches.suse/scsi-qla2xxx-edif-Add-key-update.patch
- patches.suse/scsi-qla2xxx-edif-Add-send-receive-and-accept-for-au.patch
- patches.suse/scsi-qla2xxx-edif-Add-start-stop-bsgs.patch
- patches.suse/scsi-qla2xxx-edif-Increment-command-and-completion-c.patch
- commit 9a3c219
- update patches metadata
Once again, the nvme repository branch has been rebased so that patches
from it must have their Git-commit tags updated to avoid git-sort errors.
- commit cca729c
- fix patch metadata
- fix Patch-mainline:
patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch
- commit fbde034
- series.conf: refresh
- update upstream references and resort:
- patches.suse/nvme-code-command_id-with-a-genctr-for-use-after-fre.patch
- patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch
- patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch
- patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch
- commit 5b98a5d
- cgroup: verify that source is a string (bsc#1190131).
- commit b8204f1
- blacklist.conf: Add 2ca11b0e043b cgroup: Fix kernel-doc
- commit 0b9195b
- Update patch reference for virtio_console fix (CVE-2021-38160 bsc#1190117)
- commit c8baed7
- scsi: libfc: Fix array index out of bound exception
(bsc#1188616).
- commit de260d1
- nvme-tcp: Do not reset transport on data digest errors
(bsc#1188418).
- nvme: only call synchronize_srcu when clearing current path
(bsc#1188067).
- commit bbe789f
- VMCI: fix NULL pointer dereference when unmapping queue pair
(git-fixes).
- commit 45162f9
- usb: host: xhci-rcar: Don't reload firmware after the completion
(git-fixes).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no
suitable DMA config is available (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
(git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC
(git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
(git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- commit 2b2a9dc
- soc: qcom: smsm: Fix missed interrupts if state changes while
masked (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
(git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in
TranslateRxSignalStuff819xUsb() (git-fixes).
- commit 7e7cd62
- media: venus: venc: Fix potential null pointer dereference on
pointer fmt (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
(git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe
(git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init
(git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
(git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
(git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- commit c67010c
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks
(git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear
necessary LMs (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in
panfrost_clk_init() (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable
(git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable
(git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused
variable (git-fixes).
- commit 6aaa769
- dmaengine: imx-sdma: remove duplicated sdma_load_context
(git-fixes).
- Revert "/dmaengine: imx-sdma: refine to load context only once"/
(git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function
(git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path
of the probe function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function
(git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
(git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
(git-fixes).
- commit bdcb5b3
- xprtrdma: Pad optimization, revisited (bsc#1189760).
- commit 0acbfd0
- Refresh
patches.suse/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch.
- commit 2264bac
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
(CVE-2021-3640 bsc#1188172).
- commit a21f4da
- Move upstreamed BT fixes into sorted section
- commit 0de160e
- brcmfmac: pcie: fix oops on failure to resume and reprobe
(git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
(git-fixes).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in
sco_conn_defer_accept() (git-fixes).
- leds: trigger: audio: Add an activate callback to ensure the
initial brightness is set (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
(git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
(git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold
(git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
(git-fixes).
- commit 9a711f4
- Add alt-commit for a BT fix patch (git-fixes)
- commit 3dbcbb3
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- commit b61f128
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- Refresh
patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch.
- commit 8846c72
- vt_kdsetmode: extend console locking (bsc#1190025
CVE-2021-3753).
- commit 025c5d0
- nbd: Aovid double completion of a request (git-fixes).
- commit 7a1bece
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after
table load fails (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error
handling (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init
(git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- nbd: don't update block size after device is started
(git-fixes).
- commit 6df7d5d
- blacklist.conf: add following commit IDs,
- 27ba3e8ff3ab86449e63d38a8d623053591e65fa
- 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23
- 854f32648b8a5e424d682953b1a9f3b7c3322701
- a4c8dd9c2d0987cf542a2a0c42684c9c6d78a04e
- 24f6b6036c9eec21191646930ad42808e6180510
- 5b0fab508992c2e120971da658ce80027acbc405
- commit eb9efeb
- rpm: Abolish scritplet templating (bsc#1189841).
Outsource kernel-binary and KMP scriptlets to suse-module-tools.
This allows fixing bugs in the scriptlets as well as defining initrd
regeneration policy independent of the kernel packages.
- commit 940cfb4
- usb: dwc2: Postponed gadget registration to the udc class driver
(git-fixes).
- commit e55ae9a
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
- crypto: qat - use proper type for vf_mask (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- power: supply: max17042: handle fails of reading status register
(git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
(git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
(git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops
(git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path
(git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- commit d2a4523
- mm: swap: properly update readahead statistics in
unuse_pte_range() (bsc#1187619).
- commit 6ceb471
- NFS: Correct size calculation for create reply length
(bsc#1189870).
- commit 7843408
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- commit 8fc8b7f
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- commit 1732b9b
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
suse-release has arbitrary values in staging, we can't use it for
dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- commit 53f17d6
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable
(git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- Revert "/USB: serial: ch341: fix character loss at high transfer
rates"/ (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange
of the CAN RX and TX error counters (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if
controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
(git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG
(git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware
(git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait
(git-fixes).
- commit 6ee1085
- Revert "/mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN
on BCM2711"/ (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating
transfers (git-fixes).
- USB: core: Avoid WARNings for 0-length descriptor requests
(git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe
(git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe()
(git-fixes).
- commit de359d6
- cpuidle: Consolidate disabled state checks (bsc#1175543)
patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch
was refreshed as well by this patch for code adjustment.
- commit 486ca9f
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
The patch bsc1175543-cpuidle-Drop-disabled-field-from-struct-cpuidle_stat.patch
Dropped the 'disabled' field in struct cpuidle_state because no drivers
use it, They use the state flag instead.
Fix kABI to avoid offset changes.
- commit aa615e8
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- commit da07134
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- commit 81641db
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- commit b93fbf1
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- commit d669a61
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- commit 8d2d96f
- intel_idle: Customize IceLake server support (bsc#1175543)
- commit 25d205d
- intel_idle: Annotate init time data structures (bsc#1175543)
The patches.suse/intel_idle-Customize-IceLake-server-support.patch was
refreshed as well by this patch for code adjustment.
- commit 2ed77d7
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- commit 65d3c96
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
Below 2 patches were refreshed as well by this patch for code
adjustment:
patches.suse/intel_idle-convert-to-new-x86-cpu-match-macros.patch
patches.suse/intel_idle-Customize-IceLake-server-support.patch
- commit f10f8c4
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- commit 79ec477
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- commit ecacb28
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- commit 48a3541
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- commit 9dbf3f1
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- commit 462302a
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- commit 70c6258
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- commit c99fda3
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- commit 9eb9d8c
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- commit c0d7249
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- commit 66eadb0
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- commit c479621
- net: qrtr: fix another OOB Read in qrtr_endpoint_post
(CVE-2021-3743 bsc#1189883).
- net: qrtr: fix OOB Read in qrtr_endpoint_post (CVE-2021-3743
bsc#1189883).
- commit 78ff8ba
- rpm: fix kmp install path
- commit 22ec560
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- commit 3288077
- btrfs: fix NULL pointer dereference when deleting device by
invalid id (bsc#1189832 CVE-2021-3739).
- commit 6bfce07
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- commit cfb3b9b
- nvme: code command_id with a genctr for use-after-free
validation (bsc#1181972).
- nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
(bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth
(bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- commit 01de302
- post.sh: detect /usr mountpoint too
- commit c7b3d74
- md/raid10: properly indicate failure when ending a failed
write request (git-fixes).
- Refresh for the above change,
patches.suse/md-display-timeout-error.patch.
- commit 2088aff
- kernel, fs: Introduce and use set_restart_fn() and
arch_set_restart_data() (bsc#1189153).
- commit 8bf2f14
- kABI fix of usb_dcd_config_params (git-fixes).
- commit 8726268
- x86/fpu: Limit xstate copy size in xstateregs_set()
(bsc#1152489).
- commit 33182b7
- blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling
- commit 50f6bfa
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- commit 41aa06c
- usb: gadget: Export recommended BESL values (git-fixes).
- commit 96bbeda
- ovl: prevent private clone if bind mount is not allowed
(bsc#1189706, CVE-2021-3732).
- commit d40514b
- blacklist.conf: 6c34df6f350d ("/tracing: Apply trace filters on all output channels"/)
Requires at least commit 8cfcf15503f6 ("/tracing: kprobes: Output kprobe
event to printk buffer"/) too. Let's wait if there is an actual problem
for someone.
- commit ef40598
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- commit f36412b
- kernel-binary.spec.in: add zstd to BuildRequires if used
- commit aa61dba
- tracing / histogram: Fix NULL pointer dereference on strcmp()
on NULL event name (git-fixes).
- commit bf4be33
- x86/signal: Detect and prevent an alternate signal stack
overflow (bsc#1152489).
- commit 72c8a0d
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero
(git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on
BCM2711 (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711
(git-fixes).
- commit cc02968
- Fix breakage of swap over NFS (bsc#1188924).
- commit 9f3f2ef
- ASoC: intel: atom: Fix breakage for PCM buffer address setup
(git-fixes).
- commit 0bed191
- rpm: support gz and zst compression methods
Extend commit 18fcdff43a00 ("/rpm: support compressed modules"/) for
compression methods other than xz.
- commit 3b8c4d9
- SUNRPC: 'Directory with parent 'rpc_clnt' already
present!' (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work()
(bsc#1168202 bsc#1188924).
- kabi fix for SUNRPC: defer slow parts of rpc_free_client()
to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue
(bsc#1168202 bsc#1188924).
- commit a690151
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
(git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace
(git-fixes).
- commit 4d62c8f
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
9510 laptop (git-fixes).
- ALSA: hda - fix the 'Capture Switch' value change notifications
(git-fixes).
- commit bb87ddf
- s390/boot: fix use of expolines in the DMA code (bsc#1188878
ltc#193771).
- commit 46381a6
- series.conf: cleanup
- move mainline backports to sorted section:
- patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch
- patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.patch
- commit 30636ef
- Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
- commit da7e3ca
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
(bsc#1189587).
- commit ae93a20
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode()
(bsc#1189586).
- commit 50b39b2
- ubifs: Only check replay with inode type to judge if inode
linked (bsc#1187455).
- commit 3cfd5e7
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- blacklist.conf:
- commit d0fe9df
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- commit abd23d2
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- commit 7960ad8
- ocfs2: fix snprintf() checking (bsc#1189581).
- commit ca894bd
- ocfs2: fix zero out valid data (bsc#1189579).
- commit 42e68bc
- writeback: fix obtain a reference to a freeing memcg css
(bsc#1189577).
- commit b318f10
- ext4: fix potential htree corruption when growing large_dir
directories (bsc#1189576).
- commit 13d68f1
- rq-qos: fix missed wake-ups in rq_qos_throttle try two
(bsc#1189575).
- commit edbcd21
- fanotify: fix copy_event_to_user() fid error clean up
(bsc#1189574).
- commit a8937b5
- bdi: Do not use freezable workqueue (bsc#1189573).
- commit 60e4174
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
(bsc#1189569).
- commit 1b1dfcf
- ext4: cleanup in-core orphan list if ext4_truncate() failed
to get a transaction handle (bsc#1189568).
- commit 0ace36d
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- commit 4329025
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- commit d7bfbbd
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
(bsc#1189565).
- commit 3ca5f18
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
(bsc#1189564).
- commit cd60859
- ext4: return error code when ext4_fill_flex_info() fails
(bsc#1189563).
- commit 200d004
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- commit fd9a225
- scsi: lpfc: Move initialization of phba->poll_list earlier to
avoid crash (git-fixes).
- commit 92c63a5
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
(bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
(bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
shadow page (CVE-2021-38198 bsc#1189262).
- commit 7902615
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- commit 2a94579
- Revert "/xfrm: policy: Read seqcount outside of rcu-read side
in xfrm_policy_lookup_bytype"/ (bsc#1185675).
This revert was initially applied to SLE15-SP2-RT (70e4d04b75f). Since
the reverted commit went into SLE15-SP2 (96f285dfa8b), the revert needs
to move from SLE15-SP2-RT to SLE15-SP2.
- commit f32a28c
- Update
patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch
(bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- commit 8a87839
- blacklist.conf: add an entry for the reverted iTCO_wdt
- commit 4c97ae2
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- commit 5e0eec9
- tracing: Reject string operand in the histogram expression
(git-fixes).
- commit edab067
- tracing / histogram: Give calculation hist_fields a size
(git-fixes).
- commit 49985ee
- blacklist.conf: 1e3bac71c505 ("/tracing/histogram: Rename "/cpu"/ to "/common_cpu"/"/)
Better not to backport the commit as it changes the semantics of an
existing field.
- commit 00d0183
- blacklist.conf: 6c881ca0b304 ("/afs: Fix tracepoint string placement with built-in AFS"/)
CONFIG_AFS_FS is not set on SLE15-SP2. It is on SLE15-SP3 but only as a
module, not built-in. No need to backport the commit.
- commit 43483b1
- bpf: Fix leakage due to insufficient speculative store
bypass mitigation (bsc#1188983, bsc#1188985, CVE-2021-34556,
CVE-2021-35477).
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
(bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit f87c7ce
- blk-iolatency: error out if blk_get_queue() failed in
iolatency_set_limit() (bsc#1189507).
- commit b15ef07
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
(bsc#1189506).
- commit 7fe32f7
- block: fix trace completion for chained bio (bsc#1189505).
- commit 47344da
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- commit 7b07185
- blk-wbt: introduce a new disable state to prevent false positive
by rwb_enabled() (bsc#1189503).
- commit 798c57a
- misc: rtsx: do not setting OC_POWER_DOWN reg in
rtsx_pci_init_ocp() (git-fixes).
- misc: atmel-ssc: lock with mutex instead of spinlock
(git-fixes).
- commit 55d9570
- gpio: eic-sprd: break loop when getting NULL device resource
(git-fixes).
- Revert "/gpio: eic-sprd: Use devm_platform_ioremap_resource()"/
(git-fixes).
- commit 990b695
- Revert a BT patch that was reverted on stable trees (git-fixes)
Delete patches.suse/Bluetooth-Shutdown-controller-after-workqueues-are-f.patch
- commit 127d54b
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
(git-fixes).
- commit 0a223c6
- x86/fpu: Make init_fpstate correct with optimized XSAVE
(bsc#1152489).
- commit 603fc19
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
enabled (jsc#SLE-17288).
About the pahole version: v1.18 should be bare mnimum, v1.22 should be
fully functional, for now we ship git snapshot with fixes on top of
v1.21.
- commit 8ba3382
- x86/fpu: Reset state for all signal restore failures
(bsc#1152489).
- commit f42aa15
- blacklist.conf: blacklist davicom legacy ethernet driver
- commit 78e9c10
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- commit 0d1e1fe
- Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449)
Also blacklisted
- commit e5dd4ab
- s390/ap: Fix hanging ioctl caused by wrong msg counter
(bsc#1188982 LTC#193817).
- commit 7e146ac
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
(CVE-2021-3640 bsc#1188172).
- commit f2d375d
- Update patch reference for a BT fix (CVE-2021-3640 bsc#1188172)
- commit 98aa089
- powerpc/pseries: Fix update of LPAR security flavor after LPM
(bsc#1188885 ltc#193722 git-fixes).
- commit fbccd6a
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep
disable (git-fixes).
- commit 5733c23
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable
(git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers
(git-fixes).
- commit 124c915
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time
(git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading
channels (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
(git-fixes).
- usb: dwc3: Stop active transfers before halting the controller
(git-fixes).
- commit 627b67a
- config: refresh
- commit a299bb8
- ceph: take snap_empty_lock atomically with snaprealm refcount
change (bsc#1189427).
- ceph: reduce contention in ceph_check_delayed_caps()
(bsc#1187468).
- commit 93c7440
- blacklist.conf: Add 'fix poly1305_core_setkey() declaration'
Commit 8d195e7a8ada ("/crypto: poly1305 - fix poly1305_core_setkey()
declaration"/) is a cleanup which breaks kABI.
- commit 37e4183
- scsi: blkcg: Fix application ID config options (bsc#1189385
jsc#SLE-18970).
- Update config files.
- commit 1317caa
- crypto: x86/curve25519 - fix cpu feature checking logic in
mod_exit (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when
removing single node (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- commit 6aa0bda
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
(git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056
(git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates
(git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration
(git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
(git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- commit f089244
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address
(git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend
(git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- virt_wifi: fix error on connect (git-fixes).
- commit 690710b
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
(git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off
(git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
(git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove
(git-fixes).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
(git-fixes).
- commit 24af025
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
(git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
(git-fixes).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control
(git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
fw_load_sysfs_fallback (git-fixes).
- Revert "/ACPICA: Fix memory leak caused by _CID repair function"/
(git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it
work (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- commit 20c4d69
- scsi: qla2xxx: Remove redundant initialization of variable
num_cnt (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes "/allloc"/ -> "/alloc"/
(bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts
(bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app
(bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device
(bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs
(bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire
(bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els
(bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs
(bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI
(bsc#1189392).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop
(bsc#1189392).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of
list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Log PCI address in
qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval
(bsc#1189392).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
(bsc#1189392).
- scsi: qla2xxx: Fix error return code in
qla82xx_write_flash_dword() (bsc#1189392).
- commit 4f97d8a
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted()
(bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd
(bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches
(bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new
adapters (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series
adapters (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches
(bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state
(bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC
cmpl path (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling
PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or
ADISC completes (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default
(bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE
support (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function
reset (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi()
routine (bsc#1189385).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an
ELS RDF (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS
RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF
handling (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB
after ELS handling (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning
FAILURE (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling
(bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines
(bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging
(bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message
(bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of
list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker
thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending
(bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid
(bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command
(bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc
(bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- Update config files
Add kABI fixup patch
- patches.kabi/blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr
(bsc#1189385).
- commit e47f569
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- commit da8a2b6
- README: Modernize build instructions.
- commit 8cc5c28
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- commit d2a0c13
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- commit 7f9ade7
- platform/x86: pcengines-apuv2: Add missing terminating entries
to gpio-lookup tables (git-fixes).
- commit e6925d8
- fix patches metadata
- fix Patch-mainline:
- patches.suse/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch
- patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch
- patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch
- patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch
- patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch
- commit bd541fa
- net: ll_temac: Fix TX BD buffer overwrite (CVE-2021-38207
bsc#1189298).
- commit 64dedf9
- scsi: zfcp: Report port fc_security as unknown early during
remote cable pull (git-fixes).
- commit 071c9e5
- net: xilinx_emaclite: Do not print real IOMEM pointer
(CVE-2021-38205 bsc#1189292).
- commit 1e538f8
- Update patch reference for a USB max3421 HCD fix (CVE-2021-38204 bsc#1189291)
- commit 68d7672
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
state (bsc#1184180).
- commit 435d2bf
- usb: dwc3: gadget: Don't setup more than requested (git-fixes).
- commit d278880
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init
(git-fixes).
- commit bc358f9
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- commit fd80e8c
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
(git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- commit 1bdda2d
- NFSv4: Initialise connection to the server in
nfs4_alloc_client() (bsc#1040364).
- Delete
patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch.
Upstream now has a fix for this bug, so use their version instead of ours.
- commit 350271e
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- commit c4cb23f
- usb: dwc3: support continuous runtime PM with dual role
(git-fixes).
- commit f340e0b
- iommu/vt-d: Global devTLB flush when present context entry
changed (bsc#1189220).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/vt-d: Define counter explicitly as unsigned int
(bsc#1189216).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq
(bsc#1189210).
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Check for allocation failure in aux_detach_device()
(bsc#1189215).
- iommu/vt-d: Force to flush iotlb before creating superpage
(bsc#1189219).
- iommu/vt-d: Invalidate PASID cache when root/context entry
changed (bsc#1189221).
- iommu/vt-d: Don't set then clear private data in
prq_event_thread() (bsc#1189217).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
(bsc#1189209).
- commit f116a8f
- blacklist.conf: Add two IOMMU fixes
b9abb19fa5fd iommu: Check dev->iommu in iommu_dev_xxx functions
474dd1c65064 iommu/vt-d: Fix clearing real DMA device's scalable-mode context entries
- commit 2db8dfc
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats
unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769
git-fixes).
- commit c109f3e
- Fix filesystem requirement and suse-release requires
Reduce filesystem conflict to anything less than 16 to allow pulling the
change into the next major stable version.
Don't require suse-release as that's not technically required. Conflict
with a too old one instead.
- commit 913f755
- iwlwifi: rs-fw: don't support stbc for HE 160 (git-fixes).
- commit 981ddc7
- blacklist.conf: obsoleted by 8d396bb0a5b62b326f6be7594d8bd46b088296bd
- commit d9ae913
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- commit 8c8f7df
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148
ltc#190702 git-fixes).
- commit 8c2e999
- powerpc/pseries: Fix regression while building external modules
(bsc#1160010 ltc#183046 git-fixes).
This changes a GPL symbol to general symbol which is kABI change but not
kABI break.
- commit 5db0ce9
- powerpc/papr_scm: Reduce error severity if nvdimm stats
inaccessible (bsc#1189197 ltc#193906).
- commit 9021659
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
(git-fixes).
- serial: tegra: Only print FIFO error message when an error
occurs (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
(git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
(git-fixes).
- commit 8f575e8
- fix patches metadata
- fix Patch-mainline:
- patches.suse/ALSA-hda-realtek-Fix-headset-mic-for-Acer-SWIFT-SF31.patch
- patches.suse/ALSA-hda-realtek-add-mic-quirk-for-Acer-SF314-42.patch
- patches.suse/ALSA-seq-Fix-racy-deletion-of-subscriber.patch
- patches.suse/ALSA-usb-audio-Add-registration-quirk-for-JBL-Quantu-4b0556b96e1f.patch
- patches.suse/ALSA-usb-audio-Fix-superfluous-autosuspend-recovery.patch
- commit 486a747
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56
(ALC256) (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery
(git-fixes).
- commit 57d9208
- net: dsa: mv88e6xxx: also read STU state in
mv88e6250_g1_vtu_getnext (git-fixes).
- commit 4d3a9e0
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
(git-fixes).
- commit 38ad73f
- fix patches metadata
- fix Patch-mainline:
- patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch
- patches.suse/SUNRPC-prevent-port-reuse-on-transports-which-don-t-.patch
- commit 5e54e89
- blacklist.conf: kABI changes due to kvm_mmu_rule struct.
- commit f3e0e69
- Refresh patches.suse/Input-ili210x-add-missing-negation-for-touch-indicat.patch
Fix missing parentheses in the input backport patch.
- commit 0913716
- rpm/kernel-source.rpmlintrc: ignore new include/config files
In 5.13, since 0e0345b77ac4, config files have no longer .h suffix.
Adapt the zero-length check.
Based on Martin Liska's change.
- commit b6f021b
- gpio: tqmx86: really make IRQ optional (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails
(git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
(git-fixes).
- cfg80211: Fix possible memory leak in function
cfg80211_bss_update (git-fixes).
- commit 7dd3f8c
- SUNRPC: prevent port reuse on transports which don't request it
(bnc#1186264 bnc#1189021).
- commit a89b568
- kabi fix for NFSv4.1: Don't rebind to the same source port when
reconnecting to the server
(bnc#1186264 bnc#1189021)
- commit 844eb4c
- NFSv4.1: Don't rebind to the same source port when
(bnc#1186264 bnc#1189021)
- commit 4b89a40
- btrfs: rework chunk allocation to avoid exhaustion of the
system chunk array (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving
system chunks (bsc#1189077).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree
(bsc#1189077).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk
(bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation
(bsc#1189077).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- commit 707ed65
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
(CVE-2021-3679 bsc#1189057).
- commit 49b5ebf
- net/mlx5: Properly convey driver version to firmware
(git-fixes).
- commit 44d8f42
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- commit ac61742
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- commit 75096f3
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- commit 524d35f
- Update kabi files.
- update from August 2021 maintenance update submission (commit a13100d5f167)
- commit 75dc981
- blacklist.conf: add macsonic driver
- commit 688a554
- cifs: do not share tcp sessions of dfs connections
(bsc#1185902).
- commit 78eb685
- cifs: prevent NULL deref in cifs_compose_mount_options()
(bsc#1185902).
- commit a798607
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit 17b0494
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 1db4f4d
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit 064a32d
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit 65332c5
- cifs: set a minimum of 2 minutes for refreshing dfs cache
(bsc#1185902).
- commit 1a16c86
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 9ae40ff
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 7b185cd
- cifs: keep referral server sessions alive (bsc#1185902).
- commit a6fba08
- cifs: get rid of @noreq param in __dfs_cache_find()
(bsc#1185902).
- commit 7f4ff26
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit 96ce669
- cifs: Remove unused inline function is_sysvol_or_netlogon()
(bsc#1185902).
- commit 7d7b6d5
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- commit 81b4c99
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit
RSB path (bsc#1188788).
- commit f2e225f
- KVM: VMX: Enable machine check support for 32bit targets
(bsc#1188787).
- commit 388d3fb
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
(bsc#1188786).
- commit c5de014
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check
in !64-bit (bsc#1188784).
- commit 08b2951
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
(bsc#1188783).
- commit 5f8f317
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
(bsc#1188782).
- commit ef7bd2d
- KVM: nVMX: Reset the segment cache when stuffing guest segs
(bsc#1188781).
- commit 8984ecb
- KVM: nVMX: Really make emulated nested preemption timer pinned
(bsc#1188780).
- commit 597c5f3
- ceph: clean up and optimize ceph_check_delayed_caps()
(bsc#1187468).
- commit 33a74a3
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit f4ccabe
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit 2296da2
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- commit 9c3cf71
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- commit fed2922
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- commit 5426822
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- commit 5e89cd2
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- commit f95f181
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- commit a308556
- btrfs: do async reclaim for data reservations (bsc#1135481).
- commit deae828
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- commit d82c207
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- commit 6af13e4
- btrfs: don't force commit if we are data (bsc#1135481).
- commit 3380b09
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- commit c6ed5f3
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- commit 188e042
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- commit 9a68295
- btrfs: use ticketing for data space reservations (bsc#1135481).
- commit 0cad012
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- commit 7c494a4
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- commit 9327930
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- commit ee0a32c
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- commit e9723f6
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- commit 08a821e
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- commit e18060c
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- commit e684a31
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- commit df0d484
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- commit 4167827
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- commit 6287797
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- commit 1eb212c
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- commit acedfaf
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- commit 02659bb
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- commit 5b57ee8
- usb: dwc3: core: don't do suspend for device mode if already
suspended (git-fixes).
- commit 82b18d4
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set
(git-fixes).
- commit 072728a
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect
(git-fixes).
- commit 6a1e8b7
- usb: dwc3: gadget: Don't send unintended link state change
(git-fixes).
- commit acdee65
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- commit 15b84b1
- usb: dwc3: debug: Remove newline printout (git-fixes).
- commit 5104cc5
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit a403162
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- commit e16e74a
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- commit b02b13d
- usb: dwc3: Separate field holding multiple properties
(git-fixes).
- commit 1087836
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- commit b4290b9
- usb: dwc3: st: Add of_node_put() before return in probe function
(git-fixes).
- commit a5796ab
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- commit 638e28a
- usb: dwc3: Use devres to get clocks (git-fixes).
- commit e717ac7
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
- keyutils
-
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
- update to 1.6.3:
* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow "/keyctl supports"/ to retrieve raw capability data.
* Allow "/keyctl id"/ to turn a symbolic key ID into a numeric ID.
* Allow "/keyctl new_session"/ to name the keyring.
* Allow "/keyctl add/padd/etc."/ to take hex-encoded data.
* Add "/keyctl watch*"/ to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
- prepare usrmerge (boo#1029961)
- updated to 1.6
- Apply various specfile cleanups from Fedora.
- request-key: Provide a command line option to suppress helper execution.
- request-key: Find least-wildcard match rather than first match.
- Remove the dependency on MIT Kerberos.
- Fix some error messages
- keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
- Fix doc and comment typos.
- Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
- Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
to shortcut the ring0 bootstrap cycle by also using krb5-mini.
- add upstream signing key and verify source signature
- updated to 1.5.11 (bsc#1113013)
- Add keyring restriction support.
- Add KDF support to the Diffie-Helman function.
- DNS: Add support for AFS config files and SRV records
- kmod
-
- Remove enum padding constants, add enum.patch (boo#1097869).
- krb5
-
- Fix KDC null pointer dereference via a FAST inner body that
lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
* 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
- less
-
- Add missing runtime dependency on which, which is used by lessopen.sh.
Fix bsc#1190552.
- libcroco
-
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
any productions (boo#1171685 CVE-2020-12825).
- libsolv
-
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
possible to use osc build --with=python).
- libyui-ncurses-pkg
-
- Fixed crash in NCurses online update when retracted packages
are present (bsc#1191130)
- 2.50.8
- libzypp
-
- Disable logger in the child after fork (bsc#1192436)
- version 17.28.8 (22)
- Check log writer before accessing it (fixes #355, bsc#1192337)
- Save locks: Update an existing locks changed comment string.
- Allow uname-r format in purge kernels keepspec (fixes
openSUSE/zypper#418)
- version 17.28.7 (22)
- Zypper should keep cached files if transaction is aborted
(bsc#1190356)
Singletrans mode currently does not keep files around if the
transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
(bsc#1191324)
Especially in a VM iterating over all possible fd's to close open
ones right before a exec() slows down zypper unnecessarily. This
patch uses /proc/self/fd to iterate over open fd's in case rlimit
is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
plugin: (bsc#1191286)
- version 17.28.6 (22)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
A missing check causes zyppng::Downloader to always download full
files even if the checkExistsOnly flag is set. This patch adds
the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
The kernel-*-livepatch packages are supposed to serve as a stable
handle for the ephemeral kernel livepatch packages. See
FATE#320268 for details. As part of the kernel live patching
ecosystem, kernel-*-livepatch packages should not block the
purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
(bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
If environment variables are unhandy one may enable the desired
techpreview in zypp.conf as well:
[main]
techpreview.ZYPP_SINGLE_RPMTRANS=1
techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
involved (bsc#1187760)
This covers the case where not the packages itself would change
its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
(bsc#1187224)
Rpm by default only shows the short key ID when checking the
signature of a package fails. This patch reads the signatures
from the RPM headers and replaces she short IDs with the key
fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
This patch adds a experimental commit strategy that runs all
operations in a single rpm transaction, speeding up the execution
a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
(bsc#1187738)
There recently was a change in the kernel package naming scheme
in regards to rc kernels. Since kernel upstream uses characters
in the version that are not allowed in rpm versions a "/-rc"/ was
previously replaced with "/.rc"/ which broke sorting by version, to
fix this issue it was replaced with "/~rc"/, which unfortunately
broke the purge-kernels logic. This patch makes sure purge-kernel
does apply the same conversion.
- version 17.28.0 (22)
- lvm2
-
- vgextend crash when extending VG with missing PV (bsc#1191019)
+ bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
- man-pages
-
- install kernel_lockdown.7 man page [bsc#1185534]
- added sources
+ kernel_lockdown.7
- mozilla-nspr
-
- update to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
- update to version 4.31:
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
- update to version 4.30
* support longer thread names on macOS
* fix a build failure on OpenBSD
- update to version 4.29
* Remove macOS Code Fragment Manager support code
* Remove XP_MACOSX and OS_TARGET=MacOSX
* Refresh config.guess and config.sub
* Remove NSPR's patch to config.sub
* Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
* Fix a compiler warning
* Add rule for cross-compiling with cygwin
- update to version 4.27
* the macOS platform code for shared library loading was
* An include statement for a Windows system library header
was added
- update to version 4.26
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
* Better support parallel building on Windows.
* The internal release automatic script requires python 3.
- mozilla-nss
-
- Removed nss-fips-kdf-self-tests.patch. This was made
obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
* Use GNU tar for the release helper script.
- update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
- update to NSS 3.63.1
* no upstream release notes for 3.63.1 (yet)
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt "/cachedCertTable"/
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
* required for Firefox 86
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
- update to NSS 3.59
Notable changes
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
supported, please use "/..."/: lib64 == lib64.
- update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
* nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
obsolete by upstream changes.
- update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
(boo#1176206)
- update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
- update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
* bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for "/O=Government
Root Certification Authority; C=TW"/ root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
* bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
- ncurses
-
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
CVE-2021-39537: ncurses: heap-based buffer overflow in
_nc_captoinfo in captoinfo.c
- netcfg
-
- add submissions port number [bsc#1189683]
- modified patches
% services-suse.diff
- openssl-1_1
-
- Other OpenSSL functions that print ASN.1 data have been found to assume that
the ASN1_STRING byte array will be NUL terminated, even though this is not
guaranteed for strings that have been directly constructed. Where an application
requests an ASN.1 structure to be printed, and where that ASN.1 structure
contains ASN1_STRINGs that have been directly constructed by the application
without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
* CVE-2021-3712 continued
* bsc#1189521
* Add CVE-2021-3712-other-ASN1_STRING-issues.patch
* Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
2021-08-24 00:47 PDT by Marcus Meissner
- pam
-
- Corrected a bad directive file which resulted in
the "/securetty"/ file to be installed as "/macros.pam"/.
[pam.spec]
- Added tmpfiles for pam to set up directory for pam_faillock.
[pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
Cleanup in pam.spec:
* Replaced all references to ${_lib}/security in pam.spec by
%{_pam_moduledir}
* Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
[bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
[jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
- patterns-base
-
- Use the same icon in the fips pattern as the previous pattern had
(bsc#1189550)
- pcre
-
- pcre 8.45 (the final release)
* Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
* Small patch to pcreposix.c to set the erroroffset field to -1 immediately
after a successful compile, instead of at the start of matching to avoid a
sanitizer complaint (regexec is supposed to be thread safe).
* Check the size of the number after (?C as it is read, in order to avoid
integer overflow. (bsc#1172974, CVE-2020-14155)
* Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
in pcretest.
- pcre 8.43
* In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
negative class with no characters less than 0x100 followed by a positive class
with only characters less than 0x100, the first class was incorrectly being
auto-possessified, causing incorrect match failures.
* If the only branch in a conditional subpattern was anchored, the whole
subpattern was treated as anchored, when it should not have been, since the
assumed empty second branch cannot be anchored. Demonstrated by test patterns
such as /(?(1)^())b/ or /(?(?=^))b/.
* Fix subject buffer overread in JIT when UTF is disabled and X or R has
a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
(bsc#1172973 CVE-2019-20838)
* If a pattern started with a subroutine call that had a quantifier with a
minimum of zero, an incorrect "/match must start with this character"/ could be
recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
be the first character of a match.
- pcre 8.42
* If a backreference with a minimum repeat count of zero was first in a
pattern, apart from assertions, an incorrect first matching character could be
recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
as the first character of a match.
* Fix out-of-bounds read for partial matching of /./ against an empty string
when the newline type is CRLF.
* When matching using the the REG_STARTEND feature of the POSIX API with a
non-zero starting offset, unset capturing groups with lower numbers than a
group that did capture something were not being correctly returned as "/unset"/
(that is, with offset values of -1).
* Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
containing multi-code-unit characters caused bad behaviour and possibly a
crash. This issue was fixed for other kinds of repeat in release 8.37 by change
38, but repeating character classes were overlooked.
- postgresql
-
- Bump version to 14, leave default at 12.
- postgresql12
-
- bsc#1192516: Upgrade to version 12.9:
* Make the server reject extraneous data after an SSL or GSS
encryption handshake (CVE-2021-23214).
* Make libpq reject extraneous data after an SSL or GSS
encryption handshake (CVE-2021-23222).
* https://www.postgresql.org/docs/12/release-12-0.html
- Let genlists skip non-existing binaries to avoid lots of version
conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
is unclear. This affects only the test subpackage.
- bsc#1185952: fix build with llvm12 on s390x.
0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
- bsc#1179945: Re-enable icu for PostgreSQL 10.
- Upgrade to version 12.8:
* https://www.postgresql.org/docs/12/release-12-8.html
* CVE-2021-3677 (boo#1189748)
The planner could create an incorrect plan in cases where two
ProjectionPaths were stacked on top of each other. The only
known way to trigger that situation involves parallel sort
operations, but there may be other instances. The result would
be crashes or incorrect query results. Disclosure of server
memory contents is also possible.
- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
llvm and clang optional (postgresql-llvm-optional.patch).
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
Use llvm11 as a workaround.
- py26-compat-salt
-
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix error handling in openscap module (bsc#1188647)
- Added:
* fix-error-handling-in-openscap-module-bsc-1188647-41.patch
- Define license macro as doc in spec file if not existing
- py26-compat-tornado
-
- Added compatibility to Enterprise Linux 8
- py27-compat-salt
-
- Fix the regression of docker_container state module
- Added:
* fix-the-regression-brought-in-with-pr-402-422.patch
- Support querying for JSON data in external sql pillar
- Added:
* 3000.3-postgresql-json-support-in-pillar-425.patch
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
* templates-move-the-globals-up-to-the-environment-jin.patch
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Added:
* add-missing-aarch64-to-rpm-package-architectures-407.patch
* consolidate-some-state-requisites-55974-bsc-1188641-.patch
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Added:
* fix-error-handling-in-openscap-module-bsc-1188647-41.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* fix-failing-unit-tests-for-systemd.patch
- Define license macro as doc in spec file if not existing
- python
-
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
(CVE-2020-26116, bpo#39603) no longer allowing special characters in
the method parameter of HTTPConnection.putrequest in httplib, stopping
injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
- Fixed possible leak in `PyArg_Parse` and similar
`PY_SSIZE_T_CLEAN` is not defined.
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
- python-base
-
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
(CVE-2019-20907, bpo#39017) avoiding possible infinite loop
in specifically crafted tarball.
Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
(CVE-2020-26116, bpo#39603) no longer allowing special characters in
the method parameter of HTTPConnection.putrequest in httplib, stopping
injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
* bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
(boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
* bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
(boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
* sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
request (bpo#43075, boo#1189287).
- Add missing security announcement to
bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
which fixes http client infinite line reading (DoS) after a http
100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
numbers as are in reality the ones in the bundled wheels
(bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
_ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
configure.ac to consider the correct version of
PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
- Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
Caller.
- bsc#1155094 (CVE-2019-18348) Disallow control characters in
hostnames in http.client. Such potentially malicious header
- Fixed possible leak in `PyArg_Parse` and similar
`PY_SSIZE_T_CLEAN` is not defined.
- python-2.7.14-CVE-2017-1000158.patch
- CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
- CVE-2018-1061-DOS-via-regexp-difflib.patch
- CVE-2019-10160-netloc-port-regression.patch
- CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
bpo-34623.
fixing bpo-35746 (CVE-2019-5010).
- python-pytz
-
- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when
upgrading, before it is replaced by a symlink (bsc#1185748).
- %check: use %pyunittest rpm macro
- Bump tzdata_version
- update to 2021.1:
* update to IANA 2021a timezone release
- update to 2020.5:
* update to IANA 2020e timezone release
- update to 2020.4:
* update to IANA 2020d timezone release
- specfile:
* be more specific in %files section
* README.txt -> README.rst
- update to version 2020.1:
* Test against Python 3.8 and Python 3.9
* Bump version numbers to 2020.1/2020a
* Base class for all errors
* Add flake8 settings
* IANA 2020a
* Fix remaining references to README.txt
* Update README.md
* Use .rst extension for reStructuredText
* typo
* highlight codes
* use .rst extension name
* Tidelift links
* Add links for security reports
* Update LICENSE.txt
* Create FUNDING.yml
* Make FixedOffset part of public API
- Update to 2019.3
* IANA 2019c
- Add versioned dependency on timezone database to ensure the
correct data is installed
- Remove system_zoneinfo.patch, and instead add a symlink to the
system timezone database
- Replace unnecessary pytest, adding a missing __init__.py in the
tests to allow the test suite to work on Python 2.7 without pytest
- update to 2019.2
* IANA 2019b
* Defer generating case-insensitive lookups
- release-notes-sles
-
- 15.2.20211130 (tracked in bsc#933411)
- Added note about ping_group_range (bsc#1193054)
- Updated note about Vagrant boxes (jsc#DOCTEAM-413)
- Updated note about PostgreSQL support (bsc#1183998)
- Replaced master with main (jsc#SLE-22018)
- 15.2.20210922 (tracked in bsc#933411)
- Updated note about PostgreSQL support (bsc#1183998)
- Added keepalived to support exceptions (bsc#1183906)
- 15.2.20210903 (tracked in bsc#933411)
- Added note about Xen stubdom (bsc#1188109)
- Added note about pytest (jsc#SLE-11316)
- Added note about fadump on OPAL (jsc#SLE-9099)
- Added note about gssproxy (jsc#SLE-6952)
- Added note about Docker command completion in Bash (jsc#SLE-7697)
- Added note about NVMe-oF in dracut (jsc#SLE-17090)
- Added note about dtc (jsc#SLE-11052)
- Added note about BerkeleyDB and rpm (jsc#SLE-12191)
- Added note about legacy block layer (jsc#SLE-10853)
- Added note about deprecating SHA-1 (jsc#SLE-16535)
- Added note about PostgreSQL 13 (jsc#SLE-17029)
- Added note about wireguard-tools (jsc#SLE-12395)
- Added note about SMT and SLE12 (bsc#1178382)
- Added note about systemd and /usr/local (bsc#1182237)
- Added note about kubernetes-client rename (bsc#1183609)
- Added note about net-snmp 5.8 (jsc#SLE-11203)
- Added more AGPL dual-licensed packages (jsc#DOCTEAM-196)
- Added note about python-kubernetes (jsc#SLE-17159)
- Added note about Raspberry Pi known limitations (jsc#SLE-7276)
- Fixed IBM-Z doc link (bsc#1185109)
- Removed mention of SES (bsc#1188305)
- release-notes-susemanager
-
- Update to 4.1.12
* Bugs mentioned
bsc#1185951, bsc#1188315, bsc#1189609, bsc#1189643,
bsc#1189818, bsc#1190151, bsc#1190166, bsc#1190265,
bsc#1190276, bsc#1190512, bsc#1190665, bsc#1190751,
bsc#1191144, bsc#1191222, bsc#1191274, bsc#1191444,
bsc#1191495, bsc#1191538, bsc#1191643, bsc#1191898,
bsc#1187998
- Update to 4.1.11
* Bugs mentioned
bsc#1171483,bsc#1172671,bsc#1181223,bsc#1187150,
bsc#1187549,bsc#1187572,bsc#1188032,bsc#1188136,
bsc#1188163,bsc#1188641,bsc#1188647,bsc#1188656,
bsc#1188853,bsc#1188977,bsc#1189040,bsc#1190123,
bsc#1190164,bsc#1190455,
- rpm
-
- backport zstd detection fix [bsc#1187670]
new patch: zstddetection.diff
- fix potential access of freed mem in ndb's glue code [bsc#1179416]
new patch: ndbglue.diff
- backport ndb rofs support [bsc#1188548]
new patch: ndbrofs.diff
- backport pgp hardening changes from upstream [bsc#1185299]
new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try tp acquire the
database lock [bsc#1183659]
new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
[CVE-2021-20271] [CVE-2021-20266]
[bsc#1183543] [bsc#1183545] [bsc#1183632]
new patch: headerchk3.diff
- rsync
-
- Fixed an error when using the external compression library
where files larger that 1GB would not be transferred completely
and failing with error:
- deflate on token returned 0 (XXX bytes left)
- rsync error: error in rsync protocol data stream (code 12)
* Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
* Add rsync-iconv-segfault.patch
- ruby2
-
Add patches to fix the following CVE's:
- CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
vulnerability in Net:IMAP (bsc#1188160)
- CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
responses vulnerability in Net:FTP (bsc#1188161)
- CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
vulnerability in RDoc (bsc#1190375)
- runc
-
- Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the "/adding seccomp filter
rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful "/failed to decode ..."/ errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
Azure volume.
* Fixed "/unable to find groups ... token too long"/ error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
with runc under openSUSE MicroOS's SELinux policy. boo#1187704
+ boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert "/number of IOs"/ statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
* cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make "/runc --version"/ output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
- 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
syscalls unusable for glibc.
- salt
-
- Use dnfnotify instead yumnotify for relevant distros
- Remove wrong _parse_cpe_name from grains.core
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "/salt-api"/ package to require python3-cherrypy on RHEL systems
- tar is required by minion on transactional-update system
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
* fix-the-regression-for-yumnotify-plugin-456.patch
* add-rpm_vercmp-python-library-for-version-comparison.patch
* remove-wrong-_parse_cpe_name-from-grains.core-452.patch
* 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
* fix-traceback.-_exc-calls-429.patch
* dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
* fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
* mock-ip_addrs-in-utils-minions.py-unit-test-444.patch
* prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
* 3002.2-postgresql-json-support-in-pillar-424.patch
* exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Don't pass shell="//sbin/nologin"/ to onlyif/unless checks (bsc#1188259)
- Add missing aarch64 to rpm package architectures
- Backport of upstream PR#59492
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
- Added:
* backport-of-upstream-pr59492-to-3002.2-404.patch
* fix-failing-unit-tests-for-systemd.patch
* don-t-use-shell-sbin-nologin-in-requisites.patch
* fix-error-handling-in-openscap-module-bsc-1188647-40.patch
* add-missing-aarch64-to-rpm-package-architectures-405.patch
* better-handling-of-bad-public-keys-from-minions-bsc-.patch
* templates-move-the-globals-up-to-the-environment-jin.patch
- samba
-
- CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
domain members; (bsc#1192284); (bso#14556);
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability;
(bsc#1192214); (bso#14875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
to replication delay; (bsc#1188727);
- spacecmd
-
- version 4.1.15-1
* configchannel_updatefile handles directory properly (bsc#1190512)
- version 4.1.14-1
- Add schedule_archivecompleted to mass archive actions (bsc#1181223)
- Use proper ordering when listing activationkey
- Remove whoami from the list of unauthenticated commands (bsc#1188977)
- Make schedule_deletearchived to get all actions without display limit
- Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
- spacewalk-admin
-
- version 4.1.10-1
* Fix setup with rhn-config-satellite (bsc#1190300)
* Allow admins to modify only spacewalk config files with
rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)
- spacewalk-backend
-
- version 4.1.29-1
* Avoid GPG errors messages in reposync caused by rpm not understanding
signatures (bsc#1191538)
* handle download of metadata filesnames with checksums (bsc#1188315)
* Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)
- version 4.1.28-1
- fix typo "/verfication"/ instead of "/verification"/
- spacewalk-certs-tools
-
- version 4.1.19-1
* add GPG keys using apt-key on debian machines (bsc#1187998)
- version 4.1.18-1
* set key format to PEM when generating key for traditional
clients push ssh (bsc#1189643)
- spacewalk-java
-
- version 4.1.41-1
* Move pickedup actions to history as soon as they are pickedup (bsc#1191444)
* On salt-ssh minions, enforce package list refresh after state apply
* Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
* mgr-sync refresh logs when a vendor channel is expire and shows how to remove it (bsc#1191222)
* Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951)
* Add checksums to repository metadata filenames (bsc#1188315)
* Fix ISE in product migration if base product is missing (bsc#1190151)
* use TLSv1.3 if it is a supported Protocol
* Adapt auto errata update to respect maintenance windows
* Adapt auto errata update to skip during CLM build (bsc#1189609)
* Update kernel live patch version on minion startup (bsc#1190276)
- version 4.1.40-1
- Allow getting all completed actions via XMLRPC without display limit (bsc#1181223)
- Add XMLRPC API to force refreshing pillar data (bsc#1190123)
- Add missing string on XCCDF scan results (bsc#1190164)
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572)
- XMLRPC: Add call for listing application monitoring endpoints
- Do not log XMLRPC fault exceptions as errors (bsc#1188853)
- Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)
- Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)
- Fix timezone offset shifted by JS Date Object (bsc#1187150)
- spacewalk-reports
-
- version 4.1.4-1
* Improve performance of inventory report (bsc#1191495)
- spacewalk-setup
-
- version 4.1.9-1
- Increase max size for uploaded files to Salt master
- spacewalk-utils
-
- version 4.1.18-1
- When renaming: don't regenerate CA, allow using third-party
certificate and trigger pillar refresh (bsc#1190123)
- spacewalk-web
-
- version 4.1.30-1
* Update Web UI version to 4.1.12
- version 4.1.29-1
- Fix timezone offset shifted by JS Date Object (bsc#1187150)
- subscription-matcher
-
- Version 0.27
* update subscription rules for new SKUs (bsc#1189818)
- Adapted for RHEL build.
- Made Guava a minimum requirement (instead of a specific one).
- sudo
-
- Update to 1.8.27
- jsc#SLE-17083
- Rebased the following patches:
sudo-1.8.22-CVE-2019-18634.patch
sudo-1.8.22-fix_listpw.patch
sudo-1.8.22-pam_xauth.patch
sudo-CVE-2019-14287.patch
sudo-CVE-2021-23239.patch
sudo-CVE-2021-23240.patch
sudo-CVE-2021-3156.patch
sudo-fix-bsc-1180687.patch
sudo-sudoers.patch
- Deleted sudoers2ldif-env.patch
- Added from SLE-12-SP5:
* sudo-1.8.27-ipa_hostname.patch
* sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
- Major changes between version 1.8.27 and 1.8.26:
* Fixes and clarifications to the sudo plugin documentation.
* The sudo manuals no longer require extensive post-processing to hide
system-specific features. Conditionals in the roff source are now used
instead. This fixes corruption of the sudo manual on systems without BSD
login classes. Bug #861.
* If an I/O logging plugin is configured but the plugin does not actually
log any I/O, sudo will no longer force the command to be run in a pseudo-tty.
* In visudo, it is now possible to specify the path to sudoers without
using the -f option. Bug #864.
* Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx) file
would not be updated when a command was run in a pseudo-tty. Bug #865.
* Sudo now sets the silent flag when opening the PAM session except when
running a shell via sudo -s or sudo -i. This prevents the pam_lastlog
module from printing the last login information for each sudo command.
Bug #867.
- Major changes between version 1.8.26 and 1.8.25p1:
* Fixed a bug in cvtsudoers when converting to JSON format when alias
expansion is enabled. Bug #853.
* Sudo no long sets the USERNAME environment variable when running
commands. This is a non-standard environment variable that was set on
some older Linux systems.
* Sudo now treats the LOGNAME and USER environment variables (as well as
the LOGIN variable on AIX) as a single unit. If one is preserved or removed
from the environment using env_keep, env_check or env_delete, so is the
other.
* Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
* Sudo now logs when the command was suspended and resumed in the I/O logs.
This information is used by sudoreplay to skip the time suspended when
replaying the session unless the new -S flag is used.
* Fixed documentation problems found by the igor utility. Bug #854.
* Sudo now prints a warning message when there is an error or end of file
while reading the password instead of exiting silently.
* Fixed a bug in the sudoers LDAP back-end parsing the command_timeout,
role, type, privs and limitprivs sudoOptions. This also affected cvtsudoers
conversion from LDIF to sudoers or JSON.
* Fixed a bug that prevented timeout settings in sudoers from functioning
unless a timeout was also specified on the command line.
* Asturian translation for sudo from translationproject.org.
* When generating LDIF output, cvtsudoers can now be configured to pad the
sudoOrder increment such that the start order is used as a prefix. Bug #856.
* If the user specifies a group via sudo's -g option that matches any of
the target user's groups, it is now allowed even if no groups are present
in the Runas_Spec. Previously, it was only allowed if it matched the target
user's primary group.
* The sudoers LDAP back-end now supports negated sudoRunAsUser and
sudoRunAsGroup entries.
* Sudo now provides a proper error message when the "/fqdn"/ sudoers option
is set and it is unable to resolve the local host name. Bug #859.
* Portuguese translation for sudo and sudoers from translationproject.org.
* Sudo now includes sudoers LDAP schema for the on-line configuration
supported by OpenLDAP.
- Major changes between version 1.8.25p1 and 1.8.25:
* Fixed a bug introduced in sudo 1.8.25 that caused a crash on systems that
have the poll() function but not the ppoll() function. Bug #851.
- Major changes between version 1.8.25 and 1.8.24:
* Fixed a bug introduced in sudo 1.8.20 that broke formatting of I/O log
timing file entries on systems without a C99-compatible snprintf()
function. Our replacement snprintf() doesn't support floating point so we
can't use the %f format directive.
* I/O log timing file entries now use a monotonic timer and include
nanosecond precision. A monotonic timer that does not increment while the
system is sleeping is used where available.
* When sudo runs a command in a pseudo-tty, the slave device is now closed
in the main process immediately after starting the monitor process. This
removes the need for an AIX-specific workaround that was added in sudo 1.8.24.
* Fixed a bug displaying timeout values the "/sudo -V"/ output. The value
displayed was 3600 times the actual value. Bug #846.
* The testsudoers utility now supports querying an LDIF-format policy.
* Fixed a regression introduced in sudo 1.8.24 where the LDAP and SSSD
backends evaluated the rules in reverse sudoOrder. Bug #849.
- Major changes between version 1.8.24 and 1.8.23:
* The LDAP and SSS back-ends now use the same rule evaluation code as the
sudoers file backend. This builds on the work in sudo 1.8.23 where the
formatting functions for sudo -l output were shared. The handling of
negated commands in SSS and LDAP is unchanged.
* Fixed a regression introduced in 1.8.23 where sudo -i could not be used
in conjunction with --preserve-env=VARIABLE. Bug #835.
* cvtsudoers can now parse base64-encoded attributes in LDIF files.
* Random insults are now more random.
* Added SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo to
try writing to /dev/tty first. Can be used in conjunction with SUDO_CONV_
INFO_MSG and SUDO_CONV_ERROR_MSG.
* Fixed typos in the OpenLDAP sudo schema. Bugs #839 and #840. Bug #839 and
bug #840.
* Fixed a race condition when building with parallel make. Bug #842.
* Fixed a duplicate free when netgroup_base in ldap.conf is set to an
invalid value.
* On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD and
PAM_AUTHTOK_EXPIRED errors from PAM account management if authentication is
disabled for the user. This fixes a regression introduced in sudo 1.8.23.
Bug #843.
* Fixed an ambiguity in the sudoers manual in the description and
definition of User, Runas, Host, and Cmnd Aliases. Bug #834.
* Fixed a bug that resulted in only the first window size change event
being logged.
* Fixed a compilation problem on systems that define O_PATH or O_SEARCH in
fnctl.h but do not define O_DIRECTORY. Bug #844.
- Major changes between version 1.8.23 and 1.8.22:
* PAM account management modules and BSD auth approval modules are now run
even when no password is required.
* For kernel-based time stamps, if no terminal is present, fall back to
parent-pid style time stamps.
* The new cvtsudoers utility replaces both the sudoers2ldif script and the
visudo -x functionality. It can read a file in either sudoers or LDIF
format and produce JSON, LDIF or sudoers output. It is also possible to
filter the generated output file by user, group or host name.
* The file, ldap and sss sudoers backends now share a common set of
formatting functions for "/sudo -l"/ output, which is also used by the
cvtsudoers utility.
* The /run directory is now used in preference to /var/run if it exists.
Bug #822.
* More accurate descriptions of the --with-rundir and --with-vardir
configure options. Bug #823.
* The setpassent() and setgroupent() functions are now used on systems that
support them to keep the passwd and group database open. Sudo performs a
lot of passwd and group lookups so it can be beneficial to avoid opening
and closing the files each time.
* The new case_insensitive_user and case_insensitive_group sudoers options
can be used to control whether sudo does case-sensitive matching of users
and groups in sudoers. Case insensitive matching is now the default.
* Fixed a bug on some systems where sudo could hang on command exit when
I/O logging was enabled. Bug #826.
* Fixed a problem with the process start time test in make check when run
in a Linux container. The test now uses the "/btime"/ field in /proc/stat to
get the system start time instead of using /proc/uptime, which is the
container uptime. Bug #829.
* When determining which temporary directory to use, sudoedit now checks
the directory for writability before using it. Previously, sudoedit only
performed an existence check. Bug #827.
* Sudo now includes an optional set of Monty Python-inspired insults.
* Chinese (Taiwan) translation for sudo from translationproject.org.
- Add sudo-1.8.27-ipa_hostname.patch to fix special handling of
ipa_hostname that was lost in sudo 1.8.24.
We now include the long and short hostname in sudo parser container
[bsc#1181371]
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED
option is not set in /etc/ldap.conf
* [bsc#1176473]
* Added sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
From: https://www.sudo.ws/repos/sudo/rev/d1e1bb5a6cc1
- supportutils-plugin-susemanager
-
- version 4.1.5-1
- detect broken symlinks in tomcat, taskomatic and search daemon
- suse-module-tools
-
- Update to version 15.2.15:
* fixup "/rpm-script: fix bad exit status in OpenQA (bsc#1191922)"/
- Update to version 15.2.14:
* Bump version to 15.2.14
* rpm-script: fix bad exit status in OpenQA (bsc#1191922)
* cert-script: Deal with existing $cert.delete file (bsc#1191804).
* cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
* cert-script: Only print mokutil output in verbose mode.
* kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260)
* inkmp-script(postun): don't pass existing files to weak-modules2 (bsc#1191200)
- Update to version 15.2.13:
* Import kernel scriptlets from kernel-source
(bsc#1189841, bsc#1190598)
* Provide "/suse-kernel-rpm-scriptlets"/
- susemanager
-
- version 4.1.31-1
* Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998)
- version 4.1.30-1
* Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap repository
so bootstrapping without any enabled repositories is possible (bsc#1191898)
- version 4.1.29-1
- Abort migration if data_directory is defined at the PostgreSQL
- susemanager-build-keys
-
- Version 15.2.5
- Add Debian 11 keys
- Added:
* debian-archive-key-11-security-A48449044AAD5C5D.asc
* debian-archive-key-11-73A4F27B8DD47936.asc
* debian-release-11-605C66F00D6C9793.asc
- susemanager-doc-indexes
-
- Add SLS state for keeping clients updated in Client Configuration
Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in
the Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter
of the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step
to refresh repositories reliably
- Update effective_cache_size section of the Salt Guide
(bsc#1191274)
- Documented new filter in the content lifecycle management chapter of
the Administration Guide
- Added aarch64 support for clients in the Installation Guide and
Client Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and
Amazon Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
of the Administration Guide
- Update for hostname renaming documentation
- Add information about pam service name limitations
- Added warning about future deprecation of traditional clients
- Updated Setup section in the Installation Guide on trouble
shooting freely available products
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server
Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS
as supported client systems in the Client Configuration Guide
(bsc#1188656)
- Correct package name for PAM authentication (bsc#1171483)
- Added more information on Salt ssh user configuration in the Salt
Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide.
- Added note about autoinstallation kernel options and Azure clients
- Removed conflict appearing on mangled pages (bsc#1172671)
- susemanager-docs_en
-
- Add SLS state for keeping clients updated in Client Configuration
Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in
the Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter
of the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step
to refresh repositories reliably
- Update effective_cache_size section of the Salt Guide
(bsc#1191274)
- Documented new filter in the content lifecycle management chapter of
the Administration Guide
- Added aarch64 support for clients in the Installation Guide and
Client Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and
Amazon Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
of the Administration Guide
- Update for hostname renaming documentation
- Add information about pam service name limitations
- Added warning about future deprecation of traditional clients
- Updated Setup section in the Installation Guide on trouble
shooting freely available products
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server
Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS
as supported client systems in the Client Configuration Guide
(bsc#1188656)
- Correct package name for PAM authentication (bsc#1171483)
- Added more information on Salt ssh user configuration in the Salt
Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide.
- Added note about autoinstallation kernel options and Azure clients
- Removed conflict appearing on mangled pages (bsc#1172671)
- susemanager-schema
-
- version 4.1.23-1
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- Fix wrongly assigned entitlements due to system transfer (bsc#1188032)
- susemanager-sls
-
- version 4.1.31-1
* Fix mgrcompat state module to work with Salt 3003 and 3004
* Update kernel live patch version on minion startup (bsc#1190276)
- susemanager-sync-data
-
- version 4.1.16-1
- set OES 2018 SP3 to released
- syslinux
-
- Link all binaries as Position Independent Executables (bsc#1184124).
+ syslinux-4.04-pie.diff
- systemd
-
- Add 0001-core-prevent-bus_init_api-from-being-called-recursiv.patch
- Import commit 43e57122ef9856db4ec4a8a2758bc8f73d2d1835
1a6747aa01 umount: show correct error message
e4b8a01ca5 core/umount: fix unitialized fields in MountPoint in dm_list_get()
- Fix IO scheduler udev rules
* 60-io-scheduler.rules: don't use BFQ for real multiqueue devices
(jsc#SLE-21032, bsc#1192161)
* 60-io-scheduler.rules: use "/none"/ for multipath components
(bsc#1192161)
- Import commit d126915ede24b052216ca940155ea5531970aa95
f2cf0ac034 busctl: use usec granularity for the timestamp printed by the busctl monitor command (jsc#SLE-21862 jsc#SLE-18102 jsc#SLE-18103)
- Import commit 5acd9826521306d7b312826135afe491bd889a29
df05d5b906 shutdown: Reduce log level of unmounts (bsc#1191252)
31f2b51c18 umount: Don't bother remounting api and ro filesystems read-only
4914963481 umount: Provide the same mount flags too when remounting read-only
04463997a7 umount: Decide whether to remount read-only earlier
143aed644f umount: Add more asserts and remove some unused arguments
09c7ad555d umount: Fix memory leak
1899743f50 shutdown: explicitly set a log target in shutdown.c
a66287c2fe test: add tests for mount_option_mangle()
036077c2a0 mount-util: add mount_option_mangle()
e90a30bc86 dissect: automatically mark partitions read-only that have a read-only file system
b09a5f1835 build-sys: require libmount >= 2.30 (#6795)
2679668b86 systemd-shutdown: use log_set_prohibit_ipc(true)
32625253bc rationalize interface for opening/closing logging
46774b1d21 pid1: when we can't log to journal, remember our fallback log target
cd994c1e81 log: remove LOG_TARGET_SAFE pseudo log target
8d4ec9ec2e log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
a914dd2003 pid1: make use of new "/prohibit_ipc"/ logging flag in PID 1 (bsc#1189803)
496668c670 log: add new "/prohibit_ipc"/ flag to logging system
9df8261e38 log: make log_set_upgrade_syslog_to_journal() take effect immediately
15b3fcf953 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
1898f668dd core: rework how we connect to the bus (bsc#1190325)
22a4287477 dbus: split up bus_done() into seperate functions
42ce096d80 machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
39ea02b718 virt: detect Amazon EC2 Nitro instance (bsc#1190440)
ef0253c6e5 virt: if we detect Xen by DMI, trust that over CPUID
- Import commit dc982a577e6d3eea8832083f470e48f6fbf227cc
ddc6c90310 basic/unit-name: adjust comments
390bc4e04f basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
b83b235cac unit-name: generate a clear error code when converting an overly long fs path to a unit name
4fd60931a5 unit-name: tighten checks for building valid unit names
513c103faf manager: reexecute on SIGRTMIN+25, user instances only
ff761f71a9 logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
b236f23d9d units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Dropped 1001-unit-name-tighten-checks-for-building-valid-unit-nam.patch
Dropped 1002-unit-name-generate-a-clear-error-code-when-convertin.patch
Dropped 1003-basic-unit-name-do-not-use-strdupa-on-a-path.patch
Dropped 1004-basic-unit-name-adjust-comments.patch
These patches have been merged in branch SUSE/v234.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
* rules weren't applied to dm devices (multipath), fix it
(bsc#1188713)
* ignore obsolete "/elevator"/ kernel parameter (bsc#1184994, bsc#1190234)
("/elevator"/ did falsely overide settings even for blk-mq, fixed).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being
already active when the sockets are started again (bsc#1188291)
- Allow the systemd sysusers config files to be overriden during
system installation (bsc#1171962).
- While at it, add a comment to explain why we don't use
%sysusers_create in %pre and why it should be safe in %post.
- timezone
-
- timezone update 2021e (bsc#1177460):
* Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
* Fiji suspends DST for the 2021/2022 season
* 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
* Revert almost all of 2021b's changes to the 'backward' file
* Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers
- timezone update 2021b:
* Jordan now starts DST on February's last Thursday.
* Samoa no longer observes DST.
* Move some backward-compatibility links to 'backward'.
* Rename Pacific/Enderbury to Pacific/Kanton.
* Correct many pre-1993 transitions in Malawi, Portugal, etc.
* zic now creates each output file or link atomically.
* zic -L no longer omits the POSIX TZ string in its output.
* zic fixes for truncation and leap second table expiration.
* zic now follows POSIX for TZ strings using all-year DST.
* Fix some localtime crashes and bugs in obscure cases.
* zdump -v now outputs more-useful boundary cases.
* tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
- tomcat
-
* CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
* CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
* tomcat-9.0-CVE-2021-30640.patch
* tomcat-9.0-CVE-2021-33037.patch
- Fixed CVEs:
* CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
* tomcat-9.0-CVE-2021-41079.patch
- Fixed CVEs:
- util-linux
-
- Update to version 2.33.2 to provide seamless update
from SLE12 SP5 to SLE15 SP2:
* agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
* mount: Fix "/mount"/ output for net file systems (bsc#1122417).
* Many Other fixes, see
https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
* obsoletes util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch.
* ported util-linux-libmount-pseudofs.patch
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
util-linux-ipcs-shmall-overflow-1.patch,
util-linux-ipcs-shmall-overflow-2.patch).
- util-linux-systemd
-
- Update to version 2.33.2 to provide seamless update
from SLE12 SP5 to SLE15 SP2:
* agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
* mount: Fix "/mount"/ output for net file systems (bsc#1122417).
* Many Other fixes, see
https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
* obsoletes util-linux-agetty-smart-reload-13.patch,
util-linux-agetty-smart-reload-14.patch.
* ported util-linux-libmount-pseudofs.patch
- ipcutils: Avoid potential memory allocation overflow
(bsc#1188921, CVE-2021-37600,
util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
util-linux-ipcs-shmall-overflow-1.patch,
util-linux-ipcs-shmall-overflow-2.patch).
- xen
-
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
designated memory limit (XSA-385)
xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
xen: PoD operations on misaligned GFNs (XSA-388)
xsa388-1.patch
xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
with partially successful P2M updates on x86 (XSA-389)
xsa389.patch
- Upstream bug fixes (bsc#1027519)
6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
6138b7a2-x86-AMD-enum-speculative-hints.patch
6138b7a3-x86-AMD-use-newer-SSBD.patch
6139f1b1-x86-spec-ctrl-print-AMD-features.patch
6148453b-VT-d-hidden-devices-unmap.patch
6148455f-VT-d-PCI-segment-numbers-16-bits.patch
61532102-PCI-bridge-with-subord-bus-0xFF.patch
61655b5a-AMD-IOMMU-hidden-devices-flush.patch
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
not deassigned correctly (XSA-386)
615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
- Update to Xen 4.13.4 bug fix release (bsc#1027519)
xen-4.13.4-testing-src.tar.bz2
- Drop patches contained in new tarball
5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch
5e86fa2a-x86-p2m_remove_page-retval.patch
5e86fa57-x86-p2m-remove-MFN-check.patch
5f92909a-PCI-cleanup-MSI-before-removing-device.patch
6011bbc7-x86-timer-fix-boot-without-PIT.patch
60631c38-VT-d-QI-restore-flush-hooks.patch
60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
60787714-x86-HPET-avoid-legacy-replacement-mode.patch
608676f2-VT-d-register-based-invalidation-optional.patch
60a27288-x86emul-gas-2-36-test-harness-build.patch
60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
60be0e24-credit2-pick-runnable-unit.patch
60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
60bf9e19-Arm-create-dom0less-domUs-earlier.patch
60bf9e1a-Arm-boot-modules-scrubbing.patch
60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
60bfa904-AMD-IOMMU-wait-for-command-slot.patch
60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
60d49689-VT-d-undo-device-mappings-upon-error.patch
60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
6126339d-AMD-IOMMU-global-ER-extending.patch
6126344f-AMD-IOMMU-unity-map-handling.patch
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
6126349a-AMD-IOMMU-rearrange-reassignment.patch
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
612634c3-x86-p2m-introduce-p2m_is_special.patch
612634dc-x86-p2m-guard-identity-mappings.patch
612634f4-x86-mm-widen-locked-region-in-xatp1.patch
6126350a-gnttab-release-mappings-preemption.patch
6126351f-gnttab-replace-mapkind.patch
6126353d-gnttab-get-status-frames-array-capacity.patch
61263553-Arm-restrict-maxmem-for-dom0less.patch
6128a856-gnttab-radix-tree-node-init.patch
xsa384.patch
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
XENMAPSPACE_grant_table handling (XSA-384)
xsa384.patch
- Upstream bug fixes (bsc#1027519)
5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch (Replaces xsa378-0a.patch)
5e86fa2a-x86-p2m_remove_page-retval.patch (Replaces xsa378-0b.patch)
5e86fa57-x86-p2m-remove-MFN-check.patch (Replaces xsa378-0c.patch)
61001231-x86-work-around-GNU-ld-2-37-issue.patch
611a7e38-x86-CET-shstk-WARN-manipulation.patch
611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
6128a856-gnttab-radix-tree-node-init.patch
611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces
credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch)
6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch
6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)
- xfsprogs
-
- xfsprogs-devel: add libhandle1 dependency following split
(bsc#1191566)
- xfs_admin: support external log devices (bsc#1189984)
* Add xfsprogs-xfs_admin-support-external-log-devices.patch
- xfs_quota: state command should report ugp grace times (bsc#1189983)
* Add xfsprogs-xfs_quota-display-warning-limits-when-printing-quota.patch
* Add xfsprogs-xfs_quota-state-command-should-report-ugp-grace-time.patch
- xfsprogs: Remove barrier/nobarrier mount options from xfs.5
(bsc#1191675)
* Add xfsprogs-man-Remove-barrier-nobarrier-mount-options-from.patch
- xfs_io: add label command (bsc#1191500)
* Add xfsprogs-xfs_io-add-label-command.patch
- xfs_bmap: remove -c from manpage (bsc#1189552)
- xfs_bmap: don't reject -e (bsc#1189552)
* Add xfsprogs-xfs_bmap-remove-c-from-manpage.patch
* Add xfsprogs-xfs_bmap-don-t-reject-e.patch
- xfs_repair: check plausibility of root dir pointer before trashing it
(bsc#1188651)
* Add xfsprogs-xfs_repair-refactor-fixed-inode-location-checks.patch
* Add xfsprogs-xfs_repair-check-plausibility-of-root-dir-pointer-be.patch
- xfsprogs: split libhandle1 into a separate package, since nothing
within xfsprogs dynamically links against it. The shared library
is still required by xfsdump as a runtime dependency.
- mkfs.xfs: fix ASSERT on too-small device with stripe geometry
(bsc#1181536)
* Add xfsprogs-mkfs.xfs-fix-ASSERT-on-too-small-device-with-stripe-.patch
- mkfs.xfs: if either sunit or swidth is nonzero, the other must be as
well (bsc#1085917, bsc#1181535)
* Add xfsprogs-mkfs.xfs-if-either-sunit-or-swidth-is-nonzero-the-ot.patch
- xfs_growfs: refactor geometry reporting (bsc#1181306)
* Add xfsprogs-xfs_growfs-refactor-geometry-reporting.patch
- xfs_growfs: allow mounted device node as argument (bsc#1181299)
* Add xfsprogs-libfrog-fs_table_lookup_mount-should-realpath-the-ar.patch
* Add xfsprogs-xfs_fsr-refactor-mountpoint-finding-to-use-libfrog-p.patch
* Add xfsprogs-xfs_growfs-allow-mounted-device-node-as-argument.patch
- xfs_repair: rebuild directory when non-root leafn blocks claim block 0
(bsc#1181309)
* Add xfsprogs-xfs_repair-rebuild-directory-when-non-root-leafn-blo.patch
- xstream
-
- Upgrade to 1.4.18
* Security fixes
+ This maintenance release addresses following security
vulnerabilities, when unmarshalling with an XStream instance
using the default blacklist of an uninitialized security
framework. XStream is therefore now using a whitelist by
default. (CVE-2021-39139, CVE-2021-39140, CVE-2021-39141,
CVE-2021-39144, CVE-2021-39145, CVE-2021-39146,
CVE-2021-39147, CVE-2021-39148, CVE-2021-39149,
CVE-2021-39150, CVE-2021-39151, CVE-2021-39152,
CVE-2021-39153, CVE-2021-39154, bsc#1189798)
* Minor changes
+ Support serializable types with non-serializable parent with
PureJavaReflectionConverter.
* Stream compatibility
+ Starting with version 1.14.12 nine years ago, XStream contains
a Security Framework to implement a black- or whitelist for
the allowed types at deserialization time. Until version
1.4.17, XStream kept a default blacklist in order to deny all
types of the Java runtime, which are used for all kinds of
security attacks, in order to guarantee optimal runtime
compatibility for existing users. However, this approach has
failed. The last months have shown, that the Java runtime
alone contains dozens of types that can be used for an attack,
not even looking at the 3rd party libraries on a classpath.
The new version of XStream uses therefore now by default a
whitelist, which is recommended since nine years. It also has
been complaining on the console for a long time about an
uninitialized security framework the first time it was run.
Anyone who has followed the advice and initialized the
security framework for their own scenario can easily update
to the new version without any problem. Everyone else will
have to do a proper initialization now, otherwise the new
version will fail with certainty at deserialization time.
- Modified patch:
* Revert-MXParser-changes.patch
+ rediff to changed context
- yast2
-
- Do not escape "/$"/ in URL paths (bsc#1187581).
- 4.2.95
- yast2-add-on
-
- Auto client does not crash when trying to import from an
empty add-on section (bsc#1189154).
- 4.2.18
- yast2-country
-
- Move the keyboards database to lib/ to make the module compatible
with the self-update mechanism (bsc#1189461).
- 4.2.23
- AutoYaST: allow empty /profile/timezone/timezone setting,
meaning to keep the UTC default (bsc#1188406).
- 4.2.22
- yast2-installation
-
- Filter the installation proposals (in the Installation Settings
screen) according to the AutoYaST profile even before
tab switching (related to bsc#1190294)
- 4.2.54
- Activate devices before probing (bsc#1187220).
- 4.2.53
- Backport gh#872 by schubi@suse.de:
- Moving <files> section handling from second installation stage
to first installation stage. (bsc#1174194)
- 4.2.52
- yast2-network
-
- Fixed interfaces table description for s390 Group devices
(bsc#1192560).
- 4.2.109
- Replace calls to dropped method InterfacesTable#friendly_name
(bsc#1192560).
- 4.2.108
- AutoYaST
- When the interface section contains the "/device"/ (deprecated)
and "/name"/ elements then use the "/device"/ as the "/name"/ and the
"/name"/ as the "/description"/. (bsc#1192270)
- Add the "/description"/ element to the interface section.
- 4.2.107
- Do not crash when checking if a virtual interface is connected
(bsc#1192183, bsc#1192270).
- 4.2.106
- Do not crash when the interfaces table contains a not configured
one (bnc#1190645, bsc#1190915)
- Fix the shown description using the interface friendly name when
it is empty (bsc#1190933)
- 4.2.105
- Consider aliases sections as case insensitive (bsc#1190739).
- 4.2.104
- bnc#1190645
- display user defined device name in the devices overview
- 4.2.103
- yast2-registration
-
- Fixed evaluating the update repositories (bsc#1188717),
the SUSE Manager update repositories were not disabled
when installing the system without updates
- 4.2.47
- yast2-schema
-
- Add 'description' to the interfaces in the networking section
(bsc#1192270).
- 4.2.16
- Update the rules.xml schema:
- add the "/hostname"/ element (bsc#1190696).
- remove the 'haspcmica' element (related to bsc#1183352).
- 4.2.15
- Add missing elements to rules.xml schema:
- installed_product and installed_product_version (boo#1176089)
- dialog section (bsc#1188153)
- 4.2.14
- yast2-storage-ng
-
- Set the volume group extent size according to the AutoYaST
profile (bsc#1192124).
- 4.2.119
- Fix the Comment entry in the desktop file so the tooltip
in the control center is properly translated (bsc#1187270).
- 4.2.118
- ensure mount options are not doubled (bsc#1186298)
- 4.2.117
- try harder matching device names (bsc#1186268)
- 4.2.116
- yast2-users
-
- Do not rewrite authorized_keys unless it is needed (bsc#1188361).
- 4.2.13
- zypper
-
- Fix compiler warning.
- zypper.conf: New option whether to collect subcommands found in
$PATH (fixes #379)
+[subcommand] i
+
+## Whether to look for subcommands in $PATH
+##
+## If a subcommand is not found in the zypper_execdir, the wrapper
+## will look in the rest of your $PATH for it. Thus, it's possible
+## to write local zypper extensions that don't live in system space.
+## See section SUBCOMMANDS in the zypper manpage.
+##
+## Valid values: boolean
+## Default value: yes
+##
+# seachSubcommandInPath = yes.
- help subcommand: show path of command found in $PATH.
- version 1.14.50
- Avoid calling 'su' to detect a too restrictive sudo user umask
(bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires: libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires: libzypp-devel >= 17.27.1.
For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
prompt (fixes #403)
These packages are usually more interesting than the updated
ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
(bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
packages to the latest version (bsc#1187466)
- version 1.14.47